I would like to understand how the trio - SCC , Chronicle SIEM and Chronicle SOAR are connected. A-la-carte versions versus completed connected solution - Looking for a comparison.
SCC = Security Command Center
Page 1 / 1
You can also add Mandiant threat intelligence to the mix.
SCCE is now essentially fully connected with SCC and SecOps (SIEM+SOAR)
Findings from SCC will be ingested in SIEM and certain Critical Findings like Toxic Combinations will also be automatically sent to SOAR as well.
Within SIEM we have a bundle of Curated Detections for SCC data and Cloud Logs (not limited to GCP) which complements the Findings already created by SCC Detectors.
Within SOAR we have out of the box playbooks and integrations which can be used to work with SCC data and integrate them into your automation workflow.
With SCC Standard/Premium Tier you won't have the SIEM/SOAR component but you can define Continuous Exports to send Findings to a Pub/Sub topic destination and then send this data to your selected SIEM/SOAR tool.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.