Deployment for Google Chronicle

Google Chronicle can ingest the following security telemetries

• Network logs
• Server Logs
• SaaS application
• IaaS logs for AWS, GCP or Azure

In case an organization is looking for ingesting security or compliance related audit log data into Google Chronicle we can use Ingestion API to ingest custom logs. The ingestion api can be used to forward the raw logs or structured logs that adhere to Chronicle normalized log formats. The ingestion api are REST API with JSON payloads with keys to authenticate the call.

For ingesting network logs we need lightweight software component named Forwarded on the client's network. The Forwarder supports syslog, packet captures an existing log management tool. The Forwarded can be deployed on a Windows or Linux machine.

Chronicle has out of box integration with various 3rd parties cloud service providers to ingest their logs directly into Chronicle such as Azure, Office 365, AWS and GCP.

Chronicle also supports ingestion logs from EDR data, network traffic captures (such as those from Zeek and other capture tools) can be collected and retained - at no extra cost to a client beyond the initial investment.

For Windows Server we need to install NxLog and SysMon to forward the logs to Forwarder.

SysTools is a MSSP leveraging Google Chronicle platform to provides Managed SOC services to its customers. Please visit www.systoolsms.com