Maintained with ☕️ by
IcePanel logo

Google SecOps has updated the list of supported default parsers

Share

Services

## Change Change Google SecOps has updated the list of supported default parsers. Updates propagate gradually; changes typically appear in your region within one to four business days. For more information, see[Supported log types and default parsers](https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers). The following supported default parsers have been updated. Each parser is listed by product name and `log_type` value, where applicable. This list includes both released default parsers and pending parser updates. * A10 Load Balancer (`A10_LOAD_BALANCER`) * AIX system (`AIX_SYSTEM`) * Akamai Cloud Monitor (`AKAMAI_CLOUD_MONITOR`) * AlgoSec Security Management (`ALGOSEC`) * Amazon API Gateway (`AWS_API_GATEWAY`) * Apache (`APACHE`) * Apple macOS (`MACOS`) * AppOmni (`APPOMNI`) * Arcsight CEF (`ARCSIGHT_CEF`) * Arista Switch (`ARISTA_SWITCH`) * Aruba (`ARUBA_WIRELESS`) * Aruba Airwave (`ARUBA_AIRWAVE`) * Aruba EdgeConnect SD-WAN (`ARUBA_EDGECONNECT_SDWAN`) * Aruba Switch (`ARUBA_SWITCH`) * Attivo Networks (`ATTIVO`) * Auth0 (`AUTH_ZERO`) * Automation Anywhere (`AUTOMATION_ANYWHERE`) * Avanan Email Security (`AVANAN_EMAIL`) * AWS Aurora (`AWS_AURORA`) * AWS Cloudtrail (`AWS_CLOUDTRAIL`) * AWS CloudWatch (`AWS_CLOUDWATCH`) * AWS Elastic Load Balancer (`AWS_ELB`) * AWS GuardDuty (`GUARDDUTY`) * AWS RDS (`AWS_RDS`) * AWS Security Hub (`AWS_SECURITY_HUB`) * AWS WAF (`AWS_WAF`) * Azure AD (`AZURE_AD`) * Azure AD Directory Audit (`AZURE_AD_AUDIT`) * Azure AD Sign-In (`AZURE_AD_SIGNIN`) * Azure Front Door (`AZURE_FRONT_DOOR`) * Barracuda Email (`BARRACUDA_EMAIL`) * Barracuda WAF (`BARRACUDA_WAF`) * BeyondTrust (`BOMGAR`) * BeyondTrust BeyondInsight (`BEYONDTRUST_BEYONDINSIGHT`) * BeyondTrust Endpoint Privilege Management (`BEYONDTRUST_ENDPOINT`) * BeyondTrust Secure Remote Access (`BEYONDTRUST_REMOTE_ACCESS`) * BIND (`BIND_DNS`) * Bindplane Agent (`BINDPLANE_AGENT`) * Blue Coat Proxy (`BLUECOAT_WEBPROXY`) * Box (`BOX`) * Carbon Black (`CB_EDR`) * Cato Networks (`CATO_NETWORKS`) * Check Point (`CHECKPOINT_FIREWALL`) * CipherTrust Manager (`CIPHERTRUST_MANAGER`) * Cisco Application Centric Infrastructure (`CISCO_ACI`) * Cisco ASA (`CISCO_ASA_FIREWALL`) * Cisco Email Security (`CISCO_EMAIL_SECURITY`) * Cisco Firepower NGFW (`CISCO_FIREPOWER_FIREWALL`) * Cisco Internetwork Operating System (`CISCO_IOS`) * Cisco ISE (`CISCO_ISE`) * Cisco Meraki (`CISCO_MERAKI`) * Cisco PIX Firewall (`CISCO_PIX_FIREWALL`) * Cisco Router (`CISCO_ROUTER`) * Cisco Stealthwatch (`CISCO_STEALTHWATCH`) * Cisco Switch (`CISCO_SWITCH`) * Cisco Umbrella Audit (`CISCO_UMBRELLA_AUDIT`) * Cisco Umbrella DNS (`UMBRELLA_DNS`) * Cisco vManage SD-WAN (`CISCO_SDWAN`) * Cisco