Skip to main content

How to publish Google SecOps SIEM Custom Integration in Content Hub

  • July 8, 2025
  • 2 replies
  • 66 views
pranay_mak
Forum|alt.badge.img+2

I want to publish my custom integration in Google SecOps Content Hub. I have a few questions regarding the process:

  1. Is there a mechanism to publish custom integrations in Google SecOps Content Hub, similar to how SOAR Response Custom Integrations are published?

  2. Beyond SOAR, is there a method to publish SIEM integrations (comprising data collection, parsers, and dashboards) as a package within Google SecOps?

  3. Google SecOps SIEM integrations are currently deployed as GCP solutions. Is there an alternative publishing method that allows users to configure required parameters as part of a custom integration?

    2 replies

    ScottieJ
    Staff
    Forum|alt.badge.img+6
    • ScottieJ
    • Staff
    • July 8, 2025

    Hi, I've tried to address your questions below. I know we don't have a fully flushed out solution; however, I believe you do have some options:

    1. Currently you'll need to reach out to Customer Support to submit your custom integration to the Google SecOps Marketplace team. For community and partner content, the process is not fully automated and requires collaboration with the Google Partnership team. Google is actively working on improving these contribution flows. check out this post on community driven detection, it may help

    2. This would be the Content Packs in the Content Hub, there are initiatives planned for 2025 and beyond  which may include the capability to publish content packs, for now you'd have to follow the above process

    3. Yes, there is an alternative publishing method,  the public repository at https://github.com/chronicle for Google SecOps SIEM integrations may be helpful for your purpose.

     

    ylandovskyy
    Staff
    Forum|alt.badge.img+16

    Hey @pranay_mak !

    1. Unfortunately, it's not possible to contribute custom content that is not Response Integration as of now. This is something that we are working on, but I can't give an ETA. My current suggestion would be to host the content in your Github repository and share it with necessary contacts, when needed. 

    2. The question sounds similar to the 1st one, so let me know, if it answered everything.

    3. Can you elaborate what you mean by this?

    Terms & ConditionsCookie settingsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.