DataDog · maycmlee · Jan 9, 2026 · Jan 5, 2026 · Jan 9, 2026 · Jan 9, 2026
@@ -6176,20 +6176,20 @@ menu:
       parent: observability_pipelines_destinations
       identifier: observability_pipelines_elasticsearch
       weight: 409
-    - name: Google Chronicle
-      url: observability_pipelines/destinations/google_chronicle
-      parent: observability_pipelines_destinations
-      identifier: observability_pipelines_google_chronicle
-      weight: 410
     - name: Google Cloud Storage
       identifier: observability_pipelines_google_cloud_storage
       url: /observability_pipelines/destinations/google_cloud_storage/
       parent: observability_pipelines_destinations
-      weight: 411
+      weight: 410
     - name: Google Pub/Sub
       identifier: observability_pipelines_google_pubsub
       url: /observability_pipelines/destinations/google_pubsub/
       parent: observability_pipelines_destinations
+      weight: 411
+    - name: Google SecOps
+      url: observability_pipelines/destinations/google_secops/
+      parent: observability_pipelines_destinations
+      identifier: observability_pipelines_google_secops
       weight: 412
     - name: HTTP Client
       url: observability_pipelines/destinations/http_client/

@@ -108,11 +108,6 @@ On the Worker installation page:
 
 {{% observability_pipelines/configure_existing_pipelines/destination_env_vars/amazon_security_lake %}}
 
-{{% /tab %}}
-{{% tab "Chronicle" %}}
-
-{{% observability_pipelines/configure_existing_pipelines/destination_env_vars/chronicle %}}
-
 {{% /tab %}}
 {{% tab "CrowdStrike NG-SIEM" %}}
 
@@ -137,6 +132,11 @@ On the Worker installation page:
 
 {{% observability_pipelines/configure_existing_pipelines/destination_env_vars/elasticsearch %}}
 
+{{% /tab %}}
+{{% tab "Google SecOps" %}}
+
+{{% observability_pipelines/configure_existing_pipelines/destination_env_vars/chronicle %}}
+
 {{% /tab %}}
 {{% tab "HTTP Client" %}}
 

@@ -28,9 +28,9 @@ These are the available destinations:
 - [CrowdStrike Next-Gen SIEM][6]
 - [Datadog Logs][7]
 - [Elasticsearch][8]
-- [Google Chronicle][9]
 - [Google Cloud Storage][10]
 - [Google Pub/Sub][11]
+- [Google SecOps][9]
 - [HTTP Client][12]
 - [Kafka][13]
 - [Microsoft Sentinel][14]
@@ -50,7 +50,7 @@ These are the available destinations:
 [6]: /observability_pipelines/destinations/crowdstrike_ng_siem/
 [7]: /observability_pipelines/destinations/datadog_logs/
 [8]: /observability_pipelines/destinations/elasticsearch/
-[9]: /observability_pipelines/destinations/google_chronicle/
+[9]: /observability_pipelines/destinations/google_secops/
 [10]: /observability_pipelines/destinations/google_cloud_storage/
 [11]: /observability_pipelines/destinations/google_pubsub/
 [12]: /observability_pipelines/destinations/http_client/

@@ -1,5 +1,5 @@
 ---
-title: Google Chronicle Destination
+title: Google SecOps Destination
 disable_toc: false
 products:
 - name: Logs
@@ -8,19 +8,19 @@ products:
 
 {{< product-availability >}}
 
-Use Observability Pipelines' Google Chronicle destination to send logs to Google Chronicle.
+Use Observability Pipelines' Google SecOps destination to send logs to Google SecOps.
 
 The Observability Pipelines Worker uses standard Google authentication methods. See [Authentication methods at Google][3] for more information about choosing the authentication method for your use case.
 
 ## Setup
 
-Set up the Google Chronicle destination and its environment variables when you [set up a pipeline][1]. The information below is configured in the pipelines UI.
+Set up the Google SecOps destination and its environment variables when you [set up a pipeline][1]. The information below is configured in the pipelines UI.
 
