Google SecOps - 现代化资安维运平台

AI - Powered Capabilities

Examples

事件调查 

Investigation

Case & Search summarization

Natural language search

Contextual Investigation Assistance

Malware Analysis

“Show me all registry key changes for [machine] in the last week”

“Did any users with admin privileges download [file] from [domain] in the last month?”

“Are there similar cases/alerts?”

资安监控 

Detection

ML-based Confidence-score

Natural language detection rule creation

“Create a rule to detect [event] activity with a risk score of 75”

事件回应 

Response

Recommended response actions

Natural language playbook building

“Build a playbook for this alert that does… if X than do Y, otherwise do..”

Threat summaries

Natural language threat hunts

“Find IOCs related to [campaign] in my network”
“How do I find signs of MITRE ATT&CK Parent PID Spoofing?”