Google Security Operations
By Google Cloud
Google's SIEM and SOAR platform, renamed from Chronicle in 2024, built on the same infrastructure that powers Google Search to make searching a year of security telemetry feel instant. Threat intelligence from Mandiant and VirusTotal is applied to customer data automatically, and pricing is designed around retaining everything rather than sampling.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaS
- Organization size
- Mid-marketEnterprise
- Pricing tier
- $$
Capability checklist
SIEMHow Google Security Operations measures up against the full Security Information & Event Management taxonomy.
- Broad log ingestion — supported
- Collects and normalizes logs from network, endpoint, cloud, and SaaS sources.
- Correlation & detection rules — supported
- Turns raw events into alerts via built-in and custom detection logic.
- Fast historical search — supported
- Query months of data quickly during investigations.
- Behavior analytics (UEBA) — supported
- Baselines user and entity behavior to flag anomalies.
- Dashboards & reporting — supported
- Compliance and operational reporting out of the box.
- Detection-as-code — supported
- Manage detection rules in version control with CI.
Alternatives
Other Security Information & Event Management tools with overlapping capabilities, sized for similar teams.