Google Cloud release notes

Stay organized with collections Save and categorize content based on your preferences.

File storage on Compute Engine:

• Added information about Google Cloud Managed Lustre and DDN Infinia.
• Updated the protocol specifications for Filestore.
• Updated the protocol and performance specifications for NetApp Volumes.

Parallel file systems for HPC workloads: Added information about Google Cloud Managed Lustre and DDN Infinia.

Attach and manage Tags

You can now add custom tags to your APIs and API deployments, making it easier to organize, categorize, and discover your API resources in API hub. Tags can also be used to conditionally allow or deny policies to a specific resource.

For more information see Attach and manage tags.

Updated UI for API hub

The API hub user interface is now updated to Google Material Design 2. This update provides a more consistent and modern look and feel, enhancing the overall user experience and aligning the UI with other Google Cloud products.

The latency and quality of Translation LLM has been improved.

Translation LLM now supports even more languages.
See our documentation for a list of all supported languages.

The following functional changes were made in 1.30.900-gke.57:

• Upgraded etcd to v3.4.33-0-gke.3.

The following functional change was made in 1.30.900-gke.57:

• Upgraded etcd to v3.4.33-0-gke.3.

(2025-R19) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

(2025-R19) Version updates

• Version 1.32.4-gke.1106000 is now the default version for cluster creation in the Rapid channel.
• The following versions are now available in the Rapid channel:
  • 1.30.12-gke.1086000
  • 1.31.8-gke.1113000
  • 1.32.4-gke.1236000
  • 1.33.0-gke.1868000
• The following versions are no longer available in the Rapid channel:
  • 1.30.11-gke.1157000
  • 1.30.11-gke.1217000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785003
  • 1.33.0-gke.1582000
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.12-gke.1033000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.7-gke.1390000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.3-gke.1927002 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.12-gke.1033000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.7-gke.1390000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.3-gke.1927002 with this release.

(2025-R19) Version updates

• Version 1.32.3-gke.1785003 is now the default version for cluster creation in the Regular channel.
• The following versions are now available in the Regular channel:
  • 1.30.11-gke.1217000
  • 1.31.7-gke.1390000
  • 1.32.3-gke.1927002
• The following versions are no longer available in the Regular channel:
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1212000
  • 1.32.2-gke.1297002
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.11-gke.1157000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.7-gke.1265000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.32.3-gke.1785003 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.11-gke.1157000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.7-gke.1265000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.3-gke.1785003 with this release.

(2025-R19) Version updates

• The following versions are now available in the Stable channel:
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1212000
  • 1.32.2-gke.1297002

(2025-R19) Version updates

• Version 1.32.3-gke.1785003 is now the default version for cluster creation in the Extended channel.
• The following versions are now available in the Extended channel:
  • 1.27.16-gke.2703000
  • 1.27.16-gke.2771000
  • 1.28.15-gke.2169000
  • 1.28.15-gke.2239000
  • 1.29.15-gke.1240000
  • 1.29.15-gke.1325000
  • 1.30.11-gke.1217000
  • 1.31.7-gke.1390000
  • 1.32.3-gke.1927002
• The following versions are no longer available in the Extended channel:
  • 1.27.16-gke.2664000
  • 1.27.16-gke.2732000
  • 1.28.15-gke.2121000
  • 1.28.15-gke.2192000
  • 1.29.14-gke.1067000
  • 1.29.15-gke.1274000
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1212000
  • 1.32.2-gke.1297002
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2142000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2682000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2142000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.15-gke.1193000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.11-gke.1157000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.7-gke.1265000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.3-gke.1785003 with this release.

(2025-R19) Version updates

• Version 1.32.3-gke.1785003 is now the default version for cluster creation.
• The following versions are now available:
  • 1.30.12-gke.1086000
  • 1.31.8-gke.1113000
  • 1.32.4-gke.1236000
• The following node versions are now available:
  • 1.27.16-gke.2771000
  • 1.28.15-gke.2239000
  • 1.29.15-gke.1325000
  • 1.30.12-gke.1086000
  • 1.31.8-gke.1113000
  • 1.32.4-gke.1236000
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.11-gke.1157000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.11-gke.1157000 with this release.
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.32 to version 1.32.3-gke.1785003 with this release.

The region selector when creating a service or a job from the Google Cloud console now defaults to europe-west1.

The predefined role reference and the permissions reference have been reorganized to improve performance and searchability. To see the new experience, visit the IAM roles and permissions index.

Limiting inappropriate content in schedules

Looker Studio now checks for potentially inappropriate content in the subject and message fields while creating and updating schedules. You won't be able to save a schedule until the flagged content is removed.

The GA release of enhanced data residency support in the European Union and United States is temporarily delayed.

The default major version of PostgreSQL compatibility for new AlloyDB clusters is now PostgreSQL 16.

The default value of the [scheduler]max_tis_per_query Airflow configuration option is set to 128. This change fixes the issue with DAGs remaining in the scheduled state in some cases.

Cloud Composer 3 and Cloud Composer 2 no longer support files with gzip encoding (content-type=gzip).

Before this change, all files that had gzip encoding, including .py and .zip files, were processed inconsistently by the DAG processor. After this change, the DAG processor skips all files with gzip encoding. This change doesn't apply to regular .zip archives. Airflow still decompresses and processes DAG files contained in archives that have no specified encoding.

This change is gradually rolled out to all regions supported by Cloud Composer, except us-central1, us-east4 and europe-west1. It will be rolled out to the remaining regions in one of the future releases.

(Cloud Composer 3) Improved the computation of metrics related to snapshots. This change reduces the number of calls made by Cloud Composer to the Cloud Storage API.

(Cloud Composer 2) In Cloud Composer versions 2.11.5 and later, log processing is switching to using OpenTelemetry instead of Fluentd.

This change is gradually rolled out to the asia-south1 and africa-south1 regions. It will be rolled out to more regions in future releases. New and upgraded Cloud Composer 2 environments in the listed regions will get this change.

(Airflow 2.9.3) The apache-airflow-providers-google package was upgraded to version 15.1.0 in Cloud Composer 2 images and Cloud Composer 3 builds.

For more information about changes, see the apache-airflow-providers-google changelog from version 14.0.0 to version 15.1.0.

(Airflow 2.9.3) Changes in preinstalled packages:

• apache-airflow-providers-standard was upgraded to 1.0.0 from 0.4.0.
• aiosqlite was removed from preinstalled packages.
• json-merge-patch was removed from preinstalled packages.
• time-machine was removed from preinstalled packages.
• pyjwt was downgraded to 2.9.0 from 2.10.1.

New Airflow builds are available in Cloud Composer 3:

• composer-3-airflow-2.10.5-build.3 (default)
• composer-3-airflow-2.9.3-build.23

New images are available in Cloud Composer 2:

• composer-2.13.1-airflow-2.10.5 (default)
• composer-2.13.1-airflow-2.10.2

• A dedicated Cortex-specific Cloud Build Service Account will now be automatically created during the deployment process for both the standard Quickstart demo and the Cortex for Meridian Quickstart demo.
• When executing gcloud builds submit command for Cortex Framework deployments, the _BUILD_ACCOUNT parameter is now required. If you are updating an existing deployment, ensure you provide the appropriate build account in the following format: _BUILD_ACCOUNT='projects/SOURCE_PROJECT/serviceAccounts/SERVICE_ACCOUNT@SOURCE_PROJECT.iam.gserviceaccount.com'.

cos-113-18244-382-15

Runtime sysctl changes:

• Changed: fs.file-max: 812040 -> 812054

cos-dev-125-19041-0-0

Upgraded app-admin/google-guest-configs to v20250501.00.

Added support for 7th generation TPU devices.

Updated the Linux kernel to v6.6.89.

Runtime sysctl changes:

• Changed: fs.file-max: 811773 -> 811729

cos-117-18613-263-13

Upgraded app-admin/google-guest-configs to v20250501.00.

Added support for 7th generation TPU devices.

Runtime sysctl changes:

• Changed: fs.file-max: 811816 -> 811830

cos-109-17800-519-7

Runtime sysctl changes:

• Changed: fs.file-max: 812287 -> 812270

cos-121-18867-90-23

Upgraded app-admin/google-guest-configs to v20250501.00.

Added support for 7th generation TPU devices.

Runtime sysctl changes:

• Changed: fs.file-max: 811788 -> 811731

YARA-L search with data tables updates

• Data tables are now accessible from the Investigation menu, instead of Detection, in the web interface.
• Data tables can now be used as a data source in search queries.
• Role-based access control (RBAC) has been added to manage access to data tables.

