Chronicle GCP address the need for modern detection tools for modern threats. As part of our Google Cloud Platform Support Service, Bobcares responds to all GCP inquiries, big or small.

GCP’s Chronicle

Chronicle is a cloud service created for enterprises to privately store, process, and search the enormous amounts of security and network telemetry they produce. It is built as a specialized layer on top of the core Google infrastructure. In order to provide immediate analysis and context on risky activity, Chronicle normalizes, indexes, correlates, and analyses the data.

So we can now examine the aggregated security information for the enterprise going back for months or longer with the help of the Chronicle. We can also focus the search on a particular asset, domain, or IP address to see if there has been a compromise.

Features of Chronicle

1. Search: We can do it in two ways. The Raw Log Scan allows searching the raw unparsed logs whereas the Regular Expressions search looks for the raw unparsed logs using regular expressions.
2. Investigative views: GCP Chronicle allows the following views.
   • Enterprise Insights: Shows the assets and domains that require the most research.
   • Asset view: Look into the enterprise’s assets to see if they’ve interacted with any doubtful domains.
   • IP Address view: Look into specific IP addresses used by our company and how they affect the assets.
   • Hash view: Lookup and research files using their hash values.
   • Domain view: Investigate specific business domains and how they affect the assets from a domain perspective.
   • User view: Look into any enterprise users who faces security incidents previously.
   • Procedural filtering: Specify an asset’s details down to the event type, log source, network connection state, and Top Level Domain (TLD).
3. Detection Engine: The Chronicle Detection Engine automatically searches through the data for security flaws. We can define rules to search all incoming data and alert when known or potential threats surface within the organization.
4. Integrations and tools: With VirusTotal integration, we can launch VirusTotal Graph from Chronicle to further investigate an asset, domain, or IP address. Also, the Chronicle extension for Chrome launches Chronicle from anywhere within the Chrome browser.
5. Curated information: The domains and alerts that we may want to look into further are highlighted in asset insight blocks. The prevalence graph displays how many domains an asset has connected to over a given time frame. There will also be Alerts from well-known security tools.

Data Collection In GCP’s Chronicle

Chronicle can ingest various types of security telemetry using a range of techniques, including:

• A Forwarder is a lightweight software element that supports SIEM and is on the client side.
• Ingestion APIs enable logs to be sent directly to the Chronicle platform.
• Third-party integrations and third-party cloud APIs to facilitate ingestion.

Data Evaluation In GCP’s Chronicle

Security professionals receive Chronicle’s analytical capabilities through a user-friendly, browser-based application. We can access many of these features programmatically using Read APIs. Chronicle gives analysts a way to analyze potential threats and determine their nature, their actions, their significance, and the best course of action.

Safety And Adherence In GCP’s Chronicle

Chronicle inherits the compute and storage capabilities as well as the security design and capabilities of that infrastructure because it is a specialized, private layer built over the main Google infrastructure.

[Looking for an answer to another issue? We’re only a click away.]

Conclusion

Data volumes have increased, attacker techniques have become more sophisticated while remaining subtle, and existing detection and analytics tools are struggling to keep up. As a result, many modern threats are undetectable by security tools. GCP’s Chronicle was created to meet these needs. Our Support team went over the Chronicle details in this article.