User Groups
Events

Create topic
Login

Community Webinar: Mastering the Art of Advanced IOC Searches in Google Threat Intelligence

(Wed, Apr 15, 2:00 PM)

Community

Ask questions, get answers and engage with your peers

Home
Community

Explore the community

Join conversations, learn and grow with people who get community like you

Security Forums

6 Categories
3375 topics

Stay Informed

1 Category
129 topics

Getting Started

1 Category
11 topics

Is this type of SIEM needs agents to be installed on the client host?

I will like to know, if this type of SIEM needs agents to be installed on the client host?

E

Forum|Forum|4 years ago

71

Recently active
Help others
Categories

S

sofnNew Member

Google Security Operations

We're looking to ingest IRU and Kandji logs into our Google SecOps environment but can't find any related documentation. What's the recommended approach for this integration?

50

S

4 hours ago

donkosBronze 1

Google Security Operations

Emerging Threats - Integrate with SOAR?

Is there any way we can integrate Emerging Threats with SOAR so that if an IOC match is found it creates a SOAR case?

284

5 hours ago

LenaLSGBronze 2

Google Security Operations

Playbook Triggering Based on Case State, Alert Changes, and Enrichment Context

At present, playbooks can only be triggered based on information available at the time a case is created, such as initial case fields or other creation‑time metadata. This is a significant limitation, as it prevents triggering playbooks based on late

543

8 hours ago

SheikStaff

Community Blog

Switching Google’s role with reCAPTCHA from Data Controller to Data Processor

We are excited to announce that reCAPTCHA is switching from a “data controller” offering to a “data processor” offering on April 2, 2026 and will begin processing reCAPTCHA data in alignment with other Google Cloud services. With this switch, custome

9056350

10 hours ago

sbxStaff

Community Blog

Empowering Fraud Analysts with Forensic Intelligence from Login to Transactions

Author: Saurabh Bhasin, Senior Product Manager Enterprises are navigating the shift from scripted, volumetric attacks to sophisticated, globally coordinated fraud rings that target the entire customer journey. As AI-assisted tactics enable fraudsters

37952

1 day ago

KyHudBronze 2

Google Security Operations

SOAR Platform Unavailable - No current fix from Support

Hi All,First may I apologise for the incorrect place for this topic - but right now I feel completely out of options.Our production SOAR instance became unresponsive yesterday around 13:45BST (503 errors from a number of API’s meaning we can’t authen

720

2 days ago

jstonerCommunity Manager

Community Blog

New to Google SecOps: Integrating Entra ID and Office 365 Using Feed Management (Part 3)

In our previous two blogs (Part 1 and Part 2), we discussed how to set up and configure an application in Entra ID and assign permissions to access Entra ID and Office 365 events. You might be thinking at this point, I’m here to work with Google SecO

8897

2 days ago

matthewnicholsCommunity Manager

News & Announcements

Hello, Cloud Security Enthusiast! 👋 Introduce Yourself!

Hey Everyone!Welcome to the Google Cloud Security Community! We want to kick things off by getting to know each other better. This space is all about connecting, sharing, solving, and building the future of cloud security – and that journey starts wi

134958

2 days ago

chuvakinStaff

News & Announcements

Community Contest: Create and Share Your Security Gemini Gems

Create and Share Your Security Gemini Gems We're launching a new Community challenge, and this time you not only have a chance to win Google swag, but to also be featured on the Google Cloud Security podcast with Anton Chuvakin and Timothy Peacock. T

300416

3 days ago

Alex3Lee5New Member

Google Security Operations

How to define the same index array

I have an Azure log that contains multiple policy validations. Each validation generates an object inside an array with rule_name and result.All this information is parsed in SecOps as security_result, so now I have a security_result field with two o

182

3 days ago

S

sofnNew Member

Google Security Operations

We're looking to ingest IRU and Kandji logs into our Google SecOps environment but can't find any related documentation. What's the recommended approach for this integration?

50

S

4 hours ago

donkosBronze 1

Google Security Operations

Emerging Threats - Integrate with SOAR?

Is there any way we can integrate Emerging Threats with SOAR so that if an IOC match is found it creates a SOAR case?

284

5 hours ago

LenaLSGBronze 2

Google Security Operations

Playbook Triggering Based on Case State, Alert Changes, and Enrichment Context

At present, playbooks can only be triggered based on information available at the time a case is created, such as initial case fields or other creation‑time metadata. This is a significant limitation, as it prevents triggering playbooks based on late

543

8 hours ago

KyHudBronze 2

Google Security Operations

SOAR Platform Unavailable - No current fix from Support

Hi All,First may I apologise for the incorrect place for this topic - but right now I feel completely out of options.Our production SOAR instance became unresponsive yesterday around 13:45BST (503 errors from a number of API’s meaning we can’t authen

720

2 days ago

Alex3Lee5New Member

Google Security Operations

How to define the same index array

I have an Azure log that contains multiple policy validations. Each validation generates an object inside an array with rule_name and result.All this information is parsed in SecOps as security_result, so now I have a security_result field with two o

182

3 days ago

soargeekexplorerBronze 1

Google Security Operations

Google Chronicle API Isssue

I need to create Google Chronicle API instance using workload identity but I am getting permission denied error “unable to acquire impersonated credentials”.iam.serviceAccountTokemCreator has already been provided.Still getting the error.Request mor

956

4 days ago

sinjiniBronze 1

Cloud Security Foundation

[Cloud Armor] Seeking Terraform/gcloud snippets for API tuning & Postman false positives

Hi everyone,We are looking for Terraform templates, gcloud scripts, or proven configuration snippets suggested by GCP to optimize our GCP Cloud Armor setup. We want to avoid manual, granular signature allowlisting, as it isn't scalable and risks broa

120

4 days ago

SanzzBronze 1

Google Security Operations

how to display the additional fields from datatable in dashboard query

Hi, I have created the datatables, one field is ip ranges which is values and its data type is string and another filed is its respective sitename Query :case.alerts.entities.type = "ADDRESS"$ip = case.alerts.entities.identifier$ip in %Test.ValueMatc

464

4 days ago

rpdt

Google Security Operations

CrowdStrike Falconstream Logs

What is the difference between collecting the CrowdStrike Falcon logs vs the CrowdStrike FalconStream logs? I notice there are parsers for both, but was wondering whether one provided any particular advantage over the other? We are after the logs whi

261

4 days ago

JillieNew Member

Google Security Operations

Project Launch: Building a Least-Privilege Auditor (Feedback Appreciated!)

Hi everyone,I’m currently in the process of setting up my Google Cloud environment and awaiting my monthly innovator credits. In the meantime, I’m not letting the grass grow under my feet! I’m kicking off my first security-focused project: The Autom

120

4 days ago

Security Forums

Welcome to the Google Cloud Security Forums! Your ultimate security conversation spot. Collaborate with peers and experts to solve challenges, together.

Google Security Operations

2773 topics

Google Threat Intelligence

85 topics

Security Command Center

71 topics

Security Validation

115 topics

reCAPTCHA

294 topics

Cloud Security Foundation

37 topics

Stay Informed

News & Announcements

129 topics

Getting Started

New to the Google Cloud Security Community? Our resources page has everything you need to get started! Find helpful information on account registration, navigating the community, and sharing your valuable feedback.