YARA-L search with data tables updates

• Data tables are now accessible from the Investigation menu, instead of Detection, in the web interface.
• Data tables can now be used as a data source in search queries.
• Role-based access control (RBAC) has been added to manage access to data tables.

By default, scans for MAC_ADDRESS findings now include MAC_ADDRESS_LOCAL findings. Previously, you could only use this functionality if you set the InfoType.version of MAC_ADDRESS to latest in your InspectConfig.

You can still use the old version of MAC_ADDRESS by setting its InfoType.version to legacy or by using the MAC_ADDRESS_UNIVERSAL infoType. In 90 days, the new functionality will be promoted to legacy.

reCAPTCHA Mobile SDK v18.7.1 is now available for Android

This version contains reliability improvements in the execute() method.

Due to a change to report replay_lsn more accurately during parallel replay, metrics might show a slightly higher replication lag.

New Dataproc on Compute Engine subminor image versions:

• 2.0.140-debian10, 2.0.140-rocky8, 2.0.140-ubuntu18
• 2.1.88-debian11, 2.1.88-rocky8, 2.1.88-ubuntu20, 2.1.88-ubuntu20-arm
• 2.2.56-debian12, 2.2.56-rocky9, 2.2.56-ubuntu22

(2025-R18) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

Other changes in 1.33

containerd 2.0 is supported. For more information, see Migrate nodes to containerd 2.

(2025-R18) Version updates

• Version 1.32.3-gke.1927002 is now the default version for cluster creation in the Rapid channel.
• The following versions are now available in the Rapid channel:
  • 1.30.12-gke.1033000
  • 1.31.8-gke.1045000
  • 1.32.3-gke.1785003
  • 1.32.3-gke.1927002
  • 1.32.4-gke.1106000
  • 1.33.0-gke.1552000
  • 1.33.0-gke.1582000
  • 1.33.0-gke.1712000
• The following versions are no longer available in the Rapid channel:
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1212000
  • 1.32.2-gke.1297002
  • 1.32.3-gke.1785000
  • 1.32.3-gke.1927000
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.11-gke.1157000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.7-gke.1265000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.3-gke.1785003 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.11-gke.1157000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.7-gke.1265000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.3-gke.1785003 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.33 to version 1.33.0-gke.1552000 with this release.

(2025-R18) Version updates

• Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Regular channel.
• The following versions are now available in the Regular channel:
  • 1.30.11-gke.1157000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785003
• The following versions are no longer available in the Regular channel:
  • 1.30.10-gke.1070000
  • 1.31.6-gke.1064001
  • 1.32.2-gke.1182003
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.31.7-gke.1212000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Regular channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.

(2025-R18) Version updates

There are no new releases in the Stable channel.

(2025-R18) Version updates

• Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Extended channel.
• The following versions are now available in the Extended channel:
  • 1.27.16-gke.2682000
  • 1.27.16-gke.2732000
  • 1.28.15-gke.2142000
  • 1.28.15-gke.2192000
  • 1.29.15-gke.1274000
  • 1.30.11-gke.1157000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785003
• The following versions are no longer available in the Extended channel:
  • 1.27.16-gke.2650000
  • 1.27.16-gke.2703000
  • 1.28.15-gke.2097000
  • 1.28.15-gke.2169000
  • 1.29.15-gke.1240000
  • 1.30.10-gke.1070000
  • 1.31.6-gke.1064001
  • 1.32.2-gke.1182003
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2121000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2664000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2121000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.

(2025-R18) Version updates

• Version 1.32.2-gke.1297002 is now the default version for cluster creation.
• The following versions are now available:
  • 1.30.12-gke.1033000
  • 1.31.8-gke.1045000
  • 1.32.3-gke.1785003
  • 1.32.3-gke.1927002
  • 1.32.4-gke.1106000
• The following node versions are now available:
  • 1.27.16-gke.2732000
  • 1.28.15-gke.2192000
  • 1.29.15-gke.1274000
  • 1.30.12-gke.1033000
  • 1.31.8-gke.1045000
  • 1.32.3-gke.1785003
  • 1.32.3-gke.1927002
  • 1.32.4-gke.1106000
• The following versions are no longer available:
  • 1.31.6-gke.1020000
  • 1.32.3-gke.1785000
  • 1.32.3-gke.1927000
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.

If the Force mobile authentication setting is enabled, mobile users will be logged out after 60 minutes, rather than 30 minutes, of inactivity.

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

If you create an instance using the Google Cloud Console, then the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA) option is now the default server certificate authority (CA) mode for your Cloud SQL instance.

For users of the Cloud SQL Auth Proxy:

• If the Cloud SQL instance to which you're connecting is using shared certificate authority (CA) for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.13.0 or later.
• If the Cloud SQL instance to which you're connecting is using customer-managed CA for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.14.3 or later.

If you create an instance using the Google Cloud Console, then the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA) option is now the default server certificate authority (CA) mode for your Cloud SQL instance.

For users of the Cloud SQL Auth Proxy:

• If the Cloud SQL instance to which you're connecting is using shared certificate authority (CA) for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.13.0 or later.
• If the Cloud SQL instance to which you're connecting is using customer-managed CA for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.14.3 or later.

If you create an instance using the Google Cloud Console, then the per-instance CA (GOOGLE_MANAGED_INTERNAL_CA) option is now the default server certificate authority (CA) mode for your Cloud SQL instance.

For users of the Cloud SQL Auth Proxy:

• If the Cloud SQL instance to which you're connecting is using shared certificate authority (CA) for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.13.0 or later.
• If the Cloud SQL instance to which you're connecting is using customer-managed CA for its serverCaMode setting, then on the client side, you must use Cloud SQL Auth Proxy version 2.14.3 or later.

The following Security Command Center Enterprise pages that you previously accessed through the Google Security Operations console are now under Security Command Center in the Google Cloud console:

• Risk Overview
• Issues
• Assets (previously called resources)
• Findings

The Security Command Center Enterprise left navigation also includes links to pages in the Google Security Operations console. For information about this navigation and accessing Google Security Operations pages, see Security Command Center Enterprise console.

For newly created Cloud Composer 3 environments, the minimum amount of memory is changed to 2 GB.

For newly created environments, database retention policy is now enabled by default in Google Cloud CLI, API, and Terraform. Before this change, it was enabled by default only in Google Cloud Console.

Improved the environment liveness monitoring. This change addresses some cases of transient failures that caused "Liveness probe failed" warnings in the environment's logs.

(Airflow 2.10.5) The apache-airflow-providers-google package was upgraded to version 15.1.0 in Cloud Composer 2 images and Cloud Composer 3 builds.

For more information about changes, see the apache-airflow-providers-google changelog from version 14.0.0 to version 15.1.0.

(Airflow 2.10.5) Changes in preinstalled packages:

• apache-airflow-providers-standard was upgraded to 1.0.0 from 0.4.0.
• aiosqlite was removed from preinstalled packages.
• json-merge-patch was removed from preinstalled packages.
• time-machine was removed from preinstalled packages.

The default version of Airflow is changed to 2.10.5.

Airflow 2.10.2 is no longer included in Cloud Composer images and builds.

New Airflow builds are available in Cloud Composer 3:

• composer-3-airflow-2.10.5-build.2 (default)
• composer-3-airflow-2.9.3-build.22

New images are available in Cloud Composer 2:

• composer-2.13.0-airflow-2.10.5 (default)
• composer-2.13.0-airflow-2.10.2

We just released three new voice features for Chirp 3: HD Voices. Pace control is available across all locales; pause control is available across all locales; custom pronunciations is available across all locales except bn-in, gu-in, nl-be, sw-ke, th-th, uk-ua, ur-in, and vi-vn. Be sure to check our Chirp 3: HD Voices documentation for more information.

In the Google Cloud console, Analytics Hub has been renamed BigQuery sharing (Analytics Hub).

The Deployment Manager API is no longer automatically enabled when you enable Cloud Composer API because this API isn't used by the Cloud Composer service.

Environments with Cloud Composer versions 2.0.* still rely on the Deployment Manager API for updates, upgrades, and environment deletion. It won't be possible to perform these operations if this API is disabled. We recommend to upgrade your 2.0.* environments to a later version to remove this dependency.

cos-113-18244-382-8

Added support for 7th generation TPU devices.

Version changes in 1.32.0-gke.1087:

• The etcd version upgraded to 3.4.33
• COS upgraded to milestone 117
• containerd upgraded to 1.7
• Cilium upgraded to 1.15.6

Other changes in 1.32.0-gke.1087:

• The following legacy features are blocked during cluster upgrade:

  • Dataplane V1 (Calico)
  • Integrated F5 Big IP load balancer configuration
  • Non-HA admin cluster
  • Kubeception user cluster
  • Seesaw load balancer

  You must migrate your clusters to recommended features before upgrading to 1.32.

