diff --git a/.script/tests/KqlvalidationsTests/CustomFunctions/GCP_IAM.json b/.script/tests/KqlvalidationsTests/CustomFunctions/GCP_IAM.json
new file mode 100644
index 00000000000..cc46aa15bb1
--- /dev/null
+++ b/.script/tests/KqlvalidationsTests/CustomFunctions/GCP_IAM.json
@@ -0,0 +1,330 @@
+{
+    "FunctionName": "GCP_IAM",
+    "FunctionParameters": [],
+    "FunctionResultColumns": [
+        {
+            "Name": "TimeGenerated",
+            "Type": "DateTime"
+        },
+        {
+            "Name": "PayloadStatusCode",
+            "Type": "Double"
+        },
+        {
+            "Name": "PayloadStatusMessage",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestKeyTypes",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadServicedataPermissiondeltaRemovedpermissions",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestUpdateMaskPaths",
+            "Type": "String"
+        },
+        {
+            "Name": "ResourceLabelsTopicId",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadServicedataPolicydeltaBindingdeltas",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestPolicyAuditconfigs",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestPolicyEtag",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestPolicyBindings",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestResource",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseBindings",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseAuditconfigs",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestPageSize",
+            "Type": "Double"
+        },
+        {
+            "Name": "PayloadRequestRemoveDeletedServiceAccounts",
+            "Type": "Boolean"
+        },
+        {
+            "Name": "PayloadRequestRemoveDeletedServiceAccounts",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestView",
+            "Type": "Double"
+        },
+        {
+            "Name": "PayloadRequestParent",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestShowDeleted",
+            "Type": "Boolean"
+        },
+        {
+            "Name": "PayloadRequestShowDeleted",
+            "Type": "String"
+        },
+        {
+            "Name": "ResourceLabelsRoleName",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadServicedataType",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadServicedataPermissiondeltaAddedpermissions",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestRoleIncludedPermissions",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestRoleTitle",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestRoleDescription",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestRoleId",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseGroupName",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseIncludedPermissions",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseTitle",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseGroupTitle",
+            "Type": "String"
+        },
+        {
+            "Name": "LogName",
+            "Type": "String"
+        },
+        {
+            "Name": "InsertId",
+            "Type": "String"
+        },
+        {
+            "Name": "EventSeverity",
+            "Type": "String"
+        },
+        {
+            "Name": "EventEndTime",
+            "Type": "DateTime"
+        },
+        {
+            "Name": "EventEndTime",
+            "Type": "String"
+        },
+        {
+            "Name": "ResourceType",
+            "Type": "String"
+        },
+        {
+            "Name": "ResourceLabelsEmailId",
+            "Type": "String"
+        },
+        {
+            "Name": "ResourceLabelsProjectId",
+            "Type": "String"
+        },
+        {
+            "Name": "ResourceLabelsUniqueId",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadType",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadAuthenticationinfoPrincipalemail",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadAuthenticationinfoPrincipalsubject",
+            "Type": "String"
+        },
+        {
+            "Name": "SrcIpAddr",
+            "Type": "String"
+        },
+        {
+            "Name": "HttpUserAgentOriginal",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestmetadataRequestattributesTime",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadServicename",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadMethodname",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadAuthorizationinfo",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResourcename",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestType",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestName",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestAccountId",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestServiceAccountDescription",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestServiceAccountDisplayName",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseOauth2ClientId",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseName",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseEtag",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseUniqueId",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseDescription",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseProjectId",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseDisplayName",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseType",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadResponseEmail",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestPrivateKeyType",
+            "Type": "Double"
+        },
+        {
+            "Name": "PayloadResponseValidBeforeTimeSeconds",
+            "Type": "Double"
+        },
+        {
+            "Name": "PayloadResponseValidAfterTimeSeconds",
+            "Type": "Double"
+        },
+        {
+            "Name": "PayloadResponseKeyType",
+            "Type": "Double"
+        },
+        {
+            "Name": "PayloadResponseKeyOrigin",
+            "Type": "Double"
+        },
+        {
+            "Name": "PayloadResponsePrivateKeyType",
+            "Type": "Double"
+        },
+        {
+            "Name": "PayloadResponseKeyAlgorithm",
+            "Type": "Double"
+        },
+        {
+            "Name": "ResourceLabelsService",
+            "Type": "String"
+        },
+        {
+            "Name": "ResourceLabelsVersion",
+            "Type": "String"
+        },
+        {
+            "Name": "ResourceLabelsLocation",
+            "Type": "String"
+        },
+        {
+            "Name": "ResourceLabelsMethod",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestFullResourceName",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestOptionsRequestedPolicyVersion",
+            "Type": "Double"
+        },
+        {
+            "Name": "PayloadRequestSkipVisibilityCheck",
+            "Type": "Boolean"
+        },
+        {
+            "Name": "PayloadRequestSkipVisibilityCheck",
+            "Type": "String"
+        },
+        {
+            "Name": "PayloadRequestPageToken",
+            "Type": "String"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/Solutions/GoogleCloudPlatformIAM/Package/3.0.7.zip b/Solutions/GoogleCloudPlatformIAM/Package/3.0.7.zip
new file mode 100644
index 00000000000..63a2a86dba0
Binary files /dev/null and b/Solutions/GoogleCloudPlatformIAM/Package/3.0.7.zip differ
diff --git a/Solutions/GoogleCloudPlatformIAM/Package/mainTemplate.json b/Solutions/GoogleCloudPlatformIAM/Package/mainTemplate.json
index 25a5a747608..a8406280e8c 100644
--- a/Solutions/GoogleCloudPlatformIAM/Package/mainTemplate.json
+++ b/Solutions/GoogleCloudPlatformIAM/Package/mainTemplate.json
@@ -55,7 +55,7 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "GoogleCloudPlatformIAM",
-    "_solutionVersion": "3.0.6",
+    "_solutionVersion": "3.0.7",
     "solutionId": "azuresentinel.azure-sentinel-solution-gcpiam",
     "_solutionId": "[variables('solutionId')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
@@ -726,7 +726,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCP_IAM Data Parser with template version 3.0.6",
+        "description": "GCP_IAM Data Parser with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -743,7 +743,7 @@
                 "displayName": "GoogleCloudPlatformIAM Data Parser",
                 "category": "Microsoft Sentinel Parser",
                 "functionAlias": "GCP_IAM",
-                "query": "let GCPIam_view  = view () {\nlet IamQuery_GcpIam_empty = datatable(\n    PayloadStatusCode_e:real,\n    PayloadStatusMessage_e:string,\n    PayloadRequestKeyTypes_e:string,\n    PayloadServicedataPermissiondeltaRemovedpermissions_e:string,\n    PayloadRequestUpdateMaskPaths_e:string,\n    ResourceLabelsTopicId_e:string,\n    PayloadServicedataPolicydeltaBindingdeltas_e:string,\n    PayloadRequestPolicyAuditconfigs_e:string,\n    PayloadRequestPolicyEtag_e:string,\n    PayloadRequestPolicyBindings_e:string,\n    PayloadRequestResource_e:string,\n    PayloadResponseBindings_e:string,\n    PayloadResponseAuditconfigs_e:string,\n    PayloadRequestPageSize_e:real,\n    PayloadRequestRemoveDeletedServiceAccounts_e:bool,\n    PayloadRequestView_e:real,\n    PayloadRequestParent_e:string,\n    PayloadRequestShowDeleted_e:bool,\n    ResourceLabelsRoleName_e:string,\n    PayloadServicedataType_e:string,\n    PayloadServicedataPermissiondeltaAddedpermissions_e:string,\n    PayloadRequestRoleIncludedPermissions_e:string,\n    PayloadRequestRoleTitle_e:string,\n    PayloadRequestRoleDescription_e:string,\n    PayloadRequestRoleId_e:string,\n    PayloadResponseGroupName_e:string,\n    PayloadResponseIncludedPermissions_e:string,\n    PayloadResponseTitle_e:string,\n    PayloadResponseGroupTitle_e:string,\n    LogName_e:string,\n    InsertId_e:string,\n    EventSeverity_e:string,\n    EventEndTime_e:datetime,\n    ResourceType_e:string,\n    ResourceLabelsEmailId_e:string,\n    ResourceLabelsProjectId_e:string,\n    ResourceLabelsUniqueId_e:string,\n    PayloadType_e:string,\n    PayloadAuthenticationinfoPrincipalemail_e:string,\n    PayloadAuthenticationinfoPrincipalsubject_e:string,\n    SrcIpAddr_e:string,\n    HttpUserAgentOriginal_e:string,\n    PayloadRequestmetadataRequestattributesTime_e:string,\n    PayloadServicename_e:string,\n    PayloadMethodname_e:string,\n    PayloadAuthorizationinfo_e:string,\n    PayloadResourcename_e:string,\n    PayloadRequestType_e:string,\n    PayloadRequestName_e:string,\n    PayloadRequestAccountId_e:string,\n    PayloadRequestServiceAccountDescription_e:string,\n    PayloadRequestServiceAccountDisplayName_e:string,\n    PayloadResponseOauth2ClientId_e:string,\n    PayloadResponseName_e:string,\n    PayloadResponseEtag_e:string,\n    PayloadResponseUniqueId_e:string,\n    PayloadResponseDescription_e:string,\n    PayloadResponseProjectId_e:string,\n    PayloadResponseDisplayName_e:string,\n    PayloadResponseType_e:string,\n    PayloadResponseEmail_e:string,\n    PayloadRequestPrivateKeyType_e:real,\n    PayloadResponseValidBeforeTimeSeconds_e:real,\n    PayloadResponseValidAfterTimeSeconds_e:real,\n    PayloadResponseKeyType_e:real,\n    PayloadResponseKeyOrigin_e:real,\n    PayloadResponsePrivateKeyType_e:real,\n    PayloadResponseKeyAlgorithm_e:real,\n    ResourceLabelsService_e:string,\n    ResourceLabelsVersion_e:string,\n    ResourceLabelsLocation_e:string,\n    ResourceLabelsMethod_e:string,\n    PayloadRequestFullResourceName_e:string,\n    PayloadRequestOptionsRequestedPolicyVersion_e:real,\n    PayloadRequestSkipVisibilityCheck_e:bool,\n    PayloadRequestPageToken_e:string\n)[];\nlet IamQuery_GcpIam = union isfuzzy=true GCP_IAM_CL, IamQuery_GcpIam_empty \n  | extend\n  PayloadStatusCode_e=column_ifexists('payload_status_code_d', ''),\n  PayloadStatusMessage_e=column_ifexists('payload_status_message_s', ''),\n  PayloadRequestKeyTypes_e=column_ifexists('payload_request_key_types_s', ''),\n  PayloadServicedataPermissiondeltaRemovedpermissions_e=column_ifexists('payload_serviceData_permissionDelta_removedPermissions_s', ''),\n  PayloadRequestUpdateMaskPaths_e=column_ifexists('payload_request_update_mask_paths_s', ''),\n  ResourceLabelsTopicId_e=column_ifexists('resource_labels_topic_id_s', ''),\n  PayloadServicedataPolicydeltaBindingdeltas_e=column_ifexists('payload_serviceData_policyDelta_bindingDeltas_s', ''),\n  PayloadRequestPolicyAuditconfigs_e=column_ifexists('payload_request_policy_auditConfigs_s', ''),\n  PayloadRequestPolicyEtag_e=column_ifexists('payload_request_policy_etag_s', ''),\n  PayloadRequestPolicyBindings_e=column_ifexists('payload_request_policy_bindings_s', ''),\n  PayloadRequestResource_e=column_ifexists('payload_request_resource_s', ''),\n  PayloadResponseBindings_e=column_ifexists('payload_response_bindings_s', ''),\n  PayloadResponseAuditconfigs_e=column_ifexists('payload_response_auditConfigs_s', ''),\n  PayloadRequestPageSize_e=column_ifexists('payload_request_page_size_d', ''),\n  PayloadRequestRemoveDeletedServiceAccounts_e=column_ifexists('payload_request_remove_deleted_service_accounts_b', ''),\n  PayloadRequestView_e=column_ifexists('payload_request_view_d', ''),\n  PayloadRequestParent_e=column_ifexists('payload_request_parent_s', ''),\n  PayloadRequestShowDeleted_e=column_ifexists('payload_request_show_deleted_b', ''),\n  ResourceLabelsRoleName_e=column_ifexists('resource_labels_role_name_s', ''),\n  PayloadServicedataType_e=column_ifexists('payload_serviceData__type_s', ''),\n  PayloadServicedataPermissiondeltaAddedpermissions_e=column_ifexists('payload_serviceData_permissionDelta_addedPermissions_s', ''),\n  PayloadRequestRoleIncludedPermissions_e=column_ifexists('payload_request_role_included_permissions_s', ''),\n  PayloadRequestRoleTitle_e=column_ifexists('payload_request_role_title_s', ''),\n  PayloadRequestRoleDescription_e=column_ifexists('payload_request_role_description_s', ''),\n  PayloadRequestRoleId_e=column_ifexists('payload_request_role_id_s', ''),\n  PayloadResponseGroupName_e=column_ifexists('payload_response_group_name_s', ''),\n  PayloadResponseIncludedPermissions_e=column_ifexists('payload_response_included_permissions_s', ''),\n  PayloadResponseTitle_e=column_ifexists('payload_response_title_s', ''),\n  PayloadResponseGroupTitle_e=column_ifexists('payload_response_group_title_s', ''),\n  LogName_e=column_ifexists('log_name_s', ''),\n  InsertId_e=column_ifexists('insert_id_s', ''),\n  EventSeverity_e=column_ifexists('severity_s', ''),\n  EventEndTime_e=column_ifexists('timestamp_t', ''),\n  ResourceType_e=column_ifexists('resource_type_s', ''),\n  ResourceLabelsEmailId_e=column_ifexists('resource_labels_email_id_s', ''),\n  ResourceLabelsProjectId_e=column_ifexists('resource_labels_project_id_s', ''),\n  ResourceLabelsUniqueId_e=column_ifexists('resource_labels_unique_id_s', ''),\n  PayloadType_e=column_ifexists('payload__type_s', ''),\n  PayloadAuthenticationinfoPrincipalemail_e=column_ifexists('payload_authenticationInfo_principalEmail_s', ''),\n  PayloadAuthenticationinfoPrincipalsubject_e=column_ifexists('payload_authenticationInfo_principalSubject_s', ''),\n  SrcIpAddr_e=column_ifexists('payload_requestMetadata_callerIp_s', ''),\n  HttpUserAgentOriginal_e=column_ifexists('payload_requestMetadata_callerSuppliedUserAgent_s', ''),\n  PayloadRequestmetadataRequestattributesTime_e=column_ifexists('payload_requestMetadata_requestAttributes_time_s', ''),\n  PayloadServicename_e=column_ifexists('payload_serviceName_s', ''),\n  PayloadMethodname_e=column_ifexists('payload_methodName_s', ''),\n  PayloadAuthorizationinfo_e=column_ifexists('payload_authorizationInfo_s', ''),\n  PayloadResourcename_e=column_ifexists('payload_resourceName_s', ''),\n  PayloadRequestType_e=column_ifexists('payload_request__type_s', ''),\n  PayloadRequestName_e=column_ifexists('payload_request_name_s', ''),\n  PayloadRequestAccountId_e=column_ifexists('payload_request_account_id_s', ''),\n  PayloadRequestServiceAccountDescription_e=column_ifexists('payload_request_service_account_description_s', ''),\n  PayloadRequestServiceAccountDisplayName_e=column_ifexists('payload_request_service_account_display_name_s', ''),\n  PayloadResponseOauth2ClientId_e=column_ifexists('payload_response_oauth2_client_id_s', ''),\n  PayloadResponseName_e=column_ifexists('payload_response_name_s', ''),\n  PayloadResponseEtag_e=column_ifexists('payload_response_etag_s', ''),\n  PayloadResponseUniqueId_e=column_ifexists('payload_response_unique_id_s', ''),\n  PayloadResponseDescription_e=column_ifexists('payload_response_description_s', ''),\n  PayloadResponseProjectId_e=column_ifexists('payload_response_project_id_s', ''),\n  PayloadResponseDisplayName_e=column_ifexists('payload_response_display_name_s', ''),\n  PayloadResponseType_e=column_ifexists('payload_response__type_s', ''),\n  PayloadResponseEmail_e=column_ifexists('payload_response_email_s', ''),\n  PayloadRequestPrivateKeyType_e=column_ifexists('payload_request_private_key_type_d', ''),\n  PayloadResponseValidBeforeTimeSeconds_e=column_ifexists('payload_response_valid_before_time_seconds_d', ''),\n  PayloadResponseValidAfterTimeSeconds_e=column_ifexists('payload_response_valid_after_time_seconds_d', ''),\n  PayloadResponseKeyType_e=column_ifexists('payload_response_key_type_d', ''),\n  PayloadResponseKeyOrigin_e=column_ifexists('payload_response_key_origin_d', ''),\n  PayloadResponsePrivateKeyType_e=column_ifexists('payload_response_private_key_type_d', ''),\n  PayloadResponseKeyAlgorithm_e=column_ifexists('payload_response_key_algorithm_d', ''),\n  ResourceLabelsService_e=column_ifexists('resource_labels_service_s', ''),\n  ResourceLabelsVersion_e=column_ifexists('resource_labels_version_s', ''),\n  ResourceLabelsLocation_e=column_ifexists('resource_labels_location_s', ''),\n  ResourceLabelsMethod_e=column_ifexists('resource_labels_method_s', ''),\n  PayloadRequestFullResourceName_e=column_ifexists('payload_request_full_resource_name_s', ''),\n  PayloadRequestOptionsRequestedPolicyVersion_e=column_ifexists('payload_request_options_requested_policy_version_d', ''),\n  PayloadRequestSkipVisibilityCheck_e=column_ifexists('payload_request_skip_visibility_check_b', ''),\n  PayloadRequestPageToken_e=column_ifexists('payload_request_page_token_s', '')\n  | project-rename\n      PayloadStatusCode=PayloadStatusCode_e,\n      PayloadStatusMessage=PayloadStatusMessage_e,\n      PayloadRequestKeyTypes=PayloadRequestKeyTypes_e,\n      PayloadServicedataPermissiondeltaRemovedpermissions=PayloadServicedataPermissiondeltaRemovedpermissions_e,\n      PayloadRequestUpdateMaskPaths=PayloadRequestUpdateMaskPaths_e,\n      ResourceLabelsTopicId=ResourceLabelsTopicId_e,\n      PayloadServicedataPolicydeltaBindingdeltas=PayloadServicedataPolicydeltaBindingdeltas_e,\n      PayloadRequestPolicyAuditconfigs=PayloadRequestPolicyAuditconfigs_e,\n      PayloadRequestPolicyEtag=PayloadRequestPolicyEtag_e,\n      PayloadRequestPolicyBindings=PayloadRequestPolicyBindings_e,\n      PayloadRequestResource=PayloadRequestResource_e,\n      PayloadResponseBindings=PayloadResponseBindings_e,\n      PayloadResponseAuditconfigs=PayloadResponseAuditconfigs_e,\n      PayloadRequestPageSize=PayloadRequestPageSize_e,\n      PayloadRequestRemoveDeletedServiceAccounts=PayloadRequestRemoveDeletedServiceAccounts_e,\n      PayloadRequestView=PayloadRequestView_e,\n      PayloadRequestParent=PayloadRequestParent_e,\n      PayloadRequestShowDeleted=PayloadRequestShowDeleted_e,\n      ResourceLabelsRoleName=ResourceLabelsRoleName_e,\n      PayloadServicedataType=PayloadServicedataType_e,\n      PayloadServicedataPermissiondeltaAddedpermissions=PayloadServicedataPermissiondeltaAddedpermissions_e,\n      PayloadRequestRoleIncludedPermissions=PayloadRequestRoleIncludedPermissions_e,\n      PayloadRequestRoleTitle=PayloadRequestRoleTitle_e,\n      PayloadRequestRoleDescription=PayloadRequestRoleDescription_e,\n      PayloadRequestRoleId=PayloadRequestRoleId_e,\n      PayloadResponseGroupName=PayloadResponseGroupName_e,\n      PayloadResponseIncludedPermissions=PayloadResponseIncludedPermissions_e,\n      PayloadResponseTitle=PayloadResponseTitle_e,\n      PayloadResponseGroupTitle=PayloadResponseGroupTitle_e,\n      LogName=LogName_e,\n      InsertId=InsertId_e,\n      EventSeverity=EventSeverity_e,\n      EventEndTime=EventEndTime_e,\n      ResourceType=ResourceType_e,\n      ResourceLabelsEmailId=ResourceLabelsEmailId_e,\n      ResourceLabelsProjectId=ResourceLabelsProjectId_e,\n      ResourceLabelsUniqueId=ResourceLabelsUniqueId_e,\n      PayloadType=PayloadType_e,\n      PayloadAuthenticationinfoPrincipalemail=PayloadAuthenticationinfoPrincipalemail_e,\n      PayloadAuthenticationinfoPrincipalsubject=PayloadAuthenticationinfoPrincipalsubject_e,\n      SrcIpAddr=SrcIpAddr_e,\n      HttpUserAgentOriginal=HttpUserAgentOriginal_e,\n      PayloadRequestmetadataRequestattributesTime=PayloadRequestmetadataRequestattributesTime_e,\n      PayloadServicename=PayloadServicename_e,\n      PayloadMethodname=PayloadMethodname_e,\n      PayloadAuthorizationinfo=PayloadAuthorizationinfo_e,\n      PayloadResourcename=PayloadResourcename_e,\n      PayloadRequestType=PayloadRequestType_e,\n      PayloadRequestName=PayloadRequestName_e,\n      PayloadRequestAccountId=PayloadRequestAccountId_e,\n      PayloadRequestServiceAccountDescription=PayloadRequestServiceAccountDescription_e,\n      PayloadRequestServiceAccountDisplayName=PayloadRequestServiceAccountDisplayName_e,\n      PayloadResponseOauth2ClientId=PayloadResponseOauth2ClientId_e,\n      PayloadResponseName=PayloadResponseName_e,\n      PayloadResponseEtag=PayloadResponseEtag_e,\n      PayloadResponseUniqueId=PayloadResponseUniqueId_e,\n      PayloadResponseDescription=PayloadResponseDescription_e,\n      PayloadResponseProjectId=PayloadResponseProjectId_e,\n      PayloadResponseDisplayName=PayloadResponseDisplayName_e,\n      PayloadResponseType=PayloadResponseType_e,\n      PayloadResponseEmail=PayloadResponseEmail_e,\n      PayloadRequestPrivateKeyType=PayloadRequestPrivateKeyType_e,\n      PayloadResponseValidBeforeTimeSeconds=PayloadResponseValidBeforeTimeSeconds_e,\n      PayloadResponseValidAfterTimeSeconds=PayloadResponseValidAfterTimeSeconds_e,\n      PayloadResponseKeyType=PayloadResponseKeyType_e,\n      PayloadResponseKeyOrigin=PayloadResponseKeyOrigin_e,\n      PayloadResponsePrivateKeyType=PayloadResponsePrivateKeyType_e,\n      PayloadResponseKeyAlgorithm=PayloadResponseKeyAlgorithm_e,\n      ResourceLabelsService=ResourceLabelsService_e,\n      ResourceLabelsVersion=ResourceLabelsVersion_e,\n      ResourceLabelsLocation=ResourceLabelsLocation_e,\n      ResourceLabelsMethod=ResourceLabelsMethod_e,\n      PayloadRequestFullResourceName=PayloadRequestFullResourceName_e,\n      PayloadRequestOptionsRequestedPolicyVersion=PayloadRequestOptionsRequestedPolicyVersion_e,\n      PayloadRequestSkipVisibilityCheck=PayloadRequestSkipVisibilityCheck_e,\n      PayloadRequestPageToken=PayloadRequestPageToken_e;\nlet IamQuery_GcpIamV2 = union isfuzzy=true GCPIAM, IamQuery_GcpIam_empty \n  | extend\n  PayloadStatusCode_e=column_ifexists('StatusCode', ''),\n  PayloadStatusMessage_e=column_ifexists('StatusMessage', ''),\n  PayloadRequestKeyTypes_e=column_ifexists('RequestKeyTypes', ''),\n  PayloadServicedataPermissiondeltaRemovedpermissions_e=column_ifexists('ServiceDataPermissionDeltaRemovedPermissions', ''),\n  PayloadRequestUpdateMaskPaths_e=column_ifexists('RequestUpdateMaskPaths', ''),\n  ResourceLabelsTopicId=column_ifexists('ResourceLabelsTopicId', ''),\n  PayloadServicedataPolicydeltaBindingdeltas_e=column_ifexists('ServiceDataPolicyDeltaBindingDeltas', ''),\n  PayloadRequestPolicyAuditconfigs_e=column_ifexists('RequestPolicyAuditConfigs', ''),\n  PayloadRequestPolicyEtag_e=column_ifexists('RequestPolicyEtag', ''),\n  PayloadRequestPolicyBindings_e=column_ifexists('RequestPolicyBindings', ''),\n  PayloadRequestResource_e=column_ifexists('RequestResource', ''),\n  PayloadResponseBindings_e=column_ifexists('ResponseBindings', ''),\n  PayloadResponseAuditconfigs_e=column_ifexists('ResponseAuditConfigs', ''),\n  PayloadRequestPageSize_e=column_ifexists('RequestPageSize', ''),\n  PayloadRequestRemoveDeletedServiceAccounts_e=column_ifexists('RequestRemoveDeletedServiceAccounts', ''),\n  PayloadRequestView_e=column_ifexists('RequestView', ''),\n  PayloadRequestParent_e=column_ifexists('RequestParent', ''),\n  PayloadRequestShowDeleted_e=column_ifexists('RequestShowDeleted', ''),\n  ResourceLabelsRoleName=column_ifexists('ResourceLabelsRoleName', ''),\n  PayloadServicedataType_e=column_ifexists('ServiceDataType', ''),\n  PayloadServicedataPermissiondeltaAddedpermissions_e=column_ifexists('ServiceDataPermissionDeltaAddedPermissions', ''),\n  PayloadRequestRoleIncludedPermissions_e=column_ifexists('RequestRoleIncludedPermissions', ''),\n  PayloadRequestRoleTitle_e=column_ifexists('RequestRoleTitle', ''),\n  PayloadRequestRoleDescription_e=column_ifexists('RequestRoleDescription', ''),\n  PayloadRequestRoleId_e=column_ifexists('RequestRoleId', ''),\n  PayloadResponseGroupName_e=column_ifexists('ResponseGroupName', ''),\n  PayloadResponseIncludedPermissions_e=column_ifexists('ResponseIncludedPermissions', ''),\n  PayloadResponseTitle_e=column_ifexists('ResponseTitle', ''),\n  PayloadResponseGroupTitle_e=column_ifexists('ResponseGroupTitle', ''),\n  LogName=column_ifexists('LogName', ''),\n  InsertId=column_ifexists('InsertId', ''),\n  EventSeverity_e=column_ifexists('Severity', ''),\n  EventEndTime_e=column_ifexists('Timestamp', ''),\n  ResourceType=column_ifexists('ResourceType', ''),\n  ResourceLabelsEmailId=column_ifexists('ResourceLabelsEmailId', ''),\n  ResourceLabelsProjectId=column_ifexists('ResourceLabelsProjectId', ''),\n  ResourceLabelsUniqueId=column_ifexists('ResourceLabelsUniqueId', ''),\n  PayloadType=column_ifexists('PayloadType', ''),\n  PayloadAuthenticationinfoPrincipalemail_e=column_ifexists('AuthInfoPrincipalEmail', ''),\n  PayloadAuthenticationinfoPrincipalsubject_e=column_ifexists('AuthenticationInfoPrincipalSubject', ''),\n  SrcIpAddr_e=column_ifexists('RequestMetadataCallerIp', ''),\n  HttpUserAgentOriginal_e=column_ifexists('RequestMetadataCallerSuppliedUserAgent', ''),\n  PayloadRequestmetadataRequestattributesTime_e=column_ifexists('RequestMetadataRequestAttributesTime', ''),\n  PayloadServicename_e=column_ifexists('ServiceName', ''),\n  PayloadMethodname_e=column_ifexists('MethodName', ''),\n  PayloadAuthorizationinfo_e=column_ifexists('AuthorizationInfo', ''),\n  PayloadResourcename_e=column_ifexists('ResourceName', ''),\n  PayloadRequestType_e=column_ifexists('RequestType', ''),\n  PayloadRequestName_e=column_ifexists('RequestName', ''),\n  PayloadRequestAccountId_e=column_ifexists('RequestAccountId', ''),\n  PayloadRequestServiceAccountDescription_e=column_ifexists('RequestServiceAccountDescription', ''),\n  PayloadRequestServiceAccountDisplayName_e=column_ifexists('RequestServiceAccountDisplayName', ''),\n  PayloadResponseOauth2ClientId_e=column_ifexists('ResponseOauth2ClientId', ''),\n  PayloadResponseName_e=column_ifexists('ResponseName', ''),\n  PayloadResponseEtag_e=column_ifexists('ResponseEtag', ''),\n  PayloadResponseUniqueId_e=column_ifexists('ResponseUniqueId', ''),\n  PayloadResponseDescription_e=column_ifexists('ResponseDescription', ''),\n  PayloadResponseProjectId_e=column_ifexists('ResponseProjectId', ''),\n  PayloadResponseDisplayName_e=column_ifexists('ResponseDisplayName', ''),\n  PayloadResponseType_e=column_ifexists('ResponseType', ''),\n  PayloadResponseEmail_e=column_ifexists('ResponseEmail', ''),\n  PayloadRequestPrivateKeyType_e=column_ifexists('RequestPrivateKeyType', ''),\n  PayloadResponseValidBeforeTimeSeconds_e=column_ifexists('ResponseValidBeforeTimeSeconds', ''),\n  PayloadResponseValidAfterTimeSeconds_e=column_ifexists('ResponseValidAfterTimeSeconds', ''),\n  PayloadResponseKeyType_e=column_ifexists('ResponseKeyType', ''),\n  PayloadResponseKeyOrigin_e=column_ifexists('ResponseKeyOrigin', ''),\n  PayloadResponsePrivateKeyType_e=column_ifexists('ResponsePrivateKeyType', ''),\n  PayloadResponseKeyAlgorithm_e=column_ifexists('ResponseKeyAlgorithm', ''),\n  ResourceLabelsService=column_ifexists('ResourceLabelsService', ''),\n  ResourceLabelsVersion=column_ifexists('ResourceLabelsVersion', ''),\n  ResourceLabelsLocation=column_ifexists('ResourceLabelsLocation', ''),\n  ResourceLabelsMethod=column_ifexists('ResourceLabelsMethod', ''),\n  PayloadRequestFullResourceName_e=column_ifexists('RequestFullResourceName', ''),\n  PayloadRequestOptionsRequestedPolicyVersion_e=column_ifexists('RequestOptionsRequestedPolicyVersion', ''),\n  PayloadRequestSkipVisibilityCheck_e=column_ifexists('RequestSkipVisibilityCheck', ''),\n  PayloadRequestPageToken_e=column_ifexists('RequestPageToken', '')\n| project-rename\n      PayloadStatusCode=PayloadStatusCode_e,\n      PayloadStatusMessage=PayloadStatusMessage_e,\n      PayloadRequestKeyTypes=PayloadRequestKeyTypes_e,\n      PayloadServicedataPermissiondeltaRemovedpermissions=PayloadServicedataPermissiondeltaRemovedpermissions_e,\n      PayloadRequestUpdateMaskPaths=PayloadRequestUpdateMaskPaths_e,\n      PayloadServicedataPolicydeltaBindingdeltas=PayloadServicedataPolicydeltaBindingdeltas_e,\n      PayloadRequestPolicyAuditconfigs=PayloadRequestPolicyAuditconfigs_e,\n      PayloadRequestPolicyEtag=PayloadRequestPolicyEtag_e,\n      PayloadRequestPolicyBindings=PayloadRequestPolicyBindings_e,\n      PayloadRequestResource=PayloadRequestResource_e,\n      PayloadResponseBindings=PayloadResponseBindings_e,\n      PayloadResponseAuditconfigs=PayloadResponseAuditconfigs_e,\n      PayloadRequestPageSize=PayloadRequestPageSize_e,\n      PayloadRequestRemoveDeletedServiceAccounts=PayloadRequestRemoveDeletedServiceAccounts_e,\n      PayloadRequestView=PayloadRequestView_e,\n      PayloadRequestParent=PayloadRequestParent_e,\n      PayloadRequestShowDeleted=PayloadRequestShowDeleted_e,\n      PayloadServicedataType=PayloadServicedataType_e,\n      PayloadServicedataPermissiondeltaAddedpermissions=PayloadServicedataPermissiondeltaAddedpermissions_e,\n      PayloadRequestRoleIncludedPermissions=PayloadRequestRoleIncludedPermissions_e,\n      PayloadRequestRoleTitle=PayloadRequestRoleTitle_e,\n      PayloadRequestRoleDescription=PayloadRequestRoleDescription_e,\n      PayloadRequestRoleId=PayloadRequestRoleId_e,\n      PayloadResponseGroupName=PayloadResponseGroupName_e,\n      PayloadResponseIncludedPermissions=PayloadResponseIncludedPermissions_e,\n      PayloadResponseTitle=PayloadResponseTitle_e,\n      PayloadResponseGroupTitle=PayloadResponseGroupTitle_e,\n      EventSeverity=EventSeverity_e,\n      EventEndTime=EventEndTime_e,\n      PayloadAuthenticationinfoPrincipalemail=PayloadAuthenticationinfoPrincipalemail_e,\n      PayloadAuthenticationinfoPrincipalsubject=PayloadAuthenticationinfoPrincipalsubject_e,\n      SrcIpAddr=SrcIpAddr_e,\n      HttpUserAgentOriginal=HttpUserAgentOriginal_e,\n      PayloadRequestmetadataRequestattributesTime=PayloadRequestmetadataRequestattributesTime_e,\n      PayloadServicename=PayloadServicename_e,\n      PayloadMethodname=PayloadMethodname_e,\n      PayloadAuthorizationinfo=PayloadAuthorizationinfo_e,\n      PayloadResourcename=PayloadResourcename_e,\n      PayloadRequestType=PayloadRequestType_e,\n      PayloadRequestName=PayloadRequestName_e,\n      PayloadRequestAccountId=PayloadRequestAccountId_e,\n      PayloadRequestServiceAccountDescription=PayloadRequestServiceAccountDescription_e,\n      PayloadRequestServiceAccountDisplayName=PayloadRequestServiceAccountDisplayName_e,\n      PayloadResponseOauth2ClientId=PayloadResponseOauth2ClientId_e,\n      PayloadResponseName=PayloadResponseName_e,\n      PayloadResponseEtag=PayloadResponseEtag_e,\n      PayloadResponseUniqueId=PayloadResponseUniqueId_e,\n      PayloadResponseDescription=PayloadResponseDescription_e,\n      PayloadResponseProjectId=PayloadResponseProjectId_e,\n      PayloadResponseDisplayName=PayloadResponseDisplayName_e,\n      PayloadResponseType=PayloadResponseType_e,\n      PayloadResponseEmail=PayloadResponseEmail_e,\n      PayloadRequestPrivateKeyType=PayloadRequestPrivateKeyType_e,\n      PayloadResponseValidBeforeTimeSeconds=PayloadResponseValidBeforeTimeSeconds_e,\n      PayloadResponseValidAfterTimeSeconds=PayloadResponseValidAfterTimeSeconds_e,\n      PayloadResponseKeyType=PayloadResponseKeyType_e,\n      PayloadResponseKeyOrigin=PayloadResponseKeyOrigin_e,\n      PayloadResponsePrivateKeyType=PayloadResponsePrivateKeyType_e,\n      PayloadResponseKeyAlgorithm=PayloadResponseKeyAlgorithm_e,\n      PayloadRequestFullResourceName=PayloadRequestFullResourceName_e,\n      PayloadRequestOptionsRequestedPolicyVersion=PayloadRequestOptionsRequestedPolicyVersion_e,\n      PayloadRequestSkipVisibilityCheck=PayloadRequestSkipVisibilityCheck_e,\n      PayloadRequestPageToken=PayloadRequestPageToken_e;  \n      union isfuzzy=true IamQuery_GcpIam, IamQuery_GcpIamV2     \n      | project-reorder PayloadStatusCode,PayloadStatusMessage,PayloadRequestKeyTypes,PayloadServicedataPermissiondeltaRemovedpermissions,PayloadRequestUpdateMaskPaths,ResourceLabelsTopicId,PayloadServicedataPolicydeltaBindingdeltas,PayloadRequestPolicyAuditconfigs,PayloadRequestPolicyEtag,PayloadRequestPolicyBindings,PayloadRequestResource,PayloadResponseBindings,PayloadResponseAuditconfigs,PayloadRequestPageSize,PayloadRequestRemoveDeletedServiceAccounts,PayloadRequestView,PayloadRequestParent,PayloadRequestShowDeleted,ResourceLabelsRoleName,PayloadServicedataType,PayloadServicedataPermissiondeltaAddedpermissions,PayloadRequestRoleIncludedPermissions,PayloadRequestRoleTitle,PayloadRequestRoleDescription,PayloadRequestRoleId,PayloadResponseGroupName,PayloadResponseIncludedPermissions,PayloadResponseTitle,PayloadResponseGroupTitle,LogName,InsertId,EventSeverity,EventEndTime,ResourceType,ResourceLabelsEmailId,ResourceLabelsProjectId,ResourceLabelsUniqueId,PayloadType,PayloadAuthenticationinfoPrincipalemail,PayloadAuthenticationinfoPrincipalsubject,SrcIpAddr,HttpUserAgentOriginal,PayloadRequestmetadataRequestattributesTime,PayloadServicename,PayloadMethodname,PayloadAuthorizationinfo,PayloadResourcename,PayloadRequestType,PayloadRequestName,PayloadRequestAccountId,PayloadRequestServiceAccountDescription,PayloadRequestServiceAccountDisplayName,PayloadResponseOauth2ClientId,PayloadResponseName,PayloadResponseEtag,PayloadResponseUniqueId,PayloadResponseDescription,PayloadResponseProjectId,PayloadResponseDisplayName,PayloadResponseType,PayloadResponseEmail,PayloadRequestPrivateKeyType,PayloadResponseValidBeforeTimeSeconds,PayloadResponseValidAfterTimeSeconds,PayloadResponseKeyType,PayloadResponseKeyOrigin,PayloadResponsePrivateKeyType,PayloadResponseKeyAlgorithm,ResourceLabelsService,ResourceLabelsVersion,ResourceLabelsLocation,ResourceLabelsMethod,PayloadRequestFullResourceName,PayloadRequestOptionsRequestedPolicyVersion,PayloadRequestSkipVisibilityCheck,PayloadRequestPageToken;\n};\nGCPIam_view\n",
+                "query": "let GCPIam_view  = view () {\nlet IamQuery_GcpIam_empty = datatable(\n    PayloadStatusCode_e:real,\n    PayloadStatusMessage_e:string,\n    PayloadRequestKeyTypes_e:string,\n    PayloadServicedataPermissiondeltaRemovedpermissions_e:string,\n    PayloadRequestUpdateMaskPaths_e:string,\n    ResourceLabelsTopicId_e:string,\n    PayloadServicedataPolicydeltaBindingdeltas_e:string,\n    PayloadRequestPolicyAuditconfigs_e:string,\n    PayloadRequestPolicyEtag_e:string,\n    PayloadRequestPolicyBindings_e:string,\n    PayloadRequestResource_e:string,\n    PayloadResponseBindings_e:string,\n    PayloadResponseAuditconfigs_e:string,\n    PayloadRequestPageSize_e:real,\n    PayloadRequestRemoveDeletedServiceAccounts_e:bool,\n    PayloadRequestView_e:real,\n    PayloadRequestParent_e:string,\n    PayloadRequestShowDeleted_e:bool,\n    ResourceLabelsRoleName_e:string,\n    PayloadServicedataType_e:string,\n    PayloadServicedataPermissiondeltaAddedpermissions_e:string,\n    PayloadRequestRoleIncludedPermissions_e:string,\n    PayloadRequestRoleTitle_e:string,\n    PayloadRequestRoleDescription_e:string,\n    PayloadRequestRoleId_e:string,\n    PayloadResponseGroupName_e:string,\n    PayloadResponseIncludedPermissions_e:string,\n    PayloadResponseTitle_e:string,\n    PayloadResponseGroupTitle_e:string,\n    LogName_e:string,\n    InsertId_e:string,\n    EventSeverity_e:string,\n    EventEndTime_e:datetime,\n    ResourceType_e:string,\n    ResourceLabelsEmailId_e:string,\n    ResourceLabelsProjectId_e:string,\n    ResourceLabelsUniqueId_e:string,\n    PayloadType_e:string,\n    PayloadAuthenticationinfoPrincipalemail_e:string,\n    PayloadAuthenticationinfoPrincipalsubject_e:string,\n    SrcIpAddr_e:string,\n    HttpUserAgentOriginal_e:string,\n    PayloadRequestmetadataRequestattributesTime_e:string,\n    PayloadServicename_e:string,\n    PayloadMethodname_e:string,\n    PayloadAuthorizationinfo_e:string,\n    PayloadResourcename_e:string,\n    PayloadRequestType_e:string,\n    PayloadRequestName_e:string,\n    PayloadRequestAccountId_e:string,\n    PayloadRequestServiceAccountDescription_e:string,\n    PayloadRequestServiceAccountDisplayName_e:string,\n    PayloadResponseOauth2ClientId_e:string,\n    PayloadResponseName_e:string,\n    PayloadResponseEtag_e:string,\n    PayloadResponseUniqueId_e:string,\n    PayloadResponseDescription_e:string,\n    PayloadResponseProjectId_e:string,\n    PayloadResponseDisplayName_e:string,\n    PayloadResponseType_e:string,\n    PayloadResponseEmail_e:string,\n    PayloadRequestPrivateKeyType_e:real,\n    PayloadResponseValidBeforeTimeSeconds_e:real,\n    PayloadResponseValidAfterTimeSeconds_e:real,\n    PayloadResponseKeyType_e:real,\n    PayloadResponseKeyOrigin_e:real,\n    PayloadResponsePrivateKeyType_e:real,\n    PayloadResponseKeyAlgorithm_e:real,\n    ResourceLabelsService_e:string,\n    ResourceLabelsVersion_e:string,\n    ResourceLabelsLocation_e:string,\n    ResourceLabelsMethod_e:string,\n    PayloadRequestFullResourceName_e:string,\n    PayloadRequestOptionsRequestedPolicyVersion_e:real,\n    PayloadRequestSkipVisibilityCheck_e:bool,\n    PayloadRequestPageToken_e:string\n)[];\nlet IamQuery_GcpIam = union isfuzzy=true GCP_IAM_CL, IamQuery_GcpIam_empty \n  | extend\n  PayloadStatusCode_e=column_ifexists('payload_status_code_d', ''),\n  PayloadStatusMessage_e=column_ifexists('payload_status_message_s', ''),\n  PayloadRequestKeyTypes_e=column_ifexists('payload_request_key_types_s', ''),\n  PayloadServicedataPermissiondeltaRemovedpermissions_e=column_ifexists('payload_serviceData_permissionDelta_removedPermissions_s', ''),\n  PayloadRequestUpdateMaskPaths_e=column_ifexists('payload_request_update_mask_paths_s', ''),\n  ResourceLabelsTopicId_e=column_ifexists('resource_labels_topic_id_s', ''),\n  PayloadServicedataPolicydeltaBindingdeltas_e=column_ifexists('payload_serviceData_policyDelta_bindingDeltas_s', ''),\n  PayloadRequestPolicyAuditconfigs_e=column_ifexists('payload_request_policy_auditConfigs_s', ''),\n  PayloadRequestPolicyEtag_e=column_ifexists('payload_request_policy_etag_s', ''),\n  PayloadRequestPolicyBindings_e=column_ifexists('payload_request_policy_bindings_s', ''),\n  PayloadRequestResource_e=column_ifexists('payload_request_resource_s', ''),\n  PayloadResponseBindings_e=column_ifexists('payload_response_bindings_s', ''),\n  PayloadResponseAuditconfigs_e=column_ifexists('payload_response_auditConfigs_s', ''),\n  PayloadRequestPageSize_e=column_ifexists('payload_request_page_size_d', ''),\n  PayloadRequestRemoveDeletedServiceAccounts_e=tobool(column_ifexists('payload_request_remove_deleted_service_accounts_b', '')),\n  PayloadRequestView_e=column_ifexists('payload_request_view_d', ''),\n  PayloadRequestParent_e=column_ifexists('payload_request_parent_s', ''),\n  PayloadRequestShowDeleted_e=tobool(column_ifexists('payload_request_show_deleted_b', '')),\n  ResourceLabelsRoleName_e=column_ifexists('resource_labels_role_name_s', ''),\n  PayloadServicedataType_e=column_ifexists('payload_serviceData__type_s', ''),\n  PayloadServicedataPermissiondeltaAddedpermissions_e=column_ifexists('payload_serviceData_permissionDelta_addedPermissions_s', ''),\n  PayloadRequestRoleIncludedPermissions_e=column_ifexists('payload_request_role_included_permissions_s', ''),\n  PayloadRequestRoleTitle_e=column_ifexists('payload_request_role_title_s', ''),\n  PayloadRequestRoleDescription_e=column_ifexists('payload_request_role_description_s', ''),\n  PayloadRequestRoleId_e=column_ifexists('payload_request_role_id_s', ''),\n  PayloadResponseGroupName_e=column_ifexists('payload_response_group_name_s', ''),\n  PayloadResponseIncludedPermissions_e=column_ifexists('payload_response_included_permissions_s', ''),\n  PayloadResponseTitle_e=column_ifexists('payload_response_title_s', ''),\n  PayloadResponseGroupTitle_e=column_ifexists('payload_response_group_title_s', ''),\n  LogName_e=column_ifexists('log_name_s', ''),\n  InsertId_e=column_ifexists('insert_id_s', ''),\n  EventSeverity_e=column_ifexists('severity_s', ''),\n  EventEndTime_e=todatetime(column_ifexists('timestamp_t', '')),\n  ResourceType_e=column_ifexists('resource_type_s', ''),\n  ResourceLabelsEmailId_e=column_ifexists('resource_labels_email_id_s', ''),\n  ResourceLabelsProjectId_e=column_ifexists('resource_labels_project_id_s', ''),\n  ResourceLabelsUniqueId_e=column_ifexists('resource_labels_unique_id_s', ''),\n  PayloadType_e=column_ifexists('payload__type_s', ''),\n  PayloadAuthenticationinfoPrincipalemail_e=column_ifexists('payload_authenticationInfo_principalEmail_s', ''),\n  PayloadAuthenticationinfoPrincipalsubject_e=column_ifexists('payload_authenticationInfo_principalSubject_s', ''),\n  SrcIpAddr_e=column_ifexists('payload_requestMetadata_callerIp_s', ''),\n  HttpUserAgentOriginal_e=column_ifexists('payload_requestMetadata_callerSuppliedUserAgent_s', ''),\n  PayloadRequestmetadataRequestattributesTime_e=column_ifexists('payload_requestMetadata_requestAttributes_time_s', ''),\n  PayloadServicename_e=column_ifexists('payload_serviceName_s', ''),\n  PayloadMethodname_e=column_ifexists('payload_methodName_s', ''),\n  PayloadAuthorizationinfo_e=column_ifexists('payload_authorizationInfo_s', ''),\n  PayloadResourcename_e=column_ifexists('payload_resourceName_s', ''),\n  PayloadRequestType_e=column_ifexists('payload_request__type_s', ''),\n  PayloadRequestName_e=column_ifexists('payload_request_name_s', ''),\n  PayloadRequestAccountId_e=column_ifexists('payload_request_account_id_s', ''),\n  PayloadRequestServiceAccountDescription_e=column_ifexists('payload_request_service_account_description_s', ''),\n  PayloadRequestServiceAccountDisplayName_e=column_ifexists('payload_request_service_account_display_name_s', ''),\n  PayloadResponseOauth2ClientId_e=column_ifexists('payload_response_oauth2_client_id_s', ''),\n  PayloadResponseName_e=column_ifexists('payload_response_name_s', ''),\n  PayloadResponseEtag_e=column_ifexists('payload_response_etag_s', ''),\n  PayloadResponseUniqueId_e=column_ifexists('payload_response_unique_id_s', ''),\n  PayloadResponseDescription_e=column_ifexists('payload_response_description_s', ''),\n  PayloadResponseProjectId_e=column_ifexists('payload_response_project_id_s', ''),\n  PayloadResponseDisplayName_e=column_ifexists('payload_response_display_name_s', ''),\n  PayloadResponseType_e=column_ifexists('payload_response__type_s', ''),\n  PayloadResponseEmail_e=column_ifexists('payload_response_email_s', ''),\n  PayloadRequestPrivateKeyType_e=column_ifexists('payload_request_private_key_type_d', ''),\n  PayloadResponseValidBeforeTimeSeconds_e=column_ifexists('payload_response_valid_before_time_seconds_d', ''),\n  PayloadResponseValidAfterTimeSeconds_e=column_ifexists('payload_response_valid_after_time_seconds_d', ''),\n  PayloadResponseKeyType_e=column_ifexists('payload_response_key_type_d', ''),\n  PayloadResponseKeyOrigin_e=column_ifexists('payload_response_key_origin_d', ''),\n  PayloadResponsePrivateKeyType_e=column_ifexists('payload_response_private_key_type_d', ''),\n  PayloadResponseKeyAlgorithm_e=column_ifexists('payload_response_key_algorithm_d', ''),\n  ResourceLabelsService_e=column_ifexists('resource_labels_service_s', ''),\n  ResourceLabelsVersion_e=column_ifexists('resource_labels_version_s', ''),\n  ResourceLabelsLocation_e=column_ifexists('resource_labels_location_s', ''),\n  ResourceLabelsMethod_e=column_ifexists('resource_labels_method_s', ''),\n  PayloadRequestFullResourceName_e=column_ifexists('payload_request_full_resource_name_s', ''),\n  PayloadRequestOptionsRequestedPolicyVersion_e=column_ifexists('payload_request_options_requested_policy_version_d', ''),\n  PayloadRequestSkipVisibilityCheck_e=tobool(column_ifexists('payload_request_skip_visibility_check_b', '')),\n  PayloadRequestPageToken_e=column_ifexists('payload_request_page_token_s', '')\n  | project-rename\n      PayloadStatusCode=PayloadStatusCode_e,\n      PayloadStatusMessage=PayloadStatusMessage_e,\n      PayloadRequestKeyTypes=PayloadRequestKeyTypes_e,\n      PayloadServicedataPermissiondeltaRemovedpermissions=PayloadServicedataPermissiondeltaRemovedpermissions_e,\n      PayloadRequestUpdateMaskPaths=PayloadRequestUpdateMaskPaths_e,\n      ResourceLabelsTopicId=ResourceLabelsTopicId_e,\n      PayloadServicedataPolicydeltaBindingdeltas=PayloadServicedataPolicydeltaBindingdeltas_e,\n      PayloadRequestPolicyAuditconfigs=PayloadRequestPolicyAuditconfigs_e,\n      PayloadRequestPolicyEtag=PayloadRequestPolicyEtag_e,\n      PayloadRequestPolicyBindings=PayloadRequestPolicyBindings_e,\n      PayloadRequestResource=PayloadRequestResource_e,\n      PayloadResponseBindings=PayloadResponseBindings_e,\n      PayloadResponseAuditconfigs=PayloadResponseAuditconfigs_e,\n      PayloadRequestPageSize=PayloadRequestPageSize_e,\n      PayloadRequestRemoveDeletedServiceAccounts=PayloadRequestRemoveDeletedServiceAccounts_e,\n      PayloadRequestView=PayloadRequestView_e,\n      PayloadRequestParent=PayloadRequestParent_e,\n      PayloadRequestShowDeleted=PayloadRequestShowDeleted_e,\n      ResourceLabelsRoleName=ResourceLabelsRoleName_e,\n      PayloadServicedataType=PayloadServicedataType_e,\n      PayloadServicedataPermissiondeltaAddedpermissions=PayloadServicedataPermissiondeltaAddedpermissions_e,\n      PayloadRequestRoleIncludedPermissions=PayloadRequestRoleIncludedPermissions_e,\n      PayloadRequestRoleTitle=PayloadRequestRoleTitle_e,\n      PayloadRequestRoleDescription=PayloadRequestRoleDescription_e,\n      PayloadRequestRoleId=PayloadRequestRoleId_e,\n      PayloadResponseGroupName=PayloadResponseGroupName_e,\n      PayloadResponseIncludedPermissions=PayloadResponseIncludedPermissions_e,\n      PayloadResponseTitle=PayloadResponseTitle_e,\n      PayloadResponseGroupTitle=PayloadResponseGroupTitle_e,\n      LogName=LogName_e,\n      InsertId=InsertId_e,\n      EventSeverity=EventSeverity_e,\n      EventEndTime=EventEndTime_e,\n      ResourceType=ResourceType_e,\n      ResourceLabelsEmailId=ResourceLabelsEmailId_e,\n      ResourceLabelsProjectId=ResourceLabelsProjectId_e,\n      ResourceLabelsUniqueId=ResourceLabelsUniqueId_e,\n      PayloadType=PayloadType_e,\n      PayloadAuthenticationinfoPrincipalemail=PayloadAuthenticationinfoPrincipalemail_e,\n      PayloadAuthenticationinfoPrincipalsubject=PayloadAuthenticationinfoPrincipalsubject_e,\n      SrcIpAddr=SrcIpAddr_e,\n      HttpUserAgentOriginal=HttpUserAgentOriginal_e,\n      PayloadRequestmetadataRequestattributesTime=PayloadRequestmetadataRequestattributesTime_e,\n      PayloadServicename=PayloadServicename_e,\n      PayloadMethodname=PayloadMethodname_e,\n      PayloadAuthorizationinfo=PayloadAuthorizationinfo_e,\n      PayloadResourcename=PayloadResourcename_e,\n      PayloadRequestType=PayloadRequestType_e,\n      PayloadRequestName=PayloadRequestName_e,\n      PayloadRequestAccountId=PayloadRequestAccountId_e,\n      PayloadRequestServiceAccountDescription=PayloadRequestServiceAccountDescription_e,\n      PayloadRequestServiceAccountDisplayName=PayloadRequestServiceAccountDisplayName_e,\n      PayloadResponseOauth2ClientId=PayloadResponseOauth2ClientId_e,\n      PayloadResponseName=PayloadResponseName_e,\n      PayloadResponseEtag=PayloadResponseEtag_e,\n      PayloadResponseUniqueId=PayloadResponseUniqueId_e,\n      PayloadResponseDescription=PayloadResponseDescription_e,\n      PayloadResponseProjectId=PayloadResponseProjectId_e,\n      PayloadResponseDisplayName=PayloadResponseDisplayName_e,\n      PayloadResponseType=PayloadResponseType_e,\n      PayloadResponseEmail=PayloadResponseEmail_e,\n      PayloadRequestPrivateKeyType=PayloadRequestPrivateKeyType_e,\n      PayloadResponseValidBeforeTimeSeconds=PayloadResponseValidBeforeTimeSeconds_e,\n      PayloadResponseValidAfterTimeSeconds=PayloadResponseValidAfterTimeSeconds_e,\n      PayloadResponseKeyType=PayloadResponseKeyType_e,\n      PayloadResponseKeyOrigin=PayloadResponseKeyOrigin_e,\n      PayloadResponsePrivateKeyType=PayloadResponsePrivateKeyType_e,\n      PayloadResponseKeyAlgorithm=PayloadResponseKeyAlgorithm_e,\n      ResourceLabelsService=ResourceLabelsService_e,\n      ResourceLabelsVersion=ResourceLabelsVersion_e,\n      ResourceLabelsLocation=ResourceLabelsLocation_e,\n      ResourceLabelsMethod=ResourceLabelsMethod_e,\n      PayloadRequestFullResourceName=PayloadRequestFullResourceName_e,\n      PayloadRequestOptionsRequestedPolicyVersion=PayloadRequestOptionsRequestedPolicyVersion_e,\n      PayloadRequestSkipVisibilityCheck=PayloadRequestSkipVisibilityCheck_e,\n      PayloadRequestPageToken=PayloadRequestPageToken_e;\nlet IamQuery_GcpIamV2 = union isfuzzy=true GCPIAM, IamQuery_GcpIam_empty \n  | extend\n  PayloadStatusCode_e=column_ifexists('StatusCode', ''),\n  PayloadStatusMessage_e=column_ifexists('StatusMessage', ''),\n  PayloadRequestKeyTypes_e=column_ifexists('RequestKeyTypes', ''),\n  PayloadServicedataPermissiondeltaRemovedpermissions_e=column_ifexists('ServiceDataPermissionDeltaRemovedPermissions', ''),\n  PayloadRequestUpdateMaskPaths_e=column_ifexists('RequestUpdateMaskPaths', ''),\n  ResourceLabelsTopicId=column_ifexists('ResourceLabelsTopicId', ''),\n  PayloadServicedataPolicydeltaBindingdeltas_e=column_ifexists('ServiceDataPolicyDeltaBindingDeltas', ''),\n  PayloadRequestPolicyAuditconfigs_e=column_ifexists('RequestPolicyAuditConfigs', ''),\n  PayloadRequestPolicyEtag_e=column_ifexists('RequestPolicyEtag', ''),\n  PayloadRequestPolicyBindings_e=column_ifexists('RequestPolicyBindings', ''),\n  PayloadRequestResource_e=column_ifexists('RequestResource', ''),\n  PayloadResponseBindings_e=column_ifexists('ResponseBindings', ''),\n  PayloadResponseAuditconfigs_e=column_ifexists('ResponseAuditConfigs', ''),\n  PayloadRequestPageSize_e=column_ifexists('RequestPageSize', ''),\n  PayloadRequestRemoveDeletedServiceAccounts_e=tobool(column_ifexists('RequestRemoveDeletedServiceAccounts', '')),\n  PayloadRequestView_e=column_ifexists('RequestView', ''),\n  PayloadRequestParent_e=column_ifexists('RequestParent', ''),\n  PayloadRequestShowDeleted_e=tobool(column_ifexists('RequestShowDeleted', '')),\n  ResourceLabelsRoleName=column_ifexists('ResourceLabelsRoleName', ''),\n  PayloadServicedataType_e=column_ifexists('ServiceDataType', ''),\n  PayloadServicedataPermissiondeltaAddedpermissions_e=column_ifexists('ServiceDataPermissionDeltaAddedPermissions', ''),\n  PayloadRequestRoleIncludedPermissions_e=column_ifexists('RequestRoleIncludedPermissions', ''),\n  PayloadRequestRoleTitle_e=column_ifexists('RequestRoleTitle', ''),\n  PayloadRequestRoleDescription_e=column_ifexists('RequestRoleDescription', ''),\n  PayloadRequestRoleId_e=column_ifexists('RequestRoleId', ''),\n  PayloadResponseGroupName_e=column_ifexists('ResponseGroupName', ''),\n  PayloadResponseIncludedPermissions_e=column_ifexists('ResponseIncludedPermissions', ''),\n  PayloadResponseTitle_e=column_ifexists('ResponseTitle', ''),\n  PayloadResponseGroupTitle_e=column_ifexists('ResponseGroupTitle', ''),\n  LogName=column_ifexists('LogName', ''),\n  InsertId=column_ifexists('InsertId', ''),\n  EventSeverity_e=column_ifexists('Severity', ''),\n  EventEndTime_e=todatetime(column_ifexists('Timestamp', '')),\n  ResourceType=column_ifexists('ResourceType', ''),\n  ResourceLabelsEmailId=column_ifexists('ResourceLabelsEmailId', ''),\n  ResourceLabelsProjectId=column_ifexists('ResourceLabelsProjectId', ''),\n  ResourceLabelsUniqueId=column_ifexists('ResourceLabelsUniqueId', ''),\n  PayloadType=column_ifexists('PayloadType', ''),\n  PayloadAuthenticationinfoPrincipalemail_e=column_ifexists('AuthInfoPrincipalEmail', ''),\n  PayloadAuthenticationinfoPrincipalsubject_e=column_ifexists('AuthenticationInfoPrincipalSubject', ''),\n  SrcIpAddr_e=column_ifexists('RequestMetadataCallerIp', ''),\n  HttpUserAgentOriginal_e=column_ifexists('RequestMetadataCallerSuppliedUserAgent', ''),\n  PayloadRequestmetadataRequestattributesTime_e=column_ifexists('RequestMetadataRequestAttributesTime', ''),\n  PayloadServicename_e=column_ifexists('ServiceName', ''),\n  PayloadMethodname_e=column_ifexists('MethodName', ''),\n  PayloadAuthorizationinfo_e=column_ifexists('AuthorizationInfo', ''),\n  PayloadResourcename_e=column_ifexists('ResourceName', ''),\n  PayloadRequestType_e=column_ifexists('RequestType', ''),\n  PayloadRequestName_e=column_ifexists('RequestName', ''),\n  PayloadRequestAccountId_e=column_ifexists('RequestAccountId', ''),\n  PayloadRequestServiceAccountDescription_e=column_ifexists('RequestServiceAccountDescription', ''),\n  PayloadRequestServiceAccountDisplayName_e=column_ifexists('RequestServiceAccountDisplayName', ''),\n  PayloadResponseOauth2ClientId_e=column_ifexists('ResponseOauth2ClientId', ''),\n  PayloadResponseName_e=column_ifexists('ResponseName', ''),\n  PayloadResponseEtag_e=column_ifexists('ResponseEtag', ''),\n  PayloadResponseUniqueId_e=column_ifexists('ResponseUniqueId', ''),\n  PayloadResponseDescription_e=column_ifexists('ResponseDescription', ''),\n  PayloadResponseProjectId_e=column_ifexists('ResponseProjectId', ''),\n  PayloadResponseDisplayName_e=column_ifexists('ResponseDisplayName', ''),\n  PayloadResponseType_e=column_ifexists('ResponseType', ''),\n  PayloadResponseEmail_e=column_ifexists('ResponseEmail', ''),\n  PayloadRequestPrivateKeyType_e=column_ifexists('RequestPrivateKeyType', ''),\n  PayloadResponseValidBeforeTimeSeconds_e=column_ifexists('ResponseValidBeforeTimeSeconds', ''),\n  PayloadResponseValidAfterTimeSeconds_e=column_ifexists('ResponseValidAfterTimeSeconds', ''),\n  PayloadResponseKeyType_e=column_ifexists('ResponseKeyType', ''),\n  PayloadResponseKeyOrigin_e=column_ifexists('ResponseKeyOrigin', ''),\n  PayloadResponsePrivateKeyType_e=column_ifexists('ResponsePrivateKeyType', ''),\n  PayloadResponseKeyAlgorithm_e=column_ifexists('ResponseKeyAlgorithm', ''),\n  ResourceLabelsService=column_ifexists('ResourceLabelsService', ''),\n  ResourceLabelsVersion=column_ifexists('ResourceLabelsVersion', ''),\n  ResourceLabelsLocation=column_ifexists('ResourceLabelsLocation', ''),\n  ResourceLabelsMethod=column_ifexists('ResourceLabelsMethod', ''),\n  PayloadRequestFullResourceName_e=column_ifexists('RequestFullResourceName', ''),\n  PayloadRequestOptionsRequestedPolicyVersion_e=column_ifexists('RequestOptionsRequestedPolicyVersion', ''),\n  PayloadRequestSkipVisibilityCheck_e=tobool(column_ifexists('RequestSkipVisibilityCheck', '')),\n  PayloadRequestPageToken_e=column_ifexists('RequestPageToken', '')\n| project-rename\n      PayloadStatusCode=PayloadStatusCode_e,\n      PayloadStatusMessage=PayloadStatusMessage_e,\n      PayloadRequestKeyTypes=PayloadRequestKeyTypes_e,\n      PayloadServicedataPermissiondeltaRemovedpermissions=PayloadServicedataPermissiondeltaRemovedpermissions_e,\n      PayloadRequestUpdateMaskPaths=PayloadRequestUpdateMaskPaths_e,\n      PayloadServicedataPolicydeltaBindingdeltas=PayloadServicedataPolicydeltaBindingdeltas_e,\n      PayloadRequestPolicyAuditconfigs=PayloadRequestPolicyAuditconfigs_e,\n      PayloadRequestPolicyEtag=PayloadRequestPolicyEtag_e,\n      PayloadRequestPolicyBindings=PayloadRequestPolicyBindings_e,\n      PayloadRequestResource=PayloadRequestResource_e,\n      PayloadResponseBindings=PayloadResponseBindings_e,\n      PayloadResponseAuditconfigs=PayloadResponseAuditconfigs_e,\n      PayloadRequestPageSize=PayloadRequestPageSize_e,\n      PayloadRequestRemoveDeletedServiceAccounts=PayloadRequestRemoveDeletedServiceAccounts_e,\n      PayloadRequestView=PayloadRequestView_e,\n      PayloadRequestParent=PayloadRequestParent_e,\n      PayloadRequestShowDeleted=PayloadRequestShowDeleted_e,\n      PayloadServicedataType=PayloadServicedataType_e,\n      PayloadServicedataPermissiondeltaAddedpermissions=PayloadServicedataPermissiondeltaAddedpermissions_e,\n      PayloadRequestRoleIncludedPermissions=PayloadRequestRoleIncludedPermissions_e,\n      PayloadRequestRoleTitle=PayloadRequestRoleTitle_e,\n      PayloadRequestRoleDescription=PayloadRequestRoleDescription_e,\n      PayloadRequestRoleId=PayloadRequestRoleId_e,\n      PayloadResponseGroupName=PayloadResponseGroupName_e,\n      PayloadResponseIncludedPermissions=PayloadResponseIncludedPermissions_e,\n      PayloadResponseTitle=PayloadResponseTitle_e,\n      PayloadResponseGroupTitle=PayloadResponseGroupTitle_e,\n      EventSeverity=EventSeverity_e,\n      EventEndTime=EventEndTime_e,\n      PayloadAuthenticationinfoPrincipalemail=PayloadAuthenticationinfoPrincipalemail_e,\n      PayloadAuthenticationinfoPrincipalsubject=PayloadAuthenticationinfoPrincipalsubject_e,\n      SrcIpAddr=SrcIpAddr_e,\n      HttpUserAgentOriginal=HttpUserAgentOriginal_e,\n      PayloadRequestmetadataRequestattributesTime=PayloadRequestmetadataRequestattributesTime_e,\n      PayloadServicename=PayloadServicename_e,\n      PayloadMethodname=PayloadMethodname_e,\n      PayloadAuthorizationinfo=PayloadAuthorizationinfo_e,\n      PayloadResourcename=PayloadResourcename_e,\n      PayloadRequestType=PayloadRequestType_e,\n      PayloadRequestName=PayloadRequestName_e,\n      PayloadRequestAccountId=PayloadRequestAccountId_e,\n      PayloadRequestServiceAccountDescription=PayloadRequestServiceAccountDescription_e,\n      PayloadRequestServiceAccountDisplayName=PayloadRequestServiceAccountDisplayName_e,\n      PayloadResponseOauth2ClientId=PayloadResponseOauth2ClientId_e,\n      PayloadResponseName=PayloadResponseName_e,\n      PayloadResponseEtag=PayloadResponseEtag_e,\n      PayloadResponseUniqueId=PayloadResponseUniqueId_e,\n      PayloadResponseDescription=PayloadResponseDescription_e,\n      PayloadResponseProjectId=PayloadResponseProjectId_e,\n      PayloadResponseDisplayName=PayloadResponseDisplayName_e,\n      PayloadResponseType=PayloadResponseType_e,\n      PayloadResponseEmail=PayloadResponseEmail_e,\n      PayloadRequestPrivateKeyType=PayloadRequestPrivateKeyType_e,\n      PayloadResponseValidBeforeTimeSeconds=PayloadResponseValidBeforeTimeSeconds_e,\n      PayloadResponseValidAfterTimeSeconds=PayloadResponseValidAfterTimeSeconds_e,\n      PayloadResponseKeyType=PayloadResponseKeyType_e,\n      PayloadResponseKeyOrigin=PayloadResponseKeyOrigin_e,\n      PayloadResponsePrivateKeyType=PayloadResponsePrivateKeyType_e,\n      PayloadResponseKeyAlgorithm=PayloadResponseKeyAlgorithm_e,\n      PayloadRequestFullResourceName=PayloadRequestFullResourceName_e,\n      PayloadRequestOptionsRequestedPolicyVersion=PayloadRequestOptionsRequestedPolicyVersion_e,\n      PayloadRequestSkipVisibilityCheck=PayloadRequestSkipVisibilityCheck_e,\n      PayloadRequestPageToken=PayloadRequestPageToken_e;  \n      union isfuzzy=true IamQuery_GcpIam, IamQuery_GcpIamV2     \n      | project-reorder PayloadStatusCode,PayloadStatusMessage,PayloadRequestKeyTypes,PayloadServicedataPermissiondeltaRemovedpermissions,PayloadRequestUpdateMaskPaths,ResourceLabelsTopicId,PayloadServicedataPolicydeltaBindingdeltas,PayloadRequestPolicyAuditconfigs,PayloadRequestPolicyEtag,PayloadRequestPolicyBindings,PayloadRequestResource,PayloadResponseBindings,PayloadResponseAuditconfigs,PayloadRequestPageSize,PayloadRequestRemoveDeletedServiceAccounts,PayloadRequestView,PayloadRequestParent,PayloadRequestShowDeleted,ResourceLabelsRoleName,PayloadServicedataType,PayloadServicedataPermissiondeltaAddedpermissions,PayloadRequestRoleIncludedPermissions,PayloadRequestRoleTitle,PayloadRequestRoleDescription,PayloadRequestRoleId,PayloadResponseGroupName,PayloadResponseIncludedPermissions,PayloadResponseTitle,PayloadResponseGroupTitle,LogName,InsertId,EventSeverity,EventEndTime,ResourceType,ResourceLabelsEmailId,ResourceLabelsProjectId,ResourceLabelsUniqueId,PayloadType,PayloadAuthenticationinfoPrincipalemail,PayloadAuthenticationinfoPrincipalsubject,SrcIpAddr,HttpUserAgentOriginal,PayloadRequestmetadataRequestattributesTime,PayloadServicename,PayloadMethodname,PayloadAuthorizationinfo,PayloadResourcename,PayloadRequestType,PayloadRequestName,PayloadRequestAccountId,PayloadRequestServiceAccountDescription,PayloadRequestServiceAccountDisplayName,PayloadResponseOauth2ClientId,PayloadResponseName,PayloadResponseEtag,PayloadResponseUniqueId,PayloadResponseDescription,PayloadResponseProjectId,PayloadResponseDisplayName,PayloadResponseType,PayloadResponseEmail,PayloadRequestPrivateKeyType,PayloadResponseValidBeforeTimeSeconds,PayloadResponseValidAfterTimeSeconds,PayloadResponseKeyType,PayloadResponseKeyOrigin,PayloadResponsePrivateKeyType,PayloadResponseKeyAlgorithm,ResourceLabelsService,ResourceLabelsVersion,ResourceLabelsLocation,ResourceLabelsMethod,PayloadRequestFullResourceName,PayloadRequestOptionsRequestedPolicyVersion,PayloadRequestSkipVisibilityCheck,PayloadRequestPageToken;\n};\nGCPIam_view\n",
                 "functionParameters": "",
                 "version": 2,
                 "tags": [
@@ -808,7 +808,7 @@
         "displayName": "GoogleCloudPlatformIAM Data Parser",
         "category": "Microsoft Sentinel Parser",
         "functionAlias": "GCP_IAM",
-        "query": "let GCPIam_view  = view () {\nlet IamQuery_GcpIam_empty = datatable(\n    PayloadStatusCode_e:real,\n    PayloadStatusMessage_e:string,\n    PayloadRequestKeyTypes_e:string,\n    PayloadServicedataPermissiondeltaRemovedpermissions_e:string,\n    PayloadRequestUpdateMaskPaths_e:string,\n    ResourceLabelsTopicId_e:string,\n    PayloadServicedataPolicydeltaBindingdeltas_e:string,\n    PayloadRequestPolicyAuditconfigs_e:string,\n    PayloadRequestPolicyEtag_e:string,\n    PayloadRequestPolicyBindings_e:string,\n    PayloadRequestResource_e:string,\n    PayloadResponseBindings_e:string,\n    PayloadResponseAuditconfigs_e:string,\n    PayloadRequestPageSize_e:real,\n    PayloadRequestRemoveDeletedServiceAccounts_e:bool,\n    PayloadRequestView_e:real,\n    PayloadRequestParent_e:string,\n    PayloadRequestShowDeleted_e:bool,\n    ResourceLabelsRoleName_e:string,\n    PayloadServicedataType_e:string,\n    PayloadServicedataPermissiondeltaAddedpermissions_e:string,\n    PayloadRequestRoleIncludedPermissions_e:string,\n    PayloadRequestRoleTitle_e:string,\n    PayloadRequestRoleDescription_e:string,\n    PayloadRequestRoleId_e:string,\n    PayloadResponseGroupName_e:string,\n    PayloadResponseIncludedPermissions_e:string,\n    PayloadResponseTitle_e:string,\n    PayloadResponseGroupTitle_e:string,\n    LogName_e:string,\n    InsertId_e:string,\n    EventSeverity_e:string,\n    EventEndTime_e:datetime,\n    ResourceType_e:string,\n    ResourceLabelsEmailId_e:string,\n    ResourceLabelsProjectId_e:string,\n    ResourceLabelsUniqueId_e:string,\n    PayloadType_e:string,\n    PayloadAuthenticationinfoPrincipalemail_e:string,\n    PayloadAuthenticationinfoPrincipalsubject_e:string,\n    SrcIpAddr_e:string,\n    HttpUserAgentOriginal_e:string,\n    PayloadRequestmetadataRequestattributesTime_e:string,\n    PayloadServicename_e:string,\n    PayloadMethodname_e:string,\n    PayloadAuthorizationinfo_e:string,\n    PayloadResourcename_e:string,\n    PayloadRequestType_e:string,\n    PayloadRequestName_e:string,\n    PayloadRequestAccountId_e:string,\n    PayloadRequestServiceAccountDescription_e:string,\n    PayloadRequestServiceAccountDisplayName_e:string,\n    PayloadResponseOauth2ClientId_e:string,\n    PayloadResponseName_e:string,\n    PayloadResponseEtag_e:string,\n    PayloadResponseUniqueId_e:string,\n    PayloadResponseDescription_e:string,\n    PayloadResponseProjectId_e:string,\n    PayloadResponseDisplayName_e:string,\n    PayloadResponseType_e:string,\n    PayloadResponseEmail_e:string,\n    PayloadRequestPrivateKeyType_e:real,\n    PayloadResponseValidBeforeTimeSeconds_e:real,\n    PayloadResponseValidAfterTimeSeconds_e:real,\n    PayloadResponseKeyType_e:real,\n    PayloadResponseKeyOrigin_e:real,\n    PayloadResponsePrivateKeyType_e:real,\n    PayloadResponseKeyAlgorithm_e:real,\n    ResourceLabelsService_e:string,\n    ResourceLabelsVersion_e:string,\n    ResourceLabelsLocation_e:string,\n    ResourceLabelsMethod_e:string,\n    PayloadRequestFullResourceName_e:string,\n    PayloadRequestOptionsRequestedPolicyVersion_e:real,\n    PayloadRequestSkipVisibilityCheck_e:bool,\n    PayloadRequestPageToken_e:string\n)[];\nlet IamQuery_GcpIam = union isfuzzy=true GCP_IAM_CL, IamQuery_GcpIam_empty \n  | extend\n  PayloadStatusCode_e=column_ifexists('payload_status_code_d', ''),\n  PayloadStatusMessage_e=column_ifexists('payload_status_message_s', ''),\n  PayloadRequestKeyTypes_e=column_ifexists('payload_request_key_types_s', ''),\n  PayloadServicedataPermissiondeltaRemovedpermissions_e=column_ifexists('payload_serviceData_permissionDelta_removedPermissions_s', ''),\n  PayloadRequestUpdateMaskPaths_e=column_ifexists('payload_request_update_mask_paths_s', ''),\n  ResourceLabelsTopicId_e=column_ifexists('resource_labels_topic_id_s', ''),\n  PayloadServicedataPolicydeltaBindingdeltas_e=column_ifexists('payload_serviceData_policyDelta_bindingDeltas_s', ''),\n  PayloadRequestPolicyAuditconfigs_e=column_ifexists('payload_request_policy_auditConfigs_s', ''),\n  PayloadRequestPolicyEtag_e=column_ifexists('payload_request_policy_etag_s', ''),\n  PayloadRequestPolicyBindings_e=column_ifexists('payload_request_policy_bindings_s', ''),\n  PayloadRequestResource_e=column_ifexists('payload_request_resource_s', ''),\n  PayloadResponseBindings_e=column_ifexists('payload_response_bindings_s', ''),\n  PayloadResponseAuditconfigs_e=column_ifexists('payload_response_auditConfigs_s', ''),\n  PayloadRequestPageSize_e=column_ifexists('payload_request_page_size_d', ''),\n  PayloadRequestRemoveDeletedServiceAccounts_e=column_ifexists('payload_request_remove_deleted_service_accounts_b', ''),\n  PayloadRequestView_e=column_ifexists('payload_request_view_d', ''),\n  PayloadRequestParent_e=column_ifexists('payload_request_parent_s', ''),\n  PayloadRequestShowDeleted_e=column_ifexists('payload_request_show_deleted_b', ''),\n  ResourceLabelsRoleName_e=column_ifexists('resource_labels_role_name_s', ''),\n  PayloadServicedataType_e=column_ifexists('payload_serviceData__type_s', ''),\n  PayloadServicedataPermissiondeltaAddedpermissions_e=column_ifexists('payload_serviceData_permissionDelta_addedPermissions_s', ''),\n  PayloadRequestRoleIncludedPermissions_e=column_ifexists('payload_request_role_included_permissions_s', ''),\n  PayloadRequestRoleTitle_e=column_ifexists('payload_request_role_title_s', ''),\n  PayloadRequestRoleDescription_e=column_ifexists('payload_request_role_description_s', ''),\n  PayloadRequestRoleId_e=column_ifexists('payload_request_role_id_s', ''),\n  PayloadResponseGroupName_e=column_ifexists('payload_response_group_name_s', ''),\n  PayloadResponseIncludedPermissions_e=column_ifexists('payload_response_included_permissions_s', ''),\n  PayloadResponseTitle_e=column_ifexists('payload_response_title_s', ''),\n  PayloadResponseGroupTitle_e=column_ifexists('payload_response_group_title_s', ''),\n  LogName_e=column_ifexists('log_name_s', ''),\n  InsertId_e=column_ifexists('insert_id_s', ''),\n  EventSeverity_e=column_ifexists('severity_s', ''),\n  EventEndTime_e=column_ifexists('timestamp_t', ''),\n  ResourceType_e=column_ifexists('resource_type_s', ''),\n  ResourceLabelsEmailId_e=column_ifexists('resource_labels_email_id_s', ''),\n  ResourceLabelsProjectId_e=column_ifexists('resource_labels_project_id_s', ''),\n  ResourceLabelsUniqueId_e=column_ifexists('resource_labels_unique_id_s', ''),\n  PayloadType_e=column_ifexists('payload__type_s', ''),\n  PayloadAuthenticationinfoPrincipalemail_e=column_ifexists('payload_authenticationInfo_principalEmail_s', ''),\n  PayloadAuthenticationinfoPrincipalsubject_e=column_ifexists('payload_authenticationInfo_principalSubject_s', ''),\n  SrcIpAddr_e=column_ifexists('payload_requestMetadata_callerIp_s', ''),\n  HttpUserAgentOriginal_e=column_ifexists('payload_requestMetadata_callerSuppliedUserAgent_s', ''),\n  PayloadRequestmetadataRequestattributesTime_e=column_ifexists('payload_requestMetadata_requestAttributes_time_s', ''),\n  PayloadServicename_e=column_ifexists('payload_serviceName_s', ''),\n  PayloadMethodname_e=column_ifexists('payload_methodName_s', ''),\n  PayloadAuthorizationinfo_e=column_ifexists('payload_authorizationInfo_s', ''),\n  PayloadResourcename_e=column_ifexists('payload_resourceName_s', ''),\n  PayloadRequestType_e=column_ifexists('payload_request__type_s', ''),\n  PayloadRequestName_e=column_ifexists('payload_request_name_s', ''),\n  PayloadRequestAccountId_e=column_ifexists('payload_request_account_id_s', ''),\n  PayloadRequestServiceAccountDescription_e=column_ifexists('payload_request_service_account_description_s', ''),\n  PayloadRequestServiceAccountDisplayName_e=column_ifexists('payload_request_service_account_display_name_s', ''),\n  PayloadResponseOauth2ClientId_e=column_ifexists('payload_response_oauth2_client_id_s', ''),\n  PayloadResponseName_e=column_ifexists('payload_response_name_s', ''),\n  PayloadResponseEtag_e=column_ifexists('payload_response_etag_s', ''),\n  PayloadResponseUniqueId_e=column_ifexists('payload_response_unique_id_s', ''),\n  PayloadResponseDescription_e=column_ifexists('payload_response_description_s', ''),\n  PayloadResponseProjectId_e=column_ifexists('payload_response_project_id_s', ''),\n  PayloadResponseDisplayName_e=column_ifexists('payload_response_display_name_s', ''),\n  PayloadResponseType_e=column_ifexists('payload_response__type_s', ''),\n  PayloadResponseEmail_e=column_ifexists('payload_response_email_s', ''),\n  PayloadRequestPrivateKeyType_e=column_ifexists('payload_request_private_key_type_d', ''),\n  PayloadResponseValidBeforeTimeSeconds_e=column_ifexists('payload_response_valid_before_time_seconds_d', ''),\n  PayloadResponseValidAfterTimeSeconds_e=column_ifexists('payload_response_valid_after_time_seconds_d', ''),\n  PayloadResponseKeyType_e=column_ifexists('payload_response_key_type_d', ''),\n  PayloadResponseKeyOrigin_e=column_ifexists('payload_response_key_origin_d', ''),\n  PayloadResponsePrivateKeyType_e=column_ifexists('payload_response_private_key_type_d', ''),\n  PayloadResponseKeyAlgorithm_e=column_ifexists('payload_response_key_algorithm_d', ''),\n  ResourceLabelsService_e=column_ifexists('resource_labels_service_s', ''),\n  ResourceLabelsVersion_e=column_ifexists('resource_labels_version_s', ''),\n  ResourceLabelsLocation_e=column_ifexists('resource_labels_location_s', ''),\n  ResourceLabelsMethod_e=column_ifexists('resource_labels_method_s', ''),\n  PayloadRequestFullResourceName_e=column_ifexists('payload_request_full_resource_name_s', ''),\n  PayloadRequestOptionsRequestedPolicyVersion_e=column_ifexists('payload_request_options_requested_policy_version_d', ''),\n  PayloadRequestSkipVisibilityCheck_e=column_ifexists('payload_request_skip_visibility_check_b', ''),\n  PayloadRequestPageToken_e=column_ifexists('payload_request_page_token_s', '')\n  | project-rename\n      PayloadStatusCode=PayloadStatusCode_e,\n      PayloadStatusMessage=PayloadStatusMessage_e,\n      PayloadRequestKeyTypes=PayloadRequestKeyTypes_e,\n      PayloadServicedataPermissiondeltaRemovedpermissions=PayloadServicedataPermissiondeltaRemovedpermissions_e,\n      PayloadRequestUpdateMaskPaths=PayloadRequestUpdateMaskPaths_e,\n      ResourceLabelsTopicId=ResourceLabelsTopicId_e,\n      PayloadServicedataPolicydeltaBindingdeltas=PayloadServicedataPolicydeltaBindingdeltas_e,\n      PayloadRequestPolicyAuditconfigs=PayloadRequestPolicyAuditconfigs_e,\n      PayloadRequestPolicyEtag=PayloadRequestPolicyEtag_e,\n      PayloadRequestPolicyBindings=PayloadRequestPolicyBindings_e,\n      PayloadRequestResource=PayloadRequestResource_e,\n      PayloadResponseBindings=PayloadResponseBindings_e,\n      PayloadResponseAuditconfigs=PayloadResponseAuditconfigs_e,\n      PayloadRequestPageSize=PayloadRequestPageSize_e,\n      PayloadRequestRemoveDeletedServiceAccounts=PayloadRequestRemoveDeletedServiceAccounts_e,\n      PayloadRequestView=PayloadRequestView_e,\n      PayloadRequestParent=PayloadRequestParent_e,\n      PayloadRequestShowDeleted=PayloadRequestShowDeleted_e,\n      ResourceLabelsRoleName=ResourceLabelsRoleName_e,\n      PayloadServicedataType=PayloadServicedataType_e,\n      PayloadServicedataPermissiondeltaAddedpermissions=PayloadServicedataPermissiondeltaAddedpermissions_e,\n      PayloadRequestRoleIncludedPermissions=PayloadRequestRoleIncludedPermissions_e,\n      PayloadRequestRoleTitle=PayloadRequestRoleTitle_e,\n      PayloadRequestRoleDescription=PayloadRequestRoleDescription_e,\n      PayloadRequestRoleId=PayloadRequestRoleId_e,\n      PayloadResponseGroupName=PayloadResponseGroupName_e,\n      PayloadResponseIncludedPermissions=PayloadResponseIncludedPermissions_e,\n      PayloadResponseTitle=PayloadResponseTitle_e,\n      PayloadResponseGroupTitle=PayloadResponseGroupTitle_e,\n      LogName=LogName_e,\n      InsertId=InsertId_e,\n      EventSeverity=EventSeverity_e,\n      EventEndTime=EventEndTime_e,\n      ResourceType=ResourceType_e,\n      ResourceLabelsEmailId=ResourceLabelsEmailId_e,\n      ResourceLabelsProjectId=ResourceLabelsProjectId_e,\n      ResourceLabelsUniqueId=ResourceLabelsUniqueId_e,\n      PayloadType=PayloadType_e,\n      PayloadAuthenticationinfoPrincipalemail=PayloadAuthenticationinfoPrincipalemail_e,\n      PayloadAuthenticationinfoPrincipalsubject=PayloadAuthenticationinfoPrincipalsubject_e,\n      SrcIpAddr=SrcIpAddr_e,\n      HttpUserAgentOriginal=HttpUserAgentOriginal_e,\n      PayloadRequestmetadataRequestattributesTime=PayloadRequestmetadataRequestattributesTime_e,\n      PayloadServicename=PayloadServicename_e,\n      PayloadMethodname=PayloadMethodname_e,\n      PayloadAuthorizationinfo=PayloadAuthorizationinfo_e,\n      PayloadResourcename=PayloadResourcename_e,\n      PayloadRequestType=PayloadRequestType_e,\n      PayloadRequestName=PayloadRequestName_e,\n      PayloadRequestAccountId=PayloadRequestAccountId_e,\n      PayloadRequestServiceAccountDescription=PayloadRequestServiceAccountDescription_e,\n      PayloadRequestServiceAccountDisplayName=PayloadRequestServiceAccountDisplayName_e,\n      PayloadResponseOauth2ClientId=PayloadResponseOauth2ClientId_e,\n      PayloadResponseName=PayloadResponseName_e,\n      PayloadResponseEtag=PayloadResponseEtag_e,\n      PayloadResponseUniqueId=PayloadResponseUniqueId_e,\n      PayloadResponseDescription=PayloadResponseDescription_e,\n      PayloadResponseProjectId=PayloadResponseProjectId_e,\n      PayloadResponseDisplayName=PayloadResponseDisplayName_e,\n      PayloadResponseType=PayloadResponseType_e,\n      PayloadResponseEmail=PayloadResponseEmail_e,\n      PayloadRequestPrivateKeyType=PayloadRequestPrivateKeyType_e,\n      PayloadResponseValidBeforeTimeSeconds=PayloadResponseValidBeforeTimeSeconds_e,\n      PayloadResponseValidAfterTimeSeconds=PayloadResponseValidAfterTimeSeconds_e,\n      PayloadResponseKeyType=PayloadResponseKeyType_e,\n      PayloadResponseKeyOrigin=PayloadResponseKeyOrigin_e,\n      PayloadResponsePrivateKeyType=PayloadResponsePrivateKeyType_e,\n      PayloadResponseKeyAlgorithm=PayloadResponseKeyAlgorithm_e,\n      ResourceLabelsService=ResourceLabelsService_e,\n      ResourceLabelsVersion=ResourceLabelsVersion_e,\n      ResourceLabelsLocation=ResourceLabelsLocation_e,\n      ResourceLabelsMethod=ResourceLabelsMethod_e,\n      PayloadRequestFullResourceName=PayloadRequestFullResourceName_e,\n      PayloadRequestOptionsRequestedPolicyVersion=PayloadRequestOptionsRequestedPolicyVersion_e,\n      PayloadRequestSkipVisibilityCheck=PayloadRequestSkipVisibilityCheck_e,\n      PayloadRequestPageToken=PayloadRequestPageToken_e;\nlet IamQuery_GcpIamV2 = union isfuzzy=true GCPIAM, IamQuery_GcpIam_empty \n  | extend\n  PayloadStatusCode_e=column_ifexists('StatusCode', ''),\n  PayloadStatusMessage_e=column_ifexists('StatusMessage', ''),\n  PayloadRequestKeyTypes_e=column_ifexists('RequestKeyTypes', ''),\n  PayloadServicedataPermissiondeltaRemovedpermissions_e=column_ifexists('ServiceDataPermissionDeltaRemovedPermissions', ''),\n  PayloadRequestUpdateMaskPaths_e=column_ifexists('RequestUpdateMaskPaths', ''),\n  ResourceLabelsTopicId=column_ifexists('ResourceLabelsTopicId', ''),\n  PayloadServicedataPolicydeltaBindingdeltas_e=column_ifexists('ServiceDataPolicyDeltaBindingDeltas', ''),\n  PayloadRequestPolicyAuditconfigs_e=column_ifexists('RequestPolicyAuditConfigs', ''),\n  PayloadRequestPolicyEtag_e=column_ifexists('RequestPolicyEtag', ''),\n  PayloadRequestPolicyBindings_e=column_ifexists('RequestPolicyBindings', ''),\n  PayloadRequestResource_e=column_ifexists('RequestResource', ''),\n  PayloadResponseBindings_e=column_ifexists('ResponseBindings', ''),\n  PayloadResponseAuditconfigs_e=column_ifexists('ResponseAuditConfigs', ''),\n  PayloadRequestPageSize_e=column_ifexists('RequestPageSize', ''),\n  PayloadRequestRemoveDeletedServiceAccounts_e=column_ifexists('RequestRemoveDeletedServiceAccounts', ''),\n  PayloadRequestView_e=column_ifexists('RequestView', ''),\n  PayloadRequestParent_e=column_ifexists('RequestParent', ''),\n  PayloadRequestShowDeleted_e=column_ifexists('RequestShowDeleted', ''),\n  ResourceLabelsRoleName=column_ifexists('ResourceLabelsRoleName', ''),\n  PayloadServicedataType_e=column_ifexists('ServiceDataType', ''),\n  PayloadServicedataPermissiondeltaAddedpermissions_e=column_ifexists('ServiceDataPermissionDeltaAddedPermissions', ''),\n  PayloadRequestRoleIncludedPermissions_e=column_ifexists('RequestRoleIncludedPermissions', ''),\n  PayloadRequestRoleTitle_e=column_ifexists('RequestRoleTitle', ''),\n  PayloadRequestRoleDescription_e=column_ifexists('RequestRoleDescription', ''),\n  PayloadRequestRoleId_e=column_ifexists('RequestRoleId', ''),\n  PayloadResponseGroupName_e=column_ifexists('ResponseGroupName', ''),\n  PayloadResponseIncludedPermissions_e=column_ifexists('ResponseIncludedPermissions', ''),\n  PayloadResponseTitle_e=column_ifexists('ResponseTitle', ''),\n  PayloadResponseGroupTitle_e=column_ifexists('ResponseGroupTitle', ''),\n  LogName=column_ifexists('LogName', ''),\n  InsertId=column_ifexists('InsertId', ''),\n  EventSeverity_e=column_ifexists('Severity', ''),\n  EventEndTime_e=column_ifexists('Timestamp', ''),\n  ResourceType=column_ifexists('ResourceType', ''),\n  ResourceLabelsEmailId=column_ifexists('ResourceLabelsEmailId', ''),\n  ResourceLabelsProjectId=column_ifexists('ResourceLabelsProjectId', ''),\n  ResourceLabelsUniqueId=column_ifexists('ResourceLabelsUniqueId', ''),\n  PayloadType=column_ifexists('PayloadType', ''),\n  PayloadAuthenticationinfoPrincipalemail_e=column_ifexists('AuthInfoPrincipalEmail', ''),\n  PayloadAuthenticationinfoPrincipalsubject_e=column_ifexists('AuthenticationInfoPrincipalSubject', ''),\n  SrcIpAddr_e=column_ifexists('RequestMetadataCallerIp', ''),\n  HttpUserAgentOriginal_e=column_ifexists('RequestMetadataCallerSuppliedUserAgent', ''),\n  PayloadRequestmetadataRequestattributesTime_e=column_ifexists('RequestMetadataRequestAttributesTime', ''),\n  PayloadServicename_e=column_ifexists('ServiceName', ''),\n  PayloadMethodname_e=column_ifexists('MethodName', ''),\n  PayloadAuthorizationinfo_e=column_ifexists('AuthorizationInfo', ''),\n  PayloadResourcename_e=column_ifexists('ResourceName', ''),\n  PayloadRequestType_e=column_ifexists('RequestType', ''),\n  PayloadRequestName_e=column_ifexists('RequestName', ''),\n  PayloadRequestAccountId_e=column_ifexists('RequestAccountId', ''),\n  PayloadRequestServiceAccountDescription_e=column_ifexists('RequestServiceAccountDescription', ''),\n  PayloadRequestServiceAccountDisplayName_e=column_ifexists('RequestServiceAccountDisplayName', ''),\n  PayloadResponseOauth2ClientId_e=column_ifexists('ResponseOauth2ClientId', ''),\n  PayloadResponseName_e=column_ifexists('ResponseName', ''),\n  PayloadResponseEtag_e=column_ifexists('ResponseEtag', ''),\n  PayloadResponseUniqueId_e=column_ifexists('ResponseUniqueId', ''),\n  PayloadResponseDescription_e=column_ifexists('ResponseDescription', ''),\n  PayloadResponseProjectId_e=column_ifexists('ResponseProjectId', ''),\n  PayloadResponseDisplayName_e=column_ifexists('ResponseDisplayName', ''),\n  PayloadResponseType_e=column_ifexists('ResponseType', ''),\n  PayloadResponseEmail_e=column_ifexists('ResponseEmail', ''),\n  PayloadRequestPrivateKeyType_e=column_ifexists('RequestPrivateKeyType', ''),\n  PayloadResponseValidBeforeTimeSeconds_e=column_ifexists('ResponseValidBeforeTimeSeconds', ''),\n  PayloadResponseValidAfterTimeSeconds_e=column_ifexists('ResponseValidAfterTimeSeconds', ''),\n  PayloadResponseKeyType_e=column_ifexists('ResponseKeyType', ''),\n  PayloadResponseKeyOrigin_e=column_ifexists('ResponseKeyOrigin', ''),\n  PayloadResponsePrivateKeyType_e=column_ifexists('ResponsePrivateKeyType', ''),\n  PayloadResponseKeyAlgorithm_e=column_ifexists('ResponseKeyAlgorithm', ''),\n  ResourceLabelsService=column_ifexists('ResourceLabelsService', ''),\n  ResourceLabelsVersion=column_ifexists('ResourceLabelsVersion', ''),\n  ResourceLabelsLocation=column_ifexists('ResourceLabelsLocation', ''),\n  ResourceLabelsMethod=column_ifexists('ResourceLabelsMethod', ''),\n  PayloadRequestFullResourceName_e=column_ifexists('RequestFullResourceName', ''),\n  PayloadRequestOptionsRequestedPolicyVersion_e=column_ifexists('RequestOptionsRequestedPolicyVersion', ''),\n  PayloadRequestSkipVisibilityCheck_e=column_ifexists('RequestSkipVisibilityCheck', ''),\n  PayloadRequestPageToken_e=column_ifexists('RequestPageToken', '')\n| project-rename\n      PayloadStatusCode=PayloadStatusCode_e,\n      PayloadStatusMessage=PayloadStatusMessage_e,\n      PayloadRequestKeyTypes=PayloadRequestKeyTypes_e,\n      PayloadServicedataPermissiondeltaRemovedpermissions=PayloadServicedataPermissiondeltaRemovedpermissions_e,\n      PayloadRequestUpdateMaskPaths=PayloadRequestUpdateMaskPaths_e,\n      PayloadServicedataPolicydeltaBindingdeltas=PayloadServicedataPolicydeltaBindingdeltas_e,\n      PayloadRequestPolicyAuditconfigs=PayloadRequestPolicyAuditconfigs_e,\n      PayloadRequestPolicyEtag=PayloadRequestPolicyEtag_e,\n      PayloadRequestPolicyBindings=PayloadRequestPolicyBindings_e,\n      PayloadRequestResource=PayloadRequestResource_e,\n      PayloadResponseBindings=PayloadResponseBindings_e,\n      PayloadResponseAuditconfigs=PayloadResponseAuditconfigs_e,\n      PayloadRequestPageSize=PayloadRequestPageSize_e,\n      PayloadRequestRemoveDeletedServiceAccounts=PayloadRequestRemoveDeletedServiceAccounts_e,\n      PayloadRequestView=PayloadRequestView_e,\n      PayloadRequestParent=PayloadRequestParent_e,\n      PayloadRequestShowDeleted=PayloadRequestShowDeleted_e,\n      PayloadServicedataType=PayloadServicedataType_e,\n      PayloadServicedataPermissiondeltaAddedpermissions=PayloadServicedataPermissiondeltaAddedpermissions_e,\n      PayloadRequestRoleIncludedPermissions=PayloadRequestRoleIncludedPermissions_e,\n      PayloadRequestRoleTitle=PayloadRequestRoleTitle_e,\n      PayloadRequestRoleDescription=PayloadRequestRoleDescription_e,\n      PayloadRequestRoleId=PayloadRequestRoleId_e,\n      PayloadResponseGroupName=PayloadResponseGroupName_e,\n      PayloadResponseIncludedPermissions=PayloadResponseIncludedPermissions_e,\n      PayloadResponseTitle=PayloadResponseTitle_e,\n      PayloadResponseGroupTitle=PayloadResponseGroupTitle_e,\n      EventSeverity=EventSeverity_e,\n      EventEndTime=EventEndTime_e,\n      PayloadAuthenticationinfoPrincipalemail=PayloadAuthenticationinfoPrincipalemail_e,\n      PayloadAuthenticationinfoPrincipalsubject=PayloadAuthenticationinfoPrincipalsubject_e,\n      SrcIpAddr=SrcIpAddr_e,\n      HttpUserAgentOriginal=HttpUserAgentOriginal_e,\n      PayloadRequestmetadataRequestattributesTime=PayloadRequestmetadataRequestattributesTime_e,\n      PayloadServicename=PayloadServicename_e,\n      PayloadMethodname=PayloadMethodname_e,\n      PayloadAuthorizationinfo=PayloadAuthorizationinfo_e,\n      PayloadResourcename=PayloadResourcename_e,\n      PayloadRequestType=PayloadRequestType_e,\n      PayloadRequestName=PayloadRequestName_e,\n      PayloadRequestAccountId=PayloadRequestAccountId_e,\n      PayloadRequestServiceAccountDescription=PayloadRequestServiceAccountDescription_e,\n      PayloadRequestServiceAccountDisplayName=PayloadRequestServiceAccountDisplayName_e,\n      PayloadResponseOauth2ClientId=PayloadResponseOauth2ClientId_e,\n      PayloadResponseName=PayloadResponseName_e,\n      PayloadResponseEtag=PayloadResponseEtag_e,\n      PayloadResponseUniqueId=PayloadResponseUniqueId_e,\n      PayloadResponseDescription=PayloadResponseDescription_e,\n      PayloadResponseProjectId=PayloadResponseProjectId_e,\n      PayloadResponseDisplayName=PayloadResponseDisplayName_e,\n      PayloadResponseType=PayloadResponseType_e,\n      PayloadResponseEmail=PayloadResponseEmail_e,\n      PayloadRequestPrivateKeyType=PayloadRequestPrivateKeyType_e,\n      PayloadResponseValidBeforeTimeSeconds=PayloadResponseValidBeforeTimeSeconds_e,\n      PayloadResponseValidAfterTimeSeconds=PayloadResponseValidAfterTimeSeconds_e,\n      PayloadResponseKeyType=PayloadResponseKeyType_e,\n      PayloadResponseKeyOrigin=PayloadResponseKeyOrigin_e,\n      PayloadResponsePrivateKeyType=PayloadResponsePrivateKeyType_e,\n      PayloadResponseKeyAlgorithm=PayloadResponseKeyAlgorithm_e,\n      PayloadRequestFullResourceName=PayloadRequestFullResourceName_e,\n      PayloadRequestOptionsRequestedPolicyVersion=PayloadRequestOptionsRequestedPolicyVersion_e,\n      PayloadRequestSkipVisibilityCheck=PayloadRequestSkipVisibilityCheck_e,\n      PayloadRequestPageToken=PayloadRequestPageToken_e;  \n      union isfuzzy=true IamQuery_GcpIam, IamQuery_GcpIamV2     \n      | project-reorder PayloadStatusCode,PayloadStatusMessage,PayloadRequestKeyTypes,PayloadServicedataPermissiondeltaRemovedpermissions,PayloadRequestUpdateMaskPaths,ResourceLabelsTopicId,PayloadServicedataPolicydeltaBindingdeltas,PayloadRequestPolicyAuditconfigs,PayloadRequestPolicyEtag,PayloadRequestPolicyBindings,PayloadRequestResource,PayloadResponseBindings,PayloadResponseAuditconfigs,PayloadRequestPageSize,PayloadRequestRemoveDeletedServiceAccounts,PayloadRequestView,PayloadRequestParent,PayloadRequestShowDeleted,ResourceLabelsRoleName,PayloadServicedataType,PayloadServicedataPermissiondeltaAddedpermissions,PayloadRequestRoleIncludedPermissions,PayloadRequestRoleTitle,PayloadRequestRoleDescription,PayloadRequestRoleId,PayloadResponseGroupName,PayloadResponseIncludedPermissions,PayloadResponseTitle,PayloadResponseGroupTitle,LogName,InsertId,EventSeverity,EventEndTime,ResourceType,ResourceLabelsEmailId,ResourceLabelsProjectId,ResourceLabelsUniqueId,PayloadType,PayloadAuthenticationinfoPrincipalemail,PayloadAuthenticationinfoPrincipalsubject,SrcIpAddr,HttpUserAgentOriginal,PayloadRequestmetadataRequestattributesTime,PayloadServicename,PayloadMethodname,PayloadAuthorizationinfo,PayloadResourcename,PayloadRequestType,PayloadRequestName,PayloadRequestAccountId,PayloadRequestServiceAccountDescription,PayloadRequestServiceAccountDisplayName,PayloadResponseOauth2ClientId,PayloadResponseName,PayloadResponseEtag,PayloadResponseUniqueId,PayloadResponseDescription,PayloadResponseProjectId,PayloadResponseDisplayName,PayloadResponseType,PayloadResponseEmail,PayloadRequestPrivateKeyType,PayloadResponseValidBeforeTimeSeconds,PayloadResponseValidAfterTimeSeconds,PayloadResponseKeyType,PayloadResponseKeyOrigin,PayloadResponsePrivateKeyType,PayloadResponseKeyAlgorithm,ResourceLabelsService,ResourceLabelsVersion,ResourceLabelsLocation,ResourceLabelsMethod,PayloadRequestFullResourceName,PayloadRequestOptionsRequestedPolicyVersion,PayloadRequestSkipVisibilityCheck,PayloadRequestPageToken;\n};\nGCPIam_view\n",
+        "query": "let GCPIam_view  = view () {\nlet IamQuery_GcpIam_empty = datatable(\n    PayloadStatusCode_e:real,\n    PayloadStatusMessage_e:string,\n    PayloadRequestKeyTypes_e:string,\n    PayloadServicedataPermissiondeltaRemovedpermissions_e:string,\n    PayloadRequestUpdateMaskPaths_e:string,\n    ResourceLabelsTopicId_e:string,\n    PayloadServicedataPolicydeltaBindingdeltas_e:string,\n    PayloadRequestPolicyAuditconfigs_e:string,\n    PayloadRequestPolicyEtag_e:string,\n    PayloadRequestPolicyBindings_e:string,\n    PayloadRequestResource_e:string,\n    PayloadResponseBindings_e:string,\n    PayloadResponseAuditconfigs_e:string,\n    PayloadRequestPageSize_e:real,\n    PayloadRequestRemoveDeletedServiceAccounts_e:bool,\n    PayloadRequestView_e:real,\n    PayloadRequestParent_e:string,\n    PayloadRequestShowDeleted_e:bool,\n    ResourceLabelsRoleName_e:string,\n    PayloadServicedataType_e:string,\n    PayloadServicedataPermissiondeltaAddedpermissions_e:string,\n    PayloadRequestRoleIncludedPermissions_e:string,\n    PayloadRequestRoleTitle_e:string,\n    PayloadRequestRoleDescription_e:string,\n    PayloadRequestRoleId_e:string,\n    PayloadResponseGroupName_e:string,\n    PayloadResponseIncludedPermissions_e:string,\n    PayloadResponseTitle_e:string,\n    PayloadResponseGroupTitle_e:string,\n    LogName_e:string,\n    InsertId_e:string,\n    EventSeverity_e:string,\n    EventEndTime_e:datetime,\n    ResourceType_e:string,\n    ResourceLabelsEmailId_e:string,\n    ResourceLabelsProjectId_e:string,\n    ResourceLabelsUniqueId_e:string,\n    PayloadType_e:string,\n    PayloadAuthenticationinfoPrincipalemail_e:string,\n    PayloadAuthenticationinfoPrincipalsubject_e:string,\n    SrcIpAddr_e:string,\n    HttpUserAgentOriginal_e:string,\n    PayloadRequestmetadataRequestattributesTime_e:string,\n    PayloadServicename_e:string,\n    PayloadMethodname_e:string,\n    PayloadAuthorizationinfo_e:string,\n    PayloadResourcename_e:string,\n    PayloadRequestType_e:string,\n    PayloadRequestName_e:string,\n    PayloadRequestAccountId_e:string,\n    PayloadRequestServiceAccountDescription_e:string,\n    PayloadRequestServiceAccountDisplayName_e:string,\n    PayloadResponseOauth2ClientId_e:string,\n    PayloadResponseName_e:string,\n    PayloadResponseEtag_e:string,\n    PayloadResponseUniqueId_e:string,\n    PayloadResponseDescription_e:string,\n    PayloadResponseProjectId_e:string,\n    PayloadResponseDisplayName_e:string,\n    PayloadResponseType_e:string,\n    PayloadResponseEmail_e:string,\n    PayloadRequestPrivateKeyType_e:real,\n    PayloadResponseValidBeforeTimeSeconds_e:real,\n    PayloadResponseValidAfterTimeSeconds_e:real,\n    PayloadResponseKeyType_e:real,\n    PayloadResponseKeyOrigin_e:real,\n    PayloadResponsePrivateKeyType_e:real,\n    PayloadResponseKeyAlgorithm_e:real,\n    ResourceLabelsService_e:string,\n    ResourceLabelsVersion_e:string,\n    ResourceLabelsLocation_e:string,\n    ResourceLabelsMethod_e:string,\n    PayloadRequestFullResourceName_e:string,\n    PayloadRequestOptionsRequestedPolicyVersion_e:real,\n    PayloadRequestSkipVisibilityCheck_e:bool,\n    PayloadRequestPageToken_e:string\n)[];\nlet IamQuery_GcpIam = union isfuzzy=true GCP_IAM_CL, IamQuery_GcpIam_empty \n  | extend\n  PayloadStatusCode_e=column_ifexists('payload_status_code_d', ''),\n  PayloadStatusMessage_e=column_ifexists('payload_status_message_s', ''),\n  PayloadRequestKeyTypes_e=column_ifexists('payload_request_key_types_s', ''),\n  PayloadServicedataPermissiondeltaRemovedpermissions_e=column_ifexists('payload_serviceData_permissionDelta_removedPermissions_s', ''),\n  PayloadRequestUpdateMaskPaths_e=column_ifexists('payload_request_update_mask_paths_s', ''),\n  ResourceLabelsTopicId_e=column_ifexists('resource_labels_topic_id_s', ''),\n  PayloadServicedataPolicydeltaBindingdeltas_e=column_ifexists('payload_serviceData_policyDelta_bindingDeltas_s', ''),\n  PayloadRequestPolicyAuditconfigs_e=column_ifexists('payload_request_policy_auditConfigs_s', ''),\n  PayloadRequestPolicyEtag_e=column_ifexists('payload_request_policy_etag_s', ''),\n  PayloadRequestPolicyBindings_e=column_ifexists('payload_request_policy_bindings_s', ''),\n  PayloadRequestResource_e=column_ifexists('payload_request_resource_s', ''),\n  PayloadResponseBindings_e=column_ifexists('payload_response_bindings_s', ''),\n  PayloadResponseAuditconfigs_e=column_ifexists('payload_response_auditConfigs_s', ''),\n  PayloadRequestPageSize_e=column_ifexists('payload_request_page_size_d', ''),\n  PayloadRequestRemoveDeletedServiceAccounts_e=tobool(column_ifexists('payload_request_remove_deleted_service_accounts_b', '')),\n  PayloadRequestView_e=column_ifexists('payload_request_view_d', ''),\n  PayloadRequestParent_e=column_ifexists('payload_request_parent_s', ''),\n  PayloadRequestShowDeleted_e=tobool(column_ifexists('payload_request_show_deleted_b', '')),\n  ResourceLabelsRoleName_e=column_ifexists('resource_labels_role_name_s', ''),\n  PayloadServicedataType_e=column_ifexists('payload_serviceData__type_s', ''),\n  PayloadServicedataPermissiondeltaAddedpermissions_e=column_ifexists('payload_serviceData_permissionDelta_addedPermissions_s', ''),\n  PayloadRequestRoleIncludedPermissions_e=column_ifexists('payload_request_role_included_permissions_s', ''),\n  PayloadRequestRoleTitle_e=column_ifexists('payload_request_role_title_s', ''),\n  PayloadRequestRoleDescription_e=column_ifexists('payload_request_role_description_s', ''),\n  PayloadRequestRoleId_e=column_ifexists('payload_request_role_id_s', ''),\n  PayloadResponseGroupName_e=column_ifexists('payload_response_group_name_s', ''),\n  PayloadResponseIncludedPermissions_e=column_ifexists('payload_response_included_permissions_s', ''),\n  PayloadResponseTitle_e=column_ifexists('payload_response_title_s', ''),\n  PayloadResponseGroupTitle_e=column_ifexists('payload_response_group_title_s', ''),\n  LogName_e=column_ifexists('log_name_s', ''),\n  InsertId_e=column_ifexists('insert_id_s', ''),\n  EventSeverity_e=column_ifexists('severity_s', ''),\n  EventEndTime_e=todatetime(column_ifexists('timestamp_t', '')),\n  ResourceType_e=column_ifexists('resource_type_s', ''),\n  ResourceLabelsEmailId_e=column_ifexists('resource_labels_email_id_s', ''),\n  ResourceLabelsProjectId_e=column_ifexists('resource_labels_project_id_s', ''),\n  ResourceLabelsUniqueId_e=column_ifexists('resource_labels_unique_id_s', ''),\n  PayloadType_e=column_ifexists('payload__type_s', ''),\n  PayloadAuthenticationinfoPrincipalemail_e=column_ifexists('payload_authenticationInfo_principalEmail_s', ''),\n  PayloadAuthenticationinfoPrincipalsubject_e=column_ifexists('payload_authenticationInfo_principalSubject_s', ''),\n  SrcIpAddr_e=column_ifexists('payload_requestMetadata_callerIp_s', ''),\n  HttpUserAgentOriginal_e=column_ifexists('payload_requestMetadata_callerSuppliedUserAgent_s', ''),\n  PayloadRequestmetadataRequestattributesTime_e=column_ifexists('payload_requestMetadata_requestAttributes_time_s', ''),\n  PayloadServicename_e=column_ifexists('payload_serviceName_s', ''),\n  PayloadMethodname_e=column_ifexists('payload_methodName_s', ''),\n  PayloadAuthorizationinfo_e=column_ifexists('payload_authorizationInfo_s', ''),\n  PayloadResourcename_e=column_ifexists('payload_resourceName_s', ''),\n  PayloadRequestType_e=column_ifexists('payload_request__type_s', ''),\n  PayloadRequestName_e=column_ifexists('payload_request_name_s', ''),\n  PayloadRequestAccountId_e=column_ifexists('payload_request_account_id_s', ''),\n  PayloadRequestServiceAccountDescription_e=column_ifexists('payload_request_service_account_description_s', ''),\n  PayloadRequestServiceAccountDisplayName_e=column_ifexists('payload_request_service_account_display_name_s', ''),\n  PayloadResponseOauth2ClientId_e=column_ifexists('payload_response_oauth2_client_id_s', ''),\n  PayloadResponseName_e=column_ifexists('payload_response_name_s', ''),\n  PayloadResponseEtag_e=column_ifexists('payload_response_etag_s', ''),\n  PayloadResponseUniqueId_e=column_ifexists('payload_response_unique_id_s', ''),\n  PayloadResponseDescription_e=column_ifexists('payload_response_description_s', ''),\n  PayloadResponseProjectId_e=column_ifexists('payload_response_project_id_s', ''),\n  PayloadResponseDisplayName_e=column_ifexists('payload_response_display_name_s', ''),\n  PayloadResponseType_e=column_ifexists('payload_response__type_s', ''),\n  PayloadResponseEmail_e=column_ifexists('payload_response_email_s', ''),\n  PayloadRequestPrivateKeyType_e=column_ifexists('payload_request_private_key_type_d', ''),\n  PayloadResponseValidBeforeTimeSeconds_e=column_ifexists('payload_response_valid_before_time_seconds_d', ''),\n  PayloadResponseValidAfterTimeSeconds_e=column_ifexists('payload_response_valid_after_time_seconds_d', ''),\n  PayloadResponseKeyType_e=column_ifexists('payload_response_key_type_d', ''),\n  PayloadResponseKeyOrigin_e=column_ifexists('payload_response_key_origin_d', ''),\n  PayloadResponsePrivateKeyType_e=column_ifexists('payload_response_private_key_type_d', ''),\n  PayloadResponseKeyAlgorithm_e=column_ifexists('payload_response_key_algorithm_d', ''),\n  ResourceLabelsService_e=column_ifexists('resource_labels_service_s', ''),\n  ResourceLabelsVersion_e=column_ifexists('resource_labels_version_s', ''),\n  ResourceLabelsLocation_e=column_ifexists('resource_labels_location_s', ''),\n  ResourceLabelsMethod_e=column_ifexists('resource_labels_method_s', ''),\n  PayloadRequestFullResourceName_e=column_ifexists('payload_request_full_resource_name_s', ''),\n  PayloadRequestOptionsRequestedPolicyVersion_e=column_ifexists('payload_request_options_requested_policy_version_d', ''),\n  PayloadRequestSkipVisibilityCheck_e=tobool(column_ifexists('payload_request_skip_visibility_check_b', '')),\n  PayloadRequestPageToken_e=column_ifexists('payload_request_page_token_s', '')\n  | project-rename\n      PayloadStatusCode=PayloadStatusCode_e,\n      PayloadStatusMessage=PayloadStatusMessage_e,\n      PayloadRequestKeyTypes=PayloadRequestKeyTypes_e,\n      PayloadServicedataPermissiondeltaRemovedpermissions=PayloadServicedataPermissiondeltaRemovedpermissions_e,\n      PayloadRequestUpdateMaskPaths=PayloadRequestUpdateMaskPaths_e,\n      ResourceLabelsTopicId=ResourceLabelsTopicId_e,\n      PayloadServicedataPolicydeltaBindingdeltas=PayloadServicedataPolicydeltaBindingdeltas_e,\n      PayloadRequestPolicyAuditconfigs=PayloadRequestPolicyAuditconfigs_e,\n      PayloadRequestPolicyEtag=PayloadRequestPolicyEtag_e,\n      PayloadRequestPolicyBindings=PayloadRequestPolicyBindings_e,\n      PayloadRequestResource=PayloadRequestResource_e,\n      PayloadResponseBindings=PayloadResponseBindings_e,\n      PayloadResponseAuditconfigs=PayloadResponseAuditconfigs_e,\n      PayloadRequestPageSize=PayloadRequestPageSize_e,\n      PayloadRequestRemoveDeletedServiceAccounts=PayloadRequestRemoveDeletedServiceAccounts_e,\n      PayloadRequestView=PayloadRequestView_e,\n      PayloadRequestParent=PayloadRequestParent_e,\n      PayloadRequestShowDeleted=PayloadRequestShowDeleted_e,\n      ResourceLabelsRoleName=ResourceLabelsRoleName_e,\n      PayloadServicedataType=PayloadServicedataType_e,\n      PayloadServicedataPermissiondeltaAddedpermissions=PayloadServicedataPermissiondeltaAddedpermissions_e,\n      PayloadRequestRoleIncludedPermissions=PayloadRequestRoleIncludedPermissions_e,\n      PayloadRequestRoleTitle=PayloadRequestRoleTitle_e,\n      PayloadRequestRoleDescription=PayloadRequestRoleDescription_e,\n      PayloadRequestRoleId=PayloadRequestRoleId_e,\n      PayloadResponseGroupName=PayloadResponseGroupName_e,\n      PayloadResponseIncludedPermissions=PayloadResponseIncludedPermissions_e,\n      PayloadResponseTitle=PayloadResponseTitle_e,\n      PayloadResponseGroupTitle=PayloadResponseGroupTitle_e,\n      LogName=LogName_e,\n      InsertId=InsertId_e,\n      EventSeverity=EventSeverity_e,\n      EventEndTime=EventEndTime_e,\n      ResourceType=ResourceType_e,\n      ResourceLabelsEmailId=ResourceLabelsEmailId_e,\n      ResourceLabelsProjectId=ResourceLabelsProjectId_e,\n      ResourceLabelsUniqueId=ResourceLabelsUniqueId_e,\n      PayloadType=PayloadType_e,\n      PayloadAuthenticationinfoPrincipalemail=PayloadAuthenticationinfoPrincipalemail_e,\n      PayloadAuthenticationinfoPrincipalsubject=PayloadAuthenticationinfoPrincipalsubject_e,\n      SrcIpAddr=SrcIpAddr_e,\n      HttpUserAgentOriginal=HttpUserAgentOriginal_e,\n      PayloadRequestmetadataRequestattributesTime=PayloadRequestmetadataRequestattributesTime_e,\n      PayloadServicename=PayloadServicename_e,\n      PayloadMethodname=PayloadMethodname_e,\n      PayloadAuthorizationinfo=PayloadAuthorizationinfo_e,\n      PayloadResourcename=PayloadResourcename_e,\n      PayloadRequestType=PayloadRequestType_e,\n      PayloadRequestName=PayloadRequestName_e,\n      PayloadRequestAccountId=PayloadRequestAccountId_e,\n      PayloadRequestServiceAccountDescription=PayloadRequestServiceAccountDescription_e,\n      PayloadRequestServiceAccountDisplayName=PayloadRequestServiceAccountDisplayName_e,\n      PayloadResponseOauth2ClientId=PayloadResponseOauth2ClientId_e,\n      PayloadResponseName=PayloadResponseName_e,\n      PayloadResponseEtag=PayloadResponseEtag_e,\n      PayloadResponseUniqueId=PayloadResponseUniqueId_e,\n      PayloadResponseDescription=PayloadResponseDescription_e,\n      PayloadResponseProjectId=PayloadResponseProjectId_e,\n      PayloadResponseDisplayName=PayloadResponseDisplayName_e,\n      PayloadResponseType=PayloadResponseType_e,\n      PayloadResponseEmail=PayloadResponseEmail_e,\n      PayloadRequestPrivateKeyType=PayloadRequestPrivateKeyType_e,\n      PayloadResponseValidBeforeTimeSeconds=PayloadResponseValidBeforeTimeSeconds_e,\n      PayloadResponseValidAfterTimeSeconds=PayloadResponseValidAfterTimeSeconds_e,\n      PayloadResponseKeyType=PayloadResponseKeyType_e,\n      PayloadResponseKeyOrigin=PayloadResponseKeyOrigin_e,\n      PayloadResponsePrivateKeyType=PayloadResponsePrivateKeyType_e,\n      PayloadResponseKeyAlgorithm=PayloadResponseKeyAlgorithm_e,\n      ResourceLabelsService=ResourceLabelsService_e,\n      ResourceLabelsVersion=ResourceLabelsVersion_e,\n      ResourceLabelsLocation=ResourceLabelsLocation_e,\n      ResourceLabelsMethod=ResourceLabelsMethod_e,\n      PayloadRequestFullResourceName=PayloadRequestFullResourceName_e,\n      PayloadRequestOptionsRequestedPolicyVersion=PayloadRequestOptionsRequestedPolicyVersion_e,\n      PayloadRequestSkipVisibilityCheck=PayloadRequestSkipVisibilityCheck_e,\n      PayloadRequestPageToken=PayloadRequestPageToken_e;\nlet IamQuery_GcpIamV2 = union isfuzzy=true GCPIAM, IamQuery_GcpIam_empty \n  | extend\n  PayloadStatusCode_e=column_ifexists('StatusCode', ''),\n  PayloadStatusMessage_e=column_ifexists('StatusMessage', ''),\n  PayloadRequestKeyTypes_e=column_ifexists('RequestKeyTypes', ''),\n  PayloadServicedataPermissiondeltaRemovedpermissions_e=column_ifexists('ServiceDataPermissionDeltaRemovedPermissions', ''),\n  PayloadRequestUpdateMaskPaths_e=column_ifexists('RequestUpdateMaskPaths', ''),\n  ResourceLabelsTopicId=column_ifexists('ResourceLabelsTopicId', ''),\n  PayloadServicedataPolicydeltaBindingdeltas_e=column_ifexists('ServiceDataPolicyDeltaBindingDeltas', ''),\n  PayloadRequestPolicyAuditconfigs_e=column_ifexists('RequestPolicyAuditConfigs', ''),\n  PayloadRequestPolicyEtag_e=column_ifexists('RequestPolicyEtag', ''),\n  PayloadRequestPolicyBindings_e=column_ifexists('RequestPolicyBindings', ''),\n  PayloadRequestResource_e=column_ifexists('RequestResource', ''),\n  PayloadResponseBindings_e=column_ifexists('ResponseBindings', ''),\n  PayloadResponseAuditconfigs_e=column_ifexists('ResponseAuditConfigs', ''),\n  PayloadRequestPageSize_e=column_ifexists('RequestPageSize', ''),\n  PayloadRequestRemoveDeletedServiceAccounts_e=tobool(column_ifexists('RequestRemoveDeletedServiceAccounts', '')),\n  PayloadRequestView_e=column_ifexists('RequestView', ''),\n  PayloadRequestParent_e=column_ifexists('RequestParent', ''),\n  PayloadRequestShowDeleted_e=tobool(column_ifexists('RequestShowDeleted', '')),\n  ResourceLabelsRoleName=column_ifexists('ResourceLabelsRoleName', ''),\n  PayloadServicedataType_e=column_ifexists('ServiceDataType', ''),\n  PayloadServicedataPermissiondeltaAddedpermissions_e=column_ifexists('ServiceDataPermissionDeltaAddedPermissions', ''),\n  PayloadRequestRoleIncludedPermissions_e=column_ifexists('RequestRoleIncludedPermissions', ''),\n  PayloadRequestRoleTitle_e=column_ifexists('RequestRoleTitle', ''),\n  PayloadRequestRoleDescription_e=column_ifexists('RequestRoleDescription', ''),\n  PayloadRequestRoleId_e=column_ifexists('RequestRoleId', ''),\n  PayloadResponseGroupName_e=column_ifexists('ResponseGroupName', ''),\n  PayloadResponseIncludedPermissions_e=column_ifexists('ResponseIncludedPermissions', ''),\n  PayloadResponseTitle_e=column_ifexists('ResponseTitle', ''),\n  PayloadResponseGroupTitle_e=column_ifexists('ResponseGroupTitle', ''),\n  LogName=column_ifexists('LogName', ''),\n  InsertId=column_ifexists('InsertId', ''),\n  EventSeverity_e=column_ifexists('Severity', ''),\n  EventEndTime_e=todatetime(column_ifexists('Timestamp', '')),\n  ResourceType=column_ifexists('ResourceType', ''),\n  ResourceLabelsEmailId=column_ifexists('ResourceLabelsEmailId', ''),\n  ResourceLabelsProjectId=column_ifexists('ResourceLabelsProjectId', ''),\n  ResourceLabelsUniqueId=column_ifexists('ResourceLabelsUniqueId', ''),\n  PayloadType=column_ifexists('PayloadType', ''),\n  PayloadAuthenticationinfoPrincipalemail_e=column_ifexists('AuthInfoPrincipalEmail', ''),\n  PayloadAuthenticationinfoPrincipalsubject_e=column_ifexists('AuthenticationInfoPrincipalSubject', ''),\n  SrcIpAddr_e=column_ifexists('RequestMetadataCallerIp', ''),\n  HttpUserAgentOriginal_e=column_ifexists('RequestMetadataCallerSuppliedUserAgent', ''),\n  PayloadRequestmetadataRequestattributesTime_e=column_ifexists('RequestMetadataRequestAttributesTime', ''),\n  PayloadServicename_e=column_ifexists('ServiceName', ''),\n  PayloadMethodname_e=column_ifexists('MethodName', ''),\n  PayloadAuthorizationinfo_e=column_ifexists('AuthorizationInfo', ''),\n  PayloadResourcename_e=column_ifexists('ResourceName', ''),\n  PayloadRequestType_e=column_ifexists('RequestType', ''),\n  PayloadRequestName_e=column_ifexists('RequestName', ''),\n  PayloadRequestAccountId_e=column_ifexists('RequestAccountId', ''),\n  PayloadRequestServiceAccountDescription_e=column_ifexists('RequestServiceAccountDescription', ''),\n  PayloadRequestServiceAccountDisplayName_e=column_ifexists('RequestServiceAccountDisplayName', ''),\n  PayloadResponseOauth2ClientId_e=column_ifexists('ResponseOauth2ClientId', ''),\n  PayloadResponseName_e=column_ifexists('ResponseName', ''),\n  PayloadResponseEtag_e=column_ifexists('ResponseEtag', ''),\n  PayloadResponseUniqueId_e=column_ifexists('ResponseUniqueId', ''),\n  PayloadResponseDescription_e=column_ifexists('ResponseDescription', ''),\n  PayloadResponseProjectId_e=column_ifexists('ResponseProjectId', ''),\n  PayloadResponseDisplayName_e=column_ifexists('ResponseDisplayName', ''),\n  PayloadResponseType_e=column_ifexists('ResponseType', ''),\n  PayloadResponseEmail_e=column_ifexists('ResponseEmail', ''),\n  PayloadRequestPrivateKeyType_e=column_ifexists('RequestPrivateKeyType', ''),\n  PayloadResponseValidBeforeTimeSeconds_e=column_ifexists('ResponseValidBeforeTimeSeconds', ''),\n  PayloadResponseValidAfterTimeSeconds_e=column_ifexists('ResponseValidAfterTimeSeconds', ''),\n  PayloadResponseKeyType_e=column_ifexists('ResponseKeyType', ''),\n  PayloadResponseKeyOrigin_e=column_ifexists('ResponseKeyOrigin', ''),\n  PayloadResponsePrivateKeyType_e=column_ifexists('ResponsePrivateKeyType', ''),\n  PayloadResponseKeyAlgorithm_e=column_ifexists('ResponseKeyAlgorithm', ''),\n  ResourceLabelsService=column_ifexists('ResourceLabelsService', ''),\n  ResourceLabelsVersion=column_ifexists('ResourceLabelsVersion', ''),\n  ResourceLabelsLocation=column_ifexists('ResourceLabelsLocation', ''),\n  ResourceLabelsMethod=column_ifexists('ResourceLabelsMethod', ''),\n  PayloadRequestFullResourceName_e=column_ifexists('RequestFullResourceName', ''),\n  PayloadRequestOptionsRequestedPolicyVersion_e=column_ifexists('RequestOptionsRequestedPolicyVersion', ''),\n  PayloadRequestSkipVisibilityCheck_e=tobool(column_ifexists('RequestSkipVisibilityCheck', '')),\n  PayloadRequestPageToken_e=column_ifexists('RequestPageToken', '')\n| project-rename\n      PayloadStatusCode=PayloadStatusCode_e,\n      PayloadStatusMessage=PayloadStatusMessage_e,\n      PayloadRequestKeyTypes=PayloadRequestKeyTypes_e,\n      PayloadServicedataPermissiondeltaRemovedpermissions=PayloadServicedataPermissiondeltaRemovedpermissions_e,\n      PayloadRequestUpdateMaskPaths=PayloadRequestUpdateMaskPaths_e,\n      PayloadServicedataPolicydeltaBindingdeltas=PayloadServicedataPolicydeltaBindingdeltas_e,\n      PayloadRequestPolicyAuditconfigs=PayloadRequestPolicyAuditconfigs_e,\n      PayloadRequestPolicyEtag=PayloadRequestPolicyEtag_e,\n      PayloadRequestPolicyBindings=PayloadRequestPolicyBindings_e,\n      PayloadRequestResource=PayloadRequestResource_e,\n      PayloadResponseBindings=PayloadResponseBindings_e,\n      PayloadResponseAuditconfigs=PayloadResponseAuditconfigs_e,\n      PayloadRequestPageSize=PayloadRequestPageSize_e,\n      PayloadRequestRemoveDeletedServiceAccounts=PayloadRequestRemoveDeletedServiceAccounts_e,\n      PayloadRequestView=PayloadRequestView_e,\n      PayloadRequestParent=PayloadRequestParent_e,\n      PayloadRequestShowDeleted=PayloadRequestShowDeleted_e,\n      PayloadServicedataType=PayloadServicedataType_e,\n      PayloadServicedataPermissiondeltaAddedpermissions=PayloadServicedataPermissiondeltaAddedpermissions_e,\n      PayloadRequestRoleIncludedPermissions=PayloadRequestRoleIncludedPermissions_e,\n      PayloadRequestRoleTitle=PayloadRequestRoleTitle_e,\n      PayloadRequestRoleDescription=PayloadRequestRoleDescription_e,\n      PayloadRequestRoleId=PayloadRequestRoleId_e,\n      PayloadResponseGroupName=PayloadResponseGroupName_e,\n      PayloadResponseIncludedPermissions=PayloadResponseIncludedPermissions_e,\n      PayloadResponseTitle=PayloadResponseTitle_e,\n      PayloadResponseGroupTitle=PayloadResponseGroupTitle_e,\n      EventSeverity=EventSeverity_e,\n      EventEndTime=EventEndTime_e,\n      PayloadAuthenticationinfoPrincipalemail=PayloadAuthenticationinfoPrincipalemail_e,\n      PayloadAuthenticationinfoPrincipalsubject=PayloadAuthenticationinfoPrincipalsubject_e,\n      SrcIpAddr=SrcIpAddr_e,\n      HttpUserAgentOriginal=HttpUserAgentOriginal_e,\n      PayloadRequestmetadataRequestattributesTime=PayloadRequestmetadataRequestattributesTime_e,\n      PayloadServicename=PayloadServicename_e,\n      PayloadMethodname=PayloadMethodname_e,\n      PayloadAuthorizationinfo=PayloadAuthorizationinfo_e,\n      PayloadResourcename=PayloadResourcename_e,\n      PayloadRequestType=PayloadRequestType_e,\n      PayloadRequestName=PayloadRequestName_e,\n      PayloadRequestAccountId=PayloadRequestAccountId_e,\n      PayloadRequestServiceAccountDescription=PayloadRequestServiceAccountDescription_e,\n      PayloadRequestServiceAccountDisplayName=PayloadRequestServiceAccountDisplayName_e,\n      PayloadResponseOauth2ClientId=PayloadResponseOauth2ClientId_e,\n      PayloadResponseName=PayloadResponseName_e,\n      PayloadResponseEtag=PayloadResponseEtag_e,\n      PayloadResponseUniqueId=PayloadResponseUniqueId_e,\n      PayloadResponseDescription=PayloadResponseDescription_e,\n      PayloadResponseProjectId=PayloadResponseProjectId_e,\n      PayloadResponseDisplayName=PayloadResponseDisplayName_e,\n      PayloadResponseType=PayloadResponseType_e,\n      PayloadResponseEmail=PayloadResponseEmail_e,\n      PayloadRequestPrivateKeyType=PayloadRequestPrivateKeyType_e,\n      PayloadResponseValidBeforeTimeSeconds=PayloadResponseValidBeforeTimeSeconds_e,\n      PayloadResponseValidAfterTimeSeconds=PayloadResponseValidAfterTimeSeconds_e,\n      PayloadResponseKeyType=PayloadResponseKeyType_e,\n      PayloadResponseKeyOrigin=PayloadResponseKeyOrigin_e,\n      PayloadResponsePrivateKeyType=PayloadResponsePrivateKeyType_e,\n      PayloadResponseKeyAlgorithm=PayloadResponseKeyAlgorithm_e,\n      PayloadRequestFullResourceName=PayloadRequestFullResourceName_e,\n      PayloadRequestOptionsRequestedPolicyVersion=PayloadRequestOptionsRequestedPolicyVersion_e,\n      PayloadRequestSkipVisibilityCheck=PayloadRequestSkipVisibilityCheck_e,\n      PayloadRequestPageToken=PayloadRequestPageToken_e;  \n      union isfuzzy=true IamQuery_GcpIam, IamQuery_GcpIamV2     \n      | project-reorder PayloadStatusCode,PayloadStatusMessage,PayloadRequestKeyTypes,PayloadServicedataPermissiondeltaRemovedpermissions,PayloadRequestUpdateMaskPaths,ResourceLabelsTopicId,PayloadServicedataPolicydeltaBindingdeltas,PayloadRequestPolicyAuditconfigs,PayloadRequestPolicyEtag,PayloadRequestPolicyBindings,PayloadRequestResource,PayloadResponseBindings,PayloadResponseAuditconfigs,PayloadRequestPageSize,PayloadRequestRemoveDeletedServiceAccounts,PayloadRequestView,PayloadRequestParent,PayloadRequestShowDeleted,ResourceLabelsRoleName,PayloadServicedataType,PayloadServicedataPermissiondeltaAddedpermissions,PayloadRequestRoleIncludedPermissions,PayloadRequestRoleTitle,PayloadRequestRoleDescription,PayloadRequestRoleId,PayloadResponseGroupName,PayloadResponseIncludedPermissions,PayloadResponseTitle,PayloadResponseGroupTitle,LogName,InsertId,EventSeverity,EventEndTime,ResourceType,ResourceLabelsEmailId,ResourceLabelsProjectId,ResourceLabelsUniqueId,PayloadType,PayloadAuthenticationinfoPrincipalemail,PayloadAuthenticationinfoPrincipalsubject,SrcIpAddr,HttpUserAgentOriginal,PayloadRequestmetadataRequestattributesTime,PayloadServicename,PayloadMethodname,PayloadAuthorizationinfo,PayloadResourcename,PayloadRequestType,PayloadRequestName,PayloadRequestAccountId,PayloadRequestServiceAccountDescription,PayloadRequestServiceAccountDisplayName,PayloadResponseOauth2ClientId,PayloadResponseName,PayloadResponseEtag,PayloadResponseUniqueId,PayloadResponseDescription,PayloadResponseProjectId,PayloadResponseDisplayName,PayloadResponseType,PayloadResponseEmail,PayloadRequestPrivateKeyType,PayloadResponseValidBeforeTimeSeconds,PayloadResponseValidAfterTimeSeconds,PayloadResponseKeyType,PayloadResponseKeyOrigin,PayloadResponsePrivateKeyType,PayloadResponseKeyAlgorithm,ResourceLabelsService,ResourceLabelsVersion,ResourceLabelsLocation,ResourceLabelsMethod,PayloadRequestFullResourceName,PayloadRequestOptionsRequestedPolicyVersion,PayloadRequestSkipVisibilityCheck,PayloadRequestPageToken;\n};\nGCPIam_view\n",
         "functionParameters": "",
         "version": 2,
         "tags": [
@@ -858,7 +858,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCP_IAM Workbook with template version 3.0.6",
+        "description": "GCP_IAM Workbook with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -946,7 +946,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMDisableDataAccessLogging_AnalyticalRules Analytics Rule with template version 3.0.6",
+        "description": "GCPIAMDisableDataAccessLogging_AnalyticalRules Analytics Rule with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -974,10 +974,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "GCPIAMDataConnector",
                     "dataTypes": [
                       "GCP_IAM"
-                    ]
+                    ],
+                    "connectorId": "GCPIAMDataConnector"
                   }
                 ],
                 "tactics": [
@@ -1067,7 +1067,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMEmptyUA_AnalyticalRules Analytics Rule with template version 3.0.6",
+        "description": "GCPIAMEmptyUA_AnalyticalRules Analytics Rule with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -1095,10 +1095,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "GCPIAMDataConnector",
                     "dataTypes": [
                       "GCP_IAM"
-                    ]
+                    ],
+                    "connectorId": "GCPIAMDataConnector"
                   }
                 ],
                 "tactics": [
@@ -1188,7 +1188,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMHighPrivilegedRoleAdded_AnalyticalRules Analytics Rule with template version 3.0.6",
+        "description": "GCPIAMHighPrivilegedRoleAdded_AnalyticalRules Analytics Rule with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -1216,10 +1216,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "GCPIAMDataConnector",
                     "dataTypes": [
                       "GCP_IAM"
-                    ]
+                    ],
+                    "connectorId": "GCPIAMDataConnector"
                   }
                 ],
                 "tactics": [
@@ -1309,7 +1309,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMNewAuthenticationToken_AnalyticalRules Analytics Rule with template version 3.0.6",
+        "description": "GCPIAMNewAuthenticationToken_AnalyticalRules Analytics Rule with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -1337,10 +1337,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "GCPIAMDataConnector",
                     "dataTypes": [
                       "GCP_IAM"
-                    ]
+                    ],
+                    "connectorId": "GCPIAMDataConnector"
                   }
                 ],
                 "tactics": [
@@ -1430,7 +1430,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMNewServiceAccount_AnalyticalRules Analytics Rule with template version 3.0.6",
+        "description": "GCPIAMNewServiceAccount_AnalyticalRules Analytics Rule with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -1458,10 +1458,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "GCPIAMDataConnector",
                     "dataTypes": [
                       "GCP_IAM"
-                    ]
+                    ],
+                    "connectorId": "GCPIAMDataConnector"
                   }
                 ],
                 "tactics": [
@@ -1551,7 +1551,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMNewServiceAccountKey_AnalyticalRules Analytics Rule with template version 3.0.6",
+        "description": "GCPIAMNewServiceAccountKey_AnalyticalRules Analytics Rule with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@@ -1579,10 +1579,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "GCPIAMDataConnector",
                     "dataTypes": [
                       "GCP_IAM"
-                    ]
+                    ],
+                    "connectorId": "GCPIAMDataConnector"
                   }
                 ],
