Skip to main content

User Groups
Events

Create topic
Login

Community Webinar: Build Once, Enrich Everywhere: Architecting Resilient, Modular Playbooks for Scal...

(Wed, May 13, 2:00 PM)

Security Forums

Welcome to the Google Cloud Security Forums! Your ultimate security conversation spot. Collaborate with peers and experts to solve challenges, together.

Google Security Operations

SecOps starts here! Q&A, ask, share, connect.

Google Threat Intelligence

Google Threat Intelligence chat space. Inquire, contribute, pass it on.

Security Command Center

SCC questions? Join in, discuss, solve together.

Security Validation

Security Validation forum: Engage, be curious, stay up to date

Fraud Defense (reCAPTCHA)

Fraud Defense (reCAPTCHA) troubleshooting. Find out the answers together.

Cloud Security Foundation

Join the discussion. Post, diagnose, get the latest.

Recently active
Help others

NASEEFSilver 2

Google Security Operations

The curated rule "Extortion Email Detected via Subject Keywords" is not triggering alerts (alerting is turned on for that rule for both precise and broad), even though creating an equivalent rule manually results in successful detections.

hello Team ,I’m observing that the curated rule “Extortion Email Detected via Subject Keywords” is not generating any alerts in my environment even though alerting is turned on for that rule for both precise and broad. However, when I create a custom

ar3diuSilver 2

Google Security Operations

IAM Role Mapping in Chronicle SOAR for Google Groups

How can we use group email addresses to assign permission groups and SOC roles in SOAR regardless of what IAM roles they were given in the project IAM? (e.g. Two groups with the same IAM role but who should have different permissions and SOC Roles in

Manoj KanadiNew Member

Google Security Operations

Google SecOps Custom parser not getting validated

I have created a new(custom) log type, Then created a custom parser for that specific log type.When I try to parse the log on UI, I get the correct UDM mapping. But when I try to send logs from the python script and check from Investigation > SIEM

arv261095New Member

Google Security Operations

microsoft graph email response integration upgrade to latest version in goolge secops

Anyone has any idea what the below snapshot refers to:I am trying to upgrade an older microsoft graph mail to latest versionDoes it mean entering the parameters in this instance itself by clicking on configure or is it referring to some other conne

NASEEFSilver 2

Google Security Operations

The curated rule "Extortion Email Detected via Subject Keywords" is not triggering alerts (alerting is turned on for that rule for both precise and broad), even though creating an equivalent rule manually results in successful detections.

hello Team ,I’m observing that the curated rule “Extortion Email Detected via Subject Keywords” is not generating any alerts in my environment even though alerting is turned on for that rule for both precise and broad. However, when I create a custom

ErikaBCommunity Manager

Google Security Operations

Agentic SOC Workshops 2026

Hey Community, Due to popular demand, we are excited to announce our 2026 Agentic SOC workshop series! Building on the success of our 2025 program, which trained over 600 practitioners, we will have something new for everyone. We are building the n

bobsporcleNew Member

Google Security Operations

Project Sporcle-952 Disabled 14 Days - False Positive Traffic Spike - Stuck in Appeal Loop

Project ID: Sporcle-952Case ID: Y5I2DIE6LAEXFVEE6GLENYG37QDuration: 14 days without a human response.The Issue: Suspected credential leak. However, we observed a legitimate traffic spike from our mobile app, Sporcle Party, on Wednesday, April 15th w

Google Security Operations

Building custom SecOps agents in Gemini Enterprise (Cloud Next '26 link roundup)

Here are links to the things my team spoke about at Google Cloud Next '26 in John Stoner's workshop on Tuesday, all week in the Learn Pod on the expo floor, and in a breakout session on Friday. We demonstrated custom security operations agents in Gem

dandelion608Bronze 1

Fraud Defense (reCAPTCHA)

Where in the cloud console can I see what type of recaptcha we have?

