In this session, we'll explore Google Cloud security controls and how to export security findings from Cloud Security Command Center and asset changes from Cloud Asset Inventory into Splunk Enterprise or Splunk Cloud for further forensic analysis, incident resolution and compliance monitoring.
We’ll show how GCP events, alerts and other data sources fit into the Splunk Enterprise Security SIEM framework, and how to comprehensively investigate a security event.
We’ll also demonstrate how to respond to Google Cloud security events from Enterprise Security using Splunk Phantom automated playbooks, and how to set up automation for the high fidelity security detections provided by Cloud Security Command Center.