GCP Release Notes: February 02, 2026

API Gateway

Change

Connect API Gateway to Apigee API hub instances that use VPC Service Controls

API Gateway can now be connected to Apigee API hub instances that use VPC Service Controls.

App Engine flexible environment PHP

Feature

Support for the PHP 8.5 runtime is in Preview.

App Engine standard environment PHP

Feature

Support for the PHP 8.5 runtime is in Preivew.

BigQuery

Feature

You can now pass parameterized queries from the BigQuery query editor in the Google Cloud console.

This feature is generally available (GA).

Cloud Run

Feature

Support for PHP 8.5 runtime is in Preview.

Feature

Support for NVIDIA RTX PRO 6000 Blackwell GPU is in Preview. For more information, see GPU support for services, jobs, and worker pools.

Cloud Run functions

Feature

Support for PHP 8.5 runtime is in Preview.

Cloud SQL for MySQL

Feature

You can now update the server certificate authority (CA) mode of an existing Cloud SQL instance. You can update existing instances that use the per-instance CA option (GOOGLE_MANAGED_INTERNAL_CA) to use the shared CA option (GOOGLE_MANAGED_CAS_CA) or the customer-managed CA option (CUSTOMER_MANAGED_CAS_CA).

For more information about the different server CA mode options, see Certificate authority (CA) hierarchies.

Cloud SQL for PostgreSQL

Feature

You can now update the server certificate authority (CA) mode of an existing Cloud SQL instance. You can update existing instances that use the per-instance CA option (GOOGLE_MANAGED_INTERNAL_CA) to use the shared CA option (GOOGLE_MANAGED_CAS_CA) or the customer-managed CA option (CUSTOMER_MANAGED_CAS_CA).

For more information about the different server CA mode options, see Certificate authority (CA) hierarchies.

Cloud SQL for SQL Server

Feature

You can now update the server certificate authority (CA) mode of an existing Cloud SQL instance. You can update existing instances that use the per-instance CA option (GOOGLE_MANAGED_INTERNAL_CA) to use the shared CA option (GOOGLE_MANAGED_CAS_CA) or the customer-managed CA option (CUSTOMER_MANAGED_CAS_CA).

For more information about the different server CA mode options, see Certificate authority (CA) hierarchies.

Cloud Trace

Feature

You can now analyze your trace data by using the Log Analytics page in the Google Cloud console. This page supports SQL queries and lets you view your query results as a table or as a chart. Your SQL queries can also join your trace and log data. This feature is in Public Preview.

To learn more about analyzing and viewing trace data, see the following documents:

• Query and analyze traces
• Find and explore traces by using the Trace Explorer

Feature

Cloud Trace now stores your trace data in an observability dataset. You can continue to view your trace data by using the Trace Explorer page. If you create a link on your dataset, then you can use services like BigQuery to query and analyze your trace data. To learn more, see the following documents:

• Trace storage overview
• Manage trace storage
• Query a linked BigQuery dataset

Dataflow

Feature

Dataflow Managed I/O now supports rolling upgrades for streaming jobs. With this feature, Dataflow upgrades your Managed I/O connectors in running pipelines as new connector versions become available. For more information, see Automatic upgrades.

Firestore

Feature

The Firestore databases page in the Google Cloud console now includes a status column. Possible statuses include:

• Ready
• Cloning is in progress
• Restoring from backup is in progress
• Deleted
• Failed

For the cloning and restore statuses, the status column updates upon completion.

Firestore in Datastore mode

Feature

The Firestore databases page in the Google Cloud console now includes a status column. Possible statuses include:

• Ready
• Cloning is in progress
• Restoring from backup is in progress
• Deleted
• Failed

For the cloning and restore statuses, the status column updates upon completion.

Firestore with MongoDB compatibility

Feature

The Firestore databases page in the Google Cloud console now includes a status column. Possible statuses include:

• Ready
• Cloning is in progress
• Restoring from backup is in progress
• Deleted
• Failed

For the cloning and restore statuses, the status column updates upon completion.

Gemini Enterprise

Feature

Fine-grained access control for individual Gemini Enterprise apps

Gemini Enterprise admins can control access to individual Gemini Enterprise apps using app-level IAM policies. IAM permissions are often managed at the project level, but app-level IAM allows for more granular control.

For more information, see Configure access controls for apps.

Google SecOps

Change

Google SecOps has updated the list of supported default parsers. Updates propagate gradually; changes typically appear in your region within one to four business days. For more information, see Supported log types and default parsers.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

• A10 Load Balancer (A10_LOAD_BALANCER)
• AIX system (AIX_SYSTEM)
• Akamai Cloud Monitor (AKAMAI_CLOUD_MONITOR)
• AlgoSec Security Management (ALGOSEC)
• Amazon API Gateway (AWS_API_GATEWAY)
• Apache (APACHE)
• Apple macOS (MACOS)
• AppOmni (APPOMNI)
• Arcsight CEF (ARCSIGHT_CEF)
• Arista Switch (ARISTA_SWITCH)
• Aruba (ARUBA_WIRELESS)
• Aruba Airwave (ARUBA_AIRWAVE)
• Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
• Aruba Switch (ARUBA_SWITCH)
• Attivo Networks (ATTIVO)
• Auth0 (AUTH_ZERO)
• Automation Anywhere (AUTOMATION_ANYWHERE)
• Avanan Email Security (AVANAN_EMAIL)
• AWS Aurora (AWS_AURORA)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS Elastic Load Balancer (AWS_ELB)
• AWS GuardDuty (GUARDDUTY)
• AWS RDS (AWS_RDS)
• AWS Security Hub (AWS_SECURITY_HUB)
• AWS WAF (AWS_WAF)
• Azure AD (AZURE_AD)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure AD Sign-In (AZURE_AD_SIGNIN)
• Azure Front Door (AZURE_FRONT_DOOR)
• Barracuda Email (BARRACUDA_EMAIL)
• Barracuda WAF (BARRACUDA_WAF)
• BeyondTrust (BOMGAR)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
• BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
• BIND (BIND_DNS)
• Bindplane Agent (BINDPLANE_AGENT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Box (BOX)
• Carbon Black (CB_EDR)
• Cato Networks (CATO_NETWORKS)
• Check Point (CHECKPOINT_FIREWALL)
• CipherTrust Manager (CIPHERTRUST_MANAGER)
• Cisco Application Centric Infrastructure (CISCO_ACI)
• Cisco ASA (CISCO_ASA_FIREWALL)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
• Cisco Internetwork Operating System (CISCO_IOS)
• Cisco ISE (CISCO_ISE)
• Cisco Meraki (CISCO_MERAKI)
• Cisco PIX Firewall (CISCO_PIX_FIREWALL)
• Cisco Router (CISCO_ROUTER)
• Cisco Stealthwatch (CISCO_STEALTHWATCH)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
• Cisco Umbrella DNS (UMBRELLA_DNS)
• Cisco vManage SD-WAN (CISCO_SDWAN)
• Cisco WLC/WCS (CISCO_WIRELESS)
• Cisco WSA (CISCO_WSA)
• Citrix Netscaler (CITRIX_NETSCALER)
• Claroty Continuous Threat Detection (CLAROTY_CTD)
• Claroty Xdome (CLAROTY_XDOME)
• Cloud SQL (GCP_CLOUDSQL)
• Cloudflare (CLOUDFLARE)
• Cloudflare Audit (CLOUDFLARE_AUDIT)
• Compute Engine (GCP_COMPUTE)
• Corelight (CORELIGHT)
• CrowdStrike Alerts API (CS_ALERTS)
• CrowdStrike Detection Monitoring (CS_DETECTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CyberArk (CYBERARK)
• CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cyolo Secure Remote Access for OT (CYOLO_OT)
• Darktrace (DARKTRACE)
• Delinea Secret Server (DELINEA_SECRET_SERVER)
• Dell ECS Enterprise Object Storage (DELL_ECS)
• Dell Switch (DELL_SWITCH)
• Duo Auth (DUO_AUTH)
• ExtraHop RevealX (EXTRAHOP)
• Extreme Wireless (EXTREME_WIRELESS)
• F5 Advanced Firewall Management (F5_AFM)
• F5 ASM (F5_ASM)
• F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
• F5 BIGIP LTM (F5_BIGIP_LTM)
• F5 Distributed Cloud Services (F5_DCS)
• Fastly CDN (FASTLY_CDN)
• FireEye ETP (FIREEYE_ETP)
• FireEye NX (FIREEYE_NX)
• Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
• Forescout eyeInspect (FORESCOUT_EYEINSPECT)
• FortiGate (FORTINET_FIREWALL)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• Fortinet Fortimanager (FORTINET_FORTIMANAGER)
• Fortinet Web Application Firewall (FORTINET_FORTIWEB)
• GCP_APP_ENGINE (GCP_APP_ENGINE)
• GCP_MODEL_ARMOR (GCP_MODEL_ARMOR)
• GitHub (GITHUB)
• GitHub Dependabot (GITHUB_DEPENDABOT)
• Google Cloud Audit (GCP_CLOUDAUDIT)
• Google Threat Intelligence (GCP_THREATINTEL)
• H3C Comware Platform Switch (H3C_SWITCH)
• Hashicorp Vault (HASHICORP)
• HP Aruba (ClearPass) (CLEARPASS)
• Huawei Switches (HUAWEI_SWITCH)
• IBM DataPower Gateway (IBM_DATAPOWER)
• IBM DB2 (DB2_DB)
• Illumio Core (ILLUMIO_CORE)
• Imperva (IMPERVA_WAF)
• Imperva DRA (IMPERVA_DRA)
• Island Browser logs (ISLAND_BROWSER)
• Jamf pro context (JAMF_PRO_CONTEXT)
• JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
• Juniper MX Router (JUNIPER_MX)
• Keycloak (KEYCLOAK)
• KnowBe4 PhishER (KNOWBE4_PHISHER)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Node (KUBERNETES_NODE)
• Linux Auditing System (AuditD) (AUDITD)
• McAfee DLP (MCAFEE_DLP)
• McAfee ePolicy Orchestrator (MCAFEE_EPO)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Microsoft AD FS (ADFS)
• Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
• Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
• Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
• Microsoft IIS (IIS)
• Microsoft Intune (AZURE_MDM_INTUNE)
• Microsoft PowerShell (POWERSHELL)
• Microsoft SQL Server (MICROSOFT_SQL)
• Mimecast Mail V2 (MIMECAST_MAIL_V2)
• MISP Threat Intelligence (MISP_IOC)
• Mobileiron (MOBILEIRON)
• MySQL (MYSQL)
• NetApp ONTAP (NETAPP_ONTAP)
• Netfilter IPtables (NETFILTER_IPTABLES)
• NetIQ Access Manager (NETIQ_ACCESS_MANAGER)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Netskope Web Proxy (NETSKOPE_WEBPROXY)
• Network Policy Server (MICROSOFT_NPS)
• NGINX (NGINX)
• Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
• Nutanix Prism (NUTANIX_PRISM)
• Obsidian (OBSIDIAN)
• Office 365 (OFFICE_365)
• Okta (OKTA)
• Onapsis (ONAPSIS)
• One Identity TPAM (ONEIDENTITY_TPAM)
• OneLogin (ONELOGIN_SSO)
• Open Cybersecurity Schema Framework (OCSF) (OCSF)
• Oracle (ORACLE_DB)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Panorama (PAN_PANORAMA)
• Ping Identity (PING)
• PostFix Mail (POSTFIX_MAIL)
• PostgreSQL (POSTGRESQL)
• Proofpoint CASB (PROOFPOINT_CASB)
• Proofpoint Email Filter (PROOFPOINT_MAIL_FILTER)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Pulse Secure (PULSE_SECURE_VPN)
• QNAP Systems NAS (QNAP_NAS)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• Recorded Future (RECORDED_FUTURE_IOC)
• Red Hat OpenShift (REDHAT_OPENSHIFT)
• Salesforce (SALESFORCE)
• SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
• Security Command Center Chokepoint (GCP_SECURITYCENTER_CHOKEPOINT)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Threat (GCP_SECURITYCENTER_THREAT)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• ServiceNow Audit (SERVICENOW_AUDIT)
• Snare System Diagnostic Logs (SNARE_SOLUTIONS)
• Snyk Group level audit/issues logs (SNYK_ISSUES)
• Solaris system (SOLARIS_SYSTEM)
• Sophos Central (SOPHOS_CENTRAL)
• STIX Threat Intelligence (STIX)
• Stormshield Firewall (STORMSHIELD_FIREWALL)
• Sublime Security (SUBLIMESECURITY)
• Suricata EVE (SURICATA_EVE)
• Swift Alliance Messaging Hub (SWIFT_AMH)
• Symantec DLP (SYMANTEC_DLP)
• Symantec Endpoint Protection (SEP)
• Symantec Messaging Gateway (SYMANTEC_MAIL)
• Tableau (TABLEAU)
• TCPWave DDI (TCPWAVE_DDI)
• TeamViewer (TEAMVIEWER)
• Tenable Active Directory Security (TENABLE_ADS)
• Tenable OT (TENABLE_OT)
• Tenable.io (TENABLE_IO)
• Thinkst Canary (THINKST_CANARY)
• ThreatConnect IOC V3 (THREATCONNECT_IOC_V3)
• Trellix HX Event Streamer (TRELLIX_HX_ES)
• Trend Micro (TIPPING_POINT)
• Trend Micro Vision One (TRENDMICRO_VISION_ONE)
• Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
• TrendMicro Deep Discovery Inspector (TRENDMICRO_DDI)
• TXOne Stellar (TRENDMICRO_STELLAR)
• Unifi AP (UNIFI_AP)
• Unix system (NIX_SYSTEM)
• Vectra Detect (VECTRA_DETECT)
• Vectra XDR (VECTRA_XDR)
• Veritas NetBackup (VERITAS_NETBACKUP)
• Versa Firewall (VERSA_FIREWALL)
• VMware ESXi (VMWARE_ESX)
• VMware NSX (VMWARE_NSX)
• VMware vCenter (VMWARE_VCENTER)
• WatchGuard (WATCHGUARD)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• Wiz.io (WIZ_IO)
• Workday Audit Logs (WORKDAY_AUDIT)
• Workspace Activities (WORKSPACE_ACTIVITY)
• Workspace Alerts (WORKSPACE_ALERTS)
• Zimperium (ZIMPERIUM)
• Zscaler (ZSCALER_WEBPROXY)
• Zscaler CASB (ZSCALER_CASB)
• Zscaler DLP (ZSCALER_DLP)
• ZScaler DNS (ZSCALER_DNS)
• Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
• ZScaler NGFW (ZSCALER_FIREWALL)
• Zscaler Private Access (ZSCALER_ZPA)
• Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)
• Zscaler Tunnel (ZSCALER_TUNNEL)
• Zywall (ZYWALL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

