Google SecOps Integration

Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.

Google SecOps is a cloud service, built as a specialized layer on top of core Google infrastructure, designed so that enterprises can privately retain, analyze and search the massive amounts of security and network telemetry they generate today. Google SecOps normalizes, indexes, correlates, and analyzes the data - against itself and against third party and curated threat signals - to provide instant analysis and context regarding any risky activity.

Some of the platform's key functions:

  • Data Ingestion - Google SecOps can ingest a variety of telemetry types through a forwarder, an ingestion API, other cloud services like Amazon S3 Bucket and via integrations with 3rd party cloud APIs to facilitate ingestion of logs.

  • Data Analysis - The analytical capabilities of Google SecOps are delivered to security professionals as a simple, browser-based application. Many of these capabilities are also accessible programmatically via read APIs and can be triggered from other security tools.

  • Security & Compliance - As a specialized, private layer built over core Google infrastructure, Google SecOps inherits compute and storage capabilities as well the security design and capabilities of that infrastructure.

This integration provides the ability to investigate IP addresses, IPv6 addresses, domain names, MD5 hashes, SHA-1 hashes, and SHA-256 hashes and receive verdicts and judgments within Cisco XDR.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the Google SecOps integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The Google SecOps integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Google SecOps integration in Cisco XDR.

You can perform the following task after you integrate Google SecOps with Cisco XDR:

  • Investigations - Start a new investigation into any combination of IP addresses, IPv6 addresses, domain names, MD5 hashes, SHA-1 hashes, and SHA-256 hashes and the results will include any records of them found in your Google SecOps. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know Google SecOps has recent information. For details, see Investigate.