To monitor the organization's cloud logging stream and detect security breaches, Veronica Lauren can utilize the Event Threat Detection service within Google Security Command Center.
* Event Threat Detection: This built-in service of Google Security Command Center is designed to monitor cloud logs across multiple projects and detect threats such as malware, brute force SSH attempts, and cryptomining1. It uses threat intelligence and advanced analytics to identify and alert on suspicious activity in real time.
* Functionality:
* Log Analysis: Event Threat Detection continuously analyzes the logs generated by Google Cloud services.
* Threat Detection: It automatically detects the presence of threats like malware, SSH brute force attempts, and cryptomining activities.
* Alerts and Findings: When a potential threat is detected, Event Threat Detection issues findings
* that are integrated into the Security Command Center dashboard for further investigation.
* Why Not the Others?:
* Web Security Scanner: This service is primarily used for identifying security vulnerabilities in web applications hosted on Google Cloud, not for monitoring logs for security breaches.
* Container Threat Detection: While this service is useful for detecting runtime threats in containers, it does not provide the broad log analysis capabilities that Event Threat Detection offers.
* Security Health Analytics: This service provides automated security scanning to detect misconfigurations and compliance violations in Google Cloud resources, but it is not specifically focused on the real-time threat detection provided by Event Threat Detection.
References:
* Security Command Center overview | Google Cloud1.