Enhanced rule observability: New metadata, visual indicators, and dashboards

Enhanced rule observability: New metadata, visual indicators, and dashboards

Google Security Operations has introduced updates to how detection and alert data is processed and visualized. These changes help Google SecOps teams distinguish between primary rule runs and rule replays, which provides clarity on detection delays and the impact of late-arriving enrichment data.

Key improvements

New metadata and third-party integration: Detections and alerts now emit specific metadata to help customers track timing and latency. This data is available for integration with third-party systems using the following fields:

Enhanced platform and visual indicators: