Upstream Seamlessly Integrates with Google SecOps

As a comprehensive cybersecurity solution designed specifically for the automotive and smart mobility ecosystem, Upstream offers unparalleled protection against cyber threats targeting connected vehicles, mobility applications, and devices.

By deploying on Google Cloud, Upstream leverages native Google Cloud services–including BigQuery–enhancing its ability to deliver robust and scalable cybersecurity solutions. In addition, Upstream’s unique GenerativeAI layer, Ocean AI, can be deployed directly in customers’ Google Cloud environment to empower the vehicle SOC (vSOC) with efficiencies and optimizations to manage attacks at scale.

In addition to leveraging the scale of Google Cloud, customers also benefit from enhanced resilience by adding Upstream’s alerts and cybersecurity insights to Google Security Operations. Through Google Security Operations, customers can realize a comprehensive enterprise-wide security operations approach to enhance insights, detections, and response capabilities across otherwise siloed organizations.

This technical integration helps effectively utilize a shift-left approach by ensuring cross-organizational visibility and proactive mitigation for emerging cyber risks across business, manufacturing, and operational systems.

This guide provides step-by-step instructions for setting up the Upstream Google SecOps integration.

1. Configure the Google SecOps Feed

1. Navigate to the Settings page in your Google SecOps dashboard
2. Select “Feeds” from the menu
3. Click on “Add new feed”
4. Set up the feed with the following parameters:
   • Feed Name: Choose a descriptive name for your feed
   • Source Type: Select “Webhook”
   • Log Type: Choose “Upstream Vehicle SOC Alerts”
   • Input Parameters: Set the delimiter as UPSTREAM_END_EVENT
5. Complete the feed creation process; you will generate a secret key in the next step

2. Generate Google SecOps Secret Key and API Key

Generate Secret Key

After saving your feed, you’ll be prompted to generate a secret key. Copy this key and store it securely, as you’ll need it for the integration.

Generate API Key

To generate an API key, follow these steps:

1. Go to the Google Cloud Console
2. Navigate to “APIs & Services” > “Credentials”
3. Click on “Create Credentials” at the top of the page
4. Select “API Key” from the dropdown menu
5. Your new API key will be created; make sure to copy it and store it securely

3. Copy the Google SecOps URL for Integration

1. After creating the feed, go back to the Feeds section
2. Locate the feed you just created and click on it to view its details
3. Look for the “Endpoint Details” field. This will contain the URL you need for the integration
4. Copy the entire URL

4. Complete the Integration in Upstream

1. Navigate to the Upstream Actions page
2. Click “Add Action”
3. Choose Google Security Operations Integration
4. Paste the URL you copied from the “Endpoint Details” into the appropriate URL Field
5. Enter the secret key and API key you generated earlier in their respective fields
6. Ensure that UPSTREAM_END_EVENT is set as the delimiter for each event message in your Google Security Operation configuration
7. Now that the new Action has been created, you may add it to any Upstream Detector that you want to send Alerts to Google SecOps

Additional Resources

• Google Cloud Console
• Feed Management API
• Authenticating Feeds