We've reorganized our navigation structure to align directly with your operational workflows. See the Google SecOps release notes for more information.
The BigQuery data schema defines how Google Security Operations exports
normalized and contextualized security data into BigQuery. Each linked
dataset corresponds to a different data type, such as UDM events, rule detections,
IoC matches, entity relationships, and ingestion metrics. These datasets provide
a structural view of your exported data, letting you query, join, and analyze
security information.
The following topics describe the available schemas, their field definitions, and
how they map to data exported by Google SecOps:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2026-06-24 UTC."],[],[]]
