Skip to main content
Documentation
Technology areas
close
AI and ML
Application development
Application hosting
Compute
Data analytics and pipelines
Databases
Distributed, hybrid, and multicloud
Generative AI
Industry solutions
Networking
Observability and monitoring
Security
Storage
Cross-product tools
close
Access and resources management
Costs and usage management
Google Cloud SDK, languages, frameworks, and tools
Infrastructure as code
Migration
Related sites
close
Google Cloud Home
Free Trial and Free Tier
Architecture Center
Blog
Contact Sales
Google Cloud Developer Center
Google Developer Center
Google Cloud Marketplace
Google Cloud Marketplace Documentation
Google Cloud Skills Boost
Google Cloud Solution Center
Google Cloud Support
Google Cloud Tech Youtube Channel
/
English
Deutsch
Español – América Latina
Français
Português – Brasil
中文 – 简体
日本語
한국어
Console
Sign in
Google Security Operations
Guides
Reference
Resources
Contact Us
Start free
Documentation
Guides
Reference
Resources
Technology areas
More
Cross-product tools
More
Related sites
More
Console
Contact Us
Start free
Overview
All Security Operations topics
Google SecOps overview
What's new in Google SecOps?
Release plan for Google SecOps
Log in to Google Security Operations
Navigate the Google SecOps platform
Understand the Google SecOps platform
Configure user preferences
Gemini in SecOps
Google SecOps Labs
Use Gemini and other experiments in Google SecOps
Use the Alert Response Recommender
Gemini documentation summaries
Onboarding
Onboard a Google SecOps instance
Configure a Google Cloud project for Google SecOps
Configure a Google Cloud identity provider
Configure a third-party identity provider
Link a Google SecOps instance to Google Cloud services
Configure feature access control using IAM
Configure data RBAC using IAM
RBAC user guide for applications not using IAM
Map users in the Google SecOps platform using Google Cloud identity
Map users with multiple control access parameters
Map users in the Google SecOps platform using IdP groups
User management
Add SIEM or SOAR users to Google SecOps
Quickstart: Conduct a search
Quickstart: Investigate an alert
Data Collection
Ingestion
Google SecOps data ingestion
Overview of data ingestion
Content Hub overview
Supported data sets and default parsers
Ingest data to Google SecOps
Install and configure forwarders
Install and configure the forwarder
Manage forwarder configurations through the UI
Manage forwarder configurations manually
Google SecOps forwarder executable for Windows
Troubleshoot common Linux forwarder issues
Bindplane collection agent
Use the Bindplane agent
Configure Bindplane for Silent Host Monitoring
Set up data feeds
Feed management overview
Use the feed management application
Create an Azure Event Hub feed
Use the feed management API
Data Processing Pipelines
Set up and manage data processing pipelines
Use ingestion scripts deployed as Cloud Functions
Use the Ingestion API
Configure burst limits
Ingest Google Cloud data to Google SecOps
Product Centric Feed management
Default parsers
Default parser list
Premium parsers
Apigee logs
AWS EC2 Hosts logs
AWS EC2 Instance logs
Chrome management logs
Cisco ASA firewall logs
Context Resource Parsers
CrowdStrike Falcon logs
Duo Activity logs
Fluentd logs
Fortinet Firewall logs
Ingest Google Cloud data to Google Security Operations
