SIEM table of contents
You can return to this table of contents at any time by clicking
at the top of documents that are for SIEM.
Google SecOps SIEM
Quickstart: Investigate an alert
Onboarding to Google SecOps
Configure Google Cloud project for Google SecOps
Configure an identity provider
Configure a Google Cloud identity provider
Configure a third-party identity provider
Configure feature access control using IAM
Google SecOps permissions in IAM
Link Google SecOps to Google Cloud services
Ingesting data
Supported data sets and default parsers
Ingest data to Google SecOps
Install and configure forwarders
Overview of Google SecOps forwarders
Google SecOps forwarder for Linux
Google SecOps forwarder for Windows on Docker
Google SecOps forwarder executable for Windows
Manage forwarder configurations through Google SecOps
Troubleshoot common Linux forwarder issues
Set up data feeds
Create and manage feeds using the feed management UI
Create and manage feeds using the feed management API
Use ingestion scripts deployed as cloud functions
Ingest logs from specific sources
Ingest from Google Cloud
Configure Google Cloud ingestion
Collect Google Cloud Firewall logs
Collect Google Cloud Load Balancing logs
Collect Google Kubernetes Engine logs
Send Google Workspace data to Google SecOps
Collect Chrome management logs
Collect reCAPTCHA Enterprise logs
Collect Security Command Center findings
Collect OneLogin Single Sign-On (SSO) logs
Install Carbon Black Event Forwarder
Collect Cisco ASA firewall logs
Ingest from Jamf
Collect Linux auditd and Unix system logs
Ingest from Microsoft
Collect Microsoft Windows AD data
Collect Microsoft Windows DHCP data
Collect Microsoft Windows DNS data
Collect Microsoft Windows Event data
Collect Microsoft Windows Sysmon data
Collect Palo Alto Networks firewall logs
Collect SentinelOne Cloud Funnel logs
Monitor data ingestion
Use Data Ingestion and Health dashboard
Use Cloud Monitoring for ingestion notifications
Work with Google SecOps parsers
Overview of the Unified Data Model
Manage prebuilt and custom parsers
Important UDM fields for parser data mapping
Tips and troubleshooting when writing parsers
How Google SecOps enriches event and entity data
Detecting threats
Monitor for events using rules
View rules in the Rules Dashboard
Manage rules using Rules Editor
View previous versions of a rule
Run a rule against historical data
Create context-aware analytics
Overview of context-aware analytics
Use Cloud Sensitive Data Protection data in context-aware analytics
Use context-enriched data in rules
Risk analytics
Use the Risk Analytics dashboard
Create rules for Risk Analytics
Specify entity risk score in rules
Work with curated detections
Use curated detections to identify threats
Overview of Cloud Threats category
Overview of Linux Threats category
Overview of Risk Analytics for UEBA category
Overview of Windows Threats category
Overview of Applied Threat Intelligence curated detections
Verify data ingestion using test rules
Applied Threat Intelligence
Applied Threat Intelligence overview
Applied Threat Intelligence prioritization
View IOCs using Applied Threat Intelligence
Applied Threat Intelligence fusion feed overview
About the YARA-L language
Investigating threats
View Alerts
Searching for data
Use contex-enriched fields in UDM search
Use UDM Search to investigate an entity
Using investigative views
View information from VirusTotal
Filtering data in investigative views
Overview of procedural filtering
Filter data in IP Address view
Reporting
Use context-enriched data in reports
Work with custom dashboards
Import and export Google SecOps dashboards
Administration
Administer users
Configure feature access control using IAM
Configure data access control
Impact of data RBAC on Google SecOps features
Configure data RBAC for reference lists
Google SecOps permissions in IAM
Set up data feeds
Google Analytics in Google SecOps