Data ingestion to Google Security Operations overview

The following diagram illustrates how your security data can flow into Google Security Operations and how Google Security Operations handles that data and prepares it for analysis using the Google Security Operations user interface.

Flow and processing of customer security data to Google Security Operations

Google Security Operations processes customer security data as follows:

1. Google Security Operations retrieves security data stored in a cloud service (such as Amazon S3 or Google Cloud). The data is encrypted while in transit to Google Security Operations.
2. Google Security Operations logically segregates and stores your security data into your account in an encrypted form. Data is accessed by the customer only, plus a limited number of Google personnel as necessary to support, develop, and maintain the product.
3. Google Security Operations parses and validates the raw security data, making data easier to process and display.
4. Google Security Operations indexes the data to make it easier to search.
5. Google Security Operations stores parsed and indexed data in an encrypted form within each account.
6. You log in to your account to search and review your security data.
7. Google Security Operations searches for matches between your security data and the VirusTotal malware database. In a Google Security Operations event view, such as Asset view, click VT Context to display information from VirusTotal. Your security data is never shared with VirusTotal.