We are experiencing an issue with Chronicle Security

Mini Incident Report We apologize for the inconvenience this service disruption/outage may have caused. We would like to provide some information about this incident below. Please note, this information is based on our best knowledge at the time of posting and is subject to change as our investigation continues. If you have experienced impact outside of what is listed below, please reach out to Google Cloud Support using https://cloud.google.com/support. (All Times US/Pacific) Incident Start: 3 January 2025 12:14 Incident End: 8 January 2025 11:08 Duration: 5 days, 10 hours, 55 minutes Affected Services and Features: Google SecOps (Chronicle Security) - SOAR Permissions Regions/Zones: europe, europe-west12, europe-west2, europe-west3, europe-west6, europe-west9, asia-northeast1, asia-south1, asia-southeast1, australia-southeast1, me-central1, me-central2, me-west1, northamerica-northeast2, southamerica-east1 Description: Google SecOps (Chronicle Security) experienced an increase in permission errors for non-admin users accessing SOAR cases. From preliminary analysis, the issue was due to a software defect introduced by a recent service update that had been rolled out to non-US regions. The issue was fully mitigated once the affected service update was rolled back, restoring service for all affected users. Customer Impact: When a non-admin user attempted to access the SOAR cases view, they received a 403 error.

The issue with Chronicle Security has been resolved for all affected users as of Wednesday, 2025-01-08 11:06 US/Pacific. We thank you for your patience while we worked on resolving the issue.

Summary: We are experiencing an issue with Chronicle Security Description: Mitigation work is currently underway by our engineering team. The mitigation is expected to complete by Wednesday, 2025-01-08 11:17 US/Pacific. We will provide more information by Wednesday, 2025-01-08 12:00 US/Pacific. Diagnosis: Some non-admin users are facing an issue where they receive a 403 Forbidden when logging in to Cases view. Workaround: None at this time.

Summary: We are experiencing an issue with Chronicle Security. Description: Mitigation work is currently underway by our engineering team. The mitigation is expected to complete by Wednesday, 2025-01-08 11:17 US/Pacific. We will provide more information by Wednesday, 2025-01-08 12:00 US/Pacific. Diagnosis: Some non-admin users are facing an issue where they receive a 403 Forbidden when logging in to Cases view. Workaround: None at this time.