SecOps Streams
Overview
SecOps Streams is the source you add when a Google SecOps data processing pipeline should apply to specific Chronicle streams—by log type, ingestion method, and optional collector or feed hints—so downstream processors and the Google SecOps Data Processor Integration destination only touch the traffic you intend.
Supported platforms
- Linux:
Logs - Windows:
Logs - macOS:
Logs
Stream Configuration
| Parameter | Type | Required | Description |
|---|---|---|---|
| streams | array | Yes | One or more stream definitions. |
| streams[].log_type | string | Yes | Google SecOps log type (for example GCP_CLOUDAUDIT). |
| streams[].ingestion_methods | array | No | Allowed ingestion methods (cloud_native_ingestion, feed, ingestion_api, workspace_ingestion). |
| streams[].collector_id | string | No | Optional collector identifier for stream scoping. |
| streams[].feed | string | No | Optional feed identifier for stream scoping. |
Example Configuration
{
"streams": [
{
"log_type": "GCP_CLOUDAUDIT",
"ingestion_methods": ["feed", "ingestion_api"],
"collector_id": "collector-123",
"feed": "feed-abc"
}
]
}
See also
- Google SecOps data processing pipeline (integration) — how SecOps Streams fit into the SecOps pipeline type and Chronicle
logProcessingPipelines - Google SecOps Data Processor Integration (destination)