Google SecOps adds SIEM case search and async APIs
Google SecOps now integrates SIEM Search with case and case history analysis, enabling security teams to correlate security telemetry and case details in one interface. It also introduces asynchronous Search APIs for large datasets, allowing non-blocking, long-running queries. These updates streamline incident response and improve application responsiveness for security analysts and developers working with large security datasets.
- →[Spotlight Feature] Search for cases using SIEM Search
- →Asynchronous Search APIs for large datasets
Features (1) ›
- Google SecOps [Spotlight Feature] Search for cases using SIEM Search
[Spotlight Feature] Search for cases using SIEM Search Google SecOps SIEM Search now provides robust capabilities for analyzing cases and case history alongside existing Unified Data Model (UDM) events and entities. This update allows security analysts to seamlessly correlate case details with other security telemetry within a single interface, streamlining workflows and accelerating incident response. Key Highlights: Unified Search Experience : Conduct searches across UDM events, entities, cases, and case history from a single SIEM Search interface. Correlate SIEM and SOAR Data : Effortlessly
Notes (1) ›
- Google SecOps Asynchronous Search APIs for large datasets
Asynchronous Search APIs for large datasets Google SecOps now supports asynchronous Search APIs that let you perform long-running queries without blocking your applications. This is ideal for searches that return a large volume of results. Non-blocking queries : Initiate searches and receive an operation ID to track progress, so your application remains responsive. Handle large result sets : Retrieve up to 1 million results from data sources including Unified Data Model (UDM) events, data tables, and Entity Context Graph (ECG). Paginated results : View results efficiently in manageable pages.
https://docs.cloud.google.com/release-notes#June_12_2026