• The following changes to MetalLB address pools were made to behave the same as advanced clusters:

  • Can't remove existing address pools
  • Can't remove addresses in an existing address pool
  • Can't change address pool name

• The cert-manager component is available on advanced clusters.

• Allow changing stackdriver.projectID to be the same as gkeconnect.projectID.

• Removed support in the Konnectivity server (konnectivity-server) for the following weak cryptographic cipher suites: TLS_RSA_WITH_AES_256_GCM_SHA384 and TLS_RSA_WITH_AES_128_GCM_SHA256.

• Upgraded etcd to v3.4.33-0-gke.3.

• Upgraded containerd to version 1.7.

• Upgraded the SR-IOV operator, sriov-network-operator, to version 1.4.

• Added Compress=yes to /etc/systemd/journald.conf to ensure that objects larger than 512 bytes are compressed before they are written to the file system.

• Added new, default periodic health checks to ensure that Kubernetes cluster resources are configured correctly and functioning properly.

• Added more namespaces to the default snapshot scenarios.

• Added preflight check for kernel fsnotify settings for Red Hat Enterprise Linux (RHEL) 8.x.

• Removed the leading timestamp from the bmctl version response. Temporarily, we've provided -t and --timestamps flags to revert to the old format.

• Added a check for the FailedCgroupRemoval node condition to the node problem detector (NPD) to look for orphan container processes on nodes. By default, a new plugin for NPD automatically fixes this condition on the node.

• Updated the cluster delete process to delete worker node pools prior to removing any control plane nodes. This change applies to supported cluster deletion flows, including bmctl, the Google Cloud CLI, and the Google Cloud console.

• Updated the log entries in the backup.log file created by the bmctl backup command to improve readability.

• Updated the cluster upgrade operation to keep only the three latest kubeadm backups of etcd and configuration information for a node. Previously, kubeadm kept node backups for every attempted upgrade.

• Added the kubelet config, CPU Manager state, and Memory Manager state to node snapshots.

Cloud Function Task adds support for Cloud Functions v2 API

The Cloud Function task in Application Integration now lets you create, link, and run the latest generation of serverless functions, called Cloud Run functions, using the Cloud Functions v2 API.

For more information, see Cloud Function Task.

Control HTTP call access by region in Application Integration

Application Integration now offers a new control within the Regions page to enable or disable HTTP calls for integrations on a per-region basis.

For more information, see Manage regions.

cos-117-18613-263-4

Runtime sysctl changes:

• Changed: fs.file-max: 811753 -> 811816

cos-109-17800-519-1

Runtime sysctl changes:

• Changed: fs.file-max: 812262 -> 812287

cos-dev-125-19025-0-0

Updated the Linux kernel to v6.6.88.

Updated the Linux kernel to v6.6.88.

Runtime sysctl changes:

• Changed: fs.file-max: 811785 -> 811773

cos-121-18867-90-15

Runtime sysctl changes:

• Changed: fs.file-max: 811806 -> 811788

Grounding

The following grounding features are generally available:

• Grounding on your data using Vertex AI Search
• Grounding with Elasticsearch

A new enforcement version, enforcement version 3, is available for principal access boundary policies. To learn more about enforcement versions and see the permissions that enforcement version 3 can block, see Permissions that principal access boundary policies can block.

Light Theme Enhancements

We've improved the color palette for the light theme to enhance visual clarity.

Starting with v1.14.2, third-party container images will be labeled with a version tag that matches the Apigee hybrid image tag. This affects the image tags returned by the apigee-pull-push command line tool. For more information, see:

• Use a private image repository with Apigee hybrid
• apigee-pull-push
• hub

The limit for the number of widgets on a custom dashboard has increased to 100, from 40. For information about dashboards, see the following:

• Create and manage custom dashboards
• Install a dashboard template
• Import Grafana dashboards

Dataproc on Compute Engine: Upgraded NodeProblemDetector to 0.8.20 based version for 2.2 image.

Dataproc on Compute Engine: Upgraded oauth2l to v1.3.3 to address CVEs.

(2025-R17) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

(2025-R17) Version updates

• Version 1.32.2-gke.1297002 is now the default version for cluster creation in the Rapid channel.
• The following versions are now available in the Rapid channel:
  • 1.30.11-gke.1131000
  • 1.30.11-gke.1217000
  • 1.31.7-gke.1212000
  • 1.31.7-gke.1390000
  • 1.32.3-gke.1927000
• The following versions are no longer available in the Rapid channel:
  • 1.30.10-gke.1070000
  • 1.30.10-gke.1102000
  • 1.31.6-gke.1064001
  • 1.31.6-gke.1099001
  • 1.32.2-gke.1182003
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.29 to version 1.30.11-gke.1131000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.31.7-gke.1212000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.32.2-gke.1297002 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.30 to version 1.30.11-gke.1131000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.31 to version 1.31.7-gke.1212000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Rapid channel will be upgraded from version 1.32 to version 1.32.2-gke.1297002 with this release.

(2025-R17) Version updates

• The following versions are now available in the Regular channel:
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1212000
  • 1.32.2-gke.1297002

(2025-R17) Version updates

• Version 1.32.1-gke.1357001 is no longer available in the Stable channel.
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Stable channel will be upgraded from version 1.32 to version 1.32.2-gke.1182003 with this release.

(2025-R17) Version updates

• The following versions are now available in the Extended channel:
  • 1.27.16-gke.2664000
  • 1.27.16-gke.2703000
  • 1.28.15-gke.2121000
  • 1.28.15-gke.2169000
  • 1.29.15-gke.1240000
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1212000
  • 1.32.2-gke.1297002
• The following versions are no longer available in the Extended channel:
  • 1.27.16-gke.2633000
  • 1.27.16-gke.2682000
  • 1.28.15-gke.2072000
  • 1.28.15-gke.2142000
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2097000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2650000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2097000 with this release.

(2025-R17) Version updates

• The following versions are now available:
  • 1.30.11-gke.1131000
  • 1.30.11-gke.1217000
  • 1.31.7-gke.1212000
  • 1.31.7-gke.1390000
  • 1.32.3-gke.1927000
• The following node versions are now available:
  • 1.27.16-gke.2703000
  • 1.28.15-gke.2169000
  • 1.29.15-gke.1240000
  • 1.30.11-gke.1217000
  • 1.31.7-gke.1390000
  • 1.32.3-gke.1927000
• The following versions are no longer available:
  • 1.30.10-gke.1102000
  • 1.31.6-gke.1099001
  • 1.32.1-gke.1357001
  • 1.32.2-gke.1182001
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled will be upgraded from version 1.30 to version 1.31.6-gke.1064001 with this release.

Addressed multiple Common Vulnerabilities and Exposures (CVEs) by updating dependencies.

A new release is available. This release may include some or all of the following: general performance improvements, bug fixes, and updates to the API reference documentation.

New Alpha resources (direct reconciler)

• ComputeNetworkAttachment
• ComputeNetworkEdgeSecurityService
• DataplexEntryGroup
• DataplexEntryType
• DataplexTask
• DataplexZone
• DatastreamRoute
• DocumentAIVersion
• GKEBackupBackup
• GKEBackupRestore
• PubSubSnapshot
• SpeechCustomClass
• VMwareEngineExternalAddress
• MetastoreService
• MetastoreFederation
• MetastoreBackup
• APIQuotaPreference
• APIQuotaAdjusterSettings
• EventarcGoogleChannelConfig
• EventarcChannel
• AssetSavedQuery
• AssetFeed
• EssentialContactsContact
• DataCatalogEntryGroup
• DataCatalogEntry
• DataCatalogTagTemplate
• DataCatalogTag

Native Query Execution now supports reading Apache ORC complex types.

Design an optimal storage strategy for your cloud workload: Added information about Filestore replication, Hyperdisk Balanced High Availability, Anywhere Cache, and capacity specifications for Google Cloud NetApp Volumes.

• Additional materials are available for deploying a model in Model Garden by using the Python SDK, gcloud CLI, or API, which are available in Preview:
  • Developer blog: Introducing the new Vertex AI Model Garden CLI and SDK
  • Deploy open models by using the SDK tutorial notebook
  • Get started with Vertex AI Model Garden SDK notebook

Multi-regional deployment on Compute Engine: Technical updates to align design recommendations with Google Cloud Well-Architected Framework core principles.

Single-zone deployment on Compute Engine: Technical updates to align design recommendations with Google Cloud Well-Architected Framework core principles.

