Google Cloud Service Health

Google Cloud Service Health
Incidents
Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results.

This page provides status information on the services that are part of Google Cloud. Check back here to view the current status of the services listed below. If you are experiencing an issue not listed here, please contact Support. Learn more about what's posted on the dashboard in this FAQ. For additional information on these services, please visit https://cloud.google.com/.

Available
Service information
Service disruption
Service outage

Incident affecting Chronicle Security

Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results.

Incident began at 2023-07-29 22:55 and ended at 2023-08-29 22:00 (all times are US/Pacific).

Previously affected location(s)

Singapore (asia-southeast1)Sydney (australia-southeast1)Multi-region: europeLondon (europe-west2)Tel Aviv (me-west1)Multi-region: us

Date	Time	Description
29 Aug 2023	22:00 PDT	The issue with Chronicle Security has been resolved for all affected projects as of Tuesday, 2023-08-29 21:46 US/Pacific. We thank you for your patience while we worked on resolving the issue.
28 Aug 2023	22:53 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: Engineers have completed mitigation steps, and are currently in the process of performing final validations. a) Stopping erroneous enrichments (Completed on 2 August 2023) b) Repairing historically impacted events that used these erroneous enrichments. (Completed on 16 August 2023) c) Fix propagation to other Unified Data Model event storage mediums is in progress (ETA for completion is 04 September 2023) We will provide an update by Monday, 2023-09-04 23:00 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
28 Aug 2023	17:12 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: Engineers have completed mitigation steps, and are currently in the process of performing final validations. a) Stopping erroneous enrichments (Completed on 2 August 2023) b) Repairing historically impacted events that used these erroneous enrichments. (Completed on 16 August 2023) c) Fix propagation to other Unified Data Model event storage mediums is in progress (ETA for completion is 28 August 2023) We will provide an update by Monday, 2023-08-28 23:30 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
21 Aug 2023	10:10 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: Engineers have completed mitigation steps, and are currently in the process of performing final validations. a) Stopping erroneous enrichments (Completed on 2 August 2023) b) Repairing historically impacted events that used these erroneous enrichments. (Completed on 16 August 2023) c) Fix propagation to other Unified Data Model event storage mediums is in progress (ETA for completion is 28 August 2023) We will provide an update by Monday, 2023-08-28 17:00 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
18 Aug 2023	09:41 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: Engineers have completed mitigation steps, and are currently in the process of performing final validations. a) Stopping erroneous enrichments (Completed on 2 August 2023) b) Repairing historically impacted events that used these erroneous enrichments. (Completed on 16 August 2023) We will provide an update by Monday, 2023-08-21 10:30 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
2 Aug 2023	08:22 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: As communicated previously, we have segmented our repair of this incident into two phases: a) Stopping erroneous enrichments (Completed on 2 August 2023) b) Repairing historically impacted events that used these erroneous enrichments. (Revised ETA - 18 August 2023) We will provide an update by Friday, 2023-08-18 10:30 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
1 Aug 2023	17:35 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: As communicated previously, we have segmented our repair of this incident into two phases: a) Stopping erroneous enrichments (ETA - 2 August 2023) b) Repairing or clearing historically impacted events that used these erroneous enrichments. (Revised ETA - 18 August 2023) We will provide an update by Wednesday, 2023-08-02 10:30 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
1 Aug 2023	07:49 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: As communicated previously, we have segmented our repair of this incident into two phases: a) Stopping erroneous enrichments (ETA - 2 August 2023) b) Repairing or clearing historically impacted events that used these erroneous enrichments. (Revised ETA - 18 August 2023) We will provide an update by Tuesday, 2023-08-01 18:00 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
31 Jul 2023	16:54 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: As communicated previously, we have segmented our repair of this incident into two phases: a) Stopping erroneous enrichments (ETA - 2 August 2023) b) Repairing or clearing historically impacted events that used these erroneous enrichments. (Revised ETA - 18 August 2023) We will provide an update by Tuesday, 2023-08-01 10:30 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
31 Jul 2023	16:34 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: We are able to verify that no new process enrichments related to the 2023-07-04 parser update for the SENTINEL_EDR log type (product source: "SentinelOne EDR") are being applied to events. However, previously computed process enrichments may still be applied to newly arriving events. We expect to stop using these enrichments by August 2nd. We expect to repair all historically impacted events by Aug 11. We will provide an update by Tuesday, 2023-08-01 10:00 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
31 Jul 2023	09:26 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: We are able to verify that no new process enrichments related to the 2023-07-04 parser update for the SENTINEL_EDR log type (product source: "SentinelOne EDR") are being applied to events. However, previously computed process enrichments may still be applied to newly arriving events. We expect to stop using these enrichments by August 2nd. We expect to repair all historically impacted events by Aug 11. We will provide an update by Monday, 2023-07-31 17:00 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
30 Jul 2023	10:35 PDT	Summary: Chronicle customers in all regions using the SENTINEL_EDR default parser (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: Chronicle discovered a bug in the 2023-07-04 parser update for the SENTINEL_EDR log type (product source: "SentinelOne EDR"). As a result of this bug, Chronicle's process aliasing features may be creating incorrect results for customers who use this parser. Chronicle is in the process of rolling the parser revision from 2023-07-04 back to a correctly functioning version (2023-06-09) for all customers. Chronicle will be working actively to reverse the incorrect process enrichment results. We will provide an update by Monday, 2023-07-31 12:00 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
30 Jul 2023	09:55 PDT	Summary: Chronicle customers using the SENTINEL_EDR log type (product source: "SentinelOne EDR") may have incorrect process enrichment results. Description: Chronicle discovered a bug in the 2023-07-04 parser update for the SENTINEL_EDR log type (product source: "SentinelOne EDR"). As a result of this bug, Chronicle's process aliasing features may be creating incorrect results for customers who use this parser. Chronicle is in the process of rolling the parser revision from 2023-07-04 back to a correctly functioning version (2023-06-09) for all customers. Chronicle will be working actively to reverse the incorrect process enrichment results. We will provide an update by Monday, 2023-07-31 12:00 US/Pacific with current details. Diagnosis: Fields set by process aliasing for SENTINEL_EDR (including UDM principal.process, src.process, and target.process) may be incorrect. Workaround: None at this time.
29 Jul 2023	22:55 PDT	Summary: Chronicle's process aliasing features may be creating incorrect results for some customers globally Description: We are experiencing an issue with Chronicle Security. Our engineering team continues to investigate the issue. We will provide an update by Sunday, 2023-07-30 10:00 US/Pacific with current details. Diagnosis: Chronicle's process aliasing features may be creating incorrect results for some customers globally Workaround: None at this time.

All times are US/Pacific