Hello Team,
I am working with logs in Google SecOps where the IP address fields (such as SourceIPV4, TargetIPV4, and AnalyzerIPV4) are received in decimal (integer) format instead of the standard dotted IPv4 format.
For example:
750176699 → expected to be converted to a standard IPv4 format (e.g., x.x.x.x)
Could anyone please advise on how to convert these decimal IP values into normal dotted IPv4 format within the Google SecOps parser (UDM mapping)?
sample log:
EPO_Events.EPOEvents 20XX-03-XXT05:XX:33 HOST123 EPOEvents
{
"AgentGUID": "XXXX12345678",
"Analyzer": "_1000",
"AnalyzerHostName": "HOST001",
"AnalyzerIPV4": "3232235777",
"AnalyzerIPV6": "AAAAAAAAAAAAAP//wKgBAQ==",
"AnalyzerMAC": "001122AABBCC",
"AnalyzerName": "Drive Encryption",
"AnalyzerVersion": "7.4.0.11",
"AutoGUID": "ABCDEF12-34567890AB",
"AutoID": "123456789",
"DetectedUTC": "2026-03-17T05:48:33",
"ReceivedUTC": "2026-03-17T07:59:05.920",
"ServerID": "SRV01",
"SourceIPV4": "3232235778",
"SourceIPV6": "AAAAAAAAAAAAAP//wKgBAg==",
"TargetIPV4": "3232235779",
"TargetIPV6": "AAAAAAAAAAAAAP//wKgBAw==",
"TenantID": "1",
"TheTimestamp": "AAAAAGKI8Tk=",
"ThreatActionTaken": "None",
"ThreatCategory": "None",
"ThreatEventID": "30017",
"ThreatName": "MDE",
"ThreatSeverity": "1",
"ThreatType": "None"
}
Any guidance, sample parser logic, or transformation approach would be greatly appreciated.
Thanks in advance for your help.