How does Prophet AI integrate with Google Security Operations for SIEM alert triage?

Prophet AI connects to Google Security Operations via a Google Cloud Service Account with Chronicle API permissions, enabling automated alert ingestion and contextual querying. Once configured with your Customer ID, GCP Project ID, Region, and Service Account key, Prophet AI pulls alerts into its platform for AI-driven investigation. Analysts set a configurable start time to control ingestion, preserving continuity with existing workflows and eliminating manual handoffs between the SIEM and investigation tooling.

What permissions does Prophet AI require on Chronicle API for SOC investigations?

Prophet AI uses scoped Chronicle API permissions tied to the role assigned to its Service Account. Core investigation and ingestion require chronicle.events.udmSearch for querying UDM events, chronicle.legacies.legacyFetchAlertsView for alert ingestion, chronicle.legacies.legacyFetchUdmSearchView for UDM search results, and chronicle.operations.streamSearch for threat hunting streams. For bidirectional sync, chronicle.legacies.legacyUpdateAlert is added via the API Editor role. API Viewer suffices for read-only investigation.

How does AI-assisted alert triage reduce analyst fatigue in high-volume SOCs?

AI-assisted triage handles routine investigation steps automatically, letting analysts focus on high-judgment decisions that require human expertise. Prophet AI autonomously queries the SIEM for supporting evidence, correlates UDM events, and enriches alerts with related activity in real time. The result is fewer alerts sitting unexamined in the queue and less repetitive work on low-fidelity signals, which directly addresses the burnout cycle driving SOC attrition.

How does Prophet AI support proactive threat hunting in Google Security Operations?

Prophet AI queries Chronicle directly during threat hunts, using streaming search and UDM event queries to look for indicators of compromise, lateral movement, and anomalous behaviors across the environment. Because it operates on top of Google Security Operations' petabyte-scale data ingestion and sub-second search, hunts cover the full depth of available telemetry. Analysts can pursue hypotheses without writing every query manually, shifting time from query construction to investigative reasoning.

What do I need to configure the Prophet AI and Google Security Operations integration?

Configuration requires four inputs from your Google Security Operations Console under Settings > SIEM Settings > Profile: Customer ID, GCP Project ID, Region, and a JSON key file from a Google Cloud Service Account. Assign the Service Account either the API Viewer role for ingestion and investigation queries, or API Editor if you want Prophet AI to sync results back to Chronicle. Setup is completed from the Integrations page in the Prophet AI dashboard.

Prophet AI Now Integrates with Google Security Operations

Q: What is bidirectional alert sync and why does it matter for SIEM workflows?

Bidirectional alert sync keeps Google Security Operations updated with Prophet AI's investigation findings, eliminating duplicate work across platforms. Teams choose the sync scope: full investigation results, or comments only, giving analysts precise control over what flows back to the SIEM. This matters for SOCs where detection engineers, responders, and managers rely on a single source of truth in Chronicle, preventing investigation context from being trapped in a separate tool.

We're excited to announce that Prophet AI is now an official integration partner with Google Security Operations, bringing Prophet AI’s investigation capabilities directly into one of the most powerful cloud-native SIEM platforms on the market.

This integration is listed on the Google Security Operations Partner-Hosted SIEM Integrations page, marking a significant step forward in how security teams can leverage Prophet AI to cut through alert noise and accelerate threat response.

What This Integration Does

Security teams running Google Security Operations can now connect Prophet AI to their environment to unlock the following capabilities:

Alert Ingestion: Prophet AI automatically ingests alerts generated by Google Security Operations into the Prophet AI platform. Analysts can configure a start time to control exactly when ingestion begins, ensuring full continuity with existing investigation workflows.

Contextual SIEM Querying: During investigations and threat hunts, Prophet AI queries Google Security Operations directly using the Chronicle API — pulling UDM event searches, alert details, and related events — enriching each investigation with the full depth of your SIEM data in real time.

Bidirectional Alert Sync: Prophet AI can optionally sync investigation results back to Google Security Operations, keeping your SIEM up to date with Prophet's findings. Teams can choose to sync full investigation results, or limit sync to comments only, giving analysts precise control over what flows back into Google Security Operations.

Why This Matters for Customers

Google Security Operations is trusted by enterprise security teams worldwide for its petabyte-scale data ingestion, sub-second search, and native Google Threat Intelligence. Prophet AI brings a layer of reasoning and automation on top of that data fabric, enabling analysts to:

Investigate more alerts in less time — AI-assisted triage means fewer alerts sit unexamined in the queue.
Hunt threats proactively — Prophet can autonomously query the SIEM for indicators of compromise, lateral movement, and anomalous behaviors across your environment.
Reduce analyst fatigue — By handling routine investigation steps automatically, Prophet lets your team focus on the high-judgment decisions that truly require human expertise.‍
Keep both platforms in sync — Optional result sync means Google Security Operations reflects Prophet's investigation progress, eliminating duplicate work.

How It Works

The integration is configured in Prophet AI using a Google Cloud Service Account with Chronicle API permissions. Here's what's required to connect:

What you'll need:

Your Google Security Operations Customer ID, GCP Project ID, and Region (found in Google Security Operations Console under Settings > SIEM Settings > Profile)
A Service Account created in the Google Cloud Console with one of the following roles:
- API Viewer — for alert ingestion and investigation queries only
- API Editor — if you also want to sync Prophet's investigation results back to Google Security Operations
A JSON key file generated from that service account

Permissions used by Prophet AI:

Permission

Purpose

Alert ingestion

chronicle.legacies.legacyFetchAlertsView

Ingest alerts from Google Security Operations

Investigation & threat hunting

chronicle.events.udmSearch

Query UDM events for investigation context

chronicle.legacies.legacyFetchUdmSearchView

Fetch UDM search results

chronicle.operations.streamSearch

Stream search results during threat hunts

Bidirectional sync

chronicle.legacies.legacyUpdateAlert

Optional Sync investigation results back to Google Security Operations

Once configured in the Prophet AI dashboard, the integration operates in two directions:

Inbound (Google Security Operations → Prophet AI): Alerts and detections are ingested into Prophet AI for AI-driven investigation. A configurable start time lets you define exactly when ingestion begins.‍
Outbound (Prophet AI → Google Security Operations): During active investigations, Prophet queries the API for supporting evidence — UDM events, alert details, and related activity. Optionally, investigation results and comments are synced back to Google Security Operations.

Getting Started

If you're a current customer of both Prophet AI and Google Security Operations, you can set up the integration directly from the Integrations page in your Prophet AI dashboard. Search for Google Security Operations, provide your Project ID, Customer ID, Region, and Service Account key, and you're ready to go.

Full step-by-step configuration instructions are available in the Prophet AI documentation.

Interested in learning more? Request a demo to see Prophet AI and Google Security Operations in action.

Definitive Guide to AI SOC Agents

This guide breaks down how AI SOC agents work and how to build an agile security operation around agentic AI

Download eBook

Download Ebook

Frequently Asked Questions

Product Updates

Text Link

Augusto Barros

AUTHOR

As Principal Product Manager at Prophet Security, Augusto applies his hands-on experience and critical thinking to help push forward the new capabilities of Prophet AI SOC platform