Skip to main content
Documentation
Technology areas
close
AI and ML
Application development
Application hosting
Compute
Data analytics and pipelines
Databases
Distributed, hybrid, and multicloud
Generative AI
Industry solutions
Networking
Observability and monitoring
Security
Storage
Cross-product tools
close
Access and resources management
Costs and usage management
Google Cloud SDK, languages, frameworks, and tools
Infrastructure as code
Migration
Related sites
close
Google Cloud Home
Free Trial and Free Tier
Architecture Center
Blog
Contact Sales
Google Cloud Developer Center
Google Developer Center
Google Cloud Marketplace
Google Cloud Marketplace Documentation
Google Cloud Skills Boost
Google Cloud Solution Center
Google Cloud Support
Google Cloud Tech Youtube Channel
/
English
Deutsch
Español – América Latina
Français
Português – Brasil
中文 – 简体
日本語
한국어
Console
Sign in
Google Security Operations
Guides
Reference
Resources
Contact Us
Start free
Documentation
Guides
Reference
Resources
Technology areas
More
Cross-product tools
More
Related sites
More
Console
Contact Us
Start free
Overview
All Security Operations topics
Google SecOps overview
What's new in Google SecOps?
Release plan for Google SecOps
Log in to Google Security Operations
Navigate the Google SecOps platform
Understand the Google SecOps platform
Configure user preferences
Gemini in SecOps
Google SecOps Labs
Use Gemini and other experiments in Google SecOps
Use the Alert Response Recommender
Gemini documentation summaries
Onboarding
Onboard a Google SecOps instance
Configure a Google Cloud project for Google SecOps
Configure a Google Cloud identity provider
Configure a third-party identity provider
Link a Google SecOps instance to Google Cloud services
Configure feature access control using IAM
Configure data RBAC using IAM
RBAC user guide for applications not using IAM
Map users in the Google SecOps platform using Google Cloud identity
Map users with multiple control access parameters
Map users in the Google SecOps platform using IdP groups
User management
Add SIEM or SOAR users to Google SecOps
Quickstart: Conduct a search
Quickstart: Investigate an alert
Data Collection
Ingestion
Google SecOps data ingestion
Overview of data ingestion
Content Hub overview
Supported data sets and default parsers
Ingest data to Google SecOps
Install and configure forwarders
Install and configure the forwarder
Manage forwarder configurations through the UI
Manage forwarder configurations manually
Google SecOps forwarder executable for Windows
Troubleshoot common Linux forwarder issues
Bindplane collection agent
Use the Bindplane agent
Configure Bindplane for Silent Host Monitoring
Set up data feeds
Feed management overview
Use the feed management application
Create an Azure Event Hub feed
Use the feed management API
Data Processing Pipelines
Set up and manage data processing pipelines
Use ingestion scripts deployed as Cloud Functions
Use the Ingestion API
Configure burst limits
Ingest Google Cloud data to Google SecOps
Product Centric Feed management
Default parsers
Default parser list
Premium parsers
Apigee logs
AWS EC2 Hosts logs
AWS EC2 Instance logs
Chrome management logs
Cisco ASA firewall logs
Context Resource Parsers
CrowdStrike Falcon logs
Duo Activity logs
Fluentd logs
Fortinet Firewall logs
Ingest Google Cloud data to Google Security Operations
Google Cloud Abuse Events logs
Google Cloud Audit Logs
Google Cloud DNS logs
Google Cloud Firewall logs
Google Cloud Load Balancing logs
Google Cloud NAT logs
Google Kubernetes Engine (GKE) logs
Google Cloud SQL logs
Google Workspace logs
Jamf Protect logs
Jamf Telemetry logs
Jamf Protect Telemetry v2 logs
Jamf Threat Events logs
Microsoft 365 logs
Microsoft Defender for Endpoint logs
Microsoft Graph API alerts logs
Microsoft Windows AD logs
Microsoft Windows DHCP logs
Microsoft Windows DNS logs
Microsoft Windows Event logs
Microsoft Windows Sysmon logs
NIX System logs
OCSF logs
OSSEC logs
osquery logs
Palo Alto Networks firewall logs
Security Command Center findings
