1. Docs
  2. Send Data to Honeycomb
  3. Honeycomb Telemetry Pipeline
  4. Pipeline Manager Processors
  5. Google SecOps Standardization

Google SecOps Standardization

Ent+
Note
This feature is available as an add-on for the Honeycomb Enterprise plan. Please contact your Honeycomb account team for details.
Warning
This processor requires collector version 1.64.0 or newer to send fields to Google SecOps. In older collector versions, namespace and ingestion label fields will be added to telemetry but not parsed in Google SecOps.

Description 

The Google SecOps Standardization processor can be used to add the log_type ingestion label, which specifies the appropriate SecOps Parser for your logs.

Supported Types 

Metrics Logs Traces

Configuration 

Field Description
Log Type The type of log that will be sent.
Namespace User-configured environment namespace to identify the data domain the logs originated from.
Ingestion Labels Key-value pairs of labels to be applied to the logs when sent to chronicle.

Example Configuration 

Configure Google SecOps for Windows events 

This example configuration sets logType to “WINEVTLOG”, namespace to “security”, and ingestionLabels to a key-value pair: “environment” and “production”.

Standalone Processor:

apiVersion: bindplane.observiq.com/v1
kind: Processor
metadata:
  id: google_secops_standardization
  name: google_secops_standardization
spec:
  type: google_secops_standardization
  parameters:
    - name: telemetry_types
      value: ['Logs']
    - name: condition
      value: 'true'
    - name: googleSecOpsStandardization
      value:
        condition: true
        logType: WINEVTLOG
        namespace: status
        ingestionLabels:
          environment: production
On this page: