Certain threat investigation capabilities in the Enterprise tier of Security Command Center are powered by Google Security Operations, including curated detection rules, threat detection on other cloud platforms, and cases to manage your investigations.
The curated rules enable you to identify patterns in both Google Cloud and AWS data. These features extend Security Command Center Enterprise threat detection to let you identify more threat patterns in additional cloud environments.
See Overview of Cloud Threats Category, for information about available curated detections and the required data for each rule set.
For information about how to ingest data required by these rule sets, see the following:
- Ingest AWS data
- Google Cloud data: You configured the Google Cloud data ingestion during the Security Command Center Enterprise tier activation process. To change the configuration of Google Cloud data ingestion, see Ingest Google Cloud data.
For information about how to use curated detections, see Getting started with curated detections.
What's next
- If you purchased Mandiant Hunt as an add-on to Security Command Center Enterprise tier, Mandiant will provision access to the Mandiant documentation portal where you can find onboarding steps in the Getting Started Guide for Mandiant Hunt for Chronicle. If you have not purchased Mandiant Hunt and are interested in learning more about this offering, see Mandiant Hunt or contact your account team.
- Review rule sets in the Cloud Threats category.
Ingest the following data to the Google Security Operations component: