Google SecOps Integration

Note: This integration requires Cisco XDR Advantage or Cisco XDR Premier licensing tier.

Google SecOps is a cloud service, built as a specialized layer on top of core Google infrastructure, designed so that enterprises can privately retain, analyze and search the massive amounts of security and network telemetry they generate today. Google SecOps normalizes, indexes, correlates, and analyzes the data - against itself and against third party and curated threat signals - to provide instant analysis and context regarding any risky activity.

Some of the platform's key functions:

  • Data Ingestion - Google SecOps can ingest a variety of telemetry types through a forwarder, an ingestion API, other cloud services like Amazon S3 Bucket and via integrations with 3rd party cloud APIs to facilitate ingestion of logs.

  • Data Analysis - The analytical capabilities of Google SecOps are delivered to security professionals as a simple, browser-based application. Many of these capabilities are also accessible programmatically via read APIs and can be triggered from other security tools.

  • Security & Compliance - As a specialized, private layer built over core Google infrastructure, Google SecOps inherits compute and storage capabilities as well the security design and capabilities of that infrastructure.

This integration provides the ability to investigate IP addresses, IPv6 addresses, domain names, MD5 hashes, SHA-1 hashes, and SHA-256 hashes and receive verdicts and judgments within Cisco XDR.