Google SecOps Response Integrations release notes

This page documents production updates to Google SecOps Response Integrations. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

October 15, 2025

Feature

CrowdStrike Falcon: Version 66.0

The following new action has been added:
- Get Alert Details

Change

Azure Active Directory: Version 19.0

Improved performance by implementing a direct API filter query for group name searches, which avoids fetching all groups and significantly reduces execution time in large-group environments, in the following action:
- List Members in Group

Change

CrowdStrike Falcon: Version 66.0

Updated entity processing logic in the following actions:
- Contain Endpoint
- Download File
- Execute Command
- Get Host Information
- Lift Contained Endpoint
- List Host Vulnerabilities
- On-Demand Scan
- Run Script

Change

Updated dependencies in the following integrations:

Microsoft Teams: Version 30.0
Microsoft Graph Mail Delegated: Version 8.0
Exchange: Version 114.0
Case Federation: Version 5.0
Azure Security Center: Version 12.0

Change

Microsoft Teams: Version 30.0

Integration: Fixed an issue with the special characters in the query parameters.

Change

Okta: Version 10.0

Updated the pagination processing mechanism in the following actions:
- List Users
- Add Group
- Get Group
- List Providers

Change

ThreatQ: Version 15.0

Updated the API request payload to align with a change in the ThreatQ API in the following actions:
- Enrich IP
- Enrich URL
- Enrich Email
- Enrich Hash
- Enrich CVE

Change

UrlScan.io: Version 26.0

Added ability to scan domains and IPs in the following action:
- URL Check

October 09, 2025

Change

Google Threat Intelligence: Version 5.0

Added ability to filter by issue name in the following connector:
- Google Threat Intelligence - ASM Issues Connector
Added ability to filter events in the following connector:
- Google Threat Intelligence - DTM Alerts Connector

Change

Microsoft Teams: Version 29.0

Refactored action logic in the following actions:
- Get Authorization
- Generate Token

Change

Google Workspace: Version 22.0

Updated the action description to reflect that the action deletes the extension from the blocklist rather than deleting the extension from the organizational unit in the following action:
- Delete Extension

Change

Google Chronicle: Version 66.0

Updated processing of reference list rows in the following action:
- Get Reference Lists

September 25, 2025

Feature

New Apache Kafka integration

Feature

Microsoft Azure Sentinel: Version 57.0

The following new job has been added:
- Sync Incidents

Change

Any.Run: Version 8.0

Updated the available privacy settings in the following actions:
- Analyze URL
- Analyze File URL
- Analyze File

Change

CrowdStrike Falcon: Version 64.0

Updated timeout handling in the following connector:
- Crowdstrike Falcon - Streaming Events Connector
Integration: Updated authentication to support multi-tenancy execution.

Change

Google Workspace: Version 21.0

Expanded capabilities of the following action:
- List OU Of Account
Updated processing of the organization unit inside the following actions:
- Block Extension
- Delete Extension
- List OU Of Account

Change

Orca Security: Version 12.0

Integration: (REGRESSIVE) Updated to support the latest API version.

Ontology has been updated. Overwrite current ontology mapping to align with the new API alert structure.

Change

Google Chronicle: Version 65.0

Updated the filtering mechanism of the following action:
- Get Data Tables

September 17, 2025

Feature

SentinelOneV2: Version 41.0

The following new action has been added:
- Update Alert
The following new connector has been added:
- SentinelOne - Alert Connector
A new predefined widget has been added to the following action:
- Update Alert

Feature

Google Threat Intelligence: Version 4.0

The following new action has been added:
- Set DTM Alert Analysis

Feature

Palo Alto Cortex XDR: Version 18.0

The following new actions have been added:
- Add Comment To Incident
- Execute XQL Search
- Get Incident Details

Change

Google Threat Intelligence: Version 4.0

Updated the processing of the threat actor entity in the following action:
- Enrich Entities
Updated the predefined widget in the following actions:

(REGRESSIVE) The widget now works with GTI information. To see the changes, the widget must be re-added to the existing views in playbooks.
- Enrich Entities
- Enrich IOCs
Added JSON samples to the following action:
- Enrich Entities

Change

Trend Vision One: Version 6.0

Added support for Agent UUID in the following actions:
- Enrich Entities
- Execute Custom Script
- Isolate Endpoint
- Unisolate Endpoint

Change

Splunk: Version 58.0

Updated the alert processing logic in the following connector:
- Splunk ES - Notable Events Connector

Change

Jira: Version 48.0

Integration: Updated the SDK version.

Change

Added the ability to modify the API Root and Login API Root in the following integrations:

Azure Active Directory: Version 18.0
Azure AD Identity Protection: Version 7.0
Microsoft Teams: Version 28.0

Change

Vertex AI: Version 4.0

Integration: Increased the default timeout for API requests.

Change

Microsoft Azure Sentinel: Version 56.0

Updated mapping for the ScheduledAlert event types in the following connector:
- Microsoft Azure Sentinel Incident Connector v2

September 03, 2025

Change

Google Threat Intelligence: Version 3.0

Extended supported filters in the following connector:
- Google Threat Intelligence - ASM Issues Connector

August 27, 2025

Feature

Google Workspace: Version 20.0

The following new actions have been added:
- Block Extension
- Delete Extension
- Get Extension Details
- Get Host Browser Details
- Search User Activity Events

Change

Google Threat Intelligence: Version 3.0

Integration: Updated authentication flow.

August 20, 2025

Change

CrowdStrike Falcon: Version 63.0

Updated processing of On-Demand Scan alerts in the following connector:
- Crowdstrike Falcon - Alerts Connector

Change

Google Chronicle: Version 64.0

Added support for aggregated searches in the following action:
- Execute UDM Query

Change

Microsoft Graph Mail: Version 30.0

Improved handling of Case Name Template in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Change

Microsoft Graph Mail Delegated: Version 6.0

Improved handling of Case Name Template in the following connector:
- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

August 13, 2025

Feature

New CyberArk Credential Provider integration

Change

Jira: Version 47.0

Updated timestamp processing logic in the following jobs:
- Sync Comments
- Sync Closure
Updated logic for processing closed tickets in the following job:
- Sync Closure

Change

Microsoft Graph Mail: Version 29.0

Integration: Updated dependencies.

August 04, 2025

Feature

Google Chronicle: Version 63.0

The following new actions have been added:
- Ask Gemini
- Enrich Entities

Change

Case Federation: Version 4.0

Integration: Refactored the code.

Change

Gmail: Version 5.0

Integration: Improved error handling.

Change

Google Chronicle: Version 63.0

The following actions have been deprecated:
- Enrich Domain
- Enrich IP

Change

QRadar: Version 60.0

Updated offense processing logic in the following connector:
- Qradar - Baseline Offenses Connector

Change

SentinelOneV2: Version 40.0

Added ability to fetch agent information in the following actions:
- Disconnect Agent From Network
- Enrich Endpoint
- Get Agent Status
- Get Application List For Endpoint
- Get Events For Endpoint Hours Back
- Initiate Full Scan
- Move Agents
- Reconnect Agent To The Network

July 23, 2025

Feature

Siemplify: Version 94.0

The following new actions have been added:
- Get Custom Field Values
- Resume Case SLA
- Pause Case SLA

Change

Sophos: Version 18.0

Added ability to work with new authentication method in the following action:

Get Events Log

July 16, 2025

Feature

Google Chronicle: Version 62.0

The following new actions have been added:
- Remove Rows From Data Table
- Get Data Tables
- Is Value In Data Table
- Add Rows To Data Table

Change

Azure Security Center: Version 11.0

Integration: Refactored the integration code to support the updated API.

Change

Mandiant Threat Intelligence: Version 14.0

Improved entity processing logic in the following action:
- Enrich Entities

Change

Microsoft Azure Sentinel: Version 55.0

Updated logger initialization in the following connector:
- Microsoft Azure Sentinel - Incident Connector v2

Change

MySQL: Version 5.0

Refined query processing in the following action:
- Run SQL Query

July 09, 2025

Change

BMC Remedy ITSM: Version 9.0

Updated input parameter processing in the following action:
- Create Incident

Change

ServiceNow: Version 58.0

Updated processing of record object in the following connector:
- ServiceNow - ServiceNow Connector

Change

Siemplify: Version 93.0

Updated action logic in the following actions:
- Get Case Details
- Get Similar Cases

July 02, 2025

Feature

Okta: Version 9.0

The following new action has been added:
- Send SSF to Okta

Change

CrowdStrike Falcon: Version 62.0

Updated JSON Result structure in the following action:
- List Hosts

Change

Google Chronicle: Version 61.0

Updated action processing logic in the following action:
- Execute UDM Query

Change

Vertex AI: Version 3.0

Integration: Updated the handling of non-Google models.

