This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

NEW Chronicle Feature - Curated Detections

Posted on 08-17-2022 09:09 AM
Nick_Troutini
Staff
Reply posted on --/--/---- --:-- AM

At Google Cloud, we’re on a mission to accelerate security outcomes for every organization. Today, we’re thrilled to announce incredible progress towards this mission with curated detections.

What are curated detections? 

We are excited to announce the general availability of curated detections in Chronicle. With this release, we are providing our customers high quality, actionable, out-of-the-box detection content curated and built by Google Cloud Threat Intelligence (GCTI) researchers. These rule sets cover threats in Windows including ransomware, remote-access tools (RAT), infostealers etc. We are also expanding our coverage to detect cloud specific threats including identifying potential exfiltration of data, suspicious activity, and weakened configurations.

 

With curated detections in Google Chronicle, customers now have the ability to leverage the intelligence and expertise of our threat researchers natively within the console. Chronicle customers can now utilize high-fidelity and effective detection content natively allowing them to :

  • Drive Actionable Intelligence: Coverage over several classes of threats including crimeware, Windows threats, and other cloud-based attacks. 
  • Customize Policies: Use exception handling capabilities to address environment-specific tuning requirements, and operationalize ingested data. 
  • Map rules coverage to MITRE: Map Chronicle rules to specific MITRE ATT&CK® tactics and techniques covered representing intent, and actions of malicious behavior.

What does this mean for you? 

Lacking high fidelity detection content? Lacking bandwidth or resources to keep up? Enter, Managed analytics.

 

Security Challenge

Now with Managed Analytics 

“I don’t know where to begin using detection content.”

Use Chronicle’s high fidelity detection content curated by Google Cloud Threat Intelligence researchers to detect threats. 

“We don’t have enough analysts to keep up.” 

Our out of the box content surfaces critical threats and impactful detections enriched with context. 

“We keep missing critical threats.” 

Take advantage of faster, easier correlation to construct the larger picture from incomplete data to improve analyst productivity.

 

Ultimately, curated detections are a way to help accelerate your detection and response capabilities and more easily and efficiently address core SIEM workloads. 

What’s next? 

We’ve already seen tremendous success with customers leveraging curated detections in preview, and now you can too. Learn more about curated detections and how to get started with your organization here.

Curated Detections is now generally available.

 

1 1 746
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
SurP0000001
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Is there a list of out-of-box Chronicle rules available somewhere to review?
Similar to what SCC Premium provides here: https://cloud.google.com/security-command-center/docs/how-to-use-event-threat-detection 

0 Likes