GCP Release Notes: April 03, 2026

AlloyDB for PostgreSQL

Feature

The gcloud beta alloydb connect command is now available in Preview. This command provides a simplified way to connect securely to AlloyDB instances by using the AlloyDB Auth Proxy and psql. For more information, see Connect using gcloud CLI.

Cloud Logging

Announcement

Cloud Logging adds support for the ca multi-region. For a complete list of supported regions, see Supported regions.

Cloud Monitoring

Feature

Application Monitoring has added a Services and Workloads tab, which lists your registered and discovered services and workloads. From this tab, you can do the following:

• Register discovered services and workloads.
• Search for services and workloads by functional type, such as Agent or MCP server.
• Open dashboards that display telemetry. For discovered services and workload, Google Cloud Observability uses the Cloud Asset Inventory name to identify relevant information.

To learn more, see the following:

• List registered and discovered services and workloads
• Application Monitoring overview
• View application telemetry

Dataproc

Announcement

Dataproc and Google Cloud Serverless for Apache Spark are now unified under the Managed Service for Apache Spark brand. This change consolidates our managed Spark deployment options into a single umbrella brand that includes the full breadth of our Spark capabilities. No existing functionality is being removed as part of this change, and there will be no impact to the Dataproc API, client library, CLI, or IAM names.

Gemini Enterprise

Feature

Gemini Enterprise: Jira and Confluence federated connectors

The Jira and Confluence federated connectors are generally available (GA) in Gemini Enterprise.

For more information, see:

• Jira Cloud
• Confluence Cloud

Generative AI on Vertex AI

Feature

Vertex AI RAG Engine Serverless mode

Vertex AI RAG Engine Serverless mode is now available in public preview. Serverless mode provides a fully managed database for storing RAG resources that abstracts away database provisioning and scaling. You can seamlessly switch between Serverless mode and Spanner mode, which provides dedicated, isolated database instances.

For more information, see the following:

• Deployment modes in Vertex AI RAG Engine
• Serverless mode
• Managing Spanner mode
• Switching between modes