• Aikido (AIKIDO)
• Akamai API Security (AKAMAI_API_SECURITY)
• Alkira IP Flow (ALKIRA_IP_FLOW)
• Atlassian Guard Detect (ATLASSIAN_GUARD_DETECT)
• BlinkOps (BLINKOPS)
• Canvas LMS (CANVAS_LMS)
• Cisco Secure Email Threat Defense (CISCO_SECURE_EMAIL_THREAT_DEFENSE)
• Cisco StarOS (CISCO_STAR_OS)
• Citadel Identity360 (CITADEL_IDENTITY360)
• Cyware Threat Intelligence Exchange (CTIX)
• Cyberark Identity Audit (CYBERARK_IDENTITY_AUDIT)
• CyCognito ASM (CYCOGNITO_ASM)
• Dell VxRail (DELL_VXRAIL)
• Gene6 FTP Server (GENE6_FTP)
• IBM Copy Services Manager (IBM_CSM)
• LangSmith Audit (LANGSMITH_AUDIT)
• Mellanox Switch (MELLANOX_SWITCH)
• Microsoft Entra ID Protection (MICROSOFT_ENTRA_ID_PROTECTION)
• NSFOCUS Next Generation Intrusion Prevention System (NSFOCUS_NGIPS)
• Perplexity (PERPLEXITY)
• Pleasant Password Server (PLEASANT_PASSWORD_SERVER)
• Prompt Security (PROMPT_SECURITY)
• Qualtrics Audit (QUALTRICS_AUDIT)
• Rancher API Audit Log (RANCHER_API_AUDIT_LOG)
• Rubrik Security Cloud (RUBRIK_SECURITY_CLOUD)
• SAP Business Warehouse (SAP_BW)
• SAP Change Document (SAP_CHANGE_DOCUMENT)
• SAP Gateway (SAP_GATEWAY)
• SAP Hana Audit (SAP_HANA_AUDIT)
• Scale Computing (SCALE_COMPUTING)
• Slack API (SLACK_API)
• Snowplow (SNOWPLOW)
• Sterling Order Management System Data (STERLING_OMS_DATA)
• Strivacity (STRIVACITY)
• Tencent CloudAudit (TENCENT_CLOUD_AUDIT)
• Trellix EX (TRELLIX_EX)
• Unifi System (UNIFI_SYSTEM)
• Windows Bindplane (WINDOWS_BINDPLANE)
• Witness AI Control (WITNESS_AI_CONTROL)
• Zendesk Advanced Data Privacy and Protection (ZENDESK_ADPP)

Google SecOps SIEM

Change

Google SecOps has updated the list of supported default parsers. Updates propagate gradually; changes typically appear in your region within one to four business days. For more information, see Supported log types and default parsers.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

• A10 Load Balancer (A10_LOAD_BALANCER)
• AIX system (AIX_SYSTEM)
• Akamai Cloud Monitor (AKAMAI_CLOUD_MONITOR)
• AlgoSec Security Management (ALGOSEC)
• Amazon API Gateway (AWS_API_GATEWAY)
• Apache (APACHE)
• Apple macOS (MACOS)
• AppOmni (APPOMNI)
• Arcsight CEF (ARCSIGHT_CEF)
• Arista Switch (ARISTA_SWITCH)
• Aruba (ARUBA_WIRELESS)
• Aruba Airwave (ARUBA_AIRWAVE)
• Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
• Aruba Switch (ARUBA_SWITCH)
• Attivo Networks (ATTIVO)
• Auth0 (AUTH_ZERO)
• Automation Anywhere (AUTOMATION_ANYWHERE)
• Avanan Email Security (AVANAN_EMAIL)
• AWS Aurora (AWS_AURORA)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS Elastic Load Balancer (AWS_ELB)
• AWS GuardDuty (GUARDDUTY)
• AWS RDS (AWS_RDS)
• AWS Security Hub (AWS_SECURITY_HUB)
• AWS WAF (AWS_WAF)
• Azure AD (AZURE_AD)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure AD Sign-In (AZURE_AD_SIGNIN)
• Azure Front Door (AZURE_FRONT_DOOR)
• Barracuda Email (BARRACUDA_EMAIL)
• Barracuda WAF (BARRACUDA_WAF)
• BeyondTrust (BOMGAR)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
• BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
• BIND (BIND_DNS)
• Bindplane Agent (BINDPLANE_AGENT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Box (BOX)
• Carbon Black (CB_EDR)
• Cato Networks (CATO_NETWORKS)
• Check Point (CHECKPOINT_FIREWALL)
• CipherTrust Manager (CIPHERTRUST_MANAGER)
• Cisco Application Centric Infrastructure (CISCO_ACI)
• Cisco ASA (CISCO_ASA_FIREWALL)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
• Cisco Internetwork Operating System (CISCO_IOS)
• Cisco ISE (CISCO_ISE)
• Cisco Meraki (CISCO_MERAKI)
• Cisco PIX Firewall (CISCO_PIX_FIREWALL)
• Cisco Router (CISCO_ROUTER)
• Cisco Stealthwatch (CISCO_STEALTHWATCH)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
• Cisco Umbrella DNS (UMBRELLA_DNS)
• Cisco vManage SD-WAN (CISCO_SDWAN)
• Cisco WLC/WCS (CISCO_WIRELESS)
• Cisco WSA (CISCO_WSA)
• Citrix Netscaler (CITRIX_NETSCALER)
• Claroty Continuous Threat Detection (CLAROTY_CTD)
• Claroty Xdome (CLAROTY_XDOME)
• Cloud SQL (GCP_CLOUDSQL)
• Cloudflare (CLOUDFLARE)
• Cloudflare Audit (CLOUDFLARE_AUDIT)
• Compute Engine (GCP_COMPUTE)
• Corelight (CORELIGHT)
• CrowdStrike Alerts API (CS_ALERTS)
• CrowdStrike Detection Monitoring (CS_DETECTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CyberArk (CYBERARK)
• CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cyolo Secure Remote Access for OT (CYOLO_OT)
• Darktrace (DARKTRACE)
• Delinea Secret Server (DELINEA_SECRET_SERVER)
• Dell ECS Enterprise Object Storage (DELL_ECS)
• Dell Switch (DELL_SWITCH)
• Duo Auth (DUO_AUTH)
• ExtraHop RevealX (EXTRAHOP)
• Extreme Wireless (EXTREME_WIRELESS)
• F5 Advanced Firewall Management (F5_AFM)
• F5 ASM (F5_ASM)
• F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
• F5 BIGIP LTM (F5_BIGIP_LTM)
• F5 Distributed Cloud Services (F5_DCS)
• Fastly CDN (FASTLY_CDN)
• FireEye ETP (FIREEYE_ETP)
• FireEye NX (FIREEYE_NX)
• Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
• Forescout eyeInspect (FORESCOUT_EYEINSPECT)
• FortiGate (FORTINET_FIREWALL)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• Fortinet Fortimanager (FORTINET_FORTIMANAGER)
• Fortinet Web Application Firewall (FORTINET_FORTIWEB)
• GCP_APP_ENGINE (GCP_APP_ENGINE)
• GCP_MODEL_ARMOR (GCP_MODEL_ARMOR)
• GitHub (GITHUB)
• GitHub Dependabot (GITHUB_DEPENDABOT)
• Google Cloud Audit (GCP_CLOUDAUDIT)
• Google Threat Intelligence (GCP_THREATINTEL)
• H3C Comware Platform Switch (H3C_SWITCH)
• Hashicorp Vault (HASHICORP)
• HP Aruba (ClearPass) (CLEARPASS)
• Huawei Switches (HUAWEI_SWITCH)
• IBM DataPower Gateway (IBM_DATAPOWER)
• IBM DB2 (DB2_DB)
• Illumio Core (ILLUMIO_CORE)
• Imperva (IMPERVA_WAF)
• Imperva DRA (IMPERVA_DRA)
• Island Browser logs (ISLAND_BROWSER)
• Jamf pro context (JAMF_PRO_CONTEXT)
• JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
• Juniper MX Router (JUNIPER_MX)
• Keycloak (KEYCLOAK)
• KnowBe4 PhishER (KNOWBE4_PHISHER)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Node (KUBERNETES_NODE)
• Linux Auditing System (AuditD) (AUDITD)
• McAfee DLP (MCAFEE_DLP)
• McAfee ePolicy Orchestrator (MCAFEE_EPO)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Microsoft AD FS (ADFS)
• Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
• Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
• Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
• Microsoft IIS (IIS)
• Microsoft Intune (AZURE_MDM_INTUNE)
• Microsoft PowerShell (POWERSHELL)
• Microsoft SQL Server (MICROSOFT_SQL)
• Mimecast Mail V2 (MIMECAST_MAIL_V2)
• MISP Threat Intelligence (MISP_IOC)
• Mobileiron (MOBILEIRON)
• MySQL (MYSQL)
• NetApp ONTAP (NETAPP_ONTAP)
• Netfilter IPtables (NETFILTER_IPTABLES)
• NetIQ Access Manager (NETIQ_ACCESS_MANAGER)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Netskope Web Proxy (NETSKOPE_WEBPROXY)
• Network Policy Server (MICROSOFT_NPS)
• NGINX (NGINX)
• Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
• Nutanix Prism (NUTANIX_PRISM)
• Obsidian (OBSIDIAN)
• Office 365 (OFFICE_365)
• Okta (OKTA)
• Onapsis (ONAPSIS)
• One Identity TPAM (ONEIDENTITY_TPAM)
• OneLogin (ONELOGIN_SSO)
• Open Cybersecurity Schema Framework (OCSF) (OCSF)
• Oracle (ORACLE_DB)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Panorama (PAN_PANORAMA)
• Ping Identity (PING)
• PostFix Mail (POSTFIX_MAIL)
• PostgreSQL (POSTGRESQL)
• Proofpoint CASB (PROOFPOINT_CASB)
• Proofpoint Email Filter (PROOFPOINT_MAIL_FILTER)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Pulse Secure (PULSE_SECURE_VPN)
• QNAP Systems NAS (QNAP_NAS)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• Recorded Future (RECORDED_FUTURE_IOC)
• Red Hat OpenShift (REDHAT_OPENSHIFT)
• Salesforce (SALESFORCE)
• SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
• Security Command Center Chokepoint (GCP_SECURITYCENTER_CHOKEPOINT)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Threat (GCP_SECURITYCENTER_THREAT)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• ServiceNow Audit (SERVICENOW_AUDIT)
• Snare System Diagnostic Logs (SNARE_SOLUTIONS)
• Snyk Group level audit/issues logs (SNYK_ISSUES)
• Solaris system (SOLARIS_SYSTEM)
• Sophos Central (SOPHOS_CENTRAL)
• STIX Threat Intelligence (STIX)
• Stormshield Firewall (STORMSHIELD_FIREWALL)
• Sublime Security (SUBLIMESECURITY)
• Suricata EVE (SURICATA_EVE)
• Swift Alliance Messaging Hub (SWIFT_AMH)
• Symantec DLP (SYMANTEC_DLP)
• Symantec Endpoint Protection (SEP)
• Symantec Messaging Gateway (SYMANTEC_MAIL)
• Tableau (TABLEAU)
• TCPWave DDI (TCPWAVE_DDI)
• TeamViewer (TEAMVIEWER)
• Tenable Active Directory Security (TENABLE_ADS)
• Tenable OT (TENABLE_OT)
• Tenable.io (TENABLE_IO)
• Thinkst Canary (THINKST_CANARY)
• ThreatConnect IOC V3 (THREATCONNECT_IOC_V3)
• Trellix HX Event Streamer (TRELLIX_HX_ES)
• Trend Micro (TIPPING_POINT)
• Trend Micro Vision One (TRENDMICRO_VISION_ONE)
• Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
• TrendMicro Deep Discovery Inspector (TRENDMICRO_DDI)
• TXOne Stellar (TRENDMICRO_STELLAR)
• Unifi AP (UNIFI_AP)
• Unix system (NIX_SYSTEM)
• Vectra Detect (VECTRA_DETECT)
• Vectra XDR (VECTRA_XDR)
• Veritas NetBackup (VERITAS_NETBACKUP)
• Versa Firewall (VERSA_FIREWALL)
• VMware ESXi (VMWARE_ESX)
• VMware NSX (VMWARE_NSX)
• VMware vCenter (VMWARE_VCENTER)
• WatchGuard (WATCHGUARD)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• Wiz.io (WIZ_IO)
• Workday Audit Logs (WORKDAY_AUDIT)
• Workspace Activities (WORKSPACE_ACTIVITY)
• Workspace Alerts (WORKSPACE_ALERTS)
• Zimperium (ZIMPERIUM)
• Zscaler (ZSCALER_WEBPROXY)
• Zscaler CASB (ZSCALER_CASB)
• Zscaler DLP (ZSCALER_DLP)
• ZScaler DNS (ZSCALER_DNS)
• Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
• ZScaler NGFW (ZSCALER_FIREWALL)
• Zscaler Private Access (ZSCALER_ZPA)
• Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)
• Zscaler Tunnel (ZSCALER_TUNNEL)
• Zywall (ZYWALL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

