Gemini in Security Command Center, which is a product in the Gemini for Google Cloud portfolio, provides the following assistance with cloud security and enterprise security operations:
Generate UDM search queries from natural language questions. Gemini in Security Command Center can translate simple natural language questions about your threat data into UDM Search queries that you can run against UDM events.
Summarize cases. The AI Investigation widget looks at a whole case (alerts, events, and entities) and provides you with an AI-generated case summary of how much attention the case might require. The widget also helps you better understand the security issue by summarizing the alerts and by providing recommendations for the next steps you can take to remediate the issue.
Explain attack paths. Gemini in Security Command Center provides dynamically generated explanations of the attack path visualizations that are generated by the attack path simulations feature of Security Command Center.
Gemini doesn't use your prompts or its responses as data to train its models. For more information, see How Gemini for Google Cloud uses your data. As an early-stage technology, Gemini can generate output that seems plausible but is factually incorrect. We recommend that you validate all output from Gemini before you use it. For more information, see Gemini for Google Cloud and responsible AI.
Features
The following table shows the Gemini features in Security Command Center, along with links to documentation:
| Task | Type of assistance | Product documentation |
|---|---|---|
| Generate UDM Search queries for threats with natural language questions |
|
Natural language search for threat investigations |
| Summarize cases |
|
AI Investigation widget for cases |
| Explain attack paths |
|
Gemini summaries of findings and attack paths |
Where to interact with Gemini in Security Command Center
You can find the Gemini features in the Premium and Enterprise tiers of Security Command Center.
Attack path AI summaries
If you are using the Premium or Enterprise tier of Security Command Center, you can open the AI summary of an attack path for a vulnerability or misconfiguration finding by clicking AI summary on the Attack path simulation details page of the finding.
Case AI summaries
If you are using the Enterprise tier of Security Command Center, you can find the AI Investigation widget that displays the AI summaries for cases under the Case Overview tab on the Cases page in the Security Operations console.
UDM search queries from natural language questions
If you are using the Enterprise tier of Security Command Center, you can enter your natural language questions about your threat data on the SIEM search page, which you can find in the Investigations menu.
Set up Gemini in Security Command Center
Attack path summaries are included in Security Command Center Premium tier and the Enterprise tier.
Case AI summaries and UDM search queries are included in Security Command Center Enterprise tier.
No additional setup steps are required.
What's next
- Learn how Gemini uses your data.
- Learn more about Security Command Center.