27 updates from Google Cloud.
Chrome Enterprise Premium Integration general availability The Chrome Enterprise Premium integration is now GA. This release includes the following new features and updates: • New <a…
Multi-stage queries in YARA-L The Multi-stage queries feature is now GA. This feature lets you feed the output of one query stage into the input of another, providing more granular data…
Credential validation for third-party API connectors Credential validation is now available for all 49 third-party API connectors. When you create a feed using a third-party API connector, Google…
New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…
View Triage and Investigation Agent (TIN) results in the Case Summary This feature is currently in Preview and is part of a gradual rollout. You can now view TIN results and verdict summaries…
Agentic Automation This feature is in Public Preview. You can now use Agentic Automation to embed AI Agents directly into your workflows. This feature lets you integrate AI-driven capabilities into…
Bindplane features for Google SecOps general availability The following <a href="https://docs.cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent">Bindplane</a> features that relate to…
Manage parser versions The <a href="https://docs.cloud.google.com/chronicle/docs/secops/release-notes#October_07_2025">Manage parser versions</a> feature is in Public Preview for all customers.
Set up and manage data processing pipelines This feature is currently in Preview. You can now use the Data Processing pipelines to filter, transform, and redact Google SecOps data before ingestion.…
Google Agentic SOC Trial There will be a no-cost trial for the Google SecOps Triage Investigative Agent (TIN) from April 1, 2026 to June 30, 2026. TIN is an agentic AI feature for Google SecOps…
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region. For more…
Manage parser versions The <a href="https://docs.cloud.google.com/chronicle/docs/secops/release-notes#October_07_2025">Manage parser versions</a> feature is now in General Availability. For more…
New Unified rules interface This feature is currently in Preview. Google Secops has launched a unified rules interface that brings custom and curated rule management into a single, cohesive…
Added support for Google Cloud VPC Service Controls This feature is currently in Preview. <a href="https://docs.cloud.google.com/chronicle/docs/secops/vpcsc-for-secops">VPC Service Controls</a>…
New: cross joins in multi-stage queries You can now use cross joins in YARA-L 2.0 multi-stage queries let you compare individual UDM event data against aggregated statistics calculated in previous…
RBAC for ingestion metrics Administrators can now use RBAC for ingestion metrics to restrict visibility of system health data, such as ingestion volume, errors, and throughput, based on a user's…
New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…
New capabilities in Feeds page The following options have been added to the Feeds page: • Search • Filtering (using feed attributes) • Pagination • Last Refreshed Time • Feed Metadata Export to CSV
Control of MCP use with organization policies is deprecated. After March 17, 2026, organization policies that use the gcp.managed.allowedMCPServices constraint won't work, and you can control MCP use…
Advanced Joins in Search Google SecOps now supports expanded capabilities for correlating data across multiple sources. These join operations are also supported in multistage queries. Joins without…
Enhanced rule observability: New metadata, visual indicators, and dashboards Google Security Operations has introduced updates to how detection and alert data is processed and visualized. These…