Security Operations at the Speed and Scale of Google
Chronicle is a cloud-based SIEM and SOAR solution for enterprises, leveraging Google’s robust infrastructure, aimed at securely storing and analyzing large amounts of security and network telemetry data. With Chronicle, you get fast and insightful analysis of risky activity through data normalization, indexing, correlation, and analysis. The beauty of Chronicle lays in its subscription model, which is asset-based, meaning that you could ingest Petabytes of data without seeing your costs increase.
Empower your security team with the ability to retrospectively examine months or even years of security information for your enterprise with ease. Search all domains within your organization, or zoom in on specific assets, domains, or IPs to detect any potential security breaches.
Chronicle ingests security telemetry through methods such as a forwarder, ingestion APIs, and third-party integrations. It provides a browser-based application and programmatic Read APIs for security analysis. Chronicle is built on Google’s infrastructure, inheriting its security design and capabilities.
The Power of Google Chronicle
Google Chronicle is a powerful tool because it provides a comprehensive solution for security analysis and incident response. The platform ingests a variety of security telemetry data and presents it in an easy-to-use interface. Some of Chronicle’s capabilities include:
- Vast Search Capabilities with Raw Logs and Regular Expressions
- In-Depth Investigative Views of Users / Assets / IPs / Domains / Hashes
- Advanced Correlation and Pattern Recognition
- Aggregated Enterprise Insights
- Automated Search for Security Issues with the Chronicle Detection Engine
- Threat Intelligence Context with the integration of VirusTotal
- Prioritized Investigations via the Asset Insight Blocks
- Custom Alert Creation in the Yara-L 2.0 language
- Customizable Dashboards and Organized Security Information
- Launch from Anywhere with Google Chrome Chronicle Extension