Skip to main content

FREE John Stoner Virtual SecOps Workshops and Dave Nehoda Webinar: Detecting Compromised AI Agents

7 days ago

Welcome to the Google Cloud Security Community!

Got a question? Need an answer? Let's connect!

Security Forums

Q&A, discussions, share, network

Resource Center

Your learning hub for all things security

User Groups

Join a local meetup!

Events

Discover, RSVP, connect

Featured Blogs

You wont want to miss these articles

Blog

That Looks Different Than Yesterday

Not too long ago I learned what Bayesian probability was and then figured out how to implement it in Google SecOps. I chose to focus on the probabilit...

Forum|Forum|5 days ago

1541

New To Google SecOps: Fade to Grey: Managing Table TTL and Row Expiration

We’ve previously discussed a number of capabilities that data tables provide Google Security Operations (SecOps) including handling large data sets, w...

Forum|Forum|12 days ago

1562

Beyond Chat: Building an Autonomous SOC Analyst with Claude and the Google MCP

This blog post was written by guest author, Eliraz Oved. If you spend your days in the trenches of a Security Operations Center, you already know the...

Forum|Forum|1 month ago

31777

Recent activity
Help others
Categories

faablimaBronze 1

Google Security Operations

How to suppress "Alerts were ingested into Environment X which does not exist" notifications for unmapped namespaces

We use the Google Chronicle Alerts connector with dynamic environment routing:Environment Field Name: event_metadata_baseLabels_namespaces_1 Environment Regex Pattern: ^(IFAP|UNIFAP|IFPI)$This correctly routes alerts from mapped namespaces (IFAP, UNI

faablimaBronze 1

Google Security Operations

Native Dashboard ingestion log_volume (GB) returns no data for scoped (Data RBAC) users, while log_count works

We have Data RBAC configured to segregate visibility between regional SOC teams (per namespace). A scoped analyst group (GRP_SECOPS_SOC-AP) is restricted to namespaces IFAP and UNIFAP via a Data Access Scope using only the standard Namespace label (n

cmmartin_googleStaff

Google Security Operations

What’s New in Google SecOps: 2026–06–07

Another great weekly update from Chris Martin, Google Security Specialist. These are valuable insights! Thank you Chris. What’s New in Google SecOps for the interval June 1st through June 7th 2026. Highlights 🚀 You can now Investigate Detections in

rav1and3Bronze 3

Google Security Operations

cannot import name 'extract_action_param' from 'TIPCommon'

I am getting cannot import name 'extract_action_param' & ‘extract_configuration_param’ from 'TIPCommon' error when I am testing the updated SOAR integration in staging mode for Azure Active Directory & Google Chronicle SOAR integrations. How

toksikwisNew Member

Google Security Operations

SecOps SOAR Integration via Remote Agent

We are configuring remote agents for the SOAR to communicate internally to our tools. We have successfully deployed the remote agents (docker) and they are showing "Lived" status on the web ui.However, during the integration configuration, when we ch

MiguelNew Member

Google Security Operations

Can Google SecOps Dashboards query Mandiant Fusion IOC (GLOBAL_CONTEXT) data directly?

Hello everyone,I am trying to build a dashboard in Google SecOps that displays statistics about malicious IP addresses observed in firewall traffic and correlated against Mandiant Fusion IOC data.The correlation works correctly in Log Search using a

Chris-NNew Member

Google Security Operations

Overlapping Text in Event Data

Some of our event field names are quite long and subsequently overlap into the event’s value. Is there a way to fix this? We don’t appear to be able to drag or move the columns at all or expand the view. Thanks,Chris

toksikwisNew Member

Google Security Operations

SecOps SOAR Integration via Remote Agent

We are configuring remote agents for the SOAR to communicate internally to our tools. We have successfully deployed the remote agents (docker) and they are showing "Lived" status on the web ui.However, during the integration configuration, when we ch

vince5959New Member

Google Security Operations

Urgent – Google Cloud Project Suspended (ACCOUNT_HIJACKED) – Business Impact

Hello,My Google Cloud project has been suspended due to a security issue (ACCOUNT_HIJACKED).I fully understand the situation and I am ready to take all necessary actions to secure the project. However, I currently do not have access to the project an

soaruserBronze 1

Google Security Operations

Job Schedule to Check Log Source Status

How do I automate the process to send an email alert to team if log source is not reporting.1.SOAR Dashboard: I have created a query to fetch last reported time of each log_type, but how do I trigger an email if last reporting time is greater than x

faablimaBronze 1

Google Security Operations

How to suppress "Alerts were ingested into Environment X which does not exist" notifications for unmapped namespaces

