Security Operations Suite arrow_forward expand_more
Solutions arrow_forward expand_more
Why Chronicle arrow_forward expand_more
Resources arrow_forward expand_more
Security Operations Suite arrow_forward expand_more
Solutions arrow_forward expand_more
Why Chronicle arrow_forward expand_more
Resources arrow_forward expand_more
Mandiant is now part of Google Cloud. Learn more.
Google on SecOps
A blog helping you win at security operations through best practices, new ideas, product updates, and more.
October 13, 2022
Chronicle Security Operations launch: 3 things to know
September 22, 2022
New to Chronicle: Rule outcomes
September 1, 2022
Recapping Siemplify SOAR's biggest summer updates
October 3, 2022
Meet Google's detection and response team in HACKING GOOGLE, a new six-part docuseries
All the latest
Click for Chronicle's RSS feed
Filter topics:
April 20, 2021
New Chronicle integrations with leading SOAR platforms
As enterprises look to more efficiently manage the incident response process, Security Orchestration, Automation, and Response (SOAR)…
May 10, 2022 / by Dan Trotman
Partnering in Europe to outsmart digital adversaries: Managed security providers and Google Cloud Security

Google Chronicle and EMEA-based MSSP Hunt & Hackett have partnered to deliver advanced managed detection and response services.

August 16, 2018 / by Nimmy Reichenberg
What you should know about driving down MTTD and MTTR

This is a primer on how to effectively connect people, process and technology to minimize MTTD and MTTR.

December 7, 2022 / by Dan Kaplan
How threat detection and incident response compare and contrast between cloud and on-premises

Juxtapose detection and response in the cloud versus on-premises, and you'll find many big differences—but also quite a few, perhaps surprising, similarities. What should your SecOps team expect to encounter in this fast-growing domain?

December 16, 2021 / by Rick Correa, Sharat Ganesh
Detecting and responding to Apache “Log4j 2” using Google Chronicle

In this post, we will share how customers can detect and respond to Log4j 2, and discuss solutions available to Chronicle customers to manage the risk of the Apache “Log4j 2” vulnerability (CVE-2021–44228 and CVE-2021–45046).

October 12, 2020 / by Anton Chuvakin
Why is Threat Detection Hard?
October 5, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Incident response [Video]

In this episode of "Fastest Two Minutes in SecOps," Chronicle Security Specialist Rishalin Pillay breaks down the role of the SOC practitioner during an unfolding incident.

March 16, 2022 / by Mike Hom, Travis Lanham
Powering Security Operations with context-aware detections, alert prioritization and risk scoring in Google Chronicle.
July 6, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Cloud security [Video]

How can you succeed in the cloud’s new detection (and response) context, architect a more resilient cloud, keep SOC teams less frustrated and more upbeat, and most of all leverage the cloud to kickstart your security operations transformation? In this video, Herald boils down a very big conversationcloud securityinto something salient and actionable. Enjoy!

September 21, 2022 / by Dan Kaplan
3 key signs your managed security provider is prepared to detect and respond to cloud threats

As you canvas the growing pool of MDR options, here are some worthy questions you can ask to see how they stack up in their ability address cloud threats, summarized from a recent episode of the Cloud Security Podcast from Google.

October 10, 2022 / by John Stoner
New to Chronicle: Matching with regular expression functions

Since this is our first step in functions in Chronicle SIEM, we will provide a brief overview of them in general, with a focus on matching using regular expression functions.

December 1, 2022 / by John Stoner
New to Chronicle: Regular expressions and reference lists

Today, we are going to continue to expand our repertoire by introducing reference lists as well as a pair of functions for case conversion.

October 11, 2021 / by Rajesh Gwalani
Investigate threats surfaced in Google Cloud’s Security Command Center using Chronicle

Today we’re excited to announce a brand new integration between Chronicle and Security Command Center, Google Cloud’s security and risk management platform.

August 11, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Autonomic Security Operations [Video]

What if your SOC were able to regulate and improve itself like your nervous system does? That's the goal of Autonomic Security Operations and its continuous detection and response loop, explains our Steve Meckl in the latest "Fastest Two Minutes in SecOps" episode.

March 25, 2020 / by Anton Chuvakin
So, Chronicle, Are You a SIEM?
July 11, 2022 / by Dan Kaplan
How Chronicle SIEM can help augment your SOC stack [New paper]

Introducing a new paper conveying the value of Google Chronicle augmentation, designed for organizations experiencing detection and response blind spots, namely limited visibility into security telemetry, scalability challenges, and inconsistent response capabilities.

October 20, 2022 / by John Stoner
New to Chronicle: Capturing strings for additional analysis

The "New to Chronicle" series recently introduced you to regular expressions to identify matches in events through the use of the re.regex function as well as using the forward slash notation around a string to compare it to a field. Now we show you how to build on top of those concepts.

November 2, 2022 / by Ivan Ninichuck
How to kickstart automation for your security operations

Moving from manual to automated workflows within the context of detection and response is a naturally desired transition for SOC teams. But before you streamline, there are a few things to consider.

May 23, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Top SOC Challenges [Video]

A brand-new Google Cloud Security video series launches, coverings all things security operations. The premier episode of "Fastest Two Minutes in SecOps" addresses top SOC challenges.

August 18, 2022 / by John Stoner
New to Chronicle: Single event rules

Ingesting and searching data is important, but if you cannot generate detection events, analysts are left with petabytes of data to search through without a specific focus or prioritization. John Stoner introduce you to Chronicle’s rules engine and explore the capabilities it provides.

October 6, 2022 / by Dan Kaplan
Your security operations playlist and how to register for Google Cloud Next 2022

Within the detailed 39-session "Secure" track, you can choose your own learning adventure. Three Google Next '22 talks, though, stand out as being especially pertinent to security operations professionals, the specialists tasked with detecting and responding to cyber threats across on-premises and cloud environments.

February 22, 2022
Join us for Google Cloud Security Talks: Threat Detection & Response Edition

Learn about everything related to threat detection, investigation and response in our Q1 2022 Google Cloud Security Talks.

October 26, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Threat hunting [Part 2] [Video]

In Part Two of our "threat hunting" episode, Google Cloud Principal Security Strategist John Stoner offers three approaches you can consider when jumping into a hunt and why having a strategy—including the day you start the hunt—matters.


March 5, 2020
One Year…and Counting!
With RSA 2020 upon us, it’s been one year since we announced our security analytics platform. We decided to start by doing one thing…
July 26, 2022 / by Dan Kaplan
What it means to do threat detection, investigation, and response in the cloud [New paper]

Cloud applications and infrastructure are different to defend than on-premises environments. This new whitepaper will guide security operations teams through the distinctions, nuances, and opportunities presented by the cloud.

September 12, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Threat hunting [Part 1] [Video]

In this episode of “Fastest Two Minutes in SecOps,” Google Cloud Principal Security Strategist John Stoner introduces you to the benefits of hunting, and also offers words of caution for teams who may rush into the practice before other competencies of their detection and response are sufficiently built out.

September 27, 2021 / by Amos Stern
Understanding SOC team roles and responsibilities

Security operations center roles and responsibilities are fairly straightforward, but distinct in their requirements.

April 15, 2020
Working with ElevenPaths

This morning, Telefonica’s ElevenPaths announced its collaboration with Chronicle, to begin building new managed security services. MSSPs…

June 14, 2022 / by Anton Chuvakin
A simple SOAR adoption maturity model

Many cybersecurity technologies and disciplines have maturity models, but there are limited frameworks for security operations teams assessing the growth of their SOAR deployment. Now we have one for you to use.

June 15, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Ransomware [Video]

In the latest episode of "Fastest Two Minutes in SecOps," Diaz tells security operations professionals everything they need to know about how ransomware is evolving and key pointers to consider in a detection and response strategy.

October 6, 2021 / by Dan Kaplan
8 best practices for secure remote work access

While remote work offers many benefits to companies, it presents special security challenges that are not present in traditional office environments. This post identifies those challenges, explains how they change the nature of cybersecurity requirements and offers tips on how to secure remote access.

