Google SecOps v5.0.6

Retrieve Google SecOps detections, impacted assets, IOC matches, and 3P alerts to enrich your XSOAR workflows.

Author:
Google
Support:
partner
URL:
https://go.chronicle.security/contact
Default data source:
Google Chronicle Backstory Streaming API
agentixxsiam
Analytics & SIEM

Indicator fields (8)

  • Chronicle Isolated Hostname
  • Chronicle Isolated IP
  • Chronicle Potentially Blocked IP
  • ChronicleAsset Summary
  • ChronicleAssetHostname
  • ChronicleAssetIP
  • ChronicleAssetMAC
  • ChronicleAssetProductID

Indicator types (1)

  • reputation-ChronicleAsset

README

Quickly respond to security incidents by integrating Google SecOps with Palo Alto Networks Cortex XSOAR.

Google SecOps is a cloud service, built as a specialized layer on top of core Google infrastructure, designed for enterprises to privately retain, analyze, and search the massive amounts of security and network telemetry they generate. Google SecOps normalizes, indexes, correlates, and analyzes the data to provide instant analysis and context on risky activity.

Google SecOps instances, APIs and search parameters are all accessible directly within Cortex XSOAR for full automation of playbooks.

For more information, please visit https://chronicle.security/products/platform/