Hello SecOps Community,

Stay up to date with everything going on in Chronicle SIEM and SOAR by reading the SecOps Customer Newsletter! Updated every other month, you can find a summary of major Product Updates, Learning and Training, Community Announcements, Best Practices, and Upcoming Events.

SecOps Community Spotlight

SecOps Office Hours 

We had 2 very exciting Office Hours in the Community this month where we covered these topics:

• How to use Approval links in Chronicle SOAR - featuring the newly added "Approval links" that allow people outside your SOC to respond using a link sent to them by the SOAR platform.
• What are reference lists in Chronicle SIEM and how to use them - the session helped SIEM users learn what are Reference Lists, what you can do with them, and when you should (and when shouldn't you) use them.

We will be scheduling additional office hours so stay tuned and access the Secops Community for more information.

SecPops Community Playlist

In the event of celebrating 6K SOAR & SIEM Users in the Community we decided to do something fun and have the community create a fun SecPops Playlist. If you haven’t had the chance, this is the time to listen to our SecOps Community's most beloved Pop songs. Enjoy!

Chronicle Security Operations Updates

New Data Retention process started February 1st, 2023

1. As a reminder, Chronicle SOAR began utilizing an enhanced retention process for SaaS deployments on February 1st 2023. Please note that for existing customers, the data retention period will be set to 5 years.
2. Right now, the process won’t affect your existing data. Upon contract renewal, the default retention period will be 12 months. Longer periods will have extra pricing.

Shared Search, Search Templates, and Reference Lists in Search

1. You can now extend product usability in the SOC and accelerate threat decision making with in-product collaboration and sharing
2. Have you ever wondered how do I start  a search? You can now leverage pre-built search templates to find common threats and anomalies.

Chronicle Network Geolocation Enrichment

1. You can now build a richer profile around a given IP. Your detection results will automatically be enriched with GeoIP data. Specifically, all routable IPs will be enriched with country, state or province, latitude/longitude coordinates, ASN (Autonomous System Number), Carrier Name, Organization Name, DNS Domain.

Near Real Time Data Processing for Detection & Investigation

1. You can now receive security alerts as soon as potential threats are detected and search & hunt at “Google-scale” and see fully enriched context within minutes. 
2. New infrastructure stream-processes data in real-time and fully enriches this data, making it available to you with incredible speed.

Q4 Feature Roundup

Throughout Q4 we released a host of new security operations features that will help you get to your goals even faster. To find a comprehensive list of our Q4 additions to Chronicle Security Operations, visit this blog.

To find a comprehensive list of recent Chronicle Release Notes/Changes, go here.

Chronicle Security Operations Tips and Tricks

Part of SecOps maturity is the adoption of version control for all important assets. Chronicle SOAR provides the GitSync Integration to achieve this goal. Using the integration it is possible to backup entire SOAR environments that include playbooks, ontology and associated settings. This ability is key for any SecOps team looking to be agile in disaster recovery, auditing and continuous improvement. The integration provides SOAR jobs that can be set to run at custom intervals with selected components backed up to the git repository of choice. The article “How to Use GitSync” provides full details!

SecOps Events, Trainings & Content

Google Cloud Security Talks 2023 (Mar 22)

Hear from experts and explore the latest threat intel, see what your peers had to say in a recent cloud security survey, and check out all the latest product innovations!

Prevent Account Takeover and Fraud (Mar 29)

Explore how you can leverage the depth of Google’s intelligence and ML models to secure your login and registration workflow, and move beyond the visual challenge.

2023 State of Cloud Threat Detection and Response Report (Free)

Learn how the move to cloud offers the opportunity to transform your security operations, along with best practices, actionable tips and key considerations for the future.

Threat Hunting with VirusTotal - Episode 2 (On-Demand)

Watch this step by step session focusing on the usage of Yara for hunts including rule-writing basics and hints to detect in-the-wild samples of infamous APTs.

Chronicle SIEM Fundamentals (Free)

Understand the product at a high level, and learn best practices. Register here.

Chronicle SOAR Fundamentals (Free)

Take this course on your own time. We cover an overview of the product, covering many different topics and best practices. Register here.

Siemplify Certified SOAR Analyst (Free)

This On Demand course has been developed to help Security Professionals optimize day-to-day tasks of the SOC through the use of SOAR capabilities. Register here.

Peer Reviews 

Receive a $25 Gift Card for Your Feedback!

There is nothing we love more than to see our customers thrilled with their decision to implement one of our security products. We would sincerely appreciate it if you took a few minutes to share your happy experiences with Chronicle SIEM and/or Chronicle SOAR on Gartner Peer Insights. In exchange for taking the time to share your feedback, Gartner will send you a $25 gift card of your choice.

• Click here to leave a review for Chronicle SIEM
• Click here to leave a review for Chronicle SOAR