June 27, 2025

Change

Siemplify: Version 92.0

Updated action logic in the following actions:
- Get Case Details
- Get Similar Cases
- Update Case Description

June 25, 2025

Change

Refactored the code to work with updated API in the following integrations:

Case Federation: Version 3.0
Siemplify: Version 91.0

Change

Microsoft Azure Sentinel: Version 54.0

Added an ability to not process the alert until Scheduled/NRT alert objects are available from API in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Change

SentinelOneV2: Version 39.0

Updated ontology mapping in the following connector:
- SentinelOneV2 - Threats Connector

Change

Siemplify: Version 91.0

Updated Predefined Widget in the following action:
- Get Similar Cases

June 18, 2025

Change

Google Chronicle: Version 60.0

Updated risk score handling in the following connector:
- Google Chronicle - Alerts Connector

Change

Microsoft Teams: Version 27.0

Integration: Refactored the code to work with updated API.

June 11, 2025

Feature

New Akamai integration

Feature

New Google Threat Intelligence integration

Change

Refactored the code to work with updated API in the following integrations:

Exchange: Version 113.0
ServiceNow: Version 57.0
Microsoft Graph Mail Delegated: Version 5.0

Refactored the code in the following integrations:

Gmail: Version 4.0
Google Cloud API: Version 6.0
HTTP v2: Version 9.0
Microsoft Graph Mail: Version 28.0
Tor: Version 7.0

Change

Darktrace: Version 18.0

Added ability to filter model breaches by priority in the following connector:
- Darktrace - Model Breaches Connector

June 04, 2025

Change

Refactored the code to work with updated API in the following integrations:

BMC Remedy ITSM: Version 8.0
Gmail: Version 3.0
Google Cloud API: Version 5.0
Microsoft Graph Mail: Version 27.0
Service Desk Plus V3: Version 6.0
Vertex AI: Version 2.0

Change

Google Chronicle: Version 59.0

Updated the API root to be configurable in IDE in the following connector:
- Google Chronicle - Chronicle Alerts Connector

Change

Nmap: Version 2.0

Updated JSON Result structure in the following action:
- Scan Entities

Change

Vertex AI: Version 2.0

Fixed non-Google models that weren't working

May 28, 2025

Feature

New Nmap integration

Change

Mandiant Threat Intelligence: Version 13.0

Updated entity processing in the following action:
- Enrich Entities

Change

Microsoft 365 Defender: Version 21.0

Added more transparency around Microsoft Sentinel and Microsoft Defender For Cloud alerts. You can now provide microsoftSentinel and microsoftDefenderForCloud as the Service Source in the following connector:
- Microsoft 365 Defender - Incidents Connector

Change

Office 365 CloudApp Security: Version 22.0

Updated processing of the input parameters in the following actions:
- Bulk Resolve Alert
- Close Alert
- Dismiss Alert

Change

Sophos: Version 17.0

Updated the logic of entity processing in the following actions:
- Isolate Endpoint
- Unisolate Endpoint

Change

Trend Vision One: Version 5.0

Updated the logic for processing alerts in the following connector:
- Trend Vision One - Workbench Alerts

May 21, 2025

Change

Google Chronicle:Version: 58.0

Updated the following action:
- Broken Google Chronicle Widget
Expanded the JSON Result with new fields in the following connector:
- Google Chronicle - Get Rule Details

Change

Microsoft Azure Sentinel: Version 53.0

Updated entity mapping in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Change

Palo Alto Cortex XDR: Version 17.0

Updated the supported statuses in the following action:
- Update an Incident

May 14, 2025

Feature

ProofPoint TAP: Version 11.0

The following new actions have been added:
- Get Threat Forensics
- Search Events
- List Campaigns

Change

Google Chronicle: Version 57.0

Updated the processing of the events in the following connector:
- Google Chronicle - Chronicle Alerts Connector

May 07, 2025

Feature

New Cisco Vulnerability Management integration

Feature

CrowdStrike Falcon: Version 61.0

The following new action has been added:
- Search Events

Change

CrowdStrike Falcon: Version 61.0

Updated input parameter processing in the following action:
- On-Demand Scan
Added ability to define Alert Name and Case Name templates to the following connectors:
- Crowdstrike Falcon - Detections Connector
- Crowdstrike Falcon - Identity Protection Detections Connector
- Crowdstrike Falcon - Alerts Connector

Change

Google Chronicle: Version 56.0

Added ignore \r\n characters and skip empty input values when adding to the following actions:
- Is Value in Reference List
- Add Value to Reference List
Optimized the processing of the alerts in the following jobs:
- Google Chronicle - Alerts Sync
- Google Chronicle - Alerts Creator

Change

Microsoft Azure Sentinel: Version 52.0

Updated events processing logic in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Change

Microsoft Graph Mail: Version 26.0

Added ability to define Alert Name Template in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Change

Microsoft Graph Mail Delegated: Version 4.0

Added ability to define Alert Name Template in the following connector:
- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

Change

CrowdStrike Falcon: Version 61.0

Updated input parameter processing in the following action:
- On-Demand Scan
Added ability to define Alert Name and Case Name templates in the following connectors:
- Crowdstrike Falcon - Detections Connector
- Crowdstrike Falcon - Identity Protection Detections Connector
- Crowdstrike Falcon - Alerts Connector

Change

Google Chronicle: Version 56.0

Added ignore \r\n characters and skip empty input values when adding in the following actions:
- Is Value in Reference List
- Add Value to Reference List
Optimised the processing of the alerts in the following jobs:
- Alerts Sync
- Alerts Creator

Microsoft Azure Sentinel: Version 52.0

Updated events processing logic in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Microsoft Graph Mail: Version 26.0

Added ability to define Alert Name Template in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Microsoft Graph Mail Delegated: Version 26.0

Added ability to define Alert Name Template in the following connector:
- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

April 30, 2025

Feature

Mimecast: Version 12.0

The following new action has been added:
- Create Block Sender Policy

Change

HTTP v2: Version 8.0

Integration: Refactored the code to work with updated API.

Change

Mimecast: Version 12.0

Added ability to ingest attachments and body associated with the held message to the following connector:
- Mimecast - Message Tracking Connector
Added ability to filter by queue reason to the following connector:
- Mimecast - Message Tracking Connector

Change

SentinelOneV2: Version 38.0

The underlying API endpoint of the following action has been deprecated and there is no suitable replacement:
- Get Hash Reputation
Refactored the code of the following connector:
- SentinelOneV2 - Get Events For Endpoint Hours Back

Change

VirusTotalV3: Version 37.0

Updated entity handling of the following actions:
- Add Comment To Entity
- Add Vote To Entity
- Enrich URL
- Get Domain Details
- Get Related Domains
- Get Related Hashes
- Get Related IPs
- Get Related URLs
Updated Predefined Widgets in the following actions:
- Add Comment To Entity
- Add Vote To Entity
- Enrich URL
- Get Domain Details
- Get Related Domains
- Get Related Hashes
- Get Related IPs
- Get Related URLs

April 23, 2025

Feature

ExtraHop: Version 6.0

The following new action has been added:
- Update Detection

Feature

Zerofox: Version 2.0

The following new action has been added:
- Add Evidence To Alert

Change

Microsoft Graph Mail: Version 25.0

Updated event structure for the attached emails in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Change

Microsoft Graph Mail Delegated: Version 3.0

Updated event structure for the attached emails in the following connector:
- Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

Change

SCC Enterprise: Version 17.0

Updated ticket creation workflow in the following action:
- Create SCC Enterprise Cloud Posture Ticket Type Jira

Change

Siemplify: Version 90.0

Added ability to work with additional timestamp types in the following action:
- Permitted Alert Time
Added ability to work with IANA timezone names in the following action:
- Permitted Alert Time

Change

Tanium: Version 14.0

Improved action compatibility with Python 3.11 in the following action:
- Download File

April 16, 2025

Change

CrowdStrike Falcon: Version 60.0

Added ability to fetch hidden alerts in the following connector:
- CrowdStrike - Alerts Connector

Change

Google Chronicle: Version 55.0

Added ability to ingest composite alerts in the following connector:
- Google Chronicle - Alerts Connector
Removed the Disable Event Splitting parameter so the connector will always ingest events in the original structure in the following connector and ontology mapping must be updated:
- Google Chronicle - Alerts Connector

Change

Microsoft Graph Mail: Version 24.0

Integration: Added support for working with S/MIME-encrypted emails.
Added Connector API throttling improvements to accommodate Max Emails per Cycle logic in the following connector:
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Change

Microsoft Graph Security: Version 22.0

Integration: Added support for V2 version of the API.

Note: The support needs to be enabled in the connectors and integration. Connector behavior changes on the new API; note filter configuration. New permissions to work with V2 API need to be provided.

Change

ServiceNow: Version 56.0

Improved handling of OAuth 2.0 authentication in the following actions:
- Create Incident
- Create Alert Incident

April 09, 2025

Feature

New Zerofox integration.

Change

Exchange: Version 112.0

Added an option to overwrite the URL regex connectors use in the following connectors:
- Exchange - Mail Connector v2
- Exchange - Mail Connector v2 with OAuth Authentication

Change

Siemplify: Version 89.0

Removed the following unsupported job:
- Siemplify - ETL Monitor Job

Change

VirusTotalV3: Version 36.0

Updated private submission is_risky logic in the following action:
- Submit File

Change

VMware Carbon Black Cloud: Version 36.0

Updated the ingestion processing logic in the following connector:
- VMware Carbon Black Cloud - Alerts and Events Baseline Connector

Change

Web Risk: Version 2.0

Updated entity handling in the following action:
- Enrich Entities

April 02, 2025

Change

CrowdStrike Falcon: Version 59.0

Updated input handling for the following actions:
- Update Identity Protection Detection
- Add Identity Protection Detection Comment

Change

Exchange: Version 111.0

Improved encoding handling during email parsing in the following connectors:
- Exchange - Mail Connector v2
- Exchange - Mail Connector v2 with Oauth Authentication

Change

ExtraHop: Version 5.0

Updated alert processing logic in the following connector:
- Extrahop - Detections Connector

Change

Google Chronicle: Version 54.0

Updated the following connector to support new SIEM API:
- Google Chronicle - Alerts Connector
Updated the following jobs to support new SIEM API:
- Sync
- Alerts Creator
Added ability to authenticate via Workload Identity in the following connector:
- Google Chronicle - Alerts Connector
Added ability to authenticate via Workload Identity in the following connector in the following jobs:
- Sync
- Alerts Creator

Change

Jira: Version 46.0

Updated the following jobs:
- Sync Closure
- Sync Comments

Change

Microsoft Azure Sentinel: Version 51.0

Integration: Updated the integration code to work with Python version 3.11.

Important: To ensure compatibility and avoid disruptions, follow the best practices in Upgrade Python versions.
Added an option to create additional SecOps events for all Sentinel Incident's entities in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector
Improved tracking of Microsoft Sentinel Incident's entities (if the connector can't fetch events for Sentinel's Scheduled alerts or NRT-based incidents, it will attempt to fetch Incident's entities instead) in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector
Improved handling of Microsoft Sentinel incidents IDs in connectors backlog in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Change

Microsoft Graph Mail: Version 23.0

Integration: Added support for working with S/MIME-encrypted emails.
The code base was refactored in the following connector:

(REGRESSIVE) As part of the refactor, connector's Tenant (Directory) ID parameter has been updated to a Microsoft Entra ID Directory ID, this will require re-entering connector's configuration parameters after the update.
- Microsoft Graph Mail - Microsoft Graph Mail Connector

Change

ServiceNow: Version 55.0

Added support for Sync Closed Incidents job to handle created incidents in the following actions:
- Create Incident
- Create Alert Incident
Added ability to filter records by assignment group in the following connector:
- ServiceNow - ServiceNow Connector
Added ability to sync incidents created during playbook execution in the following job:
- Sync Closed Incidents

Change

Siemplify: Version 88.0

Removed the following unsupported job from the integration:
- Jobs Monitor

Change

VMRay: Version 17.0

Updated entity handling in the following action:
- Scan URL

March 26, 2025

Change

Cisco Firepower Management Center: Version 7.0

Integration: Added pagination mechanism support.

Change

Cofense Triage: Version 13.0

Integration: (REGRESSIVE) Updated alerts and events time mappings.

Change

Exchange: Version 110.0

Integration: Dependencies update.

Change

Google Chronicle: Version 53.0

Propagate SIEM data access scope in the following connector:
- Google Chronicle - Alerts Connector
Updated predefined widget in the following action:
- Get Detection Details

Change

MSSQL: Version 16.0

Integration: Integration updates.

Change

Microsoft Graph Security: Version 21.0

Updated the handling of alerts in the following connector:
- Microsoft Graph Security - Office 365 Security and Compliance Connector

Change

SCC Enterprise: Version 16.0

Integration: Added support for regionalized environments.

Change

Siemplify: Version 87.0

Removed the following unsupported job from the integration:
- Connectors Monitor

March 19, 2025

Change

ServiceNow: Version 54.0

Added ability to provide custom fields as JSON objects in the following actions:
- Create Incident
- Update Incident

Change

Zoho Desk: Version 8.0

Updated the user searching mechanism in the following action:
- Create Ticket

Change

Exchange: Version 109.0

Integration: Added support for working with S/MIME-encrypted emails.

Change

Jira: Version 45.0

Added support for integration's sync jobs to handle created issues in the following actions:
- Create Issue
- Create Alert Issue Actions
Added support to handle issues created by the Create Issue and Create Alert Issue actions in the following jobs:
- Sync Closure
- Sync Comments Jobs

March 12, 2025

Feature

New Sysdig Secure integration

Feature

New Web Risk integration

Change

Mandiant: Version 8.0

Updated predefined widgets in the following actions:
- Enrich Entities
- Enrich IOCs
- Get Malware Details

Change

Mandiant Threat Intelligence: Version 12.0

Updated predefined widgets in the following actions:
- Enrich Entities
- Enrich IOCs
- Get Malware Details

Change

Mimecast: Version 11.0

(DEPRECATED) No replacement API endpoint in new API in the following action:
- Report Message
Integration: Migrated integration to work with the latest API version.
Integration: Added client credentials authentication.

Change

Varonis Data Security Platform: Version 5.0

Integration: Updated dependencies.

March 05, 2025

Change

CrowdStrike Falcon: Version 58.0

Added ability to provide a hostname from the input parameters in the following actions:
- On-Demand Scan
- Execute Command
- Run Script

Change

Exchange: Version 108.0

Integration: Updated the integration.

Change

Google Chronicle: Version 52.0

Updated severity handling in the following connector:
- Google Chronicle - Alerts Connector
Integration: Updated the integration dependencies.
Error handling improvements in the following job:
- Alerts Creator

Change

Microsoft Azure Sentinel: Version 50.0

Improved the connector logging and the API timeout handling in the following connector:
- Microsoft Azure Sentinel - Incident Connector v2

Change

SiemplifyUtilities: Version 24.0

Added ability to disable JSON data escaping in the following action:
- Filter JSON

Change

VirusTotalV3: Version 35.0

Updated the comment fetching logic in the following action:
- Submit File

February 26, 2025

Feature

New Microsoft Graph Mail Delegated integration

Feature

Siemplify: Version 86.0

The following new actions have been added:
- Wait For Custom Fields
- Set Custom Fields
- Create Gemini Case Summary

Change

Anomali: Version 12.0

Integration: Updated the API authentication.

Change

HTTP v2: Version 7.0

Integration: Updated the integration to work without authentication.

Change

Mandiant ASM: Version 9.0

Integration: Updated handling of the ASM Project.

February 24, 2025

Change

Siemplify: Version 85.0

Updated input handling in the following case:
- Close Case

February 19, 2025

Change

Carbon Black Response: Version 34.0

Fixed the issue with data type of the Version parameter in the following connector:
- Carbon Black Response - Carbon Black Response Connector

Change

Exchange: Version 107.0

Integration: Updated external package dependencies.

Change

Microsoft Graph Mail: Version 22.0

Added the ability to control the action's JSON result behavior in the following actions:
- Search Emails
- Move Email To Folder
- Delete Email
- Wait For Email From User
Integration: Improved localization support and better handling of the internetMessageID filter.
Integration: Improved integration configuration validation.

Change

Netskope: Version 12.0

Integration: Integration updated to support latest Netskope API updates

Note: The integration needs to be configured with V1 and V2 API Tokens, to support actions that are working with V1 endpoints, and actions that work with newer, V2 endpoints. For more information, see the following Netskope article - https://docs.netskope.com/en/netskope-product-eol-announcements/#eol-for-specific-rest-api-v1-endpoints-1

Change

Splunk: Version 57.0

Integration: Updated Dependencies.

February 12, 2025

Change

Google Chronicle: Version 51.0

Improved Connector Logs To Notify On Possible Ingestion Delays in the following connector:
- Google Chronicle - Alerts Connector
Updated OOTB mapping in the following connector:

New mapping allows you to have "Disable Event Splitting" enabled and still have all entities mapped out.
- Google Chronicle - Alerts Connector

Change

Microsoft 365 Defender: Version 20.0

Added ability to disable alert tracking in the following connector:
- Microsoft 365 Defender - Incidents Connector

Change

Snowflake: Version 6.0

Integration: Updated integration to use the latest API version.

February 07, 2025

Change

Google Chronicle: Version 50.0

Improved events time format conversion handling in the following job:
- Google Chronicle - Alerts Creator

February 05, 2025

Feature

Google BigQuery: Version 15.0

The following new action has been added:
- Run Custom Query

Feature

Google Workspace: Version 19.0

The following new action has been added:
- Revoke User Sessions

Change

CrowdStrike Falcon: Version 57.0

Updated predefined widgets in the following actions:
- Get Host Information
- List Host Vulnerabilities

Change

Google BigQuery: Version 15.0

Updated error handling in the following action:
- Run SQL Query

Change

McAfee ESM: Version 43.0

Integration: Added support for the 11.6.13 and later product versions.

Note: Make sure to enable "Use AES Encryption".

Change

Microsoft Graph Mail: Version 21.0

Improved email processing in the following actions:
- Wait For Email From User
- Wait For Vote Email Results

Change

QRadar: Version 59.0

Updated the storage of fetched offenses IDs in the following connectors:
- Qradar - Correlation Events Connector V2
- Qradar - Offenses Connector
Note: It is recommended to re-create related connectors after the integration update to avoid data inconsistencies.

Change

ServiceNow: Version 53.0

Improved support for updating custom fields in the following action:
- Update Incident

Change

VMware Carbon Black Cloud: Version 35.0

Updated predefined widgets in the following actions:
- List Host Vulnerabilities
- Enrich Entities

January 29, 2025

Feature

New Vertex AI integration

Change

Google Chronicle: Version 49.0

Updated default configuration for event splitting in the following connector:
- Google Chronicle - Alerts Connector
Integration: Updated actions to support the new SIEM API and the ability to authenticate using the Workload Identity Email.

Note: JSON results are different on the new SIEM API.
Updated predefined widgets in the following actions:
- Lookup Similar Alerts
- Get Rule Details
- Execute UDM Query
- Get Detection Details

Change

Mandiant Managed Defense: Version 3.0

Added ability to provide padding time and updated error handling for the following connector:
- Mandiant Managed Defense - Investigations Connector

Change

Splunk: Version 56.0

Integration: Updated authentication handling.

January 22, 2025

Feature

Siemplify: Version 83.0

The following new action has been added:
- Get Case Details
Added a new predefined widget to the following action:
- Get Case Details

Change

Exchange: Version 106.0

Improved handling of email ingestion in the following connecxtors:
- Exchange - Mail Connector v2
- Exchange - Mail Connector v2 With Oauth Authentication

January 15, 2025

Change

Fortigate: Version 15.0

Integration: Updated authentication to be aligned with new API best practices.

Change

Freshworks Freshservice: Version 14.0

Added ability to define the workspace in the following action:
- List Tickets
Added ability to define the workspace in the following connector:
- Freshworks Freshservice - Tickets Connector

Change

Google Chronicle: Version 48.0

Updated ontology mapping in the following connector:
- Google Chronicle - Alerts Connector

Change

Google Kubernetes Engine: Version 7.0

Integration: Added ability to provide API Root and location in the integration configuration.

Change

Orca Security: Version 11.0

Added ability to work with Orca Score in the following connecctor:
- Orca Security - Alerts Connector

Change

Palo Alto Next Gen Firewall: Version 25.0

Integration: Authorization method aligned to latest PanOS versions.

Change

SentinelOneV2: Version 37.0

Fixed IDs file handling and added an ability to disable the overflow mechanism in the following connector:
- SentinelOne - Threats Connector

Change

ThreatConnect: Version 14.0

Integration: Updated integration configuration parameters.

January 09, 2025

Change

Exchange: Version 105.0

Integration: Updated code to work with Python version 3.11.

January 08, 2025

Change

CrowdStrike Falcon: Version 56.0

Integration: Dependencies update.

Change

Darktrace: Version 17.0

Added the Padding Time parameter to the following connector:
- Darktrace - Model Breaches Connector

Change

SiemplifyUtilities: Version 23.0

Updated the following action:
- Filter JSON

Change

Splunk:

Improved unicode handling for API responses in the following action:
- Ping

January 02, 2025

Change

Microsoft Azure Sentinel: Version 49.0

Microsoft Azure Sentinel
- Integration: Reverted to Version 46. Now running with Python 3.7.

December 26, 2024

Change

Updated code to work with Python version 3.11 in the following integrations:

HTTP v2: Version 6.0
ThreatConnect: Version 13.0

December 24, 2024

Feature

Google Cloud Compute: Version 13.0

The following new actions have been added:
- Add Network Tags
- Remove Network Tags
- Add IP To Firewall Rule
- Remove IP From Firewall Rule
- Execute VM Patch Job

Feature

New Google Forms integration

Change

Screenshot Machine: Version 13.0

Integration: Updated dependencies.

Change

Siemplify: Version 82.0

Updated predefined widget in the following action:
- Get Similar Cases

Change

Splunk: Version 54.0

Refactored the logic of the following action:
- Ping

Change

VMRay: Version 16.0

Updated the logic of the following action:
- Upload File And Get Report

Change

Any.Run: Version 7.0

Due to the changes of the Any.Run API, the following actions have been updated (The opt_network_heavyevasion action input parameter was replaced with opt_kernel_heavyevasion and the opt_network_geo action input parameter value "Fastest" was replaced with "fastest"):
- Analyze File
- Analyze File URL
- Analyze URL

Change

Cloud Logging: Version 3.0

Integration: Added the ability to provide the API Root in the integration configuration.

Change

CrowdStrike Falcon: Version 55.0

Updated the ontology mapping in the following connector:
- Crowdstrike Falcon - Alerts Connector

Change

Google BigQuery: Version 14.0

Integration: Added the ability to provide the API Root in the integration configuration.

