Google SecOps Response Integrations release notes

This page documents production updates to Google SecOps Response Integrations. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

July 09, 2025

BMC Remedy ITSM: Version 9.0

  • Updated input parameter processing in the following action:

    • Create Incident

ServiceNow: Version 58.0

  • Updated processing of record object in the following connector:

    • ServiceNow - ServiceNow Connector

Siemplify: Version 93.0

  • Updated action logic in the following actions:

    • Get Case Details

    • Get Similar Cases

July 02, 2025

Okta: Version 9.0

  • The following new action has been added:

    • Send SSF to Okta

CrowdStrike Falcon: Version 62.0

  • Updated JSON Result structure in the following action:

    • List Hosts

Google Chronicle: Version 61.0

  • Updated action processing logic in the following action:

    • Execute UDM Query

Vertex AI: Version 3.0

  • Integration: Updated the handling of non-Google models.

June 27, 2025

Siemplify: Version 92.0

  • Updated action logic in the following actions:

    • Get Case Details

    • Get Similar Cases

    • Update Case Description

June 25, 2025

Refactored the code to work with updated API in the following integrations:

  • Case Federation: Version 3.0

  • Siemplify: Version 91.0

Microsoft Azure Sentinel: Version 54.0

  • Added an ability to not process the alert until Scheduled/NRT alert objects are available from API in the following connectors:

    • Microsoft Azure Sentinel - Incident Connector v2

    • Microsoft Azure Sentinel - Incident Tracking Connector

SentinelOneV2: Version 39.0

  • Updated ontology mapping in the following connector:

    • SentinelOneV2 - Threats Connector

Siemplify: Version 91.0

  • Updated Predefined Widget in the following action:

    • Get Similar Cases

June 18, 2025

Google Chronicle: Version 60.0

  • Updated risk score handling in the following connector:

    • Google Chronicle - Alerts Connector

Microsoft Teams: Version 27.0

  • Integration: Refactored the code to work with updated API.

June 11, 2025

New Akamai integration

New Google Threat Intelligence integration

Darktrace: Version 18.0

  • Added ability to filter model breaches by priority in the following connector:

    • Darktrace - Model Breaches Connector

Refactored the code to work with updated API in the following integrations:

  • Exchange: Version 113.0
  • ServiceNow: Version 57.0
  • Microsoft Graph Mail Delegated: Version 5.0

Refactored the code in the following integrations:

  • Gmail: Version 4.0
  • Google Cloud API: Version 6.0
  • HTTP v2: Version 9.0
  • Microsoft Graph Mail: Version 28.0
  • Tor: Version 7.0

June 04, 2025

Refactored the code to work with updated API in the following integrations:

  • BMC Remedy ITSM: Version 8.0
  • Gmail: Version 3.0
  • Google Cloud API: Version 5.0
  • Microsoft Graph Mail: Version 27.0
  • Service Desk Plus V3: Version 6.0
  • Vertex AI: Version 2.0

Google Chronicle: Version 59.0

  • Updated the API root to be configurable in IDE in the following connector:
    • Google Chronicle - Chronicle Alerts Connector

Nmap: Version 2.0

  • Updated JSON Result structure in the following action:
    • Scan Entities

Vertex AI: Version 2.0

  • Fixed non-Google models that weren't working

May 28, 2025

New Nmap integration

Mandiant Threat Intelligence: Version 13.0

  • Updated entity processing in the following action:

    • Enrich Entities

Microsoft 365 Defender: Version 21.0

  • Added more transparency around Microsoft Sentinel and Microsoft Defender For Cloud alerts. You can now provide microsoftSentinel and microsoftDefenderForCloud as the Service Source in the following connector:
    • Microsoft 365 Defender - Incidents Connector

Office 365 CloudApp Security: Version 22.0

  • Updated processing of the input parameters in the following actions:

    • Bulk Resolve Alert
    • Close Alert
    • Dismiss Alert

Sophos: Version 17.0

  • Updated the logic of entity processing in the following actions:
    • Isolate Endpoint
    • Unisolate Endpoint

Trend Vision One: Version 5.0

  • Updated the logic for processing alerts in the following connector:
    • Trend Vision One - Workbench Alerts

May 21, 2025

Google Chronicle:Version: 58.0

  • Updated the following action:

    • Broken Google Chronicle Widget

  • Expanded the JSON Result with new fields in the following connector:

    • Google Chronicle - Get Rule Details

Microsoft Azure Sentinel: Version 53.0

  • Updated entity mapping in the following connectors:

    • Microsoft Azure Sentinel - Incident Connector v2

    • Microsoft Azure Sentinel - Incident Tracking Connector

Palo Alto Cortex XDR: Version 17.0

  • Updated the supported statuses in the following action:

    • Update an Incident

May 14, 2025

ProofPoint TAP: Version 11.0

  • The following new actions have been added:

    • Get Threat Forensics

    • Search Events

    • List Campaigns

Google Chronicle: Version 57.0

  • Updated the processing of the events in the following connector:

    • Google Chronicle - Chronicle Alerts Connector

May 07, 2025

New Cisco Vulnerability Management integration

CrowdStrike Falcon: Version 61.0

  • The following new action has been added:

    • Search Events

CrowdStrike Falcon: Version 61.0

  • Updated input parameter processing in the following action:

    • On-Demand Scan

  • Added ability to define Alert Name and Case Name templates to the following connectors:

    • Crowdstrike Falcon - Detections Connector

    • Crowdstrike Falcon - Identity Protection Detections Connector

    • Crowdstrike Falcon - Alerts Connector

Google Chronicle: Version 56.0

  • Added ignore \r\n characters and skip empty input values when adding to the following actions:

    • Is Value in Reference List

    • Add Value to Reference List

  • Optimized the processing of the alerts in the following jobs:

    • Google Chronicle - Alerts Sync

    • Google Chronicle - Alerts Creator

Microsoft Azure Sentinel: Version 52.0

  • Updated events processing logic in the following connectors:

    • Microsoft Azure Sentinel - Incident Connector v2

    • Microsoft Azure Sentinel - Incident Tracking Connector

Microsoft Graph Mail: Version 26.0

  • Added ability to define Alert Name Template in the following connector:

    • Microsoft Graph Mail - Microsoft Graph Mail Connector

Microsoft Graph Mail Delegated: Version 4.0

  • Added ability to define Alert Name Template in the following connector:

    • Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

CrowdStrike Falcon: Version 61.0

  • Updated input parameter processing in the following action:

    • On-Demand Scan

  • Added ability to define Alert Name and Case Name templates in the following connectors:

    • Crowdstrike Falcon - Detections Connector

    • Crowdstrike Falcon - Identity Protection Detections Connector

    • Crowdstrike Falcon - Alerts Connector

Google Chronicle: Version 56.0

  • Added ignore \r\n characters and skip empty input values when adding in the following actions:

    • Is Value in Reference List

    • Add Value to Reference List

  • Optimised the processing of the alerts in the following jobs:

    • Alerts Sync

    • Alerts Creator

Microsoft Azure Sentinel: Version 52.0

  • Updated events processing logic in the following connectors:

    • Microsoft Azure Sentinel - Incident Connector v2

    • Microsoft Azure Sentinel - Incident Tracking Connector

Microsoft Graph Mail: Version 26.0

  • Added ability to define Alert Name Template in the following connector:

    • Microsoft Graph Mail - Microsoft Graph Mail Connector

Microsoft Graph Mail Delegated: Version 26.0

  • Added ability to define Alert Name Template in the following connector:

    • Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

April 30, 2025

Mimecast: Version 12.0

  • The following new action has been added:

    • Create Block Sender Policy

HTTP v2: Version 8.0

  • Integration: Refactored the code to work with updated API.

