Google SecOps has updated the list of list of supported default parsers.

Google SecOps has updated the list of list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

• Akeyless Vault Platform (AKEYLESS_VAULT) • Apache Cassandra (CASSANDRA) • Aruba (ARUBA_WIRELESS) • Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN) • Auth0 (AUTH_ZERO) • AWS Aurora (AWS_AURORA) • AWS EC2 VPCs (AWS_EC2_VPCS) • AWS Security Hub (AWS_SECURITY_HUB) • Azure Firewall (AZURE_FIREWALL) • Azure Front Door (AZURE_FRONT_DOOR) • Barracuda CloudGen Firewall (BARRACUDA_CLOUDGEN_FIREWALL) • Blue Coat Proxy (BLUECOAT_WEBPROXY) • Check Point (CHECKPOINT_FIREWALL) • Check Point Sandblast (CHECKPOINT_EDR) • Checkpoint SmartDefense (CHECKPOINT_SMARTDEFENSE) • Chronicle SOAR Audit (CHRONICLE_SOAR_AUDIT) • Cisco Application Centric Infrastructure (CISCO_ACI) • Cisco ASA (CISCO_ASA_FIREWALL) • Cisco FireSIGHT Management Center (CISCO_FIRESIGHT) • Cisco Internetwork Operating System (CISCO_IOS) • Cisco ISE (CISCO_ISE) • Cisco Meraki (CISCO_MERAKI) • Cisco Secure Access (CISCO_SECURE_ACCESS) • Cisco Secure Workload (CISCO_SECURE_WORKLOAD) • Cisco Switch (CISCO_SWITCH) • Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT) • Cisco WLC/WCS (CISCO_WIRELESS) • Citrix Netscaler (CITRIX_NETSCALER) • Claroty Xdome (CLAROTY_XDOME) • Cloudflare Warp (CLOUDFLARE_WARP) • CrowdStrike Alerts API (CS_ALERTS) • CrowdStrike Falcon (CS_EDR) • CyberArk (CYBERARK) • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM) • EPIC Systems (EPIC) • F5 ASM (F5_ASM) • F5 BIGIP Access Policy Manager (F5_BIGIP_APM) • F5 BIGIP LTM (F5_BIGIP_LTM) • F5 Distributed Cloud Services (F5_DCS) • FireEye eMPS (FIREEYE_EMPS) • FireEye NX (FIREEYE_NX) • FortiGate (FORTINET_FIREWALL) • Fortinet FortiEDR (FORTINET_FORTIEDR) • Fortinet Proxy (FORTINET_WEBPROXY) • GitHub (GITHUB) • Google Cloud Audit (GCP_CLOUDAUDIT) • Google Threat Intelligence IOC (GTI_IOC) • Guardicore Centra (GUARDICORE_CENTRA) • HP Aruba (ClearPass) (CLEARPASS) • Huawei Switches (HUAWEI_SWITCH) • IBM Websphere Application Server (IBM_WEBSPHERE_APP_SERVER) • IBM z/OS (IBM_ZOS) • Imperva SecureSphere Management (IMPERVA_SECURESPHERE) • Infoblox (INFOBLOX) • Juniper (JUNIPER_FIREWALL) • Kubernetes Node (KUBERNETES_NODE) • Linux Auditing System (AuditD) (AUDITD) • ManageEngine ADManager Plus (ADMANAGER_PLUS) • McAfee ePolicy Orchestrator (MCAFEE_EPO) • McAfee Web Gateway (MCAFEE_WEBPROXY) • Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS) • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT) • Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY) • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT) • Microsoft IIS (IIS) • Mobileiron (MOBILEIRON) • Model Armor (GCP_MODEL_ARMOR) • MySQL (MYSQL) • Netskope Web Proxy (NETSKOPE_WEBPROXY) • Noname API Security (NONAME_API_SECURITY) • Office 365 (OFFICE_365) • Okta (OKTA) • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT) • Oracle NetSuite (ORACLE_NETSUITE) • Palo Alto Networks Firewall (PAN_FIREWALL) • Palo Alto Panorama (PAN_PANORAMA) • Palo Alto Prisma Access (PAN_CASB) • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA) • Ping Identity (PING) • PostFix Mail (POSTFIX_MAIL) • Proofpoint On Demand (PROOFPOINT_ON_DEMAND) • Proofpoint Tap Alerts (PROOFPOINT_MAIL) • Proofpoint Threat Response (PROOFPOINT_TRAP) • Radware Web Application Firewall (RADWARE_FIREWALL) • Rapid7 Insight (RAPID7_INSIGHT) • SAP Hana Audit (SAP_HANA_AUDIT) • SecureAuth (SECUREAUTH_SSO) • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION) • Security Command Center Threat (GCP_SECURITYCENTER_THREAT) • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION) • SentinelOne Deep Visibility (SENTINEL_DV) • SentinelOne Singularity Cloud Funnel (SENTINELONE_CF) • Silverfort Authentication Platform (SILVERFORT) • SiteMinder Web Access Management (CA_SSO_WEB) • SonicWall (SONIC_FIREWALL) • Squid Web Proxy (SQUID_WEBPROXY) • STIX Threat Intelligence (STIX) • Suricata EVE (SURICATA_EVE) • Sysdig (SYSDIG) • Tanium Threat Response (TANIUM_THREAT_RESPONSE) • Thinkst Canary (THINKST_CANARY) • Trend Micro Apex one (TRENDMICRO_APEX_ONE) • Unix system (NIX_SYSTEM) • Vectra XDR (VECTRA_XDR) • VMware ESXi (VMWARE_ESX) • Wallix Bastion (WALLIX_BASTION) • WatchGuard (WATCHGUARD) • Windows Defender AV (WINDOWS_DEFENDER_AV) • Windows DNS (WINDOWS_DNS) • Windows Event (WINEVTLOG) • Windows Event (XML) (WINEVTLOG_XML) • wiz.io (WIZ_IO) • Zscaler Email DLP (ZSCALER_EMAIL_DLP)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

• Altiris Logs (ALTIRIS_LOGS) • Aruba Access Point (ARUBA_AP) • BloxOne Threat Defense DHCP (BLOXONE_DHCP) • Checkmarx One (CHECKMARX_ONE) • Cisco Nexus Dashboard Orchestrator (CISCO_NDO) • CrowdStrike Cloud Security (CROWDSTRIKE_CSPM) • F5 F5OS-A Logging (F5_F5OS_A) • GateWatcher NDR (GATEWATCHER_NDR) • Hashicorp Terraform (HASHICORP_TERRAFORM) • Jamf Protect Alerts V2 (JAMF_PROTECT_V2) • Oracle Cloud Infrastructure Web Application Firewall (OCI_WAF) • Qualys File Integrity Monitoring (QUALYS_FIM) • SailPoint IdentityNow (SAILPOINT_IDENTITYNOW) • ServiceNow Certificate Logs (SERVICENOW_CERTIFICATE) • ServiceNow User Logs (SERVICENOW_USER) • ServiceNow User Login History (SERVICENOW_USER_LOGIN_HISTORY) • SiteGuard Server (SITEGUARD_SERVER) • Tosi Hub (TOSI_HUB) • Trellix Network Detection and Response (TRELLIX_NDR)