User Groups
Events

Create topic
Login

💥 Announcing M-Trends 2026 Report 💥

Full Details

Welcome to the Google Cloud Security Community!

Got a question? Need an answer? Let's connect!

Security Forums

Q&A, discussions, share, network

Resource Center

Your learning hub for all things security

User Groups

Join a local meetup!

Events

Discover, RSVP, connect

Featured Blogs

You wont want to miss these articles

Protecting Customers in Record Time: Google Security Operations and Mandiant’s Response to the Axios npm Supply Chain Attack

Authors: Ed Murphy, Group Product Manager, Managed DefenseAndre Alfred, Sr. Director, Managed Solutions Mandiant Threat Defense: AI-Powered Threat Def...

Forum|Forum|2 days ago

2880

Catching the Uncatchable: True Composite Detections for Advanced Persistent Threats

Author: David Nehoda, Technical Solutions Consultant What We're SolvingAdvanced Persistent Threats don't announce themselves with a single loud alert....

Forum|Forum|6 days ago

2361

Automated Malware Triage and Analysis with Google Agentic Threat Intelligence

Blog Authors: Ofir Rozmann, Principal Researcher, Google Threat Intelligence GroupDaniel Kapellmann Zafra, Intel Strategy Lead, Google Threat Intellig...

Forum|Forum|10 days ago

2500

Recent activity
Help others
Categories

atanu2531Bronze 1

Security Validation

time of deploy of GKE cluster and pods , based filter

logs and deployment instances should be filtered with time

10

23 minutes ago

harshal.thakorBronze 1

Google Security Operations

Can I publish my SecOps SIEM custom integration in Content Hub?

I have few questions about submission process for the SecOps SIEM custom integration:Can I publish my SecOps SIEM custom integration in Content Hub? It is containing these componants: Ingestion Script Dashboard Detection Rules Search Queries

110

2 hours ago

KragekjaerNew Member

Google Security Operations

No response, suspended Google Cloud Project

Project id: project-5580276092549813950My project got suspended 5. april, due to misuse of some keys.I have filed an appeal, taking actions on how to prevent this from happening again. But I do not get any response at all.Now observing users are drop

323

2 hours ago

vince5959New Member

Google Security Operations

Urgent – Google Cloud Project Suspended (ACCOUNT_HIJACKED) – Business Impact

Hello,My Google Cloud project has been suspended due to a security issue (ACCOUNT_HIJACKED).I fully understand the situation and I am ready to take all necessary actions to secure the project. However, I currently do not have access to the project an

838

3 hours ago

R

rakesh.shresthaNew Member

Security Command Center

Urgent: GCP Project Suspended for Resource Hijacking - Unable to Access IAM to Rotate Leaked Keys

Hello everyone,I am seeking urgent guidance regarding a GCP project suspension. My account was recently suspended, and I received an email stating that the project was engaged in abusive activity consistent with "hijacked resources."The Situation:Acc

2271

4 hours ago

ak3696New Member

Google Threat Intelligence

URGENT: Project ZIP-NEW (zip-new-141ba) Suspended for Hijacking - No Response to Appeal after 48h.

My production project is down and suspended for 48h now with no prior notice and no reply for my appeal request. Not sure what to do. We are facing a huge loss. I have audited all my code for any security leak and it is clean. Not sure what happened

422

5 hours ago

ROME MPOFUNew Member

Security Command Center

how to detect cyber criminals and protection against black hat hacker

How to detect cyber security criminals and stop black hat hacker

283

13 hours ago

EP0Bronze 2

Google Security Operations

Case generated with older events

I recently created detection rules that look for possible suspicious activities for a terminated user. The idea was to only escalate when we see these rules fire after the termination timestamp. The logic are not complex, essentially single event rul

444

13 hours ago

tjbanghartNew Member

Google Security Operations

How to restart OAuth Verification process? No email to respond to.

Hello,I am trying to get sensitive scopes enabled on our OAuth application, but the video we previously submitted was deemed insufficient. We now have an updated video ready to submit; however, I have not received any follow-up email to respond to.Wh

90

14 hours ago

Minh hoang70New Member

Cloud Security Foundation

URGENT: Systemic Deadlock Over 22 Days - Support Case #70072588 / Appeal # [removed by moderator] (Academic NLP Project)

Hello, I am seeking a manual escalation from a Community Manager or Admin. I am a Startup EdTech Lead caught in a documented "Infinite Support Loop" that has halted our academic research for nearly three weeks.The Deadlock: Trust & Safety (Case #

20

16 hours ago

atanu2531Bronze 1

Security Validation

time of deploy of GKE cluster and pods , based filter

logs and deployment instances should be filtered with time

10

23 minutes ago

harshal.thakorBronze 1

Google Security Operations

Can I publish my SecOps SIEM custom integration in Content Hub?

I have few questions about submission process for the SecOps SIEM custom integration:Can I publish my SecOps SIEM custom integration in Content Hub? It is containing these componants: Ingestion Script Dashboard Detection Rules Search Queries

110

2 hours ago

KragekjaerNew Member

Google Security Operations

No response, suspended Google Cloud Project

Project id: project-5580276092549813950My project got suspended 5. april, due to misuse of some keys.I have filed an appeal, taking actions on how to prevent this from happening again. But I do not get any response at all.Now observing users are drop

323

2 hours ago

vince5959New Member

Google Security Operations

Urgent – Google Cloud Project Suspended (ACCOUNT_HIJACKED) – Business Impact

Hello,My Google Cloud project has been suspended due to a security issue (ACCOUNT_HIJACKED).I fully understand the situation and I am ready to take all necessary actions to secure the project. However, I currently do not have access to the project an

838

3 hours ago

R

rakesh.shresthaNew Member

Security Command Center

Urgent: GCP Project Suspended for Resource Hijacking - Unable to Access IAM to Rotate Leaked Keys

Hello everyone,I am seeking urgent guidance regarding a GCP project suspension. My account was recently suspended, and I received an email stating that the project was engaged in abusive activity consistent with "hijacked resources."The Situation:Acc

2271

4 hours ago

EP0Bronze 2

Google Security Operations

Case generated with older events

I recently created detection rules that look for possible suspicious activities for a terminated user. The idea was to only escalate when we see these rules fire after the termination timestamp. The logic are not complex, essentially single event rul

444

13 hours ago

tjbanghartNew Member

Google Security Operations

How to restart OAuth Verification process? No email to respond to.

Hello,I am trying to get sensitive scopes enabled on our OAuth application, but the video we previously submitted was deemed insufficient. We now have an updated video ready to submit; however, I have not received any follow-up email to respond to.Wh

90

14 hours ago

MikelSABronze 2

Google Security Operations

[Google SecOps SOAR] Automatically escalate severity when same entity has 3+ alerts within a time window — best approach?

Use caseWe want to implement a mechanism in Google SecOps (Chronicle SOAR) where, if the same entity (user, IP, or host) accumulates 3 or more alerts within a given time window (e.g. last 24h), the severity is automatically escalated to High — regard

254

21 hours ago

Alex3Lee5New Member

Google Security Operations

Enrichment proccess

Hello,I have integrated the Azure Organizational Context and noticed that some log sources are now being enriched based on this data. For example, my Netskope logs are successfully using principal.user.userid for enrichment.However, in other log sour

282

22 hours ago

manoj610New Member

Google Security Operations

Converting Decimal IP Address to Standard Format in Google SecOps Parser

Hello Team,I am working with logs in Google SecOps where the IP address fields (such as SourceIPV4, TargetIPV4, and AnalyzerIPV4) are received in decimal (integer) format instead of the standard dotted IPv4 format.For example:750176699 → expected to

422

22 hours ago

Security Forums

Welcome to the Google Cloud Security Forums! Your ultimate security conversation spot. Collaborate with peers and experts to solve challenges, together.

Google Security Operations

2795 topics

Google Threat Intelligence

89 topics

Security Command Center

74 topics

Security Validation

117 topics

Fraud Defense (reCAPTCHA)

298 topics

Cloud Security Foundation

40 topics

Stay Informed

News & Announcements

129 topics

Getting Started

New to the Google Cloud Security Community? Our resources page has everything you need to get started! Find helpful information on account registration, navigating the community, and sharing your valuable feedback.