Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Contact us Visit the contact us page
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
IDC Study: Customers cite 407% ROI with Google Chronicle. Learn More IDC Study: Customers cite 407% ROI with Google Chronicle. .
Investigate threats surfaced in Google Cloud’s Security Command Center using Chronicle
Rajesh Gwalani
Chronicle Product Manager
October 11, 2021

Today we’re excited to announce a brand new integration between Chronicle and Security Command Center, Google Cloud’s security and risk management platform. With this integration, Security Command Center users can now use Chronicle to perform detailed investigation on events surfaced through the Event Threat Detection service.

Event Threat Detection is a built-in service for the Security Command Center Premium tier that continuously monitors your organization and identifies threats within your systems in near-real time. The service is regularly updated with new detectors to identify emerging threats at cloud scale.

With this new integration, Google Cloud customers can send Security Command Center alerts directly into Chronicle at unprecedented speed and scale. In just a few clicks, you can use a simple, guided UI wizard to link your Google Cloud organization with a Chronicle tenant — and create a connection that is 100% customer controlled.

It’s simple to set up the Chronicle-Security Command Center integration in just a few clicks

When Google Cloud data is ingested into Chronicle, Event Threat Detection logs are incorporated into Chronicle’s Unified Data Model (UDM). UDM makes Google Cloud data useful right away by mapping it to a common data model across machines, users, and threat indicators, so that security teams can work from a unified set of security data. Log parsing and normalization takes place automatically to enable key capabilities like IOC matching, hunting, and investigation across all the data sources you send to Chronicle.

Security Command Center alerts are automatically populated in Chronicle

The Chronicle and Security Command Center integration also includes brand new detection and response capabilities so that security teams can take advantage of a simple click-to-investigate workflow, and Security Command Center-specific alert triage feature.

Security analysts can click-to-investigate Security Command Center alerts directly from the Google Cloud console

Chronicle now features an alert triage capability specifically for Security Command Center alerts

Chronicle adds context to Security Command Center alerts, enabling effective Google Cloud investigations in Chronicle

The Chronicle and Security Command Center integration will be generally available for Chronicle and Google Cloud customers in the coming days. Security Command Center Premium customers can contact sales to enable a Chronicle tenant and perform investigation on incidents surfaced by Event Threat Detection.

To learn more, watch The path to invisible security keynote and Cloud posture and workload protection with Security Command Center breakout session at the Google Cloud Next ’21 digital event.

Cloud Security

Let’s work together

Ready for Google-speed threat detection and response?

Contact us Visit the contact us page