Skip to main content

In this Security Operations webinar series, we'll show you how to unlock the full potential of your security data by mastering the art of ingestion and parsing in Google SecOps. Tom Ruff, a Technology Solutions Consultant at Google Cloud Security, demonstrates best practices for onboarding security data, how to reliably collect, transport, and parse logs from a wide variety of sources—including on-premise and cloud—to ensure your data is valuable from the moment it arrives.


In this session, we cover:

  • Best practices for collecting logs from diverse sources like security devices (firewalls, EDRs), cloud services (AWS, Google Cloud), and operating systems.
  • Choosing the right transport method (Bindplane, SecOps Forwarder, Cribl) and why buffering is critical for reliable data delivery.
  • Why sending logs in their original format (JSON, SYSLOG, CEF) maximizes out-of-the-box parsing success.
  • Tips for building effective custom parsers, including using AI to generate Grok patterns when needed.
  • A look ahead at upcoming AI-powered features for automatic parsing.

 

 

See the attached slide deck to follow along and for some helpful links.

 

Just watching this video for the first time? Post your questions below. Didn't get your questions answered during the livestream event? Ask them here and we'll get them answered!

 

Enjoy and happy learning!

Be the first to reply!
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.