Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Chronicle Return to the Chronicle homepage
Security Operations Suite arrow_forward expand_more
Security Operations Suite

Explore the Security Operations Suite for the modern SOC.

Security Operations Suite
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
SIEM Eliminate security blindspots and fight threats with the speed and scale of Google.
SOAR Orchestrate, automate, and collaborate with ease to respond to threats in minutes, not days.
Threat intelligence Stay ahead of adversaries with Google’s unparalleled threat intelligence.
Marketplace Explore pre-packaged use cases and hundreds of integrations.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Overview Level up your security team’s performance with four powerful solutions.
SecOps transformation Accelerate business transformation and maximize threat coverage.
SIEM augmentation Eliminate security blindspots and expand automation.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Events Find out where you can interact with us or learn more live.
News Read what the media are saying about Chronicle.
Community Join security pros sharing SecOps content and best practices
Contact us Visit the contact us page
Chronicle Return to the Chronicle homepage
Security Operations Suite arrow_forward expand_more
Security Operations Suite

Explore the Security Operations Suite for the modern SOC.

Security Operations Suite
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
SIEM Eliminate security blindspots and fight threats with the speed and scale of Google.
SOAR Orchestrate, automate, and collaborate with ease to respond to threats in minutes, not days.
Threat intelligence Stay ahead of adversaries with Google’s unparalleled threat intelligence.
Marketplace Explore pre-packaged use cases and hundreds of integrations.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Overview Level up your security team’s performance with four powerful solutions.
SecOps transformation Accelerate business transformation and maximize threat coverage.
SIEM augmentation Eliminate security blindspots and expand automation.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Events Find out where you can interact with us or learn more live.
News Read what the media are saying about Chronicle.
Community Join security pros sharing SecOps content and best practices
Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Mandiant is now part of Google Cloud. Learn More Mandiant is now part of Google Cloud. .

Chronicle SIEM

Detect, investigate, and hunt for threats like never before

Chronicle SIEM delivers modern threat detection, investigation, and hunting at unprecedented speed and scale – all at a disruptive and predictable price point.

Read the SANS review Read the SANS Review

Up to

6x

reduction in total cost 
of ownership (TCO)

Up to

6x

savings by choosing Google Chronicle

Up to

10x

gains in time to investigate


Explore Chronicle SIEM

Threat Detection

Detect advanced threats with a modern engine

Correlate petabytes of your telemetry with an advanced detection engine continuously updated with new rules and threat indicators by Google researchers.
Purpose-built detection with an enriched timeline

Chronicle’s detection engine includes predefined rules mapped to specific threats, suspicious activity, and security frameworks like MITRE ATT&CK.

Context-aware detections

Chronicle’s detection and alerting only escalates important threats, with risk scoring based on contextual vulnerability, and business risk. Simplify detection authoring with YARA-L to build custom content.

Automated, continuous, and retroactive IoC matching

Automate detections with instant correlation of indicators of compromise (IoC) against one year of security telemetry. Drive context with out-of-the-box intelligence feeds and third-party intelligence subscriptions.

Investigation

Hunt fast with an intuitive analyst workbench

Search at Google speed to hunt for threats faster than traditional SOC tools.

Prevalence visualization

Drive analyst prioritization and find anomalous assets/domains with prevalence visualization.

Real-time responsive UI and curated investigation views

Analyze real-time activity with investigation views, including VirusTotal enrichment, third-party threat intelligence insights, and user aliasing.

Ingest your security telemetry quickly and securely

Forward data from any syslog source, log aggregator, SIEM, or packet capture to Chronicle – and use our one-click integration to instantly drive visibility into your environment.

Customization

Customize and integrate on an open platform

Build a detection and investigation platform on top of Chronicle for customized use cases catered to your unique environment.

Comprehensive integrations and APIs

Leverage high-performance APIs to add Chronicle’s functionality to downstream IT tools. Build streamlined and customized workflows for your environment.

Native security for Google Cloud

Correlate security telemetry from other Google Cloud products for a unified view of your threat landscape. Seamlessly ingest Security Command Center findings, access logs and decisions on BeyondCorp, reCAPTCHA Enterprise alerts, and Google Workspace logs into Chronicle.

Data lake and log management

Rapidly normalize data with pre-built parsers into a unified data model spanning asset, user, IoC dimensions and attributes.
Hear from our customers
See how Vertiv uses Chronicle
See how Vertiv uses Chronicle
See how Chronicle helps various customers
See how Chronicle helps various customers
See how Chronicle helps NCR
See how Chronicle helps NCR

Chronicle SIEM has reduced our time to completion for an investigation, the MTTR, by approximately 50%. That in itself is incredible, and something you would never accomplish with a traditional SIEM.

Mike Orosz
Chief Information and Product Security Officer
See more stories See more customer stories on the Knowledge Base page

We've actually maintained the same number of resources and we're closing almost 3x more security events as compared to our previous SIEM.

Mike Orosz
Chief Information and Product Security Officer
See more stories See more customer stories on the Knowledge Base page

I asked one of our analysts, what’s the longest-running search on this platform, and it was minutes. That was life changing for us because our prior approach would have taken weeks.

Bob Varnadoe
CISO, NCR
See more stories See more customer stories on the Knowledge Base page
Related resources
WHITEPAPER
How Chronicle SIEM Can Help Augment Your SOC Stack

This paper neatly makes the case for adding Chronicle SIEM to your SOC environment, or if you are a current user, describes how to extract additional use case benefits.

Read the Chronicle Augmentation Whitepaper
REPORT
SANS Product Review: Chronicle SIEM

Discover why SANS said Chronicle SIEM is "a paradigm changer in how security investigations are conducted and believe it will be a force multiplier for most security teams."

Read the SANS Product Review for Chronicle SIEM
CASE STUDY
Case Study: Morgan Sindall

Chronicle enables ingestion and analysis of massive amounts of data, improves detection accuracy, and reduces time to incident resolution.

Read the Morgan Sindall Customer Story
See more resources Visit the Knowledge Hub page

Want to detect and respond at Google speed?

Learn more about Chronicle SIEM.

Contact us Visit the contact us page

  1. Internal Google research

  2. Enterprise Strategy Group “Analyzing the Economic Benefits of Google Chronicle Security Analytics Platform