New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources

## Announcement Announcement **New parser documentation now available** New parser documentation is available to help you ingest and normalize logs from the following sources: * [Collect Absolute Secure Endpoint logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/absolute-se) * [Collect AIDE (Advanced Intrusion Detection Environment) logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/aide) * [Collect Akamai Enterprise Application Access logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/akamai-eaa) * [Collect Apache Hadoop logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/apache-hadoop) * [Collect Armis Vulnerabilities logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/armis-vulnerabilities) * [Collect Array Networks SSL VPN logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/arraynetworks-vpn) * [Collect Aruba IPS logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/aruba-ips) * [Collect Atlassian Confluence logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/atlassian-confluence) * [Collect Cisco AMP for Endpoints logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cisco-amp-for-endpoints) * [Collect Cisco APIC logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cisco-apic) * [Collect Cisco Application Centric Infrastructure (ACI) logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cisco-aci) * [Collect Cisco CallManager logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cisco-callmanager) * [Collect Cisco CloudLock CASB logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cisco-cloudlock-casb) * [Collect Cisco DNA Center Platform logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cisco-dnac) * [Collect Cisco eStreamer logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cisco-estreamer) * [Collect Cribl Stream logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cribl-stream) * [Collect CrowdStrike FileVantage logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cs-filevantage) * [Collect CrowdStrike IDP Services logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cs-idp) * [Collect Cynet 360 AutoXDR logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/cynet360-autoxdr) * [Collect Digital Shadows SearchLight logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/digital-shadows-searchlight) * [Collect Duo Telephony logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/duo-telephony) * [Collect Edgio WAF logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/edgio-waf) * [Collect Elastic Auditbeat logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/elastic-auditbeat) * [Collect Elastic Packet Beats logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/elastic-packetbeats) * [Collect Elasticsearch logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/elasticsearch) * [Collect Entrust nShield HSM audit logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/entrust-nshield-hsm-audit) * [Collect Imperva Advanced Bot Protection logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/imperva-abp) * [Collect Imperva Attack Analytics logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/imperva-aa) * [Collect Imperva Audit Trail logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/imperva-audit-trail) * [Collect Imperva CEF logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/imperva-cef) * [Collect Imperva Data Risk Analytics (DRA) logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/imperva-dra) * [Collect Imperva Database logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/imperva-db) * [Collect Imperva FlexProtect logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/imperva-flexprotect) * [Collect Imperva SecureSphere Management logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/imperva-ssm) * [Collect Kiteworks (formally Accellion) logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/accellion) * [Collect Proofpoint Emerging Threats Pro IOC logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/proofpoint-etp-ioc) * [Collect ServiceNow audit logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/servicenow-audit) * [Collect Team Cymru Scout Threat Intelligence data](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/team-cymru-scout-ti) * [Collect URLScan IO logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/urlscan-io) * [Collect Uptycs EDR logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/uptycs-edr) * [Collect VanDyke VShell SFTP logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/vandyke-vshell-sftp) * [Collect Zendesk CRM logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/zendesk-crm) * [Collect ZeroFox Platform logs](https://cloud.google.com/chronicle/docs/ingestion/default-parsers/zerofox-platform) ## Feature Feature **Enhance threat visibility and detection with Emerging Threats** The new **Emerging Threats** page provides AI-powered threat intelligence to help you understand how current threat campaigns might affect your organization. Powered by Google Threat Intelligence (GTI) and Gemini models, this page offers a curated view of critical global threats relevant to your environment. Emerging Threats continuously aligns intelligence from GTI with your organization's telemetry to highlight detection coverage and identify gaps. When it finds a gap, it uses Gemini to automatically draft new detection rules to accelerate your response. For more details, see [Emerging Threats overview](https://cloud.google.com/chronicle/docs/detection/emerging-threats),[Emerging Threats feed](https://cloud.google.com/chronicle/docs/detection/emerging-threats-feed),and[Emerging Threats detailed view](https://cloud.google.com/chronicle/docs/detection/emerging-threats-detailed-view). ## Feature Feature **Use the Triage Agent to investigate alerts** You can now use Triage Agent, an AI-powered investigation assistant, to analyze alerts in Google SecOps. Triage Agent determines if an alert is a true or false positive, provides a summarized explanation for its conclusion, and suggests next steps for further investigation. You can trigger investigations manually or have them run automatically on supported alert types. Each investigation produces a detailed report that includes the agent's disposition, a summary of its findings, and a timeline of the analysis. For more details, see [Use Triage Agent to investigate alerts](https://cloud.google.com/chronicle/docs/secops/triage-agent).