Table of Contents:
Vendor/Product | Category | Ingestion Label | Format |
Absolute Mobile Device Management | Mobile Device Management | ABSOLUTE | SYSLOG + KV (CEF) |
Acalvio | Deception Software | ACALVIO | SYSLOG + KV |
Active Countermeasures | Alert | AI_HUNTER | SYSLOG |
Akamai Cloud Monitor | Load Balancer, Traffic Shaper, ADC | AKAMAI_CLOUD_MONITOR | JSON |
Akamai DNS | DNS | AKAMAI_DNS | CSV |
Akamai WAF | WAF | AKAMAI_WAF | SYSLOG |
AlgoSec Security Management | Policy Management | ALGOSEC | SYSLOG + KV (CEF) |
AlphaSOC | Alert | ASOC_ALERT | JSON |
Anomali | IOC | ANOMALI_IOC | JSON, CEF |
Apache | Web Server | APACHE | SYSLOG |
Apache Cassandra | Web server | CASSANDRA | JSON |
Apache Hadoop | open-source software | HADOOP | SYSLOG + KV |
Apache Tomcat | Web server | TOMCAT | JSON |
Apple MacOS | AV / Endpoint | MACOS | SYSLOG |
Aqua Security | IaaS Applications | AQUA_SECURITY | JSON |
Archer Integrated Risk Management | Risk Management Solution | ARCHER_IRM | SYSLOG |
Aruba | Wireless | ARUBA_WIRELESS | SYSLOG |
Aruba Airwave | Wireless | ARUBA_AIRWAVE | XML |
Aruba IPS | IPS | ARUBA_IPS | JSON |
Atlassian Confluence | Knowledge base | ATLASSIAN_CONFLUENCE | SYSLOG |
Atlassian Jira | Ticketing Application | ATLASSIAN_JIRA | SYSLOG |
Automation Anywhere | Automation Tools | AUTOMATION_ANYWHERE | SYSLOG + KV |
Avanan Email Security | Email Server | AVANAN_EMAIL | JSON |
Avatier Password Management | SaaS Application | AVATIER | SYSLOG + KV |
AWS CloudFront | CDN | AWS_CLOUDFRONT | SYSLOG |
AWS Cloudtrail | Cloud Log Aggregator | AWS_CLOUDTRAIL | JSON |
AWS CloudWatch | Cloud service monitoring | AWS_CLOUDWATCH | JSON, GROK |
AWS Config | AWS Specific | AWS_CONFIG | JSON |
AWS Elastic Load Balancer | AWS Specific | AWS_ELB | SYSLOG |
AWS GuardDuty | IDS/IPS | GUARDDUTY | JSON |
AWS Key Management Service | AWS Specific | AWS_KMS | JSON |
AWS Security Hub | IDS/IPS | AWS_SECURITY_HUB | JSON |
AWS VPC Flow | AWS Specific | AWS_VPC_FLOW | SYSLOG |
Azure AD | LDAP | AZURE_AD | JSON |
Azure AD Directory Audit | Audit | AZURE_AD_AUDIT | JSON |
Azure AD Organizational Context | LDAP | AZURE_AD_CONTEXT | JSON |
Azure Cosmos DB | Database | AZURE_COSMOS_DB | JSON |
Azure DevOps Audit | Automation and DevOps Tools | AZURE_DEVOPS | JSON |
Azure Firewall | Azure Firewall Application Rule | AZURE_FIREWALL | JSON |
Azure SQL | Database | AZURE_SQL | JSON |
Barracuda Email | Email Server | BARRACUDA_EMAIL | JSON |
Barracuda Firewall | Firewall | BARRACUDA_FIREWALL | SYSLOG |
BeyondTrust | Privilege Account Activity | BOMGAR | SYSLOG |
BeyondTrust Secure Remote Access | Remote Access Tools | BEYONDTRUST_REMOTE_ACCESS | SYSLOG + KV |
Big Switch BigCloudFabric | Switches, Routers | BIGSWITCH_BCF | SYSLOG |
BIND | DNS | BIND_DNS | SYSLOG |
Bitdefender | AV / Endpoint | BITDEFENDER | CSV |
Blue Coat Proxy | Web Proxy | BLUECOAT_WEBPROXY | SYSLOG + JSON, SYSLOG + KV |
Bluecat DDI | DDI (DNS, DHCP, IPAM) | BLUECAT_DDI | SYSLOG |
Bluecat Edge DNS Resolver | DNS | BLUECAT_EDGE | JSON,KV,SYSLOG |
Box | Collaboration | BOX | JSON |
Brocade ServerIron ADX | Load Balancer | BROCADE_SERVERIRON | SYSLOG |
CA Access Control | Access Management | CA_ACCESS_CONTROL | JSON+SYSLOG, SYSLOG |
CA ACF2 | Mainframe | CA_ACF2 | LEEF |
Carbon Black | EDR | CB_EDR | JSON |
Carbon Black App Control | Security log | CB_APP_CONTROL | CEF,JSON |
Cato Networks | NDR | CATO_NETWORKS | JSON |
Centrify | SSO | CENTRIFY_SSO | JSON |
Centripetal Networks IOC | IOC | CENTRIPETAL_IOC | SYSLOG + KV |
Check Point | Firewall | CHECKPOINT_FIREWALL | SYSLOG + KV , JSON |
Check Point Sandblast | EDR | CHECKPOINT_EDR | SYSLOG + KV |
CIS Albert Alerts | Alerts | CIS_ALBERT_ALERT | SYSLOG |
Cisco ACS | Authentication | CISCO_ACS | SYSLOG + KV |
Cisco AMP | AV / Endpoint | CISCO_AMP | JSON |
Cisco Application Control Engine | Load Balancer, Traffic Shaper, ADC | CISCO_ACE | SYSLOG |
Cisco ASA | Firewall | CISCO_ASA_FIREWALL | JSON, SYSLOG |
Cisco CloudLock | CASB | CISCO_CLOUDLOCK_CASB | JSON |
Cisco CTS | Telephone Software | CISCO_CTS | SYSLOG + KV |
Cisco DHCP | DHCP | CISCO_DHCP | CSV + Syslog |
Cisco Email Security | Email Server | CISCO_EMAIL_SECURITY | SYSLOG + KV |
Cisco Firepower NGFW | Firewall | CISCO_FIREPOWER_FIREWALL | SYSLOG |
Cisco FireSIGHT Management Center | SaaS Application | CISCO_FIRESIGHT | KV |
Cisco Internetwork Operating System | Network Infrastructure | CISCO_IOS | SYSLOG |
Cisco ISE | Identity and Access Management | CISCO_ISE | SYSLOG |
Cisco Meraki | Wireless | CISCO_MERAKI | SYSLOG, JSON |
Cisco NX-OS | OS | CISCO_NX_OS | SYSLOG |
Cisco Prime | Network Management and Optimization | CISCO_PRIME | SYSLOG |
Cisco Router | Switches, Routers | CISCO_ROUTER | SYSLOG |
Cisco Stealthwatch | Log Aggregator | CISCO_STEALTHWATCH | JSON |
Cisco Switch | Switches, Routers | CISCO_SWITCH | SYSLOG |
Cisco TACACS+ | Authentication | CISCO_TACACS | SYSLOG + KV |
Cisco UCS | OS logs | CISCO_UCS | SYSLOG |
Cisco Umbrella Cloud Firewall | Firewall | UMBRELLA_FIREWALL | CSV |
Cisco Umbrella DNS | DNS | UMBRELLA_DNS | CSV,JSON |
Cisco Umbrella IP | Web Proxy | UMBRELLA_IP | SYSLOG |
Cisco Umbrella Web Proxy | Web Proxy | UMBRELLA_WEBPROXY | CSV |
Cisco VPN | VPN | CISCO_VPN | SYSLOG |
Cisco WLC/WCS | Wireless | CISCO_WIRELESS | SYSLOG |
Citrix Netscaler | Load Balancer, Traffic Shaper, ADC | CITRIX_NETSCALER | SYSLOG + KV |
Citrix Storefront | Remote Access Tools | CITRIX_STOREFRONT | JSON |
ClamAV | AV / Endpoint | CLAM_AV | JSON |
Cloud Passage | SaaS Application | CLOUD_PASSAGE | JSON |
Cloudflare | SaaS Application | CLOUDFLARE | JSON |
CloudGenix SD-WAN | Switches, Routers | CLOUDGENIX_SDWAN | SYSLOG + KV |
Cloudian hyperstore | Storage Solutions | CLOUDIAN_HYPERSTORE | SYSLOG |
CloudM | Identity and Access Management | CLOUDM | JSON |
