Community Webinar: Parse Anything in Google SecOps: Parser Development Best Practices

Google SecOps offers robust data handling across the entire data pipeline, with a library of almost 700 parsers to ensure compatibility with a wide range of log sources.

But what about your custom-built applications or unique log sources without existing parsers?

To effectively craft custom parsers and normalize data into the Unified Data Model (UDM), you need to understand the three major steps of Parser Development: Data Extraction, Data Transformation, and UDM Assignment.

If you are looking to master these steps and ensure every log "tells its story" within your SOC, join us for this technical deep dive.

What we’ll cover

Whether you are new to SecOps and need to make use of raw logs, or you have a bespoke log source that needs to be used in detections, this session is designed to get you started with the basics.

We will cover:

• The anatomy of a parser: How to identify essential data points and standardize logs.

• A former customer’s perspective: Real-world insights on parsing challenges and solutions.

• General Parser best practices: How to balance thorough normalization without causing UDM fatigue.

• Entity vs Event parsing: Understanding the nuances between the two.

• ...and much more!

This session will help you answer the critical questions required for effective normalization: What is the log telling me? and What are the minimum required fields?

Do you have a specific custom log source you are struggling to parse? Have additional questions about parsing? Let us know when you register and we can try to address it during the Q&A!

Want to read ahead before the webinar? Check out this Custom Parser Development blog by Darren Davis that will help you better prepare for the live stream!