This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Workspace Parser

Posted a month ago
yasinmnk
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi, 
We have ingested our customer’s Google Workspace (GWS) logs via BigQuery into Google SecOps, and they are currently being processed using the BigQuery context. My question is: should we switch to the workspace activity parser to properly interpret these logs for udm and generate alerts, or is the current BigQuery context parser sufficient for this purpose?

0 2 92
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
a_aleinikov
Silver 4
Silver 4
Reply posted on --/--/---- --:-- AM

Hi @yasinmnk ,

For best results, you should switch to the Workspace Activity Parser — it’s specifically designed to handle Google Workspace (GWS) logs and will ensure proper UDM mapping and alert generation. The BigQuery context alone won’t fully interpret GWS-specific log fields.

Posted on --/--/---- --:-- AM
yasinmnk
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

@a_aleinikov     

Thank you so much for your answer.

 

Top Solution Authors
View all