Cyber Tool Stack
All tools

Google Security Operations

By Google Cloud

Google's SIEM and SOAR platform, renamed from Chronicle in 2024, built on the same infrastructure that powers Google Search to make searching a year of security telemetry feel instant. Threat intelligence from Mandiant and VirusTotal is applied to customer data automatically, and pricing is designed around retaining everything rather than sampling.

Verified Source: 1

Product type
Software
Deployment
SaaS
Organization size
Mid-marketEnterprise
Pricing tier
$$

Capability checklist

SIEM

How Google Security Operations measures up against the full Security Information & Event Management taxonomy.

Broad log ingestion — supported
Collects and normalizes logs from network, endpoint, cloud, and SaaS sources.
Correlation & detection rules — supported
Turns raw events into alerts via built-in and custom detection logic.
Fast historical search — supported
Query months of data quickly during investigations.
Behavior analytics (UEBA) — supported
Baselines user and entity behavior to flag anomalies.
Dashboards & reporting — supported
Compliance and operational reporting out of the box.
Detection-as-code — supported
Manage detection rules in version control with CI.

Alternatives

Other Security Information & Event Management tools with overlapping capabilities, sized for similar teams.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.