Google SecOps has updated the list of supported default parsers

## Change Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so changes may take one-to-four days to appear in your region. The following supported default parsers have been updated. Each parser is listed by product name and `log_type` value, if applicable. This list now includes both released default parsers and pending parser updates. * 1Password Audit Events (`ONEPASSWORD_AUDIT_EVENTS`) * AIX system (`AIX_SYSTEM`) * Akamai DataStream 2 (`AKAMAI_DATASTREAM_2`) * Alveo Risk Data Management (`ALVEO_RDM`) * Amazon API Gateway (`AWS_API_GATEWAY`) * Apache Tomcat (`TOMCAT`) * Appian Cloud (`APPIAN_CLOUD`) * Arcsight CEF (`ARCSIGHT_CEF`) * Asset Panda (`ASSET_PANDA`) * Aware Audit (`AWARE_AUDIT`) * Aware Signals (`AWARE_SIGNALS`) * AWS Cloudtrail (`AWS_CLOUDTRAIL`) * AWS CloudWatch (`AWS_CLOUDWATCH`) * AWS ECS Metrics (`AWS_ECS_METRICS`) * AWS Elastic Load Balancer (`AWS_ELB`) * AWS GuardDuty (`GUARDDUTY`) * AWS Inspector (`AWS_INSPECTOR`) * AWS Lambda Function (`AWS_LAMBDA_FUNCTION`) * AWS RDS (`AWS_RDS`) * AWS Redshift (`AWS_REDSHIFT`) * AWS Route 53 DNS (`AWS_ROUTE_53`) * AWS Security Hub (`AWS_SECURITY_HUB`) * AWS VPC Flow (`AWS_VPC_FLOW`) * AWS WAF (`AWS_WAF`) * Azure AD Directory Audit (`AZURE_AD_AUDIT`) * Azure AD Organizational Context (`AZURE_AD_CONTEXT`) * Azure Application Gateway (`AZURE_GATEWAY`) * Azure Firewall (`AZURE_FIREWALL`) * Azure Key Vault logging (`AZURE_KEYVAULT_AUDIT`) * Barracuda CloudGen Firewall (`BARRACUDA_CLOUDGEN_FIREWALL`) * Barracuda WAF (`BARRACUDA_WAF`) * BeyondTrust BeyondInsight (`BEYONDTRUST_BEYONDINSIGHT`) * Blue Coat Proxy (`BLUECOAT_WEBPROXY`) * Broadcom Support Portal Audit Logs (`BROADCOM_SUPPORT_PORTAL`) * Cato Networks (`CATO_NETWORKS`) * Cequence Bot Defense (`CEQUENCE_BOT_DEFENSE`) * Check Point (`CHECKPOINT_FIREWALL`) * ChromeOS XDR (`CHROMEOS_XDR`) * Cisco Email Security (`CISCO_EMAIL_SECURITY`) * Cisco EStreamer (`CISCO_ESTREAMER`) * Cisco Firepower NGFW (`CISCO_FIREPOWER_FIREWALL`) * Cisco FireSIGHT Management Center (`CISCO_FIRESIGHT`) * Cisco Internetwork Operating System (`CISCO_IOS`) * Cisco IronPort (`CISCO_IRONPORT`) * Cisco ISE (`CISCO_ISE`) * Cisco NX-OS (`CISCO_NX_OS`) * Cisco Switch (`CISCO_SWITCH`) * Cisco Umbrella Cloud Firewall (`UMBRELLA_FIREWALL`) * Cisco vManage SD-WAN (`CISCO_SDWAN`) * Cisco VPN (`CISCO_VPN`) * Citrix Netscaler (`CITRIX_NETSCALER`) * Citrix Storefront (`CITRIX_STOREFRONT`) * Claroty Xdome (`CLAROTY_XDOME`) * Cloud Audit Logs (`N/A`) * Cloud Data Loss Prevention (`N/A`) * Cloudflare Network Analytics (`CLOUDFLARE_NETWORK_ANALYTICS`) * Cloudflare WAF (`CLOUDFLARE_WAF`) * Cloudflare Warp (`CLOUDFLARE_WARP`) * CommVault (`COMMVAULT`) * CrowdStrike Detection Monitoring (`CS_DETECTS`) * CrowdStrike Falcon (`CS_EDR`) * CrowdStrike Falcon Stream (`CS_STREAM`) * CrowdStrike Identity