Google SecOps has updated the list of supported default parsers.

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

• Abnormal Security (ABNORMAL_SECURITY) • Active Countermeasures (AI_HUNTER) • AIX system (AIX_SYSTEM) • Apache (APACHE) • Apache Cassandra (CASSANDRA) • Aruba (ARUBA_WIRELESS) • Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN) • Auth0 (AUTH_ZERO) • AWS Aurora (AWS_AURORA) • AWS CloudFront (AWS_CLOUDFRONT) • AWS Cloudtrail (AWS_CLOUDTRAIL) • AWS CloudWatch (AWS_CLOUDWATCH) • AWS VPC Flow (AWS_VPC_FLOW) • AWS WAF (AWS_WAF) • Azure AD (AZURE_AD) • Azure AD Directory Audit (AZURE_AD_AUDIT) • Azure Front Door (AZURE_FRONT_DOOR) • Azure SQL (AZURE_SQL) • BeyondTrust (BOMGAR) • BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT) • Blue Coat Proxy (BLUECOAT_WEBPROXY) • Broadcom Support Portal Audit Logs (BROADCOM_SUPPORT_PORTAL) • Check Point Harmony (CHECKPOINT_HARMONY) • Chronicle SOAR Audit (CHRONICLE_SOAR_AUDIT) • Cisco ASA (CISCO_ASA_FIREWALL) • Cisco Email Security (CISCO_EMAIL_SECURITY) • Cisco ISE (CISCO_ISE) • Cisco Meraki (CISCO_MERAKI) • Cisco Secure Access (CISCO_SECURE_ACCESS) • Cisco Switch (CISCO_SWITCH) • Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT) • Cisco Umbrella DNS (UMBRELLA_DNS) • Cisco WSA (CISCO_WSA) • Cloud DNS (GCP_DNS) • Cloud SQL (GCP_CLOUDSQL) • Cloudflare (CLOUDFLARE) • Cloudflare Warp (CLOUDFLARE_WARP) • Code42 Incydr (CODE42_INCYDR) • CrowdStrike Alerts API (CS_ALERTS) • CrowdStrike Falcon (CS_EDR) • CrowdStrike Falcon Stream (CS_STREAM) • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM) • Cybereason EDR (CYBEREASON_EDR) • CYJAX Threat Intelligence (CYJAX_THREAT_INTELLIGENCE) • Cyware Threat Intelligence Exchange (CTIX) • Databricks (DATABRICKS) • Duo Auth (DUO_AUTH) • Elastic Defend (ELASTIC_DEFEND) • ESET AV (ESET_AV) • F5 ASM (F5_ASM) • F5 BIGIP Access Policy Manager (F5_BIGIP_APM) • FireEye eMPS (FIREEYE_EMPS) • FireEye ETP (FIREEYE_ETP) • FireEye NX (FIREEYE_NX) • Forescout NAC (FORESCOUT_NAC) • ForgeRock Identity Cloud (FORGEROCK_IDENTITY_CLOUD) • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER) • GitHub (GITHUB) • Google Threat Intelligence IOC (GTI_IOC) • HP Aruba (ClearPass) (CLEARPASS) • Huawei Switches (HUAWEI_SWITCH) • IBM DataPower Gateway (IBM_DATAPOWER) • IBM Safenet (IBM_SAFENET) • IBM Websphere Application Server (IBM_WEBSPHERE_APP_SERVER) • Imperva Advanced Bot Protection (IMPERVA_ABP) • Imperva SecureSphere Management (IMPERVA_SECURESPHERE) • Juniper (JUNIPER_FIREWALL) • Kolide Endpoint Security (KOLIDE) • Kubernetes Audit (KUBERNETES_AUDIT) • Kubernetes Node (KUBERNETES_NODE) • Linux Auditing System (AuditD) (AUDITD) • Maria Database (MARIA_DB) • McAfee ePolicy Orchestrator (MCAFEE_EPO) • McAfee Skyhigh CASB (MCAFEE_SKYHIGH_CASB) • McAfee Web Gateway (MCAFEE_WEBPROXY) • Microsoft Azure Activity (AZURE_ACTIVITY) • Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS) • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT) • Microsoft IIS (IIS) • Microsoft SQL Server (MICROSOFT_SQL) • Mimecast Mail V2 (MIMECAST_MAIL_V2) • Mobile Endpoint Security (LOOKOUT_MOBILE_ENDPOINT_SECURITY) • Mobileiron (MOBILEIRON) • NetApp ONTAP (NETAPP_ONTAP) • Netskope V2 (NETSKOPE_ALERT_V2) • Netskope Web Proxy (NETSKOPE_WEBPROXY) • Obsidian (OBSIDIAN) • Office 365 (OFFICE_365) • Oort Security Tool (OORT) • Oracle (ORACLE_DB) • Orca Cloud Security Platform (ORCA) • Palo Alto Cortex XDR Events (PAN_CORTEX_XDR_EVENTS) • Palo Alto Networks Firewall (PAN_FIREWALL) • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA) • PostFix Mail (POSTFIX_MAIL) • Proofpoint On Demand (PROOFPOINT_ON_DEMAND) • Proofpoint Tap Alerts (PROOFPOINT_MAIL) • Proofpoint Threat Response (PROOFPOINT_TRAP) • Radware Web Application Firewall (RADWARE_FIREWALL) • Red Hat OpenShift (REDHAT_OPENSHIFT) • Salesforce (SALESFORCE) • SAP Change Document (SAP_CHANGE_DOCUMENT) • SAP Gateway (SAP_GATEWAY) • SAP Hana Audit (SAP_HANA_AUDIT) • SAP Security Audit (SAP_SECURITY_AUDIT) • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION) • Security Command Center Sensitive Data Risk (GCP_SECURITYCENTER_SENSITIVE_DATA_RISK) • Security Command Center Threat (GCP_SECURITYCENTER_THREAT) • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION) • Snyk Group level audit Logs (SNYK_SDLC) • Suricata EVE (SURICATA_EVE) • Symantec EDR (SYMANTEC_EDR) • Sysdig (SYSDIG) • Tenable Active Directory Security (TENABLE_ADS) • ThreatConnect IOC V3 (THREATCONNECT_IOC_V3) • Trellix HX Alerts (TRELLIX_HX_ALERTS) • Trellix HX Audit Events (TRELLIX_HX_AUDIT) • Trellix HX Event Streamer (TRELLIX_HX_ES) • Trellix HX Hosts (TRELLIX_HX_HOSTS) • Trend Micro Vision One Endpoint Vulnerabilities (TRENDMICRO_VISION_ONE_ENDPOINT_VULNERABILITIES) • Trend Micro Vision One Observerd Attack Techniques (TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES) • Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH) • TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL) • TXOne Stellar (TRENDMICRO_STELLAR) • Ubika Waf (UBIKA_WAF) • Unix system (NIX_SYSTEM) • Varonis (VARONIS) • Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF) • VMware ESXi (VMWARE_ESX) • VMware Horizon (VMWARE_HORIZON) • Wallix Bastion (WALLIX_BASTION) • Windows DNS (WINDOWS_DNS) • Windows Event (WINEVTLOG) • Windows Event (XML) (WINEVTLOG_XML) • wiz.io (WIZ_IO) • Zeek JSON (BRO_JSON) • Zscaler (ZSCALER_WEBPROXY)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

• Action1 (ACTION1) • CDNetworks Cloud Security (CDNETWORKS_CLOUD_SECURITY) • Claude Compliance Logs (CLAUDE_COMPLIANCE_LOGS) • Dell RecoverPoint (DELL_RECOVERPOINT) • IBM Storwize (IBM_STORWIZE) • LeapXpert Audit Logs (LEAPXPERT_AUDIT) • Oracle Key Vault Audit Logs (ORACLE_KEY_VAULT_AUDIT_LOGS) • RSA Cloud (RSA_CLOUD) • ServiceNow Antivirus Activity (SERVICENOW_ANTIVIRUS_ACTIVITY) • ServiceNow Attachment (SERVICENOW_ATTACHMENT) • ServiceNow Email (SERVICENOW_EMAIL) • Versa Director (VERSA_DIRECTOR) • ZPE Systems NodeGrid (ZPE_SYSTEMS_NODEGRID)