🔥 3-day streak
Professional Security Operations Engineer70 / 241
Question 70 of 241

Your SOC uses a Google SecOps default parser for a firewall vendor's logs, but the vendor recently added a proprietary threat-verdict field that the default parser does not map. You author a parser extension to map this field into a UDM security_result field. Two weeks later, Google publishes an updated release of the default parser that adds native mapping for several other new fields but still does not include the threat-verdict field. What happens to your parser extension after the default parser update, and what should you verify?

Reviewed for accuracy · Report an issueNext question