Quickly respond to incidents by integrating Chronicle threat detection and investigation with the security orchestration engine.
Chronicle, part of Google Cloud, is a security analytics platform for threat detection, investigation and hunting. With Chronicle, enterprises can ingest all their security telemetry at a fixed cost into a private cloud container and retain it for a full year. Chronicle enriches raw security events with correlated information on users, assets and threat indicators.
Using the Chronicle app, you can send incidents to ServiceNow ITSM to simplify incident response. When IOC alerts related to enterprise assets or malicious domains are detected, incidents are generated in ITSM for immediate follow-up. The Chronicle integration also provides enrichment details and seamless detailed lookup directly from the ITSM interface.
- Ability to create Incidents from Chronicle Alerts, IoC Matches, Detection Alerts and Curated Detection Alerts
- Automatically assign Incidents to ServiceNow groups based on the specified criteria
- Create filters to get fine grain control over deciding which alerts and matches are converted into Incidents
- Manage reference list