Google Security Operations - Detect

Detect threats with confidence

Ingest all your data with twelve months hot data retention and eliminate blind spots with modern threat detection powered by Google.

Features

Uncover more threats with less custom engineering

Correlate petabytes of your telemetry and get actionable threat information with sub-second search. Rely on an advanced detection engine continuously updated with new rules and threat indicators by Google and Mandiant.


  • Put curated detections to work. Leverage high-fidelity detections developed using the latest Google threat research and insights and automatically mapped to the MITRE ATT&CK framework.


  • Escalate what's important. Google Security Operations’ detection and alerting only escalates important threats, with risk scoring based on contextual vulnerability, and business risk. 


  • Simplify detection authoring. Easily build YARA-L detections to create rules for your own environment, including user and entity behavior analytics.

Stay ahead of the latest threats

Proactively uncover and defend against novel attacks in near real time with Google's unrivaled threat and exposure visibility.


  • Automatically apply threat intelligence. Leverage combined intelligence from Google, Mandiant, and VirusTotal to automatically uncover more potential threats in your environment.


  • Tap into Mandiant's frontlines. Get early warning signals of potential active breaches in your environment based on Mandiant’s frontline intelligence from real-world incident response investigations.


  • Proactively address exposure. Identify potentially exploitable entry points accessible to attackers and prioritize remediation with attack surface management integration.

Eliminate blind spots using the power of the cloud

Stop relying on custom engineering by hard-to-find security experts. Take advantage of out-of-the-box capabilities, automation, and AI to ease your workload.


  • Ingest and analyze data at scale. Leverage Google Cloud’s planetary scale to quickly and securely ingest all relevant security telemetry at a predictable price point.


  • Retain data longer to uncover more threats. Retain data for twelve months by default to enable retroactive matching of IoCs and threat hunting by your team or by Mandiant Experts.


  • Seamless integration with Google Cloud and beyond. Detect more threats with ease using built in integrations with your Google Cloud infrastructure as well as multi-cloud and on-prem.

How It Works

Google Security Operations offers a unified experience across SIEM, SOAR, and threat intelligence to drive better detection, investigation, and response. Collect security telemetry data, apply threat intel to identify high priority threats, drive response with playbook automation, case management, and collaboration.

Google Security operations platform and its process
How Google Security Operations works

Common Uses

Threat detection

Detect advanced threats

Correlate petabytes of your security telemetry with an advanced detection engine continuously updated with new rules and threat indicators by Google researchers.

Chronicle curated detections

    Detect advanced threats

    Correlate petabytes of your security telemetry with an advanced detection engine continuously updated with new rules and threat indicators by Google researchers.

    Chronicle curated detections

      Investigation

      Get to the root cause fast with an intuitive workbench

      Analyze real-time activity with investigation views, including VirusTotal and Mandiant threat intel enrichment, third-party threat intelligence insights, and user aliasing.

      Chronicle UDM search

        Get to the root cause fast with an intuitive workbench

        Analyze real-time activity with investigation views, including VirusTotal and Mandiant threat intel enrichment, third-party threat intelligence insights, and user aliasing.

        Chronicle UDM search

          Hunting

          Proactively identify threats in your environment

          Search at Google speed to hunt for threats faster than traditional SOC tools. Apply automated alert enrichment and instant insight into malicious files and URLs to quickly make good decisions.

          Chronicle UDM search

            Proactively identify threats in your environment

            Search at Google speed to hunt for threats faster than traditional SOC tools. Apply automated alert enrichment and instant insight into malicious files and URLs to quickly make good decisions.

            Chronicle UDM search

              Pricing

              About Google Security Operations pricingGoogle Security Operations is available in packages and based on ingestion. Includes one year of security telemetry retention at no additional cost.
              ProductDescriptionPricing

              Standard

              Base SIEM and SOAR capabilities

              Includes the core capabilities for data ingestion, threat detection, investigation and response with 12 months hot data retention, full access to our 700+ parsers and 300+ SOAR integrations and 1 environment with remote agent.

              The detection engine for this package supports up to 1,000 single-event and 75 multi-event rules.

              Threat intelligence

              Bring your own threat intelligence feeds.

              Contact sales for pricing

              Enterprise

              Includes everything in the Standard package plus:

              Base SIEM and SOAR capabilities

              Expanded support to unlimited environments with remote agent and a detection engine that supports up to 2,000 single-event and 125 multi-event rules.

              UEBA

              Use YARA-L to create rules for your own user and entity behavior analytics, plus get a risk dashboard and out of the box user and entity behavior-style detections.

              Threat intelligence

              Adds curation of enriched open source intelligence that can be used for filtering, detections, investigation context and retro-hunts. Enriched open source intelligence includes Google Safe Browsing, remote access, Benign, and OSINT Threat Associations.

              Google curated detections

              Access out-of-the-box detections maintained by Google experts, covering on-prem and cloud threats.

              Gemini in security operations

              Take productivity to the next level with AI. Gemini in security operations provides natural language, an interactive investigation assistant, contextualized summaries, recommended response actions and detection, and playbook creation.

              Contact sales for pricing

              Enterprise Plus

              Includes everything in the Enterprise package plus:

              Base SIEM and SOAR capabilities

              Expanded detection engine supporting up to 3,500 single-event rules and 200 multi-event rules.

