The following supported default parsers have changed. Each is listed by product name and log_type value, if applicable
Share
Services
## Change
The following supported default parsers have changed. Each is listed by product name and `log_type` value, if applicable.
* AIX system (`AIX_SYSTEM`)
* Arcsight CEF (`ARCSIGHT_CEF`)
* Arista Switch (`ARISTA_SWITCH`)
* Aruba (`ARUBA_WIRELESS`)
* Aruba Switch (`ARUBA_SWITCH`)
* Attivo Networks (`ATTIVO`)
* AWS Cloudtrail (`AWS_CLOUDTRAIL`)
* AWS Control Tower (`AWS_CONTROL_TOWER`)
* AWS Elastic Load Balancer (`AWS_ELB`)
* AWS WAF (`AWS_WAF`)
* Azure AD (`AZURE_AD`)
* Azure AD Directory Audit (`AZURE_AD_AUDIT`)
* Azure AD Organizational Context (`AZURE_AD_CONTEXT`)
* Azure Application Gateway (`AZURE_GATEWAY`)
* Azure Storage Audit (`AZURE_STORAGE_AUDIT`)
* Azure WAF (`AZURE_WAF`)
* Barracuda Firewall (`BARRACUDA_FIREWALL`)
* BeyondTrust Endpoint Privilege Management (`BEYONDTRUST_ENDPOINT`)
* BigQuery (`N/A`)
* Blue Coat Proxy (`BLUECOAT_WEBPROXY`)
* Brocade Switch (`BROCADE_SWITCH`)
* Check Point (`CHECKPOINT_FIREWALL`)
* Cisco ASA (`CISCO_ASA_FIREWALL`)
* Cisco Firepower NGFW (`CISCO_FIREPOWER_FIREWALL`)
* Cisco FireSIGHT Management Center (`CISCO_FIRESIGHT`)
* Cisco Internetwork Operating System (`CISCO_IOS`)
* Cisco ISE (`CISCO_ISE`)
* Cisco Meraki (`CISCO_MERAKI`)
* Cisco VPN (`CISCO_VPN`)
* Cisco WLC/WCS (`CISCO_WIRELESS`)
* Citrix Netscaler (`CITRIX_NETSCALER`)
* Claroty Enterprise Management Console (`CLAROTY_EMC`)
* Cloud Audit Logs (`N/A`)
* Cloud Intrusion Detection System (`GCP_IDS`)
* Corelight (`CORELIGHT`)
* CrowdStrike Detection Monitoring (`CS_DETECTS`)
* CrowdStrike Falcon (`CS_EDR`)
* CyberArk (`CYBERARK`)
* Cyberark Privilege Cloud (`CYBERARK_PRIVILEGE_CLOUD`)
* Cybergatekeeper NAC (`CYBERGATEKEEPER_NAC`)
* Darktrace (`DARKTRACE`)
* Dell ECS Enterprise Object Storage (`DELL_ECS`)
* Dell Switch (`DELL_SWITCH`)
* Elastic Packet Beats (`ELASTIC_PACKETBEATS`)
* ESET (`ESET_EDR`)
* ESET AV (`ESET_AV`)
* F5 Advanced Firewall Management (`F5_AFM`)
* F5 ASM (`F5_ASM`)
* F5 BIGIP LTM (`F5_BIGIP_LTM`)
* FireEye HX (`FIREEYE_HX`)
* FireEye NX Audit (`FIREEYE_NX_AUDIT`)
* Firewall Rule Logging (`N/A`)
* Forcepoint DLP (`FORCEPOINT_DLP`)
* Forescout NAC (`FORESCOUT_NAC`)
* Forgerock OpenIdM (`FORGEROCK_OPENIDM`)
* FortiGate (`FORTINET_FIREWALL`)
* Fortinet FortiAnalyzer (`FORTINET_FORTIANALYZER`)
* Fortra Powertech SIEM Agent (`FORTRA_POWERTECH_SIEM_AGENT`)
* Cloud NAT (`N/A`)
* GCP\_SWP (`GCP_SWP`)
* Gitlab (`GITLAB`)
* GMAIL Logs (`GMAIL_LOGS`)
* GMV Checker ATM Security (`GMV_CHECKER`)
* Guardicore Centra (`GUARDICORE_CENTRA`)
* HPE BladeSystem C7000 (`HPE_BLADESYSTEM_C7000`)
* HYPR MFA (`HYPR_MFA`)
* IBM AS/400 (`IBM_AS400`)
* IBM DS8000 Storage (`IBM_DS8000`)
* IBM Guardium (`GUARDIUM`)
