I’m the maintainer of ParseDMARC, an open source parser for DMARC and TLS-RPT reports. It has outputs for Elasticsearch, OpenSearch, Splunk, JSON, CSV, and email, with dashboards for Graphana, Kibana, OpenSearch Dashboards, and Splunk. I’m thinking about adding an output for Google SecOps, but I don’t currently have an instance of SecOps to test with.
I started using GitHub Copilot to craft an output for SecOps, I’m wondering if that data even belongs in SecOps.
I looked at the list of available default parsers, and I noticed that popular DMARC analytics services Dmarcian and Valimail are listed under “Supported log types without a default parser”. is that because DMARC data isn’t suitable for the SecOps UDM, or simply because a parser has not been made for those services? I’m on the fence.
If DMARC data is suitable for SecOps, please have a look at the PR. I’m sure AI got some things wrong.