GCP Release Notes: December 03, 2025
Posted inGoogle Cloud Platform

GCP Release Notes: December 03, 2025

No CommentsPosted inGoogle Cloud Platform

Cloud Load Balancing

Feature

Regular expressions matchers in host and route rules in URL maps

You can now use regular expressions to configure more flexible and precise traffic routing rules within URL maps for Application Load Balancer. This feature lets you leverage the power of RE2 syntax for matching on:

  • Route rules: Within pathMatchers, the matchRules array now supports a regexMatch field to validate the URL path against a specified regex pattern.
  • Header matches: Within matchRules, the headerMatches array now supports a regexMatch field for pattern matching against HTTP header values.
  • Query parameter matches: Within matchRules, the queryParameterMatches array now supports a regexMatch field for pattern matching against HTTP query parameters values.

This feature is available for the following load balancers:

  • Regional internal Application Load Balancer
  • Cross-region internal Application Load Balancer
  • Regional external Application Load Balancer

For more details on usage and syntax, see URL map concepts: Regular expressions matchers in host and route rules.

This feature is in Preview.

Cloud Service Mesh

Security

The following images are now rolling out for managed Cloud Service Mesh:

  • 1.21.6-asm.7 is rolling out to the rapid release channel.
  • 1.20.8-asm.59 is rolling out to the regular release channel.
  • 1.19.10-asm.54 is rolling out to the stable release channel.

These patch releases contain the fix for the managed Cloud Service Mesh security vulnerability listed in GCP-2025-073.

Security

1.27.4-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2025-073. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.27.4-asm.1 uses Envoy v1.35.7.

Security

1.25.6-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2025-073. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.25.6-asm.1 uses Envoy v1.33.13.

Security

1.26.7-asm.1 is now available for in-cluster Cloud Service Mesh.

This patch release contains fixes for the security vulnerabilities listed in GCP-2025-073. For details on upgrading Cloud Service Mesh, refer to Upgrade Cloud Service Mesh. Cloud Service Mesh v1.26.7-asm.1 uses Envoy v1.34.11.

Container Optimized OS

Changed

cos-dev-129-19407-0-0

Kernel Docker Containerd GPU Drivers
COS-6.12.57 v27.5.1 v2.1.4 See List

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Security

Fixed CVE-2025-40212 in the Linux kernel.

Changed

Runtime sysctl changes:

  • Changed: fs.file-max: 811538 -> 811490

Fixed

Made the google-guest-agent more resilient to network link flakes.

Changed

cos-117-18613-439-49

Kernel Docker Containerd GPU Drivers
COS-6.6.111 v24.0.9 v1.7.28 See List

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for NVIDIA_RTX_PRO_6000, NVIDIA_GB200, NVIDIA_B200, and NVIDIA_H200 GPU types.

Fixed

Made the google-guest-agent more resilient to network link flakes.

Changed

Runtime sysctl changes:

  • Changed: fs.file-max: 811751 -> 811788

Changed

cos-121-18867-294-42

Kernel Docker Containerd GPU Drivers
COS-6.6.113 v27.5.1 v2.0.6 See List

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for NVIDIA_RTX_PRO_6000, NVIDIA_GB200, NVIDIA_B200, and NVIDIA_H200 GPU types.

Fixed

Made the google-guest-agent more resilient to network link flakes.

Changed

Runtime sysctl changes:

  • Changed: fs.file-max: 811812 -> 811755

Changed

cos-125-19216-104-45

Kernel Docker Containerd GPU Drivers
COS-6.12.55 v27.5.1 v2.1.4 See List

Security

Upgraded vim & vim-core to version 9.1.1652. This fixes CVE-2025-53905, CVE-2025-53906, CVE-2025-9390.

Fixed

Made the google-guest-agent more resilient to network link flakes.

Changed

Runtime sysctl changes:

  • Changed: fs.file-max: 811428 -> 811530
  • Changed: net.ipv4.udp_mem: 188034 250714 376068 -> 188034 250715 376068

Feature

Added support for NVIDIA driver v580.105.08 and set it as the default version for all GPU types.

Google Cloud Armor

Security

The Cloud Armor cve-canary rules include the google-mrs-v202512-id000001-rce signature to help detect and mitigate CVE-2025-55182. For more information, see Cloud Armor preconfigured WAF rules overview.

Google Kubernetes Engine

Feature

GKE Inference Gateway is generally available (GA) and ready for production workloads. This release introduces major performance, security, and usability enhancements since the Public Preview.

  • Stable v1 API: The API has graduated to v1. The InferenceModel resource is replaced by the InferenceObjective resource for a clearer definition of serving goals. A zero-downtime migration path is available.
  • Prefix-Aware Routing: A new, intelligent routing feature inspects request context and routes requests with shared prefixes (like in conversational AI) to the same model replica. This can maximize KV cache hits and improve Time-to-First-Token (TTFT) latency by up to 96%.
  • API Key Authentication: Secure your endpoints by enforcing API key validation through a new integration with Apigee.
  • Body-Based Routing: The gateway can route requests using the model field directly from the HTTP request body, which enables native compatibility with the OpenAI API specification.

For more information see About GKE Inference Gateway and Deploy GKE Inference Gateway.

Issue

Starting with version 1.33.2-gke.4655000, the GCSFuse CSI Driver automatically applies performance-tuning defaults for Cloud Storage FUSE volumes used on nodes with high-performance machine types. However, in GKE versions 1.34.1-gke.1431000 to 1.34.1-gke.3403001, these defaults are not being applied. This is due to an issue where GCSFuse fails to recognize the machine type from the configuration file provided by the GCSFuse CSI Driver.

To apply the performance defaults, explicitly set the machine-type as a gcsfuse mount option. Use the command-line flag format, with the key and value separated by an equals sign (=).

For example: machine-type=n2-standard-4

Ensure the Pod using the GCSFuse volume is scheduled on a node that matches the specified machine type. These settings are optimized for high-performance machine types and might not be suitable for other node types. For more information on scheduling, see the Kubernetes documentation on assigning Pods to Nodes.

