The Enterprise tier of Security Command Center lets you apply curated detection rules, detect threats on other cloud platforms, and use cases to manage your investigations.
The curated rules enable you to identify patterns in Google Cloud, AWS, and Azure data. These features extend Security Command Center Enterprise threat detection to let you identify more threat patterns in additional cloud environments.
For general information about how to use curated detections, see Getting started with curated detections.
Curated detections for AWS data
See Overview of Cloud Threats Category for information about available curated detections for AWS data and the required data for each rule set. For information about how to ingest data required by these rule sets, see the following:
- Ingest AWS data
- Google Cloud data: You configured the Google Cloud data ingestion during the Security Command Center Enterprise tier activation process. To change the configuration of Google Cloud data ingestion, see Ingest Google Cloud data.
Curated detections for Microsoft Azure data
See Curated detections for Microsoft Azure and Microsoft Entra ID data for information about available rule sets and the required Azure data.
For information about how to ingest Azure and Microsoft Entra ID data required by these rule sets, see the following:
What's next
If you purchased Mandiant Hunt as an add-on to Security Command Center Enterprise tier, Mandiant will provision access to the Mandiant documentation portal where you can find onboarding steps in the Getting Started Guide for Mandiant Hunt for Chronicle. If you have not purchased Mandiant Hunt and are interested in learning more about this offering, see Mandiant Hunt or contact your account team.
If you are working with AWS data, do the following:
- Review the rule sets for AWS data in the Cloud Threats category.
- Ingest AWS data to the Google Security Operations component.
If you are working with Microsoft Azure and Microsoft Entra ID data, do the following:
- Review the Curated detections for Azure data.
- Ingest Azure and Microsoft Entra ID data to the Google Security Operations component.