We use the Google Chronicle Alerts connector with dynamic environment routing:Environment Field Name: event_metadata_baseLabels_namespaces_1 Environment Regex Pattern: ^(IFAP|UNIFAP|IFPI)$This correctly routes alerts from mapped namespaces (IFAP, UNI

faablimaBronze 1

Google Security Operations

Native Dashboard ingestion log_volume (GB) returns no data for scoped (Data RBAC) users, while log_count works

We have Data RBAC configured to segregate visibility between regional SOC teams (per namespace). A scoped analyst group (GRP_SECOPS_SOC-AP) is restricted to namespaces IFAP and UNIFAP via a Data Access Scope using only the standard Namespace label (n

rav1and3Bronze 3

Google Security Operations

cannot import name 'extract_action_param' from 'TIPCommon'

I am getting cannot import name 'extract_action_param' & ‘extract_configuration_param’ from 'TIPCommon' error when I am testing the updated SOAR integration in staging mode for Azure Active Directory & Google Chronicle SOAR integrations. How

toksikwisNew Member

Google Security Operations

SecOps SOAR Integration via Remote Agent

We are configuring remote agents for the SOAR to communicate internally to our tools. We have successfully deployed the remote agents (docker) and they are showing "Lived" status on the web ui.However, during the integration configuration, when we ch

toksikwisNew Member

Google Security Operations

SecOps SOAR Integration via Remote Agent

We are configuring remote agents for the SOAR to communicate internally to our tools. We have successfully deployed the remote agents (docker) and they are showing "Lived" status on the web ui.However, during the integration configuration, when we ch

vince5959New Member

Google Security Operations

Urgent – Google Cloud Project Suspended (ACCOUNT_HIJACKED) – Business Impact

Hello,My Google Cloud project has been suspended due to a security issue (ACCOUNT_HIJACKED).I fully understand the situation and I am ready to take all necessary actions to secure the project. However, I currently do not have access to the project an

soaruserBronze 1

Google Security Operations

Job Schedule to Check Log Source Status

How do I automate the process to send an email alert to team if log source is not reporting.1.SOAR Dashboard: I have created a query to fetch last reported time of each log_type, but how do I trigger an email if last reporting time is greater than x

keiSBronze 5

Google Security Operations

How SOAR Migration works when using Cloud Identity integration

We have completed Stage 2 of SOAR Migration for our SecOps environment using Cloud Identity integration.However, I'm having trouble understanding the IAM mechanism as described in the documentation. Could you please explain it to me?* My understandin

ai_kdNew Member

Google Security Operations

Account-level restriction persists after project reinstatement — Appeal ticket # [removed by moderator]

My GCP account (project ID: project-0b2ff1f9-abbb-46e6-bc1) was restricted on Feb 13, 2026 for a policy violation caused by a software bug — a flawed retry pattern that sent excessive Vertex AI API requests.I submitted an appeal and provided detailed

fernandoredondoNew Member

Google Security Operations

Suspended Google Cloud Project — no response 2 weeks later — Urgent

Hi, my Google Cloud/Firebase project was suspended for suspected key misuse (account_hijacked).I submitted an appeal, but after 9 days I still have no response.This is now a production outage: about 1200 paying users cannot log in and trust for my ap

Security Forums

Welcome to the Google Cloud Security Forums! Your ultimate security conversation spot. Collaborate with peers and experts to solve challenges, together.

Google Security Operations

2892 topics

Google Threat Intelligence

94 topics

Security Command Center

79 topics

Security Validation

121 topics

Fraud Defense (reCAPTCHA)

302 topics

Cloud Security Foundation

47 topics

Stay Informed

Stay Informed

News & Announcements

131 topics

Getting Started

New to the Google Cloud Security Community? Our resources page has everything you need to get started! Find helpful information on account registration, navigating the community, and sharing your valuable feedback.

Community Feedback

13 topics

Open Questions

Can you help?

cannot import name 'extract_action_param' from 'TIPCommon'

0

SecOps SOAR Integration via Remote Agent

0

Can Google SecOps Dashboards query Mandiant Fusion IOC (GLOBAL_CONTEXT) data directly?

0

Validation Content Update - June 3, 2026

0

API access to custom export filter settings

0

Leaderboard

The leaderboard is currently empty. Contribute to the community to earn your spot!

Upcoming Community Events

Webinars, User Groups, Podcasts, more

Powered by Gainsight

Terms & ConditionsAccessibility statement

Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.

Sign up

Already have an account? Login

Login with SSO

Login to the community

Login with SSO

Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.

Enter your e-mail address

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

OK

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

OK