Cofense | Email Server | COFENSE_TRIAGE | SYSLOG + KV (CEF) |
Comodo | AV / Endpoint | COMODO_AV | SYSLOG + KV (CEF) |
Corelight | NDR | CORELIGHT | JSON |
COVID-19 Cyber Threat Coalition | IOC | COVID_CTC_IOC | Value Entry |
CrowdStrike Falcon | EDR | CS_EDR | JSON |
CrowdStrike Falcon Stream | Alerts | CS_STREAM | KV (LEEF) |
Crowdstrike IOC | IOC | CROWDSTRIKE_IOC | JSON |
CSV Custom IOC | IOC | CSV_CUSTOM_IOC | CSV |
Custom Security Data Analytics | Log Aggregation | CUSTOM_SECURITY_DATA_ANALYTICS | JSON |
CyberArk | Privilege Account Management | CYBERARK | KV (CEF) |
Cybereason EDR | EDR | CYBEREASON_EDR | JSON |
Cylance Protect | Alerts | CYLANCE_PROTECT | SYSLOG + KV |
D3 Banking | BANKING | D3_BANKING | JSON |
Darktrace | NDR | DARKTRACE | SYSLOG + KV (CEF) |
Dell EMC Data Domain | Storage system | DELL_EMC_DATA_DOMAIN | SYSLOG + KV |
Dell EMC Isilon NAS | Storage | DELL_EMC_NAS | SYSLOG |
Dell OpenManage | Systems Management Application | DELL_OPENMANAGE | Syslog |
Department of Homeland Security | Threat detection | DHS_IOC | xml |
Digital Guardian | EDR | DIGITALGUARDIAN_EDR | KV |
Digital Shadows Indicators | IOC | DIGITAL_SHADOWS_IOC | JSON |
Digital Shadows SearchLight | Threat Intelligence | DIGITAL_SHADOWS_SEARCHLIGHT | JSON |
DMP | Physcial Security | DMP_ENTRE | SYSLOG |
Duo Auth | Authentication | DUO_AUTH | JSON |
Duo Entity context data | Identity and Access Management | DUO_CONTEXT | JSON |
Duo User Context | Identity and Access Management | DUO_USER_CONTEXT | JSON |
EfficientIP DDI | Network | EFFICIENTIP_DDI | SYSLOG + KV |
Elastic Audit Beats | ALERTING | ELASTIC_AUDITBEAT | JSON |
Elastic Packet Beats | Log Aggregator | ELASTIC_PACKETBEATS | SYSLOG + JSON |
Elastic Windows Event Log Beats | Log Aggregator | ELASTIC_WINLOGBEAT | SYSLOG + JSON |
Emerging Threats Pro | IOC | ET_PRO_IOC | CSV |
EPIC Systems | Discovery and Monitoring | EPIC | LEEF + KV |
ESET | EDR | ESET_EDR | SYSLOG + JSON |
ESET Threat Intelligence | IOC | ESET_IOC | JSON |
ExtraHop DNS | DNS | EXTRAHOP_DNS | JSON |
ExtraHop RevealX | Firewall IDS/IPS | EXTRAHOP | JSON,SYSLOG |
F5 ASM | WAF | F5_ASM | SYSLOG |
F5 BIGIP LTM | Load Balancer, Traffic Shaper, ADC | F5_BIGIP_LTM | SYSLOG |
F5 DNS | DNS | F5_DNS | SYSLOG |
F5 Shape | Security log | F5_SHAPE | JSON |
F5 VPN | VPN | F5_VPN | SYSLOG |
Falco IDS | IDS/IPS | FALCO_IDS | JSON |
Fastly WAF | WAF | FASTLY_WAF | JSON |
Fidelis Network | NDR | FIDELIS_NETWORK | SYSLOG + KV |
File Scanning Framework | File scanning | FILE_SCANNING_FRAMEWORK | JSON |
FileZilla | File transer | FILEZILLA_FTP | SYSLOG |
FireEye | Alerts | FIREEYE_ALERT | SYSLOG + JSON |
Fireeye ETP | Email Server | FIREEYE_ETP | JSON |
FireEye HX | EDR | FIREEYE_HX | JSON |
FireEye NX | NDR | FIREEYE_NX | JSON |
Forcepoint NGFW | Network | FORCEPOINT_FIREWALL | JSON |
Forcepoint Proxy | Web Proxy | FORCEPOINT_WEBPROXY | SYSLOG + KV (CEF), LEEF |
Forescout NAC | NAC | FORESCOUT_NAC | SYSLOG |
ForgeRock OpenAM | Identity and Access Management | OPENAM | CSV, SYSLOG + KV |
ForgeRock OpenDJ | LDAP | OPENDJ | SYSLOG + KV |
Forseti Open Source | GCP Specific | FORSETI | JSON |
FortiGate | Firewall | FORTINET_FIREWALL | JSON, SYSLOG + KV |
Fortinet | DHCP | FORTINET_DHCP | KV |
Fortinet FortiEDR | EDR | FORTINET_FORTIEDR | SYSLOG + KV |
Fortinet FortiNAC | NAC | FORTINET_FORTINAC | SYSLOG |
GCP Apigee | GCP Specific | GCP_APIGEE | JSON |
GCP Cloud Identity Device Users | GCP Specific | GCP_CLOUDIDENTITY_DEVICEUSERS | JSON |
GCP Cloud Identity Devices | GCP Specific | GCP_CLOUDIDENTITY_DEVICES | JSON |
GCP Cloud IOT | GCP Specific | GCP_CLOUDIOT | JSON |
GCP Cloud Run | GCP Specific | GCP_RUN | JSON |
GCP Compute | GCP Specific | GCP_COMPUTE | JSON |
GCP IDS | IDS | GCP_IDS | JSON |
GCP Load Balancing | Load Balancer | GCP_LOADBALANCING | JSON |
GCP VPC Flow | GCP Specific | GCP_VPC_FLOW | JSON |
GitHub | SaaS Application | GITHUB | JSON |
GMAIL Logs | GCP Specific | GMAIL_LOGS | JSON |
GMV Checker ATM Security | ATM Audit | GMV_CHECKER | SYSLOG |
Google Chrome Browser Cloud Management (CBCM) | Alerts | N/A | JSON |
HCL BigFix | Network Management and Optimization | HCL_BIGFIX | JSON |
Honeyd | Deception Software | HONEYD | SYSLOG |
HP Aruba(Clearpass) | Identity and Access Management | CLEARPASS | SYSLOG + KV |
HP Procurve Switch | Switches | HP_PROCURVE | SYSLOG |
HPE ILO | Server Management | HPE_ILO | SYSLOG |
IBM AS/400 | Application System | IBM_AS400 | SYSLOG + KV |
IBM CICS | Service Bus | IBM_CICS | LEEF |
IBM DataPower Gateway | API Gateway | IBM_DATAPOWER | Message |
IBM DB2 | Database | DB2_DB | LEEF |
IBM Guardium | Database DLP | GUARDIUM | CSV, CEF |
IBM Informix | DATABASE | INFORMIX | JSON + SYSLOG |
IBM Tivoli | Monitoring | IBM_TIVOLI | JSON,SYSLOG |
IBM Websphere Application Server | Web server | IBM_WEBSPHERE_APP_SERVER | JSON,SYSLOG |
IBM z/OS | OS | IBM_ZOS | LEEF |
Imperva | WAF | IMPERVA_WAF | SYSLOG + KV + JSON |
Imperva Database | Cloud Application and Edge Security | IMPERVA_DB | SYSLOG |
Imperva SecureSphere Management | Data Security / Insider Threat | IMPERVA_SECURESPHERE | SYSLOG + KV (CEF) |
Infoblox | DHCP, DNS | INFOBLOX | SYSLOG |
Infoblox DHCP | DHCP | INFOBLOX_DHCP | SYSLOG |
Infoblox DNS | DNS | INFOBLOX_DNS | SYSLOG, CEF |
Ipswitch MOVEit Transfer | Switches | IPSWITCH_MOVEIT_TRANSFER | SYSLOG |
Ipswitch SFTP | Data Transfer | IPSWITCH_SFTP | SYSLOG, JSON |
ISC DHCP | DHCP | ISC_DHCP | JSON + SYSLOG + KV |
JAMF CMDB | Computer Inventory | JAMF | JSON |
JAMF Protect | ENDPOINT SECURITY | JAMF_PROTECT | JSON |
Juniper | Firewall | JUNIPER_FIREWALL | SYSLOG + KV |
Juniper IPS | IDS/IPS | JUNIPER_IPS | SYSLOG + KV |
Juniper Junos | Network Device | JUNIPER_JUNOS | SYSLOG + KV |
Juniper MX Router | Routers and Switches | JUNIPER_MX | SYSLOG + KV |
