Skip to main content

User Groups
Events

Create topic
Login

Community Webinar: Jump-start your MCP journey with the Google Security Community!

(Wed, Apr 1, 3:00 PM)

Security Forums

Welcome to the Google Cloud Security Forums! Your ultimate security conversation spot. Collaborate with peers and experts to solve challenges, together.

Google Security Operations

SecOps starts here! Q&A, ask, share, connect.

Google Threat Intelligence

Google Threat Intelligence chat space. Inquire, contribute, pass it on.

Security Command Center

SCC questions? Join in, discuss, solve together.

Security Validation

Security Validation forum: Engage, be curious, stay up to date

reCAPTCHA

reCAPTCHA troubleshooting. Find out the answers together.

Cloud Security Foundation

Join the discussion. Post, diagnose, get the latest.

Recently active
Help others

AnimSparrowBronze 2

Google Security Operations

Prompt / Instruction to analyst with dynamic input

Hello,Is there any options to show pending action to user with dynamic field inside?I know how to create IDE that will prompt user with plaintext, same as Flow > Instruction. But is there any option to prompt user with something dynamic? Even as a

adameehanNew Member

Security Validation

Strategic Proposal: Neutralizing AI Prompt Injection via Recursive Honey-potting Submitted by: Adam Eehan Reference ID: VRP 493408185 Topic: Active Cyber-Defense & AI Security

Strategic Proposal: Neutralizing AI Prompt Injection via Recursive Honey-pottingSubmitted by: Adam EehanReference ID: VRP 493408185Topic: Active Cyber-Defense & AI Security1. The Problem: Prompt InjectionCurrent Large Language Models (LLMs) li

soaruserNew Member

Google Security Operations

Best Way to Integrate Microsoft Defender for Endpoint with Google SecOps (SIEM vs SOAR)?

I’m evaluating integration approaches for ingesting alerts from Microsoft Defender for Endpoint (MDE) into Google SecOps and facing challenges with both SIEM and SOAR options. With Google SecOps SIEM: MDE alerts and their evidences are ingested as

soaruserNew Member

Google Security Operations

How to configure Detection Outcomes Fields for Curated Rules in Google SecOps?

I’m working with curated rules and its triggered alerts in Google SecOps SIEM and trying to better understand how to configure Detection Outcome Fields effectively. As we can’t edit curated rules and if the detection outcome field from the curated ru

Felipe_PintoNew Member

Google Security Operations

SecOps – Page Keeps Loading Indefinitely

After performing the Stage 2 migration of the SOAR environment, we started experiencing intermittent issues when accessing the SecOps (SIEM) web interface.At certain moments, specific pages fail to load and remain stuck in an infinite loading state (

vanitharaj1208Silver 4

Google Security Operations

Native Dashboard Global Filter default filter

Hi All,I wanted to understand how this default filters workwhen i try its not working so i wanted to understand how and where Default filters works if global filter is enabled / disabled

Jsp123Bronze 1

Google Security Operations

From qradar connector all the events fields are not being fetched. Also tried by mentioning the custom event fields in the parameter but didn't worked. need to fetch all the events fields from the offense without custom integration.

From qradar connector all the events fields are not being fetched. Also tried by mentioning the custom event fields in the parameter but didn't worked. need to fetch all the events fields from the offense without custom integration.

BriMstoneNew Member

Google Security Operations

Use metrics functions for Risk Analytics rules | target.user.userid, principal.ip_geo_artifact.network.organization_name

I have the following rule, but the $historical_threshold_network_success and $historical_threshold_state_success are not counting the historical networks or states, leading to FPs where the detection triggers for user’s where the $historical_threshol

darrenswiftStaff

Google Security Operations

Google SecOps - Automating Stale Account Suspensions with Google SecOps and Azure AD

If you manage a large-scale environment, you already know that stale and inactive user accounts are a massive security liability. They expand your attack surface, complicate compliance audits, and are prime targets for account takeover (ATO) attacks.

dfSentinariNew Member

Google Security Operations

Request ingestion key

Hi, We are evaluating with a community edition. During configuration I have received the following message: "Confirm you have an ingestion key: If you haven’t yet received an apikeys.json (or similar) from Google/partner for this Community instance,

AnimSparrowBronze 2

Google Security Operations

Prompt / Instruction to analyst with dynamic input

Hello,Is there any options to show pending action to user with dynamic field inside?I know how to create IDE that will prompt user with plaintext, same as Flow > Instruction. But is there any option to prompt user with something dynamic? Even as a

soaruserNew Member

Google Security Operations

Best Way to Integrate Microsoft Defender for Endpoint with Google SecOps (SIEM vs SOAR)?

I’m evaluating integration approaches for ingesting alerts from Microsoft Defender for Endpoint (MDE) into Google SecOps and facing challenges with both SIEM and SOAR options. With Google SecOps SIEM: MDE alerts and their evidences are ingested as

soaruserNew Member

Google Security Operations

How to configure Detection Outcomes Fields for Curated Rules in Google SecOps?

I’m working with curated rules and its triggered alerts in Google SecOps SIEM and trying to better understand how to configure Detection Outcome Fields effectively. As we can’t edit curated rules and if the detection outcome field from the curated ru

Felipe_PintoNew Member

Google Security Operations

SecOps – Page Keeps Loading Indefinitely

After performing the Stage 2 migration of the SOAR environment, we started experiencing intermittent issues when accessing the SecOps (SIEM) web interface.At certain moments, specific pages fail to load and remain stuck in an infinite loading state (

Jsp123Bronze 1

Google Security Operations

From qradar connector all the events fields are not being fetched. Also tried by mentioning the custom event fields in the parameter but didn't worked. need to fetch all the events fields from the offense without custom integration.

From qradar connector all the events fields are not being fetched. Also tried by mentioning the custom event fields in the parameter but didn't worked. need to fetch all the events fields from the offense without custom integration.

BriMstoneNew Member

Google Security Operations

Use metrics functions for Risk Analytics rules | target.user.userid, principal.ip_geo_artifact.network.organization_name

I have the following rule, but the $historical_threshold_network_success and $historical_threshold_state_success are not counting the historical networks or states, leading to FPs where the detection triggers for user’s where the $historical_threshol

dfSentinariNew Member

Google Security Operations

Request ingestion key

Hi, We are evaluating with a community edition. During configuration I have received the following message: "Confirm you have an ingestion key: If you haven’t yet received an apikeys.json (or similar) from Google/partner for this Community instance,

Heliosfloresempirellc43New Member

Google Security Operations

{ "name": "MDE_Incident_Aggregator_v1.0", "description": "Automatically groups MDE alerts into existing cases based on Incident ID.", "category": "Inbound_Filters", "steps": [ { "id": "check_existing_incident", "type": "Action",

soaruserNew Member

Google Security Operations

Any Limitations of Using Global Context Value for IOC Enrichment Caching in SecOps SOAR?

I’m currently using global context to store enriched IOC data so that when a new case arrives, I can reuse previously enriched results instead of calling enrichment integrations again.This helps reduce API calls and speeds up investigations.However,

matthew12345New Member

Google Security Operations

LLM continues to block my attempts for human intervention

why is there no procedure clear for users with adversarial google LLM persistent harm

Unsolved Topics

Can you help?

Prompt / Instruction to analyst with dynamic input

4

Strategic Proposal: Neutralizing AI Prompt Injection via Recursive Honey-potting Submitted by: Adam Eehan Reference ID: VRP 493408185 Topic: Active Cyber-Defense & AI Security

0

Best Way to Integrate Microsoft Defender for Endpoint with Google SecOps (SIEM vs SOAR)?

2

How to configure Detection Outcomes Fields for Curated Rules in Google SecOps?

0

SecOps – Page Keeps Loading Indefinitely

9

Community Leaders

The leaderboard is currently empty. Contribute to the community to earn your spot!

The leaderboard is currently empty. Contribute to the community to earn your spot!

Powered by Gainsight

Terms & Conditions Cookie settings Accessibility statement

Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.

Sign up

Already have an account? Login

Login with SSO

Login to the community

Login with SSO

Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.

Enter your e-mail address

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

OK

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

OK