Gemini in Google SecOps

Supported in:

For more information about Gemini, large language models (LLMs), and responsible AI, see Gemini for Code. You can also see the Gemini documentation and release notes.

  • Availability: Gemini in Google Security Operations is available globally. Gemini data is processed in the following regions: us-central1, asia-southeast1, and europe-west1. Customer requests are routed to the nearest available region for processing.

  • Pricing: For information about pricing, see Google SecOps pricing.

  • Gemini security: For information about Gemini security features in Google Cloud, see Security with generative AI.

  • Data governance: For information about Gemini data governance practices, see How Gemini for Google Cloud uses your data.

  • Certifications: For information about Gemini certifications, see Certifications for Gemini.

  • SecLM platform: Gemini for Google SecOps uses a range of large language models through the SecLM platform, including the specialized Sec-LM model. Sec-LM is trained on security-focused data sources, including security blogs, threat intelligence reports, YARA and YARA-L detection rules, SOAR playbooks, malware scripts, vulnerability information, product documentation, and other specialized datasets. For more information, see Security with generative AI.

Key features of Gemini in Google SecOps

The following Google SecOps features are powered by Gemini:

Generate search queries

Gemini can help you build, edit, and run searches targeted toward relevant events using natural language prompts. Gemini can also help you iterate on a search, adjust the scope, expand the time range, and add filters. You can use Gemini to generate search queries from the Gemini pane or when using the search query. The search query uses YARA-L 2.0 syntax. For more information, see Generate search queries with Gemini.

Generate a YARA-L rule using Gemini

Use a natural language prompt to generate a YARA-L rule. For more information, see Generate a YARA-L rule using Gemini.

Assistance with threat intelligence and security questions

Gemini can answer general security domain questions. Additionally, Gemini can answer specific threat intelligence questions and provide summaries about threat actors, IOCs, and other threat intelligence topics. For more information, see Assistance with threat intelligence.

Get documentation summaries

Gemini can answer questions about Google SecOps based on the documentation. For more information, see Gemini documentation summaries.

Create and edit a playbook

Use Gemini to create and edit a playbook with prompts. For more information, see Create and edit a playbook with Gemini.

Use the Gemini case summary widget

The case summary widget uses Gemini to present a summary of the case including suggestions to resolve the issue. For more information, see Use the Gemini Summary widget.

Need more help? Get answers from Community members and Google SecOps professionals.