⚠️ GoogleSecOps

⚠️ Unpublished: This item is from a solution that is not yet published on Azure Marketplace or not installed in Content Hub.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Solutions Index

Attribute	Value
Publisher	google
Support Tier	Partner
Support Link	https://cloud.google.com/support
Categories	Security - Threat Protection,Security - Automation (SOAR)
Version	3.0.0
Author	Google - secops-sentinel-support@crestdata.ai
First Published	2025-04-04
Solution Folder	GoogleSecOps

The Google SecOps solution for Microsoft Sentinel provides the capability to ingest detection alerts from Google SecOps (formerly Chronicle) into Microsoft Sentinel using the legacyStreamDetectionAlerts API.

Data Connectors
Tables Used
Content Items

Data Connectors

This solution provides 1 data connector(s):

Google SecOps Detection Alerts

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
`DetectionAlerts_CL`	Google SecOps Detection Alerts	Analytics

Content Items

This solution includes 5 content item(s):

Content Type	Count
Analytic Rules	4
Parsers	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Google SecOps - Detection Alerts	Medium	InitialAccess, DefenseEvasion, LateralMovement, PrivilegeEscalation, CommandAndControl	`DetectionAlerts_CL`
Google SecOps - GCTI Threat Intelligence Finding	High	InitialAccess, Execution, CommandAndControl, Exfiltration	`DetectionAlerts_CL`
Google SecOps - Multi-Event Correlated Alert	High	LateralMovement, Persistence, PrivilegeEscalation, CommandAndControl	`DetectionAlerts_CL`
Google SecOps - Single-Event Alert	High	Execution, CredentialAccess, DefenseEvasion, Impact	`DetectionAlerts_CL`

Parsers

Name	Description	Tables Used
GoogleSecOpsDetectionAlerts	-	`DetectionAlerts_CL` (read)

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.0	04-05-2026	Initial Solution for Google SecOps with Data Connector, Parser and Analytic Rules