• Aikido (AIKIDO)
• Akamai API Security (AKAMAI_API_SECURITY)
• Alkira IP Flow (ALKIRA_IP_FLOW)
• Atlassian Guard Detect (ATLASSIAN_GUARD_DETECT)
• BlinkOps (BLINKOPS)
• Canvas LMS (CANVAS_LMS)
• Cisco Secure Email Threat Defense (CISCO_SECURE_EMAIL_THREAT_DEFENSE)
• Cisco StarOS (CISCO_STAR_OS)
• Citadel Identity360 (CITADEL_IDENTITY360)
• Cyware Threat Intelligence Exchange (CTIX)
• Cyberark Identity Audit (CYBERARK_IDENTITY_AUDIT)
• CyCognito ASM (CYCOGNITO_ASM)
• Dell VxRail (DELL_VXRAIL)
• Gene6 FTP Server (GENE6_FTP)
• IBM Copy Services Manager (IBM_CSM)
• LangSmith Audit (LANGSMITH_AUDIT)
• Mellanox Switch (MELLANOX_SWITCH)
• Microsoft Entra ID Protection (MICROSOFT_ENTRA_ID_PROTECTION)
• NSFOCUS Next Generation Intrusion Prevention System (NSFOCUS_NGIPS)
• Perplexity (PERPLEXITY)
• Pleasant Password Server (PLEASANT_PASSWORD_SERVER)
• Prompt Security (PROMPT_SECURITY)
• Qualtrics Audit (QUALTRICS_AUDIT)
• Rancher API Audit Log (RANCHER_API_AUDIT_LOG)
• Rubrik Security Cloud (RUBRIK_SECURITY_CLOUD)
• SAP Business Warehouse (SAP_BW)
• SAP Change Document (SAP_CHANGE_DOCUMENT)
• SAP Gateway (SAP_GATEWAY)
• SAP Hana Audit (SAP_HANA_AUDIT)
• Scale Computing (SCALE_COMPUTING)
• Slack API (SLACK_API)
• Snowplow (SNOWPLOW)
• Sterling Order Management System Data (STERLING_OMS_DATA)
• Strivacity (STRIVACITY)
• Tencent CloudAudit (TENCENT_CLOUD_AUDIT)
• Trellix EX (TRELLIX_EX)
• Unifi System (UNIFI_SYSTEM)
• Windows Bindplane (WINDOWS_BINDPLANE)
• Witness AI Control (WITNESS_AI_CONTROL)
• Zendesk Advanced Data Privacy and Protection (ZENDESK_ADPP)

Change

Google SecOps has updated the list of supported default parsers. Updates propagate gradually; changes typically appear in your region within one to four business days. For more information, see Supported log types and default parsers.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

