Features

Reduce toil with automated response playbooks.

Deploy, maintain, and scale playbooks with ease.

  • Automate common scenarios. Address common day-to-day challenges (phishing or ransomware) with ready to run use cases, complete with playbooks, simulated alerts, and tutorials.
  • Build repeatable, automated security processes. Create playbooks that orchestrate hundreds of tools with simple drag and drop. Plus, automate repetitive tasks to respond faster and free up time for higher value work.
  • Analyze and optimize playbooks. Maintain, optimize, troubleshoot, and iterate playbooks with lifecycle management capabilities, including run analytics, reusable playbook blocks, version control, and rollback.
  • Generate playbooks with Gemini. Remediate threats with playbooks built by generative AI.

Resolve threats faster with context and collaboration.

Lean on generative AI, threat intelligence, and effective collaboration to respond with greater speed and precision.

  • Understand complex threats with AI generated summaries. Automatically receive context and guidance on threats, along with recommendations on how to respond with Gemini in Security Operations.
  • Proactively respond to threats with threat intelligence. Integrate unrivaled threat intelligence and visualize the most important contextual data for each threat—who did what, and when—and the relationships between all involved entities attached to an event, product, or source.
  • Easily collaborate with analysts, service providers, and stakeholders outside of SecOps. Chat and tag colleagues, assign tasks, and monitor progress of a case directly from the case wall to ensure every case is fully addressed and nothing falls through the cracks.

Capture SecOps insights consistently.

Consolidate SecOps activity to easily generate insights that drive improvement and measure progress over time.

  • Track real-time SOC metrics and KPIs. Choose from out-of-the-box interactive reports and dashboard templates to see how the team is performing on the metrics that matter—from detection rates to cases closed to improvement over time.
  • Leverage business intelligence to effectively measure and manage operations. Connect, visualize, and examine data to identify gaps, reallocate resources, evolve existing processes, or identify where to automate manual processes.
  • Automatically capture, document, and report on all SOC activity. Capture all analyst case activity—including all automated actions, manual activities, chats, tasks, and uploaded files—in a single, searchable, and auditable repository.

How It Works

Google Security Operations offers a unified experience across SIEM, SOAR, and threat intelligence to drive better detection, investigation, and response. Collect security telemetry data, apply threat intel to identify high priority threats, drive response with playbook automation, case management, and collaboration.

Google Security Operations platform and its process
How Google Security Operations works

Common Uses

Automate repetitive tasks

Drive consistency and reduce toil

Easily build playbooks to orchestrate the tools you rely on with zero-coding or create integrations using a built-in Python IDE.


Chronicle playbooks

    Drive consistency and reduce toil

    Easily build playbooks to orchestrate the tools you rely on with zero-coding or create integrations using a built-in Python IDE.


    Chronicle playbooks

      Slash response times

      Interpret and resolve threats faster

      Combine playbook automation, case management, and integrated threat intelligence in one cloud-native, intuitive experience so you can focus on the information that matters and get to the root cause in seconds.

      Chronicle SOAR alert grouping

        Interpret and resolve threats faster

        Combine playbook automation, case management, and integrated threat intelligence in one cloud-native, intuitive experience so you can focus on the information that matters and get to the root cause in seconds.

        Chronicle SOAR alert grouping

          Pricing

          About Google Security Operations pricingGoogle Security Operations is available in packages and based on ingestion. Includes one year of security telemetry retention at no additional cost.
          Package typeFeatures includedPricing

          Standard

          Base SIEM and SOAR capabilities

          Includes the core capabilities for data ingestion, threat detection, investigation and response with 12 months hot data retention, full access to our 700+ parsers and 300+ SOAR integrations and 1 environment with remote agent.

          The detection engine for this package supports up to 1,000 single-event and 75 multi-event rules.

          Threat intelligence

          Bring your own threat intelligence feeds.

          Contact sales for pricing

          Enterprise

          Includes everything in the Standard package plus:

          Base SIEM and SOAR capabilities

          Expanded support to unlimited environments with remote agent and a detection engine that supports up to 2,000 single-event and 125 multi-event rules.

          UEBA

          Use YARA-L to create rules for your own user and entity behavior analytics, plus get a risk dashboard and out of the box user and entity behavior-style detections.

          Threat intelligence

          Adds curation of enriched open source intelligence that can be used for filtering, detections, investigation context and retro-hunts. Enriched open source intelligence includes Google Safe Browsing, remote access, Benign, and OSINT Threat Associations.

          Google curated detections

          Access out-of-the-box detections maintained by Google experts, covering on-prem and cloud threats.

          Gemini in security operations

          Take productivity to the next level with AI. Gemini in security operations provides natural language, an interactive investigation assistant, contextualized summaries, recommended response actions and detection, and playbook creation.

          Contact sales for pricing

          Enterprise Plus

          Includes everything in the Enterprise package plus:

          Base SIEM and SOAR capabilities

          Expanded detection engine supporting up to 3,500 single-event rules and 200 multi-event rules.

          Applied threat intelligence

          Full access to Google Threat Intelligence (which includes Mandiant, VirusTotal, and Google threat intel), including intelligence gathered from active Mandiant incident response engagements.

          On top of the unique sources, Applied Threat Intelligence provides turnkey prioritization of IoC matches with ML-base prioritization that factors in each customer's unique environment. We will also go beyond IoCs to include TTPs in understanding how an adversary behaves and operates.

          Google curated detections

          Additional access to emerging threat detections based on Mandiant's primary research and frontline threats seen in active incident response engagements.

          BigQuery UDM storage

          Free storage for BigQuery exports for Google SecOps data up to your retention period (12 months by default).

          Contact sales for pricing

          About Google Security Operations pricing

          Google Security Operations is available in packages and based on ingestion. Includes one year of security telemetry retention at no additional cost.

          Standard

          Features included

          Base SIEM and SOAR capabilities

          Includes the core capabilities for data ingestion, threat detection, investigation and response with 12 months hot data retention, full access to our 700+ parsers and 300+ SOAR integrations and 1 environment with remote agent.

          The detection engine for this package supports up to 1,000 single-event and 75 multi-event rules.

          Threat intelligence

          Bring your own threat intelligence feeds.

          Pricing

          Contact sales for pricing

          Enterprise

          Features included

          Includes everything in the Standard package plus:

          Base SIEM and SOAR capabilities

          Expanded support to unlimited environments with remote agent and a detection engine that supports up to 2,000 single-event and 125 multi-event rules.

          UEBA

          Use YARA-L to create rules for your own user and entity behavior analytics, plus get a risk dashboard and out of the box user and entity behavior-style detections.

          Threat intelligence

          Adds curation of enriched open source intelligence that can be used for filtering, detections, investigation context and retro-hunts. Enriched open source intelligence includes Google Safe Browsing, remote access, Benign, and OSINT Threat Associations.

          Google curated detections

          Access out-of-the-box detections maintained by Google experts, covering on-prem and cloud threats.

          Gemini in security operations

          Take productivity to the next level with AI. Gemini in security operations provides natural language, an interactive investigation assistant, contextualized summaries, recommended response actions and detection, and playbook creation.

          Pricing

          Contact sales for pricing

          Enterprise Plus

          Features included

          Includes everything in the Enterprise package plus:

          Base SIEM and SOAR capabilities

          Expanded detection engine supporting up to 3,500 single-event rules and 200 multi-event rules.

          Applied threat intelligence

          Full access to Google Threat Intelligence (which includes Mandiant, VirusTotal, and Google threat intel), including intelligence gathered from active Mandiant incident response engagements.

          On top of the unique sources, Applied Threat Intelligence provides turnkey prioritization of IoC matches with ML-base prioritization that factors in each customer's unique environment. We will also go beyond IoCs to include TTPs in understanding how an adversary behaves and operates.

          Google curated detections

          Additional access to emerging threat detections based on Mandiant's primary research and frontline threats seen in active incident response engagements.

          BigQuery UDM storage

          Free storage for BigQuery exports for Google SecOps data up to your retention period (12 months by default).

          Pricing

          Contact sales for pricing

          Get a demo

          See Google Security Operations in action.

          Talk to sales

          Contact us today for more information on Google Security Operations.

          Learn what Google Security Operations can do for you

          Surfaced alerts a manufacturing company had never seen before

          The playbooks add tremendous value and enable automation for the MSSP and its customers

          Learn the technical aspects of Google Security Operations

          New to Google Security Operations?

          Business Case

          Explore how organizations like yours cut costs, increase ROI, and drive innovation with Google Security Operations


          IDC Study: Customers cite 407% ROI with Google Security Operations

          CISO, Multi-billion dollar automotive company

          "Our cybersecurity teams deal with issues faster with Google Security Operations, but they also identify more issues. The real question is, 'how much safer do I feel as a CISO with Google Security Operations versus my old platform?' and I would say 100 times safer."

          Read the study

          Trusted and loved by security teams around the world

          "One thing that's fantastic about Google Security Operations is that you have your SOAR, your SIEM, and everything else all in one place." - Manan Doshi, Senior Security Engineer, Etsy

          Hear their story

          "Every event goes to our single point of truth for security which is Google Security Operations. Here we are able to automate many operations to speed response and make our analysts' lives easier." - Nicola Mutti, CISO, Telepass

          Hear their story

          "We have advanced capabilities around threat intelligence that are highly integrated into the Google Security Operations platform. We like the orchestration capabilities that enable us to enrich the data and provide additional context to it, so our SOC and analysts are able to prioritize that work and respond with the attention that is needed." - Bashar Abouseido, CISO, Charles Schwab

          Hear their story

          • Jack Henry logo
          • Kroger logo
          • Telepass logo
          • Herjavec Group logo
          • Charles Schwab logo
          Google Cloud
          • ‪English‬
          • ‪Deutsch‬
          • ‪Español‬
          • ‪Español (Latinoamérica)‬
          • ‪Français‬
          • ‪Indonesia‬
          • ‪Italiano‬
          • ‪Português (Brasil)‬
          • ‪简体中文‬
          • ‪繁體中文‬
          • ‪日本語‬
          • ‪한국어‬
          Console
          Google Cloud