Google SecOps has updated the list of supported default parsers
Share
Services
## Change
Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.
The following supported default parsers have changed. Each parser is listed by product name and `log_type` value, if applicable. This list now includes both released default parsers and pending parser updates.
* Absolute Mobile Device Management (`Mobile Device Management`)
* Atlassian Cloud Admin Audit (`Audit`)
* AWS VPC Flow (`AWS Specific`)
* Azure AD (`LDAP`)
* Azure Application Gateway (`GATEWAY`)
* Azure SQL (`Database`)
* Azure Storage Audit (`Storage`)
* Blue Coat Proxy (`Web Proxy`)
* Check Point Harmony (`Remote Access Tools`)
* Cisco ASA (`firewall`)
* Cisco Firepower NGFW (`Firewall`)
* Cisco Meraki (`Wireless`)
* Cisco Router (`Switches, Routers`)
* Cisco Umbrella SWG DLP (`DLP`)
* Cisco VPN (`VPN`)
* Citrix Netscaler (`Load Balancer, Traffic Shaper, ADC`)
* Claroty Continuous Threat Detection (`IoT`)
* Cloud Audit Logs (`Google Cloud Specific`)
* Cloud DNS (`Google Cloud Specific`)
* Code42 Incydr (`Data loss prevention (DLP)`)
* Colinet Trotta GAUS SEGUROS (`Alert`)
* CrowdStrike Falcon (`EDR`)
* Delinea Distributed Engine (`Application server logs`)
* Druva Backup (`Security`)
* Duo Administrator Logs (`Authentication`)
* Elastic Audit Beats (`ALERTING`)
* F5 BIGIP LTM (`Load Balancer, Traffic Shaper, ADC`)
* Forcepoint NGFW (`Network`)
* FortiGate (`Firewall`)
* GitHub (`SaaS Application`)
* Google Cloud Identity Context (`Identity and Access Management`)
* Guardicore Centra (`Deception Software`)
* HPE Aruba Networking Central (`Data Security`)
* Imperva Advanced Bot Protection (`Bot Protection`)
* Kubernetes Audit Azure (`Log Aggregator`)
* Linux Auditing System (AuditD) (`OS`)
* Maria Database (`Database`)
* Microsoft Defender for Endpoint (`EDR`)
* Opnsense (`Firewall and Routing Platform`)
* Oracle NetSuite (`CASB`)
* Palo Alto Panorama (`Firewall`)
* Palo Alto Prisma Cloud Alert payload (`Cloud Security`)
* Ping One (`NA`)
* Proofpoint Observeit (`Email Server`)
* Proofpoint Threat Response (`Email Server`)
* QNAP Systems NAS (`Storage solutions`)
* Reserved LogType2 (`LDAP`)
* Salesforce (`SaaS Application`)
* SAP Sybase Adaptive Server Enterprise Database (`Database`)
* Sentinelone Alerts (`Endpoint Security`)
* Snort (`IDS/IPS`)
* Solaris system (`OS`)
* Sourcefire (`IDS/IPS`)
* Suricata IDS (`IDS/IPS`)
* Symantec DLP (`DLP`)
* Symantec Event export (`SEP`)
* Trend Micro Vision One (`AV and endpoint logs`)
* TrendMicro Apex Central (`Endpoint`)
* Twingate (`VPN`)
* Wazuh (`Log Aggregator`)
* Windows DHCP (`DHCP`)
* Windows Event (`Endpoint`)
* Windows Network Policy Server (`Authentication`)
* Windows Sysmon (`DNS`)
The following log types were added without a default parser. Each parser is listed by product name and `log_type` value, if applicable.
* Addigy MDM (`ADDIGY_MDM`)
* Akamai DataStream 2 (`AKAMAI_DATASTREAM_2`)
* Anzenna (`ANZENNA`)
* AWS ECS Metrics (`AWS_ECS_METRICS`)
* Azure Log Analytics Workspace (`AZURE_LOG_ANALYTICS_WORKSPACE`)
* Blockdaemon API (`BLOCKDAEMON_API`)
* Chronicle Feed (`CHRONICLE_FEED`)
* Claroty xDome Secure Access (`CLAROTY_XDOME_SECURE_ACCESS`)
* Cloudflare Spectrum (`CLOUDFLARE_SPECTRUM`)
* Cloudsek Alerts (`CLOUDSEK_ALERTS`)
* CloudWaves Sensato Nightingale Honeypot (`SENSATO_HONEYPOT`)
* Docker Hub Activity (`DOCKER_HUB_ACTIVITY`)
* Fortinet FortiDDoS (`FORTINET_FORTIDDOS`)
* Honeywell Cyber Insights (`HONEYWELL_CYBERINSIGHTS`)
* IPFire (`IPFIRE`)
* Jamf Connect (`JAMF_CONNECT`)
* KnowBe4 Audit Log (`KNOWBE4`)
* LogicGate (`LOGICGATE`)
* ManageEngine NCM (`MANAGEENGINE_NCM`)
* Microsoft Dotnet Log Files (`MICROSOFT_DOTNET`)
* Nessus Network Monitor (`NESSUS_NETWORK_MONITOR`)
* Netography Fusion (`NETOGRAPHY_FUSION`)
* Netwrix StealthAudit (`NETWRIX_STEALTHAUDIT`)
* Oomnitza (`OOMNITZA`)
* Open CTI Platform (`OPENCTI`)
* Oracle EBS (`ORACLE_EBS`)
* Oracle Zero Data Loss Recovery Appliance (`ORACLE_ZDLRA`)
* PhishAlarm (`PHISHALARM`)
* Savvy Security (`SAVVY_SECURITY`)
* Symantec Security Analytics (`SYMANTEC_SA`)
* Venafi ZTPKI (`VENAFI_ZTPKI`)
For a list of supported log types and details about default parser changes, see [Supported log types and default parsers](https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers).