🔥 3-day streak
Professional Security Operations Engineer72 / 241
Question 72 of 241
Your organization ingests firewall logs from a vendor that has a built-in default parser in Google SecOps. After a firmware upgrade, the vendor added three new fields to its log format that carry important threat context (application category, user identity, and TLS version). The default parser ignores these new fields, and you cannot modify Google-managed default parsers directly. Detection engineers need these fields normalized into UDM without disrupting the existing, working default parser mappings. What is the most appropriate approach?
Reviewed for accuracy · Report an issueNext question