SentinelOne Alert logs
SentinelOne Cloud Funnel logs
Splunk CIM logs
Zeek (Bro) logs
Zscaler CASB logs
Zscaler parsers overview
Zscaler Deception logs
Zscaler DLP logs
Zscaler DNS logs
Zscaler Firewall logs
Zscaler Internet Access logs
Zscaler Tunnel logs
Zscaler VPN logs
Zscaler Web Proxy logs
Zscaler ZPA logs
Zscaler ZPA Audit logs
Zeek (Bro) logs
Standard Parsers A - B - C
A10 Network Load Balancer logs
Abnormal Security logs
Acalvio logs
Akamai Cloud Monitor logs
Akamai DataStream 2 logs
Akamai DNS logs
Akamai WAF logs
Akeyless Vault logs
Alcatel switch logs
AlgoSec Security Management logs
Amazon CloudFront logs
Anomali ThreatStream IOC logs
Ansible AWX logs
Apache logs
Apache Cassandra logs
Apache Tomcat logs
Appian Cloud logs
Apple macOS syslog data
Aqua Security logs
Arbor Edge Defense logs
Archer IRM logs
ArcSight CEF logs
Arista switch logs
Area 1 logs
Aruba ClearPass logs
Aruba EdgeConnect SD-WAN logs
Aruba switch logs
Aruba Wireless Controller and Access Point logs
Atlassian Bitbucket logs
Atlassian Cloud Admin Audit logs
Atlassian Jira logs
Attivo Networks BOTsink logs
Auth0 logs
Automation Anywhere logs
Avatier logs
Avaya Aura logs
Avigilon Access Control Manager logs
Aware audit logs
AWS API Gateway access logs
AWS Aurora logs
AWS CloudTrail logs
AWS CloudWatch logs
AWS Config logs
AWS Control Tower logs
AWS Elastic Load Balancing logs
AWS Elastic MapReduce logs
AWS GuardDuty logs
AWS IAM logs
AWS Key Management Service logs
AWS Macie logs
AWS Network Firewall logs
AWS RDS logs
AWS Route 53 logs
AWS S3 server access logs
AWS Security Hub logs
AWS Session Manager logs
AWS VPC Flow logs
AWS VPC Transit Gateway flow logs
AWS VPN logs
AWS WAF logs
Azion firewall logs
Azure AD Sign-In logs
Azure API Management logs
Azure APP Service logs
Azure Application Gateway logs
Azure Firewall logs
Azure Storage Audit logs
Azure VPN logs
Azure WAF logs
Barracuda CloudGen Firewall logs
Barracuda Email Security Gateway logs
Barracuda WAF logs
Barracuda Web Filter logs
BeyondTrust BeyondInsight logs
BeyondTrust EPM logs
BeyondTrust Privileged Identity logs
BeyondTrust Remote Support logs
BeyondTrust Secure Remote Access logs
Bitdefender logs
Bitwarden Enterprise event logs
BloxOne Threat Defense logs
BlueCat DDI logs
BlueCat Edge logs
Blue Coat ProxySG logs
BMC Helix Discovery logs
Box Collaboration JSON logs
Broadcom CA PAM logs
Broadcom SSL VA logs
Broadcom Symantec SiteMinder Web Access logs
Brocade ServerIron logs
Brocade switch logs
Cambium Networks logs
Carbon Black App Control logs
Carbon Black EDR logs
Cato Networks logs
Censys logs
Check Point Audit logs
Check Point EDR logs
Check Point firewall logs
Check Point Harmony
Check Point SmartDefense logs
CipherTrust Manager logs
CircleCI audit logs
Cisco Application Control Engine (ACE) logs
Cisco Firepower NGFW logs
Cisco Firewall Service Module (FWSM) logs
Cisco IronPort logs
Cisco IOS logs
Cisco ISE logs
Cisco Meraki logs
Cisco PIX logs
Cisco Prime logs
Cisco Router logs
Cisco Secure ACS logs
Cisco Secure Email Gateway logs
Cisco Stealthwatch logs
Cisco Switch logs
Cisco UCS logs
Cisco VCS logs
Cisco VPN logs
Cisco Web Security Applicance (WSA) logs
Cisco Wireless Intrusion Prevention System (WIPS) logs
Cisco Wireless LAN Controller (WLC) logs
Cisco Wireless Security Management (WiSM) logs
Cloud Identity Devices logs
Cloud Identity Device Users logs
Cloud Intrusion Detection System (Cloud IDS) logs
Context Access Aware data
Cloud Next Generation Firewall logs
Cloud Run logs
Cloud Storage Context logs
Cloudflare logs
Cloudflare WAF logs
Cloudian HyperStore logs
CloudPassage Halo logs
Code42 Incydr core datasets
Cohesity logs
Commvault logs
CommVault Backup and Recovery logs
Comodo AV logs
Corelight Sensor logs
CrowdStrike Falcon logs in CEF"
CrowdStrike Falcon Stream logs
CrushFTP logs
CSV Custom IOC files
CyberArk EPM logs
CyberArk PAM logs
CyberArk Privilege Cloud logs
CyberArk Privileged Threat Analytics logs
CyberX logs
Cylance PROTECT logs
Cyolo OT logs
Standard Parsers D - E - F - G
Datadog logs
Darktrace logs