Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Contact us Visit the contact us page
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Mandiant is now part of Google Cloud. Learn More Mandiant is now part of Google Cloud. .

Chronicle Security Operations

Detect, investigate, and hunt for threats like never before

Chronicle delivers modern Security Information and Event Management (SIEM) capabilities at unprecedented speed and scale.

Read the SANS review Read the SANS Review

Up to

6x

reduction in total cost 
of ownership (TCO)

Up to

6x

savings by choosing Google Chronicle

Up to

10x

gains in time to investigate


Explore SIEM Capabilities

Threat Detection

Detect advanced threats with a modern engine

Correlate petabytes of your telemetry with an advanced detection engine continuously updated with new rules and threat indicators by Google researchers.
Purpose-built detection with an enriched timeline

Chronicle’s detection engine includes predefined rules mapped to specific threats, suspicious activity, and security frameworks like MITRE ATT&CK.

Context-aware detections

Chronicle’s detection and alerting only escalates important threats, with risk scoring based on contextual vulnerability, and business risk. Simplify detection authoring with YARA-L to build custom content.

Automated, continuous, and retroactive IoC matching

Automate detections with instant correlation of indicators of compromise (IoC) against one year of security telemetry. Drive context with out-of-the-box intelligence feeds and third-party intelligence subscriptions.

Investigation

Hunt fast with an intuitive analyst workbench

Search at Google speed to hunt for threats faster than traditional SOC tools.

Prevalence visualization

Drive analyst prioritization and find anomalous assets/domains with prevalence visualization.

Real-time responsive UI and curated investigation views

Analyze real-time activity with investigation views, including VirusTotal enrichment, third-party threat intelligence insights, and user aliasing.

Ingest your security telemetry quickly and securely

Forward data from any syslog source, log aggregator, SIEM, or packet capture to Chronicle – and use our one-click integration to instantly drive visibility into your environment.

Customization

Customize and integrate on an open platform

Build a detection and investigation platform on top of Chronicle for customized use cases catered to your unique environment.

Comprehensive integrations and APIs

Leverage high-performance APIs to add Chronicle’s functionality to downstream IT tools. Build streamlined and customized workflows for your environment.

Native security for Google Cloud

Correlate security telemetry from other Google Cloud products for a unified view of your threat landscape. Seamlessly ingest Security Command Center findings, access logs and decisions on BeyondCorp, reCAPTCHA Enterprise alerts, and Google Workspace logs into Chronicle.

Data lake and log management

Rapidly normalize data with pre-built parsers into a unified data model spanning asset, user, IoC dimensions and attributes.
Hear from our customers
See how Vertiv uses Chronicle
See how Vertiv uses Chronicle
See how a manufacturing company uses Chronicle
See how a manufacturing company uses Chronicle
See how Chronicle helps various customers
See how Chronicle helps various customers

Chronicle SIEM has reduced our time to completion for an investigation, the MTTR, by approximately 50%. That in itself is incredible, and something you would never accomplish with a traditional SIEM.

Mike Orosz
Chief Information and Product Security Officer
See more stories See more customer stories on the Knowledge Base page

With Chronicle, anybody on my team can find the results right away. We can put the story together the same day. We don’t have to wait for an expert to help us find information that we have. Anybody can do it.

Omar Meza
Director of IT, Manufacturing Company
See more stories See more customer stories on the Knowledge Base page

We've actually maintained the same number of resources and we're closing almost 3x more security events as compared to our previous SIEM.

Mike Orosz
Chief Information and Product Security Officer
See more stories See more customer stories on the Knowledge Base page
Related resources
WHITEPAPER
How Chronicle SIEM Can Help Augment Your SOC Stack

This paper neatly makes the case for adding Chronicle SIEM to your SOC environment, or if you are a current user, describes how to extract additional use case benefits.

Read the Chronicle Augmentation Whitepaper
REPORT
SANS Product Review: Chronicle SIEM

Discover why SANS said Chronicle SIEM is "a paradigm changer in how security investigations are conducted and believe it will be a force multiplier for most security teams."

Read the SANS Product Review for Chronicle SIEM
CASE STUDY
Case Study: Morgan Sindall

Chronicle enables ingestion and analysis of massive amounts of data, improves detection accuracy, and reduces time to incident resolution.

Read the Morgan Sindall Customer Story
See more resources Visit the Knowledge Hub page

Want to detect and respond at Google speed?

Learn more about Chronicle Security Operations.

Contact us Visit the contact us page

  1. Internal Google research

  2. Enterprise Strategy Group “Analyzing the Economic Benefits of Google Chronicle Security Analytics Platform