46 updates from Google Cloud.
The legacy Data Export API is <a href="https://docs.cloud.google.com/chronicle/docs/deprecations">deprecated</a> in favor of the <a…
The updateDataExport endpoint in the enhanced Data Export API is <a href="https://docs.cloud.google.com/chronicle/docs/deprecations">deprecated</a>. The reduction in job queue times using the <a…
The <a href="https://docs.cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.dataExports/fetchavailablelogtypes">fetchavailablelogtypes</a> API endpoint is <a…
New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…
Google SecOps has updated the list of <a href="https://docs.cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers">supported default parsers</a>. Parsers are updated…
Enhanced "Time to respond" options for multi-choice questions Google SecOps now provides more granular control over playbook execution when the "time to respond" for a MultiChoiceQuestion step is…
VPC Service Controls for Google SecOps general availability VPC Service Controls is now GA. This feature helps to create perimeters and protect resources and services data from accidental or…
New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…
Unified and upgraded Chronicle API <a href="https://docs.cloud.google.com/chronicle/docs/reference/rest?rep_location=africa-south1">Chronicle API</a> has been unified with API resources from <a…
Emerging Threats Center general availability The Emerging Threats Center is now in General Availability (GA) and includes the following new features and enhancements: • Expanded campaign filtering:…
Search query editor enhancements Google SecOps has enhanced the search query editor to provide intelligent auto-suggestions and improved error handling. • Auto-suggestions: The query editor now…
Health Hub This feature is currently in Preview. The Health Hub is the central location in Google Security Operations for you to monitor the status and health of all configured data sources. The…
v1 Cloud Storage Feed Types (GCS, S3, SQS, Azure) The v1 feed types for GOOGLE_CLOUD_STORAGE, AMAZON_S3, AMAZON_SQS, and AZURE_BLOBSTORE are deprecated and will be discontinued on March 15, 2027.…
Updates to search query limits and error messaging Google SecOps has updated search query limits for programmatic and web interface access: • Increased Queries Per Hour (QPH) limits of up to 2,000…
Playbook Condition and Multi-Choice Question Flows The maximum number of branches supported in Playbook Conditions and Multiple Choice Questions has been increased from 6 to 20. This allows for more…
Google SecOps has updated the list of <a href="https://docs.cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers">supported default parsers</a>. Parsers are updated…
Chrome Enterprise Premium Integration general availability The Chrome Enterprise Premium integration is now GA. This release includes the following new features and updates: • New <a…
Multi-stage queries in YARA-L The Multi-stage queries feature is now GA. This feature lets you feed the output of one query stage into the input of another, providing more granular data…
Credential validation for third-party API connectors Credential validation is now available for all 49 third-party API connectors. When you create a feed using a third-party API connector, Google…
New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…
View Triage and Investigation Agent (TIN) results in the Case Summary This feature is currently in Preview and is part of a gradual rollout. You can now view TIN results and verdict summaries…
Agentic Automation This feature is in Public Preview. You can now use Agentic Automation to embed AI Agents directly into your workflows. This feature lets you integrate AI-driven capabilities into…
Bindplane features for Google SecOps general availability The following <a href="https://docs.cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent">Bindplane</a> features that relate to…
Manage parser versions The <a href="https://docs.cloud.google.com/chronicle/docs/secops/release-notes#October_07_2025">Manage parser versions</a> feature is in Public Preview for all customers.
Set up and manage data processing pipelines This feature is currently in Preview. You can now use the Data Processing pipelines to filter, transform, and redact Google SecOps data before ingestion.…
Google Agentic SOC Trial There will be a no-cost trial for the Google SecOps Triage Investigative Agent (TIN) from April 1, 2026 to June 30, 2026. TIN is an agentic AI feature for Google SecOps…
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region. For more…
Manage parser versions The <a href="https://docs.cloud.google.com/chronicle/docs/secops/release-notes#October_07_2025">Manage parser versions</a> feature is now in General Availability. For more…
New Unified rules interface This feature is currently in Preview. Google Secops has launched a unified rules interface that brings custom and curated rule management into a single, cohesive…
Added support for Google Cloud VPC Service Controls This feature is currently in Preview. <a href="https://docs.cloud.google.com/chronicle/docs/secops/vpcsc-for-secops">VPC Service Controls</a>…
New: cross joins in multi-stage queries You can now use cross joins in YARA-L 2.0 multi-stage queries let you compare individual UDM event data against aggregated statistics calculated in previous…
RBAC for ingestion metrics Administrators can now use RBAC for ingestion metrics to restrict visibility of system health data, such as ingestion volume, errors, and throughput, based on a user's…
New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…
New capabilities in Feeds page The following options have been added to the Feeds page: • Search • Filtering (using feed attributes) • Pagination • Last Refreshed Time • Feed Metadata Export to CSV
Control of MCP use with organization policies is deprecated. After March 17, 2026, organization policies that use the gcp.managed.allowedMCPServices constraint won't work, and you can control MCP use…
Advanced Joins in Search Google SecOps now supports expanded capabilities for correlating data across multiple sources. These join operations are also supported in multistage queries. Joins without…
Enhanced rule observability: New metadata, visual indicators, and dashboards Google Security Operations has introduced updates to how detection and alert data is processed and visualized. These…