| Vendor/Product | Category | Ingestion Label | Format |
| Absolute Mobile Device Management | Mobile Device Management | ABSOLUTE | SYSLOG + KV (CEF) |
| Acalvio | Deception Software | ACALVIO | SYSLOG + KV |
| Active Countermeasures | Alert | AI_HUNTER | SYSLOG |
| Akamai Cloud Monitor | Load Balancer, Traffic Shaper, ADC | AKAMAI_CLOUD_MONITOR | JSON |
| Akamai DNS | DNS | AKAMAI_DNS | CSV |
| Akamai WAF | WAF | AKAMAI_WAF | SYSLOG |
| AlgoSec Security Management | Policy Management | ALGOSEC | SYSLOG + KV (CEF) |
| AlphaSOC | Alert | ASOC_ALERT | JSON |
| Anomali | IOC | ANOMALI_IOC | JSON, CEF |
| Apache | Web Server | APACHE | SYSLOG |
| Apache Cassandra | Web server | CASSANDRA | JSON |
| Apache Hadoop | open-source software | HADOOP | SYSLOG + KV |
| Apache Tomcat | Web server | TOMCAT | JSON |
| Apple MacOS | AV / Endpoint | MACOS | SYSLOG |
| Aqua Security | IaaS Applications | AQUA_SECURITY | JSON |
| Archer Integrated Risk Management | Risk Management Solution | ARCHER_IRM | SYSLOG |
| Aruba | Wireless | ARUBA_WIRELESS | SYSLOG |
| Aruba Airwave | Wireless | ARUBA_AIRWAVE | XML |
| Aruba IPS | IPS | ARUBA_IPS | JSON |
| Atlassian Confluence | Knowledge base | ATLASSIAN_CONFLUENCE | SYSLOG |
| Atlassian Jira | Ticketing Application | ATLASSIAN_JIRA | SYSLOG |
| Automation Anywhere | Automation Tools | AUTOMATION_ANYWHERE | SYSLOG + KV |
| Avanan Email Security | Email Server | AVANAN_EMAIL | JSON |
| Avatier Password Management | SaaS Application | AVATIER | SYSLOG + KV |
| AWS CloudFront | CDN | AWS_CLOUDFRONT | SYSLOG |
| AWS Cloudtrail | Cloud Log Aggregator | AWS_CLOUDTRAIL | JSON |
| AWS CloudWatch | Cloud service monitoring | AWS_CLOUDWATCH | JSON, GROK |
| AWS Config | AWS Specific | AWS_CONFIG | JSON |
| AWS Elastic Load Balancer | AWS Specific | AWS_ELB | SYSLOG |
| AWS GuardDuty | IDS/IPS | GUARDDUTY | JSON |
| AWS Key Management Service | AWS Specific | AWS_KMS | JSON |
| AWS Security Hub | IDS/IPS | AWS_SECURITY_HUB | JSON |
| AWS VPC Flow | AWS Specific | AWS_VPC_FLOW | SYSLOG |
| Azure AD | LDAP | AZURE_AD | JSON |
| Azure AD Directory Audit | Audit | AZURE_AD_AUDIT | JSON |
| Azure AD Organizational Context | LDAP | AZURE_AD_CONTEXT | JSON |
| Azure Cosmos DB | Database | AZURE_COSMOS_DB | JSON |
| Azure DevOps Audit | Automation and DevOps Tools | AZURE_DEVOPS | JSON |
| Azure Firewall | Azure Firewall Application Rule | AZURE_FIREWALL | JSON |
| Azure SQL | Database | AZURE_SQL | JSON |
| Barracuda Email | Email Server | BARRACUDA_EMAIL | JSON |
| Barracuda Firewall | Firewall | BARRACUDA_FIREWALL | SYSLOG |
| BeyondTrust | Privilege Account Activity | BOMGAR | SYSLOG |
| BeyondTrust Secure Remote Access | Remote Access Tools | BEYONDTRUST_REMOTE_ACCESS | SYSLOG + KV |
| Big Switch BigCloudFabric | Switches, Routers | BIGSWITCH_BCF | SYSLOG |
| BIND | DNS | BIND_DNS | SYSLOG |
| Bitdefender | AV / Endpoint | BITDEFENDER | CSV |
| Blue Coat Proxy | Web Proxy | BLUECOAT_WEBPROXY | SYSLOG + JSON, SYSLOG + KV |
| Bluecat DDI | DDI (DNS, DHCP, IPAM) | BLUECAT_DDI | SYSLOG |
| Bluecat Edge DNS Resolver | DNS | BLUECAT_EDGE | JSON,KV,SYSLOG |
| Box | Collaboration | BOX | JSON |
| Brocade ServerIron ADX | Load Balancer | BROCADE_SERVERIRON | SYSLOG |
| CA Access Control | Access Management | CA_ACCESS_CONTROL | JSON+SYSLOG, SYSLOG |
| CA ACF2 | Mainframe | CA_ACF2 | LEEF |
| Carbon Black | EDR | CB_EDR | JSON |