Google SecOps

Changed

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

  • 1Password (ONEPASSWORD)
  • A10 Load Balancer (A10_LOAD_BALANCER)
  • Abnormal Security (ABNORMAL_SECURITY)
  • AIX system (AIX_SYSTEM)
  • Akamai SIEM Connector (AKAMAI_SIEM_CONNECTOR)
  • AlgoSec Security Management (ALGOSEC)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Amazon VPC Transit Gateway Flow Logs (AWS_VPC_TRANSIT_GATEWAY)
  • Apache (APACHE)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Arista Switch (ARISTA_SWITCH)
  • Armis Activities (ARMIS_ACTIVITIES)
  • Aruba (ARUBA_WIRELESS)
  • Aruba Switch (ARUBA_SWITCH)
  • Attivo Networks (ATTIVO)
  • Auth0 (AUTH_ZERO)
  • AWS Aurora (AWS_AURORA)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS CloudWatch (AWS_CLOUDWATCH)
  • AWS Config (AWS_CONFIG)
  • AWS GuardDuty (GUARDDUTY)
  • AWS Security Hub (AWS_SECURITY_HUB)
  • AWS Session Manager (AWS_SESSION_MANAGER)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • BeyondTrust (BOMGAR)
  • BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
  • BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
  • Bindplane Agent (BINDPLANE_AGENT)
  • Bitdefender (BITDEFENDER)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Cambium Networks (CAMBIUM_NETWORKS)
  • Carbon Black (CB_EDR)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
  • Check Point (CHECKPOINT_FIREWALL)
  • Check Point Sandblast (CHECKPOINT_EDR)
  • Chrome Management (CHROME_MANAGEMENT)
  • CipherTrust Manager (CIPHERTRUST_MANAGER)
  • Cisco AMP (CISCO_AMP)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Firewall Services Module (CISCO_FWSM)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Secure Access (CISCO_SECURE_ACCESS)
  • Cisco Stealthwatch (CISCO_STEALTHWATCH)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco UCM (CISCO_UCM)
  • Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
  • Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco Umbrella IP (UMBRELLA_IP)
  • Cisco Umbrella SWG DLP (CISCO_UMBRELLA_SWG_DLP)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco WSA (CISCO_WSA)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Claroty Continuous Threat Detection (CLAROTY_CTD)
  • Claroty Xdome (CLAROTY_XDOME)
  • Cloudflare (CLOUDFLARE)
  • Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • Code42 Incydr (CODE42_INCYDR)
  • Corelight (CORELIGHT)
  • CoSoSys Protector (ENDPOINT_PROTECTOR_DLP)
  • CrowdStrike Alerts API (CS_ALERTS)
  • CrowdStrike Falcon (CS_EDR)
  • CrowdStrike Falcon Stream (CS_STREAM)
  • Cyber 2.0 IDS (CYBER_2_IDS)
  • CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • Cybereason EDR (CYBEREASON_EDR)
  • Cynet 360 AutoXDR (CYNET_360_AUTOXDR)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Darktrace (DARKTRACE)
  • Delinea Secret Server (DELINEA_SECRET_SERVER)
  • Digital Guardian DLP (DIGITALGUARDIAN_DLP)
  • Digital Guardian EDR (DIGITALGUARDIAN_EDR)
  • DigitalArts i-Filter (DIGITALARTS_IFILTER)
  • Dummy LogType (DUMMY_LOGTYPE)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • ESET AV (ESET_AV)
  • ESET Threat Intelligence (ESET_IOC)
  • Extreme Networks Switch (EXTREME_SWITCH)
  • F5 Advanced Firewall Management (F5_AFM)
  • F5 ASM (F5_ASM)
  • F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
  • F5 Silverline (F5_SILVERLINE)
  • FireEye ETP (FIREEYE_ETP)
  • Fluentd Logs (FLUENTD)
  • Forcepoint NGFW (FORCEPOINT_FIREWALL)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • Forescout NAC (FORESCOUT_NAC)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet FortiEDR (FORTINET_FORTIEDR)
  • GCP Abuse Events Logs (GCP_ABUSE_EVENTS)
  • GitHub (GITHUB)
  • GMV Checker ATM Security (GMV_CHECKER)
  • Google Cloud Apigee (GCP_APIGEE)
  • Google Cloud Audit (GCP_CLOUDAUDIT)
  • Google Cloud Security Center Threat (GCP_SECURITYCENTER_THREAT)
  • Google Threat Intelligence IOC (GTI_IOC)
  • GTB Technologies DLP (GTB_DLP)
  • H3C Comware Platform Switch (H3C_SWITCH)
  • Halcyon Anti Ransomware (HALCYON)
  • HP Aruba (ClearPass) (CLEARPASS)
  • HP Linux (HP_LINUX)
  • HP Procurve Switch (HP_PROCURVE)
  • IBM AS/400 (IBM_AS400)
  • IBM Security Verify Access (IBM_SVA)
  • IBM WebSEAL (IBM_WEBSEAL)
  • IBM Websphere Application Server (IBM_WEBSPHERE_APP_SERVER)
  • IBM z/OS (IBM_ZOS)
  • Imperva (IMPERVA_WAF)
  • Imperva DRA (IMPERVA_DRA)
  • Imperva SecureSphere Management (IMPERVA_SECURESPHERE)
  • Infoblox (INFOBLOX)
  • Infoblox DHCP (INFOBLOX_DHCP)
  • Infoblox DNS (INFOBLOX_DNS)
  • ION Spectrum (ION_SPECTRUM)
  • Ionix (IONIX)
  • Ipswitch MOVEit Transfer (IPSWITCH_MOVEIT_TRANSFER)
  • Island Browser logs (ISLAND_BROWSER)
  • JAMF Pro (JAMF_PRO)
  • Jamf Protect Telemetry V2 (JAMF_TELEMETRY_V2)
  • JFrog Artifactory (JFROG_ARTIFACTORY)
  • Journald (JOURNALD)
  • JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
  • Juniper (JUNIPER_FIREWALL)
  • Juniper Junos (JUNIPER_JUNOS)
  • Kaspersky AV (KASPERSKY_AV)
  • Kaspersky Endpoint (KASPERSKY_ENDPOINT)
  • Keycloak (KEYCLOAK)
  • Kiteworks (KITEWORKS)
  • Kubernetes Node (KUBERNETES_NODE)
  • Linux Auditing System (AuditD) (AUDITD)
  • Linux Sysmon (LINUX_SYSMON)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Microsoft Intune (AZURE_MDM_INTUNE)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft Sentinel (MICROSOFT_SENTINEL)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • Mimecast Mail V2 (MIMECAST_MAIL_V2)
  • MISP Threat Intelligence (MISP_IOC)
  • Mobileiron (MOBILEIRON)
  • NetApp ONTAP (NETAPP_ONTAP)
  • Netscout (ARBOR_EDGE_DEFENSE)
  • Netskope CASB (NETSKOPE_CASB)
  • Netskope V2 (NETSKOPE_ALERT_V2)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Nexus Sonatype (NEXUS_SONATYPE)
  • Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
  • Obsidian (OBSIDIAN)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Open Cybersecurity Schema Framework (OCSF) (OCSF)
  • Open LDAP (OPENLDAP)
  • Opnsense (OPNSENSE)
  • Opswat Metadefender (OPSWAT_METADEFENDER)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
  • Oracle Cloud Infrastructure VCN Flow Logs (OCI_FLOW)
  • Orca Cloud Security Platform (ORCA)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Cortex XDR Events (PAN_CORTEX_XDR_EVENTS)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Passwordstate (PASSWORDSTATE)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • Ping One (PING_ONE)
  • PingIdentity Directory Server Logs (PING_DIRECTORY)
  • PostFix Mail (POSTFIX_MAIL)
  • PostgreSQL (POSTGRESQL)
  • Proofpoint Observeit (OBSERVEIT)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • RSA (RSA_AUTH_MANAGER)
  • Ruckus Networks (RUCKUS_WIRELESS)
  • SailPoint IAM (SAILPOINT_IAM)
  • Salesforce (SALESFORCE)
  • Sangfor Next Generation Firewall (SANGFOR_NGAF)
  • Security Command Center Chokepoint (GCP_SECURITYCENTER_CHOKEPOINT)
  • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
  • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
  • Semperis DSP (SEMPERIS_DSP)
  • Sentinelone Activity (SENTINELONE_ACTIVITY)
  • SentinelOne Deep Visibility (SENTINEL_DV)
  • ServiceNow Audit (SERVICENOW_AUDIT)
  • Solaris system (SOLARIS_SYSTEM)
  • SonicWall (SONIC_FIREWALL)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • STIX Threat Intelligence (STIX)
  • Swift Alliance Messaging Hub (SWIFT_AMH)
  • Symantec Endpoint Protection (SEP)
  • Tanium Audit (TANIUM_AUDIT)
  • Tanium Integrity Monitor (TANIUM_INTEGRITY_MONITOR)
  • Tanium Threat Response (TANIUM_THREAT_RESPONSE)
  • Teleport Access Plane (TELEPORT_ACCESS_PLANE)
  • Tenable Active Directory Security (TENABLE_ADS)
  • Tenable OT (TENABLE_OT)
  • tenable.io (TENABLE_IO)
  • Thales Luna Hardware Security Module (THALES_LUNA_HSM)
  • Thales MFA (THALES_MFA)
  • Trellix HX Event Streamer (TRELLIX_HX_ES)
  • Trend Micro (TIPPING_POINT)
  • Trend Micro Apex one (TRENDMICRO_APEX_ONE)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Trend Micro Vision One Audit (TRENDMICRO_VISION_ONE_AUDIT)
  • Trend Micro Vision One Detections (TRENDMICRO_VISION_ONE_DETECTIONS)
  • Trend Micro Vision One Observerd Attack Techniques (TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES)
  • TXOne Stellar (TRENDMICRO_STELLAR)
  • Ubika Waf (UBIKA_WAF)
  • Unix system (NIX_SYSTEM)
  • Upstream Vehicle SOC Alerts (UPSTREAM_VSOC_ALERTS)
  • Varonis (VARONIS)
  • Vectra Stream (VECTRA_STREAM)
  • Venafi ZTPKI (VENAFI_ZTPKI)
  • Veritas NetBackup (VERITAS_NETBACKUP)
  • Versa Firewall (VERSA_FIREWALL)
  • Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
  • VMware ESXi (VMWARE_ESX)
  • VMware NSX (VMWARE_NSX)
  • VMware vCenter (VMWARE_VCENTER)
  • WatchGuard (WATCHGUARD)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Sysmon (WINDOWS_SYSMON)
  • wiz.io (WIZ_IO)
  • Workday User Activity (WORKDAY_USER_ACTIVITY)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • Workspace Users (WORKSPACE_USERS)
  • Zendesk CRM (ZENDESK_CRM)
  • Zoom Operation Logs (ZOOM_OPERATION_LOGS)
  • Zscaler (ZSCALER_WEBPROXY)
  • ZScaler NGFW (ZSCALER_FIREWALL)
  • Zscaler Private Access (ZSCALER_ZPA)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

  • Absolute Secure Endpoint (ABSOLUTE_SECURE_ENDPOINT)
  • Airbus Security Logging (ACD AISD) (AIRBUS_SECURITY_LOG)
  • Azure Recovery Services Vaults (AZURE_RECOVERY_SERVICES_VAULTS)
  • Boeing Onboard Network System Logging (BOEING_ONS)
  • Cisco Firepower Threat Defense (CISCO_FIREPOWER_THREAT_DEFENSE)
  • Cisco Security Cloud Control (CISCO_SECURITY_CLOUD_CONTROL)
  • Pico Corvilnet Engine (CORVILNET_ENGINE)
  • CrowdStrike Falcon Shield (CROWDSTRIKE_FALCON_SHIELD)
  • Easy NAC (EASY_NAC)
  • FairXchange Horizon (FAIRXCHANGE_HORIZON)
  • Google Threat Intelligence (GCP_THREATINTEL)
  • HPE Alletra (HPE_ALLETRA)
  • Huawei Cloud Trace Service Audit (HUAWEI_CTS_AUDIT)
  • Huawei SecMaster (HUAWEI_SECMASTER)
  • IBM ILO (IBM_ILO)
  • Infisical (INFISICAL)
  • JSCAPE SFTP (JSCAPE_SFTP)
  • Juniper Edge (JUNIPER_EDGE)
  • Kaspersky for Microsoft Office 365 (KASPERSKY_O365_EVENTS)
  • Microsoft Defender for Cloud Apps (MICROSOFT_DEFENDER_CLOUD_APPS)
  • Oracle Cloud Infrastructure Network Firewall (OCI_FIREWALL)
  • Okta Workflows (OKTA_WORKFLOWS)
  • Phosphorus (PHOSPHORUS)
  • Rapid7 Cloud Security (RAPID7_CLOUDSEC)
  • Research and Education Networks Information Sharing and Analysis Center (REN_ISAC)
  • Risk Resecurity (RISK_RESECURITY)
  • Sangfor Network Detection and Response (SANGFOR_NDR)
  • SAP Enterprise Threat Detection (SAP_ETD)
  • SAP IAS Context (SAP_IAS_CONTEXT)
  • Sectigo SCM (SECTIGO_SCM)
  • ServiceNow Node (SERVICENOW_NODE)
  • ServiceNow Outbound HTTP (SERVICENOW_OUTBOUNDHTTP)
  • ServiceNow System log (SERVICENOW_SYSLOG)
  • ServiceNow Transaction (SERVICENOW_TRANSACTION)
  • Seti S4 (SETI_S4)
  • ThousandEyes (THOUSAND_EYES)
  • Transmit Security Mosaic CIAM (TRANSMIT_MOSAIC_CIAM)
  • Transmit Security Mosaic Fraud Prevention (TRANSMIT_MOSAIC_FRAUD_PREVENTION)
  • Transmit Security Mosaic Identity Verification (TRANSMIT_MOSAIC_IDENTITY_VERIFICATION)
  • Transmit Security Mosaic Management (TRANSMIT_MOSAIC_MANAGEMENT)
  • Tripwire Security Configuration Management (TRIPWIRE_SCM)
  • Valimail (VALIMAIL)
  • WSO2 IS AM (WSO2_IS_AM)
  • XDR.Net Digital Twin (XDRNET_DIGITALTWIN)
  • Zimbra Mail (ZIMBRA_MAIL)
  • Zscaler Email DLP (ZSCALER_EMAIL_DLP)

