Google Cloud has announced Chronicle Detect, a threat detection tool to help enterprises identify threats at “unprecedented speed and scale”.
Chronicle, Alphabet’s enterprise security company born in the X moonshot factory Chronicle, joined Google Cloud last year.
Earlier this year at RSA, Google introduced the building blocks for Chronicle Detect. The data fusion model stitches events into a unified timeline, a rules engine to handle common events, and a language for describing complex threat behaviors.
Additionally, Chronicle Detect is claimed to make it easy for enterprises to move from legacy security tools to a modern threat detection system. Security teams can use Google-scale platform to send their security telemetry to Chronicle at a fixed cost so that diverse, high value security data can be taken into account for detections.
What Google does is that it automatically makes that security data useful by mapping it to a common data model across machines, users, and threat indicators, so that you can quickly apply powerful detection rules to a unified set of data.
YARA-L, a language for describing threat behaviors, is the foundation of the Chronicle Detect rules engine.
Many organizations are also integrating Sigma-based rules that work across systems, or converting their legacy rules to Sigma for portability. Chronicle Detect includes a Sigma-YARA converter so that customers can port their rules to and from Google’s platform.