WLC/WCS (`CISCO_WIRELESS`) * Cisco WSA (`CISCO_WSA`) * Citrix Netscaler (`CITRIX_NETSCALER`) * Claroty Continuous Threat Detection (`CLAROTY_CTD`) * Claroty Xdome (`CLAROTY_XDOME`) * Cloud SQL (`GCP_CLOUDSQL`) * Cloudflare (`CLOUDFLARE`) * Cloudflare Audit (`CLOUDFLARE_AUDIT`) * Compute Engine (`GCP_COMPUTE`) * Corelight (`CORELIGHT`) * CrowdStrike Alerts API (`CS_ALERTS`) * CrowdStrike Detection Monitoring (`CS_DETECTS`) * CrowdStrike Falcon (`CS_EDR`) * CrowdStrike Falcon Stream (`CS_STREAM`) * CyberArk (`CYBERARK`) * CyberArk Endpoint Privilege Manager (EPM) (`CYBERARK_EPM`) * CyberArk Privileged Access Manager (PAM) (`CYBERARK_PAM`) * Cyolo Secure Remote Access for OT (`CYOLO_OT`) * Darktrace (`DARKTRACE`) * Delinea Secret Server (`DELINEA_SECRET_SERVER`) * Dell ECS Enterprise Object Storage (`DELL_ECS`) * Dell Switch (`DELL_SWITCH`) * Duo Auth (`DUO_AUTH`) * ExtraHop RevealX (`EXTRAHOP`) * Extreme Wireless (`EXTREME_WIRELESS`) * F5 Advanced Firewall Management (`F5_AFM`) * F5 ASM (`F5_ASM`) * F5 BIGIP Access Policy Manager (`F5_BIGIP_APM`) * F5 BIGIP LTM (`F5_BIGIP_LTM`) * F5 Distributed Cloud Services (`F5_DCS`) * Fastly CDN (`FASTLY_CDN`) * FireEye ETP (`FIREEYE_ETP`) * FireEye NX (`FIREEYE_NX`) * Forcepoint Email Security (`FORCEPOINT_EMAILSECURITY`) * Forescout eyeInspect (`FORESCOUT_EYEINSPECT`) * FortiGate (`FORTINET_FIREWALL`) * Fortinet FortiAnalyzer (`FORTINET_FORTIANALYZER`) * Fortinet Fortimanager (`FORTINET_FORTIMANAGER`) * Fortinet Web Application Firewall (`FORTINET_FORTIWEB`) * GCP\_APP\_ENGINE (`GCP_APP_ENGINE`) * GCP\_MODEL\_ARMOR (`GCP_MODEL_ARMOR`) * GitHub (`GITHUB`) * GitHub Dependabot (`GITHUB_DEPENDABOT`) * Google Cloud Audit (`GCP_CLOUDAUDIT`) * Google Threat Intelligence (`GCP_THREATINTEL`) * H3C Comware Platform Switch (`H3C_SWITCH`) * Hashicorp Vault (`HASHICORP`) * HP Aruba (ClearPass) (`CLEARPASS`) * Huawei Switches (`HUAWEI_SWITCH`) * IBM DataPower Gateway (`IBM_DATAPOWER`) * IBM DB2 (`DB2_DB`) * Illumio Core (`ILLUMIO_CORE`) * Imperva (`IMPERVA_WAF`) * Imperva DRA (`IMPERVA_DRA`) * Island Browser logs (`ISLAND_BROWSER`) * Jamf pro context (`JAMF_PRO_CONTEXT`) * JumpCloud Directory Insights (`JUMPCLOUD_DIRECTORY_INSIGHTS`) * Juniper MX Router (`JUNIPER_MX`) * Keycloak (`KEYCLOAK`) * KnowBe4 PhishER (`KNOWBE4_PHISHER`) * Kolide Endpoint Security (`KOLIDE`) * Kubernetes Node (`KUBERNETES_NODE`) * Linux Auditing System (AuditD) (`AUDITD`) * McAfee DLP (`MCAFEE_DLP`) * McAfee ePolicy Orchestrator (`MCAFEE_EPO`) * McAfee Web Gateway (`MCAFEE_WEBPROXY`) * Microsoft AD FS (`ADFS`) * Microsoft Defender For Cloud (`MICROSOFT_DEFENDER_CLOUD_ALERTS`) * Microsoft Defender for Endpoint (`MICROSOFT_DEFENDER_ENDPOINT`) * Microsoft Graph API Alerts (`MICROSOFT_GRAPH_ALERT`) * Microsoft IIS (`IIS`) * Microsoft Intune (`AZURE_MDM_INTUNE`) * Microsoft