Google Cloud Abuse Events logs
Google Cloud Audit Logs
Google Cloud DNS logs
Google Cloud Firewall logs
Google Cloud Load Balancing logs
Google Cloud NAT logs
Google Kubernetes Engine (GKE) logs
Google Cloud SQL logs
Google Workspace logs
Jamf Protect logs
Jamf Telemetry logs
Jamf Protect Telemetry v2 logs
Jamf Threat Events logs
Microsoft 365 logs
Microsoft Defender for Endpoint logs
Microsoft Graph API alerts logs
Microsoft Windows AD logs
Microsoft Windows DHCP logs
Microsoft Windows DNS logs
Microsoft Windows Event logs
Microsoft Windows Sysmon logs
NIX System logs
OCSF logs
OSSEC logs
osquery logs
Palo Alto Networks firewall logs
Security Command Center findings
SentinelOne Alert logs
SentinelOne Cloud Funnel logs
Splunk CIM logs
Zeek (Bro) logs
Zscaler CASB logs
Zscaler parsers overview
Zscaler Deception logs
Zscaler DLP logs
Zscaler DNS logs
Zscaler Firewall logs
Zscaler Internet Access logs
Zscaler Tunnel logs
Zscaler VPN logs
Zscaler Web Proxy logs
Zscaler ZPA logs
Zscaler ZPA Audit logs
Zeek (Bro) logs
Standard Parsers A - B - C
A10 Network Load Balancer logs
Abnormal Security logs
Acalvio logs
Akamai Cloud Monitor logs
Akamai DataStream 2 logs
Akamai DNS logs
Akamai WAF logs
Akeyless Vault logs
Alcatel switch logs
AlgoSec Security Management logs
Amazon CloudFront logs
Anomali ThreatStream IOC logs
Ansible AWX logs
Apache logs
Apache Cassandra logs
Apache Tomcat logs
Appian Cloud logs
Apple macOS syslog data
Aqua Security logs
Arbor Edge Defense logs
Archer IRM logs
ArcSight CEF logs
Arista switch logs
Area 1 logs
Aruba ClearPass logs
Aruba EdgeConnect SD-WAN logs
Aruba switch logs
Aruba Wireless Controller and Access Point logs
Atlassian Bitbucket logs
Atlassian Cloud Admin Audit logs
Atlassian Jira logs
Attivo Networks BOTsink logs
Auth0 logs
Automation Anywhere logs
Avatier logs
Avaya Aura logs
Avigilon Access Control Manager logs
Aware audit logs
AWS API Gateway access logs
AWS Aurora logs
AWS CloudTrail logs
AWS CloudWatch logs
AWS Config logs
AWS Control Tower logs
AWS Elastic Load Balancing logs
AWS Elastic MapReduce logs
AWS GuardDuty logs
AWS IAM logs
AWS Key Management Service logs
AWS Macie logs
AWS Network Firewall logs
AWS RDS logs
AWS Route 53 logs
AWS S3 server access logs
AWS Security Hub logs
AWS Session Manager logs
AWS VPC Flow logs
AWS VPC Transit Gateway flow logs
AWS VPN logs
AWS WAF logs
Azion firewall logs
Azure AD Sign-In logs
Azure API Management logs
Azure APP Service logs
Azure Application Gateway logs
Azure Firewall logs
Azure Storage Audit logs
Azure VPN logs
Azure WAF logs
Barracuda CloudGen Firewall logs
Barracuda Email Security Gateway logs
Barracuda WAF logs
Barracuda Web Filter logs
BeyondTrust BeyondInsight logs
BeyondTrust EPM logs
BeyondTrust Privileged Identity logs
BeyondTrust Remote Support logs
BeyondTrust Secure Remote Access logs
Bitdefender logs
Bitwarden Enterprise event logs
BloxOne Threat Defense logs
BlueCat DDI logs
BlueCat Edge logs
Blue Coat ProxySG logs
BMC Helix Discovery logs
Box Collaboration JSON logs
Broadcom CA PAM logs
Broadcom SSL VA logs
Broadcom Symantec SiteMinder Web Access logs
Brocade ServerIron logs
Brocade switch logs
Cambium Networks logs
Carbon Black App Control logs
Carbon Black EDR logs
Cato Networks logs
Censys logs
Check Point Audit logs
Check Point EDR logs
Check Point firewall logs
Check Point Harmony
Check Point SmartDefense logs
CipherTrust Manager logs
CircleCI audit logs
Cisco Application Control Engine (ACE) logs
Cisco Firepower NGFW logs
Cisco Firewall Service Module (FWSM) logs
Cisco IronPort logs
Cisco IOS logs
Cisco ISE logs
Cisco Meraki logs
Cisco PIX logs
Cisco Prime logs
Cisco Router logs
Cisco Secure ACS logs
Cisco Secure Email Gateway logs
Cisco Stealthwatch logs
Cisco Switch logs
Cisco UCS logs
Cisco VCS logs
Cisco VPN logs
Cisco Web Security Applicance (WSA) logs
Cisco Wireless Intrusion Prevention System (WIPS) logs
Cisco Wireless LAN Controller (WLC) logs
Cisco Wireless Security Management (WiSM) logs
Cloud Identity Devices logs
Cloud Identity Device Users logs
Cloud Intrusion Detection System (Cloud IDS) logs
Context Access Aware data
Cloud Next Generation Firewall logs
Cloud Run logs
Cloud Storage Context logs
Cloudflare logs
Cloudflare WAF logs
Cloudian HyperStore logs
CloudPassage Halo logs
Code42 Incydr core datasets
Cohesity logs
Commvault logs
CommVault Backup and Recovery logs
Comodo AV logs
Corelight Sensor logs
CrowdStrike Falcon logs in CEF"
CrowdStrike Falcon Stream logs
CrushFTP logs
CSV Custom IOC files
CyberArk EPM logs
CyberArk PAM logs
CyberArk Privilege Cloud logs
CyberArk Privileged Threat Analytics logs
CyberX logs
Cylance PROTECT logs
Cyolo OT logs
Standard Parsers D - E - F - G
Datadog logs
Darktrace logs
Deep Instinct EDR logs
Delinea Distributed Engine logs
Delinea PAM logs
Delinea Secret Server logs
Dell CyberSense logs
Dell ECS logs
Dell EMC Data Domain logs
Dell EMC Isilon NAS logs
Dell EMC PowerStore logs
Dell EMC PowerStore logs
Dell OpenManage logs
Dell switch logs
DigiCert audit logs
Digi Modems logs
DomainTools Iris Investigate results
Duo administrator logs
Duo authentication logs
Duo entity context logs
Duo User context logs
Endpoint Protector DLP logs
Epic Systems logs
ESET AV logs
ESET EDR logs
ExtraHop DNS logs
ExtraHop RevealX logs
Extreme switch logs
Extreme Wireless logs
F5 AFM logs
F5 ASM logs
F5 BIG-IP APM logs
F5 BIG-IP ASM logs
F5 BIG-IP LTM logs
F5 DNS logs
F5 VPN logs
Fastly WAF logs
Fidelis Network logs
FileZilla FTP logs
FireEye HX logs
FireEye NX logs
Forcepoint CASB logs
Forcepoint DLP logs
Forcepoint Proxy logs
Forescout NAC logs
ForgeRock OpenAM logs
Fortinet FortiAnalyzer logs
Fortinet FortiAuthenticator logs
Fortinet FortiMail logs
FortiWeb WAF logs
Fortra Digital Guardian DLP logs
GitHub audit logs
GitLab logs
Google Cloud IoT logs
Google Cloud Compute context logs
Google Cloud Compute logs
Google Cloud IDS logs
Google Workspace Activity logs
Standard Parsers H - I - J - K
HAProxy logs
Harness IO audit logs
HashiCorp audit logs
HP ProCurve logs
HPE Aruba Networking Central logs
HPE BladeSystem c7000 logs
IBM Verify Identity Access logs
Identity and Access Management (IAM) Analysis context logs
Illumio Core logs
Imperva WAF logs
Infoblox logs
Jamf Pro context logs
Jenkins logs
JFrog Artifactory logs
Juniper Junos logs
Juniper NetScreen Firewall logs
Kaseya Datto File Protection logs
Kaspersky AV logs
Kemp Load Balancer logs
Standard Parsers L - M - N
Lacework Cloud Security logs
LimaCharlie EDR logs
Linux auditd and AIX systems logs
ManageEngine AD360 logs
ManageEngine ADAudit Plus logs
McAfee Firewall Enterprise logs
McAfee Web Gateway logs
Micro Focus NetIQ Access Manager logs
Microsoft Azure Activity logs
Microsoft Azure AD logs
Microsoft Azure AD Audit logs
