The following diagram illustrates how your security data can flow into
Google Security Operations and how Google SecOps handles that data and prepares it
for analysis using the Google SecOps user interface.
Flow and processing of customer security data to Google SecOps
Google SecOps processes customer security data as follows:
Google SecOps retrieves security data stored in a cloud service (such
as Amazon S3 or Google Cloud). The data is encrypted while in transit
to Google SecOps.
Google SecOps logically segregates and stores your security data into
your account in an encrypted form. Data is accessed by the customer only, plus
a limited number of Google personnel as necessary to support, develop, and
maintain the product.
Google SecOps parses and validates the raw security data, making data
easier to process and display.
Google SecOps indexes the data to make it easier to search.
Google SecOps stores parsed and indexed data in an encrypted form within
each account.
You log in to your account to search and review your security data.
Google SecOps searches for matches between your security data and the
VirusTotal malware database. In a Google SecOps event view, such as Asset
view, click VT Context
to display information from VirusTotal. Your security data is never shared with
VirusTotal.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-01 UTC."],[[["Google Security Operations retrieves security data from cloud services like Amazon S3 or Google Cloud, ensuring it is encrypted during transit."],["The service segregates and stores customer security data within their accounts in an encrypted format, accessible only to the customer and authorized Google personnel."],["Raw security data is parsed, validated, and indexed to enhance processing and search capabilities within Google Security Operations."],["Google Security Operations checks security data against the VirusTotal malware database to enrich data analysis without sharing the customer's security data with VirusTotal."]]],[]]