Mimecast: Version 12.0

  • Added ability to ingest attachments and body associated with the held message to the following connector:

    • Mimecast - Message Tracking Connector

  • Added ability to filter by queue reason to the following connector:

    • Mimecast - Message Tracking Connector

SentinelOneV2: Version 38.0

  • The underlying API endpoint of the following action has been deprecated and there is no suitable replacement:

    • Get Hash Reputation

  • Refactored the code of the following connector:

    • SentinelOneV2 - Get Events For Endpoint Hours Back

VirusTotalV3: Version 37.0

  • Updated entity handling of the following actions:

    • Add Comment To Entity

    • Add Vote To Entity

    • Enrich URL

    • Get Domain Details

    • Get Related Domains

    • Get Related Hashes

    • Get Related IPs

    • Get Related URLs

  • Updated Predefined Widgets in the following actions:

    • Add Comment To Entity

    • Add Vote To Entity

    • Enrich URL

    • Get Domain Details

    • Get Related Domains

    • Get Related Hashes

    • Get Related IPs

    • Get Related URLs

April 23, 2025

ExtraHop: Version 6.0

  • The following new action has been added:

    • Update Detection

Zerofox: Version 2.0

  • The following new action has been added:

    • Add Evidence To Alert

Microsoft Graph Mail: Version 25.0

  • Updated event structure for the attached emails in the following connector:

    • Microsoft Graph Mail - Microsoft Graph Mail Connector

Microsoft Graph Mail Delegated: Version 3.0

  • Updated event structure for the attached emails in the following connector:

    • Microsoft Graph Mail Delegated - Microsoft Graph Mail Delegated Connector

SCC Enterprise: Version 17.0

  • Updated ticket creation workflow in the following action:

    • Create SCC Enterprise Cloud Posture Ticket Type Jira

Siemplify: Version 90.0

  • Added ability to work with additional timestamp types in the following action:

    • Permitted Alert Time

  • Added ability to work with IANA timezone names in the following action:

    • Permitted Alert Time

Tanium: Version 14.0

  • Improved action compatibility with Python 3.11 in the following action:

    • Download File

April 16, 2025

CrowdStrike Falcon: Version 60.0

  • Added ability to fetch hidden alerts in the following connector:

    • CrowdStrike - Alerts Connector

Google Chronicle: Version 55.0

  • Added ability to ingest composite alerts in the following connector:

    • Google Chronicle - Alerts Connector

  • Removed the Disable Event Splitting parameter so the connector will always ingest events in the original structure in the following connector and ontology mapping must be updated:

    • Google Chronicle - Alerts Connector

Microsoft Graph Mail: Version 24.0

  • Integration: Added support for working with S/MIME-encrypted emails.

  • Added Connector API throttling improvements to accommodate Max Emails per Cycle logic in the following connector:

    • Microsoft Graph Mail - Microsoft Graph Mail Connector

Microsoft Graph Security: Version 22.0

  • Integration: Added support for V2 version of the API. You need to enable it in the Connectors and Integration. Connector behavior changes on the new API; pay attention to filter configuration. You will also need to provide new permissions to work with V2 API.

ServiceNow: Version 56.0

  • Improved handling of OAuth 2.0 authentication in the following actions:

    • Create Incident
    • Create Alert Incident

April 09, 2025

New Zerofox integration.

Exchange: Version 112.0

  • Added an option to overwrite the URL regex connectors use in the following connectors:

    • Exchange - Mail Connector v2
    • Exchange - Mail Connector v2 with OAuth Authentication

Siemplify: Version 89.0

  • Removed the following unsupported job:

    • Siemplify - ETL Monitor Job

VirusTotalV3: Version 36.0

  • Updated private submission is_risky logic in the following action:

    • Submit File

VMware Carbon Black Cloud: Version 36.0

  • Updated the ingestion processing logic in the following connector:

    • VMware Carbon Black Cloud - Alerts and Events Baseline Connector

Web Risk: Version 2.0

  • Updated entity handling in the following action:

    • Enrich Entities

April 02, 2025

CrowdStrike Falcon: Version 59.0

  • Updated input handling for the following actions:

    • Update Identity Protection Detection

    • Add Identity Protection Detection Comment

Exchange: Version 111.0

  • Improved encoding handling during email parsing in the following connectors:

    • Exchange - Mail Connector v2

    • Exchange - Mail Connector v2 with Oauth Authentication

ExtraHop: Version 5.0

  • Updated alert processing logic in the following connector:

    • Extrahop - Detections Connector

Google Chronicle: Version 54.0

  • Updated the following connector to support new SIEM API:

    • Google Chronicle - Alerts Connector

  • Updated the following jobs to support new SIEM API:

    • Sync

    • Alerts Creator

  • Added ability to authenticate via Workload Identity in the following connector:

    • Google Chronicle - Alerts Connector

  • Added ability to authenticate via Workload Identity in the following connector in the following jobs:

    • Sync

    • Alerts Creator

Jira: Version 46.0

  • Updated the following jobs:

    • Sync Closure

    • Sync Comments

Microsoft Azure Sentinel: Version 51.0

  • Integration: (IMPORTANT) Updated the integration code to work with Python version 3.11.

    To ensure compatibility and avoid disruptions, follow the upgrade best practices described in the following document: https://cloud.google.com/chronicle/docs/soar/respond/integrations-setup/upgrade-python-versions.

  • Added an option to create additional SecOps events for all Sentinel Incident's entities in the following connectors:

    • Microsoft Azure Sentinel - Incident Connector v2

    • Microsoft Azure Sentinel - Incident Tracking Connector

  • Improved tracking of Microsoft Sentinel Incident's entities (if the connector can't fetch events for Sentinel's Scheduled alerts or NRT-based incidents, it will attempt to fetch Incident's entities instead) in the following connectors:

    • Microsoft Azure Sentinel - Incident Connector v2

    • Microsoft Azure Sentinel - Incident Tracking Connector

  • Improved handling of Microsoft Sentinel incidents IDs in connectors backlog in the following connectors:

    • Microsoft Azure Sentinel - Incident Connector v2

    • Microsoft Azure Sentinel - Incident Tracking Connector

Microsoft Graph Mail: Version 23.0

  • Integration: Added support for working with S/MIME-encrypted emails.

  • The code base was refactored in the following connector:

    (REGRESSIVE) As part of the refactor, connector's Tenant (Directory) ID parameter has been updated to a Microsoft Entra ID Directory ID, this will require re-entering connector's configuration parameters after the update.

    • Microsoft Graph Mail - Microsoft Graph Mail Connector

ServiceNow: Version 55.0

  • Added support for Sync Closed Incidents job to handle created incidents in the following actions:

    • Create Incident

    • Create Alert Incident

  • Added ability to filter records by assignment group in the following connector:

    • ServiceNow - ServiceNow Connector

  • Added ability to sync incidents created during playbook execution in the following job:

    • Sync Closed Incidents

Siemplify: Version 88.0

  • Removed the following unsupported job from the integration:

    • Jobs Monitor

VMRay: Version 17.0

  • Updated entity handling in the following action:

    • Scan URL

March 26, 2025

Cisco Firepower Management Center: Version 7.0

  • Integration: Added pagination mechanism support.

Cofense Triage: Version 13.0

  • Integration: (REGRESSIVE) Updated alerts and events time mappings.

Exchange: Version 110.0

  • Integration: Dependencies update.

Google Chronicle: Version 53.0

  • Propagate SIEM data access scope in the following connector:

    • Google Chronicle - Alerts Connector

  • Updated predefined widget in the following action:

    • Get Detection Details

MSSQL: Version 16.0

  • Integration: Integration updates.

Microsoft Graph Security: Version 21.0

  • Updated the handling of alerts in the following connector:

    • Microsoft Graph Security - Office 365 Security and Compliance Connector

SCC Enterprise: Version 16.0

  • Integration: Added support for regionalized environments.

Siemplify: Version 87.0

  • Removed the following unsupported job from the integration:

    • Connectors Monitor

March 19, 2025

Exchange: Version 109.0

  • Integration: Added support for working with S/MIME-encrypted emails.