Protection Services (`CS_IDP`) * CrushFTP (`CRUSHFTP`) * Custom Application Access Logs (`CUSTOM_APPLICATION_ACCESS`) * CyberArk Privileged Access Manager (PAM) (`CYBERARK_PAM`) * Cybereason EDR (`CYBEREASON_EDR`) * Cyolo Secure Remote Access for OT (`CYOLO_OT`) * Datadog (`DATADOG`) * Delinea Secret Server (`DELINEA_SECRET_SERVER`) * Dell CyberSense (`DELL_CYBERSENSE`) * Digicert (`DIGICERT`) * Edgio WAF (`EDGIO_WAF`) * Elastic Packet Beats (`ELASTIC_PACKETBEATS`) * F5 ASM (`F5_ASM`) * F5 DNS (`F5_DNS`) * Forcepoint DLP (`FORCEPOINT_DLP`) * Forcepoint NGFW (`FORCEPOINT_FIREWALL`) * Forgerock OpenIdM (`FORGEROCK_OPENIDM`) * FortiGate (`FORTINET_FIREWALL`) * Fortinet FortiAnalyzer (`FORTINET_FORTIANALYZER`) * Fortinet Fortimanager (`FORTINET_FORTIMANAGER`) * Fortinet Web Application Firewall (`FORTINET_FORTIWEB`) * GitHub (`GITHUB`) * Gitlab (`GITLAB`) * Harness IO (`HARNESS_IO`) * Hashicorp Vault (`HASHICORP`) * Hillstone Firewall (`HILLSTONE_NGFW`) * Huawei Switches (`HUAWEI_SWITCH`) * IBM Guardium (`GUARDIUM`) * Imperva Database (`IMPERVA_DB`) * Intel Endpoint Management Assistant (`INTEL_EMA`) * JAMF Security Cloud (`JAMF_SECURITY_CLOUD`) * JFrog Artifactory (`JFROG_ARTIFACTORY`) * JumpCloud Directory Insights (`JUMPCLOUD_DIRECTORY_INSIGHTS`) * Juniper (`JUNIPER_FIREWALL`) * Kaspersky AV (`KASPERSKY_AV`) * Kaspersky Endpoint (`KASPERSKY_ENDPOINT`) * Kolide Endpoint Security (`KOLIDE`) * Kubernetes Audit (`KUBERNETES_AUDIT`) * Layer7 SiteMinder (`SITEMINDER_SSO`) * Linux Auditing System (AuditD) (`AUDITD`) * Looker Audit (`LOOKER_AUDIT`) * ManageEngine ADAudit Plus (`ADAUDIT_PLUS`) * ManageEngine ADManager Plus (`ADMANAGER_PLUS`) * McAfee Web Gateway (`MCAFEE_WEBPROXY`) * Metabase (`METABASE`) * Microsoft AD FS (`ADFS`) * Microsoft Azure Activity (`AZURE_ACTIVITY`) * Microsoft Azure NSG Flow (`AZURE_NSG_FLOW`) * Microsoft CyberX (`CYBERX`) * Microsoft Defender for Endpoint (`MICROSOFT_DEFENDER_ENDPOINT`) * Microsoft Defender for Identity (`MICROSOFT_DEFENDER_IDENTITY`) * Microsoft Defender for Office 365 (`MICROSOFT_DEFENDER_MAIL`) * Microsoft IIS (`IIS`) * Microsoft PowerShell (`POWERSHELL`) * Microsoft Sentinel (`MICROSOFT_SENTINEL`) * Microsoft System Center Endpoint Protection (`MICROSOFT_SCEP`) * Mikrotik Router (`MIKROTIK_ROUTER`) * Mimecast (`MIMECAST_MAIL`) * MISP Threat Intelligence (`MISP_IOC`) * NetIQ eDirectory (`NETIQ_EDIRECTORY`) * Netskope V2 (`NETSKOPE_ALERT_V2`) * Nozomi Networks Scada Guardian (`NOZOMI_GUARDIAN`) * Office 365 (`OFFICE_365`) * Okta (`OKTA`) * Okta User Context (`OKTA_USER_CONTEXT`) * One Identity Identity Manager (`ONE_IDENTITY_IDENTITY_MANAGER`) * Oort Security Tool (`OORT`) * Open Cybersecurity Schema Framework (OCSF) (`OCSF`) * Open LDAP (`OPENLDAP`) * Opnsense (`OPNSENSE`) * Ops Genie (`OPS_GENIE`) * Oracle (`ORACLE_DB`) * Oracle Cloud Guard (`OCI_CLOUDGUARD`) * Oracle Cloud Infrastructure Audit Logs (`OCI_AUDIT`) * Orca Cloud Security Platform (`ORCA`) * Palo Alto Cortex XDR Alerts (`CORTEX_XDR`) * Palo Alto Networks Firewall (`PAN_FIREWALL`) * Palo Alto Panorama (`PAN_PANORAMA`) * Palo Alto Prisma Access (`PAN_CASB`) * Palo Alto Prisma Cloud Alert payload (`PAN_PRISMA_CA`) * Pharos (`PHAROS`) * Privacy-I (`PRIVACY_I`) * Proofpoint On Demand (`PROOFPOINT_ON_DEMAND`) * Proofpoint Tap Alerts (`PROOFPOINT_MAIL`) * Proofpoint Threat Response (`PROOFPOINT_TRAP`) * Radware Web Application Firewall (`RADWARE_FIREWALL`) * ReviveSec (`REVIVESEC`) * Rubrik (`RUBRIK`) * Salesforce (`SALESFORCE`) * Sangfor Proxy (`SANGFOR_PROXY`) * Security Command Center Posture Violation (`GCP_SECURITYCENTER_POSTURE_VIOLATION`) * Security Command Center Threat (`N/A`) * Security Command Center Toxic Combination (`GCP_SECURITYCENTER_TOXIC_COMBINATION`) * ServiceNow CMDB (`SERVICENOW_CMDB`) * Snare System Diagnostic Logs (`SNARE_SOLUTIONS`) * Snipe-IT (`SNIPE_IT`) * Snyk Group level audit/issues logs (`SNYK_ISSUES`) * SonicWall (`SONIC_FIREWALL`) * Sophos Central (`SOPHOS_CENTRAL`) * Swimlane Platform (`SWIMLANE`) * Symantec DLP (`SYMANTEC_DLP`) * Symantec Event export (`SYMANTEC_EVENT_EXPORT`) * Symantec Web Security Service (`SYMANTEC_WSS`) * Tanium Question (`TANIUM_QUESTION`) * Tanium Threat Response (`TANIUM_THREAT_RESPONSE`) * Teleport Access Plane (`TELEPORT_ACCESS_PLANE`) * Tenable Active Directory Security (`TENABLE_ADS`) * Tenable CSPM (`TENABLE_CSPM`) * tenable.io (`TENABLE_IO`) * Terraform Enterprise Audit (`TERRAFORM_ENTERPRISE`) * Thinkst Canary (`THINKST_CANARY`) * ThreatX WAF (`THREATX_WAF`) * Trend Micro Email Security Advanced (`TRENDMICRO_EMAIL_SECURITY`) * Trend Micro Vision One (`TRENDMICRO_VISION_ONE`) * TrendMicro Apex Central (`TRENDMICRO_APEX_CENTRAL`) * TXOne Stellar (`TRENDMICRO_STELLAR`) * UKG (`UKG`) * Unix system (`NIX_SYSTEM`) * UPX AntiDDoS (`UPX_ANTIDDOS`) * VanDyke SFTP (`VANDYKE_SFTP`) * Varonis (`VARONIS`) * Vectra Alerts (`VECTRA_ALERTS`) * Vectra Stream (`VECTRA_STREAM`) * VMware AirWatch (`AIRWATCH`) * Vmware Avinetworks iWAF (`VMWARE_AVINETWORKS_IWAF`) * VMware ESXi (`VMWARE_ESX`) * VMware Horizon (`VMWARE_HORIZON`) * Watchguard EDR (`WATCHGUARD_EDR`) * Windows Defender AV (`WINDOWS_DEFENDER_AV`) * Windows DHCP (`WINDOWS_DHCP`) * Windows DNS (`WINDOWS_DNS`) * Windows Event (`WINEVTLOG`) * Windows Event (XML) (`WINEVTLOG_XML`) * Windows Sysmon (`WINDOWS_SYSMON`) * Workday Audit Logs (`WORKDAY_AUDIT`) * Workday User Activity (`WORKDAY_USER_ACTIVITY`) * WPEngine (`WPENGINE`) * Zimperium (`ZIMPERIUM`) * Zscaler (`ZSCALER_WEBPROXY`) * ZScaler DNS (`ZSCALER_DNS`) * Zscaler Internet Access Audit Logs (`ZSCALER_INTERNET_ACCESS`) * ZScaler NGFW (`ZSCALER_FIREWALL`) The following log types were added without a default parser. Each parser is listed by product name and `log_type` value, if