UDM and Data Parsing allow Google SecOps to provide rich contextual data to events. How can one tell when data isn enriched in the Google SecOps interface?
- Enriched fields are not displayed until they are present in a case.
- The enriched fields are the only fields displayed.
- The enriched fields are annotated with an ‘E’
- Enriched fields are created with the outcome section of an alert.