Google Cloud Incident Response Cheat Sheet
Google Cloud Platform Forensics provides a comprehensive overview of incident response in GCP, including logs for threat hunting and incident response, log analysis, and admin console cloud logging. It involves understanding existing infrastructure and investigating malicious activity derived from control plane activity. The tool provides five categories of forensic data, including alerts, logs, configurations, reports, and service data, and utilizes GCP native tooling such as Security Command Center, Logs Explorer, BigQuery, Metrics Explorer, Policy Analyzer, and Asset Inventory. The tool tracks various logs, including Admin, User, OAuth, SAML, Groups, and Security logs, which can be used for threat hunting and incident response. These logs provide valuable insights into API calls, user events, and configuration changes, enabling effective incident response and threat hunting in GCP environments.
FEATURES
SIMILAR TOOLS
Comprehensive tutorial series on ARM Assembly covering various topics.
Best practices for corporate network segmentation to protect against basic targeted attacks
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
HTB Academy offers guided cybersecurity training with industry certifications to help you become a market-ready professional.
A comprehensive guide to investigating security incidents in popular cloud platforms, covering essential tools, logs, and techniques for cloud investigation and incident response.
A vulnerable web application for learning about web application vulnerabilities and writing secure code.
A comprehensive guide to mobile application penetration testing, covering various topics and techniques
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.