Hi,
We have ingested our customer’s Google Workspace (GWS) logs via BigQuery into Google SecOps, and they are currently being processed using the BigQuery context. My question is: should we switch to the workspace activity parser to properly interpret these logs for udm and generate alerts, or is the current BigQuery context parser sufficient for this purpose?
Page 1 / 1
Hi @yasinmnk ,
For best results, you should switch to the Workspace Activity Parser — it’s specifically designed to handle Google Workspace (GWS) logs and will ensure proper UDM mapping and alert generation. The BigQuery context alone won’t fully interpret GWS-specific log fields.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.