The Google Cloud Platform Terms of Service (section 1.4(d), "Discontinuation of Services") defines the deprecation policy that applies to Google Security Operations. The deprecation policy only applies to the services, features, or products listed therein.
After a service, feature, or product is officially deprecated, it continues to be available for at least the period of time defined in the Terms of Service. After this period of time, the service is scheduled for shutdown.
The following table lists feature deprecations and their related shutdown schedules for the Google Security Operations forwarder.
| Feature | Deprecated date | Shutdown date | Details |
|---|---|---|---|
| Ingestion alerting method | April 18, 2024 | September 01, 2024 | The ingestion alerting system using Google Security Operations has been deprecated. This system will no longer be updated, and no alerts will be sent from this system after September 01, 2024. Use the Cloud Monitoring integration which provides more flexibility in alert logic, alert workflow, and integration with third-party ticketing systems. |
Google Security Operations ingestion_stats table in BigQuery |
April 18, 2024 | May 15, 2024 | The ingestion_stats table in BigQuery has been deprecated and will no longer be updated after May 15, 2024. Use the Google Security Operations ingestion_metrics table in BigQuery, which provides more accurate ingestion metrics. Additionally, real-time alerting on ingestion metrics is also available in Google Security Operations Cloud Monitoring integration. |
labels fields for UDM nouns |
November 29, 2023 | November 29, 2024 | On or after November 29, 2023, the following Google Security Operations labels fields for UDM nouns are deprecated: about.labels, intermediary.labels, observer.labels, principal.labels, src.labels, security_result.about.labels, and target.labels. For existing parsers, in addition to these UDM fields, the logs fields are also mapped to key/value additional.fields UDM fields. For new parsers, the key/value settings in additional.fields UDM fields are used instead of the deprecated labels UDM fields. We recommend that you update the existing rules to use the key/value settings in the additional.fields UDM fields instead of the deprecated labels UDM fields. |
| Google Security Operations forwarder executable for Windows | April 04, 2023 | March 31, 2024 | On or after March 31, 2024, existing Google Security Operations forwarder executable for Windows will be removed. For information about Google Security Operations forwarder for Windows on Docker, see Google Security Operations forwarder for Windows on Docker. |
Chronicle BigQuery udm_events table |
July 01, 2023 | August 01, 2023 | On or after July 1, 2023, the existing udm_events table in Chronicle-managed BigQuery projects will be fully replaced with a new table named events. This new table is currently available for all Customers. Chronicle will handle all changes in-product for this new table. Customers issuing queries against the udm_events table through Cloud Console, API, or directly connecting to BQ should fully migrate queries to the new table by July 1 to avoid interruption. When migrating SQL queries to use the new Event table, also replace the _PARTITIONTIME field with the new hour_time_bucket field. |
MICROSOFT_SECURITY_CENTER_ALERT log type |
May 03, 2022 | May 03, 2022 | As of May 03, 2022, the MICROSOFT_SECURITY_CENTER_ALERT log type has been removed. Logs previously fetched by the MICROSOFT_SECURITY_CENTER_ALERT feed are now a part of the MICROSOFT_GRAPH_ALERT feed. If you have a feed configured using the MICROSOFT_SECURITY_CENTER_ALERT log type, you can create a new feed using the MICROSOFT_GRAPH_ALERT log type. For more information about the MICROSOFT_GRAPH_ALERT log type, see Microsoft Graph Security API Alerts. |