|Chronicle provides||Resolution Intelligence Cloud Foundation provides|
|Data ingestion, search, retention||
Security data ingestion from virtually any source (multi-cloud, data center, on-prem) at petabyte scale. Unified Data Model enables search at sub-second speeds, and you can search raw unparsed logs in Chronicle. Twelve months of hot security telemetry data.
With single Sign On (SSO), you can pivot seamlessly from Foundation to Chronicle to search and threat hunt.
Purpose-built for service providers and enterprises that manage multiple tenants, Resolution Intelligence Cloud Foundation provides highly scalable deployment, visibility, and management across multiple Chronicle tenants secured with role-based access control (RBAC) and SSO.
You can write and edit rules in YARA-L.
GUI detection rule builder so you can create and edit YARA-L rules without code — a huge time saver for most people. Rules are saved and run directly in Chronicle. Includes rule testing. Content Management System for managing rules and applying to all, some, or one Chronicle tenant.
|Rule and parser packs||
Chronicle comes with a set of detection rules and parsers.
Foundation comes with additional detection rules and parser packs. Netenrich services can, optionally, create custom rules and parsers for you.
|Dashboards and reports||
Chronicle has default dashboards for analysis and reporting. Reporting is available by converting a dashboard to a shareable file (PDF, Excel, CSV, etc.). Dashboards are built on Looker (visualization layer) and BigQuery (data layer).
Foundation comes with additional dashboards and reports — modify those or create your own with our no-code, configurable dashboard builder built directly on BigQuery. It's faster and easier to use. Run reports on one, some, or all Chronicle tenants.
|MITRE ATT&CK mapping||
Google Cloud Threat Intelligence (GCTI) provides and manages a set of YARA-L rules to help customers identify threats to their enterprise.
Foundation maps alerts to the MITRE ATT&CK framework, providing context and making it easier to detect and respond. Foundation reveals gaps where you lack log coverage. At higher subscription levels, Resolution Intelligence Cloud shows patterns of related alerts mapped to MITRE ATT&CK to provide even more context.
Chronicle includes VirusTotal. Chronicle customers who are Google Cloud Threat Intelligence (GCTI) customers get GCTI alerts.
Netenrich Threat Intelligence adds third-party threat intelligence, vulnerability disclosures, reference lists of threat intelligence, and advisories.
|Content Management System||
Manage sets of rules for one or more Chronicle instances. For example, group sets of rules that belong together, such as compliance rules, or even sets of rules specific to a type of compliance like PCI, HIPAA, and GDPR. Service providers can then create and manage rule packs for their customers who need them.
Jumpstart Google Chronicle
Resolution Intelligence Cloud (all plans) uses Chronicle as its security data lake and accelerates Chronicle time to value. You get all the functionality of Chronicle plus ease of use, content, and services for success at service-provider scale.
Resolution Intelligence Foundation, the entry-level subscription plan for Resolution Intelligence Cloud™, lays the foundation for using security data at petabyte scale in Google Chronicle. Netenrich provides implementation services, a customer success manager, and customer support for ongoing success. Upgrade anytime to Resolution Intelligence Cloud Analytics and Resolutions for intelligence, context, automation and more to speed detection and response while up-leveling staff. See details below.
Harness Chronicle for everyone
Chronicle is a powerful engine. Resolution Intelligence Foundation harnesses Chronicle and adds functionality that improves success and effectiveness.
- Multi-level multitenancy of Chronicle instances
- Detection rule builder that simplifies YARA-L rule development
- Rule and parser packs plus a content management system
- Configurable dashboards and reports (built on Big Query)
- MITRE ATT&CK mapping, gap analysis
- Blazing fast setup: Read the case study and see the how-to videos.
Get more from Chronicle
Gain insights across all tenants
Use Foundation for Google Chronicle's built-in dashboards, or use the no-code dashboard builder to create your own so you can spot trends across all, some, or any one of your end-customers.
Create rule content packs
Foundation for Google Chronicle adds a content management system to Chronicle, so you can create content packs (sets of detection rules) for any or all Chronicle tenants.
Reveal missing log coverage
Foundation for Google Chronicle reveals gaps in log coverage on a MITRE ATT&CK matrix. Choose known threats to overlay their tactics and techniques on the matrix to see where you're vulnerable.
Jumpstart Google Chronicle and keep control of your SOC
We're here to help! Let's talk about how Netenrich can help you jumpstart Chronicle plus get multitenancy, rule and parser packs, real-time dashboards, implementation support, and much more with Resolution Intelligence Cloud.