Topic: Detect attacks with Cloud IDS and block them with Cortex XSOAR by Palo Alto Networks
Speakers:
Dominique Pfeffer, Technology/ISV Partner Lead, EMEA, Google Cloud
Nana-Ampofo Ampofo-Anti, Systems Engineer Specialist, Palo Alto Networks
Where: Online
Part 1: Google Cloud IDS
In this section, you deploy Cloud IDS, a next-generation advanced intrusion detection service that provides threat detection for intrusions, malware, spyware and command-and-control attacks. You will simulate multiple attacks and view the threat details in the Cloud Console. You will create a Google Cloud Pub/Sub topic and a subscription. You will create log sink for Cloud IDS threat logs and send the threat logs to Pub/Sub topic.
Part 2: Deploy XSOAR playbook and block the attacks
In this section, you will prepare your Google Cloud environment for XSOAR, you will configure XSOAR pub/sub and Compute Engine integration instances at your XSOAR, you will deploy XSOAR IP Blacklist GCE Firewall playbook. You will repeat the attacks, viewing the threat details in the Cloud Console and observe XSOAR adds the attacker's IP address to the VPC Network firewall rule, therefore the attacks are blocked by the firewall rule.