Hub-and-spoke network architecture: Added Network Connectivity Center as a design option.

cos-113-18244-382-3

Runtime sysctl changes:

• Changed: fs.file-max: 812031 -> 812035

cos-121-18867-90-4

Runtime sysctl changes:

• Changed: fs.file-max: 811714 -> 811806

cos-dev-125-19014-0-0

Patched a null ptr exception bug in NVIDIA 570.124.06 OSS driver

Runtime sysctl changes:

• Changed: fs.file-max: 811798 -> 811785

cos-117-18613-164-124

Runtime sysctl changes:

• Changed: fs.file-max: 811760 -> 811753

Quality AI offers the following conversation filters:

• CSAT
• Sentiment score
• Silence duration

AI and ML perspective: Operational excellence: Major update to expand the operational excellence recommendations in the AI and ML perspective.

(2025-R16) Version updates

GKE cluster versions have been updated.

New versions available for upgrades and new clusters.

The following Kubernetes versions are now available for new clusters and for opt-in control plane upgrades and node upgrades for existing clusters. For more information on versioning and upgrades, see GKE versioning and support and Upgrades.

(2025-R16) Version updates

• The following versions are now available in the Rapid channel:
  • 1.30.11-gke.1157000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785000
• The following versions are no longer available in the Rapid channel:
  • 1.29.14-gke.1067000
  • 1.29.14-gke.1086000
  • 1.29.15-gke.1170000
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1013002
  • 1.31.7-gke.1212000
  • 1.32.3-gke.1717000

(2025-R16) Version updates

• The following versions are no longer available in the Regular channel:
  • 1.29.14-gke.1018000
  • 1.29.14-gke.1067000

(2025-R16) Version updates

• Version 1.32.2-gke.1182003 is now the default version for cluster creation in the Stable channel.
• The following versions are no longer available in the Stable channel:
  • 1.29.13-gke.1038000
  • 1.29.13-gke.1169000

(2025-R16) Version updates

• The following versions are now available in the Extended channel:
  • 1.27.16-gke.2650000
  • 1.27.16-gke.2682000
  • 1.28.15-gke.2097000
  • 1.28.15-gke.2142000
  • 1.29.15-gke.1193000
• The following versions are no longer available in the Extended channel:
  • 1.27.16-gke.2595000
  • 1.27.16-gke.2664000
  • 1.28.15-gke.2027000
  • 1.28.15-gke.2121000
  • 1.29.14-gke.1018000
• Auto-upgrade targets are now available for the following minor versions:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.28.15-gke.2072000 with this release.
• The following patch-only version auto-upgrade targets are now available for clusters with maintenance exclusions or other factors preventing minor version upgrades:
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.27 to version 1.27.16-gke.2633000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.28 to version 1.28.15-gke.2072000 with this release.
  • Control planes and nodes with auto-upgrade enabled in the Extended channel will be upgraded from version 1.29 to version 1.29.14-gke.1067000 with this release.

(2025-R16) Version updates

• The following versions are now available:
  • 1.30.11-gke.1157000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785000
• The following node versions are now available:
  • 1.27.16-gke.2682000
  • 1.28.15-gke.2142000
  • 1.29.15-gke.1193000
  • 1.30.11-gke.1157000
  • 1.31.7-gke.1265000
  • 1.32.3-gke.1785000
• The following versions are no longer available:
  • 1.29.13-gke.1038000
  • 1.29.13-gke.1169000
  • 1.29.14-gke.1018000
  • 1.29.14-gke.1067000
  • 1.29.14-gke.1086000
  • 1.29.15-gke.1170000
  • 1.30.9-gke.1127000
  • 1.30.11-gke.1131000
  • 1.31.7-gke.1013002
  • 1.31.7-gke.1212000
  • 1.32.3-gke.1717000

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so changes may take one-to-four days to appear in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

• 1Password Audit Events (ONEPASSWORD_AUDIT_EVENTS)
• AIX system (AIX_SYSTEM)
• Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
• Alveo Risk Data Management (ALVEO_RDM)
• Amazon API Gateway (AWS_API_GATEWAY)
• Apache Tomcat (TOMCAT)
• Appian Cloud (APPIAN_CLOUD)
• Arcsight CEF (ARCSIGHT_CEF)
• Asset Panda (ASSET_PANDA)
• Aware Audit (AWARE_AUDIT)
• Aware Signals (AWARE_SIGNALS)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS ECS Metrics (AWS_ECS_METRICS)
• AWS Elastic Load Balancer (AWS_ELB)
• AWS GuardDuty (GUARDDUTY)
• AWS Inspector (AWS_INSPECTOR)
• AWS Lambda Function (AWS_LAMBDA_FUNCTION)
• AWS RDS (AWS_RDS)
• AWS Redshift (AWS_REDSHIFT)
• AWS Route 53 DNS (AWS_ROUTE_53)
• AWS Security Hub (AWS_SECURITY_HUB)
• AWS VPC Flow (AWS_VPC_FLOW)
• AWS WAF (AWS_WAF)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure AD Organizational Context (AZURE_AD_CONTEXT)
• Azure Application Gateway (AZURE_GATEWAY)
• Azure Firewall (AZURE_FIREWALL)
• Azure Key Vault logging (AZURE_KEYVAULT_AUDIT)
• Barracuda CloudGen Firewall (BARRACUDA_CLOUDGEN_FIREWALL)
• Barracuda WAF (BARRACUDA_WAF)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Broadcom Support Portal Audit Logs (BROADCOM_SUPPORT_PORTAL)
• Cato Networks (CATO_NETWORKS)
• Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
• Check Point (CHECKPOINT_FIREWALL)
• ChromeOS XDR (CHROMEOS_XDR)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco EStreamer (CISCO_ESTREAMER)
• Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
• Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
• Cisco Internetwork Operating System (CISCO_IOS)
• Cisco IronPort (CISCO_IRONPORT)
• Cisco ISE (CISCO_ISE)
• Cisco NX-OS (CISCO_NX_OS)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
• Cisco vManage SD-WAN (CISCO_SDWAN)
• Cisco VPN (CISCO_VPN)
• Citrix Netscaler (CITRIX_NETSCALER)
• Citrix Storefront (CITRIX_STOREFRONT)
• Claroty Xdome (CLAROTY_XDOME)
• Cloud Audit Logs (N/A)
• Cloud Data Loss Prevention (N/A)
• Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
• Cloudflare WAF (CLOUDFLARE_WAF)
• Cloudflare Warp (CLOUDFLARE_WARP)
• CommVault (COMMVAULT)
• CrowdStrike Detection Monitoring (CS_DETECTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CrowdStrike Identity Protection Services (CS_IDP)
• CrushFTP (CRUSHFTP)
• Custom Application Access Logs (CUSTOM_APPLICATION_ACCESS)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cybereason EDR (CYBEREASON_EDR)
• Cyolo Secure Remote Access for OT (CYOLO_OT)
• Datadog (DATADOG)
• Delinea Secret Server (DELINEA_SECRET_SERVER)
• Dell CyberSense (DELL_CYBERSENSE)
• Digicert (DIGICERT)
• Edgio WAF (EDGIO_WAF)
• Elastic Packet Beats (ELASTIC_PACKETBEATS)
• F5 ASM (F5_ASM)
• F5 DNS (F5_DNS)
• Forcepoint DLP (FORCEPOINT_DLP)
• Forcepoint NGFW (FORCEPOINT_FIREWALL)
• Forgerock OpenIdM (FORGEROCK_OPENIDM)
• FortiGate (FORTINET_FIREWALL)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• Fortinet Fortimanager (FORTINET_FORTIMANAGER)
• Fortinet Web Application Firewall (FORTINET_FORTIWEB)
• GitHub (GITHUB)
• Gitlab (GITLAB)
• Harness IO (HARNESS_IO)
• Hashicorp Vault (HASHICORP)
• Hillstone Firewall (HILLSTONE_NGFW)
• Huawei Switches (HUAWEI_SWITCH)
• IBM Guardium (GUARDIUM)
• Imperva Database (IMPERVA_DB)
• Intel Endpoint Management Assistant (INTEL_EMA)
• JAMF Security Cloud (JAMF_SECURITY_CLOUD)
• JFrog Artifactory (JFROG_ARTIFACTORY)
• JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
• Juniper (JUNIPER_FIREWALL)
• Kaspersky AV (KASPERSKY_AV)
• Kaspersky Endpoint (KASPERSKY_ENDPOINT)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Audit (KUBERNETES_AUDIT)
• Layer7 SiteMinder (SITEMINDER_SSO)
• Linux Auditing System (AuditD) (AUDITD)
• Looker Audit (LOOKER_AUDIT)
• ManageEngine ADAudit Plus (ADAUDIT_PLUS)
• ManageEngine ADManager Plus (ADMANAGER_PLUS)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Metabase (METABASE)
• Microsoft AD FS (ADFS)
• Microsoft Azure Activity (AZURE_ACTIVITY)
• Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
• Microsoft CyberX (CYBERX)
• Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
• Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
• Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
• Microsoft IIS (IIS)
• Microsoft PowerShell (POWERSHELL)
• Microsoft Sentinel (MICROSOFT_SENTINEL)
• Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
• Mikrotik Router (MIKROTIK_ROUTER)
• Mimecast (MIMECAST_MAIL)
• MISP Threat Intelligence (MISP_IOC)
• NetIQ eDirectory (NETIQ_EDIRECTORY)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
• Office 365 (OFFICE_365)
• Okta (OKTA)
• Okta User Context (OKTA_USER_CONTEXT)
• One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
• Oort Security Tool (OORT)
• Open Cybersecurity Schema Framework (OCSF) (OCSF)
• Open LDAP (OPENLDAP)
• Opnsense (OPNSENSE)
• Ops Genie (OPS_GENIE)
• Oracle (ORACLE_DB)
• Oracle Cloud Guard (OCI_CLOUDGUARD)
• Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
• Orca Cloud Security Platform (ORCA)
• Palo Alto Cortex XDR Alerts (CORTEX_XDR)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Panorama (PAN_PANORAMA)
• Palo Alto Prisma Access (PAN_CASB)
• Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
• Pharos (PHAROS)
• Privacy-I (PRIVACY_I)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Proofpoint Threat Response (PROOFPOINT_TRAP)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• ReviveSec (REVIVESEC)
• Rubrik (RUBRIK)
• Salesforce (SALESFORCE)
• Sangfor Proxy (SANGFOR_PROXY)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Threat (N/A)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• ServiceNow CMDB (SERVICENOW_CMDB)
• Snare System Diagnostic Logs (SNARE_SOLUTIONS)
• Snipe-IT (SNIPE_IT)
• Snyk Group level audit/issues logs (SNYK_ISSUES)
• SonicWall (SONIC_FIREWALL)
• Sophos Central (SOPHOS_CENTRAL)
• Swimlane Platform (SWIMLANE)
• Symantec DLP (SYMANTEC_DLP)
• Symantec Event export (SYMANTEC_EVENT_EXPORT)
• Symantec Web Security Service (SYMANTEC_WSS)
• Tanium Question (TANIUM_QUESTION)
• Tanium Threat Response (TANIUM_THREAT_RESPONSE)
• Teleport Access Plane (TELEPORT_ACCESS_PLANE)
• Tenable Active Directory Security (TENABLE_ADS)
• Tenable CSPM (TENABLE_CSPM)
• tenable.io (TENABLE_IO)
• Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
• Thinkst Canary (THINKST_CANARY)
• ThreatX WAF (THREATX_WAF)
• Trend Micro Email Security Advanced (TRENDMICRO_EMAIL_SECURITY)
• Trend Micro Vision One (TRENDMICRO_VISION_ONE)
• TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
• TXOne Stellar (TRENDMICRO_STELLAR)
• UKG (UKG)
• Unix system (NIX_SYSTEM)
• UPX AntiDDoS (UPX_ANTIDDOS)
• VanDyke SFTP (VANDYKE_SFTP)
• Varonis (VARONIS)
• Vectra Alerts (VECTRA_ALERTS)
• Vectra Stream (VECTRA_STREAM)
• VMware AirWatch (AIRWATCH)
• Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
• VMware ESXi (VMWARE_ESX)
• VMware Horizon (VMWARE_HORIZON)
• Watchguard EDR (WATCHGUARD_EDR)
• Windows Defender AV (WINDOWS_DEFENDER_AV)
• Windows DHCP (WINDOWS_DHCP)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• Windows Sysmon (WINDOWS_SYSMON)
• Workday Audit Logs (WORKDAY_AUDIT)
• Workday User Activity (WORKDAY_USER_ACTIVITY)
• WPEngine (WPENGINE)
• Zimperium (ZIMPERIUM)
• Zscaler (ZSCALER_WEBPROXY)
• ZScaler DNS (ZSCALER_DNS)
• Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
• ZScaler NGFW (ZSCALER_FIREWALL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

• Accenture Synthetic (ACCENTURE_SYNTHETIC)
• Adyen Platform (ADYEN)
• AliCloud ActionTrail (ALICLOUD_ACTIONTRAIL)
• Apache LOG4J Java Application Log (LOG4J)
• AppSmith Audit (APPSMITH_AUDIT)
• Arctic Security Arctic Node (ARCTIC_NODE)
• Arista CorvilNet DANZ Integration (ARISTA_CORVILNET)
• Arista Extensible Operating System (ARISTA_EOS)
• AvePoint EnPower (AVEPOINT_ENPOWER)
• Avigilon Alta Cloud Security (AVIGILON_ALTA_CLOUD_SECURITY)
• Avigilon Ava Security Camera (AVIGILON_AVA_SECURITY_CAMERA)
• AWS Dasha (AWS_DASHA)
• AWS Elastic Kubernetes Service (AWS_EKS)
• Azure Network Security Group Event (AZURE_NSG_EVENT)
• Azure Windows Virtual Desktop Connections Logs (AZURE_WVD_CONNECTIONS)
• Azure Windows Virtual Desktop Management Logs (AZURE_WVD_MANAGEMENT)
• Barracuda Load Balancer ADC (BARRACUDA_LOAD_BALANCER)
• Broadcom Edge Secure Web Gateway (BROADCOM_EDGE_SWG)
• Celonis Audit Logs (CELONIS)
• Chopin PrePay Solutions (CHOPIN_PPS)
• Cisco Duo Authentication Proxy (DUO_AUTH_PROXY)
• Cloudflare CASB Findings (CLOUDFLARE_CASB_FINDINGS)
• Cloudflare Device posture results (CLOUDFLARE_DEVICE_POSTURE_RESULTS)
• Cloudflare DLP Forensic Copies (CLOUDFLARE_DLP_FORENSIC_COPIES)
• Cloudflare DNS Firewall Logs (CLOUDFLARE_DNS_FIREWALL_LOGS)
• Cloudflare DNS logs (CLOUDFLARE_DNS_LOGS)
• Cloudflare Email Security Alerts (CLOUDFLARE_EMAIL_SECURITY_ALERTS)
• Cloudflare Firewall Events (CLOUDFLARE_FIREWALL_EVENTS)
• Cloudflare Gateway DNS (CLOUDFLARE_GATEWAY_DNS)
• Cloudflare Gateway HTTP (CLOUDFLARE_GATEWAY_HTTP)
• Cloudflare Gateway Network (CLOUDFLARE_GATEWAY_NETWORK)
• Cloudflare HTTP requests (CLOUDFLARE_HTTP_REQUESTS)
• Cloudflare Magic IDS Detections (CLOUDFLARE_MAGIC_IDS_DETECTIONS)
• Cloudflare NEL reports (CLOUDFLARE_NEL_REPORTS)
• Cloudflare Sinkhole HTTP Logs (CLOUDFLARE_SINKHOLE_HTTP_LOGS)
• Cloudflare SSH Logs (CLOUDFLARE_SSH_LOGS)
• Cloudflare Workers Trace Events (CLOUDFLARE_WORKERS_TRACE_EVENTS)
• Cloudflare Zero Trust Network Session (CLOUDFLARE_ZERO_TRUST_NETWORK_SESSION)
• CloudWave Honeypot (CLOUDWAVE_HONEYPOT)
• ColorTokens (COLORTOKENS)
• Contrast Security (CONTRAST_SECURITY)
• Conversational Agents and Dialogflow (CONVERSATIONAL_AGENT)
• Corero SmartWall One (CORERO_SMARTWALL_ONE)
• Cytracom Control One (CYTRACOM_CONTROL_ONE)
• Datadog Application Security Management (DATADOG_ASM)
• Express NodeJS (EXPRESS_NODEJS)
• F5 Distributed Cloud WAF (F5_DCS_WAF)
• Figma Developers (FIGMA)
• FIS Trax Payment Factory (TRAX)
• Fortinet FortiDeceptor (FORTINET_FORTIDECEPTOR)
• Fortinet FortiSASE (FORTINET_FORTISASE)
• Gemini Code Assist (GEMINI_CODE_ASSIST)
• Genea Access Control (GENEA_ACCESS_CONTROL)
• Genetec Synergis (GENETEC_SYNERGIS)
• GL TRADE (GL_TRADE)
• HP Inc MFP (HP_INC_MFP)
• HP Tandem (HP_TANDEM)
• Huawei Versatile Routing Platform (HUAWEI_VRP)
• Human Security (HUMAN_SECURITY)
• iManage Threat Manager (IMANAGE_THREAT_MANAGER)
• Indefend DLP (INDEFEND_DLP)
• Invicti (INVICTI)
• Isonline ISL Light (ISL_LIGHT)
• Itential Pronghorn (ITENTIAL_PRONGHORN)
• Jit (JIT)
• Kodem Security (KODEM_SECURITY)
• Konica Minolta YSoft SafeQ (YSOFT_SAFEQ)
• LayerX (LAYERX)
• LinOTP (LIN_OTP)
• Magento Cloud (MAGENTO_CLOUD)
• Mandiant Advantage Security Validation (MA_SV)
• NetApp ONTAP Audit (NETAPP_ONTAP_AUDIT)
• Netscout Arbor Threat Mitigation System (NETSCOUT_TMS)
• Netwrix Privilege Secure (NETWRIX_PRIVILEGE_SECURE)
• NeuVector SUSE (NEUVECTOR)
• Novidea Insurance Management System (NOVIDEA_CLAIM_HISTORY)
• OneTrust (ONETRUST)
• Openpath Context (OPENPATH_CONTEXT)
• Oracle Audit Vault Database Firewall (ORACLE_AVDF)
• Oracle CPQ (ORACLE_CPQ)
• Oracle Exadata Database Machine (ORACLE_EXADATA)
• Palo Alto Prisma Cloud Workload Protection (PAN_PRISMA_CWP)
• Palo Alto Prisma Dig Cloud DSPM (PAN_PRISMA_DIG_CLOUD_DSPM)
• Panorays (PANORAYS)
• Pathlock Identity Security Platform (PATHLOCK)
• Procore (PROCORE)
• ProofPoint Email Protection (PROOFPOINT_EMAIL_PROTECTION)
• Radiantone (RADIANTONE)
• Radware Cloud WAF Service Access (RADWARE_ACCESS)
• Reblaze Web Application Firewall (REBLAZE_WAF)
• Red Access Browsing Security (RED_ACCESS)
• SafeNet Network HSM (SAFENET_HSM)
• Salesforce Marketing Cloud Audit (SALESFORCE_MARKETING_CLOUD_AUDIT)
• Salesforce Shield (SALESFORCE_SHIELD)
• Sangfor IAG (SANGFOR_IAG)
• SAP Leasing (SAP_LEASING)
• SAS Institute (SAS_INSTITUTE)
• Securden (SECURDEN)
• SecurEnvoy SecurAccess (SECURENVOY_MFA)
• Securesoft Sniper IPS (SECURESOFT_SNIPER_IPS)
• Sentra Data Loss Prevention (SENTRA_DLP)
• Shield IoT (SHIELD_IOT)
• Siemens Simatic S7 PLC SNMP (SIEMENS_S7_PLC_SNMP)
• Siemens Simatic S7 PLC SYSLOG (SIEMENS_S7_PLC_SYSLOG)
• Smartsheet User Context (SMARTSHEET_USER_CONTEXT)
• Snowflake Access (SNOWFLAKE_ACCESS)
• SOCRadar Incidents (SOCRADAR_INCIDENTS)
• Strata Maverics Identity Orchestration Platform (STRATA_MAVERICS)
• Stripe Payments (STRIPE)
• Suridata (SURIDATA)
• Teradata Access (TERADATA_ACCESS)
• Thales payShield 10K HSM (THALES_PS10K_HSM)
• Trend Micro TippingPoint Security Management System (TREND_MICRO_TIPPING_POINT)
• Valence Security (VALENCE)
• Vertica Audit (VERTICA_AUDIT)
• Windows NTP (WINDOWS_NTP)
• Winget Autoupdate (WINGET_AUTOUPDATE)
• Wiz Runtime Execution Data (WIZ_RUNTIME_EXECUTION_DATA)
• Workiva Wdesk (WORKIVA_WDESK)
• XL Release (XLR)
• Yugabyte Database (YUGABYTE_DATABASE)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Google SecOps has updated the list of supported default parsers. Parsers are updated gradually, so changes may take one-to-four days to appear in your region.