Kaspersky AV | AV / Endpoint | KASPERSKY_AV | KV + CEF |
Kea DHCP | DHCP | KEA_DHCP | SYSLOG |
Kemp Load Balancer | Load Balancer, Traffic Shaper, ADC | KEMP_LOADBALANCER | SYSLOG |
Kubernetes audit logs | K8s cluster audit logs | KUBERNETES_AUDIT | JSON |
Kubernetes Node logs | Cloud security | KUBERNETES_NODE | JSON |
Kyriba Treasury Management | SaaS Application | KYRIBA | CSV |
Layer7 SiteMinder | SSO | SITEMINDER_SSO | KV+JSON |
LimaCharlie | EDR | LIMACHARLIE_EDR | JSON |
Linux Auditing System (AuditD) | OS | AUDITD | SYSLOG |
Linux DHCP | DHCP | LINUX_DHCP | SYSLOG |
Linux Sysmon | DNS | LINUX_SYSMON | XML |
ManageEngine ADAudit Plus | Active Directory Audit | ADAUDIT_PLUS | SYSLOG + KV (CEF) |
McAfee DLP | DLP | MCAFEE_DLP | CSV |
McAfee Enterprise Security Manager | Log Aggregator | MCAFEE_ESM | SYSLOG + JSON |
McAfee ePolicy Orchestrator | Policy Management | MCAFEE_EPO | SYSLOG + XML, CSV |
McAfee IPS | IDS/IPS | MCAFEE_IPS | SYSLOG |
McAfee MVISION CASB | CLOUD SECURITY | MCAFEE_MVISION_CASB | KV |
McAfee Unified Cloud Edge | SaaS Application | MCAFEE_UCE | JSON |
McAfee Web Gateway | Web Proxy | MCAFEE_WEBPROXY | SYSLOG + KV (CEF), JSON |
McAfee Web Protection | SaaS Application | MCAFEE_WEB_PROTECTION | JSON |
Medigate IoT | IoT | MEDIGATE_IOT | SYSLOG + JSON |
Men and Mice DNS | DNS | MENANDMICE_DNS | SYSLOG |
Microsoft AD | LDAP | WINDOWS_AD | JSON |
Microsoft AD FS | LDAP | ADFS | JSON |
Microsoft ATA | IDS/IPS | MICROSOFT_ATA | SYSLOG + KV |
Microsoft Azure Activity | Misc Windows Specific | AZURE_ACTIVITY | JSON |
Microsoft Azure NSG Flow | Network Flow | AZURE_NSG_FLOW | JSON |
Microsoft Azure Resource | Log Aggregator | AZURE_RESOURCE_LOGS | JSON |
Microsoft CASB | CASB | MICROSOFT_CASB | SYSLOG + KV (CEF) |
Microsoft Defender for Endpoint | EDR | MICROSOFT_DEFENDER_ENDPOINT | JSON |
Microsoft Defender for Identity | EDR | MICROSOFT_DEFENDER_IDENTITY | JSON |
Microsoft Exchange | Email Server | EXCHANGE_MAIL | SYSLOG |
View Change | |||
Microsoft Graph API Alerts | Gateway to data and intelligence | MICROSOFT_GRAPH_ALERT | JSON |
Microsoft IIS | Web Server | IIS | SYSLOG + KV |
Microsoft Intune | Mobile Device Management | AZURE_MDM_INTUNE | JSON |
Microsoft Powershell | Misc. Windows-specific | POWERSHELL | SYSLOG + JSON |
Microsoft SQL Server | Database | MICROSOFT_SQL | SYSLOG + KV, JSON |
Mimecast | Email Server | MIMECAST_MAIL | KV |
Mobileiron | ENDPOINT MANAGEMENT | MOBILEIRON | JSON |
Mongo Database | DATABASE | MONGO_DB | JSON |
MySQL | Database | MYSQL | SYSLOG |
Nasuni File Services Platform | Data Transfer | NASUNI_FILE_SERVICES | SYSLOG + JSON |
Netfilter IPtables | Firewall | NETFILTER_IPTABLES | SYSLOG + KV |
Netskope | Cloud Security | NETSKOPE_ALERT | JSON |
Netskope Web Proxy | Web Proxy | NETSKOPE_WEBPROXY | SYSLOG |
NIMBLE OS | OS | NIMBLE_OS | SYSLOG |
