Google SecOps has updated the list of supported default parsers
Share
Services
## Change
Change
Google SecOps has updated the list of supported default parsers. Updates propagate gradually; changes typically appear in your region within one to four business days. For more information, see[Supported log types and default parsers](https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers).
The following supported default parsers have been updated. Each parser is listed by product name and `log_type` value, where applicable. This list includes both released default parsers and pending parser updates.
* A10 Load Balancer (`A10_LOAD_BALANCER`)
* AIX system (`AIX_SYSTEM`)
* Akamai Cloud Monitor (`AKAMAI_CLOUD_MONITOR`)
* AlgoSec Security Management (`ALGOSEC`)
* Amazon API Gateway (`AWS_API_GATEWAY`)
* Apache (`APACHE`)
* Apple macOS (`MACOS`)
* AppOmni (`APPOMNI`)
* Arcsight CEF (`ARCSIGHT_CEF`)
* Arista Switch (`ARISTA_SWITCH`)
* Aruba (`ARUBA_WIRELESS`)
* Aruba Airwave (`ARUBA_AIRWAVE`)
* Aruba EdgeConnect SD-WAN (`ARUBA_EDGECONNECT_SDWAN`)
* Aruba Switch (`ARUBA_SWITCH`)
* Attivo Networks (`ATTIVO`)
* Auth0 (`AUTH_ZERO`)
* Automation Anywhere (`AUTOMATION_ANYWHERE`)
* Avanan Email Security (`AVANAN_EMAIL`)
* AWS Aurora (`AWS_AURORA`)
* AWS Cloudtrail (`AWS_CLOUDTRAIL`)
* AWS CloudWatch (`AWS_CLOUDWATCH`)
* AWS Elastic Load Balancer (`AWS_ELB`)
* AWS GuardDuty (`GUARDDUTY`)
* AWS RDS (`AWS_RDS`)
* AWS Security Hub (`AWS_SECURITY_HUB`)
* AWS WAF (`AWS_WAF`)
* Azure AD (`AZURE_AD`)
* Azure AD Directory Audit (`AZURE_AD_AUDIT`)
* Azure AD Sign-In (`AZURE_AD_SIGNIN`)
* Azure Front Door (`AZURE_FRONT_DOOR`)
* Barracuda Email (`BARRACUDA_EMAIL`)
* Barracuda WAF (`BARRACUDA_WAF`)
* BeyondTrust (`BOMGAR`)
* BeyondTrust BeyondInsight (`BEYONDTRUST_BEYONDINSIGHT`)
* BeyondTrust Endpoint Privilege Management (`BEYONDTRUST_ENDPOINT`)
* BeyondTrust Secure Remote Access (`BEYONDTRUST_REMOTE_ACCESS`)
* BIND (`BIND_DNS`)
* Bindplane Agent (`BINDPLANE_AGENT`)
* Blue Coat Proxy (`BLUECOAT_WEBPROXY`)
* Box (`BOX`)
* Carbon Black (`CB_EDR`)
* Cato Networks (`CATO_NETWORKS`)
* Check Point (`CHECKPOINT_FIREWALL`)
* CipherTrust Manager (`CIPHERTRUST_MANAGER`)
* Cisco Application Centric Infrastructure (`CISCO_ACI`)
* Cisco ASA (`CISCO_ASA_FIREWALL`)
* Cisco Email Security (`CISCO_EMAIL_SECURITY`)
* Cisco Firepower NGFW (`CISCO_FIREPOWER_FIREWALL`)
* Cisco Internetwork Operating System (`CISCO_IOS`)
* Cisco ISE (`CISCO_ISE`)
* Cisco Meraki (`CISCO_MERAKI`)
* Cisco PIX Firewall (`CISCO_PIX_FIREWALL`)
* Cisco Router (`CISCO_ROUTER`)
* Cisco Stealthwatch (`CISCO_STEALTHWATCH`)
* Cisco Switch (`CISCO_SWITCH`)
* Cisco Umbrella Audit (`CISCO_UMBRELLA_AUDIT`)
* Cisco Umbrella DNS (`UMBRELLA_DNS`)
* Cisco vManage SD-WAN (`CISCO_SDWAN`)
* Cisco WLC/WCS (`CISCO_WIRELESS`)
* Cisco WSA (`CISCO_WSA`)
* Citrix Netscaler (`CITRIX_NETSCALER`)
* Claroty Continuous Threat Detection (`CLAROTY_CTD`)
