The Google Cloud Platform Terms of Service (section 1.4(d), "Discontinuation of Services") defines the deprecation policy that applies to Chronicle. The deprecation policy only applies to the services, features, or products listed therein.
After a service, feature, or product is officially deprecated, it continues to be available for at least the period of time defined in the Terms of Service. After this period of time, the service is scheduled for shutdown.
The following table lists feature deprecations and their related shutdown schedules for the Chronicle forwarder.
| Feature | Deprecated date | Shutdown date | Details |
|---|---|---|---|
| Ingestion alerting method | April 18, 2024 | September 01, 2024 | The ingestion alerting system using Chronicle has been deprecated. This system will no longer be updated, and no alerts will be sent from this system after September 01, 2024. Use the Cloud Monitoring integration which provides more flexibility in alert logic, alert workflow, and integration with third-party ticketing systems. |
Chronicle ingestion_stats table in BigQuery |
April 18, 2024 | May 15, 2024 | The ingestion_stats table in BigQuery has been deprecated and will no longer be updated after May 15, 2024. Use the Chronicle ingestion_metrics table in BigQuery, which provides more accurate ingestion metrics. Additionally, real-time alerting on ingestion metrics is also available in Chronicle Cloud Monitoring integration. |
labels fields for UDM nouns |
November 29, 2023 | November 29, 2024 | On or after November 29, 2023, the following Chronicle labels fields for UDM nouns are deprecated: about.labels, intermediary.labels, observer.labels, principal.labels, src.labels, security_result.about.labels, and target.labels. For existing parsers, in addition to these UDM fields, the logs fields are also mapped to key/value additional.fields UDM fields. For new parsers, the key/value settings in additional.fields UDM fields are used instead of the deprecated labels UDM fields. We recommend that you update the existing rules to use the key/value settings in the additional.fields UDM fields instead of the deprecated labels UDM fields. |
| Chronicle forwarder executable for Windows | April 04, 2023 | March 31, 2024 | On or after March 31, 2024, existing Chronicle forwarder executable for Windows will be removed. For information about Chronicle forwarder for Windows on Docker, see Chronicle forwarder for Windows on Docker. |
Chronicle BigQuery udm_events table |
July 01, 2023 | August 01, 2023 | On or after July 1, 2023, the existing udm_events table in Chronicle-managed BigQuery projects will be fully replaced with a new table named events. This new table is currently available for all Customers. Chronicle will handle all changes in-product for this new table. Customers issuing queries against the udm_events table through Cloud Console, API, or directly connecting to BQ should fully migrate queries to the new table by July 1 to avoid interruption. When migrating SQL queries to use the new Event table, also replace the _PARTITIONTIME field with the new hour_time_bucket field. |
MICROSOFT_SECURITY_CENTER_ALERT log type |
May 03, 2022 | May 03, 2022 | As of May 03, 2022, the MICROSOFT_SECURITY_CENTER_ALERT log type has been removed. Logs previously fetched by the MICROSOFT_SECURITY_CENTER_ALERT feed are now a part of the MICROSOFT_GRAPH_ALERT feed. If you have a feed configured using the MICROSOFT_SECURITY_CENTER_ALERT log type, you can create a new feed using the MICROSOFT_GRAPH_ALERT log type. For more information about the MICROSOFT_GRAPH_ALERT log type, see Microsoft Graph Security API Alerts. |