Quickly respond to incidents by integrating Google SecOps threat detection and investigation with the security orchestration engine.
Google SecOps, part of Google Cloud, is a security analytics platform for threat detection, investigation and hunting. With Google SecOps, enterprises can ingest all their security telemetry at a fixed cost into a private cloud container and retain it for a full year. Google SecOps enriches raw security events with correlated information on users, assets and threat indicators.
Using the Google SecOps app, you can send incidents to ServiceNow ITSM to simplify incident response. When IOC alerts related to enterprise assets or malicious domains are detected, incidents are generated in ITSM for immediate follow-up. The Google SecOps integration also provides enrichment details and seamless detailed lookup directly from the ITSM interface.
- Ability to create Incidents from Chronicle Alerts, IoC Matches, Detection Alerts and Curated Detection Alerts
- Automatically assign Incidents to ServiceNow groups based on the specified criteria
- Create filters to get fine grain control over deciding which alerts and matches are converted into Incidents
- Manage reference list