The “Google on SecOps” blog found on chronicle.security has moved to the Community Blog. This blog was originally published on March 20th, 2023 by Ahnna Schini and Kristen Cooper. Going forward, all Google Security Operations (formerly known as Chronicle Security Operations) blogs will be published here. 

Bringing a modern and unified security operations experience to our customers is and has been a top priority with the Google Security Operations team. We’re happy to show continuing innovation and even more valuable functionality. In our latest release roundup we’ll highlight a host of new capabilities focused on delivering improved context, collaboration, and speed to handle alerts faster and more effectively. 

Here’s a breakdown of our newest Google Security Operations capabilities and how they enable your security team to do more with less: 

A Modern and Unified Security Operations Experience

The release of Google Security Operations brought together the capabilities that many security teams depend on to more quickly identify threats and rapidly respond to them. It unified Google Security Operations’ security information and event management (SIEM) tech, with security orchestration, automation, and response (SOAR) capabilities, and threat intelligence from Google Cloud and VirusTotal. Investigative pivots, integrated alert management, consolidated display, and pre-packaged response playbooks are just a taste of what Google Security Operations brings to the table.

SLA Visibility and Configuration Flexibility

To help ensure security teams meet service level agreements (SLAs), new and improved SLA management focuses on bringing visibility and flexibility to the forefront. Now analysts can improve prioritization by setting SLA by case or alert priority, include SLA as part of the automation for more flexible configurations and easily view SLA alerts in a single pane of glass with pop-ups in the case header, new icons, and a revamped homepage.

Parallel Action Execution

Time is a luxury many security teams don’t have. With new parallel actions analysts can now shorten playbook execution time by running actions in parallel as part of a playbook or block of actions. Playbooks can also be built in organized groups so analysts can easily understand and maintain playbook logic.

A Cleaner, Clearer Case Wall

Investigating threats truly “takes a village” and requires effective collaboration. Our redesigned case wall enables analysts to keep comments relevant and up-to-date with the ability to edit and remove comments. We have also increased attachment limits so the proper case evidence can always be added. 

Built-in Entity Enrichment as Part of Alert Ingestion Flow

Simplify playbook building by configuring built-in entity enrichment. Now, analysts can receive enrichment data before a playbook is executed by using alert data to enrich entities as part of the ingestion process. 

UDM Search Capability

Drive faster decision making by unleashing the true scale of Google search to investigate security i.... This reimagined investigative experience drives faster threat understanding with an interactive event results timeline that streams results as they are processed, enabling analysts to quickly begin threat analysis on up to 1 million events.  

Expanded Regional Support

Meet long-term compliance and jurisdictional requirements with expanded regional support in the UK. Additional regional support is expected to be added throughout 2023. 

Google Security Operations Context Integration with Google Cloud DLP

Correlate Google Security Operations telemetry with Google Cloud DLP findings to prioritize security findings. Extend context-aware detection and analytics capability, craft rich detections using DLP findings to allow deeper filtering or scoring of Google Security Operations detection results, and automatically ingest these findings to create investigation cases in the Google Security Operations platform. 

Interested in seeing more? Schedule a demo to see how you can leverage these new features.