Skip to main content

Workspace Parser

  • May 9, 2025
  • 2 replies
  • 29 views
yasinmnk
Forum|alt.badge.img+7

Hi, 
We have ingested our customer’s Google Workspace (GWS) logs via BigQuery into Google SecOps, and they are currently being processed using the BigQuery context. My question is: should we switch to the workspace activity parser to properly interpret these logs for udm and generate alerts, or is the current BigQuery context parser sufficient for this purpose?

2 replies

a_aleinikov
Forum|alt.badge.img+4
  • a_aleinikovBronze 1
  • Bronze 1
  • May 10, 2025

Hi @yasinmnk ,

For best results, you should switch to the Workspace Activity Parser — it’s specifically designed to handle Google Workspace (GWS) logs and will ensure proper UDM mapping and alert generation. The BigQuery context alone won’t fully interpret GWS-specific log fields.

    yasinmnk
    Forum|alt.badge.img+7
    • yasinmnkBronze 3
    • Author
    • Bronze 3
    • May 12, 2025

    @a_aleinikov     

    Thank you so much for your answer.

     

      Terms & ConditionsCookie settingsAccessibility statement
      Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

      © 2025 Google. All rights reserved.