Welcome to the Google Cloud Security Community!

Understaing GCP IAM Permissions for SOAR Integrations

I’m working on setting up the Response Integrations for GCP (i.e. Google Cloud Compute, Google Cloud API, etc).I’m missing a piece of knowledge on how GCP role permissions work across the organization.SecOps setup is in GCP project, we’ll call it “Se

362

K

14 hours ago

matthewnicholsCommunity Manager

Community User Eoved Puts New SecOps MCP Server to the Test!

Hey Community! We often think of the power of Community and what we all have to offer each other as we enter into this shared space of knowledge, ideas, questions and connections. Today, I am THRILLED to highlight a masterclass Community user, Eoved

210

14 hours ago

EovedBronze 3

Community Blog

Beyond Chat: Building an Autonomous SOC Analyst with Claude and the Google MCP

This blog post was written by guest author, Eliraz Oved. If you spend your days in the trenches of a Security Operations Center, you already know the struggle: pivoting between screens, writing complex queries, and manually clicking through menus to

2781

15 hours ago

omegaturkeyNew Member

Fraud Defense (reCAPTCHA)

How exactly does ReCaptcha v3 count assesments?

How exactly does ReCaptcha v3 count the number of assessments? Does it happen after calling the /siteverify method on the server side?

60

15 hours ago

donkosBronze 1

Third Party Monitoringvia GTI

I’m looking to set up a process that allows me to monitor a list of vendors and whether they show up in breaches - i.e.search a vendor name, website or email in GTI programmatically via API and see if theyre ivolved in breaches. Is that possible via

312

19 hours ago

arv261095Bronze 1

microsoft graph email response integration upgrade to latest version in goolge secops

Anyone has any idea what the below snapshot refers to:I am trying to upgrade an older microsoft graph mail to latest versionDoes it mean entering the parameters in this instance itself by clicking on configure or is it referring to some other conne

8413

21 hours ago

vince5959New Member

Urgent – Google Cloud Project Suspended (ACCOUNT_HIJACKED) – Business Impact

Hello,My Google Cloud project has been suspended due to a security issue (ACCOUNT_HIJACKED).I fully understand the situation and I am ready to take all necessary actions to secure the project. However, I currently do not have access to the project an

23315

donkosBronze 1

Supplier Monitoring

Does GTI have the capabilities to provide information on third parties that we specify - i.e. we want to track to see if our vendors have been breached - does GTI provide any capabilities via API to query breach info that is collated from open sourc

251

Navigating Google Cloud Project Suspensions and the Appeals Process

ErikaBCommunity Manager

News & Announcements

Hello Community Members, We have noticed an increase in posts regarding Google Cloud/Firebase project suspensions (often due to suspected key misuse or account hijacking). We understand that these suspensions can lead to production outages, and wait

210

Fraud Defense (reCAPTCHA)

omegaturkeyNew Member

How exactly does ReCaptcha v3 count assesments?

How exactly does ReCaptcha v3 count the number of assessments? Does it happen after calling the /siteverify method on the server side?

60

15 hours ago

donkosBronze 1

Third Party Monitoringvia GTI

I’m looking to set up a process that allows me to monitor a list of vendors and whether they show up in breaches - i.e.search a vendor name, website or email in GTI programmatically via API and see if theyre ivolved in breaches. Is that possible via

312

19 hours ago

arv261095Bronze 1

microsoft graph email response integration upgrade to latest version in goolge secops

Anyone has any idea what the below snapshot refers to:I am trying to upgrade an older microsoft graph mail to latest versionDoes it mean entering the parameters in this instance itself by clicking on configure or is it referring to some other conne

8413

21 hours ago

vince5959New Member

Urgent – Google Cloud Project Suspended (ACCOUNT_HIJACKED) – Business Impact

Hello,My Google Cloud project has been suspended due to a security issue (ACCOUNT_HIJACKED).I fully understand the situation and I am ready to take all necessary actions to secure the project. However, I currently do not have access to the project an

23315

donkosBronze 1

Supplier Monitoring

Does GTI have the capabilities to provide information on third parties that we specify - i.e. we want to track to see if our vendors have been breached - does GTI provide any capabilities via API to query breach info that is collated from open sourc

251

yuyaFNew Member

EmailV2 "Wait for Email From User" stays in "In Progress" despite correct configuration

[問題] プレイブックでEmailV2統合を使用してユーザーからの返信を待機していますが、「ユーザーからのメールを待機」アクションが「進行中」の状態で停止し、返信を検出できません。[検証済み構成] ドキュメントに基づいて、以下を検証しました。・認証：Gmail に 16 桁のアプリパスワードを使用しています。「メール送信」と「Ping」アクションは正常に動作しています。・パラメータ：Email Message_idとEmail Dateは、SendEmail.JSONResult.messag

132

fernandoredondoNew Member

Suspended Google Cloud Project — no response 2 weeks later — Urgent

Hi, my Google Cloud/Firebase project was suspended for suspected key misuse (account_hijacked).I submitted an appeal, but after 9 days I still have no response.This is now a production outage: about 1200 paying users cannot log in and trust for my ap

1429

saraNew Member

Can Microsoft Intune logs Via Grpah API only collect audit logs

Hi Team,I wanted to confirm that if we integrate Microsoft Intune logs via graph API, we will only retrieved audit logs? Is there a limitation what we cannot collect other type of Intune logs such as operational and compliance logs ?

191

saraNew Member

Intune Logs via Third-Party Graph API Feed

Hi Google Team,We have successfully integrated Microsoft Intune logs into Google SecOps using a third-party Graph API feed. The feed configuration appears to be working — logs are being ingested and the feed shows a healthy status.However, we've noti

741

NASEEFSilver 2

The curated rule "Extortion Email Detected via Subject Keywords" is not triggering alerts (alerting is turned on for that rule for both precise and broad), even though creating an equivalent rule manually results in successful detections.

hello Team ,I’m observing that the curated rule “Extortion Email Detected via Subject Keywords” is not generating any alerts in my environment even though alerting is turned on for that rule for both precise and broad. However, when I create a custom

353