Quickly respond to security incidents by integrating Chronicle threat detection and investigation with ServiceNow Security Operations.
Chronicle, part of Google Cloud, is a security analytics platform for threat detection, investigation and hunting. With Chronicle, enterprises can ingest all their security telemetry at a fixed cost into a private cloud container and retain it for a full year. Chronicle enriches raw security events with correlated information on users, assets and threat indicators.
Using the Chronicle app, you can send security incidents to ServiceNow Security Operations to simplify incident response. When IOCs, alerts related to enterprise assets/users or malicious domains are detected, incidents are generated in Security Operations for immediate follow-up.
- Ability to create Security Incidents from Chronicle Alerts, IoC Matches, Detection Alerts and Curated Detection Alerts
- Automatically assign Security Incidents to ServiceNow groups based on the specified criteria
- Create filters to get fine grain control over deciding which alerts and matches are converted into Security Incidents
- Manage reference list
- Support for dynamic field mapping.
- New user experience for Incident Configuration
- Security Incident Response plugin is required