Google Chronicle Course Content

Our Google Chronicle training content is designed to cover end-to-end aspects of this software and equips you with the skills required to work on real-world projects. This training content can be fully customizable per the client's requirements and delivered by expert trainers.

Topics:

  • What is SIEM? Evolution and challenges.
  • What is SOAR? Benefits and use cases.
  • The convergence of SIEM and SOAR.

Topics:

  • Chronicle's unique architecture
  • Key components: Ingestion, UDM, Detection Engine, Context Graph, SOAR.
  • Value proposition: Speed, scale, context.

Topics:

  • Why UDM? Normalization, correlation, and search efficiency.
  • Key UDM event types and fields.
  • Mapping raw logs to UDM.

Topics:

  • Overview of the dashboard, search bar, and various views.
  • Basic search syntax and filters.

Topics:

  • Supported data sources in Chronicle.
  • Overview of various ingestion methods: Google Cloud Storage, Pub/Sub, Chronicle
  • Forwarder, API integrations.

Topics:

  • What is SIEM? Evolution and challenges.
  • What is SOAR? Benefits and use cases.
  • The convergence of SIEM and SOAR.

Topics:

  • Chronicle's unique architecture
  • Key components: Ingestion, UDM, Detection Engine, Context Graph, SOAR.
  • Value proposition: Speed, scale, context.

Topics:

  • Why UDM? Normalization, correlation, and search efficiency.
  • Key UDM event types and fields.
  • Mapping raw logs to UDM.

Topics:

  • Overview of the dashboard, search bar, and various views.
  • Basic search syntax and filters.

Topics:

  • Supported data sources in Chronicle.
  • Overview of various ingestion methods: Google Cloud Storage, Pub/Sub, Chronicle
  • Forwarder, API integrations.

  • The Chronicle Forwarder: Role as a lightweight agent for on-premises data collection.
  • Step-by-step guide to setting up new data sources using the Chronicle Forwarder.
  • Understanding various collector types: Syslog, File, Windows Event Forwarding (WEF),
  • Packet Capture (PCAP).
  • Configuring the Chronicle Forwarder to ingest logs.
  • Ensuring proper UDM mapping for events and logs

  • Ingesting Google Cloud Platform (GCP) logs (e.g., Audit Logs, VPC Flow Logs) via Pub/Sub

  • Understanding parser types and their role in transforming raw logs to UDM.
  • Monitoring ingestion health and identifying parsing errors.
  • Troubleshooting common ingestion issues (e.g., malformed logs, incorrect parser selection).

  • Reviewing UDM mapping for ingested data.
  • Introduction to enrichment data sources.

  • What are Endpoint Agents? Role in collecting high-fidelity endpoint telemetry.
  • Mandiant Agent / Google Cloud Endpoint Agent/ Blueconic: Overview of its
  • Capabilities (process execution, network connections, file modifications, registry).
  • Deployment and Management Considerations for Endpoint Agents.
  • Value proposition for EDR-like visibility and advanced threat hunting within Chronicle.

  • Overview of Chronicle Licensing: How ingestion volume and specific features impact
  • Licensing.
  • Single-Tenant Architecture Licensing:
  • Typically based on the total daily ingestion volume (e.g., GB/day).
  • Dedicated Chronicle instance for the organization.
  • Predictable costs based on anticipated data growth.
  • Multi-Tenant Architecture Licensing (e.g., MSSP Model):
  • Chronicle can be deployed by Managed Security Service Providers (MSSPs)
  • Considerations for data segregation, role-based access control (RBAC) across multiple clients, and reporting.
  • Benefits for MSSPs: centralized platform, economies of scale.
  • Key Licensing Considerations

  • Leveraging UDM fields for precise searches.
  • Using Boolean operators (AND, OR, NOT), wildcards (*), and regular expressions (re:) in search.
  • Time range filters and their importance.
  • Grouping and aggregating search results using group by

  • Deep dive into event details: raw logs vs. UDM view.
  • Understanding asset views: historical activity, associated events, and relationships.
  • User views and their role in investigations.

