Security Operations
Overview
This documentation outlines the configuration process for Google Security Operations (SecOps) to transfer data to AlphaSOC for analysis. Through this integration, the network telemetry ingested by GCP SecOps can be used for security monitoring and threat detection.
To enable data log transfers:
- Enable SecOps data export in your GCP SecOps instance.
- Follow AlphaSOC's guide for Collecting data through GCS.
After completing the setup and transferring telemetry, the data can be processed by AlphaSOC for analysis.
Enabling SecOps data export
In the Google SecOps instance, navigate to SIEM Settings > Data Export.
Click on the Edit button, enable UDM then click on the Save button. Exports should begin in less than an hour.
After that in Google Cloud console open project where Google SecOps instance is located. Navigate to Cloud Storage > Buckets.
The name of the bucket used for exports should start with your Project ID followed by -v2-bq- and random UUID. It can be used for collecting data using GCS.
Further Reading
To learn more about data export from Google SecOps, please refer to official Google Documentation: Configure data export to BigQuery in a self-managed Google Cloud project.