Community-driven detection content for Google SecO...

matthewnichols · 03-05-2025 01:30 PM

A few members of the Google Cloud Security Community have expressed interest in sharing detection content with each other to build a stronger collective defense against threats.

We’re pleased to announce that our GitHub repository that contains a collection of rules compatible with Google's SecOps detection engine has been revitalized and we’re ready to collaborate on contributions from the user community.

Here’s how to get involved:

Learn more about this project in the blog, Community-Driven Detection Content for Google SecOps
Watch the YouTube video for a helpful walk-through of how to contribute

We look forward to building together!

maxjunker

Great news—I’m really excited about this initiative!

To be honest, I've felt Google SecOps has been trailing other SIEM vendors for quite some time, especially in terms of available detection content. The Curated Detections have been helpful as a starting point but leave some significant coverage gaps. For instance, critical areas like Active Directory have essentially no out-of-the-box detections, and smaller MSSP struggle to fill these gaps without a large team of dedicated detection engineers.

That's why I’m genuinely looking forward to seeing this community-driven project grow. Having more shared detection content would make a huge difference and I'm definitely interested in contributing.

Thanks for kicking this off!

matthewnichols

@maxjunker Glad you're excited about this. We are too! Cant wait for you to jump in and contribute. And that goes for all Community members! Thanks

New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps

Community-driven detection content for Google SecOps. Calling all defensive practitioners!