PowerShell (`POWERSHELL`) * Microsoft SQL Server (`MICROSOFT_SQL`) * Mimecast Mail V2 (`MIMECAST_MAIL_V2`) * MISP Threat Intelligence (`MISP_IOC`) * Mobileiron (`MOBILEIRON`) * MySQL (`MYSQL`) * NetApp ONTAP (`NETAPP_ONTAP`) * Netfilter IPtables (`NETFILTER_IPTABLES`) * NetIQ Access Manager (`NETIQ_ACCESS_MANAGER`) * Netskope V2 (`NETSKOPE_ALERT_V2`) * Netskope Web Proxy (`NETSKOPE_WEBPROXY`) * Network Policy Server (`MICROSOFT_NPS`) * NGINX (`NGINX`) * Nozomi Networks Scada Guardian (`NOZOMI_GUARDIAN`) * Nutanix Prism (`NUTANIX_PRISM`) * Obsidian (`OBSIDIAN`) * Office 365 (`OFFICE_365`) * Okta (`OKTA`) * Onapsis (`ONAPSIS`) * One Identity TPAM (`ONEIDENTITY_TPAM`) * OneLogin (`ONELOGIN_SSO`) * Open Cybersecurity Schema Framework (OCSF) (`OCSF`) * Oracle (`ORACLE_DB`) * Palo Alto Networks Firewall (`PAN_FIREWALL`) * Palo Alto Panorama (`PAN_PANORAMA`) * Ping Identity (`PING`) * PostFix Mail (`POSTFIX_MAIL`) * PostgreSQL (`POSTGRESQL`) * Proofpoint CASB (`PROOFPOINT_CASB`) * Proofpoint Email Filter (`PROOFPOINT_MAIL_FILTER`) * Proofpoint On Demand (`PROOFPOINT_ON_DEMAND`) * Proofpoint Tap Alerts (`PROOFPOINT_MAIL`) * Pulse Secure (`PULSE_SECURE_VPN`) * QNAP Systems NAS (`QNAP_NAS`) * Radware Web Application Firewall (`RADWARE_FIREWALL`) * Recorded Future (`RECORDED_FUTURE_IOC`) * Red Hat OpenShift (`REDHAT_OPENSHIFT`) * Salesforce (`SALESFORCE`) * SAP Sybase Adaptive Server Enterprise Database (`SAP_ASE`) * Security Command Center Chokepoint (`GCP_SECURITYCENTER_CHOKEPOINT`) * Security Command Center Posture Violation (`GCP_SECURITYCENTER_POSTURE_VIOLATION`) * Security Command Center Threat (`GCP_SECURITYCENTER_THREAT`) * Security Command Center Toxic Combination (`GCP_SECURITYCENTER_TOXIC_COMBINATION`) * ServiceNow Audit (`SERVICENOW_AUDIT`) * Snare System Diagnostic Logs (`SNARE_SOLUTIONS`) * Snyk Group level audit/issues logs (`SNYK_ISSUES`) * Solaris system (`SOLARIS_SYSTEM`) * Sophos Central (`SOPHOS_CENTRAL`) * STIX Threat Intelligence (`STIX`) * Stormshield Firewall (`STORMSHIELD_FIREWALL`) * Sublime Security (`SUBLIMESECURITY`) * Suricata EVE (`SURICATA_EVE`) * Swift Alliance Messaging Hub (`SWIFT_AMH`) * Symantec DLP (`SYMANTEC_DLP`) * Symantec Endpoint Protection (`SEP`) * Symantec Messaging Gateway (`SYMANTEC_MAIL`) * Tableau (`TABLEAU`) * TCPWave DDI (`TCPWAVE_DDI`) * TeamViewer (`TEAMVIEWER`) * Tenable Active Directory Security (`TENABLE_ADS`) * Tenable OT (`TENABLE_OT`) * Tenable.io (`TENABLE_IO`) * Thinkst Canary (`THINKST_CANARY`) * ThreatConnect IOC V3 (`THREATCONNECT_IOC_V3`) * Trellix HX Event Streamer (`TRELLIX_HX_ES`) * Trend Micro (`TIPPING_POINT`) * Trend Micro Vision One (`TRENDMICRO_VISION_ONE`) * Trend Micro Vision One Workbench (`TRENDMICRO_VISION_ONE_WORKBENCH`) * TrendMicro Deep Discovery Inspector (`TRENDMICRO_DDI`) * TXOne