Event Threat Detection

Overview

• CSCC premium feature
• Analyse logs from Cloud Logging in near real-time
  • VPCs flow logs
  • Firewall logs
  • Cloud NAT logs
  • DNS logs
  • Linux system logs
• 25+ rules, e.g.:
  • Malware
  • Crypto mining
  • Outgoing DDoS attacks
  • Port scanning
  • IAM anomalous grants—roles given to members outside the organization
  • Brute force SSH
• Custom rules—run queries on log data exported to BigQuery