Another great weekly update from Chris Martin, Google Security Specialist. These are valuable insights! Thank you Chris.
What’s New in Google SecOps for the interval June 1st through June 7th 2026.
Highlights
🚀 You can now Investigate Detections in SecOps UDM Search
🔥 Essential reading from Simone Bruzzechesse on SecOps API and Ingestion Health monitoring with Cloud Monitoring
🔥 Essential reading from Greg Kushmerek on That Looks Different Than Yesterday
🔥 Look out for the FREE John Stoner Virtual SecOps Workshops and Dave Nehoda Webinar: Detecting Compromised AI Agents
Product Updates & New Features
Google SecOps
🚀 Release Notes from Google Cloud Documentation
- A previously announced ‘Manage access to preview features’ capability for Google Chronicle SecOps has been rolled back. [Read More]
- This explains why I couldn’t see this on any tenants from last week!
SecOps SIEM
🚀 Investigate detections in Search from Google Cloud Documentation
- This article outlines how to use Google Security Operations’ search features to investigate security detections, perform entity-based threat hunting, and identify incident scope. [Read More]
- You can now query Detections directly in UDM Search, with the associated UX updated accordingly 🎉
📑 New Doc: Agentic SOC > Security Tokens from Google Cloud Documentation
- This document details Google SecOps Security Tokens, which serve as the primary billing and metering unit for Google security agents [Read More]
- This info was available in other docs, but now there is a dedicated documentation on how Google SecOps Security Tokens work, and their cost.
Google Threat Intelligence
✍️ Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms from Google Cloud Blog
- Mandiant has identified an ongoing, financially motivated data theft extortion campaign by the threat cluster UNC3753, which is targeting US law firms. [Read More]
BindPlane
🚀 OTEL v1.101.1 from GitHub
- This article announces the release of v1.101.1 for the observIQ bindplane-otel-collector, featuring new enhancements such as the Azure Authenticator Extension. [Read More]
AI
✍️ Scaling AI Agents: A Step-by-Step Guide to Deploying ADK on GKE Autopilot from Google Cloud Blog
- This article provides a step-by-step guide on deploying and scaling AI agents built with Google’s Agent Development Kit (ADK) on GKE Autopilot for robust, production-ready infrastructure. [Read More]
✍️ Connecting AI agents with unstructured data using Google Cloud Storage MCP Servers from Google Cloud Blog
- The article highlights Google Cloud Storage (GCS) as a foundational component for AI agents, emphasizing its role in securely connecting AI agents with unstructured data to provide context and support enterprise deployments. [Read More]
✍️ Introducing the Google Colab CLI from Google Cloud Blog
- Google has announced the Colab Command-Line Interface (CLI), a new tool enabling developers and AI agents to connect local terminals to remote Colab runtimes for easy access to GPUs, remote script execution, and artifact retrieval. [Read More]
✍️ Bringing Gemma 4 12B to your Laptop: Unlocking Local, Agentic Workflows with Google AI Edge from Google Cloud Blog
- Google’s Gemma 4 12B model is now available on laptops with 16GB RAM via Google AI Edge, enabling local agentic and multimodal AI workflows, including visual insights and offline voice dictation. [Read More]
✍️ Gemma 4 12B: The Developer Guide from Google Cloud Blog
Google has released Gemma 4 12B, a new dense, multimodal AI model designed for high-performance local execution on consumer devices, featuring a novel encoder-free architecture that directly feeds multimodal data into its LLM backbone. [Read More]
Adoption Guides & Deep Dives
🔥✍️ SecOps API and Ingestion Health monitoring with Cloud Monitoring from Google Cloud Security Community (Simone Bruzzechesse)
- The article highlights how Google Cloud Security Operations leverages Cloud Monitoring to ensure the health of SecOps APIs and data ingestion, which is vital for effective threat detection and incident response in a modern SOC. [Read More]
GitHub - GoogleCloudPlatform/secops-toolkit
✍️ Microsoft Telemetry to UDM Mapping: Part 1 — Foundations from Google Cloud Security Community
- This article, the first in a series, provides foundational guidance on effectively mapping Microsoft telemetry to a Unified Data Model, addressing gaps in Microsoft’s documentation regarding event value, SIEM normalization, and advanced threat detection. [Read More]
✍️ Microsoft Telemetry to UDM Mapping: Part 2 — On-Premises Detection from Google Cloud Security Community
- This article, part of a series, details how to map Microsoft on-premises telemetry sources like Active Directory, Kerberos, Sysmon, and Windows Security Events to Google Security Operations’ UDM for detecting various cyber threats. [Read More]
✍️ Microsoft Telemetry to UDM Mapping: Part 3 — Cloud Detection & Cross-Source Correlation from Google Cloud Security Community
- This article, part three of a series, details mapping Microsoft cloud infrastructure telemetry (Entra ID, Office 365, Defender) to UDM for improved cloud detection and cross-source correlation, enabling end-to-end attack chain detection. [Read More]
Community & Events
🔥 FREE John Stoner Virtual SecOps Workshops and Dave Nehoda Webinar: Detecting Compromised AI Agents from Google Cloud Security Community
- Google Cloud is offering free SecOps workshops and a webinar with Dave Nehoda focused on detecting compromised AI agents, detailing how prompt injections can exploit cloud infrastructure and how to build detection frameworks. Register now!
