Google SecOps has updated the list of supported default parsers

## Change Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region. The following supported default parsers have changed. Each parser is listed by product name and `log_type` value, if applicable. This list now includes both released default parsers and pending parser updates. * Abnormal Security (`Email Server`) * AIX system (`OS`) * Akamai DNS (`DNS`) * Akamai WAF (`WAF`) * Apache (`Security`) * Apigee (`Google Cloud Specific`) * Apple macOS (`AV / Endpoint`) * Archer Integrated Risk Management (`Risk Management Solution`) * Area1 Security (`Email server`) * Aruba (`Wireless`) * Aruba Switch (`Network Infrastructure`) * Auth0 (`Authentication log`) * AWS CloudFront (`CDN`) * AWS Cloudtrail (`Cloud Log Aggregator`) * AWS CloudWatch (`Cloud service monitoring`) * AWS EMR (`AWS Specific`) * AWS VPN (`VPN`) * Azure AD (`LDAP`) * Azure AD Directory Audit (`Audit`) * Azure Firewall (`Azure Firewall Application Rule`) * Azure Key Vault logging (`Audit`) * Barracuda Firewall (`Firewall`) * Barracuda WAF (`Firewall`) * BeyondTrust Endpoint Privilege Management (`Privileged Account Activity`) * Blue Coat Proxy (`Web Proxy`) * BMC Client Management (`Security`) * Check Point (`Firewall`) * Chrome Management (`Browser`) * Cisco IronPort (`Gateway Security`) * Cisco ISE (`Identity and Access Management`) * Cisco Meraki (`Wireless`) * Cisco Router (`Switches, Routers`) * Cisco Stealthwatch (`Log Aggregator`) * Cisco Switch (`Switches, Routers`) * Cisco TACACS+ (`Authentication`) * Cisco Umbrella Web Proxy (`Web Proxy`) * Cisco WLC/WCS (`Wireless`) * Citrix Netscaler (`Load Balancer, Traffic Shaper, ADC`) * Claroty Continuous Threat Detection (`IoT`) * Cloud Audit Logs (`Google Cloud Specific`) * Cloud Data Loss Prevention (`Google Cloud Specific`) * Cloud SQL (`Google Cloud Specific`) * Cohesity (`Backup Software`) * Corelight (`NDR`) * CrowdStrike Detection Monitoring (`EDR`) * CrowdStrike Falcon (`EDR`) * CrushFTP (`Application server`) * Darktrace (`NDR`) * Delinea Secret Server (`Privileged Account Activity`) * Dell EMC Data Domain (`Storage system`) * Druva Backup (`Security`) * Duo Activity Logs (`Activity`) * Duo Administrator Logs (`Authentication`) * Elastic Windows Event Log Beats (`Log Aggregator`) * Ergon Informatik Airlock IAM (`Application Whitelisting`) * F5 BIGIP Access Policy Manager (`Access Policy Manager`) * F5 BIGIP LTM (`Load Balancer, Traffic Shaper, ADC`) * FireEye HX (`EDR`) * FortiGate (`Firewall`) * Fortinet FortiAnalyzer (`Fortinet FortiAnalyzer`) * Fortinet FortiAuthenticator (`Security`) * Fortinet FortiEDR (`EDR`) * Fortinet Fortimanager (`Network Management and Optimization software`) * GitHub (`SaaS Application`) * GMV Checker ATM Security (`ATM Audit`) * Guardicore Centra (`Deception Software`) * Hashicorp Vault (`Privileged Account Activity`) * HP Aruba (ClearPass) (`Identity and Access Management`) * IBM Cloud Activity Tracker (`Security Log`) * IBM DB2 (`Database`) * IBM Mainframe Storage (`Monitoring`) * IBM OpenPages (`Data Security`) * Imperva (`WAF`) * Imperva CEF (`CEF`) * Imperva DRA (`Data Security`) * Infoblox (`DHCP, DNS`) * Infoblox DNS (`DNS`) * JAMF Pro (`Mac Endpoint Management System`) * Keycloak (`Identity and Access Management`) * Lacework Cloud Security (`Cloud Security`) * Linux Auditing System (AuditD) (`OS`) * Linux DHCP (`DHCP`) * ManageEngine Log360 (`Alert Log`) * McAfee ePolicy Orchestrator (`Policy Management`) * Microsoft AD FS (`LDAP`) * Microsoft Azure Activity (`Misc Windows Specific`) * Microsoft Azure Resource (`Log Aggregator`) * Microsoft Defender For Cloud (`Automation and DevOps Tools`) * Microsoft Defender for Endpoint (`EDR`) * Microsoft Defender for Identity (`EDR`) * Microsoft Graph Activity Logs (`AUDIT`) * Microsoft Graph API Alerts (`Gateway to data and intelligence`) * Microsoft Intune Context (`Mobile Device Management`) * Microsoft SQL Server (`Database`) * Mimecast URL Logs (`Email