Stay organized with collections Save and categorize content based on your preferences.
Announcing Chronicle Security Operations. Learn more.
Jump to

Security Information and Event Management (SIEM)

Part of Chronicle Security Operations, Chronicle SIEM delivers modern threat detection and investigation with integrated threat intelligence at unprecedented speed and scale, and at a disruptive and predictable price point.

  • 10x your Security Operations. Watch our demo that highlights Google Cloud's SecOps Suite.

  • Scale threat detection, investigation and response. Check out our use case blog and podcast.

  • 3-6x reduction in total cost of ownership (TCO). 

  • 1-year telemetry retention at no additional cost. 

  • Learn how customers are using Chronicle SIEM to build their modern SOC.

Benefits

Scalable and effective threat detection

Correlate petabytes of your telemetry with Google’s threat intelligence to detect and identify threats that other tools cannot surface.

Search and investigate threats faster

Search at Google speed to hunt for threats 90% faster than traditional SOC tools.

Disruptive pricing and total cost of ownership

Full-security telemetry retention, analysis at an industry-leading price. Drive compliance and security initiatives with full 1-year telemetry retention at no additional cost.

Key features

Key features

Single, correlated timeline view of a threat

By unifying and enriching all of your security telemetry onto a single timeline, Chronicle gives you an unparalleled view into your security posture. By combining this data with Google threat intel and flexible rules, you have unmatched analytical power. Actionable threat information in seconds or minutes—not hours or days.

Context-aware detections

Write better detections, prioritize existing alerts, and drive investigation faster with supporting information from authoritative sources (such as CMDB, IAM, and DLP) baked into the security event. Our detection and alerting only escalate important threats, with scoring based on contextual vulnerability and business risk.

Turbocharge security for your GCP workloads

Consolidate and correlate security telemetry with other GCP products in your portfolio for one view of your threat landscape. Security Command Center metadata/findings, BeyondCorp smart access decisions from EDRs and logs, queries in BigQuery, Looker custom/default dashboards, reCAPTCHA end user phishing and fraud alerts, and Google Workspace logs are all seamlessly integrated into Chronicle SIEM. 

Automated, continuous, retroactive IoC matching

Instant correlation of indicators of compromise (IoC) against one full year of security telemetry. Out-of-the-box intelligence feeds for IPs, domains, URLs, and files. Support for customer-owned threat intelligence subscriptions and threat intel platforms (TIPs).

Integrations and APIs

Chronicle provides high-performance APIs that expose functionality to downstream enterprise and MSSP SOC playbooks and tools (ticketing, SOAR, dashboarding) while also enabling sending data directly to the Chronicle data pipeline without the need for a forwarder. 

Customers

See how our customers are powering the modern SOC with Chronicle SIEM

See how customers are using Chronicle SIEM to drive an effective SOC program, gaining efficiencies in managing security telemetry, and detecting and investigating threats faster.  

"With Chronicle SIEM doing the correlation between all the threats, we can now identify the highest-priority threats. As a result, our team spends less time getting to the core information they need to address these incidents."

JAMES STINSON, VP of Information Technology, Quanta Services

What's new

What’s new

Sign up for Google Cloud newsletters to receive product updates, event information, special offers, and more.

Documentation

Explore Chronicle SIEM

Whitepaper
Google Cloud and Deloitte: future of the SOC

Download your copy of our white paper to learn more about the forces shaping modern security operations and challenges that must be overcome to continuously mature.

Best Practice
Modernizing threat detection and response

Learn how to modernize threat detection and response with Google’s Cloud-Native SIEM & SOAR with this webinar.

Use Case
Security Analyst Diaries

Learn how our customers are using Chronicle SIEM, with our practitioner focused video podcast series, Security Analyst Diaries.

Use Case
Driving SOC efficiency with context-aware detections

Learn how our customers are using Context-Aware Detections, to enhance their security posture and act on prioritization of alerts with risk scoring.

Pricing

Talk to a SIEM expert

Schedule time with a SIEM expert to answer technical questions, discuss pricing or take a deeper dive of the Chronicle SIEM product.