June 2, 2022 / by Sharat Ganesh, Josh Karp
How cybersecurity technology providers can harness Google Cloud’s security technologies with a new OEM partner program

Google Cloud Security’s OEM Partner Program accelerates technology partner innovation with Chronicle and VirusTotal capabilities.

September 7, 2022 / by Chris Martin, Sharat Ganesh
Security Analyst Diaries #5: GeoIP enrichment on Chronicle SecOps

Dear diary, it's all about location, location, location. And Chronicle's GeoIP functionality delivers a simple and powerful use case to drive context-rich alarms within the SOC and detect login compromises.

August 4, 2021 / by Rajesh Gwalani
Introducing brand new visualizations in Chronicle

Today, we’re excited to announce that we’re bringing more industry-leading Google technology to security teams by integrating Chronicle with Looker and BigQuery.

April 5, 2022 / by Sharat Ganesh
How Managed Security Service Providers can accelerate their business with Google Cloud Security’s Partner Program using Google Chronicle

We are excited to announce our new Chronicle MSSP Program, which will offer MSSPs around the world the ability to provide scalable, differentiated, and effective detection and response capabilities with our cloud-native SIEM product, Chronicle.

May 6, 2021
Introducing Threat Intel for Chronicle
Today we’re excited to announce Google Cloud Threat Intelligence for Chronicle, a new applied threat intelligence service available to…
May 12, 2022 / by Dan Kaplan
Learn, connect, and be inspired at Google Cloud Security Summit 2022 [plus how to stream it live]

Google Cloud Security Summit happens Tuesday. Here is a look at what you can expect at the big virtual event for information security professionals.

May 7, 2022 / by Dan Kaplan
[Infographic] The SOC Ecosystem

This slick Google Cloud infographic illustrates how modern security operations centers are forging new and symbiotic connections within and outside the organization.

December 30, 2021 / by Dan Kaplan
9 security orchestration and automation benefits: How SOAR helps improve incident response

Integrating SOAR into your SOC can increase efficiency and effectiveness by correlating alerts from disparate security devices, automating tasks, and providing playbooks for incident handling.

December 8, 2021 / by Dan Kaplan
Your security operations cheat sheet for Windows and Linux logs (and how to tie them to the MITRE ATT&CK Framework)

We compiled a cheat sheet of go-to Windows and Linux logs and and mapped them to key tactics and techniques of the MITRE ATT&CK framework.

November 7, 2020 / by Anton Chuvakin
Hearing from CISOs at Google Cloud and Beyond
April 20, 2021 / by Anton Chuvakin
Today, You Really Want Cloud Native SIEM Capabilities!

One thing I did not expect to see in 2021 is a lot of people complaining about how difficult their SIEM is to operate. Let’s explore this topic for the (n+1)-th time.

November 18, 2021 / by Anton Chuvakin
New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center”

It is with much excitement that we release a new paper about transforming your security operations, published under the Office of the CISO at Google Cloud.

June 27, 2022 / by Dan Kaplan
How to think about cloud threats today

In the cloud, are these new threats, or old and familiar threats against relatively new assets? What does the future potential hold for your adversaries? And what can your security operations team do to get ahead of this fast-moving landscape?

August 2, 2022 / by Dan Kaplan
[Infographic] Have your SIEM ... and augment it too

If you make the wise decision to augment your SIEM with Chronicle, here are three compelling use cases illustrated that will help you achieve affordability, scalability and better response.

May 27, 2021 / by Matthew Svensson
How to dynamically correlate Google Cloud Compute Engine instance network traffic using Chronicle
Following up from last week’s blog post on why network security telemetry matters today, our guest author Matt Svensson, a Senior Security…
August 24, 2022 / by Dan Kaplan
How Google detects and responds to threats across its network

Charged with leading Google's internal Security Surveillance Team, Tim Nguyen oversees a massive throng of entry points and attack surface. He presents a rare look into how an internal security operations group prioritizes its mission.

April 29, 2022 / by Nimmy Reichenberg
Gartner SOAR Magic Quadrant: When, where, and how?

In this post, we will, however, attempt to provide insights on what a magic quadrant might look like for SOAR and what basis could be used for rating SOAR platforms.

May 15, 2020 / by Dan Kaplan
What is SIEM? The roadmap to a better SOC

Security information and event management (SIEM) tools are used to help enable just that—gathering critical machine-generated data, measuring threats, generating alerts and supporting IT security personnel with aggregations, charts and dashboards to highlight and prioritize events or deficiencies.

September 27, 2022 / by Chris Martin, Sharat Ganesh
Security Analyst Diaries #6: Finding the proverbial needle in a haystack with Chronicle SIEM's domain prevalence

Prevalence has been a core feature of the Chronicle Security Operations suite since its inception. It provides the capability to build a unique baseline of network accesses commonality, and is used by security analysts to quickly determine unusual or beaconing activity. 

February 4, 2022 / by Chris Martin
Security Analyst Diaries: Detecting GCP CIS control violations with native GCP Cloud Audit Logging…

For our first diary entry we wanted to highlight key feature favorites this particular customer loved...

April 29, 2021
New SOC Prime detection rules available in Chronicle

The Chronicle team is excited to release new SOC Prime detection rules, now available to use in the Chronicle Detect rules engine.

May 12, 2021
Introducing Chronicle Detect

Modern detection for modern threats...

November 7, 2022 / by John Stoner
New to Chronicle: The replacements

Everything is replaceable...well except for Chronicle's replace function, a critical capability that takes a string, matches some or all of the string using a regular expression, and then replaces it with some other value. Let's dive in!

May 14, 2021 / by Anton Chuvakin
Why your network security telemetry matters
May 17, 2022 / by Kristen Cooper
Introducing SOAR for the age of anywhere operations

The latest release of Siemplify SOAR sets you up with the building blocks you need—cloud infrastructure, automation, collaboration, and analytics—to take your response to the next level.

May 31, 2022 / by Kristen Cooper
Three ways to stay one step ahead in a competitive MSSP market

Introducing the Siemplify (now part of Google Cloud) MSSP SecOps Program, which is uniquely poised to offer customers a new way to think about the SOCfrom insights to risk reduction to help with the maturity lifecycle for the enterprise.

November 16, 2022 / by John Stoner
New to Chronicle: A new view for search

We’ve got more to talk about with rules, but today, we are going to take a break from rules and talk about search.

March 30, 2021
Predictive Analytics for Cyber in Enterprises: Setting the PACE with Google Cloud Chronicle and…
As more organizations embrace hybrid, multi-cloud environments and a work-from-anywhere model, security teams are realizing they operate…
August 4, 2020
Building a Modern Endpoint Architecture with Tanium
Today, we are announcing an expanded partnership with Tanium, which includes joint solutions between Tanium Threat Response and Chronicle…
May 19, 2022 / by Dan Kaplan
How to power up your SOC training to improve detection, investigation, and response

SOC training is an important way to not only make analysts better prepared to battle adversaries, but also to make them know leaders are investing in their skills and giving them an opportunity to grow. Here is how to get it right.

August 4, 2022 / by Chris Martin, Sharat Ganesh
Security Analyst Diaries #4: Detection and Response on Google Workspace with Chronicle

Discover how Chronicle provides native integrations for Google Workspace, a modern productivity and collaboration suite.

May 14, 2021 / by Anton Chuvakin
Q&A Blog: Trends for the Modern SOC
August 1, 2022 / by John Stoner
New to Chronicle: Unified data model

As part of the "New to Chronicle" series, our John Stoner walks you through Chronicle's unified data model schema and how it empowers your analysis and decision-making.

September 6, 2022 / by John Stoner
New to Chronicle: Multi-event rules

The "New to Chronicle" series carries on with another primer into rules, this one focusing on building multi-event rules to enhance your SIEM coverage.

No results found
Let’s work together
Ready for Google-speed threat detection and response?
Contact us