  • Detailed exploration of key UDM event types and their common fields (e.g.,network. direction, process.file.md5, principal.user.userid).
  • Understanding the hierarchy and relationships within UDM.

  • Visualizing relationships between entities (assets, users, domains, IPs, hashes).
  • Navigating the Context Graph for lateral movement and attack path analysis.
  • Utilizing the event timeline for chronological investigation and event correlation.

  • Understanding alert severity and priority.
  • Manual and automated case creation from detections.
  • Integrating with external ticketing systems (conceptual).

  • Using Chronicle's built-in and custom case management features.
  • Adding notes, evidence, and assigning tasks within a case.
  • Collaborative investigation workflows.

  • Deep dive into YARA-L structure: rule, meta, strings, events, outcome.
  • Understanding event variables and event aggregations.
  • Using functions and operators in YARA-L (e.g., count_distinct, array_length, contains).

  • Mapping MITRE ATT&CK techniques to YARA-L detection logic.
  • Crafting rules for common attack patterns (e.g., brute force, data exfiltration, malware execution).

  • Using the YARA-L rule testing environment.
  • Interpreting test results and debugging rules.
  • Strategies for effective rule validation.

  • Leveraging reference lists for dynamic rule conditions.
  • Using match and events sections for complex correlation.
  • Implementing multi-stage detections.

  • Managing rule versions and deployments (draft, active, disabled).
  • Tuning rules to reduce false positives and improve efficacy.
  • Understanding rule suppression and exclusion

  • Overview of Google's curated detection sets.
  • Extending and customizing curated detections.
  • Best practices for naming conventions, documentation, and rule ownership.

  • Overview of Mandiant Threat Intelligence and its capabilities.
  • Introduction to VirusTotal and its role in threat analysis.

  • How Mandiant Threat Intelligence feeds into Chronicle.
  • Using VirusTotal integrations for enrichment and context

  • Creating YARA-L rules based on Mandiant indicators and behaviors.
  • Using VirusTotal data within investigations to assess file/URL reputation.
  • Proactive threat hunting using TI.

  • Creating and managing reference lists for dynamic rule conditions and enrichment.
  • Use cases for IP blacklists, user whitelists, known good hashes.

  • Building custom dashboards for security posture, threat trends, and operational metrics.
  • Creating scheduled reports for compliance and management.
  • Leveraging Chronicle's built-in reporting capabilities.

  • Managing users and roles within Chronicle.
  • Implementing least privilege principles.
  • Integrating with identity providers (e.g., Google Workspace, Azure AD).

  • What is Security Orchestration, Automation, and Response?
  • Key SOAR capabilities: Orchestration, Automation, Case Management, Playbooks.
  • Benefits: Reduced MTTR, improved analyst efficiency, consistent response

  • The role of SOAR within the Chronicle platform.
  • Case management interface and features.
  • Understanding the playbook engine and its components

  • Introduction to playbook design principles.
  • Triggers, conditions, and actions.
  • Types of playbook actions: enrichment, containment, notification

  • Overview of out-of-the-box connectors for various security tools (EDR, Firewall, Threat Intel, Ticketing).
  • Understanding the purpose of each connector

  • Navigating the visual playbook editor.
  • Adding steps, conditions, and loops.
  • Using variables and expressions within playbooks.

  • Alert Enrichment: Automating data collection from threat intelligence, asset management, and identity systems.
  • Phishing Response: Automating email analysis, user notification, and email quarantine.
  • Malware Containment: Automating endpoint isolation and file quarantine.
  • User Account Compromise: Automating password resets and account disabling.

  • Implementing complex conditional logic and branching.
  • Error handling and retry mechanisms in playbooks.
  • Sub-playbooks and modular playbook design.

  • Leveraging Chronicle's API for custom integrations and data export.
  • Integrating SOAR with external systems (e.g., CMDB, vulnerability scanners, ITSM).
  • Using webhooks for triggering playbooks from external sources.

  • Proactive threat hunting methodologies using Chronicle's capabilities.
  • Developing repeatable threat hunting queries and playbooks.