- Join us for a foundational, two-hour virtual workshop designed to simplify Google SecOps navigation by aligning key terminology with everyday analyst workflows. Through interactive, hands-on examples, you will explore real-world user journeys, search concepts, and data connectivity to build the perfect baseline for future technical training.
- Register for AMER/EMEA (8AM — 10AM PDT / 3PM — 5PM UTC)
- Register for APJ (4PM — 6PM PDT / 11 PM — 1AM UTC)
✍️ Agent Skills for Private Knowledge Collections in GTI from Google Cloud Security Community
- Google Threat Intelligence (GTI) has introduced Private Knowledge Collections, enabling users to create private instances of GTI objects and integrate local threat intelligence with Google’s global dataset for enhanced analysis. [Read More]
✍️ Visual Investigations and Campaign Mapping in Google Threat Intelligence Threat Graph from Google Cloud Security Community
- This article details how visual investigation and campaign mapping, specifically using entity relationship graphs in Google Threat Intelligence’s Threat Graph, provides a superior methodology for tracking sophisticated adversaries by identifying connections between various threat indicators. [Read More]
✍️ Webinar Alert (6/16): Stop Secret Sprawl and Secure Your AI Agents and Workloads from Google Cloud Security Community
- This webinar alert discusses the critical issue of “secret sprawl,” where sensitive credentials like API keys are increasingly exposed, a problem significantly exacerbated by the rapid adoption of AI technologies. [Read More]
- When: June 16, 11 am EST/ 8 am PST
- Register now: https://www.brighttalk.com/webcast/18282/668534
3rd Party Blogs
✍️ Creating an Agentic Skill in just a few hours from Greg Kushmerek
- The article describes how Greg Kushmerek utilized an agentic coding platform called Antigravity to create a Model Context Protocol (MCP) skill for Google SecOps Risk Analytics in just a few hours. This skill enables AI to generate complex and syntactically correct YARA-L rules by providing necessary context, documentation, and error-correcting scripts.[Read More]
GitHub - GooGKush/secops-risk-analytics: Skill for using SecOps Risk Analytics in rules and search
Skill for using SecOps Risk Analytics in rules and search - GooGKush/secops-risk-analyticsgithub.com
Podcasts & YouTube
🎙️ Behind the Binary: When AI Features Create Zero-Click Exploits: The Pixel 9 Chain with Seth Jenkins from YouTube
This episode discusses how AI features, exemplified by a vulnerability chain found in the Pixel 9, can lead to the creation of zero-click exploits. [Watch]
Wiz
✍️ AI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AI from Wiz Blog
- The article discusses the first pillar of the AI Threat Readiness Framework, which focuses on reducing critical exposures and utilizing AI for scanning, and highlights Wiz’s contribution [Read More]
✍️ Eliminate Critical API Attack Paths with Wiz API SPM from Wiz Blog
- Wiz API SPM is now generally available, offering customers tools to discover, assess, and prioritize remediation for API vulnerabilities to prevent breaches. [Read More]
✍️ Miasma: Supply Chain Attack Targeting RedHat npm Packages from Wiz Blog
The article details ‘Miasma’, a supply chain attack exploiting RedHat npm packages, and provides guidance on detecting and mitigating the associated malicious software. [Read More]
Platform Issues
✅ RESOLVED: Google SecOps SIEM customers in the US region may be experiencing delays in data ingestion for cloud-based v2 feeds from Cloud Google Status
Google SecOps SIEM customers in the US region are experiencing delays in data ingestion for cloud-based v2 feeds, with an engineering team actively investigating the issue. [Read More]