The following supported default parsers have been updated. Each parser is listed by product name and log_type value, if applicable. This list now includes both released default parsers and pending parser updates.

• 1Password Audit Events (ONEPASSWORD_AUDIT_EVENTS)
• AIX system (AIX_SYSTEM)
• Akamai DataStream 2 (AKAMAI_DATASTREAM_2)
• Alveo Risk Data Management (ALVEO_RDM)
• Amazon API Gateway (AWS_API_GATEWAY)
• Apache Tomcat (TOMCAT)
• Appian Cloud (APPIAN_CLOUD)
• Arcsight CEF (ARCSIGHT_CEF)
• Asset Panda (ASSET_PANDA)
• Aware Audit (AWARE_AUDIT)
• Aware Signals (AWARE_SIGNALS)
• AWS Cloudtrail (AWS_CLOUDTRAIL)
• AWS CloudWatch (AWS_CLOUDWATCH)
• AWS ECS Metrics (AWS_ECS_METRICS)
• AWS Elastic Load Balancer (AWS_ELB)
• AWS GuardDuty (GUARDDUTY)
• AWS Inspector (AWS_INSPECTOR)
• AWS Lambda Function (AWS_LAMBDA_FUNCTION)
• AWS RDS (AWS_RDS)
• AWS Redshift (AWS_REDSHIFT)
• AWS Route 53 DNS (AWS_ROUTE_53)
• AWS Security Hub (AWS_SECURITY_HUB)
• AWS VPC Flow (AWS_VPC_FLOW)
• AWS WAF (AWS_WAF)
• Azure AD Directory Audit (AZURE_AD_AUDIT)
• Azure AD Organizational Context (AZURE_AD_CONTEXT)
• Azure Application Gateway (AZURE_GATEWAY)
• Azure Firewall (AZURE_FIREWALL)
• Azure Key Vault logging (AZURE_KEYVAULT_AUDIT)
• Barracuda CloudGen Firewall (BARRACUDA_CLOUDGEN_FIREWALL)
• Barracuda WAF (BARRACUDA_WAF)
• BeyondTrust BeyondInsight (BEYONDTRUST_BEYONDINSIGHT)
• Blue Coat Proxy (BLUECOAT_WEBPROXY)
• Broadcom Support Portal Audit Logs (BROADCOM_SUPPORT_PORTAL)
• Cato Networks (CATO_NETWORKS)
• Cequence Bot Defense (CEQUENCE_BOT_DEFENSE)
• Check Point (CHECKPOINT_FIREWALL)
• ChromeOS XDR (CHROMEOS_XDR)
• Cisco Email Security (CISCO_EMAIL_SECURITY)
• Cisco EStreamer (CISCO_ESTREAMER)
• Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL)
• Cisco FireSIGHT Management Center (CISCO_FIRESIGHT)
• Cisco Internetwork Operating System (CISCO_IOS)
• Cisco IronPort (CISCO_IRONPORT)
• Cisco ISE (CISCO_ISE)
• Cisco NX-OS (CISCO_NX_OS)
• Cisco Switch (CISCO_SWITCH)
• Cisco Umbrella Cloud Firewall (UMBRELLA_FIREWALL)
• Cisco vManage SD-WAN (CISCO_SDWAN)
• Cisco VPN (CISCO_VPN)
• Citrix Netscaler (CITRIX_NETSCALER)
• Citrix Storefront (CITRIX_STOREFRONT)
• Claroty Xdome (CLAROTY_XDOME)
• Cloud Audit Logs (N/A)
• Cloud Data Loss Prevention (N/A)
• Cloudflare Network Analytics (CLOUDFLARE_NETWORK_ANALYTICS)
• Cloudflare WAF (CLOUDFLARE_WAF)
• Cloudflare Warp (CLOUDFLARE_WARP)
• CommVault (COMMVAULT)
• CrowdStrike Detection Monitoring (CS_DETECTS)
• CrowdStrike Falcon (CS_EDR)
• CrowdStrike Falcon Stream (CS_STREAM)
• CrowdStrike Identity Protection Services (CS_IDP)
• CrushFTP (CRUSHFTP)
• Custom Application Access Logs (CUSTOM_APPLICATION_ACCESS)
• CyberArk Privileged Access Manager (PAM) (CYBERARK_PAM)
• Cybereason EDR (CYBEREASON_EDR)
• Cyolo Secure Remote Access for OT (CYOLO_OT)
• Datadog (DATADOG)
• Delinea Secret Server (DELINEA_SECRET_SERVER)
• Dell CyberSense (DELL_CYBERSENSE)
• Digicert (DIGICERT)
• Edgio WAF (EDGIO_WAF)
• Elastic Packet Beats (ELASTIC_PACKETBEATS)
• F5 ASM (F5_ASM)
• F5 DNS (F5_DNS)
• Forcepoint DLP (FORCEPOINT_DLP)
• Forcepoint NGFW (FORCEPOINT_FIREWALL)
• Forgerock OpenIdM (FORGEROCK_OPENIDM)
• FortiGate (FORTINET_FIREWALL)
• Fortinet FortiAnalyzer (FORTINET_FORTIANALYZER)
• Fortinet Fortimanager (FORTINET_FORTIMANAGER)
• Fortinet Web Application Firewall (FORTINET_FORTIWEB)
• GitHub (GITHUB)
• Gitlab (GITLAB)
• Harness IO (HARNESS_IO)
• Hashicorp Vault (HASHICORP)
• Hillstone Firewall (HILLSTONE_NGFW)
• Huawei Switches (HUAWEI_SWITCH)
• IBM Guardium (GUARDIUM)
• Imperva Database (IMPERVA_DB)
• Intel Endpoint Management Assistant (INTEL_EMA)
• JAMF Security Cloud (JAMF_SECURITY_CLOUD)
• JFrog Artifactory (JFROG_ARTIFACTORY)
• JumpCloud Directory Insights (JUMPCLOUD_DIRECTORY_INSIGHTS)
• Juniper (JUNIPER_FIREWALL)
• Kaspersky AV (KASPERSKY_AV)
• Kaspersky Endpoint (KASPERSKY_ENDPOINT)
• Kolide Endpoint Security (KOLIDE)
• Kubernetes Audit (KUBERNETES_AUDIT)
• Layer7 SiteMinder (SITEMINDER_SSO)
• Linux Auditing System (AuditD) (AUDITD)
• Looker Audit (LOOKER_AUDIT)
• ManageEngine ADAudit Plus (ADAUDIT_PLUS)
• ManageEngine ADManager Plus (ADMANAGER_PLUS)
• McAfee Web Gateway (MCAFEE_WEBPROXY)
• Metabase (METABASE)
• Microsoft AD FS (ADFS)
• Microsoft Azure Activity (AZURE_ACTIVITY)
• Microsoft Azure NSG Flow (AZURE_NSG_FLOW)
• Microsoft CyberX (CYBERX)
• Microsoft Defender for Endpoint (MICROSOFT_DEFENDER_ENDPOINT)
• Microsoft Defender for Identity (MICROSOFT_DEFENDER_IDENTITY)
• Microsoft Defender for Office 365 (MICROSOFT_DEFENDER_MAIL)
• Microsoft IIS (IIS)
• Microsoft PowerShell (POWERSHELL)
• Microsoft Sentinel (MICROSOFT_SENTINEL)
• Microsoft System Center Endpoint Protection (MICROSOFT_SCEP)
• Mikrotik Router (MIKROTIK_ROUTER)
• Mimecast (MIMECAST_MAIL)
• MISP Threat Intelligence (MISP_IOC)
• NetIQ eDirectory (NETIQ_EDIRECTORY)
• Netskope V2 (NETSKOPE_ALERT_V2)
• Nozomi Networks Scada Guardian (NOZOMI_GUARDIAN)
• Office 365 (OFFICE_365)
• Okta (OKTA)
• Okta User Context (OKTA_USER_CONTEXT)
• One Identity Identity Manager (ONE_IDENTITY_IDENTITY_MANAGER)
• Oort Security Tool (OORT)
• Open Cybersecurity Schema Framework (OCSF) (OCSF)
• Open LDAP (OPENLDAP)
• Opnsense (OPNSENSE)
• Ops Genie (OPS_GENIE)
• Oracle (ORACLE_DB)
• Oracle Cloud Guard (OCI_CLOUDGUARD)
• Oracle Cloud Infrastructure Audit Logs (OCI_AUDIT)
• Orca Cloud Security Platform (ORCA)
• Palo Alto Cortex XDR Alerts (CORTEX_XDR)
• Palo Alto Networks Firewall (PAN_FIREWALL)
• Palo Alto Panorama (PAN_PANORAMA)
• Palo Alto Prisma Access (PAN_CASB)
• Palo Alto Prisma Cloud Alert payload (PAN_PRISMA_CA)
• Pharos (PHAROS)
• Privacy-I (PRIVACY_I)
• Proofpoint On Demand (PROOFPOINT_ON_DEMAND)
• Proofpoint Tap Alerts (PROOFPOINT_MAIL)
• Proofpoint Threat Response (PROOFPOINT_TRAP)
• Radware Web Application Firewall (RADWARE_FIREWALL)
• ReviveSec (REVIVESEC)
• Rubrik (RUBRIK)
• Salesforce (SALESFORCE)
• Sangfor Proxy (SANGFOR_PROXY)
• Security Command Center Posture Violation (GCP_SECURITYCENTER_POSTURE_VIOLATION)
• Security Command Center Threat (N/A)
• Security Command Center Toxic Combination (GCP_SECURITYCENTER_TOXIC_COMBINATION)
• ServiceNow CMDB (SERVICENOW_CMDB)
• Snare System Diagnostic Logs (SNARE_SOLUTIONS)
• Snipe-IT (SNIPE_IT)
• Snyk Group level audit/issues logs (SNYK_ISSUES)
• SonicWall (SONIC_FIREWALL)
• Sophos Central (SOPHOS_CENTRAL)
• Swimlane Platform (SWIMLANE)
• Symantec DLP (SYMANTEC_DLP)
• Symantec Event export (SYMANTEC_EVENT_EXPORT)
• Symantec Web Security Service (SYMANTEC_WSS)
• Tanium Question (TANIUM_QUESTION)
• Tanium Threat Response (TANIUM_THREAT_RESPONSE)
• Teleport Access Plane (TELEPORT_ACCESS_PLANE)
• Tenable Active Directory Security (TENABLE_ADS)
• Tenable CSPM (TENABLE_CSPM)
• tenable.io (TENABLE_IO)
• Terraform Enterprise Audit (TERRAFORM_ENTERPRISE)
• Thinkst Canary (THINKST_CANARY)
• ThreatX WAF (THREATX_WAF)
• Trend Micro Email Security Advanced (TRENDMICRO_EMAIL_SECURITY)
• Trend Micro Vision One (TRENDMICRO_VISION_ONE)
• TrendMicro Apex Central (TRENDMICRO_APEX_CENTRAL)
• TXOne Stellar (TRENDMICRO_STELLAR)
• UKG (UKG)
• Unix system (NIX_SYSTEM)
• UPX AntiDDoS (UPX_ANTIDDOS)
• VanDyke SFTP (VANDYKE_SFTP)
• Varonis (VARONIS)
• Vectra Alerts (VECTRA_ALERTS)
• Vectra Stream (VECTRA_STREAM)
• VMware AirWatch (AIRWATCH)
• Vmware Avinetworks iWAF (VMWARE_AVINETWORKS_IWAF)
• VMware ESXi (VMWARE_ESX)
• VMware Horizon (VMWARE_HORIZON)
• Watchguard EDR (WATCHGUARD_EDR)
• Windows Defender AV (WINDOWS_DEFENDER_AV)
• Windows DHCP (WINDOWS_DHCP)
• Windows DNS (WINDOWS_DNS)
• Windows Event (WINEVTLOG)
• Windows Event (XML) (WINEVTLOG_XML)
• Windows Sysmon (WINDOWS_SYSMON)
• Workday Audit Logs (WORKDAY_AUDIT)
• Workday User Activity (WORKDAY_USER_ACTIVITY)
• WPEngine (WPENGINE)
• Zimperium (ZIMPERIUM)
• Zscaler (ZSCALER_WEBPROXY)
• ZScaler DNS (ZSCALER_DNS)
• Zscaler Internet Access Audit Logs (ZSCALER_INTERNET_ACCESS)
• ZScaler NGFW (ZSCALER_FIREWALL)

The following log types were added without a default parser. Each parser is listed by product name and log_type value, if applicable.

