Google Security Products Status Dashboard

This page provides status information on the services that are part of Google Security Products. Check back here to view the current status of the services listed below. If you are experiencing an issue not listed here, please contact Support. For additional information on these services, please visit https://cloud.google.com/security.

Incident affecting Google SecOps

Google SecOps customers experiencing issues where Palo Alto Cortex XDR Alerts logs are not being ingested

Incident began at 2025-09-28 19:46 and ended at 2025-10-05 14:42 (all times are US/Pacific).

Previously affected location(s)

Johannesburg (africa-south1)Tokyo (asia-northeast1)Mumbai (asia-south1)Singapore (asia-southeast1)Jakarta (asia-southeast2)Sydney (australia-southeast1)Multi-region: europeTurin (europe-west12)London (europe-west2)Frankfurt (europe-west3)Zurich (europe-west6)Paris (europe-west9)Doha (me-central1)Dammam (me-central2)Tel Aviv (me-west1)Toronto (northamerica-northeast2)São Paulo (southamerica-east1)Multi-region: us

Date Time Description
6 Oct 2025 11:51 PDT

Summary:

Resolved: An issue with Google SecOps and Palo Alto Cortex XDR Alerts log ingestion in multiple regions.

Description:

The issue affecting Google SecOps customers has been resolved for all affected users as of Sunday, 2025-10-05 14:42 US/Pacific. We apologize for the inconvenience this incident caused.

From preliminary analysis, the issue was triggered by a recent software update intended to improve the processing of Palo Alto Cortex XDR alerts.

The problematic update was identified, and the issue was mitigated by rolling back the change to restore normal service. All logs that were not ingested during this period are being backfilled.

We anticipate the backfill to complete by the end of day 13 October 2025 or sooner. If you have any questions regarding the data backfill, please open a support case with us and we will assist you accordingly.
5 Oct 2025 14:21 PDT

Summary: Google SecOps customers experiencing issue where Palo Alto Cortex XDR Alerts logs are not being ingested

Description: Our engineering team has mitigated the issue by rolling out the fix to production and has initiated a backfill of all logs that were not ingested during the period of impact.

We do not have an ETA for completion of the backfill at this time.

We will provide another update by Friday, 2025-10-10 17:00 US/Pacific.

Symptoms: Impacted customers will see a gap in Palo Alto Cortex XDR Alerts data until a backfill is performed. Customers may not see data in Unified Data Model (UDM) Search, and may have delayed rule detections.

Workaround: None at this time.
5 Oct 2025 11:22 PDT

Mitigation work is currently underway by our engineering team.

Our engineering team has identified that the issue was caused by a recent change. A fix has been tested and is currently being rolled out to production.

The rollout is progressing, and the mitigation is expected to be completed by Sunday, 2025-10-05 14:00 US/Pacific.

We will provide another update by Sunday, 2025-10-05 14:30 US/Pacific.

Diagnosis / Customer Symptoms:

  • Impacted customers will see a gap in Palo Alto Cortex XDR Alerts data until a backfill is performed. Customers may not see data in Unified Data Model (UDM) Search, and may have delayed rule detections.
5 Oct 2025 10:11 PDT

We've received a report of an issue with Google SecOps as of Sunday, 2025-10-05 07:57 US/Pacific.

The Palo Alto Cortex XDR Alerts log type has not been ingested correctly in some regions beginning on 2025-09-28 19:46 US/Pacific. We have identified the problem and are verifying the solution. We expect the situation to be fully mitigated by 2025-10-05 12:00 US/Pacific.

We will provide more information by Sunday, 2025-10-05 11:30 US/Pacific.

Diagnosis / Customer Symptoms:

  • Impacted customers will see a gap in Palo Alto Cortex XDR Alerts data until a backfill is performed. Customers may not see data in Unified Data Model (UDM) Search, and may have delayed rule detections. .