Ent+
This feature is available as an add-on for the Honeycomb Enterprise plan.
Please contact your Honeycomb account team for details. This processor requires collector version 1.64.0 or newer to send fields to Google SecOps. In older collector versions, namespace and ingestion label fields will be added to telemetry but not parsed in Google SecOps.
Description
The Google SecOps Standardization processor can be used to add the log_type ingestion label, which specifies the appropriate SecOps Parser for your logs.
Supported Types
Configuration
| Field | Description |
|---|
| Log Type | The type of log that will be sent. |
| Namespace | User-configured environment namespace to identify the data domain the logs originated from. |
| Ingestion Labels | Key-value pairs of labels to be applied to the logs when sent to chronicle. |
Example Configuration
This example configuration sets logType to “WINEVTLOG”, namespace to “security”, and ingestionLabels to a key-value pair: “environment” and “production”.
Standalone Processor:
apiVersion: bindplane.observiq.com/v1
kind: Processor
metadata:
id: google_secops_standardization
name: google_secops_standardization
spec:
type: google_secops_standardization
parameters:
- name: telemetry_types
value: ['Logs']
- name: condition
value: 'true'
- name: googleSecOpsStandardization
value:
condition: true
logType: WINEVTLOG
namespace: status
ingestionLabels:
environment: production
