Investigate threats surfaced in Google Cloud’s Security Command Center using Chronicle
By: Rajesh Gwalani, Chronicle Product Manager
Today we’re excited to announce a brand new integration between Chronicle and Security Command Center, Google Cloud’s security and risk management platform. With this integration, Security Command Center users can now use Chronicle to perform detailed investigation on events surfaced through the Event Threat Detection service.
Event Threat Detection is a built-in service for the Security Command Center Premium tier that continuously monitors your organization and identifies threats within your systems in near-real time. The service is regularly updated with new detectors to identify emerging threats at cloud scale.
With this new integration, Google Cloud customers can send Security Command Center alerts directly into Chronicle at unprecedented speed and scale. In just a few clicks, you can use a simple, guided UI wizard to link your Google Cloud organization with a Chronicle tenant — and create a connection that is 100% customer controlled.
When Google Cloud data is ingested into Chronicle, Event Threat Detection logs are incorporated into Chronicle’s Unified Data Model (UDM). UDM makes Google Cloud data useful right away by mapping it to a common data model across machines, users, and threat indicators, so that security teams can work from a unified set of security data. Log parsing and normalization takes place automatically to enable key capabilities like IOC matching, hunting, and investigation across all the data sources you send to Chronicle.
The Chronicle and Security Command Center integration also includes brand new detection and response capabilities so that security teams can take advantage of a simple click-to-investigate workflow, and Security Command Center-specific alert triage feature.
The Chronicle and Security Command Center integration will be generally available for Chronicle and Google Cloud customers in the coming days. Security Command Center Premium customers can contact sales to enable a Chronicle tenant and perform investigation on incidents surfaced by Event Threat Detection.
To learn more, watch The path to invisible security keynote and Cloud posture and workload protection with Security Command Center breakout session at the Google Cloud Next ’21 digital event.