Incident Response Simulation and Log Analysis with BigQuery

Recreated a high-severity security incident in a controlled test environment, generated and exported logs, and used BigQuery to analyze malicious activity and understand incident response workflows.

Step 1

Recreated a security incident

Step 2

Exported logs via sink

Step 3

Generated additional user activity

Step 4

Steps

Step 1: Recreated the security incident by generating malicious activity from a test user account.

Step 2: Exported logs via sink associated with the incident for offline analysis.

Step 3: Generated additional user activity to further simulate the incident scenario.

Step 4: Used BigQuery to analyze the logs, identify indicators of compromise, and understand attacker behavior.

Tools

Google Cloud Logging, BigQuery, IAM

Frameworks

NIST Incident Response Lifecycle, Cloud Threat Detection & Response

Standards

ISO 27001, NIST CSF