• A10 Load Balancer (A10_LOAD_BALANCER)
• AIX system (AIX_SYSTEM)
• Akamai Cloud Monitor (AKAMAI_CLOUD_MONITOR)
• AlgoSec Security Management (ALGOSEC)
• Amazon API Gateway (AWS_API_GATEWAY)
• Apache (APACHE)
• Apple macOS (MACOS)
• AppOmni (APPOMNI)
• Arcsight CEF (ARCSIGHT_CEF)
• Arista Switch (ARISTA_SWITCH)
• Aruba (ARUBA_WIRELESS)
• Aruba Airwave (ARUBA_AIRWAVE)
• Aruba EdgeConnect SD-WAN (ARUBA_EDGECONNECT_SDWAN)
• Aruba Switch (ARUBA_SWITCH)
• Attivo Networks (ATTIVO)
• Auth0 (AUTH_ZERO)
• Automation Anywhere (AUTOMATION_ANYWHERE)
• Avanan Email Security (AVANAN_EMAIL)
• AWS Aurora (AWS_AURORA)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS Elastic Load Balancer (AWS_ELB)
• AWS GuardDuty (GUARDDUTY)
• AWS RDS (AWS_RDS)
• AWS Security Hub (AWS_SECURITY_HUB)
• AWS WAF (AWS_WAF)
• Azure AD (AZURE_AD)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure AD Sign-In (AZURE_AD_SIGNIN)
• Azure Front Door (AZURE_FRONT_DOOR)
• Barracuda Email (BARRACUDA_EMAIL)
• Barracuda WAF (BARRACUDA_WAF)
• BeyondTrust (BOMGAR)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• BeyondTrust Endpoint Privilege Management (BEYONDTRUST_ENDPOINT)
• BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
• BIND (BIND_DNS)
• Bindplane Agent (BINDPLANE_AGENT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Box (BOX)
• Carbon Black (CB_EDR)
• Cato Networks (CATO_NETWORKS)
• Check Point (CHECKPOINT_FIREWALL)
• CipherTrust Manager (CIPHERTRUST_MANAGER)
• Cisco Application Centric Infrastructure (CISCO_ACI)
• Cisco ASA (CISCO_ASA_FIREWALL)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
• Cisco Internetwork Operating System (CISCO_IOS)
• Cisco ISE (CISCO_ISE)
• Cisco Meraki (CISCO_MERAKI)
• Cisco PIX Firewall (CISCO_PIX_FIREWALL)
• Cisco Router (CISCO_ROUTER)
• Cisco Stealthwatch (CISCO_STEALTHWATCH)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
• Cisco Umbrella DNS (UMBRELLA_DNS)
• Cisco vManage SD-WAN (CISCO_SDWAN)
• Cisco WLC/WCS (CISCO_WIRELESS)
• Cisco WSA (CISCO_WSA)
• Citrix Netscaler (CITRIX_NETSCALER)
• Claroty Continuous Threat Detection (CLAROTY_CTD)
• Claroty Xdome (CLAROTY_XDOME)
• Cloud SQL (GCP_CLOUDSQL)
• Cloudflare (CLOUDFLARE)
• Cloudflare Audit (CLOUDFLARE_AUDIT)
• Compute Engine (GCP_COMPUTE)
• Corelight (CORELIGHT)
• CrowdStrike Alerts API (CS_ALERTS)
• CrowdStrike Detection Monitoring (CS_DETECTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CyberArk (CYBERARK)
• CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cyolo Secure Remote Access for OT (CYOLO_OT)
• Darktrace (DARKTRACE)
• Delinea Secret Server (DELINEA_SECRET_SERVER)
• Dell ECS Enterprise Object Storage (DELL_ECS)
• Dell Switch (DELL_SWITCH)
• Duo Auth (DUO_AUTH)
• ExtraHop RevealX (EXTRAHOP)
• Extreme Wireless (EXTREME_WIRELESS)
• F5 Advanced Firewall Management (F5_AFM)
• F5 ASM (F5_ASM)
• F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
• F5 BIGIP LTM (F5_BIGIP_LTM)
• F5 Distributed Cloud Services (F5_DCS)
• Fastly CDN (FASTLY_CDN)
• FireEye ETP (FIREEYE_ETP)
• FireEye NX (FIREEYE_NX)
• Forcepoint Email Security (FORCEPOINT_EMAILSECURITY)
• Forescout eyeInspect (FORESCOUT_EYEINSPECT)
• FortiGate (FORTINET_FIREWALL)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• Fortinet Fortimanager (FORTINET_FORTIMANAGER)
• Fortinet Web Application Firewall (FORTINET_FORTIWEB)
• GCP_APP_ENGINE (GCP_APP_ENGINE)
• GCP_MODEL_ARMOR (GCP_MODEL_ARMOR)
• GitHub (GITHUB)
• GitHub Dependabot (GITHUB_DEPENDABOT)
• Google Cloud Audit (GCP_CLOUDAUDIT)
• Google Threat Intelligence (GCP_THREATINTEL)
• H3C Comware Platform Switch (H3C_SWITCH)
• Hashicorp Vault (HASHICORP)
• HP Aruba (ClearPass) (CLEARPASS)
• Huawei Switches (HUAWEI_SWITCH)
• IBM DataPower Gateway (IBM_DATAPOWER)
• IBM DB2 (DB2_DB)
• Illumio Core (ILLUMIO_CORE)
• Imperva (IMPERVA_WAF)
• Imperva DRA (IMPERVA_DRA)
• Island Browser logs (ISLAND_BROWSER)
• Jamf pro context (JAMF_PRO_CONTEXT)
• JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
• Juniper MX Router (JUNIPER_MX)
• Keycloak (KEYCLOAK)
• KnowBe4 PhishER (KNOWBE4_PHISHER)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Node (KUBERNETES_NODE)
• Linux Auditing System (AuditD) (AUDITD)
• McAfee DLP (MCAFEE_DLP)
• McAfee ePolicy Orchestrator (MCAFEE_EPO)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Microsoft AD FS (ADFS)
• Microsoft Defender For Cloud (MICROSOFT_DEFENDER_CLOUD_ALERTS)
• Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
• Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
• Microsoft IIS (IIS)
• Microsoft Intune (AZURE_MDM_INTUNE)
• Microsoft PowerShell (POWERSHELL)
• Microsoft SQL Server (MICROSOFT_SQL)
• Mimecast Mail V2 (MIMECAST_MAIL_V2)
• MISP Threat Intelligence (MISP_IOC)
• Mobileiron (MOBILEIRON)
• MySQL (MYSQL)
• NetApp ONTAP (NETAPP_ONTAP)
• Netfilter IPtables (NETFILTER_IPTABLES)
• NetIQ Access Manager (NETIQ_ACCESS_MANAGER)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Netskope Web Proxy (NETSKOPE_WEBPROXY)
• Network Policy Server (MICROSOFT_NPS)
• NGINX (NGINX)
• Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
• Nutanix Prism (NUTANIX_PRISM)
• Obsidian (OBSIDIAN)
• Office 365 (OFFICE_365)
• Okta (OKTA)
• Onapsis (ONAPSIS)
• One Identity TPAM (ONEIDENTITY_TPAM)
• OneLogin (ONELOGIN_SSO)
• Open Cybersecurity Schema Framework (OCSF) (OCSF)
• Oracle (ORACLE_DB)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Panorama (PAN_PANORAMA)
• Ping Identity (PING)
• PostFix Mail (POSTFIX_MAIL)
• PostgreSQL (POSTGRESQL)
• Proofpoint CASB (PROOFPOINT_CASB)
• Proofpoint Email Filter (PROOFPOINT_MAIL_FILTER)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Pulse Secure (PULSE_SECURE_VPN)
• QNAP Systems NAS (QNAP_NAS)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• Recorded Future (RECORDED_FUTURE_IOC)
• Red Hat OpenShift (REDHAT_OPENSHIFT)
• Salesforce (SALESFORCE)
• SAP Sybase Adaptive Server Enterprise Database (SAP_ASE)
• Security Command Center Chokepoint (GCP_SECURITYCENTER_CHOKEPOINT)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Threat (GCP_SECURITYCENTER_THREAT)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• ServiceNow Audit (SERVICENOW_AUDIT)
• Snare System Diagnostic Logs (SNARE_SOLUTIONS)
• Snyk Group level audit/issues logs (SNYK_ISSUES)
• Solaris system (SOLARIS_SYSTEM)
• Sophos Central (SOPHOS_CENTRAL)
• STIX Threat Intelligence (STIX)
• Stormshield Firewall (STORMSHIELD_FIREWALL)
• Sublime Security (SUBLIMESECURITY)
• Suricata EVE (SURICATA_EVE)
• Swift Alliance Messaging Hub (SWIFT_AMH)
• Symantec DLP (SYMANTEC_DLP)
• Symantec Endpoint Protection (SEP)
• Symantec Messaging Gateway (SYMANTEC_MAIL)
• Tableau (TABLEAU)
• TCPWave DDI (TCPWAVE_DDI)
• TeamViewer (TEAMVIEWER)
• Tenable Active Directory Security (TENABLE_ADS)
• Tenable OT (TENABLE_OT)
• Tenable.io (TENABLE_IO)
• Thinkst Canary (THINKST_CANARY)
• ThreatConnect IOC V3 (THREATCONNECT_IOC_V3)
• Trellix HX Event Streamer (TRELLIX_HX_ES)
• Trend Micro (TIPPING_POINT)
• Trend Micro Vision One (TRENDMICRO_VISION_ONE)
• Trend Micro Vision One Workbench (TRENDMICRO_VISION_ONE_WORKBENCH)
• TrendMicro Deep Discovery Inspector (TRENDMICRO_DDI)
• TXOne Stellar (TRENDMICRO_STELLAR)
• Unifi AP (UNIFI_AP)
• Unix system (NIX_SYSTEM)
• Vectra Detect (VECTRA_DETECT)
• Vectra XDR (VECTRA_XDR)
• Veritas NetBackup (VERITAS_NETBACKUP)
• Versa Firewall (VERSA_FIREWALL)
• VMware ESXi (VMWARE_ESX)
• VMware NSX (VMWARE_NSX)
• VMware vCenter (VMWARE_VCENTER)
• WatchGuard (WATCHGUARD)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• Wiz.io (WIZ_IO)
• Workday Audit Logs (WORKDAY_AUDIT)
• Workspace Activities (WORKSPACE_ACTIVITY)
• Workspace Alerts (WORKSPACE_ALERTS)
• Zimperium (ZIMPERIUM)
• Zscaler (ZSCALER_WEBPROXY)
• Zscaler CASB (ZSCALER_CASB)
• Zscaler DLP (ZSCALER_DLP)
• ZScaler DNS (ZSCALER_DNS)
• Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
• ZScaler NGFW (ZSCALER_FIREWALL)
• Zscaler Private Access (ZSCALER_ZPA)
• Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)
• Zscaler Tunnel (ZSCALER_TUNNEL)
• Zywall (ZYWALL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