applicable. * Accenture Synthetic (`ACCENTURE_SYNTHETIC`) * Adyen Platform (`ADYEN`) * AliCloud ActionTrail (`ALICLOUD_ACTIONTRAIL`) * Apache LOG4J Java Application Log (`LOG4J`) * AppSmith Audit (`APPSMITH_AUDIT`) * Arctic Security Arctic Node (`ARCTIC_NODE`) * Arista CorvilNet DANZ Integration (`ARISTA_CORVILNET`) * Arista Extensible Operating System (`ARISTA_EOS`) * AvePoint EnPower (`AVEPOINT_ENPOWER`) * Avigilon Alta Cloud Security (`AVIGILON_ALTA_CLOUD_SECURITY`) * Avigilon Ava Security Camera (`AVIGILON_AVA_SECURITY_CAMERA`) * AWS Dasha (`AWS_DASHA`) * AWS Elastic Kubernetes Service (`AWS_EKS`) * Azure Network Security Group Event (`AZURE_NSG_EVENT`) * Azure Windows Virtual Desktop Connections Logs (`AZURE_WVD_CONNECTIONS`) * Azure Windows Virtual Desktop Management Logs (`AZURE_WVD_MANAGEMENT`) * Barracuda Load Balancer ADC (`BARRACUDA_LOAD_BALANCER`) * Broadcom Edge Secure Web Gateway (`BROADCOM_EDGE_SWG`) * Celonis Audit Logs (`CELONIS`) * Chopin PrePay Solutions (`CHOPIN_PPS`) * Cisco Duo Authentication Proxy (`DUO_AUTH_PROXY`) * Cloudflare CASB Findings (`CLOUDFLARE_CASB_FINDINGS`) * Cloudflare Device posture results (`CLOUDFLARE_DEVICE_POSTURE_RESULTS`) * Cloudflare DLP Forensic Copies (`CLOUDFLARE_DLP_FORENSIC_COPIES`) * Cloudflare DNS Firewall Logs (`CLOUDFLARE_DNS_FIREWALL_LOGS`) * Cloudflare DNS logs (`CLOUDFLARE_DNS_LOGS`) * Cloudflare Email Security Alerts (`CLOUDFLARE_EMAIL_SECURITY_ALERTS`) * Cloudflare Firewall Events (`CLOUDFLARE_FIREWALL_EVENTS`) * Cloudflare Gateway DNS (`CLOUDFLARE_GATEWAY_DNS`) * Cloudflare Gateway HTTP (`CLOUDFLARE_GATEWAY_HTTP`) * Cloudflare Gateway Network (`CLOUDFLARE_GATEWAY_NETWORK`) * Cloudflare HTTP requests (`CLOUDFLARE_HTTP_REQUESTS`) * Cloudflare Magic IDS Detections (`CLOUDFLARE_MAGIC_IDS_DETECTIONS`) * Cloudflare NEL reports (`CLOUDFLARE_NEL_REPORTS`) * Cloudflare Sinkhole HTTP Logs (`CLOUDFLARE_SINKHOLE_HTTP_LOGS`) * Cloudflare SSH Logs (`CLOUDFLARE_SSH_LOGS`) * Cloudflare Workers Trace Events (`CLOUDFLARE_WORKERS_TRACE_EVENTS`) * Cloudflare Zero Trust Network Session (`CLOUDFLARE_ZERO_TRUST_NETWORK_SESSION`) * CloudWave Honeypot (`CLOUDWAVE_HONEYPOT`) * ColorTokens (`COLORTOKENS`) * Contrast Security (`CONTRAST_SECURITY`) * Conversational Agents and Dialogflow (`CONVERSATIONAL_AGENT`) * Corero SmartWall One (`CORERO_SMARTWALL_ONE`) * Cytracom Control One (`CYTRACOM_CONTROL_ONE`) * Datadog Application Security Management (`DATADOG_ASM`) * Express NodeJS (`EXPRESS_NODEJS`) * F5 Distributed Cloud WAF (`F5_DCS_WAF`) * Figma Developers (`FIGMA`) * FIS Trax Payment Factory (`TRAX`) * Fortinet FortiDeceptor (`FORTINET_FORTIDECEPTOR`) * Fortinet FortiSASE (`FORTINET_FORTISASE`) * Gemini Code Assist (`GEMINI_CODE_ASSIST`) * Genea Access Control (`GENEA_ACCESS_CONTROL`) * Genetec Synergis (`GENETEC_SYNERGIS`) * GL TRADE (`GL_TRADE`) * HP Inc MFP (`HP_INC_MFP`) * HP Tandem (`HP_TANDEM`) * Huawei