Google SecOps

Change

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

• Abnormal Security (ABNORMAL_SECURITY)
• Active Countermeasures (AI_HUNTER)
• AIX system (AIX_SYSTEM)
• Apache (APACHE)
• Apache Cassandra (CASSANDRA)
• Aruba (ARUBA_WIRELESS)
• Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
• Auth0 (AUTH_ZERO)
• AWS Aurora (AWS_AURORA)
• AWS CloudFront (AWS_CLOUDFRONT)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS VPC Flow (AWS_VPC_FLOW)
• AWS WAF (AWS_WAF)
• Azure AD (AZURE_AD)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure Front Door (AZURE_FRONT_DOOR)
• Azure SQL (AZURE_SQL)
• BeyondTrust (BOMGAR)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Broadcom Support Portal Audit Logs (BROADCOM_SUPPORT_PORTAL)
• Check Point Harmony (CHECKPOINT_HARMONY)
• Chronicle SOAR Audit (CHRONICLE_SOAR_AUDIT)
• Cisco ASA (CISCO_ASA_FIREWALL)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco ISE (CISCO_ISE)
• Cisco Meraki (CISCO_MERAKI)
• Cisco Secure Access (CISCO_SECURE_ACCESS)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
• Cisco Umbrella DNS (UMBRELLA_DNS)
• Cisco WSA (CISCO_WSA)
• Cloud SQL (GCP_CLOUDSQL)
• Cloudflare (CLOUDFLARE)
• Cloudflare Warp (CLOUDFLARE_WARP)
• Code42 Incydr (CODE42_INCYDR)
• CrowdStrike Alerts API (CS_ALERTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cybereason EDR (CYBEREASON_EDR)
• CYJAX Threat Intelligence (CYJAX_THREAT_INTELLIGENCE)
• Cyware Threat Intelligence Exchange (CTIX)
• Databricks (DATABRICKS)
• Duo Auth (DUO_AUTH)
• Elastic Defend (ELASTIC_DEFEND)
• ESET AV (ESET_AV)
• F5 ASM (F5_ASM)
• F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
• FireEye eMPS (FIREEYE_EMPS)
• FireEye ETP (FIREEYE_ETP)
• FireEye NX (FIREEYE_NX)
• Forescout NAC (FORESCOUT_NAC)
• ForgeRock Identity Cloud (FORGEROCK_IDENTITY_CLOUD)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• GitHub (GITHUB)
• Google Threat Intelligence IOC (GTI_IOC)
• HP Aruba (ClearPass) (CLEARPASS)
• Huawei Switches (HUAWEI_SWITCH)
• IBM DataPower Gateway (IBM_DATAPOWER)
• IBM Safenet (IBM_SAFENET)
• IBM Websphere Application Server (IBM_WEBSPHERE_APP_SERVER)
• Imperva Advanced Bot Protection (IMPERVA_ABP)
• Imperva SecureSphere Management (IMPERVA_SECURESPHERE)
• Juniper (JUNIPER_FIREWALL)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Audit (KUBERNETES_AUDIT)
• Kubernetes Node (KUBERNETES_NODE)
• Linux Auditing System (AuditD) (AUDITD)
• Maria Database (MARIA_DB)
• McAfee ePolicy Orchestrator (MCAFEE_EPO)
• McAfee Skyhigh CASB (MCAFEE_SKYHIGH_CASB)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Microsoft Azure Activity (AZURE_ACTIVITY)
• Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
• Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
• Microsoft IIS (IIS)
• Microsoft SQL Server (MICROSOFT_SQL)
• Mimecast Mail V2 (MIMECAST_MAIL_V2)
• Mobile Endpoint Security (LOOKOUT_MOBILE_ENDPOINT_SECURITY)
• Mobileiron (MOBILEIRON)
• NetApp ONTAP (NETAPP_ONTAP)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Netskope Web Proxy (NETSKOPE_WEBPROXY)
• None (GCP_DNS)
• Obsidian (OBSIDIAN)
• Office 365 (OFFICE_365)
• Oort Security Tool (OORT)
• Oracle (ORACLE_DB)
• Orca Cloud Security Platform (ORCA)
• Palo Alto Cortex XDR Events (PAN_CORTEX_XDR_EVENTS)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
• PostFix Mail (POSTFIX_MAIL)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Proofpoint Threat Response (PROOFPOINT_TRAP)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• Red Hat OpenShift (REDHAT_OPENSHIFT)
• Salesforce (SALESFORCE)
• SAP Change Document (SAP_CHANGE_DOCUMENT)
• SAP Gateway (SAP_GATEWAY)
• SAP Hana Audit (SAP_HANA_AUDIT)
• SAP Security Audit (SAP_SECURITY_AUDIT)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Sensitive Data Risk (GCP_SECURITYCENTER_SENSITIVE_DATA_RISK)
• Security Command Center Threat (GCP_SECURITYCENTER_THREAT)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• Snyk Group level audit Logs (SNYK_SDLC)
• Suricata EVE (SURICATA_EVE)
• Symantec EDR (SYMANTEC_EDR)
• Sysdig (SYSDIG)
• Tenable Active Directory Security (TENABLE_ADS)
• ThreatConnect IOC V3 (THREATCONNECT_IOC_V3)
• Trellix HX Alerts (TRELLIX_HX_ALERTS)
• Trellix HX Audit Events (TRELLIX_HX_AUDIT)
• Trellix HX Event Streamer (TRELLIX_HX_ES)
• Trellix HX Hosts (TRELLIX_HX_HOSTS)
• Trend Micro Vision One Endpoint Vulnerabilities (TRENDMICRO_VISION_ONE_ENDPOINT_VULNERABILITIES)
• Trend Micro Vision One Observerd Attack Techniques (TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES)
• Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
• TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
• TXOne Stellar (TRENDMICRO_STELLAR)
• Ubika Waf (UBIKA_WAF)
• Unix system (NIX_SYSTEM)
• Varonis (VARONIS)
• Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
• VMware ESXi (VMWARE_ESX)
• VMware Horizon (VMWARE_HORIZON)
• Wallix Bastion (WALLIX_BASTION)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• wiz.io (WIZ_IO)
• Zeek JSON (BRO_JSON)
• Zscaler (ZSCALER_WEBPROXY)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

