Monitor insider risk of Google Workspace data with Chronicle

What’s changing

Admins can now more seamlessly integrate their Google Workspace data with Chronicle (Google’s cloud-native Security Operations platform), to quickly detect, investigate and take action on risky activity and threats. Admins can now leverage reduced time spent syncing data from Workspace to Chronicle, as well as Chronicle’s curated preconfigured out-of-the-box detections.

Who’s impacted


Why it matters

As an admin, you can already use the Alert Center to view notifications and take action on potentially issues within your domain. Now you can take this a step further by using Chronicle, leveraging its rich risk management capabilities and recommendations:
Chronicle can help detect and investigate potential threats at every level of sophistication by monitoring your data in real time. Data insights are available at your fingertips, with rich context and visualization alongside industry best recommendations, helping you make better decisions faster. Further, you can deploy Chronicle’s out-of-the-box use cases, helping to cut down on time spent building rules and playbooks. You can also build and automate repeatable playbooks with full-fledged security orchestration, automation and response capabilities (SOAR).

Getting started

Admins: Visit the Help Center to learn more about exporting logs to Chronicle to monitor insider risk. Please reach out to your sales representative for more information on pricing.End users: There is no end user impact or action required.

Rollout pace

This feature is available now.


Available to Google Workspace Enterprise Standard and Enterprise Plus customers