Make your analysts 10x more productive.
Tackle your toughest security challenges with our focused, pre-built applications.
THREAT DETECTION
Detect modern threats at Google speed and scale
Chronicle threat detection starts with its Unified Data Model (UDM), a comprehensive and extensible schema for any security relevant telemetry. Data sent to Chronicle’s UDM is enriched with context (asset, user, threat intelligence, and vulnerabilities) and correlation (IP to host for example). A powerful rules engine syntax (YARA-L) enables analysts to build detection rules for advanced and complex threats easily by operating on abstracted and enriched UDM data.

A library of extensible pre-built rules provides out of the box coverage for numerous malware variants, ransomware, trojans, suspicious behavior, MITRE ATT&CK techniques, lolbin attacks and more. Chronicle customers can also take advantage of detection rules and threat indicators from Google Cloud’s threat intelligence research team.
THREAT HUNTING AND INVESTIGATION
Quickly evaluate alerts and understand attack details
Triaging a stream of security alerts can wear out even the best analysts, causing them to miss real threats. That’s why Chronicle works at the speed of search, returning a full picture of the activity around an alert. Hunt for a domain, URL, file hash, or user name and see everything that led up to an incident, and everything after. Pivot, drill down, and zoom out to get the full story, all in a few seconds.

Chronicle’s threat investigation capabilities build on continuous, automated and retroactive correlation of all your security telemetry with a variety of threat intelligence sources. This includes context from VirusTotal; embedded threat intelligence sources including Proofpoint, DHS, Avast, and AVG; as well as customer provided threat intelligence feeds. With Chronicle, investigations and hunts that might have taken days to complete can be performed in seconds, making your analysts far more productive.
SECURITY VISUALIZATIONS
Create visual workflows backed by Google Cloud’s Looker and BigQuery technology
Chronicle’s Looker-based visualizations enable a multitude of security use cases such as monitoring, reporting, compliance, and data exploration. Security teams can access predefined Looker-driven dashboards out-of-the-box, and it’s also simple and straightforward to create your own visualizations from scratch based on a number of parameters.

Chronicle also integrates with BigQuery, making it easier than ever for analysts to leverage complex, massive security data sets to find problems faster and more easily. Chronicle customers can export petabytes of security telemetry into the highly scalable, cost-effective BigQuery data warehouse, introducing endless possibilities for security-driven data science.
Get in touch
The path to stronger, more affordable cybersecurity starts here. Contact us to request a demo, ask questions, or just say hi.
CTA_Arrow_WHITE Created with Sketch.
What's New
Stay up to date with Chronicle