AlloyDB for PostgreSQL
Change
The extension vector, which includes pgvector functions and operators, is updated to version 0.8.1.
Google SecOps
Announcement
Understand your Google SecOps billing components
A new document is available that helps you understand your Google Security Operations billing components. The document provides information about how to track your usage and the related cost. For more information, see Understand your Google SecOps billing.
Feature
ThreatConnect IOC V3 Connector
Google SecOps now supports the ingestion of Indicators of Compromise (IOCs) from ThreatConnect using the v3 REST API. This updated connector replaces the existing v2-based integration and introduces several enhancements:
- Advanced Filtering with TQL: Use ThreatConnect Query Language (TQL) to perform highly targeted searches based on complex criteria like confidence scores, tags, or specific timeframes.
- Efficient Single-Call Data Ingestion: Ingest complete indicator objects—including attributes, tags, and security labels—in a single API call to reduce overhead and improve performance.
- Synchronization Gaps: Changes in ThreatConnect (for example, ThreatAssessmentScore, confidence, tags) are now replicated into the platform every 30 minutes.
Data ingested through this connector is identified by the new log type THREATCONNECT_IOC_V3.
For more information, see Collect ThreatConnect IOC logs using the v3 API.
Google SecOps Marketplace
Feature
New OpenSearch integration
Feature
New Proofpoint Cloud Threat Response integration
Feature
Siemplify: Version 98.0
The following new action has been added:
- Export Case
Change
Google Chronicle: Version 71.0
Updated event processing and ontology mapping in the following connector:
- Google Chronicle – Chronicle Alerts Connector
Added support for returning raw logs related to UDM events to the following actions:
Get Detection Details
Execute UDM Search
Change
Fortigate: Version 17.0
Expanded the supported log filter in the following connector:
- Fortigate – Threat Logs Connector
Google SecOps SIEM
Announcement
Understand your Google SecOps billing components
A new document is available that helps you understand your Google Security Operations billing components. The document provides information about how to track your usage and the related cost. For more information, see Understand your Google SecOps billing.
Feature
ThreatConnect IOC V3 Connector
Google SecOps now supports the ingestion of Indicators of Compromise (IOCs) from ThreatConnect using the v3 REST API. This updated connector replaces the existing v2-based integration and introduces several enhancements:
- Advanced Filtering with TQL: Use ThreatConnect Query Language (TQL) to perform highly targeted searches based on complex criteria like confidence scores, tags, or specific timeframes.
- Efficient Single-Call Data Ingestion: Ingest complete indicator objects—including attributes, tags, and security labels—in a single API call to reduce overhead and improve performance.
- Synchronization Gaps: Changes in ThreatConnect (for example, ThreatAssessmentScore, confidence, tags) are now replicated into the platform every 30 minutes.
Data ingested through this connector is identified by the new log type THREATCONNECT_IOC_V3.
For more information, see Collect ThreatConnect IOC logs using the v3 API.
Announcement
Understand your Google SecOps billing components
A new document is available that helps you understand your Google Security Operations billing components. The document provides information about how to track your usage and the related cost. For more information, see Understand your Google SecOps billing.
Feature
ThreatConnect IOC V3 Connector
Google SecOps now supports the ingestion of Indicators of Compromise (IOCs) from ThreatConnect using the v3 REST API. This updated connector replaces the existing v2-based integration and introduces several enhancements:
- Advanced Filtering with TQL: Use ThreatConnect Query Language (TQL) to perform highly targeted searches based on complex criteria like confidence scores, tags, or specific timeframes.
- Efficient Single-Call Data Ingestion: Ingest complete indicator objects—including attributes, tags, and security labels—in a single API call to reduce overhead and improve performance.
- Synchronization Gaps: Changes in ThreatConnect (for example, ThreatAssessmentScore, confidence, tags) are now replicated into the platform every 30 minutes.
Data ingested through this connector is identified by the new log type THREATCONNECT_IOC_V3.
For more information, see Collect ThreatConnect IOC logs using the v3 API.
Source: Google Cloud Platform