Google SecOps SIEM

Changed

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

  • 1Password (ONEPASSWORD)
  • A10 Load Balancer (A10_LOAD_BALANCER)
  • Abnormal Security (ABNORMAL_SECURITY)
  • AIX system (AIX_SYSTEM)
  • Akamai SIEM Connector (AKAMAI_SIEM_CONNECTOR)
  • AlgoSec Security Management (ALGOSEC)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Amazon VPC Transit Gateway Flow Logs (AWS_VPC_TRANSIT_GATEWAY)
  • Apache (APACHE)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Arista Switch (ARISTA_SWITCH)
  • Armis Activities (ARMIS_ACTIVITIES)
  • Aruba (ARUBA_WIRELESS)
  • Aruba Switch (ARUBA_SWITCH)
  • Attivo Networks (ATTIVO)
  • Auth0 (AUTH_ZERO)
  • AWS Aurora (AWS_AURORA)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS CloudWatch (AWS_CLOUDWATCH)
  • AWS Config (AWS_CONFIG)
  • AWS GuardDuty (GUARDDUTY)
  • AWS Security Hub (AWS_SECURITY_HUB)
  • AWS Session Manager (AWS_SESSION_MANAGER)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • BeyondTrust (BOMGAR)
  • BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
  • BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
  • Bindplane Agent (BINDPLANE_AGENT)
  • Bitdefender (BITDEFENDER)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Cambium Networks (CAMBIUM_NETWORKS)
  • Carbon Black (CB_EDR)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
  • Check Point (CHECKPOINT_FIREWALL)
  • Check Point Sandblast (CHECKPOINT_EDR)
  • Chrome Management (CHROME_MANAGEMENT)
  • CipherTrust Manager (CIPHERTRUST_MANAGER)
  • Cisco AMP (CISCO_AMP)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Firewall Services Module (CISCO_FWSM)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Secure Access (CISCO_SECURE_ACCESS)
  • Cisco Stealthwatch (CISCO_STEALTHWATCH)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco UCM (CISCO_UCM)
  • Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
  • Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco Umbrella IP (UMBRELLA_IP)
  • Cisco Umbrella SWG DLP (CISCO_UMBRELLA_SWG_DLP)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco WSA (CISCO_WSA)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Claroty Continuous Threat Detection (CLAROTY_CTD)
  • Claroty Xdome (CLAROTY_XDOME)
  • Cloudflare (CLOUDFLARE)
  • Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • Code42 Incydr (CODE42_INCYDR)
  • Corelight (CORELIGHT)
  • CoSoSys Protector (ENDPOINT_PROTECTOR_DLP)
  • CrowdStrike Alerts API (CS_ALERTS)
  • CrowdStrike Falcon (CS_EDR)
  • CrowdStrike Falcon Stream (CS_STREAM)
  • Cyber 2.0 IDS (CYBER_2_IDS)
  • CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • Cybereason EDR (CYBEREASON_EDR)
  • Cynet 360 AutoXDR (CYNET_360_AUTOXDR)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Darktrace (DARKTRACE)
  • Delinea Secret Server (DELINEA_SECRET_SERVER)
  • Digital Guardian DLP (DIGITALGUARDIAN_DLP)
  • Digital Guardian EDR (DIGITALGUARDIAN_EDR)
  • DigitalArts i-Filter (DIGITALARTS_IFILTER)
  • Dummy LogType (DUMMY_LOGTYPE)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • ESET AV (ESET_AV)
  • ESET Threat Intelligence (ESET_IOC)
  • Extreme Networks Switch (EXTREME_SWITCH)
  • F5 Advanced Firewall Management (F5_AFM)
  • F5 ASM (F5_ASM)
  • F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
  • F5 Silverline (F5_SILVERLINE)
  • FireEye ETP (FIREEYE_ETP)
  • Fluentd Logs (FLUENTD)
  • Forcepoint NGFW (FORCEPOINT_FIREWALL)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • Forescout NAC (FORESCOUT_NAC)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet FortiEDR (FORTINET_FORTIEDR)
  • GCP Abuse Events Logs (GCP_ABUSE_EVENTS)
  • GitHub (GITHUB)
  • GMV Checker ATM Security (GMV_CHECKER)
  • Google Cloud Apigee (GCP_APIGEE)
  • Google Cloud Audit (GCP_CLOUDAUDIT)
  • Google Cloud Security Center Threat (GCP_SECURITYCENTER_THREAT)
  • Google Threat Intelligence IOC (GTI_IOC)
  • GTB Technologies DLP (GTB_DLP)
  • H3C Comware Platform Switch (H3C_SWITCH)
  • Halcyon Anti Ransomware (HALCYON)
  • HP Aruba (ClearPass) (CLEARPASS)
  • HP Linux (HP_LINUX)
  • HP Procurve Switch (HP_PROCURVE)
  • IBM AS/400 (IBM_AS400)
  • IBM Security Verify Access (IBM_SVA)
  • IBM WebSEAL (IBM_WEBSEAL)
  • IBM Websphere Application Server (IBM_WEBSPHERE_APP_SERVER)
  • IBM z/OS (IBM_ZOS)
  • Imperva (IMPERVA_WAF)
  • Imperva DRA (IMPERVA_DRA)
  • Imperva SecureSphere Management (IMPERVA_SECURESPHERE)
  • Infoblox (INFOBLOX)
  • Infoblox DHCP (INFOBLOX_DHCP)
  • Infoblox DNS (INFOBLOX_DNS)
  • ION Spectrum (ION_SPECTRUM)
  • Ionix (IONIX)
  • Ipswitch MOVEit Transfer (IPSWITCH_MOVEIT_TRANSFER)
  • Island Browser logs (ISLAND_BROWSER)
  • JAMF Pro (JAMF_PRO)
  • Jamf Protect Telemetry V2 (JAMF_TELEMETRY_V2)
  • JFrog Artifactory (JFROG_ARTIFACTORY)
  • Journald (JOURNALD)
  • JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
  • Juniper (JUNIPER_FIREWALL)
  • Juniper Junos (JUNIPER_JUNOS)
  • Kaspersky AV (KASPERSKY_AV)
  • Kaspersky Endpoint (KASPERSKY_ENDPOINT)
  • Keycloak (KEYCLOAK)
  • Kiteworks (KITEWORKS)
  • Kubernetes Node (KUBERNETES_NODE)
  • Linux Auditing System (AuditD) (AUDITD)
  • Linux Sysmon (LINUX_SYSMON)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Microsoft Intune (AZURE_MDM_INTUNE)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft Sentinel (MICROSOFT_SENTINEL)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • Mimecast Mail V2 (MIMECAST_MAIL_V2)
  • MISP Threat Intelligence (MISP_IOC)
  • Mobileiron (MOBILEIRON)
  • NetApp ONTAP (NETAPP_ONTAP)
  • Netscout (ARBOR_EDGE_DEFENSE)
  • Netskope CASB (NETSKOPE_CASB)
  • Netskope V2 (NETSKOPE_ALERT_V2)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Nexus Sonatype (NEXUS_SONATYPE)
  • Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
  • Obsidian (OBSIDIAN)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Open Cybersecurity Schema Framework (OCSF) (OCSF)
  • Open LDAP (OPENLDAP)
  • Opnsense (OPNSENSE)
  • Opswat Metadefender (OPSWAT_METADEFENDER)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
  • Oracle Cloud Infrastructure VCN Flow Logs (OCI_FLOW)
  • Orca Cloud Security Platform (ORCA)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Cortex XDR Events (PAN_CORTEX_XDR_EVENTS)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Passwordstate (PASSWORDSTATE)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • Ping One (PING_ONE)
  • PingIdentity Directory Server Logs (PING_DIRECTORY)
  • PostFix Mail (POSTFIX_MAIL)
  • PostgreSQL (POSTGRESQL)
  • Proofpoint Observeit (OBSERVEIT)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • RSA (RSA_AUTH_MANAGER)
  • Ruckus Networks (RUCKUS_WIRELESS)
  • SailPoint IAM (SAILPOINT_IAM)
  • Salesforce (SALESFORCE)
  • Sangfor Next Generation Firewall (SANGFOR_NGAF)
  • Security Command Center Chokepoint (GCP_SECURITYCENTER_CHOKEPOINT)
  • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
  • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
  • Semperis DSP (SEMPERIS_DSP)
  • Sentinelone Activity (SENTINELONE_ACTIVITY)
  • SentinelOne Deep Visibility (SENTINEL_DV)
  • ServiceNow Audit (SERVICENOW_AUDIT)
  • Solaris system (SOLARIS_SYSTEM)
  • SonicWall (SONIC_FIREWALL)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • STIX Threat Intelligence (STIX)
  • Swift Alliance Messaging Hub (SWIFT_AMH)
  • Symantec Endpoint Protection (SEP)
  • Tanium Audit (TANIUM_AUDIT)
  • Tanium Integrity Monitor (TANIUM_INTEGRITY_MONITOR)
  • Tanium Threat Response (TANIUM_THREAT_RESPONSE)
  • Teleport Access Plane (TELEPORT_ACCESS_PLANE)
  • Tenable Active Directory Security (TENABLE_ADS)
  • Tenable OT (TENABLE_OT)
  • tenable.io (TENABLE_IO)
  • Thales Luna Hardware Security Module (THALES_LUNA_HSM)
  • Thales MFA (THALES_MFA)
  • Trellix HX Event Streamer (TRELLIX_HX_ES)
  • Trend Micro (TIPPING_POINT)
  • Trend Micro Apex one (TRENDMICRO_APEX_ONE)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Trend Micro Vision One Audit (TRENDMICRO_VISION_ONE_AUDIT)
  • Trend Micro Vision One Detections (TRENDMICRO_VISION_ONE_DETECTIONS)
  • Trend Micro Vision One Observerd Attack Techniques (TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES)
  • TXOne Stellar (TRENDMICRO_STELLAR)
  • Ubika Waf (UBIKA_WAF)
  • Unix system (NIX_SYSTEM)
  • Upstream Vehicle SOC Alerts (UPSTREAM_VSOC_ALERTS)
  • Varonis (VARONIS)
  • Vectra Stream (VECTRA_STREAM)
  • Venafi ZTPKI (VENAFI_ZTPKI)
  • Veritas NetBackup (VERITAS_NETBACKUP)
  • Versa Firewall (VERSA_FIREWALL)
  • Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
  • VMware ESXi (VMWARE_ESX)
  • VMware NSX (VMWARE_NSX)
  • VMware vCenter (VMWARE_VCENTER)
  • WatchGuard (WATCHGUARD)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Sysmon (WINDOWS_SYSMON)
  • wiz.io (WIZ_IO)
  • Workday User Activity (WORKDAY_USER_ACTIVITY)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • Workspace Users (WORKSPACE_USERS)
  • Zendesk CRM (ZENDESK_CRM)
  • Zoom Operation Logs (ZOOM_OPERATION_LOGS)
  • Zscaler (ZSCALER_WEBPROXY)
  • ZScaler NGFW (ZSCALER_FIREWALL)
  • Zscaler Private Access (ZSCALER_ZPA)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

  • Absolute Secure Endpoint (ABSOLUTE_SECURE_ENDPOINT)
  • Airbus Security Logging (ACD AISD) (AIRBUS_SECURITY_LOG)
  • Azure Recovery Services Vaults (AZURE_RECOVERY_SERVICES_VAULTS)
  • Boeing Onboard Network System Logging (BOEING_ONS)
  • Cisco Firepower Threat Defense (CISCO_FIREPOWER_THREAT_DEFENSE)
  • Cisco Security Cloud Control (CISCO_SECURITY_CLOUD_CONTROL)
  • Pico Corvilnet Engine (CORVILNET_ENGINE)
  • CrowdStrike Falcon Shield (CROWDSTRIKE_FALCON_SHIELD)
  • Easy NAC (EASY_NAC)
  • FairXchange Horizon (FAIRXCHANGE_HORIZON)
  • Google Threat Intelligence (GCP_THREATINTEL)
  • HPE Alletra (HPE_ALLETRA)
  • Huawei Cloud Trace Service Audit (HUAWEI_CTS_AUDIT)
  • Huawei SecMaster (HUAWEI_SECMASTER)
  • IBM ILO (IBM_ILO)
  • Infisical (INFISICAL)
  • JSCAPE SFTP (JSCAPE_SFTP)
  • Juniper Edge (JUNIPER_EDGE)
  • Kaspersky for Microsoft Office 365 (KASPERSKY_O365_EVENTS)
  • Microsoft Defender for Cloud Apps (MICROSOFT_DEFENDER_CLOUD_APPS)
  • Oracle Cloud Infrastructure Network Firewall (OCI_FIREWALL)
  • Okta Workflows (OKTA_WORKFLOWS)
  • Phosphorus (PHOSPHORUS)
  • Rapid7 Cloud Security (RAPID7_CLOUDSEC)
  • Research and Education Networks Information Sharing and Analysis Center (REN_ISAC)
  • Risk Resecurity (RISK_RESECURITY)
  • Sangfor Network Detection and Response (SANGFOR_NDR)
  • SAP Enterprise Threat Detection (SAP_ETD)
  • SAP IAS Context (SAP_IAS_CONTEXT)
  • Sectigo SCM (SECTIGO_SCM)
  • ServiceNow Node (SERVICENOW_NODE)
  • ServiceNow Outbound HTTP (SERVICENOW_OUTBOUNDHTTP)
  • ServiceNow System log (SERVICENOW_SYSLOG)
  • ServiceNow Transaction (SERVICENOW_TRANSACTION)
  • Seti S4 (SETI_S4)
  • ThousandEyes (THOUSAND_EYES)
  • Transmit Security Mosaic CIAM (TRANSMIT_MOSAIC_CIAM)
  • Transmit Security Mosaic Fraud Prevention (TRANSMIT_MOSAIC_FRAUD_PREVENTION)
  • Transmit Security Mosaic Identity Verification (TRANSMIT_MOSAIC_IDENTITY_VERIFICATION)
  • Transmit Security Mosaic Management (TRANSMIT_MOSAIC_MANAGEMENT)
  • Tripwire Security Configuration Management (TRIPWIRE_SCM)
  • Valimail (VALIMAIL)
  • WSO2 IS AM (WSO2_IS_AM)
  • XDR.Net Digital Twin (XDRNET_DIGITALTWIN)
  • Zimbra Mail (ZIMBRA_MAIL)
  • Zscaler Email DLP (ZSCALER_EMAIL_DLP)

Changed

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so it might take one to four days before you see the changes reflected in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, where applicable. This list includes both released default parsers and pending parser updates.

  • 1Password (ONEPASSWORD)
  • A10 Load Balancer (A10_LOAD_BALANCER)
  • Abnormal Security (ABNORMAL_SECURITY)
  • AIX system (AIX_SYSTEM)
  • Akamai SIEM Connector (AKAMAI_SIEM_CONNECTOR)
  • AlgoSec Security Management (ALGOSEC)
  • Amazon API Gateway (AWS_API_GATEWAY)
  • Amazon VPC Transit Gateway Flow Logs (AWS_VPC_TRANSIT_GATEWAY)
  • Apache (APACHE)
  • Arcsight CEF (ARCSIGHT_CEF)
  • Arista Switch (ARISTA_SWITCH)
  • Armis Activities (ARMIS_ACTIVITIES)
  • Aruba (ARUBA_WIRELESS)
  • Aruba Switch (ARUBA_SWITCH)
  • Attivo Networks (ATTIVO)
  • Auth0 (AUTH_ZERO)
  • AWS Aurora (AWS_AURORA)
  • AWS CloudFront (AWS_CLOUDFRONT)
  • AWS Cloudtrail (AWS_CLOUDTRAIL)
  • AWS CloudWatch (AWS_CLOUDWATCH)
  • AWS Config (AWS_CONFIG)
  • AWS GuardDuty (GUARDDUTY)
  • AWS Security Hub (AWS_SECURITY_HUB)
  • AWS Session Manager (AWS_SESSION_MANAGER)
  • AWS VPC Flow (AWS_VPC_FLOW)
  • Azure AD (AZURE_AD)
  • Azure AD Directory Audit (AZURE_AD_AUDIT)
  • Azure AD Organizational Context (AZURE_AD_CONTEXT)
  • Azure Firewall (AZURE_FIREWALL)
  • Azure Storage Audit (AZURE_STORAGE_AUDIT)
  • Barracuda Firewall (BARRACUDA_FIREWALL)
  • BeyondTrust (BOMGAR)
  • BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
  • BeyondTrust Secure Remote Access (BEYONDTRUST_REMOTE_ACCESS)
  • Bindplane Agent (BINDPLANE_AGENT)
  • Bitdefender (BITDEFENDER)
  • Blue Coat Proxy (BLUECOAT_WEBPROXY)
  • Cambium Networks (CAMBIUM_NETWORKS)
  • Carbon Black (CB_EDR)
  • Carbon Black App Control (CB_APP_CONTROL)
  • Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
  • Check Point (CHECKPOINT_FIREWALL)
  • Check Point Sandblast (CHECKPOINT_EDR)
  • Chrome Management (CHROME_MANAGEMENT)
  • CipherTrust Manager (CIPHERTRUST_MANAGER)
  • Cisco AMP (CISCO_AMP)
  • Cisco ASA (CISCO_ASA_FIREWALL)
  • Cisco Email Security (CISCO_EMAIL_SECURITY)
  • Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
  • Cisco Firewall Services Module (CISCO_FWSM)
  • Cisco Internetwork Operating System (CISCO_IOS)
  • Cisco IronPort (CISCO_IRONPORT)
  • Cisco ISE (CISCO_ISE)
  • Cisco Meraki (CISCO_MERAKI)
  • Cisco Router (CISCO_ROUTER)
  • Cisco Secure Access (CISCO_SECURE_ACCESS)
  • Cisco Stealthwatch (CISCO_STEALTHWATCH)
  • Cisco Switch (CISCO_SWITCH)
  • Cisco UCM (CISCO_UCM)
  • Cisco Umbrella Audit (CISCO_UMBRELLA_AUDIT)
  • Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
  • Cisco Umbrella DNS (UMBRELLA_DNS)
  • Cisco Umbrella IP (UMBRELLA_IP)
  • Cisco Umbrella SWG DLP (CISCO_UMBRELLA_SWG_DLP)
  • Cisco Umbrella Web Proxy (UMBRELLA_WEBPROXY)
  • Cisco WSA (CISCO_WSA)
  • Citrix Netscaler (CITRIX_NETSCALER)
  • Claroty Continuous Threat Detection (CLAROTY_CTD)
  • Claroty Xdome (CLAROTY_XDOME)
  • Cloudflare (CLOUDFLARE)
  • Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
  • Cloudflare WAF (CLOUDFLARE_WAF)
  • Cloudflare Warp (CLOUDFLARE_WARP)
  • Code42 Incydr (CODE42_INCYDR)
  • Corelight (CORELIGHT)
  • CoSoSys Protector (ENDPOINT_PROTECTOR_DLP)
  • CrowdStrike Alerts API (CS_ALERTS)
  • CrowdStrike Falcon (CS_EDR)
  • CrowdStrike Falcon Stream (CS_STREAM)
  • Cyber 2.0 IDS (CYBER_2_IDS)
  • CyberArk Endpoint Privilege Manager (EPM) (CYBERARK_EPM)
  • Cyberark Privilege Cloud (CYBERARK_PRIVILEGE_CLOUD)
  • CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
  • Cybereason EDR (CYBEREASON_EDR)
  • Cynet 360 AutoXDR (CYNET_360_AUTOXDR)
  • Cyolo Secure Remote Access for OT (CYOLO_OT)
  • Darktrace (DARKTRACE)
  • Delinea Secret Server (DELINEA_SECRET_SERVER)
  • Digital Guardian DLP (DIGITALGUARDIAN_DLP)
  • Digital Guardian EDR (DIGITALGUARDIAN_EDR)
  • DigitalArts i-Filter (DIGITALARTS_IFILTER)
  • Dummy LogType (DUMMY_LOGTYPE)
  • EfficientIP DDI (EFFICIENTIP_DDI)
  • ESET AV (ESET_AV)
  • ESET Threat Intelligence (ESET_IOC)
  • Extreme Networks Switch (EXTREME_SWITCH)
  • F5 Advanced Firewall Management (F5_AFM)
  • F5 ASM (F5_ASM)
  • F5 BIGIP Access Policy Manager (F5_BIGIP_APM)
  • F5 Silverline (F5_SILVERLINE)
  • FireEye ETP (FIREEYE_ETP)
  • Fluentd Logs (FLUENTD)
  • Forcepoint NGFW (FORCEPOINT_FIREWALL)
  • Forcepoint DLP (FORCEPOINT_DLP)
  • Forcepoint Proxy (FORCEPOINT_WEBPROXY)
  • Forescout NAC (FORESCOUT_NAC)
  • FortiGate (FORTINET_FIREWALL)
  • Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
  • Fortinet FortiEDR (FORTINET_FORTIEDR)
  • GCP Abuse Events Logs (GCP_ABUSE_EVENTS)
  • GitHub (GITHUB)
  • GMV Checker ATM Security (GMV_CHECKER)
  • Google Cloud Apigee (GCP_APIGEE)
  • Google Cloud Audit (GCP_CLOUDAUDIT)
  • Google Cloud Security Center Threat (GCP_SECURITYCENTER_THREAT)
  • Google Threat Intelligence IOC (GTI_IOC)
  • GTB Technologies DLP (GTB_DLP)
  • H3C Comware Platform Switch (H3C_SWITCH)
  • Halcyon Anti Ransomware (HALCYON)
  • HP Aruba (ClearPass) (CLEARPASS)
  • HP Linux (HP_LINUX)
  • HP Procurve Switch (HP_PROCURVE)
  • IBM AS/400 (IBM_AS400)
  • IBM Security Verify Access (IBM_SVA)
  • IBM WebSEAL (IBM_WEBSEAL)
  • IBM Websphere Application Server (IBM_WEBSPHERE_APP_SERVER)
  • IBM z/OS (IBM_ZOS)
  • Imperva (IMPERVA_WAF)
  • Imperva DRA (IMPERVA_DRA)
  • Imperva SecureSphere Management (IMPERVA_SECURESPHERE)
  • Infoblox (INFOBLOX)
  • Infoblox DHCP (INFOBLOX_DHCP)
  • Infoblox DNS (INFOBLOX_DNS)
  • ION Spectrum (ION_SPECTRUM)
  • Ionix (IONIX)
  • Ipswitch MOVEit Transfer (IPSWITCH_MOVEIT_TRANSFER)
  • Island Browser logs (ISLAND_BROWSER)
  • JAMF Pro (JAMF_PRO)
  • Jamf Protect Telemetry V2 (JAMF_TELEMETRY_V2)
  • JFrog Artifactory (JFROG_ARTIFACTORY)
  • Journald (JOURNALD)
  • JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
  • Juniper (JUNIPER_FIREWALL)
  • Juniper Junos (JUNIPER_JUNOS)
  • Kaspersky AV (KASPERSKY_AV)
  • Kaspersky Endpoint (KASPERSKY_ENDPOINT)
  • Keycloak (KEYCLOAK)
  • Kiteworks (KITEWORKS)
  • Kubernetes Node (KUBERNETES_NODE)
  • Linux Auditing System (AuditD) (AUDITD)
  • Linux Sysmon (LINUX_SYSMON)
  • McAfee ePolicy Orchestrator (MCAFEE_EPO)
  • Microsoft AD FS (ADFS)
  • Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
  • Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
  • Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
  • Microsoft Exchange (EXCHANGE_MAIL)
  • Microsoft Graph API Alerts (MICROSOFT_GRAPH_ALERT)
  • Microsoft IIS (IIS)
  • Microsoft Intune (AZURE_MDM_INTUNE)
  • Microsoft PowerShell (POWERSHELL)
  • Microsoft Sentinel (MICROSOFT_SENTINEL)
  • Microsoft SQL Server (MICROSOFT_SQL)
  • Mikrotik Router (MIKROTIK_ROUTER)
  • Mimecast Mail V2 (MIMECAST_MAIL_V2)
  • MISP Threat Intelligence (MISP_IOC)
  • Mobileiron (MOBILEIRON)
  • NetApp ONTAP (NETAPP_ONTAP)
  • Netscout (ARBOR_EDGE_DEFENSE)
  • Netskope CASB (NETSKOPE_CASB)
  • Netskope V2 (NETSKOPE_ALERT_V2)
  • Netskope Web Proxy (NETSKOPE_WEBPROXY)
  • Nexus Sonatype (NEXUS_SONATYPE)
  • Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
  • Obsidian (OBSIDIAN)
  • Office 365 (OFFICE_365)
  • Okta (OKTA)
  • Open Cybersecurity Schema Framework (OCSF) (OCSF)
  • Open LDAP (OPENLDAP)
  • Opnsense (OPNSENSE)
  • Opswat Metadefender (OPSWAT_METADEFENDER)
  • Oracle (ORACLE_DB)
  • Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
  • Oracle Cloud Infrastructure VCN Flow Logs (OCI_FLOW)
  • Orca Cloud Security Platform (ORCA)
  • Palo Alto Cortex XDR Alerts (CORTEX_XDR)
  • Palo Alto Cortex XDR Events (PAN_CORTEX_XDR_EVENTS)
  • Palo Alto Networks Firewall (PAN_FIREWALL)
  • Palo Alto Panorama (PAN_PANORAMA)
  • Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
  • Passwordstate (PASSWORDSTATE)
  • Ping Federate (PING_FEDERATE)
  • Ping Identity (PING)
  • Ping One (PING_ONE)
  • PingIdentity Directory Server Logs (PING_DIRECTORY)
  • PostFix Mail (POSTFIX_MAIL)
  • PostgreSQL (POSTGRESQL)
  • Proofpoint Observeit (OBSERVEIT)
  • Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
  • Proofpoint Tap Alerts (PROOFPOINT_MAIL)
  • Proofpoint Threat Response (PROOFPOINT_TRAP)
  • Radware Web Application Firewall (RADWARE_FIREWALL)
  • RSA (RSA_AUTH_MANAGER)
  • Ruckus Networks (RUCKUS_WIRELESS)
  • SailPoint IAM (SAILPOINT_IAM)
  • Salesforce (SALESFORCE)
  • Sangfor Next Generation Firewall (SANGFOR_NGAF)
  • Security Command Center Chokepoint (GCP_SECURITYCENTER_CHOKEPOINT)
  • Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
  • Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
  • Semperis DSP (SEMPERIS_DSP)
  • Sentinelone Activity (SENTINELONE_ACTIVITY)
  • SentinelOne Deep Visibility (SENTINEL_DV)
  • ServiceNow Audit (SERVICENOW_AUDIT)
  • Solaris system (SOLARIS_SYSTEM)
  • SonicWall (SONIC_FIREWALL)
  • Squid Web Proxy (SQUID_WEBPROXY)
  • STIX Threat Intelligence (STIX)
  • Swift Alliance Messaging Hub (SWIFT_AMH)
  • Symantec Endpoint Protection (SEP)
  • Tanium Audit (TANIUM_AUDIT)
  • Tanium Integrity Monitor (TANIUM_INTEGRITY_MONITOR)
  • Tanium Threat Response (TANIUM_THREAT_RESPONSE)
  • Teleport Access Plane (TELEPORT_ACCESS_PLANE)
  • Tenable Active Directory Security (TENABLE_ADS)
  • Tenable OT (TENABLE_OT)
  • tenable.io (TENABLE_IO)
  • Thales Luna Hardware Security Module (THALES_LUNA_HSM)
  • Thales MFA (THALES_MFA)
  • Trellix HX Event Streamer (TRELLIX_HX_ES)
  • Trend Micro (TIPPING_POINT)
  • Trend Micro Apex one (TRENDMICRO_APEX_ONE)
  • Trend Micro Vision One (TRENDMICRO_VISION_ONE)
  • Trend Micro Vision One Audit (TRENDMICRO_VISION_ONE_AUDIT)
  • Trend Micro Vision One Detections (TRENDMICRO_VISION_ONE_DETECTIONS)
  • Trend Micro Vision One Observerd Attack Techniques (TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES)
  • TXOne Stellar (TRENDMICRO_STELLAR)
  • Ubika Waf (UBIKA_WAF)
  • Unix system (NIX_SYSTEM)
  • Upstream Vehicle SOC Alerts (UPSTREAM_VSOC_ALERTS)
  • Varonis (VARONIS)
  • Vectra Stream (VECTRA_STREAM)
  • Venafi ZTPKI (VENAFI_ZTPKI)
  • Veritas NetBackup (VERITAS_NETBACKUP)
  • Versa Firewall (VERSA_FIREWALL)
  • Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
  • VMware ESXi (VMWARE_ESX)
  • VMware NSX (VMWARE_NSX)
  • VMware vCenter (VMWARE_VCENTER)
  • WatchGuard (WATCHGUARD)
  • Windows DNS (WINDOWS_DNS)
  • Windows Event (WINEVTLOG)
  • Windows Event (XML) (WINEVTLOG_XML)
  • Windows Sysmon (WINDOWS_SYSMON)
  • wiz.io (WIZ_IO)
  • Workday User Activity (WORKDAY_USER_ACTIVITY)
  • Workspace Activities (WORKSPACE_ACTIVITY)
  • Workspace Alerts (WORKSPACE_ALERTS)
  • Workspace Users (WORKSPACE_USERS)
  • Zendesk CRM (ZENDESK_CRM)
  • Zoom Operation Logs (ZOOM_OPERATION_LOGS)
  • Zscaler (ZSCALER_WEBPROXY)
  • ZScaler NGFW (ZSCALER_FIREWALL)
  • Zscaler Private Access (ZSCALER_ZPA)
  • Zscaler Secure Private Access Audit Logs (ZSCALER_ZPA_AUDIT)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, where applicable.

  • Absolute Secure Endpoint (ABSOLUTE_SECURE_ENDPOINT)
  • Airbus Security Logging (ACD AISD) (AIRBUS_SECURITY_LOG)
  • Azure Recovery Services Vaults (AZURE_RECOVERY_SERVICES_VAULTS)
  • Boeing Onboard Network System Logging (BOEING_ONS)
  • Cisco Firepower Threat Defense (CISCO_FIREPOWER_THREAT_DEFENSE)
  • Cisco Security Cloud Control (CISCO_SECURITY_CLOUD_CONTROL)
  • Pico Corvilnet Engine (CORVILNET_ENGINE)
  • CrowdStrike Falcon Shield (CROWDSTRIKE_FALCON_SHIELD)
  • Easy NAC (EASY_NAC)
  • FairXchange Horizon (FAIRXCHANGE_HORIZON)
  • Google Threat Intelligence (GCP_THREATINTEL)
  • HPE Alletra (HPE_ALLETRA)
  • Huawei Cloud Trace Service Audit (HUAWEI_CTS_AUDIT)
  • Huawei SecMaster (HUAWEI_SECMASTER)
  • IBM ILO (IBM_ILO)
  • Infisical (INFISICAL)
  • JSCAPE SFTP (JSCAPE_SFTP)
  • Juniper Edge (JUNIPER_EDGE)
  • Kaspersky for Microsoft Office 365 (KASPERSKY_O365_EVENTS)
  • Microsoft Defender for Cloud Apps (MICROSOFT_DEFENDER_CLOUD_APPS)
  • Oracle Cloud Infrastructure Network Firewall (OCI_FIREWALL)
  • Okta Workflows (OKTA_WORKFLOWS)
  • Phosphorus (PHOSPHORUS)
  • Rapid7 Cloud Security (RAPID7_CLOUDSEC)
  • Research and Education Networks Information Sharing and Analysis Center (REN_ISAC)
  • Risk Resecurity (RISK_RESECURITY)
  • Sangfor Network Detection and Response (SANGFOR_NDR)
  • SAP Enterprise Threat Detection (SAP_ETD)
  • SAP IAS Context (SAP_IAS_CONTEXT)
  • Sectigo SCM (SECTIGO_SCM)
  • ServiceNow Node (SERVICENOW_NODE)
  • ServiceNow Outbound HTTP (SERVICENOW_OUTBOUNDHTTP)
  • ServiceNow System log (SERVICENOW_SYSLOG)
  • ServiceNow Transaction (SERVICENOW_TRANSACTION)
  • Seti S4 (SETI_S4)
  • ThousandEyes (THOUSAND_EYES)
  • Transmit Security Mosaic CIAM (TRANSMIT_MOSAIC_CIAM)
  • Transmit Security Mosaic Fraud Prevention (TRANSMIT_MOSAIC_FRAUD_PREVENTION)
  • Transmit Security Mosaic Identity Verification (TRANSMIT_MOSAIC_IDENTITY_VERIFICATION)
  • Transmit Security Mosaic Management (TRANSMIT_MOSAIC_MANAGEMENT)
  • Tripwire Security Configuration Management (TRIPWIRE_SCM)
  • Valimail (VALIMAIL)
  • WSO2 IS AM (WSO2_IS_AM)
  • XDR.Net Digital Twin (XDRNET_DIGITALTWIN)
  • Zimbra Mail (ZIMBRA_MAIL)
  • Zscaler Email DLP (ZSCALER_EMAIL_DLP)

Looker

Other

For Looker instances that are running Looker 25.20 or later, admins can now test the connection between their instance and the Looker Action Hub. This option is available only for the Looker Action Hub. It is not available for custom action hubs.

Feature

Now available in preview, the Self-service Explore feature lets Looker users upload CSV, XLS, and XLSX files to Looker and then query and visualize the data in a Looker Explore without needing to configure a LookML model or set up Git version control. In addition, content certification is supported for self-service Explores.

Spanner

Changed

String values in Spanner Studio query results are now enclosed in double quotes, providing a clear visual cue to differentiate string values from other data types. This enhancement is for display purposes only and does not affect how data is exported or accessed.

Source: Google Cloud Platform

Latest Posts

Pass It On
Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply