Google SecOps has updated the list of supported default parsers

## Change Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region. The following supported default parsers have changed. Each parser is listed by product name and `log_type` value, if applicable. This list now includes both released default parsers and pending parser updates. * Abnormal Security (`ABNORMAL_SECURITY`) * Akamai DNS (`AKAMAI_DNS`) * Amazon API Gateway (`AWS_API_GATEWAY`) * Apache (`APACHE`) * Apigee (`GCP_APIGEE_X`) * Archer Integrated Risk Management (`ARCHER_IRM`) * Arcsight CEF (`ARCSIGHT_CEF`) * AWS Cloudtrail (`AWS_CLOUDTRAIL`) * AWS VPC Flow (`AWS_VPC_FLOW`) * AWS VPN (`AWS_VPN`) * Azure AD (`AZURE_AD`) * Azure AD Audit (`AZURE_AD_AUDIT`) * Azure AD Sign-In (`AZURE_AD_SIGNIN`) * Azure Storage Audit (`AZURE_STORAGE_AUDIT`) * Azure WAF (`AZURE_WAF`) * BeyondTrust Privileged Identity (`BEYONDTRUST_PI`) * Blue Coat Proxy (`BLUECOAT_WEBPROXY`) * Carbon Black App Control (`CB_APP_CONTROL`) * Check Point (`CHECKPOINT_FIREWALL`) * Checkpoint Audit (`CHECKPOINT_AUDIT`) * Cisco ASA (`CISCO_ASA_FIREWALL`) * Cisco Firepower NGFW (`CISCO_FIREPOWER_FIREWALL`) * Cisco ISE (`CISCO_ISE`) * Cisco Meraki (`CISCO_MERAKI`) * Cisco WSA (`CISCO_WSA`) * Citrix Netscaler (`CITRIX_NETSCALER`) * Cloud Audit Logs (`N/A`) * Cloud Data Loss Prevention (`N/A`) * Cloud Load Balancing (`GCP_LOADBALANCING`) * Cloud SQL (`GCP_CLOUDSQL`) * Cloudflare WAF (`CLOUDFLARE_WAF`) * Cohesity (`COHESITY`) * Corelight (`CORELIGHT`) * CrowdStrike Falcon (`CS_EDR`) * Cyber 2.0 IDS (`CYBER_2_IDS`) * Cyberark Privilege Cloud (`CYBERARK_PRIVILEGE_CLOUD`) * CyberArk PTA Privileged Threat Analytics (`CYBERARK_PTA`) * Darktrace (`DARKTRACE`) * Dell Switch (`DELL_SWITCH`) * Duo Administrator Logs (`DUO_ADMIN`) * Duo Auth (`DUO_AUTH`) * EfficientIP DDI (`EFFICIENTIP_DDI`) * Elastic Audit Beats (`ELASTIC_AUDITBEAT`) * Elastic Packet Beats (`ELASTIC_PACKETBEATS`) * F5 ASM (`F5_ASM`) * F5 Shape (`F5_SHAPE`) * F5 Silverline (`F5_SILVERLINE`) * FireEye (`FIREEYE_ALERT`) * FireEye ETP (`FIREEYE_ETP`) * FireEye HX (`FIREEYE_HX`) * Forcepoint DLP (`FORCEPOINT_DLP`) * Forcepoint Email Security (`FORCEPOINT_EMAILSECURITY`) * Forcepoint Mail Relay (`FORCEPOINT_MAIL_RELAY`) * FortiGate (`FORTINET_FIREWALL`) * Fortinet FortiAnalyzer (`FORTINET_FORTIANALYZER`) * Fortinet Fortimanager (`FORTINET_FORTIMANAGER`) * GCP\_APP\_ENGINE (`GCP_APP_ENGINE`) * GitHub (`GITHUB`) * HP Aruba (ClearPass) (`CLEARPASS`) * IBM DS8000 Storage (`IBM_DS8000`) * IBM Guardium (`GUARDIUM`) * IBM OpenPages (`IBM_OPENPAGES`) * Infoblox DNS (`INFOBLOX_DNS`) * Jenkins (`JENKINS`) * Layer7 SiteMinder (`SITEMINDER_SSO`) * Linux Auditing System (AuditD) (`AUDITD`) * Malwarebytes (`MALWAREBYTES_EDR`) * McAfee ePolicy Orchestrator (`MCAFEE_EPO`) * Microsoft AD FS (`ADFS`) * Microsoft Azure Activity (`AZURE_ACTIVITY`) * Microsoft Azure Resource (`AZURE_RESOURCE_LOGS`) * Microsoft Defender for Office 365 (`MICROSOFT_DEFENDER_MAIL`) * Microsoft Exchange (`EXCHANGE_MAIL`) * Microsoft Graph API Alerts (`MICROSOFT_GRAPH_ALERT`) * Microsoft PowerShell (`POWERSHELL`) * Microsoft SQL Server (`MICROSOFT_SQL`) * Microsoft System Center Endpoint Protection (`MICROSOFT_SCEP`) * Mimecast (`MIMECAST_MAIL`) * Nagios Infrastructure Monitoring (`NAGIOS`) * Network Policy Server (`MICROSOFT_NPS`) * Office 365 (`OFFICE_365`) * Okta (`OKTA`) * Okta User Context (`OKTA_USER_CONTEXT`) * Oracle (`ORACLE_DB`) * Palo Alto Cortex XDR Alerts (`CORTEX_XDR`) * Palo Alto Panorama (`PAN_PANORAMA`) * Ping Federate (`PING_FEDERATE`) * Ping Identity (`PING`) * PostgreSQL (`POSTGRESQL`) * Precisely Ironstream IBM z/OS (`IRONSTREAM_ZOS`) * Proofpoint On Demand (`PROOFPOINT_ON_DEMAND`) * Proofpoint Tap Alerts (`PROOFPOINT_MAIL`) * Pulse Secure (`PULSE_SECURE_VPN`) * Radware Web Application Firewall (`RADWARE_FIREWALL`) * Rippling Activity Logs (`RIPPLING_ACTIVITYLOGS`) * Sap Business Technology Platform (`SAP_BTP`) * Security Command Center Threat (`N/A`) * Sentinelone Alerts (`SENTINELONE_ALERT`) * SentinelOne EDR (`SENTINEL_EDR`) * SentinelOne Singularity Cloud Funnel (`SENTINELONE_CF`) * Shibboleth IDP (`SHIBBOLETH_IDP`) * Snare System Diagnostic Logs (`SNARE_SOLUTIONS`) * Snowflake (`SNOWFLAKE`) * Sophos AV (`SOPHOS_AV`) * Sophos Intercept EDR (`SOPHOS_EDR`) * Sourcefire (`SOURCEFIRE_IDS`) * Splunk Attack Analyzer (`SPLUNK_ATTACK_ANALYZER`) * SpyCloud (`SPYCLOUD`) * Squid Web Proxy (`SQUID_WEBPROXY`) * Suricata EVE (`SURICATA_EVE`) * Symantec Endpoint Protection (`SEP`) * Symantec Web Security Service (`SYMANTEC_WSS`) * Tenable Audit (`TENABLE_AUDIT`) * Thales Vormetric (`VORMETRIC`) * Trend Micro Apex one (`TRENDMICRO_APEX_ONE`) * Trend Micro Deep Security (`TRENDMICRO_DEEP_SECURITY`) * Trend Micro Vision One (`TRENDMICRO_VISION_ONE`) * TrendMicro Apex Central (`TRENDMICRO_APEX_CENTRAL`) * Twingate (`TWINGATE`) * Ubika Waf (`UBIKA_WAF`) * Unix system (`NIX_SYSTEM`) * Vectra Detect (`VECTRA_DETECT`) * Vectra Stream (`VECTRA_STREAM`) * Wazuh (`WAZUH`) * Windows DHCP (`WINDOWS_DHCP`) * Windows Event (`WINEVTLOG`) * Windows Event (XML) (`WINEVTLOG_XML`) * Windows Local Administrator Password Solution (`MICROSOFT_LAPS`) * Windows Sysmon (`WINDOWS_SYSMON`) * Workspace Activities (`WORKSPACE_ACTIVITY`) * Workspace Alerts (`WORKSPACE_ALERTS`) * XAMS by Xiting (`XITING_XAMS`) The following log types were added without a default parser. Each parser is listed by product name and `log_type` value, if applicable. * Active Identity HID (`ACTIVE_IDENTITY_HID`) * Akamai Event Viewer (`AKAMAI_EVT_VWR`) * Autodesk Vault (`AUTODESK_VAULT`) * Avaza (`AVAZA`) * Avigilon Access Logs (`AVIGILON_ACCESS_LOGS`) * Axis Camera (`AXIS_CAMERA`) * Axis License Plate Reader (`AXIS_LPR`) * Azure Nix System (`AZURE_NIX_SYSTEM`) * CallTower Audio Conferencing (`CALLTOWER_AUDIO`) * Canon Printers (`CANON_PRINTERS`) * Cisco Secure Endpoint (`CISCO_SECURE_ENDPOINT`) * Control UP (`CONTROL_UP`) * Cradlepoint Router Logs (`CRADLEPOINT`) * Crowdstrike Spotlight (`CROWDSTRIKE_SPOTLIGHT`) * CrushFTP (`CRUSHFTP`) * CrowdStrike Filevantage (`CS_FILEVANTAGE`) * Cybersixgill (`CYBERSIXGILL`) * Cyolo Secure Remote Access for OT (`CYOLO_OT`) * Dell Core Switch (`DELL_EMC_NETWORKING`) * DLink Switch (`DLINK_SWITCH`) * Elastic Security (`ELASTIC_EDR`) * Fireblocks (`FIREBLOCKS`) * Forescout eyeInspect (`FORESCOUT_EYEINSPECT`) * Fortinet FortiGate IPS (`FORTINET_IPS`) * H3C Router (`H3C_ROUTER`) * Hackerone (`HACKERONE`) * Halo Sensor (`HALO_SENSOR`) * Hashcast (`HASHCAST`) * Perforce Helix Core (`HELIX_CORE`) * Heroku (`HEROKU`) * Hillstone NDR (`HILLSTONE_NDR`) * HL7 (`HL7`) * HoopDev (`HOOPDEV`) * Huawei Switches (`HUAWEI_SWITCH`) * Identity Security Cloud (`IDENTITY_SECURITY_CLOUD`) * Imperva Data Risk Analytics (`IMPERVA_DATA_ANALYTICS`) * Imperva DRA (`IMPERVA_DRA`) * IM Express (`IM_EXPRESS`) * Intezer (`INTEZER`) * Jumpcloud IAM (`JUMPCLOUD_IAM`) * Maltiverse IOC (`MALTIVERSE_IOC`) * ManageEngine Log360 (`MANAGE_ENGINE_LOG360`) * McAfee Network Security Platform (`MCAFEE_NSP`) * Miro Cloud (`MIRO_CLOUD`) * Nokia Home Device Manager (`NOKIA_HDM`) * Nortel Secure Router (`NORTEL_SR`) * Notion (`NOTION`) * One Identity Identity Manager (`ONE_IDENTITY_IDENTITY_MANAGER`) * IDnomic Public Key Infrastructure (`OPENTRUST`) * Outline Activity Logs (`OUTLINE_ACTIVITY_LOGS`) * Prismatic IO (`PRISMATIC_IO`) * ProFTPD (`PROFTPD`) * Provision Asset Context (`PROVISION_ASSET_CONTEXT`) * Ransomcare (`RANSOMCARE`) * Rapid7 Insights Threat Command (`RAPID7_INSIGHTS_THREAT_COMMAND`) * Saporo (`SAPORO`) * SAS Metadata Server log (`SAS_METADATA_SERVER_LOG`) * Scylla (`SCYLLA`) * Senseon Alerts (`SENSEON_ALERTS`) * Sonic Switch (`SONIC_SWITCH`) * Symantec Data Center Security (`SYMANTEC_DCS`) * Syncplify SFTP 2 Events (`SYNCPLIFY_SFTP`) * Team Cymru Scout Threat Intelligence (`TEAM_CYMRU_SCOUT_THREATINTEL`) * Tenable CSPM (`TENABLE_CSPM`) * Teqtivity Assets (`TEQTIVITY_ASSETS`) * Tines (`TINES`) * TP Link Network Switches (`TPLINK_SWITCH`) * TT D365 (`TT_D365`) * TT MSAN DSLAM (`TT_MSAN_DSLAM`) * TT Trio Chordiant (`TT_TRIO_CHORDIANT`) * Tufin (`TUFIN`) * Tufin Secure Track (`TUFIN_SECURE_TRACK`) * UberAgent (`UBERAGENT`) * Upstream Vehicle SOC Alerts (`UPSTREAM_VSOC_ALERTS`) * URLScan IO (`URLSCAN_IO`) * Vertiv UPS (`VERTIV_UPS`) * Very Good Security (`VERY_GOOD_SECURITY`) * Virtual Browser (`VIRTUAL_BROWSER`) * VMWare VSphere (`VMWARE_VSPHERE`) * Webroot Identity Protection (`WEBROOT_IDENTITY_PROTECTION`) * WideField (`WIDEFIELD_SECURITY`) * Zscaler Sandbox (`ZSCALER_SANDBOX`) * Zywall (`ZYWALL`) For a list of supported log types and details about default parser changes, see [Supported log types and default parsers](https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers).