Data ingestion to Google SecOps overview

Supported in:

The following diagram illustrates how your security data can flow into Google Security Operations and how Google SecOps handles that data and prepares it for analysis using the Google SecOps user interface.

Flow and processing of data to Google SecOps

Flow and processing of customer security data to Google SecOps

Google SecOps processes customer security data as follows:

  1. Google SecOps retrieves security data stored in a cloud service (such as Amazon S3 or Google Cloud). The data is encrypted while in transit to Google SecOps.
  2. Google SecOps logically segregates and stores your security data into your account in an encrypted form. Data is accessed by the customer only, plus a limited number of Google personnel as necessary to support, develop, and maintain the product.
  3. Google SecOps parses and validates the raw security data, making data easier to process and display.
  4. Google SecOps indexes the data to make it easier to search.
  5. Google SecOps stores parsed and indexed data in an encrypted form within each account.
  6. You log in to your account to search and review your security data.
  7. Google SecOps searches for matches between your security data and the VirusTotal malware database. In a Google SecOps event view, such as Asset view, click VT Context to display information from VirusTotal. Your security data is never shared with VirusTotal.

Need more help? Get answers from Community members and Google SecOps professionals.