Google Cloud announced the “Cloud Analytics Project” — a project that identifies security problems that are often encountered in cloud environments and summarizes the characteristics of the problems in a common format.
The project is run by the non-profit organization MITER Engenuity’s Center for Threat-Informed Defense and is co-sponsored by Google Cloud and several other companies.
Google Cloud and the Center for Threat-Informed Defense have been in partnership since 2021, working to develop open-source security analysis tools. The results will be published in the form of “Community Security Analytics (CSA)” in early 2022. The announced new project will be complementary to CSA.
The Cloud Analytics Project provides a file that summarizes “tactics, techniques and procedures (TTPs)” of attacks unique to the cloud in the form of Sigma rules that do not depend on specific vendors. Documents written in Sigma rules can be converted into query statements that can be used in analysis tools such as Google Chronicle Security, Elasticsearch, and Splunk by using tools.
The project results can be downloaded from the GitHub repository. And Google is asking for cooperation on this project, not only by using the deliverables but also by improving existing Sigma rule documents, creating new Sigma rule documents, and so on.