New to Google SecOps: What Difference Does It Make?
Learn how to apply the function timestamp.diff to calculate the difference in specific time units within your datasets and how it differs from calculating differences using mathematical operations!
Blog Articles
Password leaks are exploding: How reCAPTCHA's Password Leak Detection (PLD) tool can protect you
Password leaks are exploding! 🚀 Secure your users with reCAPTCHA's Password Leak Detection tool. 🛡️ Stop account takeovers & fraud. Learn more!
Guide to using Ingestion Scripts with Google Security Operations
Streamline your log ingestion with Google Security Operations! Leverage our pre-built Cloud Run functions and simplify security data collection. Learn how in this guide.
Finding Malware: Detecting GOOTLOADER with Google Security Operations.
Learn about GOOTLOADER infection chain and detection opportunities.
New to Google SecOps: Time After Time
Learn how to use the timestamp.truncate function to easily aggregate or bucket today in your searches and rules for investigating and hunting!
Google Threat Intelligence Q3, 2024 Feature Roundup
This third quarter of 2024, Google Threat Intelligence continued to deliver on the three pillars of our strategy: world class threat intelligence, turnkey operationalization, and proactive and continuously up-to-date
Tie Fighter at 12'o clock
Learn about the origins of Technique Inference Engine and how to use it to improve incident investigations, analysis, real-time investigation guidance, advanced detections and improved ATT&CK operationalizations.
Google Security Operations, Q3, 2024 Feature Roundup
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
Securing Your CI/CD Pipeline: Eliminate Long-Lived Credentials with Workload Identity Federation (3)
Learn how to defend against attackers stealing credentials from your CI/CD pipelines by using Workload Identity Federation and Google SecOps.
New to Google SecOps: Domain and Hostname Extraction is NOT Like Pulling Teeth
Learn how string functions like strings.extract_hostname and strings.extract_domain and be used to easily grab portions of strings and use them in searches and rules in Google SecOps to streamline your hunts, detections and investigations!
Securing Your CI/CD Pipeline: Eliminate Long-Lived Credentials with Workload Identity Federation (2)
Learn how to defend against attackers stealing credentials from your CI/CD pipelines by using Workload Identity Federation and Google SecOps.
Securing Your CI/CD Pipeline: Eliminate Long-Lived Credentials with Workload Identity Federation (1)
Learn how to defend against attackers stealing credentials from your CI/CD pipelines by using Workload Identity Federation and Google SecOps.
Monitoring for Unexpected Rule Changes in Google Security Operations (2 of 2)
Learn how to detect unexpected changes to your rules in Google SecOps before they can impact your defenses.
New to Google SecOps: Time, Time, Time, See What’s Become of Me…
Learn how two time functions get_timestamp and as_unix_seconds can be used to more easily work with data/time values in Google SecOps as you hunt, investigate and build detections!
Monitoring for Unexpected Rule Changes in Google Security Operations (1 of 2)
Learn how to detect unexpected changes to your rules in Google SecOps before they can impact your defenses
Practical Techniques for Monitoring Your Security Data Pipeline (2 of 2)
Learn how to proactively monitor your security data pipeline with Google SecOps and ensure your team isn't blindsided by missing logs or malicious activity going unnoticed.
Practical Techniques for Monitoring Your Security Data Pipeline (1 of 2)
Learn how to proactively monitor your security data pipeline with Google SecOps and ensure your team isn't blindsided by missing logs or malicious activity going unnoticed.
Finding Malware: Unveiling RECORDSTEALER with Google Security Operations
Learn about and the detection opportunities within Google Security Operations.
New to Google SecOps: What's in a String?
In our latest New to Google SecOps blog, we are going to introduce three string functions that can be used to easily find and extract values within a string for use in threat hunting and detection engineering!
Beyond the Matrix
Drowning in a sea of ATT&CK techniques? Feeling lost in the matrix? This article reveals the secret to harnessing ATT&CK's true power and transforming your security operations from chaos to clarity.
New to Google SecOps: Turning Strings into Integers for Statistical Analysis
In our latest New to Google SecOps blog, we are going to introduce two string functions that can be used to convert string values to integers which will then be used in statistical analysis.
Developing Baseline Testing for New Security Validation Deployments
This blog explores three key use cases for how to do baseline testing in Mandiant Security Validation (MSV) - focusing on endpoint core controls, egress testing, and lateral movement, as well as provides a step-by-step guide to quickly build baselines for each use case.
Detecting Impossible Travel, with Google SecOps: Part 2
Explore creating a Playbook in Google SecOps to summarize Impossible Travel detections.
New to Google SecOps: New Statistical Functions in Search and Rules For Your Toolbox
Learn how new functions in Google SecOps can be used to calculate mean, median, mode, standard deviation and variance in rules and search
Finding Malware: Unveiling NUMOZYLOD with Google Security Operations
Learn about and the detection opportunities within Google Security Operations
Detecting Impossible Travel, with Google SecOps: Part 1
Explore creating a YARA- L rule in Google SecOps to detect Impossible Travel.
Your Roadmap to Secure AI: A Recap
Gen AI brings transformative potential, but also introduces complex challenges. Organizations must prioritize governance, security, and continuous learning to successfully navigate Gen AI adoption and unlock its full potential. Use our roadmap to plan this!
Google Security Operations, Q2, 2024 Feature Roundup
Check out what's new in Google Security Operations with a breakdown of key features delivered by quarter.
Bulk closing alerts with Python and the Google Security Operations API
This article explains how to bulk close alerts with the Google Security Operations API. It provides step-by-step instructions and Python client code for closing a list of alerts triggered by a given detection rule.
How to craft an Acceptable Use Policy for gen AI (and look smart doing it)
Looking to design your own “building code” or gen AI through an internal Acceptable Use Policy (AUP)? The way that you shape and evolve your AUP can help establish a shared understanding in your organization about the values and principles that govern gen AI, which can be increasingly important as widespread adoption and everyday use become more common.
