Process massive amounts of data with built-in intelligence at a fixed cost.

Cloud-native. Clear signals. Effective response.

Chronicle is a cloud service, built as a specialized layer on top of core Google infrastructure, designed for enterprises to privately retain, analyze, and search the massive amounts of security and network telemetry they generate. Chronicle normalizes, indexes, correlates, and analyzes the data to provide instant analysis and context on risky activity.

Chronicle enables you to examine the aggregated security information for your enterprise going back for months, or longer. Use Chronicle to search across all of the domains accessed within your enterprise. You can narrow your search to any specific asset, domain, or IP address to determine if any compromise has taken place.



  • Raw Log Scan: Search your raw unparsed logs.
  • Regular Expressions: Search your raw unparsed logs using regular expressions.

Investigative Views

  • Enterprise Insights: Displays the domains and assets most in need of investigation.
  • Asset view: Investigate assets within your enterprise and whether or not they have interacted with suspicious domains.
  • IP Address view: Investigate specific IP addresses within your enterprise and what impact they have on your assets.
  • Hash view: Search for and investigate files based on their hash value.
  • Domain view: Investigate specific domains within your enterprise and what impact they have on your assets.
  • User view: Investigate users within your enterprise who may have been impacted by security events.
  • Procedural filtering: Fine-tune information about an asset, including by event type, log source, network connection status, and Top Level Domain (TLD).

Curated Information

  • Asset insight blocks: Highlights the domains and alerts that you might want to investigate further.
  • Prevalence graph: Shows the number of domains an asset has connected to over a specified time period.
  • Alerts from popular security products.

Detection Engine

  • Use the Chronicle Detection Engine to automate the process of searching across your data for security issues. 
  • Specify rules to search all of your incoming data and notify you when potential and known threats appear in your enterprise.

Integrations and Tools

  • VirusTotal integration: Launch VirusTotal Graph from Chronicle to further investigate an asset, domain, or IP address.
  • Chronicle extension for Chrome: Launch Chronicle from anywhere within the Chrome browser.

Learn how Chronicle stacks up against your current solution. Contact us for a free demo to show you why Daston is the most knowledgeable and experienced Google partner to help you design and implement the right solution for your organization.