Google SecOps Response Integrations release notes

This page documents production updates to Google SecOps Response Integrations. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

August 20, 2025

CrowdStrike Falcon: Version 63.0

Updated processing of On-Demand Scan alerts in the following connector:
- Crowdstrike Falcon - Alerts Connector

Google Chronicle: Version 64.0

Added support for aggregated searches in the following action:
- Execute UDM Query

Microsoft Graph Mail: Version 30.0

Improved handling of Case Name Template in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Microsoft Graph Mail Delegated: Version 6.0

Improved handling of Case Name Template in the following connector:
- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

August 13, 2025

New CyberArk Credential Provider integration

Jira: Version 47.0

Updated timestamp processing logic in the following jobs:
- Sync Comments
- Sync Closure
Updated logic for processing closed tickets in the following job:
- Sync Closure

Microsoft Graph Mail: Version 29.0

Integration: Updated dependencies.

August 04, 2025

Google Chronicle: Version 63.0

The following new actions have been added:
- Ask Gemini
- Enrich Entities

Case Federation: Version 4.0

Integration: Refactored the code.

Gmail: Version 5.0

Integration: Improved error handling.

Google Chronicle: Version 63.0

The following actions have been deprecated:
- Enrich Domain
- Enrich IP

QRadar: Version 60.0

Updated offense processing logic in the following connector:
- Qradar - Baseline Offenses Connector

SentinelOneV2: Version 40.0

Added ability to fetch agent information in the following actions:
- Disconnect Agent From Network
- Enrich Endpoint
- Get Agent Status
- Get Application List For Endpoint
- Get Events For Endpoint Hours Back
- Initiate Full Scan
- Move Agents
- Reconnect Agent To The Network

July 23, 2025

Siemplify: Version 94.0

The following new actions have been added:
- Get Custom Field Values
- Resume Case SLA
- Pause Case SLA

Sophos: Version 18.0

Added ability to work with new authentication method in the following action:

Get Events Log

July 16, 2025

Google Chronicle: Version 62.0

The following new actions have been added:
- Remove Rows From Data Table
- Get Data Tables
- Is Value In Data Table
- Add Rows To Data Table

Azure Security Center: Version 11.0

Integration: Refactored the integration code to support the updated API.

Mandiant Threat Intelligence: Version 14.0

Improved entity processing logic in the following action:
- Enrich Entities

Microsoft Azure Sentinel: Version 55.0

Updated logger initialization in the following connector:
- Microsoft Azure Sentinel - Incident Connector v2

MySQL: Version 5.0

Refined query processing in the following action:
- Run SQL Query

July 09, 2025

BMC Remedy ITSM: Version 9.0

Updated input parameter processing in the following action:
- Create Incident

ServiceNow: Version 58.0

Updated processing of record object in the following connector:
- ServiceNow - ServiceNow Connector

Siemplify: Version 93.0

Updated action logic in the following actions:
- Get Case Details
- Get Similar Cases

July 02, 2025

Okta: Version 9.0

The following new action has been added:
- Send SSF to Okta

CrowdStrike Falcon: Version 62.0

Updated JSON Result structure in the following action:
- List Hosts

Google Chronicle: Version 61.0

Updated action processing logic in the following action:
- Execute UDM Query

Vertex AI: Version 3.0

Integration: Updated the handling of non-Google models.

June 27, 2025

Siemplify: Version 92.0

Updated action logic in the following actions:
- Get Case Details
- Get Similar Cases
- Update Case Description

June 25, 2025

Refactored the code to work with updated API in the following integrations:

Case Federation: Version 3.0
Siemplify: Version 91.0

Microsoft Azure Sentinel: Version 54.0

Added an ability to not process the alert until Scheduled/NRT alert objects are available from API in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

SentinelOneV2: Version 39.0

Updated ontology mapping in the following connector:
- SentinelOneV2 - Threats Connector

Siemplify: Version 91.0

Updated Predefined Widget in the following action:
- Get Similar Cases

June 18, 2025

Google Chronicle: Version 60.0

Updated risk score handling in the following connector:
- Google Chronicle - Alerts Connector

Microsoft Teams: Version 27.0

Integration: Refactored the code to work with updated API.