  • Strategies for phased deployment.
  • Performance tuning and cost optimization.
  • Data retention policies and compliance.

Looking for a detailed curriculum? Enquire now!

Get the full course details to your inbox!

LIVE SESSIONS


  • Real-time Trainers
  • Live interactive Sessions
  • Cloud Labs

CORPORATE TRAINING


  • Customized Training Solutions
  • Blended Delivery Model
  • Project Implementation Support

SELF-PACED LEARNING


  • High-Quality Videos
  • Access to Materials
  • Permanent Access

Google Chronicle Course Objectives

  • Fundamentals of Cloud Security
  • Chronicle SIEM Fundamentals
  • Chronicle SOAR Fundamentals
  • Chronicle to Parse Data
  • Building Rules
  • Incident Response
  • Playbook Development
  • Third-Party Application Integration
  • Hands-on Projects

Having data analytics knowledge would be an added advantage for the candidates and reaming all the concepts that can be covered during the program.

  • Software Developers 
  • System Administrators
  • Database Experts
  • Search Analysts
  • Administrators

We have ten years of experience delivering corporate training on various technologies and have helped our clients upskill their workforce on the latest technologies and tools. We also had the privilege of providing corporate training on Google Chronicle to our clients across countries like the USA, the UK, Canada, Australia, India, etc.

We offer fully customized Google Chronicle Training based on our client's unique project requirements. We ensure our client's end goal is met without compromising quality. Enquire now to know more about our corporate training program.

Google Chronicle is a leading SIEM platform that enables organizations to strengthen their security posture by detecting threats in the organizational network. 

Google Chronicle is equipped with advanced AI and machine learning capabilities to detect security loopholes. It analyzes vast amounts of data from IoT devices, network traffic, logs, etc., and finds security threats.

Google Chronicle has an extended feature: data storage capacity for long periods. This feature enables organizations to conduct security investigations against large volumes of historical data.

Google Chronicle is being used by organizations to strengthen their security posture and prevent organizational critical assets from security attacks. It gives security teams clear visibility of security loopholes and suggests measures to fight against cyber threats.

Learning Google Chronicle is far easier if you are already familiar with or have experience with Cybersecurity concepts. Techsolidity offers simplified and practical training to help you master SIEM concepts from the roots. Extensive labs, detailed materials, and engaging video sessions would help you simplify your learning journey.

Google Chronicle was renamed as Google Security Operations (SecOps) in 2024. It is a Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) product. Google SecOps is a cloud-based threat detection platform that enables developers to investigate security threats through real-time data analysis.

Google SecOps is one of the advanced SIEM and SOAR solutions available in the market now. Companies are rapidly adopting Google SecOps to analyze real-time data from across environments to detect and respond to threats before they get worse. 

Google SecOps offers a rich set of features for SIEM and SOAR:

  • Advanced Threat Detection
  • Natural Language to detect threats
  • Custom detection authoring
  • Data pipeline management
  • Threat-centric case management
  • Advanced search capabilities
  • Respond with speed and precision

Google Chronicle Certification

This Google Chronicle training course offers the knowledge to clear official Google Chronicle certifications. Along with training, the participants will receive certification dumps & guidance. Also, participants are offered a course completion certificate.

techsolidity-certification

Google Chronicle Projects

Our Google Chronicle training is more of a practical-oriented program, and from day one, you will be working on assignments & get a chance to explore each component. By the end of this Google Chronicle certification course, you will gain complete knowledge to work on enterprise-grade projects.

Google Chronicle Training Reviews

Google Chronicle FAQ's

Yes, Techsolidty offers you two types of Discounts: one is group discount and the other is referral discount.
Yes, In order to provide you the financial flexibility, we provide you the chance to pay the course fee in two installments.
Due to any reasons, you would like to cancel your registration after paying the fee, you should intimate the same to us within the first two classes. The refund amount will be processed within 30 days from the requested date.
To meet the customer expectations we provide multiple types of training which include, Live instructor-led training, Self-paced training, blended training, classroom training, corporate training, etc.
Yes, at Techsolidity all the training courses consist of a minimum of two projects to offer the candidates real-time work understanding!