25
3.0.0
Zurich, Yokohama, Xanadu
Integration
Quickly respond to security incidents by integrating Google SecOps threat detection and investigation with ServiceNow Security Operations.
Google SecOps, part of Google Cloud, is a security analytics platform for threat detection, investigation and hunting. With Google SecOps, enterprises can ingest all their security telemetry at a fixed cost into a private cloud container and retain it for a full year. Google SecOps enriches raw security events with correlated information on users, assets and threat indicators.
Using the Google SecOps app, you can send security incidents to ServiceNow Security Operations to simplify incident response. When IOCs, alerts related to enterprise assets/users or malicious domains are detected, incidents are generated in Security Operations for immediate follow-up.
- Ability to create Security Incidents from Google SecOps Alerts, IoC Matches, Detection Alerts and Curated Detection Alerts
- Automatically assign Security Incidents to ServiceNow groups based on the specified criteria
- Create filters to get fine grain control over deciding which alerts and matches are converted into Security Incidents
- Manage reference list.
- Perform UDM Query search.
- Manage Data table.
- Zurich version compatibility
- Support for api version V1Alpha.
- Support for Data tables:
- Create a data table
- Fetch a data table
- Update a data table
- Delete a data table
- Security Incident Response plugin is required
- Google SecOps Service Account JSON for authentication.