Chronicle Security Operations

The intelligence-driven and AI-powered security operations platform

Chronicle is a modern, cloud-native SecOps platform that empowers security teams to better defend against today’s and tomorrow’s threats.

Features

Supercharge productivity with generative AI

Use natural language to search your data, iterate, and drill down. Duet AI generates underlying queries and presents full mapped syntax.  

Investigate more efficiently with AI-generated summaries of what’s happening in cases, along with recommendations on how to respond.

[UPCOMING] Interact with Chronicle using a context-aware AI-powered chat, including the ability to create detections and playbooks.

Detect threats with confidence

Leverage Google curated detections to find the latest threats and map them to MITRE ATT&CK.

Simplify detection authoring with YARA-L to build custom content.

Leverage intelligence from Google, Mandiant, and VirusTotal to automatically uncover potential threats.

Get early warning signals of potential active breaches based on Mandiant’s frontline intelligence.

Identify potentially exploitable entry points accessible to attackers and prioritize remediation with attack surface management integration.

Retain data for 12 months by default to enable retroactive matching of IoCs and threat hunting by your team.

Investigate with insights at your fingertips

Analyze real-time activity with investigation views, visualizations, threat intel insights, and user aliasing.

Investigate with full context at your fingertips, including anomalous assets and domain prevalence and more.

"Google search" petabytes of data at lightning speed.

Manage, prioritize, and assign work with unique threat-centric case management.

Seamlessly pivot between cases, alerts, entities, and detections with a unified experience across the entire TDIR workflow.

Respond with speed and precision

Drive consistency in your response and automate repetitive tasks with a full- featured intuitive playbook builder and 300+ integrations.

Easily collaborate on every case with fellow analysts, service providers, and other stakeholders.


Augment your team with expert help

Partner with Mandiant elite threat hunters, leveraging advanced techniques, to hunt for hidden attackers seamlessly using your Chronicle data.

Get complete visibility and actionable insights into what our expert hunters looked for, how and where they looked, and what they found—mapped to the MITRE ATT&CK® framework.


How It Works

Chronicle offers a unified experience across SIEM, SOAR, and Threat Intelligence to drive better detection, investigation, and response. Collect security telemetry data, apply threat intel to identify high priority threats, drive response with playbook automation, case management, and collaboration.

Chronicle Security Operations
How Chronicle Security Operations works

Common Uses

SOC modernization

Drive SOC modernization

Protect your organization against modern-day threats by transforming your security operations with Chronicle.

State of threat detection and response
Chronicle cloud threat detection

    Drive SOC modernization

    Protect your organization against modern-day threats by transforming your security operations with Chronicle.

    State of threat detection and response
    Chronicle cloud threat detection

      SIEM augmentation

      Eliminate blindspots and automate response

      Enhance your organization’s threat detection, investigation, and response at a predictable cost with Google’s cloud-native hyperscale security operations platform.

      Learn more about SIEM augmentation
      Chronicle Investigation

        Eliminate blindspots and automate response

        Enhance your organization’s threat detection, investigation, and response at a predictable cost with Google’s cloud-native hyperscale security operations platform.

        Learn more about SIEM augmentation
        Chronicle Investigation

          Cloud detection and response

          Cloud SecOps, by cloud experts

          Get better and faster detection, investigation, and response to cloud-based cyber threats with the same native tools and best practices used to protect Google Cloud.

          Learn more about streamlining threat detection and response
          Chronicle response

            Cloud SecOps, by cloud experts

            Get better and faster detection, investigation, and response to cloud-based cyber threats with the same native tools and best practices used to protect Google Cloud.

            Learn more about streamlining threat detection and response
            Chronicle response

              Pricing

              About Chronicle Security Operations pricingChronicle is available in packages and based on ingestion. Includes one year of security telemetry retention at no additional cost. 
              ProductDescriptionPricing

              Chronicle Security Operations - Standard

              For organizations seeking a hyper-scale, fast, and cost-efficient data lake and analytics platform, inclusive of SIEM and SOAR functionality.

