Chronicle SIEM

Detect, investigate, and hunt for threats like never before

Chronicle Security Operations delivers modern security information and event management (SIEM) capabilities at unprecedented speed and scale.

Looking for more on security operations? Visit Chronicle Security Operations.

Features

Cloud-scale security analytics

Eliminate blind spots with cloud-scale ingestion of your security telemetry with 12 months hot retention at unprecedented speed and scale. Forward data from any syslog source, log aggregator, SIEM, or packet capture to Chronicle – and use our one-click integration to instantly drive visibility into your environment.

Context rich investigation

Unify and enrich your security telemetry onto a single correlated timeline view of ongoing threats in your environment. Get faster insights with context rich investigation views that automatically stitch together relevant entities and pinpoint anomalies.
Conduct sub-second search across petabytes of information - as easy as running a Google search. Get actionable threat information in seconds or minutes—not hours or days.

Advanced detection engine

Correlate petabytes of your telemetry with an advanced detection engine continuously updated with new rules and threat indicators by Google researchers. Use Google expertise codified as curated detections for advanced threats and build custom detections with intuitive detection authoring using YARA-L.  

Active breach detection

Automatically correlate active breach threat intelligence by Mandiant with your data to receive early warning signals and get ahead of attackers.

How It Works

Chronicle enables security teams to detect, investigate and respond to threats at Google speed and scale. Chronicle does this by collecting all of your security telemetry data, aggregating it, normalizing it, and applying threat intelligence to identify the highest priority threats.

Chronicle Security Operations
See how Chronicle approaches TDIR

Common Uses

Threat detection

Detect advanced threats

Correlate petabytes of your security telemetry with an advanced detection engine continuously updated with new rules and threat indicators by Google researchers.
State of threat detection and response
Chronicle curated detections

Detect advanced threats

Correlate petabytes of your security telemetry with an advanced detection engine continuously updated with new rules and threat indicators by Google researchers.
State of threat detection and response
Chronicle curated detections

Investigation

Get to the root cause fast with an intuitive workbench

Analyze real-time activity with investigation views, including VirusTotal and Mandiant threat intel enrichment, third-party threat intelligence insights, and user aliasing.
Learn how context matters
Chronicle UDM search

Get to the root cause fast with an intuitive workbench

Analyze real-time activity with investigation views, including VirusTotal and Mandiant threat intel enrichment, third-party threat intelligence insights, and user aliasing.
Learn how context matters
Chronicle UDM search