🔥 3-day streak
Professional Security Operations Engineer3 / 241
Question 3 of 241
Your organization forwards logs from a niche in-house web application firewall to Google SecOps. The logs arrive successfully, but analysts report that key fields such as source IP, blocked URL, and rule ID appear only as raw text and cannot be searched or used in detection rules. There is no default parser for this custom log format. What is the most appropriate action to make these fields usable in searches and rules?
Reviewed for accuracy · Report an issueNext question