Native streaming integration for a hassle-free, real time data ingestion into Chronicle. Effective normalizing and structuring data to adhere to both native and Google’s UDM formats.
Out of the box library of context-aware volume reduction rule sets helping you achieve more than 35% data volume reduction in under 2 weeks.
Use volume reduction functions like aggregation and suppression to convert noisy logs like network traffic/flow into manageable insights that can be loaded in Chronicle reducing both the volume and the overall time for queries to execute.
Seamless conversion into the UDM data model, native to Chronicle SIEM, additionally facilitating flexible and faster downstream onboarding in Chronicle SIEM.
Indicator Index to extract insights such as Security Observables. (IP addresses, Domains, URLs, Hashes), Entity Relationships (Processes, Network execution, Registry modifications), Intel Context. Use additionally derived context such as first observed / last observed time / frequency of observation to speed up data exploration and hunting.
Chronicle customers can use additional Google services like Google Big Query, Cloud Storage to implement both a cost effective and future ready security architecture.
Use the DataBahn AI Ready framework to get your data cleansed, enriched, features extracted, and embeddings generated to build AI powered apps on top of your Google Cloud environment.