Getting Started with UEBA for GCP
Netskope Public Cloud Security provides behavior analytics capabilities to detect anomalies in user activities across your GCP public cloud. Netskope analyzes Google Cloud Logging logs to identify anomalies. Netskope provides the following anomoly detections:
First access to a region for a user or tenant.
First access from IP block for a user or tenant.
First access to a service for a user or tenant.
First access to a service account, service principal, or an IAM role for a user.
Spike in access errors for a user.
Spike in the number of objects downloaded from object storage.
Spike in number of deletion of files from object storage.
Spike in deletes of resources.
To set up UEBA for GCP, you need to:
Enable the Stackdriver feature on your Netskope tenant.
Note
This is a beta feature. Contact your Netskope sales representative to enable it on your tenant.
Configure Stackdriver for a GCP organization, folder, or project.
To learn more: Configure Google Cloud Platform for Cloud Logging.
Enable Rule-Based and ML Based policies to review user behavior.
To learn more: Behavior Analytics Policies