|Resolution Intelligence Cloud Foundation provides|
|Data ingestion, search, retention||
Security data ingestion from virtually any source (multi-cloud, data center, on-prem) at petabyte scale. Unified Data Model enables search at sub-second speeds, and you can search raw unparsed logs. Twelve months of hot security telemetry data. With single Sign On (SSO), you can also pivot seamlessly from Resolution Intelligence Cloud to Chronicle for search and threat hunting.
Purpose-built for service providers and enterprises that manage multiple tenants, Resolution Intelligence Cloud Foundation provides highly scalable deployment, visibility, and management across multiple tenants secured with role-based access control (RBAC) and SSO.
GUI detection rule builder so you can create and edit YARA-L rules without code — a huge time saver for most people. Includes rules testing. Content Management System for managing rules and applying to all, some, or one tenant.
|Rule and parser packs||
Foundation comes with additional detection rules and parser packs to what Chronicle offers. Netenrich services can, optionally, create custom rules and parsers for you.
|Dashboards and reports||
Chronicle has default dashboards for analysis and reporting. Reporting is available by converting a dashboard to a shareable file (PDF, Excel, CSV, etc.). Dashboards are built on Looker (visualization layer) and BigQuery (data layer). With Foundation, you get additional dashboards and reports — modify those or create your own with our no-code, configurable dashboard builder built directly on BigQuery. It's faster and easier to use. Run reports on one, some, or all tenants.
|MITRE ATT&CK mapping||
Google Cloud Threat Intelligence (GCTI) provides and manages a set of YARA-L rules to help identify threats. Foundation maps alerts to the MITRE ATT&CK framework, providing context and making it easier to detect and respond. Foundation reveals gaps where you lack log coverage. At higher subscription levels, Resolution Intelligence Cloud shows patterns of related alerts mapped to MITRE ATT&CK to provide even more context.
Chronicle includes VirusTotal, and Chronicle customers who are Google Cloud Threat Intelligence (GCTI) customers get GCTI alerts. Netenrich Threat Intelligence adds third-party threat intelligence, vulnerability disclosures, reference lists of threat intelligence, and advisories.
|Content Management System||
Manage sets of rules for one or more instances. For example, group sets of rules that belong together, such as compliance rules, or even sets of rules specific to a type of compliance like PCI, HIPAA, and GDPR. Service providers can then create and manage rule packs for their customers who need them.
Resolution Intelligence Cloud Foundation
Resolution Intelligence Foundation, the entry-level subscription plan for Resolution Intelligence Cloud™, lays the foundation for using security data at petabyte scale. Netenrich provides implementation services, a customer success manager, and customer support for ongoing success. See details below.
Amp up functionality and effectiveness
Resolution Intelligence Foundation makes a powerful engine more powerful by adding functionality to improve success and effectiveness.
- Multi-level multitenancy
- Detection rule builder that simplifies YARA-L rule development
- Rule and parser packs plus a content management system
- Configurable dashboards and reports (built on Big Query)
- MITRE ATT&CK mapping, gap analysis
- Blazing fast setup: Read the case study and see the how-to videos.
Get more from your investment
Gain insights across all tenants
Use Foundation to leverage built-in dashboards or the no-code dashboard builder to create your own so you can spot trends across all, some, or any one of your end customers.
Create rule content packs
Foundation adds a content management system, so you can create content packs (sets of detection rules) for any or all tenants.
Reveal missing log coverage
Foundation reveals gaps in log coverage on a MITRE ATT&CK matrix. Choose known threats to overlay their tactics and techniques on the matrix to see where you're vulnerable.