Nokia VitalQIP | DDI (DNS, DHCP, IPAM) | VITALQIP | SYSLOG |
Nucleus Asset Metadata | Nucleus Specific | NUCLEUS_ASSET | JSON |
Nucleus Unified Vulnerability Management | Nucleus Specific | NUCLEUS_VULNERABILITY | JSON |
Nutanix Prism | Firewall | NUTANIX_PRISM | JSON |
NXLog Manager | Log Aggregator | NXLOG_MANAGER | SYSLOG |
Office 365 | SaaS Application | OFFICE_365 | JSON |
Okta | Identity and Access Management | OKTA | JSON |
Okta Access Gateway | OKTA specific | OKTA_ACCESS_GATEWAY | JSON |
Okta User Context | Identity and Access Management | OKTA_USER_CONTEXT | JSON |
OneLogin | SSO | ONELOGIN_SSO | JSON |
OpenSSH | Logging and Troubleshooting | OPENSSH | SYSLOG |
OpenVPN | Network | OPEN_VPN | SYSLOG + KV |
Oracle | DATABASE | ORACLE_DB | SYSLOG + KV |
Ordr IoT | IoT | ORDR_IOT | SYSLOG + JSON |
OSSEC | IDS/IPS | OSSEC | SYSLOG |
Palo Alto Cortex XDR | NDR | CORTEX_XDR | JSON |
Palo Alto Networks Firewall | Firewall | PAN_FIREWALL | SYSLOG + LEEF |
Palo Alto Networks Traps | EDR | PAN_EDR | JSON |
Palo Alto Prisma Cloud | SECURITY PLATFORM | PAN_PRISMA_CLOUD | JSON |
PAN Autofocus | IOC | PAN_IOC | JSON |
Passive DNS | DNS | PASSIVE_DNS | JSON |
pfSense | FIREWALL | PFSENSE | SYSLOG |
Ping Identity | Authentication | PING | JSON, SYSLOG + KV |
PostFix Mail | Email Server | POSTFIX_MAIL | SYSLOG |
Preempt Alert | Identity and Access Management | PREEMPT | SYSLOG + KV (CEF) |
View Change | |||
Preempt Auth | Identity and Access Management | PREEMPT_AUTH | SYSLOG + JSON |
Proofpoint Email Filter | Email Server | PROOFPOINT_MAIL_FILTER | KV |
Proofpoint Observeit | Email Server | OBSERVEIT | JSON, KV |
Proofpoint On Demand | Email Server | PROOFPOINT_ON_DEMAND | JSON |
Proofpoint Tap Alerts | Email Server | PROOFPOINT_MAIL | JSON |
Pulse Secure | VPN | PULSE_SECURE_VPN | SYSLOG |
Qualys VM | Vulnerability Scanner | QUALYS_VM | KV |
Quest Active Directory | Authentication log | QUEST_AD | CEF Syslog |
Radware Web Application Firewall | Firewall | RADWARE_FIREWALL | SYSLOG |
Rapid7 | Vunerability Scanner | RAPID7_NEXPOSE | JSON |
Rapid7 Insight | Vunerability Scanner | RAPID7_INSIGHT | JSON |
Recorded Future | IOC | RECORDED_FUTURE_IOC | JSON |
Red Canary | EDR | REDCANARY_EDR | JSON |
Red Hat Directory Server LDAP | Identity and Access Management | REDHAT_DIRECTORY_SERVER | JSON + SYSLOG + KV |
RH-ISAC | IOC | RH_ISAC_IOC | JSON |
RSA | Identity and Access Management | RSA_AUTH_MANAGER | CSV |
Rubrik | Backup software | RUBRIK | SYSLOG |
SailPoint IAM | Identity and Access Management | SAILPOINT_IAM | JSON |
Salesforce | SaaS Application | SALESFORCE | KV (LEEF), CSV |
SecureAuth | SSO | SECUREAUTH_SSO | SYSLOG, XML |
SecureLink | Remote Access Tools | SECURELINK | SYSLOG |
Semperis DSP | LDAP | SEMPERIS_DSP | SYSLOG |
Sendmail | Email Server | SENDMAIL | SYSLOG + KV |
SentinelOne Deep Visibility | EDR | SENTINEL_DV | JSON |
SentinelOne EDR | EDR | SENTINEL_EDR | SYSLOG + JSON |
ServiceNow CMDB | Policy Management | SERVICENOW_CMDB | JSON |
ServiceNow Security | SaaS Application | SERVICENOW_SECURITY | JSON |
Shibboleth IDP | Identity and Access Management | SHIBBOLETH_IDP | SYSLOG |
Signal Sciences WAF | WAF | SIGNAL_SCIENCES_WAF | JSON |
Silverfort Authentication Platform | Identity and Access Management | SILVERFORT | CEF Syslog |
Slack Audit | Productivity | SLACK_AUDIT | JSON |
Snort | IDS/IPS | SNORT_IDS | SYSLOG + JSON |
SonicWall | Firewall | SONIC_FIREWALL | SYSLOG + KV |
Sophos AV | AV / Endpoint | SOPHOS_AV | CSV, JSON |
Sophos Capsule8 | Container Security | SOPHOS_CAPSULE8 | JSON |
Sophos DHCP | DHCP | SOPHOS_DHCP | SYSLOG + KV |
Sophos Firewall (Next Gen) | Firewall | SOPHOS_FIREWALL | KV |
Sophos UTM | Unified Threat Management | SOPHOS_UTM | KV |
Sourcefire | IDS/IPS | SOURCEFIRE_IDS | JSON |
Squid Web Proxy | Web Proxy | SQUID_WEBPROXY | SYSLOG |
Static IP | DHCP | ASSET_STATIC_IP | CSV |
Stealthbits Audit | File system monitoring | STEALTHBITS_AUDIT | JSON |
Stealthbits Defend | Security System for Active Directory and File Systems. | STEALTHBITS_DEFEND | SYSLOG + KV (LEEF) |
Strong Swan VPN | VPN | STRONGSWAN_VPN | JSON |
Suricata EVE | IPS IDS | SURICATA_EVE | JSON |
Suricata IDS | IDS/IPS | SURICATA_IDS | JSON |
Symantec CloudSOC CASB | CASB | SYMANTEC_CASB | SYSLOG+JSON |
Symantec DLP | DLP | SYMANTEC_DLP | SYSLOG + KV (CEF), XML |
Symantec EDR | EDR | SYMANTEC_EDR | JSON |
Symantec Endpoint Protection | AV / Endpoint | SEP | SYSLOG |
Symantec Event export | SEP | SYMANTEC_EVENT_EXPORT | JSON |
Symantec VIP Gateway | Email Server | SYMANTEC_VIP | SYSLOG |
Symantec Web Isolation | Secure Access Service Edge | SYMANTEC_WEB_ISOLATION | JSON |
Symantec Web Security Service | Web Proxy | SYMANTEC_WSS | JSON |
Tanium Asset | Tanium Specific | TANIUM_ASSET | JSON |
Tanium Audit | SCAN NETWORK | TANIUM_AUDIT | JSON |
Tanium Comply | Tanium Specific | TANIUM_COMPLY | JSON |
Tanium Discover | Tanium Specific | TANIUM_DISCOVER | JSON |
Tanium Insight | Tanium Specific | TANIUM_INSIGHT | SYSLOG + KV |
Tanium Patch | Tanium Specific | TANIUM_PATCH | JSON |
Tanium Reveal | Tanium Specific | TANIUM_REVEAL | JSON |
Tanium Stream | Tanium Specific | TANIUM_TH | JSON |
Tanium Threat Response | Tanium Specific | TANIUM_THREAT_RESPONSE | JSON |
TeamViewer | Remote Support | TEAMVIEWER | JSON |
Tenable Security Center | Vulnerability Scanner | TENABLE_SC | SYSLOG |
tenable.io | Vunerability Scanner | TENABLE_IO | JSON |
Thales Digital Identity and Security | Digital Identity & Security | THALES_DIS | SYSLOG |
Thales Luna Hardware Security Module | THALES_LUNA_HSM specific | THALES_LUNA_HSM | JSON/GROK |
Thales MFA | Authentication | THALES_MFA | SYSLOG + KV (CEF) |
Thales Vormetric | Encryption | VORMETRIC | SYSLOG |
Thinkst Canary | Deception Software | THINKST_CANARY | JSON |
