Hello Cloud Security Champions,
Stay up-to-date on all the latest with SIEM and SOAR by reading our Google SecOps Customer Newsletter! Posted every other month, this is where you can see a summary of major product updates, resources, learning, training, community spotlights, best practices, and events.
SecOps Community Spotlight
This past month we launched some exciting new things, including the Chronicle users Tips and Tricks Book! You sent us your best Chronicle SOAR tips and tricks, we created a book out of it, and the result is pretty amazing!
Thanks to all of the amazing community members who shared their brilliant ideas with us!
SecOps Community Office Hours
As your familiarity with Chronicle continues to grow, we are seeing your desire to learn more. To give you an edge and help you learn, we have decided to offer SecOps community office hours!
So, how does it work?
1. A date and topic will be posted here.
2. You can register for the session and submit questions regarding the topics we will discuss by clicking the link in the post.
3. We will send you an invitation for a 30 minute session that will include a demonstration and time for questions.
4. We will share the recording of the session with you if you are not able to attend.
Can’t wait to see you there!
Chronicle SIEM Updates
New Chronicle Region
- We have launched a new Chronicle region in the UK (London)! For more information on data residency please see Chronicle’s service specific terms.
New UDM Search Capability
With this update, you’ll be able to:
- Drive faster threat understanding with an interactive event results timeline that streams results as they are processed to quickly begin threat analysis on up to 1M events.
- Use enhanced context and operationalize relevant data for threat analysis with one-click filter-to-query conversion and accelerated threat hunting through a rich event cache.
- Improve analyst experience with saved search and search history functions for quicker analyst knowledge recall.
Find all the details from this launch and what it means for you here.
Context-Aware Detection and Analytics Enhancements
Introducing Chronicle’s integration with Cloud DLP:
- You can now leverage this data to correlate your telemetry with DLP findings to appropriately prioritize security findings
Curated Detections Enhancements
- You can now use the Chronicle Detection Engine API–specifically, the StreamDetectionAlerts method–to continuously receive alerts that include alerts from Curated Detections.
To find a comprehensive list of recent Chronicle Release Notes/Changes, go here.
Chronicle SOAR Updates
New Data Retention process starting February 1st 2023
- Starting February 1st 2023, Chronicle SOAR will utilize an enhanced retention process for SaaS deployments.
- Retention process - a process that runs daily and deletes cases that have been closed longer than the retention period which is defined in the platform. For more information, please review Chronicle SOAR’s documentation.
Please note that for existing customers, the data retention period will be set to 5 years.
What does this mean for you?
- At the moment, the process won’t affect your existing data. Upon contract renewal, the default retention period will be 12 months. Longer periods will have extra pricing rates.
What if I need a shorter retention time than the contract period?
- You will be able to choose a shorter retention period from the platform. (The minimal retention period is 3 months).
GCP Migration Update
- We released a new capability to migrate on-prem customers to the GCP environment. For more information please contact your CSM.
Updated Mandiant Threat Intel Integration
- Now you can ingrain Mandiant’s unique threat intelligence, including enrichment of threat indicators, confidence ratings, and malware details, across the entire detection and response lifecycle.
Updated Learning Portal
- The Chronicle SOAR learning portal has been rebranded, including a new URL! To explore the updates check out https://learn.chronicle.security/.
Chronicle Security Operations Tips and Tricks
Managing information throughout an alert’s lifecycle can be challenging. There are many instances when we need to recall specific results from enrichment blocks in email templates or other often separated sections of a playbook. Context Values are the simple trick to keeping important information accessible throughout the lifecycle of an alert, case or even globally in Chronicle SOAR. They can take any name a user might need and even allow you to specify the scope of the context value so common names won’t overlap. Learning how to use context values to their full advantage will significantly increase your ability to get the most out of your playbooks.
Follow this link to read “How to Use Context Values”
SecOps Events, Trainings & Content
The Defender’s Advantage Virtual Series (Feb 14)
Explore the six critical functions of Cyber Defense, learn how to build and mature a robust Cyber Defense program, and discover best practices for effective threat detection and response.
January 2023 Threat Horizons Report
This report brings decision-makers strategic intelligence on threats to cloud enterprise users and the best original cloud-relevant research and security recommendations from throughout Google.
Securing Software Supply Chains Report
This is the first report in a new research series that breaks down the most complex, emerging security trends and examines how Google can help enterprises and governments address them.