What is a Remote Agent?

The Remote Agent provides a secure way to connect a cloud Google Security Operations instance to remote sites. This provides MSSP and enterprise Security Operations Centers with the following capabilities:

• Execute actions and playbooks on remote sites directly from Google SecOps
• Pull alerts and security data from remote sites with remote connectors
• Connect to remote networks to pull data for incident response purposes

The Remote Agents infrastructure consists of 2 main components:

Google SecOps Platform
Deployment of Google SecOps platform to consolidate all security alerts in one place, and orchestrate security and network products with automated workflows. 

Google SecOps Agent
A remote agent deployed on the remote site. The agent pulls new tasks from Google SecOps, executes remotely (on the remote\separate network) and updates Google SecOps with the results.
The agent is easily deployed and lets both enterprise and MSSP end-customers to self deploy it.
The agent can initiate communication with Google SecOps to get new commands and to send new alerts and data.

Agent notifications

Agent notifications—such as alerts for new agent versions and agent downtime—are enabled by default. Notifications for agent downtime are triggered when a remote agent has been down for more than 90 seconds. You can opt out of these notifications at any time from your user preferences.

For more information about downtime notifications and high availability, see Deploy high availability in remote agents.

Opt out of notifications

1. Click your user avatar and choose User Preferences.
2. Click Notifications.
3. Clear the checkbox next to Remote Agents to stop receiving notification alerts.