ThreatConnect | IOC | THREATCONNECT_IOC | JSON |
Thycotic | Identity and Access Management | THYCOTIC | SYSLOG + KV (CEF) |
Trend Micro AV | AV / Endpoint | TRENDMICRO_AV | SYSLOG + KV, CEF |
TrendMicro Web Proxy | Web Proxy | TRENDMICRO_WEBPROXY | SYSLOG + KV |
Tripwire | DLP | TRIPWIRE_FIM | SYSLOG |
Ubiquiti UniFi Switch | Switch | UBIQUITI_SWITCH | SYSLOG |
Unbound DNS | DNS | UNBOUND_DNS | SYSLOG |
Unifi AP | Switches and Routers | UNIFI_AP | SYSLOG + KV, SYSLOG + JSON |
Unix system | OS | NIX_SYSTEM | SYSLOG |
Uptycs EDR | Endpoint detection and response | UPTYCS_EDR | JSON |
VanDyke SFTP | Data Transfer | VANDYKE_SFTP | JSON,SYSLOG |
Varonis | Data Security / Insider Threat | VARONIS | SYSLOG + KV (CEF) |
Vectra Detect | NDR | VECTRA_DETECT | SYSLOG + JSON |
Vectra Stream | NDR | VECTRA_STREAM | SYSLOG + KV |
VMware AirWatch | Wireless | AIRWATCH | SYSLOG + KV |
VMware ESXi | Hypervisor | VMWARE_ESX | SYSLOG |
VMware Horizon | VDI | VMWARE_HORIZON | SYSLOG |
VMware NSX | Network and Security Virtualization | VMWARE_NSX | KV |
VMware Tanzu Kubernetes Grid | IDS/IPS | VMWARE_TANZU | JSON |
VMware vCenter | Server | VMWARE_VCENTER | SYSLOG + JSON |
VMware vRealize Suite | Cloud | VMWARE_VREALIZE | SYSLOG |
WatchGuard | Syslog and KV | WATCHGUARD | JSON |
Wazuh | Log Aggregator | WAZUH | SYSLOG + JSON |
Windows Applocker | Application Locker | WINDOWS_APPLOCKER | SYSLOG + KV |
Windows Defender ATP | AV / Endpoint | WINDOWS_DEFENDER_ATP | SYSLOG + JSON, XML |
Windows Defender AV | AV / Endpoint | WINDOWS_DEFENDER_AV | JSON, XML |
Windows DHCP | DHCP | WINDOWS_DHCP | JSON, SYSLOG, CSV |
Windows DNS | DNS | WINDOWS_DNS | JSON, XML, SYSLOG + KV |
Windows Event | Endpoint | WINEVTLOG | JSON + KV |
Windows Event (XML) | AV / Endpoint | WINEVTLOG_XML | SYSLOG + XML |
Windows Firewall | Firewall | WINDOWS_FIREWALL | Space Separated Value |
Windows Network Policy Server | Authentication | WINDOWS_NET_POLICY_SERVER | SYSLOG, JSON, SYSLOG + XML |
Windows Sysmon | DNS | WINDOWS_SYSMON | JSON, XML |
Workday | SaaS Application | WORKDAY | JSON |
Workspace Activities | GCP Specific | WORKSPACE_ACTIVITY | JSON |
Workspace Alerts | WORKSPACE_ALERTS | JSON | |
Workspace ChromeOS Devices | GCP Specific | WORKSPACE_CHROMEOS | JSON |
Workspace Groups | GCP Specific | WORKSPACE_GROUPS | JSON |
Workspace Mobile Devices | GCP Specific | WORKSPACE_MOBILE | JSON |
Workspace Privileges | GCP Specific | WORKSPACE_PRIVILEGES | JSON |
Workspace Users | GCP Specific | WORKSPACE_USERS | JSON |
Zeek JSON | Format Specific | BRO_JSON | SYSLOG + JSON |
Zeek TSV | Format Specific | BRO_TSV | SYSLOG + TSV |
Zscaler | Web Proxy | ZSCALER_WEBPROXY | SYSLOG + KV, CSV |
ZScaler DNS | DNS | ZSCALER_DNS | SYSLOG + KV |
ZScaler NGFW | Firewall | ZSCALER_FIREWALL | SYSLOG + KV (CEF), CSV |
ZScaler VPN | VPN | ZSCALER_VPN | SYSLOG + CSV |
Comments
0 comments
Please sign in to leave a comment.