              Contact sales for pricing

              Chronicle Security Operations - Enterprise

              For SecOps teams with fairly complex environments and typical alert volumes. Includes SIEM and SOAR functionality plus enriched threat intelligence, UEBA, Google curated detections, and Duet AI.

              Contact sales for pricing

              Chronicle Security Operations - Enterprise Plus

              For SecOps teams and MSSPs managing high alert volumes in complex environments. Includes SIEM and SOAR functionality plus premium threat intelligence from Mandiant and VirusTotal, UEBA, Google curated detections, BigQuery storage, and Duet AI.

              Contact sales for pricing

              About Chronicle Security Operations pricing

              Chronicle is available in packages and based on ingestion. Includes one year of security telemetry retention at no additional cost. 

              Chronicle Security Operations - Standard

              Description

              For organizations seeking a hyper-scale, fast, and cost-efficient data lake and analytics platform, inclusive of SIEM and SOAR functionality.

              Pricing

              Contact sales for pricing

              Chronicle Security Operations - Enterprise

              Description

              For SecOps teams with fairly complex environments and typical alert volumes. Includes SIEM and SOAR functionality plus enriched threat intelligence, UEBA, Google curated detections, and Duet AI.

              Pricing

              Contact sales for pricing

              Chronicle Security Operations - Enterprise Plus

              Description

              For SecOps teams and MSSPs managing high alert volumes in complex environments. Includes SIEM and SOAR functionality plus premium threat intelligence from Mandiant and VirusTotal, UEBA, Google curated detections, BigQuery storage, and Duet AI.

              Pricing

              Contact sales for pricing

              Get a demo

              See Chronicle Security Operations in action

              Talk to Sales

              Contact us today for more information on Chronicle Security Operations

              Learn what Chronicle Security Operations can do for you

              Our SOC and analysts are able to prioritize work and respond with the attention that is needed.

              A robust platform that allows customers to ingest any kind of data at volume.

              Business Case

              Explore how organizations like yours cut costs, increase ROI, and drive innovation with Chronicle Security Operations


              IDC Study: Customers cite 407% ROI with Google Chronicle

              CISO, multi-billion dollar automotive company

              “Our cybersecurity teams deal with issues faster with Google Chronicle Security Operations, but they also identify more issues. The real question is, ‘how much safer do I feel as a CISO with Google Chronicle Security Operations versus my old platform?’ and I would say 100 times safer.”

              Read the study

              Trusted and loved by security teams around the world

              "Every event goes to our single point of truth for security which is Chronicle Security Operations. Here we are able to automate many operations to speed response and make our analysts' lives easier." - Nicola Mutti, CISO, Telepass

              Hear their story


              "We have advanced capabilities around threat intelligence that are highly integrated into the Chronicle platform. We like the orchestration capabilities that enable us to enrich the data and provide additional context to it, so our SOC and analysts are able to prioritize that work and respond with the attention that is needed." - Bashar Abouseido, CISO, Charles Schwab

              Hear their story


              "We think Google made a strategic decision in the way that they built the platform [Chronicle Security Operations] many years ago. Not only is it highly robust and has millisecond search capability across vast amounts of data, but it gives you an unlimited amount of storage compared to the other platforms." - Robert Herjavec, CEO, Cyderes

              Hear their story


              • BBVA logo
              • Morgan Sindall logo
              • Groupon logo
              • Telefonica logo
              • Vertiv logo
              • Kroger logo
              • Telepass logo
              • herjavec logo
              Google Cloud
              • ‪English‬
              • ‪Deutsch‬
              • ‪Español‬
              • ‪Español (Latinoamérica)‬
              • ‪Français‬
              • ‪Indonesia‬
              • ‪Italiano‬
              • ‪Português (Brasil)‬
              • ‪简体中文‬
              • ‪繁體中文‬
              • ‪日本語‬
              • ‪한국어‬
              Console
              Google Cloud