Stellar (`TRENDMICRO_STELLAR`) * Unifi AP (`UNIFI_AP`) * Unix system (`NIX_SYSTEM`) * Vectra Detect (`VECTRA_DETECT`) * Vectra XDR (`VECTRA_XDR`) * Veritas NetBackup (`VERITAS_NETBACKUP`) * Versa Firewall (`VERSA_FIREWALL`) * VMware ESXi (`VMWARE_ESX`) * VMware NSX (`VMWARE_NSX`) * VMware vCenter (`VMWARE_VCENTER`) * WatchGuard (`WATCHGUARD`) * Windows DNS (`WINDOWS_DNS`) * Windows Event (`WINEVTLOG`) * Windows Event (XML) (`WINEVTLOG_XML`) * Wiz.io (`WIZ_IO`) * Workday Audit Logs (`WORKDAY_AUDIT`) * Workspace Activities (`WORKSPACE_ACTIVITY`) * Workspace Alerts (`WORKSPACE_ALERTS`) * Zimperium (`ZIMPERIUM`) * Zscaler (`ZSCALER_WEBPROXY`) * Zscaler CASB (`ZSCALER_CASB`) * Zscaler DLP (`ZSCALER_DLP`) * ZScaler DNS (`ZSCALER_DNS`) * Zscaler Internet Access Audit Logs (`ZSCALER_INTERNET_ACCESS`) * ZScaler NGFW (`ZSCALER_FIREWALL`) * Zscaler Private Access (`ZSCALER_ZPA`) * Zscaler Secure Private Access Audit Logs (`ZSCALER_ZPA_AUDIT`) * Zscaler Tunnel (`ZSCALER_TUNNEL`) * Zywall (`ZYWALL`) The following log types were added without a default parser. Each parser is listed by product name and `log_type` value, where applicable. * Aikido (`AIKIDO`) * Akamai API Security (`AKAMAI_API_SECURITY`) * Alkira IP Flow (`ALKIRA_IP_FLOW`) * Atlassian Guard Detect (`ATLASSIAN_GUARD_DETECT`) * BlinkOps (`BLINKOPS`) * Canvas LMS (`CANVAS_LMS`) * Cisco Secure Email Threat Defense (`CISCO_SECURE_EMAIL_THREAT_DEFENSE`) * Cisco StarOS (`CISCO_STAR_OS`) * Citadel Identity360 (`CITADEL_IDENTITY360`) * Cyware Threat Intelligence Exchange (`CTIX`) * Cyberark Identity Audit (`CYBERARK_IDENTITY_AUDIT`) * CyCognito ASM (`CYCOGNITO_ASM`) * Dell VxRail (`DELL_VXRAIL`) * Gene6 FTP Server (`GENE6_FTP`) * IBM Copy Services Manager (`IBM_CSM`) * LangSmith Audit (`LANGSMITH_AUDIT`) * Mellanox Switch (`MELLANOX_SWITCH`) * Microsoft Entra ID Protection (`MICROSOFT_ENTRA_ID_PROTECTION`) * NSFOCUS Next Generation Intrusion Prevention System (`NSFOCUS_NGIPS`) * Perplexity (`PERPLEXITY`) * Pleasant Password Server (`PLEASANT_PASSWORD_SERVER`) * Prompt Security (`PROMPT_SECURITY`) * Qualtrics Audit (`QUALTRICS_AUDIT`) * Rancher API Audit Log (`RANCHER_API_AUDIT_LOG`) * Rubrik Security Cloud (`RUBRIK_SECURITY_CLOUD`) * SAP Business Warehouse (`SAP_BW`) * SAP Change Document (`SAP_CHANGE_DOCUMENT`) * SAP Gateway (`SAP_GATEWAY`) * SAP Hana Audit (`SAP_HANA_AUDIT`) * Scale Computing (`SCALE_COMPUTING`) * Slack API (`SLACK_API`) * Snowplow (`SNOWPLOW`) * Sterling Order Management System Data (`STERLING_OMS_DATA`) * Strivacity (`STRIVACITY`) * Tencent CloudAudit (`TENCENT_CLOUD_AUDIT`) * Trellix EX (`TRELLIX_EX`) * Unifi System (`UNIFI_SYSTEM`) * Windows Bindplane (`WINDOWS_BINDPLANE`) * Witness AI Control (`WITNESS_AI_CONTROL`) * Zendesk Advanced Data Privacy and Protection (`ZENDESK_ADPP`)