Below you'll find a table of contents for the Utilize Chronicle Marketplace journey.
Feeling overwhelmed by siloed security tools and manual threat response processes? You're not alone. The Google Chronicle SOAR Marketplace offers a solution to your overwhelm. Imagine a central hub where you can access a wealth of pre-built integrations, community-developed playbooks, and powerful analytics - all designed to streamline your Security Operations Center (SOC) workflows and supercharge your incident response. Stop reinventing the wheel and tap into the collective expertise of the security community. The Marketplace empowers you to seamlessly connect SecOps SOAR with leading security tools, automate repetitive tasks with pre-built playbooks, and gain invaluable insights from comprehensive dashboards. This collaborative environment fosters innovation, saves valuable time, and allows your SOC team to focus on what matters most - effectively combating cyber threats.
The Marketplace allows you to install company integrations, integrations published by the community, as well as custom integrations you have built in the IDE. The Marketplace also contains a repository for predefined Use Cases, Power Ups that enhance Playbook capabilities, and Analytics that provide valuable insights.
See the Relevant Links section for more documentation regarding the prerequisites.
In the Chronicle UI, click on the Marketplace icon in the top right, then click on Integrations.
Search through the Integrations and click the down arrow icon to install the integration.
Once the integration is installed, navigate to the main section that integration targets.
For instance, you may need to navigate to SOAR Settings > Connectors if the integration is a connector.
Click the Gear icon next to the integration you need to configure.
Chronicle Marketplace is home to many useful things, including Use Cases. Use Cases are a great way to utilize pre-built Chronicle SOAR integrations, playbooks, etc. - all provided by the community, without you needing to understand the backend data modeling and filtering.
See the Relevant Links section for more documentation regarding the prerequisites.
Define the Use-case | Docs
Write a description of the security threat you are solving with the use case.
Define what kind of alert will be handled and what is the detection product that generates it.
Draw an incident response, orchestration, or automation process, to handle this alert. | Docs
Prepare Use Case Alerts | Docs
Create a custom Alert / Event according to a real data case.
Generate sample security alerts / events from a detection tool to simulate the use case.
Go to Cases > click “+” Plus > Simulate Cases.
Extract Entities (Map & Model the data) | Docs
Run the Zero to Hero test case.
In the Cases tab, click to open the Mail case, select Events tab.
Click on the Gear icon on the right of the Alert to open the Event Configuration screen.
On the top left corner, click on the word Mail in the hierarchy.
Assign the Visual Family that most represents the data.
Switch to Mapping and map the Entity Fields.
Build a Playbook. | Docs
Write a Guide. | Docs
Publish the Use Case. | Docs
Power Ups are tools included in the Chronicle Marketplace that enhance your ability to automate processes for more efficient playbooks.
See the Relevant Links section for more documentation regarding the prerequisites.
Power-ups do not need anyu special configuration as they are in-house Chronicle actions.
New power-ups will be pushed to the Chronicle Marketplace all the time.
Click on the Read More in each power up to see what they contain.