• Action1 (ACTION1)
• CDNetworks Cloud Security (CDNETWORKS_CLOUD_SECURITY)
• Claude Compliance Logs (CLAUDE_COMPLIANCE_LOGS)
• Dell RecoverPoint (DELL_RECOVERPOINT)
• IBM Storwize (IBM_STORWIZE)
• LeapXpert Audit Logs (LEAPXPERT_AUDIT)
• Oracle Key Vault Audit Logs (ORACLE_KEY_VAULT_AUDIT_LOGS)
• RSA Cloud (RSA_CLOUD)
• ServiceNow Antivirus Activity (SERVICENOW_ANTIVIRUS_ACTIVITY)
• ServiceNow Attachment (SERVICENOW_ATTACHMENT)
• ServiceNow Email (SERVICENOW_EMAIL)
• Versa Director (VERSA_DIRECTOR)
• ZPE Systems NodeGrid (ZPE_SYSTEMS_NODEGRID)

Google SecOps SIEM

Change

Google Security Operations has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

• Abnormal Security (ABNORMAL_SECURITY)
• Active Countermeasures (AI_HUNTER)
• AIX system (AIX_SYSTEM)
• Apache (APACHE)
• Apache Cassandra (CASSANDRA)
• Aruba (ARUBA_WIRELESS)
• Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
• Auth0 (AUTH_ZERO)
• AWS Aurora (AWS_AURORA)
• AWS CloudFront (AWS_CLOUDFRONT)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS VPC Flow (AWS_VPC_FLOW)
• AWS WAF (AWS_WAF)
• Azure AD (AZURE_AD)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure Front Door (AZURE_FRONT_DOOR)
• Azure SQL (AZURE_SQL)
• BeyondTrust (BOMGAR)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Broadcom Support Portal Audit Logs (BROADCOM_SUPPORT_PORTAL)
• Check Point Harmony (CHECKPOINT_HARMONY)
• Chronicle SOAR Audit (CHRONICLE_SOAR_AUDIT)
• Cisco ASA (CISCO_ASA_FIREWALL)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco ISE (CISCO_ISE)
• Cisco Meraki (CISCO_MERAKI)
• Cisco Secure Access (CISCO_SECURE_ACCESS)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
• Cisco Umbrella DNS (UMBRELLA_DNS)
• Cisco WSA (CISCO_WSA)
• Cloud SQL (GCP_CLOUDSQL)
• Cloudflare (CLOUDFLARE)
• Cloudflare Warp (CLOUDFLARE_WARP)
• Code42 Incydr (CODE42_INCYDR)
• CrowdStrike Alerts API (CS_ALERTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cybereason EDR (CYBEREASON_EDR)
• CYJAX Threat Intelligence (CYJAX_THREAT_INTELLIGENCE)
• Cyware Threat Intelligence Exchange (CTIX)
• Databricks (DATABRICKS)
• Duo Auth (DUO_AUTH)
• Elastic Defend (ELASTIC_DEFEND)
• ESET AV (ESET_AV)
• F5 ASM (F5_ASM)
• F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
• FireEye eMPS (FIREEYE_EMPS)
• FireEye ETP (FIREEYE_ETP)
• FireEye NX (FIREEYE_NX)
• Forescout NAC (FORESCOUT_NAC)
• ForgeRock Identity Cloud (FORGEROCK_IDENTITY_CLOUD)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• GitHub (GITHUB)
• Google Threat Intelligence IOC (GTI_IOC)
• HP Aruba (ClearPass) (CLEARPASS)
• Huawei Switches (HUAWEI_SWITCH)
• IBM DataPower Gateway (IBM_DATAPOWER)
• IBM Safenet (IBM_SAFENET)
• IBM Websphere Application Server (IBM_WEBSPHERE_APP_SERVER)
• Imperva Advanced Bot Protection (IMPERVA_ABP)
• Imperva SecureSphere Management (IMPERVA_SECURESPHERE)
• Juniper (JUNIPER_FIREWALL)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Audit (KUBERNETES_AUDIT)
• Kubernetes Node (KUBERNETES_NODE)
• Linux Auditing System (AuditD) (AUDITD)
• Maria Database (MARIA_DB)
• McAfee ePolicy Orchestrator (MCAFEE_EPO)
• McAfee Skyhigh CASB (MCAFEE_SKYHIGH_CASB)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Microsoft Azure Activity (AZURE_ACTIVITY)
• Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
• Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
• Microsoft IIS (IIS)
• Microsoft SQL Server (MICROSOFT_SQL)
• Mimecast Mail V2 (MIMECAST_MAIL_V2)
• Mobile Endpoint Security (LOOKOUT_MOBILE_ENDPOINT_SECURITY)
• Mobileiron (MOBILEIRON)
• NetApp ONTAP (NETAPP_ONTAP)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Netskope Web Proxy (NETSKOPE_WEBPROXY)
• None (GCP_DNS)
• Obsidian (OBSIDIAN)
• Office 365 (OFFICE_365)
• Oort Security Tool (OORT)
• Oracle (ORACLE_DB)
• Orca Cloud Security Platform (ORCA)
• Palo Alto Cortex XDR Events (PAN_CORTEX_XDR_EVENTS)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
• PostFix Mail (POSTFIX_MAIL)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Proofpoint Threat Response (PROOFPOINT_TRAP)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• Red Hat OpenShift (REDHAT_OPENSHIFT)
• Salesforce (SALESFORCE)
• SAP Change Document (SAP_CHANGE_DOCUMENT)
• SAP Gateway (SAP_GATEWAY)
• SAP Hana Audit (SAP_HANA_AUDIT)
• SAP Security Audit (SAP_SECURITY_AUDIT)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Sensitive Data Risk (GCP_SECURITYCENTER_SENSITIVE_DATA_RISK)
• Security Command Center Threat (GCP_SECURITYCENTER_THREAT)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• Snyk Group level audit Logs (SNYK_SDLC)
• Suricata EVE (SURICATA_EVE)
• Symantec EDR (SYMANTEC_EDR)
• Sysdig (SYSDIG)
• Tenable Active Directory Security (TENABLE_ADS)
• ThreatConnect IOC V3 (THREATCONNECT_IOC_V3)
• Trellix HX Alerts (TRELLIX_HX_ALERTS)
• Trellix HX Audit Events (TRELLIX_HX_AUDIT)
• Trellix HX Event Streamer (TRELLIX_HX_ES)
• Trellix HX Hosts (TRELLIX_HX_HOSTS)
• Trend Micro Vision One Endpoint Vulnerabilities (TRENDMICRO_VISION_ONE_ENDPOINT_VULNERABILITIES)
• Trend Micro Vision One Observerd Attack Techniques (TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES)
• Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
• TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
• TXOne Stellar (TRENDMICRO_STELLAR)
• Ubika Waf (UBIKA_WAF)
• Unix system (NIX_SYSTEM)
• Varonis (VARONIS)
• Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
• VMware ESXi (VMWARE_ESX)
• VMware Horizon (VMWARE_HORIZON)
• Wallix Bastion (WALLIX_BASTION)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• wiz.io (WIZ_IO)
• Zeek JSON (BRO_JSON)
• Zscaler (ZSCALER_WEBPROXY)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

