Mandiant is now part of Google Cloud. Learn more.
Google on SecOps
A blog helping you win at security operations through best practices, new ideas, product updates, and more.
August 24, 2022
How Google detects and responds to threats across its network
August 18, 2022
New to Chronicle: single event rules
June 14, 2022
A simple SOAR adoption maturity model
August 11, 2022
Fastest Two Minutes in SecOps: Autonomic Security Operations [Video]
All the latest
Click for Chronicle's RSS feed
Filter topics:
December 16, 2021 / by Rick Correa, Sharat Ganesh
Detecting and responding to Apache “Log4j 2” using Google Chronicle

In this post, we will share how customers can detect and respond to Log4j 2, and discuss solutions available to Chronicle customers to manage the risk of the Apache “Log4j 2” vulnerability (CVE-2021–44228 and CVE-2021–45046).

April 20, 2021
New Chronicle integrations with leading SOAR platforms
As enterprises look to more efficiently manage the incident response process, Security Orchestration, Automation, and Response (SOAR)…
October 12, 2020 / by Anton Chuvakin
Why is Threat Detection Hard?
October 5, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Incident response [Video]

In this episode of "Fastest Two Minutes in SecOps," Chronicle Security Specialist Rishalin Pillay breaks down the role of the SOC practitioner during an unfolding incident.

May 10, 2022 / by Dan Trotman
Partnering in Europe to outsmart digital adversaries: Managed security providers and Google Cloud Security

Google Chronicle and EMEA-based MSSP Hunt & Hackett have partnered to deliver advanced managed detection and response services.

March 16, 2022 / by Mike Hom, Travis Lanham
Powering Security Operations with context-aware detections, alert prioritization and risk scoring in Google Chronicle.
July 6, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Cloud security [Video]

How can you succeed in the cloud’s new detection (and response) context, architect a more resilient cloud, keep SOC teams less frustrated and more upbeat, and most of all leverage the cloud to kickstart your security operations transformation? In this video, Herald boils down a very big conversationcloud securityinto something salient and actionable. Enjoy!

September 21, 2022 / by Dan Kaplan
3 key signs your managed security provider is prepared to detect and respond to cloud threats

As you canvas the growing pool of MDR options, here are some worthy questions you can ask to see how they stack up in their ability address cloud threats, summarized from a recent episode of the Cloud Security Podcast from Google.

October 11, 2021 / by Rajesh Gwalani
Investigate threats surfaced in Google Cloud’s Security Command Center using Chronicle

Today we’re excited to announce a brand new integration between Chronicle and Security Command Center, Google Cloud’s security and risk management platform.

July 11, 2022 / by Dan Kaplan
How Chronicle SIEM can help augment your SOC stack [New paper]

Introducing a new paper conveying the value of Google Chronicle augmentation, designed for organizations experiencing detection and response blind spots, namely limited visibility into security telemetry, scalability challenges, and inconsistent response capabilities.

May 23, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Top SOC Challenges [Video]

A brand-new Google Cloud Security video series launches, coverings all things security operations. The premier episode of "Fastest Two Minutes in SecOps" addresses top SOC challenges.

March 25, 2020 / by Anton Chuvakin
So, Chronicle, Are You a SIEM?
September 12, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Threat hunting [Part 1] [Video]

In this episode of “Fastest Two Minutes in SecOps,” Google Cloud Principal Security Strategist John Stoner introduces you to the benefits of hunting, and also offers words of caution for teams who may rush into the practice before other competencies of their detection and response are sufficiently built out.

February 22, 2022
Join us for Google Cloud Security Talks: Threat Detection & Response Edition

Learn about everything related to threat detection, investigation and response in our Q1 2022 Google Cloud Security Talks.

March 5, 2020
One Year…and Counting!
With RSA 2020 upon us, it’s been one year since we announced our security analytics platform. We decided to start by doing one thing…
July 26, 2022 / by Dan Kaplan
What it means to do threat detection, investigation, and response in the cloud [New paper]

Cloud applications and infrastructure are different to defend than on-premises environments. This new whitepaper will guide security operations teams through the distinctions, nuances, and opportunities presented by the cloud.

April 15, 2020
Working with ElevenPaths

This morning, Telefonica’s ElevenPaths announced its collaboration with Chronicle, to begin building new managed security services. MSSPs…

June 15, 2022 / by Dan Kaplan
Fastest Two Minutes in SecOps: Ransomware [Video]

In the latest episode of "Fastest Two Minutes in SecOps," Diaz tells security operations professionals everything they need to know about how ransomware is evolving and key pointers to consider in a detection and response strategy.