* Claroty Xdome (`CLAROTY_XDOME`)
* Cloud SQL (`GCP_CLOUDSQL`)
* Cloudflare (`CLOUDFLARE`)
* Cloudflare Audit (`CLOUDFLARE_AUDIT`)
* Compute Engine (`GCP_COMPUTE`)
* Corelight (`CORELIGHT`)
* CrowdStrike Alerts API (`CS_ALERTS`)
* CrowdStrike Detection Monitoring (`CS_DETECTS`)
* CrowdStrike Falcon (`CS_EDR`)
* CrowdStrike Falcon Stream (`CS_STREAM`)
* CyberArk (`CYBERARK`)
* CyberArk Endpoint Privilege Manager (EPM) (`CYBERARK_EPM`)
* CyberArk Privileged Access Manager (PAM) (`CYBERARK_PAM`)
* Cyolo Secure Remote Access for OT (`CYOLO_OT`)
* Darktrace (`DARKTRACE`)
* Delinea Secret Server (`DELINEA_SECRET_SERVER`)
* Dell ECS Enterprise Object Storage (`DELL_ECS`)
* Dell Switch (`DELL_SWITCH`)
* Duo Auth (`DUO_AUTH`)
* ExtraHop RevealX (`EXTRAHOP`)
* Extreme Wireless (`EXTREME_WIRELESS`)
* F5 Advanced Firewall Management (`F5_AFM`)
* F5 ASM (`F5_ASM`)
* F5 BIGIP Access Policy Manager (`F5_BIGIP_APM`)
* F5 BIGIP LTM (`F5_BIGIP_LTM`)
* F5 Distributed Cloud Services (`F5_DCS`)
* Fastly CDN (`FASTLY_CDN`)
* FireEye ETP (`FIREEYE_ETP`)
* FireEye NX (`FIREEYE_NX`)
* Forcepoint Email Security (`FORCEPOINT_EMAILSECURITY`)
* Forescout eyeInspect (`FORESCOUT_EYEINSPECT`)
* FortiGate (`FORTINET_FIREWALL`)
* Fortinet FortiAnalyzer (`FORTINET_FORTIANALYZER`)
* Fortinet Fortimanager (`FORTINET_FORTIMANAGER`)
* Fortinet Web Application Firewall (`FORTINET_FORTIWEB`)
* GCP\_APP\_ENGINE (`GCP_APP_ENGINE`)
* GCP\_MODEL\_ARMOR (`GCP_MODEL_ARMOR`)
* GitHub (`GITHUB`)
* GitHub Dependabot (`GITHUB_DEPENDABOT`)
* Google Cloud Audit (`GCP_CLOUDAUDIT`)
* Google Threat Intelligence (`GCP_THREATINTEL`)
* H3C Comware Platform Switch (`H3C_SWITCH`)
* Hashicorp Vault (`HASHICORP`)
* HP Aruba (ClearPass) (`CLEARPASS`)
* Huawei Switches (`HUAWEI_SWITCH`)
* IBM DataPower Gateway (`IBM_DATAPOWER`)
* IBM DB2 (`DB2_DB`)
* Illumio Core (`ILLUMIO_CORE`)
* Imperva (`IMPERVA_WAF`)
* Imperva DRA (`IMPERVA_DRA`)
* Island Browser logs (`ISLAND_BROWSER`)
* Jamf pro context (`JAMF_PRO_CONTEXT`)
* JumpCloud Directory Insights (`JUMPCLOUD_DIRECTORY_INSIGHTS`)
* Juniper MX Router (`JUNIPER_MX`)
* Keycloak (`KEYCLOAK`)
* KnowBe4 PhishER (`KNOWBE4_PHISHER`)
* Kolide Endpoint Security (`KOLIDE`)
* Kubernetes Node (`KUBERNETES_NODE`)
* Linux Auditing System (AuditD) (`AUDITD`)
* McAfee DLP (`MCAFEE_DLP`)
* McAfee ePolicy Orchestrator (`MCAFEE_EPO`)
* McAfee Web Gateway (`MCAFEE_WEBPROXY`)
* Microsoft AD FS (`ADFS`)
* Microsoft Defender For Cloud (`MICROSOFT_DEFENDER_CLOUD_ALERTS`)
* Microsoft Defender for Endpoint (`MICROSOFT_DEFENDER_ENDPOINT`)
* Microsoft Graph API Alerts (`MICROSOFT_GRAPH_ALERT`)
* Microsoft IIS (`IIS`)
* Microsoft Intune (`AZURE_MDM_INTUNE`)
* Microsoft PowerShell (`POWERSHELL`)
* Microsoft SQL Server (`MICROSOFT_SQL`)
* Mimecast Mail V2 (`MIMECAST_MAIL_V2`)
* MISP Threat Intelligence (`MISP_IOC`)
* Mobileiron (`MOBILEIRON`)
* MySQL (`MYSQL`)
* NetApp ONTAP (`NETAPP_ONTAP`)
* Netfilter IPtables (`NETFILTER_IPTABLES`)
* NetIQ Access Manager (`NETIQ_ACCESS_MANAGER`)
* Netskope V2 (`NETSKOPE_ALERT_V2`)
* Netskope Web Proxy (`NETSKOPE_WEBPROXY`)
* Network Policy Server (`MICROSOFT_NPS`)
* NGINX (`NGINX`)
* Nozomi Networks Scada Guardian (`NOZOMI_GUARDIAN`)
* Nutanix Prism (`NUTANIX_PRISM`)
* Obsidian (`OBSIDIAN`)
* Office 365 (`OFFICE_365`)
* Okta (`OKTA`)
* Onapsis (`ONAPSIS`)
* One Identity TPAM (`ONEIDENTITY_TPAM`)
* OneLogin (`ONELOGIN_SSO`)
* Open Cybersecurity Schema Framework (OCSF) (`OCSF`)
* Oracle (`ORACLE_DB`)
* Palo Alto Networks Firewall (`PAN_FIREWALL`)
* Palo Alto Panorama (`PAN_PANORAMA`)
* Ping Identity (`PING`)
* PostFix Mail (`POSTFIX_MAIL`)
* PostgreSQL (`POSTGRESQL`)
* Proofpoint CASB (`PROOFPOINT_CASB`)
* Proofpoint Email Filter (`PROOFPOINT_MAIL_FILTER`)
* Proofpoint On Demand (`PROOFPOINT_ON_DEMAND`)
* Proofpoint Tap Alerts (`PROOFPOINT_MAIL`)
* Pulse Secure (`PULSE_SECURE_VPN`)
* QNAP Systems NAS (`QNAP_NAS`)
* Radware Web Application Firewall (`RADWARE_FIREWALL`)
* Recorded Future (`RECORDED_FUTURE_IOC`)
* Red Hat OpenShift (`REDHAT_OPENSHIFT`)
* Salesforce (`SALESFORCE`)
* SAP Sybase Adaptive Server Enterprise Database (`SAP_ASE`)
* Security Command Center Chokepoint (`GCP_SECURITYCENTER_CHOKEPOINT`)
* Security Command Center Posture Violation (`GCP_SECURITYCENTER_POSTURE_VIOLATION`)
* Security Command Center Threat (`GCP_SECURITYCENTER_THREAT`)
* Security Command Center Toxic Combination (`GCP_SECURITYCENTER_TOXIC_COMBINATION`)
* ServiceNow Audit (`SERVICENOW_AUDIT`)
* Snare System Diagnostic Logs (`SNARE_SOLUTIONS`)
* Snyk Group level audit/issues logs (`SNYK_ISSUES`)
* Solaris system (`SOLARIS_SYSTEM`)
* Sophos Central (`SOPHOS_CENTRAL`)
* STIX Threat Intelligence (`STIX`)
* Stormshield Firewall (`STORMSHIELD_FIREWALL`)
* Sublime Security (`SUBLIMESECURITY`)
* Suricata EVE (`SURICATA_EVE`)
* Swift Alliance Messaging Hub (`SWIFT_AMH`)
* Symantec DLP (`SYMANTEC_DLP`)
* Symantec Endpoint Protection (`SEP`)
* Symantec Messaging Gateway (`SYMANTEC_MAIL`)
* Tableau (`TABLEAU`)
* TCPWave DDI (`TCPWAVE_DDI`)
* TeamViewer (`TEAMVIEWER`)
* Tenable Active Directory Security (`TENABLE_ADS`)
* Tenable OT (`TENABLE_OT`)
* Tenable.io (`TENABLE_IO`)
* Thinkst Canary (`THINKST_CANARY`)
* ThreatConnect IOC V3 (`THREATCONNECT_IOC_V3`)
* Trellix HX Event Streamer (`TRELLIX_HX_ES`)
* Trend Micro (`TIPPING_POINT`)
* Trend Micro Vision One (`TRENDMICRO_VISION_ONE`)
* Trend Micro Vision One Workbench (`TRENDMICRO_VISION_ONE_WORKBENCH`)
* TrendMicro Deep Discovery Inspector (`TRENDMICRO_DDI`)
* TXOne Stellar (`TRENDMICRO_STELLAR`)
* Unifi AP (`UNIFI_AP`)
* Unix system (`NIX_SYSTEM`)
* Vectra Detect (`VECTRA_DETECT`)
* Vectra XDR (`VECTRA_XDR`)
* Veritas NetBackup (`VERITAS_NETBACKUP`)
* Versa Firewall (`VERSA_FIREWALL`)
* VMware ESXi (`VMWARE_ESX`)
* VMware NSX (`VMWARE_NSX`)
* VMware vCenter (`VMWARE_VCENTER`)
* WatchGuard (`WATCHGUARD`)
* Windows DNS (`WINDOWS_DNS`)
* Windows Event (`WINEVTLOG`)
* Windows Event (XML) (`WINEVTLOG_XML`)
* Wiz.io (`WIZ_IO`)
* Workday Audit Logs (`WORKDAY_AUDIT`)
* Workspace Activities (`WORKSPACE_ACTIVITY`)
* Workspace Alerts (`WORKSPACE_ALERTS`)
* Zimperium (`ZIMPERIUM`)
* Zscaler (`ZSCALER_WEBPROXY`)
* Zscaler CASB (`ZSCALER_CASB`)
* Zscaler DLP (`ZSCALER_DLP`)
* ZScaler DNS (`ZSCALER_DNS`)
* Zscaler Internet Access Audit Logs (`ZSCALER_INTERNET_ACCESS`)
* ZScaler NGFW (`ZSCALER_FIREWALL`)
* Zscaler Private Access (`ZSCALER_ZPA`)
* Zscaler Secure Private Access Audit Logs (`ZSCALER_ZPA_AUDIT`)
* Zscaler Tunnel (`ZSCALER_TUNNEL`)
* Zywall (`ZYWALL`)
The following log types were added without a default parser. Each parser is listed by product name and `log_type` value, where applicable.
* Aikido (`AIKIDO`)
* Akamai API Security (`AKAMAI_API_SECURITY`)
* Alkira IP Flow (`ALKIRA_IP_FLOW`)
* Atlassian Guard Detect (`ATLASSIAN_GUARD_DETECT`)
* BlinkOps (`BLINKOPS`)
* Canvas LMS (`CANVAS_LMS`)
* Cisco Secure Email Threat Defense (`CISCO_SECURE_EMAIL_THREAT_DEFENSE`)
* Cisco StarOS (`CISCO_STAR_OS`)
* Citadel Identity360 (`CITADEL_IDENTITY360`)
* Cyware Threat Intelligence Exchange (`CTIX`)
* Cyberark Identity Audit (`CYBERARK_IDENTITY_AUDIT`)
* CyCognito ASM (`CYCOGNITO_ASM`)
* Dell VxRail (`DELL_VXRAIL`)
* Gene6 FTP Server (`GENE6_FTP`)
* IBM Copy Services Manager (`IBM_CSM`)
* LangSmith Audit (`LANGSMITH_AUDIT`)
* Mellanox Switch (`MELLANOX_SWITCH`)
* Microsoft Entra ID Protection (`MICROSOFT_ENTRA_ID_PROTECTION`)
* NSFOCUS Next Generation Intrusion Prevention System (`NSFOCUS_NGIPS`)
* Perplexity (`PERPLEXITY`)
* Pleasant Password Server (`PLEASANT_PASSWORD_SERVER`)
* Prompt Security (`PROMPT_SECURITY`)
* Qualtrics Audit (`QUALTRICS_AUDIT`)
* Rancher API Audit Log (`RANCHER_API_AUDIT_LOG`)
* Rubrik Security Cloud (`RUBRIK_SECURITY_CLOUD`)
* SAP Business Warehouse (`SAP_BW`)
* SAP Change Document (`SAP_CHANGE_DOCUMENT`)
* SAP Gateway (`SAP_GATEWAY`)
* SAP Hana Audit (`SAP_HANA_AUDIT`)
* Scale Computing (`SCALE_COMPUTING`)
* Slack API (`SLACK_API`)
* Snowplow (`SNOWPLOW`)
* Sterling Order Management System Data (`STERLING_OMS_DATA`)
* Strivacity (`STRIVACITY`)
* Tencent CloudAudit (`TENCENT_CLOUD_AUDIT`)
* Trellix EX (`TRELLIX_EX`)
* Unifi System (`UNIFI_SYSTEM`)
* Windows Bindplane (`WINDOWS_BINDPLANE`)
* Witness AI Control (`WITNESS_AI_CONTROL`)
* Zendesk Advanced Data Privacy and Protection (`ZENDESK_ADPP`)
What else is happening at Google Cloud Platform?
Announcing the release of the Backup and DR local MCP server
about 3 hours ago
Services
Share
The following images are now rolling out for managed Cloud Service Mesh
about 22 hours ago
Services
Share
The following images are now rolling out for managed Cloud Service Mesh
about 22 hours ago
Services
Share
Read update
Services
Share