Google Chronicle + D3 Smart SOAR
Connect Cloud-Based Detection to Cross-Platform Orchestration
Chronicle is a cloud-based threat detection solution built on Google cloud infrastructure. The integration between D3 Smart SOAR and Google Chronicle breaks down the barriers of siloed security tools and connects Chronicle to any other security tool in your environment.
Benefits and Capabilities
D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We have studied Chronicle’s APIs and capabilities closely in order to provide a joint solution that surpasses Chronicle’s native SOAR integration. Benefits include:
- Fast and consistent response to Chronicle events with Smart SOAR’s automated playbooks
- Increased speed and quality of triage, via Smart SOAR’s Event Pipeline
- Orchestrated enrichment and response across hundreds of other integrated tools
- Automated compliance and audit management
Use CAse
Real-Time Threat Intelligence Enrichment and Response
Smart SOAR users can fetch a Chronicle event, parse out the IoCs, check their reputations, enrich the event with detailed threat intelligence, and create new security rules to monitor for any newly discovered threats. This automated, real-time approach allows cybersecurity teams to stay ahead of threats by continuously updating their defenses based on real-time threat intelligence and reputation assessments.
- Flag incoming IoCs to respond to emerging threats on your network
- Check IPs and domains against integrated threat intelligence databases
- Trigger nested playbooks to respond to discovered incidents
Use Case
Asset Vulnerability Assessment and Management
When a Smart SOAR user needs to assess the security posture of their digital assets and effectively manage vulnerabilities, they can query Chronicle to pull a list of all assets accessed by specific artifacts, conduct Unified Data Model search queries to analyze events related to those assets for any signs of compromise. and update alert settings to prioritize vulnerable assets. This use-case enables the organization to continuously monitor and assess the security of its assets, ensuring that vulnerabilities are identified and managed promptly.
- Get lists of events on particular devices within a given time range to pinpoint vulnerabilities
- Identify unusual activities related to important assets
- Modify alert settings for specific rules in Chronicle
Why Smart SOAR?
Joint users of Google Chronicle and D3 Smart SOAR don’t just get real-time threat intelligence, response, and vulnerability management; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 Automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Google Chronicle Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.