server log types`) * MISP Threat Intelligence (`Cybersecurity`) * Mobile Endpoint Security (`Mobile Endpoint Security`) * NetApp ONTAP (`Rest api`) * Netskope V2 (`Cloud Security`) * Office 365 (`SaaS Application`) * Okta (`Identity and Access Management`) * One Identity Identity Manager (`unified identity security`) * Opengear Remote Management (`Secure Remote Access`) * Oracle (`DATABASE`) * Oracle Cloud Infrastructure VCN Flow Logs (`Oracle Cloud Infrastructure`) * Palo Alto Networks Firewall (`Firewall`) * Palo Alto Panorama (`Firewall`) * Palo Alto Prisma Cloud Alert payload (`Cloud Security`) * Proofpoint CASB (`CASB`) * Proofpoint Email Filter (`Email Server`) * Proofpoint On Demand (`Email Server`) * Proofpoint Threat Response (`Email Server`) * Pulse Secure (`VPN`) * Radware Web Application Firewall (`Firewall`) * SailPoint IAM (`Identity and Access Management`) * Saiwall VPN (`VPN`) * Salesforce (`SaaS Application`) * Sentinelone Alerts (`Endpoint Security`) * SonicWall (`Firewall`) * Sophos Central (`AV / Endpoint`) * Sophos Firewall (Next Gen) (`Firewall`) * Squid Web Proxy (`Web Proxy`) * STIX Threat Intelligence (`Cybersecurity Threats`) * Suricata EVE (`IPS IDS`) * Symantec DLP (`DLP`) * Symantec Endpoint Protection (`AV / Endpoint`) * Symantec Web Security Service (`Web Proxy`) * TINTRI (`Data Security`) * Trend Micro Apex one (`Endpoint Security`) * TrendMicro Apex Central (`Endpoint`) * UberAgent (`Security`) * Veeam (`Backup software`) * Velo Firewall (`FIREWALL`) * VMware AirWatch (`Wireless`) * VMware NSX (`Network and Security Virtualization`) * VMware vCenter (`Server`) * WatchGuard (`Syslog and KV`) * Wazuh (`Log Aggregator`) * Windows Event (`Endpoint`) * Windows Event (XML) (`AV / Endpoint`) * Windows Sysmon (`DNS`) * Workday User Activity (`N/A`) * Workspace Activities (`Google Cloud Specific`) * XAMS by Xiting (`Log Aggregator`) * ZeroFox Platform (`Database`) * Zscaler (`Web Proxy`) * Zywall (`Network infrastructure`) The following log types were added without a default parser. Each parser is listed by product name and `log_type` value, if applicable. * Adaptive Shield (`ADAPTIVE_SHIELD`) * Agiloft (`AGILOFT`) * Airwatch Context (`AIRWATCH_CONTEXT`) * Attack IQ (`ATTACK_IQ`) * AWS PY Tools (`AWS_PY_TOOLS`) * Bindplane Agent (`BINDPLANE_AGENT`) * BindPlane Audit Logs (`BINDPLANE`) * Bitsight (`BITSIGHT`) * Bitvise SFTP (`BITVISE_SFTP`) * Ciena Router logs (`CIENA_ROUTER`) * Cisco Viptela (`CISCO_VIPTELA`) * Colinet Trotta GAUS SEGUROS (`CT_GAUS_SEGUROS`) * Conductor One (`CONDUCTOR_ONE`) * Crowdstrike Endpoint Security API (`CS_ENDPOINT_SECURITY_API`) * Fiserv SecureNow (`SECURE_NOW`) * Greenhouse Harvest (`GREENHOUSE_HARVEST`) * Harness IO (`HARNESS_IO`) * Hashicorp Boundary (`HASHICORP_BOUNDARY`) * HP Linux (`HP_LINUX`) * IBM Security Guardium Insights (`IBM_INSIGHTS`) * Imperva Attack Analytics (`IMPERVA_ATTACK_ANALYTICS`) * INTEL471 Watcher Alerts (`INTEL471_WATCHER_ALERTS`) * JAMF Security Cloud (`JAMF_SECURITY_CLOUD`) * JBoss Web (`JBOSS_WEB`) * Kandji Context (`KANDJI_CONTEXT`) * Lenels2 Elements Secure (`LENELS2_ELEMENTS_SECURE`) * ManageEngine OpUtils (`MANAGE_ENGINE_OPUTILS`) * Microsoft Graph Incident (`MICROSOFT_GRAPH_INCIDENT`) * Miro (`MIRO`) * Open Policy Agent (`OPA`) * Oracle Access Manager (`ORACLE_AM`) * Oracle Enterprise Manager (`ORACLE_OEM`) * Perception Point XRay (`PERCEPTION_POINT_XRAY`) * RedSift BrandTrust (`REDSIFT_BRANDTRUST`) * Riverbed (`RIVERBED`) * SAP Sybase Adaptive Server Enterprise Database (`SAP_ASE`) * Sharefile Logs (`SHAREFILE_LOGS`) * Smartsheet (`SMARTSHEET`) * Statusgator (`STATUSGATOR`) * Titan MFT (`TITAN_MFT`) * Upwind (`UPWIND`) * Vanta Context (`VANTA_CONTEXT`) * Varnish Cache (`VARNISH_CACHE`) * Vercel WAF (`VERCEL_WAF`) * Veriato Cerebral (`VERIATO_CEREBRAL`) For a list of supported log types and details about default parser changes, see [Supported log types and default parsers](https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers).