Last year we announced Chronicle Security Operations, Google’s SecOps suite that unites the capabilities that security teams depend on to more quickly identify and respond to threats. We are continuing to innovate and build upon this release by adding more functionality focused on delivering improved context, collaboration, and speed to handle alerts faster and more effectively.
SLA Visibility and Configuration Flexibility
To help ensure security teams meet service level agreements (SLAs), new and improved SLA management focuses on bringing visibility and flexibility to the forefront. Now security analysts can improve prioritization by setting SLA by case or alert priority, include SLA as part of the automation for more flexible configurations and easily view SLA alerts in a single pane of glass with notifications in the case header, new icons, and a revamped homepage.
Parallel Action Execution
Time is a luxury many security teams don’t have. With new parallel actions analysts can now shorten playbook execution time by running actions in parallel as part of a playbook or block of actions. Playbooks can also be built in organized groups so analysts can easily understand and maintain playbook logic.
A Cleaner, Clearer Case Wall
Investigating threats truly takes a village and requires effective collaboration. Our redesigned case wall enables analysts to keep comments relevant and up-to-date with the ability to edit and remove comments. We also increased attachment limits so the proper case evidence can always be added.
Built-in Entity Enrichment as Part of Alert Ingestion Flow
Simplify playbook building by configuring built-in entity enrichment. Now, analysts can receive enrichment data before a SOAR playbook is executed by using SIEM alert data to enrich entities as part of the ingestion process.
Improve your time to value with our latest and greatest Chronicle SOAR marketplace updates. These include new out-of-the-box (OOTB) widgets that can be edited or used as is, the release of nine new integrations and improving more than thirty existing integrations. For a full list of OOTB widget actions, check out the in-app Chronicle SOAR marketplace.
UDM Search Capability
Drive faster decision making by unleashing the true scale of Google search to investigate security issues. This reimagined investigative experience drives faster threat understanding with an interactive event results timeline that streams results as they are processed, enabling analysts to quickly begin threat analysis on up to 1 million events.
Expanded Regional Support
Meet long-term compliance and jurisdictional requirements with expanded regional support in the UK. Additional regional support is expected to be added throughout 2023.
Chronicle Context Integration with Google Cloud DLP
Correlate Chronicle SIEM telemetry with Google Cloud DLP findings to prioritize security findings. Extend context-aware detection and analytics capability, craft rich detections using DLP findings to allow deeper filtering or scoring of Chronicle detection results, and automatically ingest these findings to create investigation cases in Chronicle SOAR.
Interested in seeing more? Schedule a demo to see how you can leverage these new features.