Managing Security Incidents with Google Cloud Security Operations

ADVANCED

195 minutes

5 tasks

In this advanced lab, you will simulate a security incident in a fictional company and perform containment, investigation, and response. You will leverage Google Cloud Security Operations tools such as Security Command Center (SCC), Chronicle SIEM, and SOAR to manage the incident lifecycle. The goal is to reflect real-world scenarios where you need to respond to threats swiftly and efficiently while ensuring compliance and minimal disruption to business operations.

Scenario

You are a Security Operations Engineer at a large e-commerce company, "E-Shop Inc.". The company relies heavily on its online presence, which processes thousands of transactions per minute. Suddenly, you notice suspicious activities indicating potential data breaches. Your task is to investigate the incidents using Google Cloud's security tools, contain the threats, and ensure the secure operation of E-Shop Inc.'s services.

Learning Objectives

Investigate security incidents using Google Cloud's Security Operations tools.
Implement a response strategy leveraging Security Command Center and Chronicle SIEM.
Develop automated playbooks and implement case management workflows in SOAR.
Perform root cause analysis and containment strategies to mitigate threats.

tasks (5)

task 1: Set up Google Cloud Security Operations infrastructure

45 min

task 2: Investigate security incidents using Chronicle SIEM

40 min

task 3: Implement an automated SOAR playbook for incident response

50 min

task 4: Conduct a root cause analysis and prepare a remediation plan

30 min

task 5: Optimize the incident response process with Google Security tools