September 27, 2021 / by Amos Stern
Understanding SOC team roles and responsibilities

Security operations center roles and responsibilities are fairly straightforward, but distinct in their requirements.

September 1, 2022 / by Kristen Cooper
Recapping Siemplify SOAR's biggest summer updates

Building on our "SOAR for the age of anywhere operations" announcement, we continued our momentum and attention to the technology with a host of new features dedicated to driving efficient security operations.

October 6, 2021 / by Dan Kaplan
8 best practices for secure remote work access

While remote work offers many benefits to companies, it presents special security challenges that are not present in traditional office environments. This post identifies those challenges, explains how they change the nature of cybersecurity requirements and offers tips on how to secure remote access.

June 2, 2022 / by Sharat Ganesh, Josh Karp
How cybersecurity technology providers can harness Google Cloud’s security technologies with a new OEM partner program

Google Cloud Security’s OEM Partner Program accelerates technology partner innovation with Chronicle and VirusTotal capabilities.

September 7, 2022 / by Chris Martin, Sharat Ganesh
Security Analyst Diaries #5: GeoIP enrichment on Chronicle SecOps

Dear diary, it's all about location, location, location. And Chronicle's GeoIP functionality delivers a simple and powerful use case to drive context-rich alarms within the SOC and detect login compromises.

April 5, 2022 / by Sharat Ganesh
How Managed Security Service Providers can accelerate their business with Google Cloud Security’s Partner Program using Google Chronicle

We are excited to announce our new Chronicle MSSP Program, which will offer MSSPs around the world the ability to provide scalable, differentiated, and effective detection and response capabilities with our cloud-native SIEM product, Chronicle.

May 6, 2021
Introducing Threat Intel for Chronicle
Today we’re excited to announce Google Cloud Threat Intelligence for Chronicle, a new applied threat intelligence service available to…
May 12, 2022 / by Dan Kaplan
Learn, connect, and be inspired at Google Cloud Security Summit 2022 [plus how to stream it live]

Google Cloud Security Summit happens Tuesday. Here is a look at what you can expect at the big virtual event for information security professionals.

October 3, 2022 / by Dan Kaplan
Meet Google's detection and response team in HACKING GOOGLE, a new six-part docuseries

For all the gripping drama and never-before-told stories that the series offers, particularly compelling for security operations professionals is Episode 002: Detection & Response, in which incident responders look back on the January 2001 North Korean-led operation that sought to socially engineer security researchers and infiltrate their digital properties. Google was one of the victims.

May 7, 2022 / by Dan Kaplan
[Infographic] The SOC Ecosystem

This slick Google Cloud infographic illustrates how modern security operations centers are forging new and symbiotic connections within and outside the organization.

August 4, 2021 / by Rajesh Gwalani
Introducing brand new visualizations in Chronicle

Today, we’re excited to announce that we’re bringing more industry-leading Google technology to security teams by integrating Chronicle with Looker and BigQuery.

December 30, 2021 / by Dan Kaplan
9 security orchestration and automation benefits: How SOAR helps improve incident response

Integrating SOAR into your SOC can increase efficiency and effectiveness by correlating alerts from disparate security devices, automating tasks, and providing playbooks for incident handling.

November 18, 2021 / by Anton Chuvakin
New Paper: “Autonomic Security Operations — 10X Transformation of the Security Operations Center”

It is with much excitement that we release a new paper about transforming your security operations, published under the Office of the CISO at Google Cloud.

August 2, 2022 / by Dan Kaplan
[Infographic] Have your SIEM ... and augment it too

If you make the wise decision to augment your SIEM with Chronicle, here are three compelling use cases illustrated that will help you achieve affordability, scalability and better response.

May 5, 2022 / by Adelaide Taylor, Christine Robison
Internal only: Placeholder blog post

With the rebuild of the Chronicle website, we made improvements to its infrastructure to better automate the content management workflow within Kintaro and Google Sheets.

November 7, 2020 / by Anton Chuvakin
Hearing from CISOs at Google Cloud and Beyond
May 27, 2021 / by Matthew Svensson
How to dynamically correlate Google Cloud Compute Engine instance network traffic using Chronicle
Following up from last week’s blog post on why network security telemetry matters today, our guest author Matt Svensson, a Senior Security…
April 20, 2021 / by Anton Chuvakin
Today, You Really Want Cloud Native SIEM Capabilities!