• Aikido (AIKIDO)
• Akamai API Security (AKAMAI_API_SECURITY)
• Alkira IP Flow (ALKIRA_IP_FLOW)
• Atlassian Guard Detect (ATLASSIAN_GUARD_DETECT)
• BlinkOps (BLINKOPS)
• Canvas LMS (CANVAS_LMS)
• Cisco Secure Email Threat Defense (CISCO_SECURE_EMAIL_THREAT_DEFENSE)
• Cisco StarOS (CISCO_STAR_OS)
• Citadel Identity360 (CITADEL_IDENTITY360)
• Cyware Threat Intelligence Exchange (CTIX)
• Cyberark Identity Audit (CYBERARK_IDENTITY_AUDIT)
• CyCognito ASM (CYCOGNITO_ASM)
• Dell VxRail (DELL_VXRAIL)
• Gene6 FTP Server (GENE6_FTP)
• IBM Copy Services Manager (IBM_CSM)
• LangSmith Audit (LANGSMITH_AUDIT)
• Mellanox Switch (MELLANOX_SWITCH)
• Microsoft Entra ID Protection (MICROSOFT_ENTRA_ID_PROTECTION)
• NSFOCUS Next Generation Intrusion Prevention System (NSFOCUS_NGIPS)
• Perplexity (PERPLEXITY)
• Pleasant Password Server (PLEASANT_PASSWORD_SERVER)
• Prompt Security (PROMPT_SECURITY)
• Qualtrics Audit (QUALTRICS_AUDIT)
• Rancher API Audit Log (RANCHER_API_AUDIT_LOG)
• Rubrik Security Cloud (RUBRIK_SECURITY_CLOUD)
• SAP Business Warehouse (SAP_BW)
• SAP Change Document (SAP_CHANGE_DOCUMENT)
• SAP Gateway (SAP_GATEWAY)
• SAP Hana Audit (SAP_HANA_AUDIT)
• Scale Computing (SCALE_COMPUTING)
• Slack API (SLACK_API)
• Snowplow (SNOWPLOW)
• Sterling Order Management System Data (STERLING_OMS_DATA)
• Strivacity (STRIVACITY)
• Tencent CloudAudit (TENCENT_CLOUD_AUDIT)
• Trellix EX (TRELLIX_EX)
• Unifi System (UNIFI_SYSTEM)
• Windows Bindplane (WINDOWS_BINDPLANE)
• Witness AI Control (WITNESS_AI_CONTROL)
• Zendesk Advanced Data Privacy and Protection (ZENDESK_ADPP)

Looker

Feature

Conversational Analytics now displays its reasoning for how it analyzes queries. After you enter your query, click Show reasoning to see a plain text explanation of the steps that Conversational Analytics took to interpret your query.

Secure Source Manager

Change

Secure Source Manager is now available in the following regions:

• us-east1 (South Carolina)

Storage Transfer Service

Feature

Organization Policy Service custom constraints are now available for Storage Transfer Service. You can use custom constraints to control how Storage Transfer Service is used in your organization. For example, you can restrict transfers to only allow Cloud Storage to Cloud Storage transfers, or restrict transfers to a specific list of approved source buckets.

See Custom organization policy constraints for details.

Source: Google Cloud Platform