Event Threat Detection (ETD) findings in SCC Premium now leverage IOCs derived from Mandiant’s frontline incident response and threat intelligence.  

SCC Premium customers automatically take advantage of this coverage without making any changes. By integrating these IOCs into SCC Premium, customers automatically get broader coverage for existing ETD rules like:

• Malware: Bad IP
• Malware: Bad Domain 
• Malware: Bad Cryptomining IP
• Malware: Bad Cryptomining Domain 
• Evasion: Access from Anonymizing Proxy

ETD offers a broad range of rules to detect suspicious activity in your GCP environment.  By ingesting flow logs and DNS queries, ETD rules detect communication with malicious IPs or domains.  ETD rules also detect other suspicious behavior like communication with cryptomining infrastructure or anonymizing proxies.  With Mandiant Threat Intelligence now integrated into SCC Premium, the coverage of these findings is expanded.

In a future post, we will instrument these findings in SCC Premium to demonstrate Event Threat Detection in more detail.

To learn more about Event Threat Detection with SCC Premium, please see our comprehensive guide here.