I am slowly but surely working on migrating my many clients to the new reCAPTCHA area in the Cloud Console. Sometimes I have been able to upgrade from a classic key and sometimes I had to start fresh. When working in websites, and adding the recaptc

donkosBronze 1

Google Security Operations

Querying data tables via the GoogleChronicle SOAR integration

I have an playbook that extracts IOCs from an email, and then adds them to reference lists. These lists are then referred in stats UDM queries that are executed using the marketplace “Execute UDM Query” action in the Google Chronicle.Reference lists

NASEEFSilver 2

Google Security Operations

The curated rule "Extortion Email Detected via Subject Keywords" is not triggering alerts (alerting is turned on for that rule for both precise and broad), even though creating an equivalent rule manually results in successful detections.

hello Team ,I’m observing that the curated rule “Extortion Email Detected via Subject Keywords” is not generating any alerts in my environment even though alerting is turned on for that rule for both precise and broad. However, when I create a custom

Manoj KanadiNew Member

Google Security Operations

Google SecOps Custom parser not getting validated

I have created a new(custom) log type, Then created a custom parser for that specific log type.When I try to parse the log on UI, I get the correct UDM mapping. But when I try to send logs from the python script and check from Investigation > SIEM

arv261095New Member

Google Security Operations

microsoft graph email response integration upgrade to latest version in goolge secops

Anyone has any idea what the below snapshot refers to:I am trying to upgrade an older microsoft graph mail to latest versionDoes it mean entering the parameters in this instance itself by clicking on configure or is it referring to some other conne

NASEEFSilver 2

Google Security Operations

The curated rule "Extortion Email Detected via Subject Keywords" is not triggering alerts (alerting is turned on for that rule for both precise and broad), even though creating an equivalent rule manually results in successful detections.

hello Team ,I’m observing that the curated rule “Extortion Email Detected via Subject Keywords” is not generating any alerts in my environment even though alerting is turned on for that rule for both precise and broad. However, when I create a custom

bobsporcleNew Member

Google Security Operations

Project Sporcle-952 Disabled 14 Days - False Positive Traffic Spike - Stuck in Appeal Loop

Project ID: Sporcle-952Case ID: Y5I2DIE6LAEXFVEE6GLENYG37QDuration: 14 days without a human response.The Issue: Suspected credential leak. However, we observed a legitimate traffic spike from our mobile app, Sporcle Party, on Wednesday, April 15th w

dandelion608Bronze 1

Fraud Defense (reCAPTCHA)

Where in the cloud console can I see what type of recaptcha we have?

I am slowly but surely working on migrating my many clients to the new reCAPTCHA area in the Cloud Console. Sometimes I have been able to upgrade from a classic key and sometimes I had to start fresh. When working in websites, and adding the recaptc

donkosBronze 1

Google Security Operations

Querying data tables via the GoogleChronicle SOAR integration

I have an playbook that extracts IOCs from an email, and then adds them to reference lists. These lists are then referred in stats UDM queries that are executed using the marketplace “Execute UDM Query” action in the Google Chronicle.Reference lists

JHapplovinNew Member

Google Security Operations

Claude Code Parsers

Before I reinvent the wheel here, has anyone created a custom parser for Claude Code they’re willing to share?

BriMstoneBronze 1

Google Security Operations

Use metrics functions for Risk Analytics rules | target.user.userid, principal.ip_geo_artifact.network.organization_name

I have the following rule, but the $historical_threshold_network_success and $historical_threshold_state_success are not counting the historical networks or states, leading to FPs where the detection triggers for user’s where the $historical_threshol

StefanPopaBronze 1

Google Security Operations

Ingesting Ironscales alerts into SecOps

Hi,We want to fetch Ironscales alerts into our SecOps instance. When I visit the Google Chronicle integrations page, it redirects me to the documentation below, but I don't see an actual connector available to configure:https://docs.cloud.google.com/

Unsolved Topics

Can you help?

The curated rule "Extortion Email Detected via Subject Keywords" is not triggering alerts (alerting is turned on for that rule for both precise and broad), even though creating an equivalent rule manually results in successful detections.

2

IAM Role Mapping in Chronicle SOAR for Google Groups

5

Google SecOps Custom parser not getting validated

4

microsoft graph email response integration upgrade to latest version in goolge secops

5

The curated rule "Extortion Email Detected via Subject Keywords" is not triggering alerts (alerting is turned on for that rule for both precise and broad), even though creating an equivalent rule manually results in successful detections.

0

Community Leaders

The leaderboard is currently empty. Contribute to the community to earn your spot!

The leaderboard is currently empty. Contribute to the community to earn your spot!

Powered by Gainsight

Terms & ConditionsAccessibility statement

Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.

Sign up

Already have an account? Login

Login with SSO

Login to the community

Login with SSO

Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.

Enter your e-mail address

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

OK

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

OK