• Accenture Synthetic (ACCENTURE_SYNTHETIC)
• Adyen Platform (ADYEN)
• AliCloud ActionTrail (ALICLOUD_ACTIONTRAIL)
• Apache LOG4J Java Application Log (LOG4J)
• AppSmith Audit (APPSMITH_AUDIT)
• Arctic Security Arctic Node (ARCTIC_NODE)
• Arista CorvilNet DANZ Integration (ARISTA_CORVILNET)
• Arista Extensible Operating System (ARISTA_EOS)
• AvePoint EnPower (AVEPOINT_ENPOWER)
• Avigilon Alta Cloud Security (AVIGILON_ALTA_CLOUD_SECURITY)
• Avigilon Ava Security Camera (AVIGILON_AVA_SECURITY_CAMERA)
• AWS Dasha (AWS_DASHA)
• AWS Elastic Kubernetes Service (AWS_EKS)
• Azure Network Security Group Event (AZURE_NSG_EVENT)
• Azure Windows Virtual Desktop Connections Logs (AZURE_WVD_CONNECTIONS)
• Azure Windows Virtual Desktop Management Logs (AZURE_WVD_MANAGEMENT)
• Barracuda Load Balancer ADC (BARRACUDA_LOAD_BALANCER)
• Broadcom Edge Secure Web Gateway (BROADCOM_EDGE_SWG)
• Celonis Audit Logs (CELONIS)
• Chopin PrePay Solutions (CHOPIN_PPS)
• Cisco Duo Authentication Proxy (DUO_AUTH_PROXY)
• Cloudflare CASB Findings (CLOUDFLARE_CASB_FINDINGS)
• Cloudflare Device posture results (CLOUDFLARE_DEVICE_POSTURE_RESULTS)
• Cloudflare DLP Forensic Copies (CLOUDFLARE_DLP_FORENSIC_COPIES)
• Cloudflare DNS Firewall Logs (CLOUDFLARE_DNS_FIREWALL_LOGS)
• Cloudflare DNS logs (CLOUDFLARE_DNS_LOGS)
• Cloudflare Email Security Alerts (CLOUDFLARE_EMAIL_SECURITY_ALERTS)
• Cloudflare Firewall Events (CLOUDFLARE_FIREWALL_EVENTS)
• Cloudflare Gateway DNS (CLOUDFLARE_GATEWAY_DNS)
• Cloudflare Gateway HTTP (CLOUDFLARE_GATEWAY_HTTP)
• Cloudflare Gateway Network (CLOUDFLARE_GATEWAY_NETWORK)
• Cloudflare HTTP requests (CLOUDFLARE_HTTP_REQUESTS)
• Cloudflare Magic IDS Detections (CLOUDFLARE_MAGIC_IDS_DETECTIONS)
• Cloudflare NEL reports (CLOUDFLARE_NEL_REPORTS)
• Cloudflare Sinkhole HTTP Logs (CLOUDFLARE_SINKHOLE_HTTP_LOGS)
• Cloudflare SSH Logs (CLOUDFLARE_SSH_LOGS)
• Cloudflare Workers Trace Events (CLOUDFLARE_WORKERS_TRACE_EVENTS)
• Cloudflare Zero Trust Network Session (CLOUDFLARE_ZERO_TRUST_NETWORK_SESSION)
• CloudWave Honeypot (CLOUDWAVE_HONEYPOT)
• ColorTokens (COLORTOKENS)
• Contrast Security (CONTRAST_SECURITY)
• Conversational Agents and Dialogflow (CONVERSATIONAL_AGENT)
• Corero SmartWall One (CORERO_SMARTWALL_ONE)
• Cytracom Control One (CYTRACOM_CONTROL_ONE)
• Datadog Application Security Management (DATADOG_ASM)
• Express NodeJS (EXPRESS_NODEJS)
• F5 Distributed Cloud WAF (F5_DCS_WAF)
• Figma Developers (FIGMA)
• FIS Trax Payment Factory (TRAX)
• Fortinet FortiDeceptor (FORTINET_FORTIDECEPTOR)
• Fortinet FortiSASE (FORTINET_FORTISASE)
• Gemini Code Assist (GEMINI_CODE_ASSIST)
• Genea Access Control (GENEA_ACCESS_CONTROL)
• Genetec Synergis (GENETEC_SYNERGIS)
• GL TRADE (GL_TRADE)
• HP Inc MFP (HP_INC_MFP)
• HP Tandem (HP_TANDEM)
• Huawei Versatile Routing Platform (HUAWEI_VRP)
• Human Security (HUMAN_SECURITY)
• iManage Threat Manager (IMANAGE_THREAT_MANAGER)
• Indefend DLP (INDEFEND_DLP)
• Invicti (INVICTI)
• Isonline ISL Light (ISL_LIGHT)
• Itential Pronghorn (ITENTIAL_PRONGHORN)
• Jit (JIT)
• Kodem Security (KODEM_SECURITY)
• Konica Minolta YSoft SafeQ (YSOFT_SAFEQ)
• LayerX (LAYERX)
• LinOTP (LIN_OTP)
• Magento Cloud (MAGENTO_CLOUD)
• Mandiant Advantage Security Validation (MA_SV)
• NetApp ONTAP Audit (NETAPP_ONTAP_AUDIT)
• Netscout Arbor Threat Mitigation System (NETSCOUT_TMS)
• Netwrix Privilege Secure (NETWRIX_PRIVILEGE_SECURE)
• NeuVector SUSE (NEUVECTOR)
• Novidea Insurance Management System (NOVIDEA_CLAIM_HISTORY)
• OneTrust (ONETRUST)
• Openpath Context (OPENPATH_CONTEXT)
• Oracle Audit Vault Database Firewall (ORACLE_AVDF)
• Oracle CPQ (ORACLE_CPQ)
• Oracle Exadata Database Machine (ORACLE_EXADATA)
• Palo Alto Prisma Cloud Workload Protection (PAN_PRISMA_CWP)
• Palo Alto Prisma Dig Cloud DSPM (PAN_PRISMA_DIG_CLOUD_DSPM)
• Panorays (PANORAYS)
• Pathlock Identity Security Platform (PATHLOCK)
• Procore (PROCORE)
• ProofPoint Email Protection (PROOFPOINT_EMAIL_PROTECTION)
• Radiantone (RADIANTONE)
• Radware Cloud WAF Service Access (RADWARE_ACCESS)
• Reblaze Web Application Firewall (REBLAZE_WAF)
• Red Access Browsing Security (RED_ACCESS)
• SafeNet Network HSM (SAFENET_HSM)
• Salesforce Marketing Cloud Audit (SALESFORCE_MARKETING_CLOUD_AUDIT)
• Salesforce Shield (SALESFORCE_SHIELD)
• Sangfor IAG (SANGFOR_IAG)
• SAP Leasing (SAP_LEASING)
• SAS Institute (SAS_INSTITUTE)
• Securden (SECURDEN)
• SecurEnvoy SecurAccess (SECURENVOY_MFA)
• Securesoft Sniper IPS (SECURESOFT_SNIPER_IPS)
• Sentra Data Loss Prevention (SENTRA_DLP)
• Shield IoT (SHIELD_IOT)
• Siemens Simatic S7 PLC SNMP (SIEMENS_S7_PLC_SNMP)
• Siemens Simatic S7 PLC SYSLOG (SIEMENS_S7_PLC_SYSLOG)
• Smartsheet User Context (SMARTSHEET_USER_CONTEXT)
• Snowflake Access (SNOWFLAKE_ACCESS)
• SOCRadar Incidents (SOCRADAR_INCIDENTS)
• Strata Maverics Identity Orchestration Platform (STRATA_MAVERICS)
• Stripe Payments (STRIPE)
• Suridata (SURIDATA)
• Teradata Access (TERADATA_ACCESS)
• Thales payShield 10K HSM (THALES_PS10K_HSM)
• Trend Micro TippingPoint Security Management System (TREND_MICRO_TIPPING_POINT)
• Valence Security (VALENCE)
• Vertica Audit (VERTICA_AUDIT)
• Windows NTP (WINDOWS_NTP)
• Winget Autoupdate (WINGET_AUTOUPDATE)
• Wiz Runtime Execution Data (WIZ_RUNTIME_EXECUTION_DATA)
• Workiva Wdesk (WORKIVA_WDESK)
• XL Release (XLR)
• Yugabyte Database (YUGABYTE_DATABASE)

For a list of supported log types and details about default parser changes, see Supported log types and default parsers.

Release 6.3.43 is now available for all regions.

Summarization with custom sections, generative knowledge assist, and proactive generative knowledge assist are available in the following regions:

• northamerica-northeast1 (Montreal)
• northamerica-northeast2 (Toronto)
• europe-west4 (Eemshaven)
• europe-west6 (Zurich)
• asia-southeast2 (Jakarta)
• me-west1 (Tel Aviv)

cos-117-18613-164-121