Change

Google Cloud Compute: Version 13.0

Extended capabilities of the following action:
- Update Firewall Rule
Integration: Added the ability to provide the API Root in the integration configuration.

Change

Google Cloud Policy Intelligence: Version 5.0

Integration: Added the ability to provide the location for regionalised API execution.

Change

ProofPoint TAP: Version 10.0

Integration: Action updates.

December 19, 2024

Change

Updated code to work with Python version 3.11 in the following integrations:

Case Federation: Version 2.0
ElasticSearch: Version 41.0
ElasticSearchV7: Version 19.0
Ivanti Endpoint Manager: Version 6.0
Splunk: Version 53.0

December 18, 2024

Feature

New PubSub integration

Feature

SCC Enterprise: Version 15.0

The following new action has been added:
- Add SCCE Tags

Change

Google Alert Center: Version 9.0

Updated severity handling logic in the following connector:
- Google Alert Center - Alerts Connector

Change

Google Cloud IAM: Veresion 15.0

Updated action parameter descriptions in the following action:
- Delete Role
Integration: Added ability to provide API Root in the integration configuration.

Change

Google Cloud Storage: Veresion 11.0

Integration: Added ability to provide API Root in the integration configuration.

Change

Microsoft Graph Mail: Version 20.0

Updated the following action:
- Send Vote Email
Integration: Added support for selecting whether to fetch the user email address from the userPrincipalName or mail fields from Microsoft Graph API.

Change

SCC Enterprise: Version 15.0

Integration: Code improvements.

December 12, 2024

Change

Updated code to work with Python version 3.11 in the following integrations:

Intezer: Version 10.0
Microsoft Azure Sentinel: Version 48.0
ServiceNow: Version 52.0
ZohoDesk: Version 7.0

December 11, 2024

Feature

SCC Enterprise: Version 14.0

The following new action has been added:
- Add SCCE Tags

Change

Google Chronicle: Version 47.0

Improved handling of detections in the following action:
- Get Detection Details
Updated alert structure in the following connector:
- Google Chronicle - Alerts Connector

Change

Microsoft 365 Defender: Version 19.0

Integration: Added ability to modify the Login API root and Graph API root.

Change

Microsoft Defender ATP: Version 26.0

Integration: Added support to modify the login API root.

Change

Palo Alto Panorama: Version 32.0

Integration: Improved actions compatibility with Python 3.11.

Change

Rapid7 InsightVM: Version 12.0

Updated pagination handling logic in the following actions:
- Enrich Asset
- List Scans
- Launch Scan
Updated pagination handling logic in the following connector:
- Rapid7 InsightVM - Vulnerabilities Connector

December 05, 2024

Change

Updated code to work with Python version 3.11 in the following integrations:

Google Chronicle: Version 46.0
SCC Enterprise: Version 13.0

December 04, 2024

Change

Microsoft Azure Sentinel: Version 47.0

Added an option to create additional SecOps events for all Sentinel Incident's entities in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector
Improved tracking of Microsoft Sentinel Incident's entities in the following connectors (if the connector can't fetch events for Sentinel's Scheduled alerts or NRT-based incidents, it will attempt to fetch Incident's entities instead):
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector
Improved handling of Microsoft Sentinel incidents IDs in the connector backlog in the following connectors:
- Microsoft Azure Sentinel - Incident Connector v2
- Microsoft Azure Sentinel - Incident Tracking Connector

Change

Symantec Endpoint Protection 14: Version 17.0

Integration: Made integration updates.

Google SecOps Response Integrations release notes Stay organized with collections Save and categorize content based on your preferences.

October 15, 2025

October 09, 2025

September 25, 2025

September 17, 2025

September 03, 2025

August 27, 2025

August 20, 2025

August 13, 2025

August 04, 2025

July 23, 2025

July 16, 2025

July 09, 2025

July 02, 2025

June 27, 2025

June 25, 2025

June 18, 2025

June 11, 2025

June 04, 2025

May 28, 2025

May 21, 2025

May 14, 2025

May 07, 2025

April 30, 2025

April 23, 2025

April 16, 2025

April 09, 2025

April 02, 2025

March 26, 2025

March 19, 2025

March 12, 2025

March 05, 2025

February 26, 2025

February 24, 2025

February 19, 2025

February 12, 2025

February 07, 2025

February 05, 2025

January 29, 2025

January 22, 2025

January 15, 2025

January 09, 2025

January 08, 2025

January 02, 2025

December 26, 2024

December 24, 2024

December 19, 2024

December 18, 2024

December 12, 2024

December 11, 2024

December 05, 2024

December 04, 2024

Google SecOps Response Integrations release notes