Introduction
Google Chronicle SecOps is a cloud-based security analytics service, purpose-built to handle and analyze massive amounts of security and network telemetry data. Built on Google’s infrastructure, Chronicle privately retains, normalizes, indexes, and correlates this data, offering deep insights and immediate context on risky activities. With Chronicle, enterprises can retain and examine months or even years of aggregated security data, allowing teams to search across all accessed domains, as well as specific assets, IPs, or domains to investigate any potential compromise.
Resolution Intelligence Cloud™ is a data analytics platform for managing security and digital operations, leveraging the speed and scalability of Google Chronicle SecOps. It ingests data across all security and operations layers, detects incidents, ranks them by business risk, and correlates related information to provide proactive insights for rapid resolution.
This guide outlines all the options for integrating a Chronicle SecOps instance with Resolution Intelligence Cloud™, detailing both automatic and manual setup options.
Options to Set Up Chronicle SecOps Instances
When setting up a Chronicle SecOps instance in Resolution Intelligence Cloud™, customers have two integration paths depending on their subscription and preferences:
- Netenrich Embedded Chronicle Instances
- Bring Your Own Chronicle (BYOC)
Netenrich Embedded Chronicle Instances
With the Netenrich Embedded option, a Chronicle instance is automatically created in the background as integration is enabled. This setup allows organizations to immediately utilize Chronicle’s powerful security analytics capabilities without needing to configure a separate Chronicle instance.
- Automatic Setup: The system provisions a Chronicle instance and integrates it directly within Resolution Intelligence Cloud™.
- Managed Access: Netenrich manages and maintains the Chronicle instance, providing a seamless experience for data ingestion, analysis, and threat monitoring.
This option is ideal for customers seeking a fully managed Chronicle solution within their Resolution Intelligence Cloud™ subscription.
To set up the Netenrich Chronicle instance, refer to Enabling and creating Netenrich Chronicle instance article.
Bring Your Own Chronicle (BYOC)
The Bring Your Own Chronicle (BYOC) option enables customers to use their own existing Chronicle instance, integrating it manually with Resolution Intelligence Cloud™ by providing the required keys. This option provides more flexibility, as it allows organizations to leverage their Chronicle infrastructure while connecting it to Resolution Intelligence Cloud™ for enriched data analysis and incident management.
Steps for BYOC Integration
For customers choosing to link their own Chronicle instance:
- Acquire Chronicle Credentials: Obtain the following credentials from your Chronicle instance:
- Instance ID
- Customer Code
- Backstory Key
- Ingestion Key
- Configure the Instance: Follow the steps to manually link the instance with Resolution Intelligence Cloud™. Refer to Linking Your Chronicle SecOps Instance to Resolution Intelligence Cloud for detailed instructions.
Note: The options will be automatically selected based on the customer’s subscription, providing either the Netenrich Embedded or BYOC setup.
If you are operating within a multi-tenancy hierarchy, instead of manually configuring and setting up Chronicle instances at each tenant level, you can upload MSSP license credentials at the parent level to automatically inherit and create Chronicle instances for all tenants under the parent. However, each tenant can also obtain its own license to set up a Chronicle instance if it prefers not to inherit from the parent. To learn more about configuring Chronicle instances for MSSPs in a multi-tenant hierarchy, refer to Configuring Chronicle Instance for MSSPs in a Multi-Tenant Hierarchy article.
Conclusion
Setting up Chronicle SecOps with Resolution Intelligence Cloud™ can be done effortlessly through either an embedded or bring-your-own-instance approach. The choice depends on your preference for a fully managed solution (Netenrich Embedded) or a custom setup leveraging your existing Chronicle instance (BYOC).
For more information on each configuration type, refer to the relevant setup guide and reach out to support if additional assistance is needed.
Comments
0 comments
Please sign in to leave a comment.