Event Threat DetectionBeta

Uncover security threats in Google Cloud Platform environments.


Event Threat Detection automatically scans Stackdriver logs for suspicious activity in your Google Cloud Platform environment. Using industry-leading threat intelligence, including Google Safe Browsing, you can quickly detect high-risk and costly threats such as malware, cryptomining, unauthorized access to GCP resources, outgoing DDoS attacks, port scanning, and brute-force SSH. By distilling volumes of log data, security teams can quickly identify high-risk incidents and focus on remediation.

Quickly detect the most worrisome cloud-based threats

Using Event Threat Detection, you can automatically scan Stackdriver security logs for high-profile indicators of compromise.

Powered by industry-leading threat intelligence

Event Threat Detection uncovers suspicious cloud-based activity using threat intelligence from Google Safe Browsing and GCP detectors. By applying this intelligence to cloud log data, you can uncover the most common threats to your cloud environment such as malware, cryptomining, malicious access to GCP resources, outgoing DDoS, port scanning, and brute-force SSH.

Optimize your SIEM and cut costs

Using Event Threat Detection, you can process your high-volume logs and send only high value incidents to a third-party security system. Store your parsed log data in BigQuery for forensic analysis.

Enable a single pane of glass with Cloud Security Command Center integration

When a threat is detected, Event Threat Detection surfaces the incident in Cloud Security Command Center. This enables users to correlate the finding with other suspicious activity that may be present in your GCP environment, such as application vulnerabilities or misconfigured access control policies.


Stackdriver Logging integration

Automatically analyze Stackdriver logs to detect suspicious security events. Support VPC Flow logs, Cloud Audit logs, SSH logs, and firewall logs.

Detect high-profile cloud threats

Leverage multiple detector rules to uncover suspicious activity such as malware, cryptomining, abusive IAM access, outgoing DDoS, port scanning, and brute-force SSH.

View findings in Cloud Security Command Center

Use the Cloud SCC dashboard to view, aggregate, prioritize, and escalate findings to Stackdriver Incident Response and Management (IRM). When a finding is generated, it is also automatically written to a Stackdriver Logging project.

Stream findings with Cloud Pub/Sub and Cloud Functions

Send findings to a third-party solution, such as a SIEM, using Cloud Pub/Sub and Cloud Functions.

Flexible API

Enable Event Threat Detection via the API with JSON support.



There is no separate charge at this time for using Event Threat Detection during beta; however, with the use of Event Threat Detection, you may incur costs related to Stackdriver Logging, BigQuery, as well as Cloud Pub/Sub and Cloud Functions integrations.

Google Cloud

Get started

Event Threat Detection

Sign up for beta access and start uncovering security threats in Google Cloud Platform environments.

This product is in beta. For more information on our product launch stages, see here.