One thing I did not expect to see in 2021 is a lot of people complaining about how difficult their SIEM is to operate. Let’s explore this topic for the (n+1)-th time.

June 27, 2022 / by Dan Kaplan
How to think about cloud threats today

In the cloud, are these new threats, or old and familiar threats against relatively new assets? What does the future potential hold for your adversaries? And what can your security operations team do to get ahead of this fast-moving landscape?

April 29, 2022 / by Nimmy Reichenberg
Gartner SOAR Magic Quadrant: When, where, and how?

In this post, we will, however, attempt to provide insights on what a magic quadrant might look like for SOAR and what basis could be used for rating SOAR platforms.

April 29, 2021
New SOC Prime detection rules available in Chronicle

The Chronicle team is excited to release new SOC Prime detection rules, now available to use in the Chronicle Detect rules engine.

May 15, 2020 / by Dan Kaplan
What is SIEM? The roadmap to a better SOC

Security information and event management (SIEM) tools are used to help enable just that—gathering critical machine-generated data, measuring threats, generating alerts and supporting IT security personnel with aggregations, charts and dashboards to highlight and prioritize events or deficiencies.

September 27, 2022 / by Chris Martin, Sharat Ganesh
Security Analyst Diaries #6: Finding the proverbial needle in a haystack with Chronicle SIEM's domain prevalence

Prevalence has been a core feature of the Chronicle Security Operations suite since its inception. It provides the capability to build a unique baseline of network accesses commonality, and is used by security analysts to quickly determine unusual or beaconing activity. 

February 4, 2022 / by Chris Martin
Security Analyst Diaries: Detecting GCP CIS control violations with native GCP Cloud Audit Logging…

For our first diary entry we wanted to highlight key feature favorites this particular customer loved...

May 12, 2021
Introducing Chronicle Detect

Modern detection for modern threats...

May 17, 2022 / by Kristen Cooper
Introducing SOAR for the age of anywhere operations

The latest release of Siemplify SOAR sets you up with the building blocks you need—cloud infrastructure, automation, collaboration, and analytics—to take your response to the next level.

May 31, 2022 / by Kristen Cooper
Three ways to stay one step ahead in a competitive MSSP market

Introducing the Siemplify (now part of Google Cloud) MSSP SecOps Program, which is uniquely poised to offer customers a new way to think about the SOCfrom insights to risk reduction to help with the maturity lifecycle for the enterprise.

May 14, 2021 / by Anton Chuvakin
Why your network security telemetry matters
March 30, 2021
Predictive Analytics for Cyber in Enterprises: Setting the PACE with Google Cloud Chronicle and…
As more organizations embrace hybrid, multi-cloud environments and a work-from-anywhere model, security teams are realizing they operate…
August 4, 2020
Building a Modern Endpoint Architecture with Tanium
Today, we are announcing an expanded partnership with Tanium, which includes joint solutions between Tanium Threat Response and Chronicle…
September 22, 2022 / by John Stoner
New to Chronicle: Rule outcomes

So far, our new to Chronicle series has introduced UDM and built a detection on a single event. From there, we moved into correlating across multiple events. Today, we are going to introduce another section of YARA-L called outcome.

August 1, 2022 / by John Stoner
New to Chronicle: Unified data model

As part of the "New to Chronicle" series, our John Stoner walks you through Chronicle's unified data model schema and how it empowers your analysis and decision-making.

September 6, 2022 / by John Stoner
New to Chronicle: Multi-event rules

The "New to Chronicle" series carries on with another primer into rules, this one focusing on building multi-event rules to enhance your SIEM coverage.

August 4, 2022 / by Chris Martin, Sharat Ganesh
Security Analyst Diaries #4: Detection and Response on Google Workspace with Chronicle

Discover how Chronicle provides native integrations for Google Workspace, a modern productivity and collaboration suite.

May 14, 2021 / by Anton Chuvakin
Q&A Blog: Trends for the Modern SOC
May 19, 2022 / by Dan Kaplan
How to power up your SOC training to improve detection, investigation, and response

SOC training is an important way to not only make analysts better prepared to battle adversaries, but also to make them know leaders are investing in their skills and giving them an opportunity to grow. Here is how to get it right.

No results found
Let’s work together
Ready for Google-speed threat detection and response?
Contact us