Google SecOps SIEM

Multi-stage queries in YARA-L The Multi-stage queries feature is now GA. This feature lets you feed the output of one query stage into the input of another, providing more granular data…

Credential validation for third-party API connectors Credential validation is now available for all 49 third-party API connectors. When you create a feed using a third-party API connector, Google…

New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…

Bindplane features for Google SecOps general availability The following <a href="https://docs.cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent">Bindplane</a> features that relate to…

Manage parser versions The <a href="https://docs.cloud.google.com/chronicle/docs/release-notes#October_07_2025">Manage parser versions</a> feature is in Public Preview for all customers.

Set up and manage data processing pipelines This feature is currently in Preview. You can now use the Data Processing pipelines to filter, transform, and redact Google SecOps data before ingestion.…

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region. For more…

Manage parser versions The <a href="https://docs.cloud.google.com/chronicle/docs/release-notes#October_07_2025">Manage parser versions</a> feature is now in General Availability. For more…

New Unified rules interface This feature is currently in Preview. Google SecOps has launched a unified rules interface that brings custom and curated rule management into a single, cohesive…

Release 6.3.78 is being rolled out to the first phase of regions as listed <a href="https://docs.cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-gradual-release">here</a>. This…

<a href="https://docs.cloud.google.com/chronicle/docs/soar/release-notes#February_22_2026">Release 6.3.77</a> is now available for all regions.

Added support for Google Cloud VPC Service Controls This feature is currently in Preview. <a href="https://docs.cloud.google.com/chronicle/docs/secops/vpcsc-for-secops">VPC Service Controls</a>…

New: cross joins in multi-stage queries You can now use cross joins in YARA-L 2.0 multi-stage queries let you compare individual UDM event data against aggregated statistics calculated in previous…

RBAC for ingestion metrics Administrators can now use RBAC for ingestion metrics to restrict visibility of system health data, such as ingestion volume, errors, and throughput, based on a user's…

New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…

Release 6.3.77 is being rolled out to the first phase of regions as listed <a href="https://docs.cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-gradual-release">here</a>. This…

<a href="https://docs.cloud.google.com/chronicle/docs/soar/release-notes#February_15_2026">Release 6.3.76</a> is now available for all regions.

New capabilities in Feeds page The following options have been added to the Feeds page: • Search • Filtering (using feed attributes) • Pagination • Last Refreshed Time • Feed Metadata Export to CSV

Control of MCP use with organization policies is deprecated. After March 17, 2026, organization policies that use the gcp.managed.allowedMCPServices constraint won't work, and you can control MCP use…

Release 6.3.76 is being rolled out to the first phase of regions as listed <a href="https://docs.cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-gradual-release">here</a>. This…

<a href="https://docs.cloud.google.com/chronicle/docs/soar/release-notes#February_08_2026">Release 6.3.75</a> is now available for all regions.

Advanced Joins in Search Google SecOps now supports expanded capabilities for correlating data across multiple sources. These join operations are also supported in multistage queries. Joins without…

Enhanced rule observability: New metadata, visual indicators, and dashboards Google Security Operations has introduced updates to how detection and alert data is processed and visualized. These…