Chronicle, Google's Cloud-Native SIEM, is built to handle massive amounts of data and extract signals to find threats instantly
The current economics of storing and processing enterprise security data have made it nearly impossible to compete against cybercrime. With Chronicle, the scalability and economics of storing and analyzing your security data are no longer an issue.
How Chronicle works
The power of the platform
Our products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both. Your security telemetry data is continuously analyzed for insight on a global platform.
Built on core Google infrastructure, Chronicle gives you an infinitely elastic container for storing your enterprise security telemetry.
Because every second matters when responding to threats, you can ingest, normalize, and index massive amounts of telemetry data and correlate it to known threats.
In an investigation, access to years of telemetry can mean the difference between clear answers and hoping for the best.
Get an inside look
Watch how Chronicle works
Google’s pricing model combined with Google’s economies of scale provide significant cost savings for organizations while increasing their probability of finding advanced persistent threats and improving the fidelity of forensic investigations.
Super-fast analysis at a massive scale
The capabilities of Chronicle, combined with the speed and power of Google, cut analysis from hours or days into seconds and boost analyst productivity.
Security analytics at the speed of search
Chronicle can ingest massive amounts of telemetry data, normalize it, index it, correlate it to known threats, and make it available for analysis in seconds.
Secure, high-speed telemetry ingestion
Chronicle makes it easy to upload your security telemetry quickly and securely. Forward your data from any syslog source, existing log aggregator, SIEM, or by packet capture to the Chronicle platform. Use our one-click Google Cloud Integration to protect your assets instantly.
Instant indexing and correlation
Whenever a user accesses a domain via a browser, the DNS data can be forwarded to Chronicle, ingested, normalized, correlated and made available in the GUI in a matter of seconds. As a result, your analysts can always work with the most up-to-date information about activity within your network.
Real-time, responsive UI
Your Chronicle dashboard helps you understand real-time activity at a glance, cutting tasks that used to take hours down to seconds. For example, if a domain suddenly becomes classified as malicious, Chronicle will instantly uncover all access to that domain, regardless of whether the matching DNS events occurred 10 days or 10 months ago.
Never run out of storage or compute cycles again
As your data volume grows, managing a large-scale analytics system requires ever-greater amounts of servers, storage, networking, backup—and people to manage it all. Chronicle eliminates those headaches once and for all.
Scalable by design
Chronicle can scale to 100+ petabytes. The platform is built on an unparalleled data infrastructure to ensure performance without compromise, regardless of load.
Easy to manage
Managed by the same experts who built the core components that power global search, Chronicle gives you the benefits of massive scale without the management pain.
Chronicle automatically makes the connections between user and machine identity information that would normally take a skilled analyst hours to complete.
When an analyst receives an alert for a machine or person, Chronicle can instantly display every bit of related activity—no need to search through different log systems at different times to try to connect activity to an employee's actions.
Connect the dots
Chronicle telemetry processing automatically connects related pieces of activity data into a single data structure. Network packets identified with an IP address connect to email logs with an email address to file transfers from a MAC address. Chronicle understands how to link these different pieces to a single asset or user.
Get the whole picture
Our unified identity graph, enhanced by our anomaly detection analytics, makes it easy to understand unusual activity and to present it to incident responders.
Google Cloud Threat Intelligence for Chronicle is your own team of experts
Complex attacks are our specialty
Our team of threat experts hails from leading cloud and security organizations such as Palo Alto Networks, Crowdstrike, the U.S. Department of Defense, Kaspersky Labs, and Google. With decades of cumulative experiences investigating malicious campaigns and deep-diving into malware, our researchers employ a variety of novel tools and techniques to detect emerging threats.
We built threat signals right into our products to protect you better
Threat Intel for Chronicle leverages research on both current and emerging trends and past threats that may have gone unnoticed. Together, latent infections and emergent risks are all presented directly within the Chronicle platform.
Hear from our customers
See how Groupon uses Chronicle
See how Groupon uses Chronicle
See how BetterCloud uses Chronicle
See how BetterCloud uses Chronicle
When we introduced the EDR component to the environment, then we were able to take it to that next level and not just investigate natively in that tool, we could go over to Chronicle and say “what else is going on? What’s the rest of the picture?”… The guesswork is out the window.
For us, Chronicle is more than a cutting-edge security tool. We use it to monitor operational activity, too. It informs our understanding of how colleagues use our infrastructure and gives us visibility over our entire environment. With that overview and these tools, the only limit is our imagination.
An investigation would take upwards of 10 minutes if an EDR event hit, and we would have to dig into every single telemetry source. In Chronicle it’s looking at a simplified timeline view with all those data together.
How Chronicle SIEM can help augment your SOC stack [New paper]
Take a peek at any CISO’s wish list, and you will likely find “tools...
Case Study: Telepass
Telepass, the most widely used electronic tolling system across Europe, uses Chronicle to protect...
Security Analyst Diaries #3: New ingestion metrics, new YARA-L functions, new VT widget
Welcome to another Security Analyst Diary entry. We are excited to cover not one, but three of our...