gcp Google Cloud release notes · 2h ago

Google SecOps reserves siemAlertId field

securitygcpdeprecationengineer

breaking

Google SecOps will reserve the siemAlertId field for internal Chronicle SIEM alert IDs starting July 5, 2026. This change affects all ingestion methods and will overwrite any custom data in that field, potentially causing data loss. Users currently utilizing a custom siemAlertId field must migrate to a different field name to avoid issues.

Breaking changes (1) ›

Google SecOps Critical Notice: Upcoming reservation of siemAlertId field

Critical Notice: Upcoming reservation of siemAlertId field Effective July 5, 2026, the siemAlertId field will be strictly reserved for internal Chronicle SIEM alert IDs. Starting July 5, the system will automatically overwrite any custom or user-supplied data passed through this field. This change impacts all ingestion methods, including the Ingestion API, webhooks, and both first-party and third-party connectors. If you are currently utilizing a custom field named siemAlertId in any of your data ingestion configurations, please migrate to a different field name immediately to prevent data los

Read the original announcement →

https://docs.cloud.google.com/release-notes#June_23_2026