🔥 3-day streak
Professional Security Operations Engineer73 / 241
Question 73 of 241

Your organization ingests logs from a niche network access control (NAC) appliance that Google SecOps does not have a default parser for. The appliance emits well-structured JSON, and your detection engineers need the events searchable in UDM within the current sprint. The SecOps admin asks how to establish reliable parsing for this source with the least long-term maintenance burden while ensuring the data is normalized correctly. What is the most appropriate approach?

Reviewed for accuracy · Report an issueNext question