June 11, 2025

New Akamai integration

New Google Threat Intelligence integration

Darktrace: Version 18.0

Added ability to filter model breaches by priority in the following connector:
- Darktrace - Model Breaches Connector

Refactored the code to work with updated API in the following integrations:

Exchange: Version 113.0
ServiceNow: Version 57.0
Microsoft Graph Mail Delegated: Version 5.0

Refactored the code in the following integrations:

Gmail: Version 4.0
Google Cloud API: Version 6.0
HTTP v2: Version 9.0
Microsoft Graph Mail: Version 28.0
Tor: Version 7.0

June 04, 2025

Refactored the code to work with updated API in the following integrations:

BMC Remedy ITSM: Version 8.0
Gmail: Version 3.0
Google Cloud API: Version 5.0
Microsoft Graph Mail: Version 27.0
Service Desk Plus V3: Version 6.0
Vertex AI: Version 2.0

Google Chronicle: Version 59.0

Updated the API root to be configurable in IDE in the following connector:
- Google Chronicle - Chronicle Alerts Connector

Nmap: Version 2.0

Updated JSON Result structure in the following action:
- Scan Entities

Vertex AI: Version 2.0

Fixed non-Google models that weren't working

May 28, 2025

New Nmap integration

Mandiant Threat Intelligence: Version 13.0

Updated entity processing in the following action:
- Enrich Entities

Microsoft 365 Defender: Version 21.0

Added more transparency around Microsoft Sentinel and Microsoft Defender For Cloud alerts. You can now provide microsoftSentinel and microsoftDefenderForCloud as the Service Source in the following connector:
- Microsoft 365 Defender - Incidents Connector

Office 365 CloudApp Security: Version 22.0

Updated processing of the input parameters in the following actions:
- Bulk Resolve Alert
- Close Alert
- Dismiss Alert

Sophos: Version 17.0

Updated the logic of entity processing in the following actions:
- Isolate Endpoint
- Unisolate Endpoint

Trend Vision One: Version 5.0

Updated the logic for processing alerts in the following connector:
- Trend Vision One - Workbench Alerts

May 21, 2025

Google Chronicle:Version: 58.0

Updated the following action:
- Broken Google Chronicle Widget
Expanded the JSON Result with new fields in the following connector:
- Google Chronicle - Get Rule Details

Microsoft Azure Sentinel: Version 53.0

Updated entity mapping in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Palo Alto Cortex XDR: Version 17.0

Updated the supported statuses in the following action:
- Update an Incident

May 14, 2025

ProofPoint TAP: Version 11.0

The following new actions have been added:
- Get Threat Forensics
- Search Events
- List Campaigns

Google Chronicle: Version 57.0

Updated the processing of the events in the following connector:
- Google Chronicle - Chronicle Alerts Connector

May 07, 2025

New Cisco Vulnerability Management integration

CrowdStrike Falcon: Version 61.0

The following new action has been added:
- Search Events

CrowdStrike Falcon: Version 61.0

Updated input parameter processing in the following action:
- On-Demand Scan
Added ability to define Alert Name and Case Name templates to the following connectors:
- Crowdstrike Falcon - Detections Connector
- Crowdstrike Falcon - Identity Protection Detections Connector
- Crowdstrike Falcon - Alerts Connector

Google Chronicle: Version 56.0

Added ignore \r\n characters and skip empty input values when adding to the following actions:
- Is Value in Reference List
- Add Value to Reference List
Optimized the processing of the alerts in the following jobs:
- Google Chronicle - Alerts Sync
- Google Chronicle - Alerts Creator

Microsoft Azure Sentinel: Version 52.0

Updated events processing logic in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Microsoft Graph Mail: Version 26.0

Added ability to define Alert Name Template in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Microsoft Graph Mail Delegated: Version 4.0

Added ability to define Alert Name Template in the following connector:
- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

CrowdStrike Falcon: Version 61.0

Updated input parameter processing in the following action:
- On-Demand Scan
Added ability to define Alert Name and Case Name templates in the following connectors:
- Crowdstrike Falcon - Detections Connector
- Crowdstrike Falcon - Identity Protection Detections Connector
- Crowdstrike Falcon - Alerts Connector

Google Chronicle: Version 56.0

Added ignore \r\n characters and skip empty input values when adding in the following actions:
- Is Value in Reference List
- Add Value to Reference List
Optimised the processing of the alerts in the following jobs:
- Alerts Sync
- Alerts Creator

Microsoft Azure Sentinel: Version 52.0

Updated events processing logic in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Microsoft Graph Mail: Version 26.0

Added ability to define Alert Name Template in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Microsoft Graph Mail Delegated: Version 26.0

Added ability to define Alert Name Template in the following connector:
- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

April 30, 2025

Mimecast: Version 12.0

The following new action has been added:
- Create Block Sender Policy

HTTP v2: Version 8.0

Integration: Refactored the code to work with updated API.

