Leveraging Threat Intelligence with Google Cloud Security

ADVANCED

150 minutes

5 tasks

In this advanced lab, you'll explore how to leverage Google Cloud Threat Intelligence (GTI) feeds to enhance threat detection and response within a fictitious company, CloudProtect Inc....

Scenario

CloudProtect Inc., a cloud-native security monitoring company, is expanding its operations to leverage Google Cloud's Threat Intelligence capabilities. The company aims to create advanced detection rules and integrate GTI feeds to proactively identify potential threats across its cloud environment.

Learning Objectives

Develop advanced search queries for threat detection using Google Cloud logs.
Integrate Google Threat Intelligence feeds with Security Operations tools.
Create detection rules based on threat intelligence for proactive threat hunting.

tasks (5)

task 1: Create a Google Cloud project for security operations

20 min

task 2: Integrate Google Threat Intelligence feeds into the Security Operations Console

30 min

task 3: Develop and apply detection rules using Google Cloud Security Operations

40 min

task 4: Conduct threat hunting session using retro-hunting for IOCs

35 min

task 5: Enhance real-time alerting using Cloud Monitoring

25 min

Prerequisites

•Basic understanding of Google Cloud Platform and IAM roles.
•Experience with security and threat detection concepts.

Skills Tested

Advanced threat hunting with Google Cloud technologies.Integration of threat intelligence feeds.Development of custom security detection rules.Automated threat detection and alerting.