Skip to main content

Google Security Operations introduced a wave of significant features in Q2 2025, enhancing capabilities in data visualization, search, and case management.

 

SecOps Dashboard and Reporting Platform: Now Offering Enhanced Visualization, Analysis, and Monitoring

Now generally available, this release has added some exciting new capabilities to improve your visualization experience further.  Learn more

Key Enhancements Include:

  • SOAR Data Integration: Dashboards now natively integrate SOAR data, enabling powerful visualizations and monitoring of SOAR operations. This includes access to cases, case history, and playbook data, all queryable using YARA-L. Additionally, 30 days of historical SOAR data have been backfilled for all customers.

  • Dashboard Export: Users can now easily download entire dashboards as PDF, CSV, or PNG files. Individual charts can also be exported as CSV for convenient sharing and offline analysis.

  • Custom Drilldowns: Available across most chart types, custom drilldowns can be configured to run searches, apply dashboard filters, or open external links. Dynamic variables from chart queries ensure seamless navigation and context-rich investigations.

  • Markdown Widgets: To improve dashboard organization and presentation, markdown widgets offer rich text, headings, and other formatting options for clearer communication.

  • 51 out-of-the-box dashboards, including content for PCI and NIST 800-53 compliance.

AD_4nXdWpfkc0yHEU7R8bS0-654eTlTt6RDA1Ls8pKrnleS3ZSjWPzhovxbUDNywVWthwJcZRKgMh-vRxFmROKThMfP7thzl-bYvc7KxaKADFQU8gh0KxjL97hnSdhJhUsGgUXBEN31QA059SOahMskLF3LDGWxQT49xU_LaExKrg5RjiFZj?key=Hjwgu7wo9rK3Cp1l5ja_Ow

 

Extending AI-Powered Security Access Through the Open Source Model Context Protocol (MCP)

 

Google Security Operations launched open-source MCP server implementations for Google Security Operations, SOAR, Threat Intelligence (GTI), and Security Command Center (SCC). MCP standardizes LLM interaction with security tools and data, simplifying AI integration and enhancing security workflows.

  • Simplifying LLM-Tool Connection: MCP streamlines how LLMs retrieve information, trigger actions, and interact with applications by simplifying their connection to external data sources and tools.

  • Enabling Natural Language Interaction: Customers can now interact in natural language with Google's security products through any compatible LLM client. This democratizes the creation of ad hoc AI workflows, making AI-powered solutions more accessible.

  • Reducing Integration "Plumbing": By standardizing interactions, MCP reduces the time and effort spent on complex integration tasks, allowing security teams to focus on leveraging AI for high-value outcomes like advanced analysis and automated response.

AD_4nXeRpZdp5kwGrt97C-Rv-oaT_7xbZYQgnRxZ5x3zPq7rAJZgaLAdwqt_tFXEoUgFmRjE49SQleFK4vMZWtti1uR27-52-pYZOXVDPGhqZSzo8ZgUBTuHEqPw1lE7aLnUPDpIr0M1Mb0Hx4hIPZgWwBIuKjWjvUJn4ftv8nq1tHbeY4zt?key=Hjwgu7wo9rK3Cp1l5ja_Ow

These implementations are now publicly available on GitHub: https://github.com/google/mcp-security.

 

Additional Features released GA and Public Preview in Q2 2025

 

Search Enhancements:

  • Statistics and Aggregations in Search: oGA] Powered by Yara-L 2.0, this new feature in Chronicle Search provides instant insights into security data, enabling proactive threat hunting and rapid incident response. Learn more

  • Entity Context Search: oPublic Preview] Expanding robust search functionalities in SecOps to encompass critical entity context alongside event data. This empowers security analysts and threat hunters to directly query and comprehend the context of users, assets, IP addresses, and other entities, thereby improving their capacity to identify risks, investigate incidents, and develop more effective searches.

  • Data Tables in Search: oGA]  This feature introduces new capabilities such as YL2 support to join events with data table columns and enrich them, and YL2 support to write rule results into data tables. Enhanced limits include 10 GB per data table, 5MB per row, 10 million rows per data table, 1000 columns per data table, and 1TB aggregate data table volume per tenant or 1000 data tables per tenant. Learn more

Case & Alert Management 

  • Custom Field Form widget: tGA]  Analysts can now add, view, and extend contextual information within alert and case scopes. This improves investigation efficiency, reporting, and compliance by allowing tailored workflows with specific data fields and forms. Learn more

  • Quick Actions Widget in Case Management: sPublic Preview]  Analysts are empowered to easily create predefined actions directly from Case and Alert views with a single click, streamlining workflows and minimizing errors. Learn more

Threat Detection:

  • Composite Detections: /GA] This allows users to build sophisticated, multi-stage detection logic to identify complex attack patterns that traditional methods might miss. It helps organizations structure their detection logic for higher recall and precision. Learn more

Respond:

  • Playbook Assistant: /GA]  This allows users to create complex SecOps playbooks using natural language without coding, saving significant time. Updates include support for more complex playbook generation, editing, a wider variety of prompt types, and usability enhancements. Available for Enterprise and Enterprise+ customers. Learn more

  • High Availability for Remote Agents: Learn more

Dashboards and Reports:

  • Bring Your Own Big Query: Learn more

Data Collection and Management:

  • Azure Event Hub Native Integration: nGA] Provides real-time log ingestion, reducing latency from 15 minutes to 15 seconds and potentially cutting Azure costs by 22%. Learn more

  • SDK Command Line Interface (CLI): )GA] This provides comprehensive command-line access to interact with Google Security Operations programmatically. It streamlines workflows, automates tasks like log ingestion and rule management, and integrates SecOps capabilities into scripting environments. Learn more

 

Other:

  • Google SecOps Content Hub: uPublic Preview] The new Google SecOps Content Hub simplifies the discovery, preview, and deployment of crucial SecOps content. This central, easy-to-navigate hub allows customers to quickly access curated detections, native dashboards, SOAR content, and new onboarding Content Packs, thereby accelerating security operations and enhancing security posture. Learn more

  • Customer Managed Encryption Keys (CMEK) now available in the UK, in addition to Germany and Italy. Learn More

  • Brazil and France Regions oGA] SecOps services are now available in Brazil and France. With this launch, SecOps is now live in 16 regions worldwide, helping Cloud Security capitalize on growth opportunities in these regions and meeting customer residency commitments. Learn More

  • Google Threat Intelligence Response Integration in Google SecOps. pGA]  This integration with Google Threat Intelligence empowers analysts to proactively identify and respond to emerging threats, enabling them to gain deeper, real-time context from within playbooks. This feature allows you to enrich security data, prioritize alerts, understand attacker tactics, techniques, and procedures (TTPs), and automate more informed incident response actions with ease. Learn more

Be the first to reply!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.