Mimecast: Version 12.0

Added ability to ingest attachments and body associated with the held message to the following connector:
- Mimecast - Message Tracking Connector
Added ability to filter by queue reason to the following connector:
- Mimecast - Message Tracking Connector

SentinelOneV2: Version 38.0

The underlying API endpoint of the following action has been deprecated and there is no suitable replacement:
- Get Hash Reputation
Refactored the code of the following connector:
- SentinelOneV2 - Get Events For Endpoint Hours Back

VirusTotalV3: Version 37.0

Updated entity handling of the following actions:
- Add Comment To Entity
- Add Vote To Entity
- Enrich URL
- Get Domain Details
- Get Related Domains
- Get Related Hashes
- Get Related IPs
- Get Related URLs
Updated Predefined Widgets in the following actions:
- Add Comment To Entity
- Add Vote To Entity
- Enrich URL
- Get Domain Details
- Get Related Domains
- Get Related Hashes
- Get Related IPs
- Get Related URLs

April 23, 2025

ExtraHop: Version 6.0

The following new action has been added:
- Update Detection

Zerofox: Version 2.0

The following new action has been added:
- Add Evidence To Alert

Microsoft Graph Mail: Version 25.0

Updated event structure for the attached emails in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Microsoft Graph Mail Delegated: Version 3.0

Updated event structure for the attached emails in the following connector:
- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

SCC Enterprise: Version 17.0

Updated ticket creation workflow in the following action:
- Create SCC Enterprise Cloud Posture Ticket Type Jira

Siemplify: Version 90.0

Added ability to work with additional timestamp types in the following action:
- Permitted Alert Time
Added ability to work with IANA timezone names in the following action:
- Permitted Alert Time

Tanium: Version 14.0

Improved action compatibility with Python 3.11 in the following action:
- Download File

April 16, 2025

CrowdStrike Falcon: Version 60.0

Added ability to fetch hidden alerts in the following connector:
- CrowdStrike - Alerts Connector

Google Chronicle: Version 55.0

Added ability to ingest composite alerts in the following connector:
- Google Chronicle - Alerts Connector
Removed the Disable Event Splitting parameter so the connector will always ingest events in the original structure in the following connector and ontology mapping must be updated:
- Google Chronicle - Alerts Connector

Microsoft Graph Mail: Version 24.0

Integration: Added support for working with S/MIME-encrypted emails.
Added Connector API throttling improvements to accommodate Max Emails per Cycle logic in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Microsoft Graph Security: Version 22.0

Integration: Added support for V2 version of the API.

Note: The support needs to be enabled in the connectors and integration. Connector behavior changes on the new API; note filter configuration. New permissions to work with V2 API need to be provided.

ServiceNow: Version 56.0

Improved handling of OAuth 2.0 authentication in the following actions:
- Create Incident
- Create Alert Incident

April 09, 2025

New Zerofox integration.

Exchange: Version 112.0

Added an option to overwrite the URL regex connectors use in the following connectors:
- Exchange - Mail Connector v2
- Exchange - Mail Connector v2 with OAuth Authentication

Siemplify: Version 89.0

Removed the following unsupported job:
- Siemplify - ETL Monitor Job

VirusTotalV3: Version 36.0

Updated private submission is_risky logic in the following action:
- Submit File

VMware Carbon Black Cloud: Version 36.0

Updated the ingestion processing logic in the following connector:
- VMware Carbon Black Cloud - Alerts and Events Baseline Connector

Web Risk: Version 2.0

Updated entity handling in the following action:
- Enrich Entities

April 02, 2025

CrowdStrike Falcon: Version 59.0

Updated input handling for the following actions:
- Update Identity Protection Detection
- Add Identity Protection Detection Comment

Exchange: Version 111.0

Improved encoding handling during email parsing in the following connectors:
- Exchange - Mail Connector v2
- Exchange - Mail Connector v2 with Oauth Authentication

ExtraHop: Version 5.0

Updated alert processing logic in the following connector:
- Extrahop - Detections Connector

Google Chronicle: Version 54.0

Updated the following connector to support new SIEM API:
- Google Chronicle - Alerts Connector
Updated the following jobs to support new SIEM API:
- Sync
- Alerts Creator
Added ability to authenticate via Workload Identity in the following connector:
- Google Chronicle - Alerts Connector
Added ability to authenticate via Workload Identity in the following connector in the following jobs:
- Sync
- Alerts Creator

Jira: Version 46.0

Updated the following jobs:
- Sync Closure
- Sync Comments

Microsoft Azure Sentinel: Version 51.0

Integration: Updated the integration code to work with Python version 3.11.

Important: To ensure compatibility and avoid disruptions, follow the best practices in Upgrade Python versions.
Added an option to create additional SecOps events for all Sentinel Incident's entities in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector
Improved tracking of Microsoft Sentinel Incident's entities (if the connector can't fetch events for Sentinel's Scheduled alerts or NRT-based incidents, it will attempt to fetch Incident's entities instead) in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector
Improved handling of Microsoft Sentinel incidents IDs in connectors backlog in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Microsoft Graph Mail: Version 23.0

Integration: Added support for working with S/MIME-encrypted emails.
The code base was refactored in the following connector:

(REGRESSIVE) As part of the refactor, connector's Tenant (Directory) ID parameter has been updated to a Microsoft Entra ID Directory ID, this will require re-entering connector's configuration parameters after the update.
- Microsoft Graph Mail - Microsoft Graph Mail Connector

ServiceNow: Version 55.0

Added support for Sync Closed Incidents job to handle created incidents in the following actions:
- Create Incident
- Create Alert Incident
Added ability to filter records by assignment group in the following connector:
- ServiceNow - ServiceNow Connector
Added ability to sync incidents created during playbook execution in the following job:
- Sync Closed Incidents

Siemplify: Version 88.0

Removed the following unsupported job from the integration:
- Jobs Monitor

VMRay: Version 17.0

Updated entity handling in the following action:
- Scan URL

March 26, 2025

Cisco Firepower Management Center: Version 7.0

Integration: Added pagination mechanism support.

Cofense Triage: Version 13.0

Integration: (REGRESSIVE) Updated alerts and events time mappings.

Exchange: Version 110.0

Integration: Dependencies update.

Google Chronicle: Version 53.0

Propagate SIEM data access scope in the following connector:
- Google Chronicle - Alerts Connector
Updated predefined widget in the following action:
- Get Detection Details

MSSQL: Version 16.0

Integration: Integration updates.

Microsoft Graph Security: Version 21.0

Updated the handling of alerts in the following connector:
- Microsoft Graph Security - Office 365 Security and Compliance Connector

SCC Enterprise: Version 16.0

Integration: Added support for regionalized environments.

Siemplify: Version 87.0

Removed the following unsupported job from the integration:
- Connectors Monitor

March 19, 2025

Exchange: Version 109.0

Integration: Added support for working with S/MIME-encrypted emails.

Jira: Version 45.0

Added support for integration's sync jobs to handle created issues in the following actions:
- Create Issue
- Create Alert Issue Actions
Added support to handle issues created by the Create Issue and Create Alert Issue actions in the following jobs:
- Sync Closure
- Sync Comments Jobs

ServiceNow: Version 54.0

Added ability to provide custom fields as JSON objects in the following actions:
- Create Incident
- Update Incident

Zoho Desk: Version 8.0

Updated the user searching mechanism in the following action:
- Create Ticket

March 12, 2025

New Sysdig Secure integration

New Web Risk integration

Mandiant: Version 8.0

Updated predefined widgets in the following actions:
- Enrich Entities
- Enrich IOCs
- Get Malware Details

Mandiant Threat Intelligence: Version 12.0

Updated predefined widgets in the following actions:
- Enrich Entities
- Enrich IOCs
- Get Malware Details

Mimecast: Version 11.0

(DEPRECATED) No replacement API endpoint in new API in the following action:
- Report Message
Integration: Migrated integration to work with the latest API version.
Integration: Added client credentials authentication.

Varonis Data Security Platform: Version 5.0

Integration: Updated dependencies.

March 05, 2025

CrowdStrike Falcon: Version 58.0

Added ability to provide a hostname from the input parameters in the following actions:
- On-Demand Scan
- Execute Command
- Run Script

Exchange: Version 108.0

Integration: Updated the integration.

Google Chronicle: Version 52.0

Updated severity handling in the following connector:
- Google Chronicle - Alerts Connector
Integration: Updated the integration dependencies.
Error handling improvements in the following job:
- Alerts Creator

Microsoft Azure Sentinel: Version 50.0

Improved the connector logging and the API timeout handling in the following connector:
- Microsoft Azure Sentinel - Incident Connector v2

SiemplifyUtilities: Version 24.0

Added ability to disable JSON data escaping in the following action:
- Filter JSON

VirusTotalV3: Version 35.0

Updated the comment fetching logic in the following action:
- Submit File

February 26, 2025

New Microsoft Graph Mail Delegated integration

Siemplify: Version 86.0

The following new actions have been added:
- Wait For Custom Fields
- Set Custom Fields
- Create Gemini Case Summary

Anomali: Version 12.0

Integration: Updated the API authentication.

HTTP v2: Version 7.0

Integration: Updated the integration to work without authentication.

Mandiant ASM: Version 9.0

Integration: Updated handling of the ASM Project.

February 24, 2025

Siemplify: Version 85.0

Updated input handling in the following case:
- Close Case

February 19, 2025

Carbon Black Response: Version 34.0

Fixed the issue with data type of the Version parameter in the following connector:
- Carbon Black Response - Carbon Black Response Connector

Exchange: Version 107.0

Integration: Updated external package dependencies.

Microsoft Graph Mail: Version 22.0

Added the ability to control the action's JSON result behavior in the following actions:
- Search Emails
- Move Email To Folder
- Delete Email
- Wait For Email From User
Integration: Improved localization support and better handling of the internetMessageID filter.
Integration: Improved integration configuration validation.

Netskope: Version 12.0

Integration: Integration updated to support latest Netskope API updates

Note: The integration needs to be configured with V1 and V2 API Tokens, to support actions that are working with V1 endpoints, and actions that work with newer, V2 endpoints. For more information, see the following Netskope article - https://docs.netskope.com/en/netskope-product-eol-announcements/#eol-for-specific-rest-api-v1-endpoints-1

Splunk: Version 57.0

Integration: Updated Dependencies.

February 12, 2025

Google Chronicle: Version 51.0

Improved Connector Logs To Notify On Possible Ingestion Delays in the following connector:
- Google Chronicle - Alerts Connector
Updated OOTB mapping in the following connector:

New mapping allows you to have "Disable Event Splitting" enabled and still have all entities mapped out.
- Google Chronicle - Alerts Connector

Microsoft 365 Defender: Version 20.0

Added ability to disable alert tracking in the following connector:
- Microsoft 365 Defender - Incidents Connector

Snowflake: Version 6.0

Integration: Updated integration to use the latest API version.

February 07, 2025

Google Chronicle: Version 50.0

Improved events time format conversion handling in the following job:
- Google Chronicle - Alerts Creator

February 05, 2025

Google BigQuery: Version 15.0

The following new action has been added:
- Run Custom Query

Google Workspace: Version 19.0

The following new action has been added:
- Revoke User Sessions

CrowdStrike Falcon: Version 57.0

Updated predefined widgets in the following actions:
- Get Host Information
- List Host Vulnerabilities

Google BigQuery: Version 15.0

Updated error handling in the following action:
- Run SQL Query

McAfee ESM: Version 43.0

Integration: Added support for the 11.6.13 and later product versions.

Note: Make sure to enable "Use AES Encryption".

Microsoft Graph Mail: Version 21.0

Improved email processing in the following actions:
- Wait For Email From User
- Wait For Vote Email Results

QRadar: Version 59.0

Updated the storage of fetched offenses IDs in the following connectors:
- Qradar - Correlation Events Connector V2
- Qradar - Offenses Connector
Note: It is recommended to re-create related connectors after the integration update to avoid data inconsistencies.

ServiceNow: Version 53.0

Improved support for updating custom fields in the following action:
- Update Incident

VMware Carbon Black Cloud: Version 35.0

Updated predefined widgets in the following actions:
- List Host Vulnerabilities
- Enrich Entities

January 29, 2025

New Vertex AI integration

Google Chronicle: Version 49.0

Updated default configuration for event splitting in the following connector:
- Google Chronicle - Alerts Connector
Integration: Updated actions to support the new SIEM API and the ability to authenticate using the Workload Identity Email.

Note: JSON results are different on the new SIEM API.
Updated predefined widgets in the following actions:
- Lookup Similar Alerts
- Get Rule Details
- Execute UDM Query
- Get Detection Details

Mandiant Managed Defense: Version 3.0

Added ability to provide padding time and updated error handling for the following connector:
- Mandiant Managed Defense - Investigations Connector

Splunk: Version 56.0

Integration: Updated authentication handling.

January 22, 2025

Siemplify: Version 83.0

The following new action has been added:
- Get Case Details
Added a new predefined widget to the following action:
- Get Case Details

Exchange: Version 106.0

Improved handling of email ingestion in the following connecxtors:
- Exchange - Mail Connector v2
- Exchange - Mail Connector v2 With Oauth Authentication

January 15, 2025

Fortigate: Version 15.0

Integration: Updated authentication to be aligned with new API best practices.

Freshworks Freshservice: Version 14.0

Added ability to define the workspace in the following action:
- List Tickets
Added ability to define the workspace in the following connector:
- Freshworks Freshservice - Tickets Connector

Google Chronicle: Version 48.0

Updated ontology mapping in the following connector:
- Google Chronicle - Alerts Connector

Google Kubernetes Engine: Version 7.0

Integration: Added ability to provide API Root and location in the integration configuration.

Orca Security: Version 11.0

Added ability to work with Orca Score in the following connecctor:
- Orca Security - Alerts Connector

Palo Alto Next Gen Firewall: Version 25.0

Integration: Authorization method aligned to latest PanOS versions.

SentinelOneV2: Version 37.0

Fixed IDs file handling and added an ability to disable the overflow mechanism in the following connector:
- SentinelOne - Threats Connector

ThreatConnect: Version 14.0

Integration: Updated integration configuration parameters.

January 09, 2025

Exchange: Version 105.0

Integration: Updated code to work with Python version 3.11.

January 08, 2025

CrowdStrike Falcon: Version 56.0

Integration: Dependencies update.

Darktrace: Version 17.0

Added the Padding Time parameter to the following connector:
- Darktrace - Model Breaches Connector

SiemplifyUtilities: Version 23.0

Updated the following action:
- Filter JSON

Splunk:

Improved unicode handling for API responses in the following action:
- Ping

January 02, 2025

Microsoft Azure Sentinel: Version 49.0

Microsoft Azure Sentinel
- Integration: Reverted to Version 46. Now running with Python 3.7.

December 26, 2024

Updated code to work with Python version 3.11 in the following integrations:

HTTP v2: Version 6.0
ThreatConnect: Version 13.0

December 24, 2024

Google Cloud Compute: Version 13.0

The following new actions have been added:
- Add Network Tags
- Remove Network Tags
- Add IP To Firewall Rule
- Remove IP From Firewall Rule
- Execute VM Patch Job

New Google Forms integration

Any.Run: Version 7.0

Due to the changes of the Any.Run API, the following actions have been updated (The opt_network_heavyevasion action input parameter was replaced with opt_kernel_heavyevasion and the opt_network_geo action input parameter value "Fastest" was replaced with "fastest"):
- Analyze File
- Analyze File URL
- Analyze URL

Cloud Logging: Version 3.0

Integration: Added the ability to provide the API Root in the integration configuration.

CrowdStrike Falcon: Version 55.0

Updated the ontology mapping in the following connector:
- Crowdstrike Falcon - Alerts Connector

Google BigQuery: Version 14.0

Integration: Added the ability to provide the API Root in the integration configuration.

Google Cloud Compute: Version 13.0

Extended capabilities of the following action:
- Update Firewall Rule
Integration: Added the ability to provide the API Root in the integration configuration.

Google Cloud Policy Intelligence: Version 5.0

Integration: Added the ability to provide the location for regionalised API execution.

ProofPoint TAP: Version 10.0

Integration: Action updates.

Screenshot Machine: Version 13.0

Integration: Updated dependencies.

Siemplify: Version 82.0

Updated predefined widget in the following action:
- Get Similar Cases

Splunk: Version 54.0

Refactored the logic of the following action:
- Ping

VMRay: Version 16.0

Updated the logic of the following action:
- Upload File And Get Report

December 19, 2024

Updated code to work with Python version 3.11 in the following integrations:

Case Federation: Version 2.0
ElasticSearch: Version 41.0
ElasticSearchV7: Version 19.0
Ivanti Endpoint Manager: Version 6.0
Splunk: Version 53.0

December 18, 2024

New PubSub integration

SCC Enterprise: Version 15.0

The following new action has been added:
- Add SCCE Tags

Google Alert Center: Version 9.0

Updated severity handling logic in the following connector:
- Google Alert Center - Alerts Connector

Google Cloud IAM: Veresion 15.0

Updated action parameter descriptions in the following action:
- Delete Role
Integration: Added ability to provide API Root in the integration configuration.

Google Cloud Storage: Veresion 11.0

Integration: Added ability to provide API Root in the integration configuration.

Microsoft Graph Mail: Version 20.0

Updated the following action:
- Send Vote Email
Integration: Added support for selecting whether to fetch the user email address from the userPrincipalName or mail fields from Microsoft Graph API.

SCC Enterprise: Version 15.0

Integration: Code improvements.

December 12, 2024

Updated code to work with Python version 3.11 in the following integrations:

Intezer: Version 10.0
Microsoft Azure Sentinel: Version 48.0
ServiceNow: Version 52.0
ZohoDesk: Version 7.0

December 11, 2024

SCC Enterprise: Version 14.0

The following new action has been added:
- Add SCCE Tags

Google Chronicle: Version 47.0

Improved handling of detections in the following action:
- Get Detection Details
Updated alert structure in the following connector:
- Google Chronicle - Alerts Connector

Microsoft 365 Defender: Version 19.0

Integration: Added ability to modify the Login API root and Graph API root.

Microsoft Defender ATP: Version 26.0

Integration: Added support to modify the login API root.

Palo Alto Panorama: Version 32.0

Integration: Improved actions compatibility with Python 3.11.

Rapid7 InsightVM: Version 12.0

Updated pagination handling logic in the following actions:
- Enrich Asset
- List Scans
- Launch Scan
Updated pagination handling logic in the following connector:
- Rapid7 InsightVM - Vulnerabilities Connector

December 05, 2024

Updated code to work with Python version 3.11 in the following integrations:

Google Chronicle: Version 46.0
SCC Enterprise: Version 13.0

December 04, 2024

Microsoft Azure Sentinel: Version 47.0

Added an option to create additional SecOps events for all Sentinel Incident's entities in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector
Improved tracking of Microsoft Sentinel Incident's entities in the following connectors (if the connector can't fetch events for Sentinel's Scheduled alerts or NRT-based incidents, it will attempt to fetch Incident's entities instead):
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector
Improved handling of Microsoft Sentinel incidents IDs in the connector backlog in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Symantec Endpoint Protection 14: Version 17.0

Integration: Made integration updates.

Google SecOps Response Integrations release notes Stay organized with collections Save and categorize content based on your preferences.

August 20, 2025

August 13, 2025

August 04, 2025

July 23, 2025

July 16, 2025

July 09, 2025

July 02, 2025

June 27, 2025

June 25, 2025

June 18, 2025

June 11, 2025

June 04, 2025

May 28, 2025

May 21, 2025

May 14, 2025

May 07, 2025

April 30, 2025

April 23, 2025

April 16, 2025

April 09, 2025

April 02, 2025

March 26, 2025

March 19, 2025

March 12, 2025

March 05, 2025

February 26, 2025

February 24, 2025

February 19, 2025

February 12, 2025

February 07, 2025

February 05, 2025

January 29, 2025

January 22, 2025

January 15, 2025

January 09, 2025

January 08, 2025

January 02, 2025

December 26, 2024

December 24, 2024

December 19, 2024

December 18, 2024

December 12, 2024

December 11, 2024

December 05, 2024

December 04, 2024

Google SecOps Response Integrations release notes