43 updates from Google Cloud.
Enhanced Data Export API general availability and improvements The Data Export API is now GA and introduces significant security and capability improvements. This feature facilitates the bulk export…
The <a href="https://docs.cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.dataExports/fetchavailablelogtypes">fetchavailablelogtypes</a> API endpoint is <a…
The legacy Data Export API is <a href="https://docs.cloud.google.com/chronicle/docs/deprecations">deprecated</a> in favor of the <a…
The updateDataExport endpoint in the enhanced Data Export API is <a href="https://docs.cloud.google.com/chronicle/docs/deprecations">deprecated</a>. The reduction in job queue times using the <a…
New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…
Google SecOps has updated the list of list of <a href="https://docs.cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers">supported default parsers</a>. Parsers are updated…
New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…
Emerging Threats Center general availability The Emerging Threats Center is now in General Availability (GA) and includes the following new features and enhancements: • Expanded campaign filtering:…
Search query editor enhancements Google SecOps has enhanced the search query editor to provide intelligent auto-suggestions and improved error handling. • Auto-suggestions: The query editor now…
Health Hub This feature is currently in Preview. The Health Hub is the central location in Google Security Operations for you to monitor the status and health of all configured data sources. The…
Updates to search query limits and error messaging Google SecOps has updated search query limits for programmatic and web interface access: • Increased Queries Per Hour (QPH) limits of up to 2,000…
v1 Cloud Storage Feed Types (GCS, S3, SQS, Azure) The v1 feed types for GOOGLE_CLOUD_STORAGE, AMAZON_S3, AMAZON_SQS, and AZURE_BLOBSTORE are deprecated and will be discontinued on March 15, 2027.…
Google Security Operations has updated the list of <a href="https://docs.cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers">supported default parsers</a>. Parsers are…
Multi-stage queries in YARA-L The Multi-stage queries feature is now GA. This feature lets you feed the output of one query stage into the input of another, providing more granular data…
Credential validation for third-party API connectors Credential validation is now available for all 49 third-party API connectors. When you create a feed using a third-party API connector, Google…
New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…
Bindplane features for Google SecOps general availability The following <a href="https://docs.cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent">Bindplane</a> features that relate to…
Manage parser versions The <a href="https://docs.cloud.google.com/chronicle/docs/release-notes#October_07_2025">Manage parser versions</a> feature is in Public Preview for all customers.
Set up and manage data processing pipelines This feature is currently in Preview. You can now use the Data Processing pipelines to filter, transform, and redact Google SecOps data before ingestion.…
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region. For more…
Manage parser versions The <a href="https://docs.cloud.google.com/chronicle/docs/release-notes#October_07_2025">Manage parser versions</a> feature is now in General Availability. For more…
New Unified rules interface This feature is currently in Preview. Google SecOps has launched a unified rules interface that brings custom and curated rule management into a single, cohesive…
Release 6.3.78 is being rolled out to the first phase of regions as listed <a href="https://docs.cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-gradual-release">here</a>. This…
<a href="https://docs.cloud.google.com/chronicle/docs/soar/release-notes#February_22_2026">Release 6.3.77</a> is now available for all regions.
Added support for Google Cloud VPC Service Controls This feature is currently in Preview. <a href="https://docs.cloud.google.com/chronicle/docs/secops/vpcsc-for-secops">VPC Service Controls</a>…
New: cross joins in multi-stage queries You can now use cross joins in YARA-L 2.0 multi-stage queries let you compare individual UDM event data against aggregated statistics calculated in previous…
RBAC for ingestion metrics Administrators can now use RBAC for ingestion metrics to restrict visibility of system health data, such as ingestion volume, errors, and throughput, based on a user's…
New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: • <a…
Release 6.3.77 is being rolled out to the first phase of regions as listed <a href="https://docs.cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-gradual-release">here</a>. This…
<a href="https://docs.cloud.google.com/chronicle/docs/soar/release-notes#February_15_2026">Release 6.3.76</a> is now available for all regions.
New capabilities in Feeds page The following options have been added to the Feeds page: • Search • Filtering (using feed attributes) • Pagination • Last Refreshed Time • Feed Metadata Export to CSV
Control of MCP use with organization policies is deprecated. After March 17, 2026, organization policies that use the gcp.managed.allowedMCPServices constraint won't work, and you can control MCP use…
Release 6.3.76 is being rolled out to the first phase of regions as listed <a href="https://docs.cloud.google.com/chronicle/docs/soar/overview-and-introduction/soar-gradual-release">here</a>. This…
<a href="https://docs.cloud.google.com/chronicle/docs/soar/release-notes#February_08_2026">Release 6.3.75</a> is now available for all regions.
Advanced Joins in Search Google SecOps now supports expanded capabilities for correlating data across multiple sources. These join operations are also supported in multistage queries. Joins without…
Enhanced rule observability: New metadata, visual indicators, and dashboards Google Security Operations has introduced updates to how detection and alert data is processed and visualized. These…