16
2.2.0
Yokohama, Xanadu
Quickly respond to security incidents by integrating Google SecOps threat detection and investigation with ServiceNow Security Operations.
Google SecOps, part of Google Cloud, is a security analytics platform for threat detection, investigation and hunting. With Google SecOps, enterprises can ingest all their security telemetry at a fixed cost into a private cloud container and retain it for a full year. Google SecOps enriches raw security events with correlated information on users, assets and threat indicators.
Using the Google SecOps app, you can send security incidents to ServiceNow Security Operations to simplify incident response. When IOCs, alerts related to enterprise assets/users or malicious domains are detected, incidents are generated in Security Operations for immediate follow-up.
- Ability to create Security Incidents from Google SecOps Alerts, IoC Matches, Detection Alerts and Curated Detection Alerts
- Automatically assign Security Incidents to ServiceNow groups based on the specified criteria
- Create filters to get fine grain control over deciding which alerts and matches are converted into Security Incidents
- Manage reference list
- Added "UDM Search" UI action for SIR Admins to run custom queries from incidents.
- Enabled creation of observables directly from alerts.
- Expanded support with additional fields for field mapping.
- Added support for field translation to support data processing during ingestion.
- Rebranded integration to "Google SecOps ITSM".
- Security Incident Response plugin is required