              Applied threat intelligence

              Full access to Google Threat Intelligence (which includes Mandiant, VirusTotal, and Google threat intel), including intelligence gathered from active Mandiant incident response engagements.

              On top of the unique sources, Applied Threat Intelligence provides turnkey prioritization of IoC matches with ML-base prioritization that factors in each customer's unique environment. We will also go beyond IoCs to include TTPs in understanding how an adversary behaves and operates.

              Google curated detections

              Additional access to emerging threat detections based on Mandiant's primary research and frontline threats seen in active incident response engagements.

              BigQuery UDM storage

              Free storage for BigQuery exports for Google SecOps data up to your retention period (12 months by default).

              Contact sales for pricing

              About Google Security Operations pricing

              Google Security Operations is available in packages and based on ingestion. Includes one year of security telemetry retention at no additional cost.

              Standard

              Description

              Base SIEM and SOAR capabilities

              Includes the core capabilities for data ingestion, threat detection, investigation and response with 12 months hot data retention, full access to our 700+ parsers and 300+ SOAR integrations and 1 environment with remote agent.

              The detection engine for this package supports up to 1,000 single-event and 75 multi-event rules.

              Threat intelligence

              Bring your own threat intelligence feeds.

              Pricing

              Contact sales for pricing

              Enterprise

              Description

              Includes everything in the Standard package plus:

              Base SIEM and SOAR capabilities

              Expanded support to unlimited environments with remote agent and a detection engine that supports up to 2,000 single-event and 125 multi-event rules.

              UEBA

              Use YARA-L to create rules for your own user and entity behavior analytics, plus get a risk dashboard and out of the box user and entity behavior-style detections.

              Threat intelligence

              Adds curation of enriched open source intelligence that can be used for filtering, detections, investigation context and retro-hunts. Enriched open source intelligence includes Google Safe Browsing, remote access, Benign, and OSINT Threat Associations.

              Google curated detections

              Access out-of-the-box detections maintained by Google experts, covering on-prem and cloud threats.

              Gemini in security operations

              Take productivity to the next level with AI. Gemini in security operations provides natural language, an interactive investigation assistant, contextualized summaries, recommended response actions and detection, and playbook creation.

              Pricing

              Contact sales for pricing

              Enterprise Plus

              Description

              Includes everything in the Enterprise package plus:

              Base SIEM and SOAR capabilities

              Expanded detection engine supporting up to 3,500 single-event rules and 200 multi-event rules.

              Applied threat intelligence

              Full access to Google Threat Intelligence (which includes Mandiant, VirusTotal, and Google threat intel), including intelligence gathered from active Mandiant incident response engagements.

              On top of the unique sources, Applied Threat Intelligence provides turnkey prioritization of IoC matches with ML-base prioritization that factors in each customer's unique environment. We will also go beyond IoCs to include TTPs in understanding how an adversary behaves and operates.

              Google curated detections

              Additional access to emerging threat detections based on Mandiant's primary research and frontline threats seen in active incident response engagements.

              BigQuery UDM storage

              Free storage for BigQuery exports for Google SecOps data up to your retention period (12 months by default).

              Pricing

              Contact sales for pricing

              Get a demo

              See Google Security Operations in action

              Talk to sales

              Contact us today for more information on Google Security Operations

              Learn what Google Security Operations can do for you

              The platform acts as a single source of truth by gathering all of our significant events in one place

              A robust platform that allows customers to ingest any kind of data at volume

              Learn the technical aspects of Google Security Operations

              New to Google Security Operations?

              Business Case

              Explore how organizations like yours cut costs, increase ROI, and drive innovation with Google Security Operations


              IDC Study: Customers cite 407% ROI with Google Security Operations

              CISO, Multi-billion dollar automotive company

              "Our cybersecurity teams deal with issues faster with Google Security Operations, but they also identify more issues. The real question is, 'how much safer do I feel as a CISO with Google Security Operations versus my old platform?' and I would say 100 times safer."

              Read the study

              Trusted and loved by security teams around the world

              "We can now use natural language search to query large amounts of data which we estimate will improve our ability to transform, synthesize and make data meaningful by 10X."- Dennis McDonald, CISO, Jack Henry

              Hear their story

              "The Gemini AI functionality within Google Security Operations really impressed me. It gives you essentially 70 or 80 percent of the detection right out of the box and then you only have to add those kinds of small things in the middle."- Manan Doshi, Senior Security Engineer, Etsy

              Hear their story

              "Historically, our legacy SIEM, we had to feed it a lot of the contextual enrichment and all of that threat intelligence stuff. It was data engineering to make it sing, where on the Google side, the product is more baked in, purpose-built for us to use it. It’s so intuitive and the speed was certainly really beneficial for us as well."- Mark Ruiz, Head of Cybersecurity Analytics, Pfizer

              Hear their story

              • BBVA logo
              • Groupon logo
              • Charles Schwab logo
              • Jack Henry logo
              • Vertiv logo
              Google Cloud
              • ‪English‬
              • ‪Deutsch‬
              • ‪Español‬
              • ‪Español (Latinoamérica)‬
              • ‪Français‬
              • ‪Indonesia‬
              • ‪Italiano‬
              • ‪Português (Brasil)‬
              • ‪简体中文‬
              • ‪繁體中文‬
              • ‪日本語‬
              • ‪한국어‬
              Console
              Google Cloud