* IBM Tape Storages (`IBM_LTO`)
* IBM Tivoli (`IBM_TIVOLI`)
* IBM-i Operating System (`IBM_I`)
* Illumio Core (`ILLUMIO_CORE`)
* Imperva (`IMPERVA_WAF`)
* Imperva Advanced Bot Protection (`IMPERVA_ABP`)
* Imperva SecureSphere Management (`IMPERVA_SECURESPHERE`)
* Infoblox (`INFOBLOX`)
* ION Spectrum (`ION_SPECTRUM`)
* Ipswitch MOVEit Transfer (`IPSWITCH_MOVEIT_TRANSFER`)
* Jamf Protect Alerts (`JAMF_PROTECT`)
* Jamf Protect Telemetry (`JAMF_TELEMETRY`)
* Juniper Junos (`JUNIPER_JUNOS`)
* Juniper MX Router (`JUNIPER_MX`)
* Kubernetes Node (`KUBERNETES_NODE`)
* LastPass Password Management (`LASTPASS`)
* Linux Auditing System (AuditD) (`AUDITD`)
* McAfee Enterprise Security Manager (`MCAFEE_ESM`)
* Medigate IoT (`MEDIGATE_IOT`)
* Microsoft AD (`WINDOWS_AD`)
* Microsoft Azure Activity (`AZURE_ACTIVITY`)
* Microsoft Defender for Endpoint (`MICROSOFT_DEFENDER_ENDPOINT`)
* Microsoft Defender for Identity (`MICROSOFT_DEFENDER_IDENTITY`)
* Microsoft Exchange (`EXCHANGE_MAIL`)
* Microsoft Graph API Alerts (`MICROSOFT_GRAPH_ALERT`)
* Microsoft IAS Server (`MICROSOFT_IAS`)
* Microsoft Intune (`AZURE_MDM_INTUNE`)
* Microsoft SQL Server (`MICROSOFT_SQL`)
* Mongo Database (`MONGO_DB`)
* Netscout Arbor Sightline (`ARBOR_SIGHTLINE`)
* Netskope Web Proxy (`NETSKOPE_WEBPROXY`)
* NGFW Enterprise (`GCP_NGFW_ENTERPRISE`)
* Office 365 (`OFFICE_365`)
* Office 365 Message Trace (`OFFICE_365_MESSAGETRACE`)
* Opengear Remote Management (`OPENGEAR`)
* Oracle (`ORACLE_DB`)
* OSQuery (`OSQUERY_EDR`)
* OSSEC (`OSSEC`)
* Palo Alto Cortex XDR Alerts (`CORTEX_XDR`)
* Palo Alto Networks Firewall (`PAN_FIREWALL`)
* Palo Alto Prisma Cloud (`PAN_PRISMA_CLOUD`)
* PerimeterX Bot Protection (`PERIMETERX_BOT_PROTECTION`)
* Phishlabs (`PHISHLABS`)
* Proofpoint Tap Alerts (`PROOFPOINT_MAIL`)
* Pulse Secure (`PULSE_SECURE_VPN`)
* Riverbed Steelhead (`STEELHEAD`)
* RSA SecurID Access Identity Router (`RSA_SECURID`)
* SAP SM20 (`SAP_SM20`)
* SAP SuccessFactors (`SAP_SUCCESSFACTORS`)
* SAP Webdispatcher (`SAP_WEBDISP`)
* Security Command Center Posture Violation (`GCP_SECURITYCENTER_POSTURE_VIOLATION`)
* Security Command Center Threat (`N/A`)
* Security Command Center Toxic Combination (`GCP_SECURITYCENTER_TOXIC_COMBINATION`)
* Sentinelone Alerts (`SENTINELONE_ALERT`)
* SentinelOne EDR (`SENTINEL_EDR`)
* SentinelOne Singularity Cloud Funnel (`SENTINELONE_CF`)
* Snare System Diagnostic Logs (`SNARE_SOLUTIONS`)
* Solaris system (`SOLARIS_SYSTEM`)
* SonicWall (`SONIC_FIREWALL`)
* Sonicwall Secure Mobile Access (`SONICWALL_SMA`)
* Splunk Platform (`SPLUNK`)
* Squid Web Proxy (`SQUID_WEBPROXY`)
* Suricata EVE (`SURICATA_EVE`)
* Suricata IDS (`SURICATA_IDS`)
* Swift Alliance Messaging Hub (`SWIFT_AMH`)
* Symantec CloudSOC CASB (`SYMANTEC_CASB`)
* Symantec DLP (`SYMANTEC_DLP`)