• Action1 (ACTION1)
• CDNetworks Cloud Security (CDNETWORKS_CLOUD_SECURITY)
• Claude Compliance Logs (CLAUDE_COMPLIANCE_LOGS)
• Dell RecoverPoint (DELL_RECOVERPOINT)
• IBM Storwize (IBM_STORWIZE)
• LeapXpert Audit Logs (LEAPXPERT_AUDIT)
• Oracle Key Vault Audit Logs (ORACLE_KEY_VAULT_AUDIT_LOGS)
• RSA Cloud (RSA_CLOUD)
• ServiceNow Antivirus Activity (SERVICENOW_ANTIVIRUS_ACTIVITY)
• ServiceNow Attachment (SERVICENOW_ATTACHMENT)
• ServiceNow Email (SERVICENOW_EMAIL)
• Versa Director (VERSA_DIRECTOR)
• ZPE Systems NodeGrid (ZPE_SYSTEMS_NODEGRID)

Identity and Access Management

Deprecated

Extended attributes for Workforce Identity Federation are deprecated. For group mapping, we recommend using SCIM instead of extended attributes. For more information, see IAM deprecations.

Virtual Private Cloud

Feature

Hybrid Subnets is available in General Availability. Hybrid subnet routing lets a VPC network share a CIDR block with a connected on-premises network. This configuration helps you migrate workloads to Google Cloud without needing to change any IP addresses. During migration, workloads that have migrated to your VPC network can communicate with those remaining in the on-premises network by using internal IP addresses. After all workloads have migrated, you can disable hybrid subnet routing to restore normal routing behavior.

Source: Google Cloud Platform