 ### Set up the destination
 
-To set up the Worker's Google Chronicle destination:
+To set up the Worker's Google SecOps destination:
 
-1. Enter the customer ID for your Google Chronicle instance.
+1. Enter the customer ID for your Google SecOps instance.
 1. If you have a credentials JSON file, enter the path to your credentials JSON file. The credentials file must be placed under `DD_OP_DATA_DIR/config`. Alternatively, you can use the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to provide the credential path.
     - If you're using [workload identity][6] on Google Kubernetes Engine (GKE), the `GOOGLE_APPLICATION_CREDENTIALS` is provided for you.
     - The Worker uses standard [Google authentication methods][7].
@@ -32,7 +32,7 @@ To set up the Worker's Google Chronicle destination:
 		1. Select the buffer type you want to set (**Memory** or **Disk**).
 		1. Enter the buffer size and select the unit.
 
-**Note**: Logs sent to the Google Chronicle destination must have ingestion labels. For example, if the logs are from a A10 load balancer, it must have the ingestion label `A10_LOAD_BALANCER`. See Google Cloud's [Support log types with a default parser][5] for a list of available log types and their respective ingestion labels.
+**Note**: Logs sent to the Google SecOps destination must have ingestion labels. For example, if the logs are from a A10 load balancer, it must have the ingestion label `A10_LOAD_BALANCER`. See Google Cloud's [Support log types with a default parser][5] for a list of available log types and their respective ingestion labels.
 
 ### Set the environment variables
 

@@ -77,9 +77,6 @@ Some Observability Pipelines components require setting up environment variables
 ### Amazon Security Lake
 {{% observability_pipelines/configure_existing_pipelines/destination_env_vars/amazon_security_lake %}}
 
-### Chronicle
-{{% observability_pipelines/configure_existing_pipelines/destination_env_vars/chronicle %}}
-
 ### CrowdStrike NG-SIEM
 {{% observability_pipelines/configure_existing_pipelines/destination_env_vars/crowdstrike_ng_siem %}}
 
@@ -103,6 +100,9 @@ Some Observability Pipelines components require setting up environment variables
 ### Google Pub/Sub
 {{% observability_pipelines/configure_existing_pipelines/destination_env_vars/google_pubsub %}}
 
+### Google SecOps
+{{% observability_pipelines/configure_existing_pipelines/destination_env_vars/chronicle %}}
+
 ### HTTP Client
 {{% observability_pipelines/configure_existing_pipelines/destination_env_vars/http_client %}}
 

@@ -1,2 +1,2 @@
-- Google Chronicle endpoint URL:
+- Google SecOps endpoint URL:
    - Stored in the environment variable `DD_OP_DESTINATION_GOOGLE_CHRONICLE_UNSTRUCTURED_ENDPOINT_URL`.
@@ -1,6 +1,6 @@
-To set up the Worker's Google Chronicle destination:
+To set up the Worker's Google SecOps destination:
 
-1. Enter the customer ID for your Google Chronicle instance.
+1. Enter the customer ID for your Google SecOps instance.
 1. If you have a credentials JSON file, enter the path to your credentials JSON file. The credentials file must be placed under `DD_OP_DATA_DIR/config`. Alternatively, you can use the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to provide the credential path.
     - If you're using [workload identity][10004] on Google Kubernetes Engine (GKE), the `GOOGLE_APPLICATION_CREDENTIALS` is provided for you.
     - The Worker uses standard [Google authentication methods][10005].
@@ -12,7 +12,7 @@ To set up the Worker's Google Chronicle destination:
 		1. Select the buffer type you want to set (**Memory** or **Disk**).
 		1. Enter the buffer size and select the unit.
 
-**Note**: Logs sent to the Google Chronicle destination must have ingestion labels. For example, if the logs are from a A10 load balancer, it must have the ingestion label `A10_LOAD_BALANCER`. See Google Cloud's [Support log types with a default parser][10003] for a list of available log types and their respective ingestion labels.
+**Note**: Logs sent to the Google SecOps destination must have ingestion labels. For example, if the logs are from a A10 load balancer, it must have the ingestion label `A10_LOAD_BALANCER`. See Google Cloud's [Support log types with a default parser][10003] for a list of available log types and their respective ingestion labels.
 
 [10002]: /observability_pipelines/destinations/#template-syntax
 [10003]: https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers#with-default-parser