Thank you.
A quick follow up questions (I don't have access to Chronicle at this time), for threat detection (malware, unauthorized access, etc.), does Chronicle provides a list of default detection rules similar to what Security Command Center premium has Or Chronicle needs such feed from SCC or other tools?

Thank you.
As per the documentation you shared, if I look into 'Overview of Cloud Threats Category' section, it dictates correlation of different SCC findings. So there is a dependency for these rules I assume.

Looking into the 'curated detections' section, there are screenshots in the documentation. I am wondering if Chronicle provides a list of out-of-box rules similar to this one: https://cloud.google.com/security-command-center/docs/concepts-event-threat-detection-overview#rules

Hello,

Yes, SCC feeds are required for the Curated Detections part.  Regarding out-of-the-box rules, we have them at the github repository and have documentation on how to write rules but do not provide examples in the product. 

So these are all rules available in Github repo, right?
https://github.com/chronicle/detection-rules

Without SCC premium feed (or other 3rd party feeds), there won't be any Out-of-Box (Not created by users) Rules for following threat detections (as example):

Malware: bad domain    MALWARE_BAD_DOMAIN

Brute force SSH     BRUTE_FORCE_SSH

Evasion: Access from Anonymizing Proxy     ANOMALOUS_ACCESS