Google Chronicle Integration

XGEN SOAR Integration

Integrating D3 and Chronicle enables a combined analytic and investigative solution that can scale with no added cost. Chronicle normalizes, indexes, correlates and analyzes security data and threat intelligence to create curated dashboards that help security analysts identify and make sense of suspicious activity in their environment. D3 can leverage that internal and external intelligence to investigate and remediate threats.
Chronicle Integration

Download Integration Guide



Integration features

1
Turn threats identified in Chronicle into automation-powered response in D3
2
Automate queries of Chronicle data in D3 playbooks
3
Run thousands of commands from the D3 console
4
Map threats from Chronicle using the MITRE ATT&CK framework

Key Use Case

Chronicle Integration

#1: Incident Enrichment

Analysts can enrich alerts in D3 with Chronicle’s detailed analytics and threat intelligence. This will reveal important context around indicators such as IP addresses and domains, which can then inform D3’s orchestration of response actions across the environment. Chronicle enrichment can be added as an automated action in D3’s codeless playbook editor.
Chronicle Integration

#2: Complex Investigations

Chronicle can provide rich security telemetry and identify possible threats, but it is not suitable for complex investigations. Using D3’s case management capabilities, analysts can assemble multiple events and indicators into a larger investigation, and query Chronicle for contextual data as needed. D3’s MITRE ATT&CK correlation capabilities help reveal the kill chain of an attack, which can then be used to focus the search for threats across Chronicle.
X Chronicle Integration