Community Security Analytics (CSA) Logo

Community Security Analytics (CSA)

0
Free
Visit Website

As organizations go through the Autonomic Security modernization journey, this repository serves as a community-driven list of sample security analytics for auditing cloud usage and for detecting threats to your data & workloads in Google Cloud. These may assist detection engineers, threat hunters and data governance analysts. CSA is a set of foundational security analytics designed to provide organizations with a rich baseline of pre-built queries and rules that they can readily use to start analyzing their Google Cloud logs including Cloud Audit logs, VPC Flow logs, DNS logs, and more using cloud-native or third-party analytics tools. The source code is provided as is, without warranty. See Copyright & License below. Current release include: YARA-L rules for Google Security Operations SQL queries for BigQuery SQL queries for Log Analytics The security use cases below are grouped in 6 categories depending on underlying activity type and log sources: 🚦 Login & Access Patterns 🔑 IAM, Keys & Secrets Admin Activity 🏗️ Cloud Provisoning Activity ☁️ Cloud Workload Usage 💧 Data Usage ⚡ Network Activity To learn more about the variety of Google Cloud log

FEATURES

ALTERNATIVES

A library of Amazon S3 attack scenarios with mitigation strategies.

Real-time, container-based file scanning system for threat hunting and incident response.

Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.

A tool for identifying potential security threats by fetching known URLs and filtering out URLs with open redirection or SSRF parameters.

A PowerShell module for threat hunting via Windows Event Logs

API for querying domain security information, categorization, and related data.

A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.

An IOC tracker written in Python that queries Google Custom Search Engines for various cybersecurity indicators and monitors domain status using Google Safe Browsing APIs.