Google Security Operations documentation
Google Security Operations is a cloud service, built as a specialized layer on top of core Google
infrastructure that enables security teams to store and analyze their security data in one place
and to detect, investigate, and respond to threats.
Start your proof of concept with $300 in free credit
-
Get access to Gemini 2.0 Flash Thinking
-
Free monthly usage of popular products, including AI APIs and BigQuery
-
No automatic charges, no commitment
Keep exploring with 20+ always-free products
Access 20+ free products for common use cases, including AI APIs, VMs, data warehouses,
and more.
Google Security Operations guides
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-29 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eGoogle Security Operations is a cloud service that allows security teams to centralize the storage and analysis of their security data.\u003c/p\u003e\n"],["\u003cp\u003eThe service helps security teams with threat detection, investigation, and response.\u003c/p\u003e\n"],["\u003cp\u003eComprehensive documentation, including guides for searching events, working with cases, alerts, and playbooks, is available.\u003c/p\u003e\n"],["\u003cp\u003eVarious API references, such as Search, Detection Engine, Ingestion, and SOAR, are provided for Google Security Operations.\u003c/p\u003e\n"],["\u003cp\u003eAdditional resources include release notes, sample rules on GitHub, a community forum, and information on the Technology Partner program.\u003c/p\u003e\n"]]],[],null,["# Google Security Operations documentation\n========================================\n\n[Read product documentation](/chronicle/docs/secops/secops-overview)\nGoogle Security Operations is a cloud service, built as a specialized layer on top of core Google\ninfrastructure that enables security teams to store and analyze their security data in one place\nand to detect, investigate, and respond to threats.\n[Get started for free](https://console.cloud.google.com/freetrial) \n\n#### Start your proof of concept with $300 in free credit\n\n- Get access to Gemini 2.0 Flash Thinking\n- Free monthly usage of popular products, including AI APIs and BigQuery\n- No automatic charges, no commitment \n[View free product offers](/free/docs/free-cloud-features#free-tier) \n\n#### Keep exploring with 20+ always-free products\n\n\nAccess 20+ free products for common use cases, including AI APIs, VMs, data warehouses,\nand more.\n\nDocumentation resources\n-----------------------\n\nFind quickstarts and guides, review key references, and get help with common issues. \ninfo\n\n### Google Security Operations guides\n\n-\n\n [Google Security Operations overview](/chronicle/docs/secops/secops-overview)\n\n-\n\n [Searching events using Google Security Operations](/chronicle/docs/investigation/udm-search)\n\n-\n\n [Working with cases](/chronicle/docs/soar/investigate/working-with-cases/cases-overview)\n\n-\n\n [Working with alerts](/chronicle/docs/soar/investigate/working-with-alerts/whats-on-the-alert-overview-tab)\n\n-\n\n [Working with playbooks](/chronicle/docs/soar/respond/working-with-playbooks/whats-on-the-playbooks-screen)\n\n-\n\n [Google Threat Intelligence](https://gtidocs.virustotal.com)\n\nfind_in_page\n\n### Reference\n\n-\n\n [Google SecOps Search API](/chronicle/docs/reference/search-api)\n\n-\n\n [Google SecOps Detection Engine API](/chronicle/docs/reference/detection-engine-api)\n\n-\n\n [Google SecOps Ingestion API](/chronicle/docs/reference/ingestion-api)\n\n-\n\n [Google SecOps SOAR API](/chronicle/docs/soar/reference/working-with-chronicle-soar-apis)\n\n-\n\n [Google SecOps response Integrations](/chronicle/docs/soar/marketplace-integrations)\n\ninfo\n\n### Resources\n\n-\n\n [Release notes](/chronicle/docs/secops/release-notes)\n\n-\n\n [GitHub: sample Detection Engine rules](https://github.com/chronicle/detection-rules)\n\n-\n\n [GitHub: Python samples for Google SecOps APIs.](https://github.com/chronicle/api-samples-python)\n\n-\n\n [Google SecOps Community](https://www.googlecloudcommunity.com/gc/Google-Cloud-Security/ct-p/googlecloud-security?utm_source=cloud_sfdc&utm_medium=email &utm_campaign=dcs_cloudsecurity_product_documentation_secops_resources_page&utm_content=gcs_community&utm_term=-)\n\n-\n\n [Google SecOps Support](/chronicle/docs/getting-support)\n\n-\n\n [Become a Google SecOps Technology Partner](/chronicle/docs/technology-partner-program)"]]