Versatile Routing Platform (`HUAWEI_VRP`) * Human Security (`HUMAN_SECURITY`) * iManage Threat Manager (`IMANAGE_THREAT_MANAGER`) * Indefend DLP (`INDEFEND_DLP`) * Invicti (`INVICTI`) * Isonline ISL Light (`ISL_LIGHT`) * Itential Pronghorn (`ITENTIAL_PRONGHORN`) * Jit (`JIT`) * Kodem Security (`KODEM_SECURITY`) * Konica Minolta YSoft SafeQ (`YSOFT_SAFEQ`) * LayerX (`LAYERX`) * LinOTP (`LIN_OTP`) * Magento Cloud (`MAGENTO_CLOUD`) * Mandiant Advantage Security Validation (`MA_SV`) * NetApp ONTAP Audit (`NETAPP_ONTAP_AUDIT`) * Netscout Arbor Threat Mitigation System (`NETSCOUT_TMS`) * Netwrix Privilege Secure (`NETWRIX_PRIVILEGE_SECURE`) * NeuVector SUSE (`NEUVECTOR`) * Novidea Insurance Management System (`NOVIDEA_CLAIM_HISTORY`) * OneTrust (`ONETRUST`) * Openpath Context (`OPENPATH_CONTEXT`) * Oracle Audit Vault Database Firewall (`ORACLE_AVDF`) * Oracle CPQ (`ORACLE_CPQ`) * Oracle Exadata Database Machine (`ORACLE_EXADATA`) * Palo Alto Prisma Cloud Workload Protection (`PAN_PRISMA_CWP`) * Palo Alto Prisma Dig Cloud DSPM (`PAN_PRISMA_DIG_CLOUD_DSPM`) * Panorays (`PANORAYS`) * Pathlock Identity Security Platform (`PATHLOCK`) * Procore (`PROCORE`) * ProofPoint Email Protection (`PROOFPOINT_EMAIL_PROTECTION`) * Radiantone (`RADIANTONE`) * Radware Cloud WAF Service Access (`RADWARE_ACCESS`) * Reblaze Web Application Firewall (`REBLAZE_WAF`) * Red Access Browsing Security (`RED_ACCESS`) * SafeNet Network HSM (`SAFENET_HSM`) * Salesforce Marketing Cloud Audit (`SALESFORCE_MARKETING_CLOUD_AUDIT`) * Salesforce Shield (`SALESFORCE_SHIELD`) * Sangfor IAG (`SANGFOR_IAG`) * SAP Leasing (`SAP_LEASING`) * SAS Institute (`SAS_INSTITUTE`) * Securden (`SECURDEN`) * SecurEnvoy SecurAccess (`SECURENVOY_MFA`) * Securesoft Sniper IPS (`SECURESOFT_SNIPER_IPS`) * Sentra Data Loss Prevention (`SENTRA_DLP`) * Shield IoT (`SHIELD_IOT`) * Siemens Simatic S7 PLC SNMP (`SIEMENS_S7_PLC_SNMP`) * Siemens Simatic S7 PLC SYSLOG (`SIEMENS_S7_PLC_SYSLOG`) * Smartsheet User Context (`SMARTSHEET_USER_CONTEXT`) * Snowflake Access (`SNOWFLAKE_ACCESS`) * SOCRadar Incidents (`SOCRADAR_INCIDENTS`) * Strata Maverics Identity Orchestration Platform (`STRATA_MAVERICS`) * Stripe Payments (`STRIPE`) * Suridata (`SURIDATA`) * Teradata Access (`TERADATA_ACCESS`) * Thales payShield 10K HSM (`THALES_PS10K_HSM`) * Trend Micro TippingPoint Security Management System (`TREND_MICRO_TIPPING_POINT`) * Valence Security (`VALENCE`) * Vertica Audit (`VERTICA_AUDIT`) * Windows NTP (`WINDOWS_NTP`) * Winget Autoupdate (`WINGET_AUTOUPDATE`) * Wiz Runtime Execution Data (`WIZ_RUNTIME_EXECUTION_DATA`) * Workiva Wdesk (`WORKIVA_WDESK`) * XL Release (`XLR`) * Yugabyte Database (`YUGABYTE_DATABASE`) For a list of supported log types and details about default parser changes, see [Supported log types and default parsers](https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers).