News, news analysis, and commentary on the latest trends in cybersecurity technology.

Google Cloud Connects Chronicle to Health ISAC Feed

Members of the Health-ISAC can ingest threat indicators directly into Chronicle to investigate whether the threat is present in their environment.

Dark Reading Staff, Dark Reading

February 10, 2023

1 Min Read
Four big gears held up against a cloudy sky.
Source: gerasimov174 via Adobe Stock Photo

In a bid to help healthcare organizations defend themselves from threats, Google Cloud announced it will be integrating the healthcare threat intelligence feed with its Chronicle platform.

Healthcare and life sciences organizations connect and share threat intelligence as part of the Health Information Sharing and Analysis Center (Health-ISAC). Members share threat indicators – forensic artifacts such as suspicious files, URLs, email addresses, network addresses, sampled traffic, and activity logs – through the Health-ISAC Indicator Threat Sharing (HITS) feed. The crowd-sourced approach allows other members to use the shared information to investigate whether the same threats are present in their environment and update defenses as needed.

HITS shares cyber threat intelligence through machine-to-machine automation. Google Cloud security engineers worked with Health-ISAC Threat Operations Center to develop an open sourced integration that connects HITS directly with the Chronicle Security Operations information and event management. This way, members can ingest the shared threat indicators into Chronicle and use that information to automate threat analysis decisions. There are setup instructions for STIX/TAXII feeds on GitHub.

"The integration with Chronicle can help Health-ISAC members discover threats more rapidly, and can also assist in evicting malicious actors from their infrastructure," Taylor Lehmann, director in the Office of the CISO, and Adam Licata, a product manager, said in the announcement.

The latest Chronicle integration is part of Google Cloud's investment as an Ambassador partner – a way for non-healthcare organizations to share experts (Google Cybersecurity Action Team) and resources (Threat Horizon Report) with the members of the ISAC.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights