Chronicle is Google’s cloud-native security operations suite, with a focus on evaluating Security Incidents and Events (SIEM) features and usability from a practitioner perspective.

Derived from log collection and analysis, the SIEM promised to support more advanced alerting by correlating logs from multiple sources, allowing them to be used to generate alerts or even automagically eliminate a false positive detection. Additionally, SIEM allowed organisations to support threat hunting and more comprehensive security investigations.

Cloud-native SIEMs emerged to address the CAPEX problem and challenges with scale/elasticity. Now organizations could largely pay by the volume of logs ingested, allowing the cloud-native SIEM provider to deal with the backend issues of hardware.

Google’s cloud-native SIEM Chronicle is designed from the ground up to address shortcomings found in other SIEMs.

The entire design of Chronicle SIEM focuses on customer outcomes. There are four pillars of security that Chronicle addresses:

  1. Provide complete visibility into the security environment.
  2. Enrich data in the SIEM with Google’s threat intelligence and external sources, enabling security analysts to rapidly operationalize it.
  3. Apply modern threat detection to data ingested into the SIEM, without relying on customers to have dedicated security engineering resources on staff.
  4. Facilitate seamless response to accelerate the investigation by integrating with SOAR platforms (including Chronicle SOAR, formerly Siemplify).

For more information on SIEm, Chronicle SIEM and Chronicle – Google Security, please visit:

An in depth SANS article, guide you through the Chronicle SIEM vs others.

Chronicle Security – SIEM on Github :

Chronicle Security – Chronicle SIEM on Google :