New ASIM Authentication Parser Adds Google Workspace Login Visibility via GoogleWorkspaceReports Table

A new ASIM Authentication parser for Google Workspace Logins normalises login, logout, and suspicious sign-in events from the GoogleWorkspaceReports table, enabling source-agnostic detections to cover Google Workspace identity activity for the first time. Read More →

Google Threat Intelligence ASIM AlertEvent Parser: Relevance System Alerts Now Normalised

New ASIM AlertEvent parsers add native normalisation for Google Threat Intelligence Relevance System Alerts, making GTI alert data available to all source-agnostic detections using the imAlertEvent and ASimAlertEvent schemas. Read More →

Google Workspace Reports: Google Meet Activity Logs Restored After Polling Window Gap

A missing queryWindowDelayInMin setting caused Google Meet audit events to be silently dropped by the CCF connector - adding a 30-minute delay restores ingestion of events that arrive late from Google API. Read More →

Google Threat Intelligence: New GTI Relevance System Alerts Connector and Six Bundled Detections

A new Function App-based data connector ingests Google Threat Intelligence Relevance System Alerts into Sentinel, unlocking six new Analytic Rules that fire on high-severity, data-leak, initial access broker, and insider threat alert categories surfaced by the GTI platform. Read More →

Google SecOps Integration: New Detection Pipeline Connects Chronicle to Sentinel

Microsoft Sentinel gains visibility into Google Chronicle security detections through new connector and parsers. Read More →

Google Threat Intelligence Solution: Custom Connector Deployment Prerequisites Clarified

Solution metadata updated to warn customers that Playbooks require manual deployment of the GTI custom Logic Apps connector before use. Read More →

Google Directory Solution: New Playbook Integration with Extended Security Scope

Initial release of GoogleDirectory solution adds Google Workspace user security management capabilities to Microsoft Sentinel playbook automation. Read More →

Google Workspace Reports Connector Promoted to General Availability

Google Workspace Reports CCF connector exits preview status with updated OAuth configuration guidance. Read More →

Google Kubernetes Engine Connector: Documentation Update Links to Official Microsoft Learn

Google Kubernetes Engine connector documentation updated to reference official Microsoft Learn guides instead of personal repositories. Read More →

GCP IAM Detection Logic Fixed — Correcting Service Account Key Detection Gaps

Two GCP IAM analytic rules had syntax errors preventing proper detection of token generation and key enumeration attacks. Read More →

Google Threat Intelligence: Enhanced Threat Hunting with MITRE ATT&CK Integration

Updated threat hunting rules add MITRE ATT&CK mappings and fix parser function calls for improved threat detection coverage. Read More →

GCP Security Command Center: New Detection Suite for Cloud Misconfigurations

New Solution delivers 5 Analytic Rules and 5 Hunting Queries to detect GCP security misconfigurations including unrestricted API keys, disabled security features, and risky IAM configurations. Read More →