Availability: Gemini in Google Security Operations is
available globally. Gemini data is processed in the following
regions: us-central1, asia-southeast1, and europe-west1. Customer
requests are routed to the nearest available region for processing.
Pricing: For information about pricing, see Google SecOps
pricing.
Gemini security: For information about Gemini security
features in Google Cloud, see Security with generative AI.
SecLM platform: Gemini for Google SecOps uses a
range of large language models through the SecLM platform, including the
specialized Sec-LM model. Sec-LM is trained on security-focused data sources, including security
blogs, threat intelligence reports, YARA and YARA-L detection rules, SOAR
playbooks, malware scripts, vulnerability information, product
documentation, and other specialized datasets. For more information,
see Security with generative AI.
Key features of Gemini in Google SecOps
The following Google SecOps features are powered by Gemini:
Generate search queries
Gemini can help you build, edit, and run searches
targeted toward relevant events using natural language prompts.
Gemini can also help you iterate on a search, adjust the scope,
expand the time range, and add filters. You can use Gemini
to generate search queries from the
Gemini pane or when using the search query. The search query uses YARA-L 2.0 syntax. For more information, see Generate search queries with Gemini.
Assistance with threat intelligence and security questions
Gemini can answer general security domain questions. Additionally, Gemini
can answer specific threat intelligence questions and provide summaries
about threat actors, IOCs, and other threat intelligence topics. For more information,
see Assistance with threat intelligence.
Get documentation summaries
Gemini can answer questions about Google SecOps based on the documentation. For more information, see Gemini documentation summaries.
The case summary widget uses Gemini to present a summary of the case
including suggestions to resolve the issue.
For more information, see Use the Gemini Summary widget.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eGemini in Google SecOps is globally available and processes data in \u003ccode\u003eus-central1\u003c/code\u003e, \u003ccode\u003easia-southeast1\u003c/code\u003e, and \u003ccode\u003eeurope-west1\u003c/code\u003e, routing customer requests to the nearest available region.\u003c/p\u003e\n"],["\u003cp\u003eGemini for Google SecOps uses the SecLM platform, including the specialized Sec-PaLM model, trained on various security-related datasets.\u003c/p\u003e\n"],["\u003cp\u003eGemini can be utilized to generate UDM search queries, create YARA-L rules, assist with threat intelligence questions, and provide summaries of Google SecOps documentation.\u003c/p\u003e\n"],["\u003cp\u003eUsers can leverage Gemini to create and edit playbooks, and can also use a case summary widget that presents a summary of a case along with suggestions to resolve it.\u003c/p\u003e\n"],["\u003cp\u003ePricing information can be found on the Google SecOps pricing page, with details about Gemini security and data governance also available in their respective documentation.\u003c/p\u003e\n"]]],[],null,["# Gemini in Google SecOps\n=======================\n\nSupported in: \nGoogle secops [SIEM](/chronicle/docs/secops/google-secops-siem-toc) [SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n\nFor more information about Gemini, large language models (LLMs), and responsible\nAI, see [Gemini for\nCode](/gemini).\nYou can also see the [Gemini documentation](/gemini/docs) and\n[release notes](/gemini/docs/release-notes).\n\n- **Availability** : Gemini in Google Security Operations is\n available globally. Gemini data is processed in the following\n regions: `us-central1`, `asia-southeast1`, and `europe-west1`. Customer\n requests are routed to the nearest available region for processing.\n\n- **Pricing** : For information about pricing, see Google SecOps\n [pricing](/security/products/security-information-event-management?#pricing).\n\n- **Gemini security** : For information about Gemini security\n features in Google Cloud, see [Security with generative AI](/security/ai).\n\n- **Data governance** : For information about Gemini data governance\n practices, see [How Gemini for Google Cloud uses your\n data](/gemini/docs/discover/data-governance).\n\n- **Certifications** : For information about Gemini certifications, see\n [Certifications for Gemini](/gemini/docs/discover/certifications).\n\n- **SecLM platform** : Gemini for Google SecOps uses a\n range of large language models through the SecLM platform, including the\n specialized Sec-LM model. Sec-LM is trained on security-focused data sources, including security\n blogs, threat intelligence reports, YARA and YARA-L detection rules, SOAR\n playbooks, malware scripts, vulnerability information, product\n documentation, and other specialized datasets. For more information,\n see [Security with generative AI](/security/ai).\n\nKey features of Gemini in Google SecOps\n---------------------------------------\n\nThe following Google SecOps features are powered by Gemini:\n\n### Generate search queries\n\nGemini can help you build, edit, and run searches\ntargeted toward relevant events using natural language prompts.\nGemini can also help you iterate on a search, adjust the scope,\nexpand the time range, and add filters. You can use Gemini\nto generate search queries from the\nGemini pane or when using the search query. The search query uses YARA-L 2.0 syntax. For more information, see [Generate search queries with Gemini](/chronicle/docs/investigation/generate-udm-search-queries-gemini).\n\n### Generate a YARA-L rule using Gemini\n\nUse a natural language prompt to generate a YARA-L rule.\nFor more information, see [Generate a YARA-L rule using Gemini](/chronicle/docs/detection/generate-yara-l-with-gemini).\n\n### Assistance with threat intelligence and security questions\n\nGemini can answer general security domain questions. Additionally, Gemini\ncan answer specific threat intelligence questions and provide summaries\nabout threat actors, IOCs, and other threat intelligence topics. For more information,\nsee [Assistance with threat intelligence](/chronicle/docs/detection/answer-threat-intelligence-questions-gemini).\n\n### Get documentation summaries\n\nGemini can answer questions about Google SecOps based on the documentation. For more information, see [Gemini documentation summaries](/chronicle/docs/secops/gemini-docs).\n\n### Create and edit a playbook\n\nUse Gemini to create and edit a\nplaybook with prompts. For more information, see [Create and edit a playbook with Gemini](/chronicle/docs/soar/respond/working-with-playbooks/create-edit-playbook-with-gemini).\n\n### Use the Gemini case summary widget\n\nThe case summary widget uses Gemini to present a summary of the case\nincluding suggestions to resolve the issue.\nFor more information, see [Use the Gemini Summary widget](/chronicle/docs/soar/investigate/working-with-cases/using-the-gemini-case-summary-widget).\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]