Chronicle is purpose-built on the power of Google’s infrastructure to help security teams run security operations at unprecedented speed and scale. Today, we’re excited to announce that we’re bringing more industry-leading Google technology to security teams by integrating Chronicle with Looker and BigQuery. Backed by this powerful toolset, security analysts can create brand new visual workflows that increase efficiency and improve outcomes in the Security Operations Center (SOC).
New Looker visualizations in Chronicle
Chronicle’s new visualizations — powered by Looker, Google Cloud’s business intelligence (BI) and analytics platform — enables a multitude of new security use cases such as dashboarding, reporting, compliance, and data exploration. Out of the box, security teams can access brand new, Looker-driven embedded dashboards in five content categories at no additional cost to the Chronicle license:
Chronicle security overview — a set of overview visualizations that surface high level insights such as statistics and trends on ingested events, number of alerts, and a global threat map
In the example below, Windows security logs or EDR logs can be used to create powerful visualizations for ransomware detections including top hosts impacted by ransomware, number of alerts over time, fake process creations, and lateral movement activity.
Take security-driven data science to the next level with BigQuery
Chronicle also now integrates BigQuery, making it easier than ever for analysts to leverage complex, massive security data sets to find problems faster and more easily. With this integration, Chronicle customers can export petabytes of security telemetry into BigQuery — Google Cloud’s serverless, highly scalable multi-cloud data warehouse — introducing endless possibilities for security-driven data science. For example, security teams can use BigQuery to join the security telemetry in Chronicle’s Unified Data Model (UDM) with a dataset of their choice or run custom analytics on top of UDM data, such as in Deloitte’s PACE analytics solution.
Each Chronicle tenant now includes a private, managed BigQuery data lake that features data export at regular intervals and 180 days of data retention included at no additional cost. In addition to Looker, customers can use any BigQuery compatible tool — such as Google Data Studio, Grafana, Google Sheets, and Tableau — to create visualizations with Chronicle data.
Chronicle customers can get started today using the BigQuery data lake to build security visualizations in a tool of their choice, with embedded Looker-driven dashboards in Chronicle available to all customers in Preview mode. Please contact your Account Executive to enable Chronicle visualizations in Preview. To learn more about Chronicle and the brand new integrations with Looker and BigQuery watch the recording from Google Cloud Security Summit or complete the Contact Sales form.