Console

Understand BigQuery data schema

Supported in:

Google secops SIEM

The BigQuery data schema defines how Google Security Operations exports normalized and contextualized security data into BigQuery. Each linked dataset corresponds to a different data type, such as UDM events, rule detections, IoC matches, entity relationships, and ingestion metrics. These datasets provide a structural view of your exported data, letting you query, join, and analyze security information.

The following topics describe the available schemas, their field definitions, and how they map to data exported by Google SecOps:

Need more help? Get answers from Community members and Google SecOps professionals.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-10-29 UTC.