                 "tactics": [
@@ -1672,7 +1672,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMPrivilegesEnumeration_AnalyticalRules Analytics Rule with template version 3.0.6",
+        "description": "GCPIAMPrivilegesEnumeration_AnalyticalRules Analytics Rule with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@@ -1700,10 +1700,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "GCPIAMDataConnector",
                     "dataTypes": [
                       "GCP_IAM"
-                    ]
+                    ],
+                    "connectorId": "GCPIAMDataConnector"
                   }
                 ],
                 "tactics": [
@@ -1776,7 +1776,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMPublicBucket_AnalyticalRules Analytics Rule with template version 3.0.6",
+        "description": "GCPIAMPublicBucket_AnalyticalRules Analytics Rule with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@@ -1804,10 +1804,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "GCPIAMDataConnector",
                     "dataTypes": [
                       "GCP_IAM"
-                    ]
+                    ],
+                    "connectorId": "GCPIAMDataConnector"
                   }
                 ],
                 "tactics": [
@@ -1897,7 +1897,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMServiceAccountEnumeration_AnalyticalRules Analytics Rule with template version 3.0.6",
+        "description": "GCPIAMServiceAccountEnumeration_AnalyticalRules Analytics Rule with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@@ -1925,10 +1925,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "GCPIAMDataConnector",
                     "dataTypes": [
                       "GCP_IAM"
-                    ]
+                    ],
+                    "connectorId": "GCPIAMDataConnector"
                   }
                 ],
                 "tactics": [
@@ -2001,7 +2001,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMServiceAccountKeysEnumeration_AnalyticalRules Analytics Rule with template version 3.0.6",
+        "description": "GCPIAMServiceAccountKeysEnumeration_AnalyticalRules Analytics Rule with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@@ -2029,10 +2029,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "GCPIAMDataConnector",
                     "dataTypes": [
                       "GCP_IAM"
-                    ]
+                    ],
+                    "connectorId": "GCPIAMDataConnector"
                   }
                 ],
                 "tactics": [
@@ -2105,7 +2105,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMChangedRoles_HuntingQueries Hunting Query with template version 3.0.6",
+        "description": "GCPIAMChangedRoles_HuntingQueries Hunting Query with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -2190,7 +2190,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMDeletedServiceAccounts_HuntingQueries Hunting Query with template version 3.0.6",
+        "description": "GCPIAMDeletedServiceAccounts_HuntingQueries Hunting Query with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@@ -2275,7 +2275,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMDisabledServiceAccounts_HuntingQueries Hunting Query with template version 3.0.6",
+        "description": "GCPIAMDisabledServiceAccounts_HuntingQueries Hunting Query with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@@ -2360,7 +2360,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMNewCustomRoles_HuntingQueries Hunting Query with template version 3.0.6",
+        "description": "GCPIAMNewCustomRoles_HuntingQueries Hunting Query with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@@ -2445,7 +2445,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMNewServiceAccounts_HuntingQueries Hunting Query with template version 3.0.6",
+        "description": "GCPIAMNewServiceAccounts_HuntingQueries Hunting Query with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@@ -2530,7 +2530,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMNewServiceAccountsKeys_HuntingQueries Hunting Query with template version 3.0.6",
+        "description": "GCPIAMNewServiceAccountsKeys_HuntingQueries Hunting Query with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@@ -2615,7 +2615,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMRareActionUser_HuntingQueries Hunting Query with template version 3.0.6",
+        "description": "GCPIAMRareActionUser_HuntingQueries Hunting Query with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@@ -2700,7 +2700,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMRareUA_HuntingQueries Hunting Query with template version 3.0.6",
+        "description": "GCPIAMRareUA_HuntingQueries Hunting Query with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@@ -2785,7 +2785,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMTopServiceAccountsFailedActions_HuntingQueries Hunting Query with template version 3.0.6",
+        "description": "GCPIAMTopServiceAccountsFailedActions_HuntingQueries Hunting Query with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
@@ -2870,7 +2870,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCPIAMTopSrcIpAddrFailedActions_HuntingQueries Hunting Query with template version 3.0.6",
+        "description": "GCPIAMTopSrcIpAddrFailedActions_HuntingQueries Hunting Query with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
@@ -2955,7 +2955,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCP_IAMConnector Playbook with template version 3.0.6",
+        "description": "GCP_IAMConnector Playbook with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion1')]",
@@ -6250,7 +6250,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCP-DisableServiceAccountFromTeams Playbook with template version 3.0.6",
+        "description": "GCP-DisableServiceAccountFromTeams Playbook with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion2')]",
@@ -7387,7 +7387,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCP-DisableServiceAccountKey Playbook with template version 3.0.6",
+        "description": "GCP-DisableServiceAccountKey Playbook with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion3')]",
@@ -7746,7 +7746,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "GCP-EnrichServiseAccountInfo Playbook with template version 3.0.6",
+        "description": "GCP-EnrichServiseAccountInfo Playbook with template version 3.0.7",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('playbookVersion4')]",
@@ -8070,12 +8070,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.6",
+        "version": "3.0.7",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "GoogleCloudPlatformIAM",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GoogleCloudPlatformIAM/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The Google Cloud Platform Identity and Access Management (IAM) solution provides the capability to ingest <a href=\"https://cloud.google.com/iam/docs/audit-logging\">GCP IAM logs</a> into Microsoft Sentinel using the GCP Logging API. Refer to <a href=\"https://cloud.google.com/logging/docs/api\">GCP Logging API documentation</a> for more information.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<p>. <a href=\"https://aka.ms/Sentinel-CCP_Platform\">Microsoft Sentinel Codeless Connector Framework</a></p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 10, <strong>Hunting Queries:</strong> 10, <strong>Custom Azure Logic Apps Connectors:</strong> 1, <strong>Playbooks:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/GoogleCloudPlatformIAM/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The Google Cloud Platform Identity and Access Management (IAM) solution provides the capability to ingest <a href=\"https://cloud.google.com/iam/docs/audit-logging\">GCP IAM logs</a> into Microsoft Sentinel using the GCP Logging API. Refer to <a href=\"https://cloud.google.com/logging/docs/api\">GCP Logging API documentation</a> for more information.</p>\n<p><strong>Underlying Microsoft Technologies used:</strong></p>\n<p>This solution takes a dependency on the following technologies, and some of these dependencies either may be in <a href=\"https://azure.microsoft.com/support/legal/preview-supplemental-terms/\">Preview</a> state or might result in additional ingestion or operational costs:</p>\n<p>• <a href=\"https://aka.ms/Sentinel-CCP_Platform\">Microsoft Sentinel Codeless Connector Framework</a></p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 10, <strong>Hunting Queries:</strong> 10, <strong>Custom Azure Logic Apps Connectors:</strong> 1, <strong>Playbooks:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
diff --git a/Solutions/GoogleCloudPlatformIAM/Parsers/GCP_IAM.yaml b/Solutions/GoogleCloudPlatformIAM/Parsers/GCP_IAM.yaml
index b5862e01f56..a18d83117bd 100644
--- a/Solutions/GoogleCloudPlatformIAM/Parsers/GCP_IAM.yaml
+++ b/Solutions/GoogleCloudPlatformIAM/Parsers/GCP_IAM.yaml
@@ -1,8 +1,8 @@
 id: 0a77da75-0ce2-4d55-8d7d-b26e2b3d9f9a
 Function:
 Title: Parser for GCP_IAM
-Version: '1.0.0'
-LastUpdated: '2023-08-23'
+Version: '1.0.1'
+LastUpdated: '2025-08-29'
 Category: Microsoft Sentinel Parser
 FunctionName: GCP_IAM
 FunctionAlias: GCP_IAM
@@ -102,10 +102,10 @@ FunctionQuery: |
     PayloadResponseBindings_e=column_ifexists('payload_response_bindings_s', ''),
     PayloadResponseAuditconfigs_e=column_ifexists('payload_response_auditConfigs_s', ''),
     PayloadRequestPageSize_e=column_ifexists('payload_request_page_size_d', ''),
-    PayloadRequestRemoveDeletedServiceAccounts_e=column_ifexists('payload_request_remove_deleted_service_accounts_b', ''),
+    PayloadRequestRemoveDeletedServiceAccounts_e=tobool(column_ifexists('payload_request_remove_deleted_service_accounts_b', '')),
     PayloadRequestView_e=column_ifexists('payload_request_view_d', ''),
     PayloadRequestParent_e=column_ifexists('payload_request_parent_s', ''),
-    PayloadRequestShowDeleted_e=column_ifexists('payload_request_show_deleted_b', ''),
+    PayloadRequestShowDeleted_e=tobool(column_ifexists('payload_request_show_deleted_b', '')),
     ResourceLabelsRoleName_e=column_ifexists('resource_labels_role_name_s', ''),
     PayloadServicedataType_e=column_ifexists('payload_serviceData__type_s', ''),
     PayloadServicedataPermissiondeltaAddedpermissions_e=column_ifexists('payload_serviceData_permissionDelta_addedPermissions_s', ''),
@@ -120,7 +120,7 @@ FunctionQuery: |
     LogName_e=column_ifexists('log_name_s', ''),
     InsertId_e=column_ifexists('insert_id_s', ''),
     EventSeverity_e=column_ifexists('severity_s', ''),
-    EventEndTime_e=column_ifexists('timestamp_t', ''),
+    EventEndTime_e=todatetime(column_ifexists('timestamp_t', '')),
     ResourceType_e=column_ifexists('resource_type_s', ''),
     ResourceLabelsEmailId_e=column_ifexists('resource_labels_email_id_s', ''),
     ResourceLabelsProjectId_e=column_ifexists('resource_labels_project_id_s', ''),
@@ -162,7 +162,7 @@ FunctionQuery: |
     ResourceLabelsMethod_e=column_ifexists('resource_labels_method_s', ''),
     PayloadRequestFullResourceName_e=column_ifexists('payload_request_full_resource_name_s', ''),
     PayloadRequestOptionsRequestedPolicyVersion_e=column_ifexists('payload_request_options_requested_policy_version_d', ''),
-    PayloadRequestSkipVisibilityCheck_e=column_ifexists('payload_request_skip_visibility_check_b', ''),
+    PayloadRequestSkipVisibilityCheck_e=tobool(column_ifexists('payload_request_skip_visibility_check_b', '')),
     PayloadRequestPageToken_e=column_ifexists('payload_request_page_token_s', '')
     | project-rename
         PayloadStatusCode=PayloadStatusCode_e,
@@ -257,10 +257,10 @@ FunctionQuery: |
     PayloadResponseBindings_e=column_ifexists('ResponseBindings', ''),
     PayloadResponseAuditconfigs_e=column_ifexists('ResponseAuditConfigs', ''),
     PayloadRequestPageSize_e=column_ifexists('RequestPageSize', ''),
-    PayloadRequestRemoveDeletedServiceAccounts_e=column_ifexists('RequestRemoveDeletedServiceAccounts', ''),
+    PayloadRequestRemoveDeletedServiceAccounts_e=tobool(column_ifexists('RequestRemoveDeletedServiceAccounts', '')),
     PayloadRequestView_e=column_ifexists('RequestView', ''),
     PayloadRequestParent_e=column_ifexists('RequestParent', ''),
-    PayloadRequestShowDeleted_e=column_ifexists('RequestShowDeleted', ''),
+    PayloadRequestShowDeleted_e=tobool(column_ifexists('RequestShowDeleted', '')),
     ResourceLabelsRoleName=column_ifexists('ResourceLabelsRoleName', ''),
     PayloadServicedataType_e=column_ifexists('ServiceDataType', ''),
     PayloadServicedataPermissiondeltaAddedpermissions_e=column_ifexists('ServiceDataPermissionDeltaAddedPermissions', ''),
@@ -275,7 +275,7 @@ FunctionQuery: |
     LogName=column_ifexists('LogName', ''),
     InsertId=column_ifexists('InsertId', ''),
     EventSeverity_e=column_ifexists('Severity', ''),
-    EventEndTime_e=column_ifexists('Timestamp', ''),
+    EventEndTime_e=todatetime(column_ifexists('Timestamp', '')),
     ResourceType=column_ifexists('ResourceType', ''),
     ResourceLabelsEmailId=column_ifexists('ResourceLabelsEmailId', ''),
     ResourceLabelsProjectId=column_ifexists('ResourceLabelsProjectId', ''),
@@ -317,7 +317,7 @@ FunctionQuery: |
     ResourceLabelsMethod=column_ifexists('ResourceLabelsMethod', ''),
     PayloadRequestFullResourceName_e=column_ifexists('RequestFullResourceName', ''),
     PayloadRequestOptionsRequestedPolicyVersion_e=column_ifexists('RequestOptionsRequestedPolicyVersion', ''),
-    PayloadRequestSkipVisibilityCheck_e=column_ifexists('RequestSkipVisibilityCheck', ''),
+    PayloadRequestSkipVisibilityCheck_e=tobool(column_ifexists('RequestSkipVisibilityCheck', '')),
     PayloadRequestPageToken_e=column_ifexists('RequestPageToken', '')
   | project-rename
         PayloadStatusCode=PayloadStatusCode_e,
@@ -386,6 +386,4 @@ FunctionQuery: |
         union isfuzzy=true IamQuery_GcpIam, IamQuery_GcpIamV2     
         | project-reorder PayloadStatusCode,PayloadStatusMessage,PayloadRequestKeyTypes,PayloadServicedataPermissiondeltaRemovedpermissions,PayloadRequestUpdateMaskPaths,ResourceLabelsTopicId,PayloadServicedataPolicydeltaBindingdeltas,PayloadRequestPolicyAuditconfigs,PayloadRequestPolicyEtag,PayloadRequestPolicyBindings,PayloadRequestResource,PayloadResponseBindings,PayloadResponseAuditconfigs,PayloadRequestPageSize,PayloadRequestRemoveDeletedServiceAccounts,PayloadRequestView,PayloadRequestParent,PayloadRequestShowDeleted,ResourceLabelsRoleName,PayloadServicedataType,PayloadServicedataPermissiondeltaAddedpermissions,PayloadRequestRoleIncludedPermissions,PayloadRequestRoleTitle,PayloadRequestRoleDescription,PayloadRequestRoleId,PayloadResponseGroupName,PayloadResponseIncludedPermissions,PayloadResponseTitle,PayloadResponseGroupTitle,LogName,InsertId,EventSeverity,EventEndTime,ResourceType,ResourceLabelsEmailId,ResourceLabelsProjectId,ResourceLabelsUniqueId,PayloadType,PayloadAuthenticationinfoPrincipalemail,PayloadAuthenticationinfoPrincipalsubject,SrcIpAddr,HttpUserAgentOriginal,PayloadRequestmetadataRequestattributesTime,PayloadServicename,PayloadMethodname,PayloadAuthorizationinfo,PayloadResourcename,PayloadRequestType,PayloadRequestName,PayloadRequestAccountId,PayloadRequestServiceAccountDescription,PayloadRequestServiceAccountDisplayName,PayloadResponseOauth2ClientId,PayloadResponseName,PayloadResponseEtag,PayloadResponseUniqueId,PayloadResponseDescription,PayloadResponseProjectId,PayloadResponseDisplayName,PayloadResponseType,PayloadResponseEmail,PayloadRequestPrivateKeyType,PayloadResponseValidBeforeTimeSeconds,PayloadResponseValidAfterTimeSeconds,PayloadResponseKeyType,PayloadResponseKeyOrigin,PayloadResponsePrivateKeyType,PayloadResponseKeyAlgorithm,ResourceLabelsService,ResourceLabelsVersion,ResourceLabelsLocation,ResourceLabelsMethod,PayloadRequestFullResourceName,PayloadRequestOptionsRequestedPolicyVersion,PayloadRequestSkipVisibilityCheck,PayloadRequestPageToken;
   };
-  GCPIam_view
-  
- 
+  GCPIam_view
\ No newline at end of file
diff --git a/Solutions/GoogleCloudPlatformIAM/ReleaseNotes.md b/Solutions/GoogleCloudPlatformIAM/ReleaseNotes.md
index 10cd67203a4..05f639c41b6 100644
--- a/Solutions/GoogleCloudPlatformIAM/ReleaseNotes.md
+++ b/Solutions/GoogleCloudPlatformIAM/ReleaseNotes.md
@@ -1,5 +1,6 @@
  **Version** | **Date Modified (DD-MM-YYYY)**| **ChangeHistory**                                                                         |
 |------------|-------------------------------|-------------------------------------------------------------------------------------------|
+| 3.0.7      | 28-08-2025                    | Improved type handling in the parser query by explicitly converting certain fields to bool and datetime.|
 | 3.0.6      | 31-07-2025                    | Removed deprecated **Data Connector** |
 | 3.0.5      | 27-06-2025                    | GoogleCloudPlatformIAM **CCF Data Connector** moving to GA |
 | 3.0.4      | 13-06-2025                    | Updated Standard Table configuration in **CCF Data Connector**.   |