Skip to main content
Documentation
Technology areas
close
AI and ML
Application development
Application hosting
Compute
Data analytics and pipelines
Databases
Distributed, hybrid, and multicloud
Generative AI
Industry solutions
Networking
Observability and monitoring
Security
Storage
Cross-product tools
close
Access and resources management
Costs and usage management
Google Cloud SDK, languages, frameworks, and tools
Infrastructure as code
Migration
Related sites
close
Google Cloud Home
Free Trial and Free Tier
Architecture Center
Blog
Contact Sales
Google Cloud Developer Center
Google Developer Center
Google Cloud Marketplace
Google Cloud Marketplace Documentation
Google Cloud Skills Boost
Google Cloud Solution Center
Google Cloud Support
Google Cloud Tech Youtube Channel
/
English
Deutsch
Español
Español – América Latina
Français
Indonesia
Italiano
Português
Português – Brasil
中文 – 简体
中文 – 繁體
日本語
한국어
Console
Sign in
Google Security Operations
Guides
Reference
Resources
Contact Us
Start free
Documentation
Guides
Reference
Resources
Technology areas
More
Cross-product tools
More
Related sites
More
Console
Contact Us
Start free
Overview
All Security Operations topics
Google SecOps overview
What's new in Google SecOps?
Release plan for Google SecOps
Log in to Google Security Operations
Navigate the Google SecOps platform
Understand the Google SecOps platform
Configure user preferences
Gemini in SecOps
Google SecOps Labs
Use Gemini and other experiments in Google SecOps
Use the Alert Response Recommender
Gemini documentation summaries
Onboarding
Onboard a Google SecOps instance
Configure a Google Cloud project for Google SecOps
Configure a Google Cloud identity provider
Configure a third-party identity provider
Link a Google SecOps instance to Google Cloud services
Configure feature access control using IAM
Configure data RBAC using IAM
RBAC user guide for applications not using IAM
Map users in the Google SecOps platform using Google Cloud identity
Map users with multiple control access parameters
Map users in the Google SecOps platform using IdP groups
User management
Add SIEM or SOAR users to Google SecOps
Quickstart: Conduct a search
Quickstart: Investigate an alert
Data Collection
Ingestion
Google SecOps data ingestion
Overview of data ingestion
Content Hub overview
Supported data sets and default parsers
Ingest data to Google SecOps
Install and configure forwarders
Install and configure the forwarder
Manage forwarder configurations through the UI
Manage forwarder configurations manually
Google SecOps forwarder executable for Windows
Troubleshoot common Linux forwarder issues
Bindplane collection agent
Use the Bindplane agent
Configure Bindplane for Silent Host Monitoring
Set up data feeds
Feed management overview
Use the feed management application
Create an Azure Event Hub feed
Use the feed management API
Data Processing Pipelines
Set up and manage data processing pipelines
Use ingestion scripts deployed as Cloud Functions
Use the Ingestion API
Configure burst limits
Ingest Google Cloud data to Google SecOps
Product Centric Feed management
Default parsers
Default parser list
Premium parsers
Apigee logs
AWS EC2 Hosts logs
AWS EC2 Instance logs
Chrome management logs
Cisco ASA firewall logs
Context Resource Parsers
CrowdStrike Falcon logs
Duo Activity logs
Fluentd logs
Fortinet Firewall logs
Ingest Google Cloud data to Google Security Operations
Google Cloud Abuse Events logs
Google Cloud Audit Logs
Google Cloud DNS logs
Google Cloud Firewall logs
Google Cloud Load Balancing logs
Google Cloud NAT logs
Google Kubernetes Engine (GKE) logs
Google Cloud SQL logs
Google Workspace logs
Jamf Protect logs
Jamf Telemetry logs
Jamf Protect Telemetry v2 logs
Jamf Threat Events logs
Microsoft 365 logs
Microsoft Defender for Endpoint logs
Microsoft Graph API alerts logs
Microsoft Windows AD logs
Microsoft Windows DHCP logs
Microsoft Windows DNS logs
Microsoft Windows Event logs
Microsoft Windows Sysmon logs
NIX System logs
OCSF logs
OSSEC logs
osquery logs
Palo Alto Networks firewall logs
Security Command Center findings
SentinelOne Alert logs
SentinelOne Cloud Funnel logs
Splunk CIM logs
Zeek (Bro) logs
Zscaler CASB logs
Zscaler parsers overview
Zscaler Deception logs
Zscaler DLP logs
Zscaler DNS logs
Zscaler Firewall logs
Zscaler Internet Access logs
Zscaler Tunnel logs
Zscaler VPN logs
Zscaler Web Proxy logs
Zscaler ZPA logs
Zscaler ZPA Audit logs
Zeek (Bro) logs
Standard Parsers A - B - C
A10 Network Load Balancer logs
Abnormal Security logs
Acalvio logs
Akamai Cloud Monitor logs
Akamai DataStream 2 logs
Akamai DNS logs
Akamai WAF logs
Akeyless Vault logs
Alcatel switch logs
AlgoSec Security Management logs
Amazon CloudFront logs
Anomali ThreatStream IOC logs
Ansible AWX logs
Apache logs
Apache Cassandra logs
Apache Tomcat logs
Appian Cloud logs
Apple macOS syslog data
Aqua Security logs
Arbor Edge Defense logs
Archer IRM logs
ArcSight CEF logs
Arista switch logs
Area 1 logs
Aruba ClearPass logs
Aruba EdgeConnect SD-WAN logs
Aruba switch logs
Aruba Wireless Controller and Access Point logs
Atlassian Bitbucket logs
Atlassian Cloud Admin Audit logs
Atlassian Jira logs
Attivo Networks BOTsink logs
Auth0 logs
Automation Anywhere logs
Avatier logs
Avaya Aura logs
Avigilon Access Control Manager logs
Aware audit logs
AWS API Gateway access logs
AWS Aurora logs
AWS CloudTrail logs
AWS CloudWatch logs
AWS Config logs
AWS Control Tower logs
AWS Elastic Load Balancing logs
AWS Elastic MapReduce logs
AWS GuardDuty logs
AWS IAM logs
AWS Key Management Service logs
AWS Macie logs
AWS Network Firewall logs
AWS RDS logs
AWS Route 53 logs