Default parser configuration and ingestion

Default parsers are prebuilt configurations that ingest logs from various sources and convert them into Unified Data Model (UDM) events. This page provides a list of default parser documents. Each document includes detailed instructions on how to configure data sources and ensure proper ingestion and processing of logs.

Premium Parsers

Collect Apigee logs
Collect AWS EC2 Hosts logs
Collect AWS EC2 Instance logs
Collect Chrome management logs
Collect Cisco ASA firewall logs
Collect Context Resource Parsers
Collect CrowdStrike Falcon logs
Collect Duo Activity logs
Collect Fluentd logs
Collect Fortinet Firewall logs
Ingest Google Cloud data to Google Security Operations
Collect Google Cloud Abuse Events logs
Collect Google Cloud Audit Logs
Collect Cloud DNS logs
Collect Google Cloud Firewall logs
Collect Google Cloud Load Balancing logs
Collect Google Cloud NAT logs
Collect Google Workspace logs
Collect Jamf Protect logs
Collect Jamf Telemetry logs
Collect Jamf Protect Telemetry v2 logs
Collect Jamf Threat Events logs
Collect Google Kubernetes Engine (GKE) logs
Collect Cloud SQL logs
Collect Microsoft 365 logs
Collect Microsoft Defender for Endpoint logs
Collect Microsoft Graph API alerts logs
Collect Microsoft Windows AD logs
Collect Microsoft Windows DHCP logs
Collect Microsoft Windows DNS logs
Collect Microsoft Windows Sysmon logs
Collect Microsoft Windows Event logs
Collect NIX System logs
Collect OCSF logs
Collect OSSEC logs
Collect osquery logs
Collect Palo Alto Networks firewall logs
Collect Security Command Center findings
Collect SentinelOne Alert logs
Collect SentinelOne Cloud Funnel logs
Collect Splunk CIM logs
Zscaler parsers overview
Collect Zscaler CASB logs
Collect Zscaler Deception logs
Collect Zscaler DLP logs
Collect Zscaler DNS logs
Collect Zscaler Firewall logs
Collect Zscaler Internet Access logs
Collect Zscaler Tunnel logs
Collect Zscaler VPN logs
Collect Zscaler web proxy logs
Collect Zscaler ZPA logs
Collect Zscaler ZPA Audit logs
Collect Zeek (Bro) logs

Standard Parsers

Collect A10 Network Load Balancer logs
Collect Abnormal Security logs
Collect Acalvio logs
Collect Akamai Cloud Monitor logs
Collect Akamai DataStream 2 logs
Collect Akamai DNS logs
Collect Akamai WAF logs
Collect Akeyless Vault logs
Collect Alcatel switch logs
Collect AlgoSec Security Management logs
Collect Amazon CloudFront logs
Collect Anomali ThreatStream IOC logs
Collect Ansible AWX logs
Collect Apache logs
Collect Apache Cassandra logs
Collect Apache Tomcat logs
Collect Appian Cloud logs
Collect Apple macOS syslog data
Collect Aqua Security logs
Collect Arbor Edge Defense logs
Collect Archer IRM logs
Collect ArcSight CEF logs
Collect Arista switch logs
Collect Aruba ClearPass logs
Collect Aruba EdgeConnect SD-WAN logs
Collect Aruba switch logs
Collect Aruba Wireless Controller and Access Point logs
Collect Atlassian Bitbucket logs
Collect Atlassian Cloud Admin Audit logs
Collect Atlassian Jira logs
Collect Attivo Networks BOTsink logs
Collect Auth0 logs
Collect Automation Anywhere logs
Collect Avatier logs
Collect Avaya Aura logs
Collect Avigilon Access Control Manager logs
Collect Aware audit logs
Collect AWS API Gateway access logs
Collect AWS Aurora logs
Collect AWS CloudTrail logs
Collect AWS CloudWatch logs
Collect AWS Config logs
Collect AWS Control Tower logs
Collect AWS Elastic Load Balancing logs
Collect AWS Elastic MapReduce logs
Collect AWS GuardDuty logs
Collect AWS IAM logs
Collect AWS Key Management Service logs
Collect AWS Macie logs
Collect AWS Network Firewall logs
Collect AWS RDS logs
Collect AWS Route 53 logs
Collect AWS S3 server access logs
Collect AWS Security Hub logs
Collect AWS Session Manager logs
Collect AWS VPC flow logs
Collect AWS VPC Transit Gateway flow logs
Collect AWS VPN logs
Collect AWS WAF logs
Collect Azion firewall logs
Collect Azure AD Sign-In logs
Collect Azure API Management logs
Collect Azure APP Service logs
Collect Azure Application Gateway logs
Collect Azure Firewall logs
Collect Azure Storage Audit logs
Collect Azure VPN logs
Collect Azure WAF logs
Collect Barracuda CloudGen Firewall logs
Collect Barracuda Email Security Gateway logs
Collect Barracuda WAF logs
Collect Barracuda Web Filter logs
Collect BeyondTrust BeyondInsight logs
Collect BeyondTrust EPM logs
Collect BeyondTrust Privileged Identity logs
Collect BeyondTrust Remote Support logs
Collect BeyondTrust Secure Remote Access logs
Collect Bitdefender logs
Collect Bitwarden Enterprise event logs
Collect BloxOne Threat Defense logs
Collect BlueCat DDI logs
Collect BlueCat Edge logs
Collect Blue Coat ProxySG logs
Collect BMC Helix Discovery logs
Collect Box Collaboration JSON logs
Collect Broadcom CA PAM logs
Collect Broadcom SSL VA logs
Collect Broadcom Symantec SiteMinder Web Access logs
Collect Brocade ServerIron logs
Collect Brocade switch logs
Collect Cambium Networks logs
Collect Carbon Black App Control logs
Collect Carbon Black EDR logs
Collect Cato Networks logs
Collect Censys logs
Collect Check Point Audit logs
Collect Check Point EDR logs
Collect Check Point firewall logs
Collect Check Point Harmony logs
Collect Check Point SmartDefense logs
Collect CipherTrust Manager logs
Collect CircleCI audit logs
Collect Cisco Application Control Engine (ACE) logs
Collect Cisco Firepower NGFW logs
Collect Cisco IOS logs
Collect Cisco IronPort logs
Collect Cisco ISE logs
Collect Cisco Meraki logs
Collect Cisco PIX logs
Collect Cisco Prime logs
Collect Cisco Router logs
Collect Cisco Secure ACS logs
Collect Cisco Secure Email Gateway logs
Collect Cisco Stealthwatch logs
Collect Cisco Switch logs
Collect Cisco UCS logs
Collect Cisco VCS logs
Collect Cisco VPN logs
Collect Cisco Web Security Appliance (WSA) logs
Collect Cisco Wireless Intrusion Prevention System (WIPS) logs
Collect Cisco Wireless LAN Controller (WLC) logs
Collect Cisco Wireless Security Management (WiSM) logs
Collect Google Cloud Compute context logs
Collect Google Cloud Compute logs
Collect Cloud Identity Devices logs
Collect Cloud Identity Device Users logs
Collect Google Cloud IDS logs
Collect Google Cloud IoT logs
Collect Identity and Access Management (IAM) Analysis context logs
Collect Cloud Next Generation Firewall logs
Collect Cloud Run logs
Collect Security Command Center Error logs
Collect Security Command Center Observation logs
Collect Security Command Center Posture Violation logs
Collect Security Command Center Toxic Combination logs
Collect Security Command Center Unspecified logs
Collect Cloud Storage context logs
Collect Secure Web Proxy logs
Collect Cloudflare logs
Collect Cloudflare WAF logs
Collect Cloudian HyperStore logs
Collect CloudPassage Halo logs
Code42 Incydr core datasets
Collect Cohesity logs
Collect Commvault logs
Collect CommVault Backup and Recovery logs
Collect Comodo AV logs
Collect context access aware data
Collect Corelight Sensor logs
Collect CrowdStrike Falcon logs in CEF
Collect CrowdStrike Falcon Stream logs
Collect CrushFTP logs
Collect CSV Custom IOC files
Collect CyberArk EPM logs
Collect CyberArk PAM logs
Collect CyberArk Privilege Cloud logs
Collect CyberArk Privileged Threat Analytics logs
Collect CyberX logs
Collect Cylance PROTECT logs
Collect Cyolo OT logs
Collect Datadog logs
Collect Darktrace logs
Collect Deep Instinct EDR logs
Collect Delinea Distributed Engine logs
Collect Delinea PAM logs
Collect Delinea Secret Server logs
Collect Dell CyberSense logs
Collect Dell ECS logs
Collect Dell EMC Data Domain logs
Collect Dell EMC Isilon NAS logs
Collect Dell EMC PowerStore logs
Collect Dell OpenManage logs
Collect Dell switch logs
Collect DigiCert audit logs
Collect Digi Modems logs
Collect DomainTools Iris Investigate results
Collect Duo administrator logs
Collect Duo authentication logs
Collect Duo entity context logs
Collect Duo User context logs
Collect Endpoint Protector DLP logs
Collect Epic Systems logs
Collect ESET AV logs
Collect ESET EDR logs
Collect ExtraHop DNS logs
Collect ExtraHop RevealX logs
Collect Extreme Networks switch logs
Collect Extreme Networks Wireless logs
Collect F5 AFM logs
Collect F5 ASM logs
Collect F5 BIG-IP APM logs
Collect F5 BIG-IP ASM logs
Collect F5 BIG-IP LTM logs
Collect F5 DNS logs
Collect F5 VPN logs
Collect Fastly WAF logs
Collect Fidelis Network logs
Collect FileZilla FTP logs
Collect FireEye HX logs
Collect FireEye NX logs
Collect Forcepoint CASB logs
Collect Forcepoint DLP logs
Collect Forcepoint Proxy logs
Collect Forescout NAC logs
Collect ForgeRock OpenAM logs
Collect Fortinet FortiAnalyzer logs
Collect Fortinet FortiAuthenticator logs
Collect Fortinet FortiMail logs
Collect FortiWeb WAF logs
Collect Fortra Digital Guardian DLP logs
Collect GitHub audit logs
Collect GitLab logs
Collect Google Workspace Activity logs
Collect HAProxy logs
Collect Harness IO audit logs
Collect HashiCorp audit logs
Collect HP ProCurve logs
Collect HPE Aruba Networking Central logs
Collect HPE BladeSystem c7000 logs
Collect IBM Verify Identity Access logs
Collect Illumio Core logs
Collect Imperva WAF logs
Collect Infoblox logs
Collect Jamf Pro context logs
Collect Jenkins logs
Collect JFrog Artifactory logs
Collect Juniper Junos logs
Collect Juniper NetScreen Firewall logs
Collect Kaseya Datto File Protection logs
Collect Kaspersky AV logs
Collect Kemp Load Balancer logs
Collect Lacework Cloud Security logs
Collect LimaCharlie EDR logs
Collect Linux auditd and AIX systems logs
Collect ManageEngine AD360 logs
Collect ManageEngine ADAudit Plus logs
Collect McAfee Firewall Enterprise logs
Collect McAfee Web Gateway logs
Collect Micro Focus NetIQ Access Manager logs
Collect Microsoft Azure Activity logs
Collect Microsoft Azure AD logs
Collect Microsoft Azure AD Audit logs
Collect Microsoft Azure AD Context logs
Collect Microsoft Azure DevOps audit logs
Collect Microsoft SQL Server logs
Collect Microsoft Azure Key Vault logging logs
Collect Microsoft Defender for Cloud Alert logs
Collect Microsoft Defender for Identity logs
Collect Microsoft Exchange logs
Collect Microsoft Graph Activity logs
Collect Microsoft IIS logs
Collect Microsoft Intune logs
Collect Microsoft LAPS logs
Collect Microsoft Sentinel logs
Collect Microsoft Windows Defender ATP logs
Collect Mimecast Mail logs
Collect MISP IOC logs
Collect MobileIron logs
Collect MuleSoft Anypoint logs
Collect MYSQL logs
Collect Nasuni File Services Platform logs
Collect NetApp ONTAP logs
Collect NetApp SAN logs
Collect Netgate pfSense logs
Collect Netscaler logs
Collect Netskope alert logs v1
Collect Netskope alert logs v2
Collect Netskope web proxy logs
Collect NGINX logs
Collect Nix Systems Red Hat logs
Collect Nix Systems Ubuntu Server (Unix System) logs
Collect Nokia Router logs
Collect ntopng logs
Collect Nutanix Prism logs
Collect Okta logs
Collect OneLogin Single Sign-On (SSO) logs
Collect 1Password logs
Collect 1Password Audit logs
Collect Onfido logs
Collect OpenCanary logs
Collect OPNsense firewall logs
Collect Oracle DB logs
Collect Palo Alto Cortex XDR alerts logs
Collect Palo Alto Cortex XDR events logs
Collect Palo Alto Networks IOC logs
Collect Palo Alto Networks Traps logs
Collect Palo Alto Prisma Cloud logs
Collect Palo Alto Prisma Cloud alert logs
Collect Palo Alto Prisma SD-WAN logs
Collect PingOne Advanced Identity Cloud logs
Collect PowerShell logs
Collect Proofpoint On-Demand logs
Collect Proofpoint TAP alerts logs
Collect Pulse Secure logs
Collect Qualys asset context logs
Collect Qualys Continuous Monitoring logs
Collect Qualys Scan logs
Collect Qualys Virtual Scanner logs
Collect Qualys Vulnerability Management logs
Collect Radware WAF logs
Collect Rapid7 InsightIDR logs
Collect reCAPTCHA Enterprise logs
Collect Recorded Future IOC logs
Collect RSA Authentication Manager logs
Collect Salesforce logs
Collect SecureAuth Identity Platform logs
Collect SentinelOne Deep Visibility logs
Collect SentinelOne EDR logs
Collect ServiceNow Security logs
Collect Signal Sciences WAF logs
Collect Skyhigh Security logs
Collect Slack audit logs
Collect Snort logs
Collect Snowflake logs
Collect Snyk group-level audit logs
Collect Snyk group-level audit and issues logs
Collect SonicWall logs
Collect Sophos Central logs
Collect Sophos UTM logs
Collect Sophos XG Firewall logs
Collect Suricata Eve logs
Collect Symantec CloudSOC CASB logs
Collect Symantec DLP logs
Collect Symantec EDR logs
Collect Symantec Endpoint Protection logs
Collect Symantec Event Export logs
Collect Symantec VIP Authentication Hub logs
Collect Symantec VIP Enterprise Gateway logs
Collect Symantec Web Isolation logs
Collect Synology logs
Collect Sysdig logs
Collect Thinkst Canary logs
Collect ThreatConnect IOC logs
Collect Trellix DLP logs
Collect Trellix ePO logs
Collect Trellix IPS logs
Collect Trend Micro Apex One logs
Collect Trend Micro Cloud One logs
Collect Trend Micro DDI logs
Collect Trend Micro Deep Security logs
Collect Trend Micro Email Security logs
Collect Trend Micro Vision One logs
Collect Trend Micro Vision One Activity logs
Collect Trend Micro Vision One Audit logs
Collect Trend Micro Vision One Container Vulnerability logs
Collect Trend Micro Vision Detections logs
Collect Trend Micro Vision One Observed Attack Techniques logs
Collect Trend Micro Vision One Workbench logs
Collect Tripwire logs
Collect Twingate VPN logs
Collect Varonis logs
Collect Veeam logs
Collect Venafi Zero Touch PKI logs
Collect Veridium ID logs
Collect Veritas NetBackup logs
Collect Versa Networks Secure Access Service Edge (SASE) logs
Collect VMware AirWatch logs
Collect VMware Avi Load Balancer WAF logs
Collect VMware ESXi logs
Collect VMware Horizon logs
Collect VMware Networking and Security Virtualization (NSX) Manager logs
Collect VMware Tanzu logs
Collect VMware vCenter logs
Collect VMware VeloCloud SD-WAN logs
Collect VMware vRealize logs
Collect VMware vSphere logs
Collect VMware Workspace ONE UEM logs
Collect VPC Flow Logs
Collect VSFTPD logs
Collect VyOS logs
Collect WatchGuard Fireware logs
Collect Wazuh logs
Collect Wiz logs
Collect Wordpress CMS logs
Collect Workday audit logs
Collect Workday HCM logs
Collect Yamaha router logs
Collect Zoom operation logs

Need more help? Get answers from Community members and Google SecOps professionals.