Introducing Threat Intel for Chronicle

Today we’re excited to announce Google Cloud Threat Intelligence for Chronicle, a new applied threat intelligence service available to Chronicle customers. This new service surfaces highly actionable threats in Chronicle environments based on Google’s collective insight and research into Internet-based threats. Using Threat Intelligence for Chronicle, security teams can take advantage of a curated, high fidelity threat intelligence service that allows you to focus on real threats in the environment and accelerate your response time.

See high fidelity threat indicators in your environment, validated hands-on by threat researchers

Threat Intel for Chronicle is exclusively curated for enterprise customers by Uppercase, Google Cloud’s intelligence research and applications team. Select intelligence on attack patterns is gathered across Google’s vast array of networks and services, coupled with operational research for deconfliction, context and enrichment, and then applied to customer telemetry. The service provides Google Cloud’s perspective on threats across the internet, the analytic insights we glean, and surfaces them as relevant alerts for customers.

Threat Intel for Chronicle alerts are surfaced in Chronicle’s Enterprise Insights UI.

Over time, we will provide customers a range of useful alerts, from simple indicator findings to complex behavioral findings that will inform them of potential threats to their security posture.

An unparalleled approach to threat intelligence

Most threat intelligence feeds require security teams to do the implementation and legwork. For example, it’s common for vendors to offer threat intelligence feeds that must be manually applied against enterprise security telemetry. This means that security teams need to manage the acquisition and ingestion of this intelligence, reconcile overlap across different data sources, and go through a time consuming deconfliction and investigation process. For many customers, this does not include reconciling findings that are already mitigated (that is, blocks or prevented) by their existing security tools.

The approach with Chronicle is simple — with Threat Intel for Chronicle, our intelligence insights are applied across your security telemetry to present unique observations within your environment. Our offering takes care of deconfliction and includes helpful context in our alerts to expedite your alert triage process and save time.

Get started

Today, Threat Intel for Chronicle is available as part of a limited GA program for Chronicle customers at no additional charge. To learn more or apply for the limited GA program, contact your Chronicle account manager or complete the Contact Sales form.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store