Mandiant is now part of Google Cloud. Learn more.
Chronicle, Google's Cloud-Native SIEM, is built to handle massive amounts of data and extract signals to find threats instantly
The current economics of storing and processing enterprise security data have made it nearly impossible to compete against cybercrime. With Chronicle, the scalability and economics of storing and analyzing your security data are no longer an issue.
How Chronicle works
Chronicle ingests your own data into a private container and combines it with Google data.
All of it is aggregated, normalized and linked together into a coherent timeline.
That data is then exposed via investigation, hunting and detection, as well as to other security products via APIs.
The power of the platform
Our products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both. Your security telemetry data is continuously analyzed for insight on a global platform.
Infinitely elastic
Built on core Google infrastructure, Chronicle gives you an infinitely elastic container for storing your enterprise security telemetry.
Because every second matters when responding to threats, you can ingest, normalize, and index massive amounts of telemetry data and correlate it to known threats.
Unparalleled storage
In an investigation, access to years of telemetry can mean the difference between clear answers and hoping for the best.
Get an inside look
Watch how Chronicle works
Google’s pricing model combined with Google’s economies of scale provide significant cost savings for organizations while increasing their probability of finding advanced persistent threats and improving the fidelity of forensic investigations.
Enterprise Strategy Group
"The Economic Benefits of Chronicle’s Analytics Platform"
Super-fast analysis at a massive scale
The capabilities of Chronicle, combined with the speed and power of Google, cut analysis from hours or days into seconds and boost analyst productivity.
Security analytics at the speed of search
Chronicle can ingest massive amounts of telemetry data, normalize it, index it, correlate it to known threats, and make it available for analysis in seconds.
Secure, high-speed telemetry ingestion
Chronicle makes it easy to upload your security telemetry quickly and securely. Forward your data from any syslog source, existing log aggregator, SIEM, or by packet capture to the Chronicle platform. Use our one-click Google Cloud Integration to protect your assets instantly.
Instant indexing and correlation
Whenever a user accesses a domain via a browser, the DNS data can be forwarded to Chronicle, ingested, normalized, correlated and made available in the GUI in a matter of seconds. As a result, your analysts can always work with the most up-to-date information about activity within your network.
Real-time, responsive UI
Your Chronicle dashboard helps you understand real-time activity at a glance, cutting tasks that used to take hours down to seconds. For example, if a domain suddenly becomes classified as malicious, Chronicle will instantly uncover all access to that domain, regardless of whether the matching DNS events occurred 10 days or 10 months ago.
Never run out of storage or compute cycles again
As your data volume grows, managing a large-scale analytics system requires ever-greater amounts of servers, storage, networking, backup—and people to manage it all. Chronicle eliminates those headaches once and for all.
Scalable by design
Chronicle can scale to 100+ petabytes. The platform is built on an unparalleled data infrastructure to ensure performance without compromise, regardless of load.
Easy to manage
Managed by the same experts who built the core components that power global search, Chronicle gives you the benefits of massive scale without the management pain.
Intelligent identification
Chronicle automatically makes the connections between user and machine identity information that would normally take a skilled analyst hours to complete.
See everything
When an analyst receives an alert for a machine or person, Chronicle can instantly display every bit of related activity—no need to search through different log systems at different times to try to connect activity to an employee's actions.
Connect the dots
Chronicle telemetry processing automatically connects related pieces of activity data into a single data structure. Network packets identified with an IP address connect to email logs with an email address to file transfers from a MAC address. Chronicle understands how to link these different pieces to a single asset or user.
Get the whole picture
Our unified identity graph, enhanced by our anomaly detection analytics, makes it easy to understand unusual activity and to present it to incident responders.
Threat intelligence
Google Cloud Threat Intelligence for Chronicle is your own team of experts
Complex attacks are our specialty
Our team of threat experts hails from leading cloud and security organizations such as Palo Alto Networks, Crowdstrike, the U.S. Department of Defense, Kaspersky Labs, and Google. With decades of cumulative experiences investigating malicious campaigns and deep-diving into malware, our researchers employ a variety of novel tools and techniques to detect emerging threats.
We built threat signals right into our products to protect you better
Threat Intel for Chronicle leverages research on both current and emerging trends and past threats that may have gone unnoticed. Together, latent infections and emergent risks are all presented directly within the Chronicle platform.
Let’s work together
Ready for Google-speed threat detection and response?
Contact us
Related resources
How Chronicle SIEM can help augment your SOC stack [New paper]
Take a peek at any CISO’s wish list, and you will likely find “tools...
Case Studies
Case Study: Telepass
Telepass, the most widely used electronic tolling system across Europe, uses Chronicle to protect...
Security Analyst Diaries #3: New ingestion metrics, new YARA-L functions, new VT widget
Welcome to another Security Analyst Diary entry. We are excited to cover not one, but three of our...