Upstream Seamlessly Integrates with Google SecOps

JONATHAN MICHAELI

Senior Product Manager

October 29, 2024

As a comprehensive cybersecurity solution designed specifically for the automotive and smart mobility ecosystem, Upstream offers unparalleled protection against cyber threats targeting connected vehicles, mobility applications, and devices.

By deploying on Google Cloud, Upstream leverages native Google Cloud services–including BigQuery–enhancing its ability to deliver robust and scalable cybersecurity solutions. In addition, Upstream’s unique GenerativeAI layer, Ocean AI, can be deployed directly in customers’ Google Cloud environment to empower the vehicle SOC (vSOC) with efficiencies and optimizations to manage attacks at scale.

In addition to leveraging the scale of Google Cloud, customers also benefit from enhanced resilience by adding Upstream’s alerts and cybersecurity insights to Google Security Operations. Through Google Security Operations, customers can realize a comprehensive enterprise-wide security operations approach to enhance insights, detections, and response capabilities across otherwise siloed organizations.

This technical integration helps effectively utilize a shift-left approach by ensuring cross-organizational visibility and proactive mitigation for emerging cyber risks across business, manufacturing, and operational systems.

This guide provides step-by-step instructions for setting up the Upstream Google SecOps integration.

1. Configure the Google SecOps Feed

  1. Navigate to the Settings page in your Google SecOps dashboard
  2. Select “Feeds” from the menu
  3. Click on “Add new feed”
  4. Set up the feed with the following parameters:
    • Feed Name: Choose a descriptive name for your feed
    • Source Type: Select “Webhook”
    • Log Type: Choose “Upstream Vehicle SOC Alerts”
    • Input Parameters: Set the delimiter as UPSTREAM_END_EVENT
  5. Complete the feed creation process; you will generate a secret key in the next step

2. Generate Google SecOps Secret Key and API Key

Generate Secret Key

After saving your feed, you’ll be prompted to generate a secret key. Copy this key and store it securely, as you’ll need it for the integration.

Generate API Key

To generate an API key, follow these steps:

  1. Go to the Google Cloud Console
  2. Navigate to “APIs & Services” > “Credentials”
  3. Click on “Create Credentials” at the top of the page
  4. Select “API Key” from the dropdown menu
  5. Your new API key will be created; make sure to copy it and store it securely

3. Copy the Google SecOps URL for Integration

  1. After creating the feed, go back to the Feeds section
  2. Locate the feed you just created and click on it to view its details
  3. Look for the “Endpoint Details” field. This will contain the URL you need for the integration
  4. Copy the entire URL

4. Complete the Integration in Upstream

  1. Navigate to the Upstream Actions page
  2. Click “Add Action”
  3. Choose Google Security Operations Integration
  4. Paste the URL you copied from the “Endpoint Details” into the appropriate URL Field
  5. Enter the secret key and API key you generated earlier in their respective fields
  6. Ensure that UPSTREAM_END_EVENT is set as the delimiter for each event message in your Google Security Operation configuration
  7. Now that the new Action has been created, you may add it to any Upstream Detector that you want to send Alerts to Google SecOps

Additional Resources

Newsletter Icon

The After-Sales Quality Report, Zooming in on the Power of AI

Newsletter Icon

Subscribe
to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

Rethinking the Perimeter: The Hidden Blast Radius of “Harmless” Endpoints

As SOC executives navigate an era of autonomous AI agents, complex machine-to-machine integrations, and Model Context Protocol (MCP) servers, we must accept a harsh architectural…

Read more

Behavior and Kinetic Impact Define the New AI Security Paradigm

For decades, enterprise cybersecurity has been obsessed with lines in the sand. We built walls around networks, drew perimeters around systems, and gated access to…

Read more

Rethinking the Perimeter: BOLA and the Illusion of the Legitimate Request

As SOC executives navigating an era of autonomous AI agents, complex machine-to-machine integrations, and Model Context Protocol (MCP) servers, we must accept a harsh architectural…

Read more

The New Front Lines: Navigating the EU’s 2026 Mandate for Connected Vehicle Security

The automotive industry has reached a definitive “point of no return.” In the first half of 2026, the EU’s NIS Cooperation Group released its seminal…

Read more