Microsoft Azure AD Context logs
Microsoft Azure DevOps audit logs
Microsoft SQL Server logs
Microsoft Azure Key Vault logging logs
Microsoft Defender for Cloud Alert logs
Microsoft Defender for Identity logs
Microsoft Exchange logs
Microsoft Graph Activity logs
Microsoft IIS logs
Microsoft Intune logs
Microsoft LAPS logs
Microsoft Sentinel logs
Microsoft Windows Defender ATP logs
Mimecast Mail logs
MISP IOC logs
MobileIron logs
MuleSoft Anypoint logs
MYSQL logs
Nasuni File Services Platform logs
NetApp ONTAP logs
NetApp SAN logs
Netgate pfSense logs
Netscaler logs
Netskope alert logs v1
Netskope alert logs v2
Netskope web proxy logs
NGINX logs
Nix Systems Red Hat logs
Nix Systems Ubuntu Server (Unix System) logs
Nokia Router logs
ntopng logs
Nutanix Prism logs
Standard Parsers O - P - Q - R
Okta logs
OneLogin Single Sign-On (SSO) logs
1Password logs
1Password audit logs
Onfido logs
OpenCanary logs
OPNsense firewall logs
Oracle DB logs
Palo Alto Cortex XDR alerts logs
Palo Alto Cortex XDR events logs
Palo Alto Networks IOC logs
Palo Alto Networks Traps logs
Palo Alto Prisma Cloud logs
Palo Alto Prisma Cloud alert logs
Palo Alto Prisma SD-WAN logs
PingOne Advanced Identity Cloud logs
PowerShell logs
Proofpoint On-Demand logs
Proofpoint TAP alerts logs
Pulse Secure logs
Qualys asset context logs
Qualys Continuous Monitoring logs
Qualys Scan logs
Qualys Virtual Scanner logs
Qualys Vulnerability Management logs
Radware WAF logs
Rapid7 InsightIDR logs
reCAPTCHA Enterprise logs
Recorded Future IOC logs
RevealX logs
RSA Authentication Manager logs
Standard Parsers S - T - U
Salesforce logs
SecureAuth Identity Platform logs
Secure Web Proxy logs
Security Command Center Error logs
Security Command Center Observation logs
Security Command Center Posture Violation logs
Security Command Center Toxic Combination logs
Security Command Center Unspecified logs
SentinelOne Deep Visibility logs
SentinelOne EDR logs
ServiceNow Security logs
Signal Sciences WAF logs
Skyhigh Security logs
Collect Slack audit logs
Snort logs
Snowflake logs
Snyk group-level audit logs
Snyk group-level audit and issues logs
SonicWall logs
Sophos Central logs
Sophos UTM logs
Sophos XG Firewall logs
Suricata Eve logs
Symantec CloudSOC CASB logs
Symantec DLP logs
Symantec EDR logs
Symantec Endpoint Protection logs
Symantec Event Export logs
Symantec VIP Authentication Hub logs
Symantec VIP Enterprise Gateway logs
Symantec Web Isolation logs
Synology logs
Sysdig logs
Thinkst Canary logs
ThreatConnect IOC logs
Trellix DLP logs
Trellix ePO logs
Trellix IPS logs
Trend Micro Apex One logs
Trend Micro Cloud One logs
Trend Micro DDI logs
Trend Micro Deep Security logs
Trend Micro Email Security logs
Trend Micro Vision One logs
Trend Micro Vision One Activity logs
Trend Micro Vision One Audit logs
Trend Micro Vision One Container Vulnerability logs
Trend Micro Vision Detections logs
Trend Micro Vision One Observed Attack Techniques logs
Trend Micro Vision One Workbench logs
Tripwire logs
Twingate VPN logs
Standard Parsers V - W - X - Y - Z
Varonis logs
Veeam logs
Venafi Zero Touch PKI logs
Veridium ID logs
Veritas NetBackup logs
Versa Networks Secure Access Service Edge (SASE) logs
VMware Airwatch logs
VMware Avi Load Balancer WAF logs
VMware ESXi logs
VMware Horizon logs
VMware Networking and Security Virtualization (NSX) Manager logs
VMware Tanzu logs