Jira: Version 45.0

  • Added support for integration's sync jobs to handle created issues in the following actions:

    • Create Issue

    • Create Alert Issue Actions

  • Added support to handle issues created by the Create Issue and Create Alert Issue actions in the following jobs:

    • Sync Closure

    • Sync Comments Jobs

ServiceNow: Version 54.0

  • Added ability to provide custom fields as JSON objects in the following actions:

    • Create Incident

    • Update Incident

Zoho Desk: Version 8.0

  • Updated the user searching mechanism in the following action:

    • Create Ticket

March 12, 2025

New Sysdig Secure integration

New Web Risk integration

Mandiant: Version 8.0

  • Updated predefined widgets in the following actions:

    • Enrich Entities

    • Enrich IOCs

    • Get Malware Details

Mandiant Threat Intelligence: Version 12.0

  • Updated predefined widgets in the following actions:

    • Enrich Entities

    • Enrich IOCs

    • Get Malware Details

Mimecast: Version 11.0

  • (DEPRECATED) No replacement API endpoint in new API in the following action:

    • Report Message

  • Integration: Migrated integration to work with the latest API version.

  • Integration: Added client credentials authentication.

Varonis Data Security Platform: Version 5.0

  • Integration: Updated dependencies.

March 05, 2025

CrowdStrike Falcon: Version 58.0

  • Added ability to provide a hostname from the input parameters in the following actions:

    • On-Demand Scan

    • Execute Command

    • Run Script

Exchange: Version 108.0

  • Integration: Updated the integration.

Google Chronicle: Version 52.0

  • Updated severity handling in the following connector:

    • Google Chronicle - Alerts Connector

  • Integration: Updated the integration dependencies.

  • Error handling improvements in the following job:

    • Alerts Creator

Microsoft Azure Sentinel: Version 50.0

  • Improved the connector logging and the API timeout handling in the following connector:

    • Microsoft Azure Sentinel - Incident Connector v2

SiemplifyUtilities: Version 24.0

  • Added ability to disable JSON data escaping in the following action:

    • Filter JSON

VirusTotalV3: Version 35.0

  • Updated the comment fetching logic in the following action:

    • Submit File

February 26, 2025

New Microsoft Graph Mail Delegated integration

Siemplify: Version 86.0

  • The following new actions have been added:

    • Wait For Custom Fields

    • Set Custom Fields

    • Create Gemini Case Summary

Anomali: Version 12.0

  • Integration: Updated the API authentication.

HTTP v2: Version 7.0

  • Integration: Updated the integration to work without authentication.

Mandiant ASM: Version 9.0

  • Integration: Updated handling of the ASM Project.

February 24, 2025

Siemplify: Version 85.0

  • Updated input handling in the following case:

    • Close Case

February 19, 2025

Carbon Black Response: Version 34.0

  • Fixed the issue with data type of the Version parameter in the following connector:

    • Carbon Black Response - Carbon Black Response Connector

Exchange: Version 107.0

  • Integration: Updated external package dependencies.

Microsoft Graph Mail: Version 22.0

  • Added the ability to control the action's JSON result behavior in the following actions:

    • Search Emails

    • Move Email To Folder

    • Delete Email

    • Wait For Email From User

  • Integration: Improved localization support and better handling of the internetMessageID filter.

  • Integration: Improved integration configuration validation.

Netskope: Version 12.0

  • Integration: Integration updated to support latest Netskope API updates

    Integration needs to be configured with V1 and V2 API Tokens, to support actions that are working with V1 endpoints, and actions that work with newer, V2 endpoints. For more information, see the following Netskope article - https://docs.netskope.com/en/netskope-product-eol-announcements/#eol-for-specific-rest-api-v1-endpoints-1

Splunk: Version 57.0

  • Integration: Updated Dependencies.

February 12, 2025

Google Chronicle: Version 51.0

  • Improved Connector Logs To Notify On Possible Ingestion Delays in the following connector:

    • Google Chronicle - Alerts Connector

  • Updated OOTB mapping in the following connector:

    New mapping allows you to have "Disable Event Splitting" enabled and still have all entities mapped out.

    • Google Chronicle - Alerts Connector

Microsoft 365 Defender: Version 20.0

  • Added ability to disable alert tracking in the following connector:

    • Microsoft 365 Defender - Incidents Connector

Snowflake: Version 6.0

  • Integration: Updated integration to use the latest API version.