* Tenable OT (`TENABLE_OT`)
* Tetragon Ebpf Audit Logs (`TETRAGON_EBPF_AUDIT_LOGS`)
* Trellix HX Event Streamer (`TRELLIX_HX_ES`)
* Trend Micro (`TIPPING_POINT`)
* Trend Micro Cloud one (`TRENDMICRO_CLOUDONE`)
* Trend Micro Deep Security (`TRENDMICRO_DEEP_SECURITY`)
* TrendMicro Apex Central (`TRENDMICRO_APEX_CENTRAL`)
* TrendMicro Web Proxy (`TRENDMICRO_WEBPROXY`)
* Unifi AP (`UNIFI_AP`)
* Unix system (`NIX_SYSTEM`)
* Vectra Detect (`VECTRA_DETECT`)
* VeridiumID by Veridium (`VERIDIUM_ID`)
* VPC Flow Logs (`GCP_VPC_FLOW`)
* Windows Defender ATP (`WINDOWS_DEFENDER_ATP`)
* Windows DNS (`WINDOWS_DNS`)
* Windows Event (`WINEVTLOG`)
* Windows Event (XML) (`WINEVTLOG_XML`)
* Windows Network Policy Server (`WINDOWS_NET_POLICY_SERVER`)
* Windows Sysmon (`WINDOWS_SYSMON`)
* Workspace Activities (`WORKSPACE_ACTIVITY`)
* Workspace Alerts (`WORKSPACE_ALERTS`)
* Workspace ChromeOS Devices (`WORKSPACE_CHROMEOS`)
* Workspace Groups (`WORKSPACE_GROUPS`)
* Workspace Mobile Devices (`WORKSPACE_MOBILE`)
* Workspace Privileges (`WORKSPACE_PRIVILEGES`)
* Workspace Users (`WORKSPACE_USERS`)
* YAMAHA ROUTER RTX1200 (`YAMAHA_ROUTER`)
* Zeek JSON (`BRO_JSON`)
* Zimperium (`ZIMPERIUM`)
* Zscaler (`ZSCALER_WEBPROXY`)
* Zscaler CASB (`ZSCALER_CASB`)
* ZScaler NGFW (`ZSCALER_FIREWALL`)
The following log types, without a default parser, were added. Each is listed by product name and `log_type` value, if applicable.
* Adaxes (`ADAXES`)
* Air Table (`AIR_TABLE`)
* Alert Enterprise Guardian (`ALERT_GUARDIAN`)
* Amavis (`AMAVIS`)
* Atlassian Beacon (`ATLASSIAN_BEACON`)
* Banner dd (`BANNER_DD`)
* BetterStack Uptime (`BETTERSTACK_UPTIME`)
* BloodHound (`BLOODHOUND`)
* Core Privileged Access Manager (BoKS) (`BOKS`)
* Cisco Secure Access (`CISCO_SECURE_ACCESS`)
* Cleafy (`CLEAFY`)
* Clear Bank Portal Audit (`CLEARBANK_PORTAL`)
* CloudBees (`CLOUDBEES`)
* Comforte SecurDPS (`COMFORTE_SECURDPS`)
* Control Plane (`CONTROL_PLANE`)
* Corrata (`CORRATA`)
* Cubist Audit (`CUBIST_AUDIT`)
* C Zentrix (`C_ZENTRIX`)
* DefectDojo (`DEFECTDOJO`)
* Dmarcian (`DMARCIAN`)
* DocuSign (`DOCUSIGN`)
* Duo Activity Logs (`DUO_ACTIVITY`)
* E2 Guardian (`E2_GUARDIAN`)
* Egress Defend (`EGRESS_DEFEND`)
* Egress Prevent (`EGRESS_PREVENT`)
* Emsisoft AntiVirus (`EMSISOFT_ANTIVIRUS`)
* F5 System Logs (`F5_SYSTEM_LOGS`)
* Fastly CDN (`FASTLY_CDN`)
* FireEye CMS (`FIREEYE_CMS`)
* Forcepoint Mail Relay (`FORCEPOINT_MAIL_RELAY`)
* Google Ads (`GOOGLE_ADS`)
* H3C Comware Platform Switch
* Halcyon Anti Ransomware (`HALCYON`)
* Halo (`HALO`)
* HP Poly (`HP_POLY`)
* Huawei CloudEngine (`HUAWEI_CLOUDENGINE`)
* Intruder.IO (`INTRUDER_IO`)
* Ivanti Connect Secure (`IVANTI_CONNECT_SECURE`)
* Keyfactor (`KEYFACTOR`)
* Kyverno (`KYVERNO`)
* LaunchDarkly (`LAUNCH_DARKLY`)
* LeanIX Enterprise (`LEANIX`)
* Leanix CMDB (`LEANIX_CMDB`)
* Lucid (`LUCID`)
* Lumeta Spectre (`LUMETA`)
* ManageEngine Asset Explorer (`MANAGE_ENGINE_ASSET_EXPLR`)
* ManageEngine Endpoint Central (`MANAGE_ENGINE_ENDPT_CNTRL`)
* Mandiant Digital Threat Monitoring (`MANDIANT_DTM_ALERTS`)
* Manhattan Warehouse Management System (`MANHATTAN_WMS`)
* Mend IO (`MEND_IO`)
* Meta Marketing (`META_MARKETING`)
* Miasma SecretScanner (`MIASMA_SECRETSCANNER`)
* Microsoft Ads (`MICROSOFT_ADS`)
* Microsoft Purview (`MICROSOFT_PURVIEW`)
* ModSecurity (`MODSECURITY`)
* Netapp Storagegrid (`NETAPP_STORAGEGRID`)
* NetBrain (`NETBRAIN`)
* Netenrich Entity Context (`NETENRICH_ENTITY_CONTEXT`)
* Netwrix Activity Monitor (`NETWRIX_ACTIVITY_MONITOR`)
* Netwrix Stealth Intercept (`NETWRIX_STEALTH_INTERCEPT`)
* Netwrix Threat Manager (`NETWRIX_THREAT_MANAGER`)
* Nexus Sonatype (`NEXUS_SONATYPE`)
* Oracle Fusion (`ORACLE_FUSION`)
* PAGELY (`PAGELY`)
* Palantir (`PALANTIR`)
* Proofpoint Meta (`PROOFPOINT_META`)
* Qumulo FS (`QUMULO_FS`)
* Radware Alteon (`RADWARE_ALTEON`)
* SailPoint IdentityIQ (`SAILPOINT_IIQ`)
* Sentinelone Activity (`SENTINELONE_ACTIVITY`)
* Siga Level Zero OT Resilience (`SIGA`)
* Site24x7 (`SITE24X7`)
* Winevtlog Snare (`SNARE_WINEVTLOG`)
* Solar System (`SOLAR_SYSTEM`)
* Stealthbits DLP (`STEALTHBITS_DLP`)
* Symantec VIP Authentication Hub (`SYMANTEC_VIP_AUTHHUB`)
* Temenos Journey Manager System Event Publisher (`TEMENOS_MANAGER_SYSTEMEVENT`)
* Teradata Aster (`TERADATA_ASTER`)
* Tiktok for Developers (`TIKTOK`)
* Transmit BindID (`TRANSMIT_BINDID`)
* Trend Micro Vision One Audit (`TRENDMICRO_VISION_ONE_AUDIT`)
* Trend Micro Vision One Observerd Attack Techniques (`TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES`)
* Trend Micro Vision One Workbench (`TRENDMICRO_VISION_ONE_WORKBENCH`)
* TrueNAS (`TRUENAS`)
* E-Motional Transparent Screen Lock TSL RFID (`TSL_PRO`)
* UPX AntiDDoS (`UPX_ANTIDDOS`)
* Verba Recording System (`VERBA_REC`)
* Vercara (`VERCARA`)
* Veza Access Control Platform (`VEZA`)
* Web Methods Api Gateway (`WEBMETHODS_API_GATEWAY`)
For a list of supported log types and details about default parser changes, see [Supported log types and default parsers](https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers).
What else is happening at Google Cloud Platform?
M121 release CUDA 12.2 images are now available. Updated TensorFlow 2.15 images from CUDA 12.1 to CUDA 12.2
about 9 hours ago
Services
Share
Storage Transfer Service now supports transfers from Amazon S3 over a Google-managed private network
about 9 hours ago
Services
Share
M121 release Updated the R CPU container image from R 4.3 to R 4.4
about 9 hours ago
Services
Share
We released an updated version of Apigee (1-12-0-apigee-4-hotfix)
about 10 hours ago
Services
Share