| Carbon Black App Control | Security log | CB_APP_CONTROL | CEF,JSON |
| Cato Networks | NDR | CATO_NETWORKS | JSON |
| Centrify | SSO | CENTRIFY_SSO | JSON |
| Centripetal Networks IOC | IOC | CENTRIPETAL_IOC | SYSLOG + KV |
| Check Point | Firewall | CHECKPOINT_FIREWALL | SYSLOG + KV , JSON |
| Check Point Sandblast | EDR | CHECKPOINT_EDR | SYSLOG + KV |
| CIS Albert Alerts | Alerts | CIS_ALBERT_ALERT | SYSLOG |
| Cisco ACS | Authentication | CISCO_ACS | SYSLOG + KV |
| Cisco AMP | AV / Endpoint | CISCO_AMP | JSON |
| Cisco Application Control Engine | Load Balancer, Traffic Shaper, ADC | CISCO_ACE | SYSLOG |
| Cisco ASA | Firewall | CISCO_ASA_FIREWALL | JSON, SYSLOG |
| Cisco CloudLock | CASB | CISCO_CLOUDLOCK_CASB | JSON |
| Cisco CTS | Telephone Software | CISCO_CTS | SYSLOG + KV |
| Cisco DHCP | DHCP | CISCO_DHCP | CSV + Syslog |
| Cisco Email Security | Email Server | CISCO_EMAIL_SECURITY | SYSLOG + KV |
| Cisco Firepower NGFW | Firewall | CISCO_FIREPOWER_FIREWALL | SYSLOG |
| Cisco FireSIGHT Management Center | SaaS Application | CISCO_FIRESIGHT | KV |
| Cisco Internetwork Operating System | Network Infrastructure | CISCO_IOS | SYSLOG |
| Cisco ISE | Identity and Access Management | CISCO_ISE | SYSLOG |
| Cisco Meraki | Wireless | CISCO_MERAKI | SYSLOG, JSON |
| Cisco NX-OS | OS | CISCO_NX_OS | SYSLOG |
| Cisco Prime | Network Management and Optimization | CISCO_PRIME | SYSLOG |
| Cisco Router | Switches, Routers | CISCO_ROUTER | SYSLOG |
| Cisco Stealthwatch | Log Aggregator | CISCO_STEALTHWATCH | JSON |
| Cisco Switch | Switches, Routers | CISCO_SWITCH | SYSLOG |
| Cisco TACACS+ | Authentication | CISCO_TACACS | SYSLOG + KV |
| Cisco UCS | OS logs | CISCO_UCS | SYSLOG |
| Cisco Umbrella Cloud Firewall | Firewall | UMBRELLA_FIREWALL | CSV |
| Cisco Umbrella DNS | DNS | UMBRELLA_DNS | CSV,JSON |
| Cisco Umbrella IP | Web Proxy | UMBRELLA_IP | SYSLOG |
| Cisco Umbrella Web Proxy | Web Proxy | UMBRELLA_WEBPROXY | CSV |
| Cisco VPN | VPN | CISCO_VPN | SYSLOG |
| Cisco WLC/WCS | Wireless | CISCO_WIRELESS | SYSLOG |
| Citrix Netscaler | Load Balancer, Traffic Shaper, ADC | CITRIX_NETSCALER | SYSLOG + KV |
| Citrix Storefront | Remote Access Tools | CITRIX_STOREFRONT | JSON |
| ClamAV | AV / Endpoint | CLAM_AV | JSON |
| Cloud Passage | SaaS Application | CLOUD_PASSAGE | JSON |
| Cloudflare | SaaS Application | CLOUDFLARE | JSON |
| CloudGenix SD-WAN | Switches, Routers | CLOUDGENIX_SDWAN | SYSLOG + KV |
| Cloudian hyperstore | Storage Solutions | CLOUDIAN_HYPERSTORE | SYSLOG |
| CloudM | Identity and Access Management | CLOUDM | JSON |
| Cofense | Email Server | COFENSE_TRIAGE | SYSLOG + KV (CEF) |
| Comodo | AV / Endpoint | COMODO_AV | SYSLOG + KV (CEF) |
| Corelight | NDR | CORELIGHT | JSON |
| COVID-19 Cyber Threat Coalition | IOC | COVID_CTC_IOC | Value Entry |
| CrowdStrike Falcon | EDR | CS_EDR | JSON |
| CrowdStrike Falcon Stream | Alerts | CS_STREAM | KV (LEEF) |
| Crowdstrike IOC | IOC | CROWDSTRIKE_IOC | JSON |
| CSV Custom IOC | IOC | CSV_CUSTOM_IOC | CSV |
| Custom Security Data Analytics | Log Aggregation | CUSTOM_SECURITY_DATA_ANALYTICS | JSON |
| CyberArk | Privilege Account Management | CYBERARK | KV (CEF) |
| Cybereason EDR | EDR | CYBEREASON_EDR | JSON |
| Cylance Protect | Alerts | CYLANCE_PROTECT | SYSLOG + KV |
| D3 Banking | BANKING | D3_BANKING | JSON |
| Darktrace | NDR | DARKTRACE | SYSLOG + KV (CEF) |
| Dell EMC Data Domain | Storage system | DELL_EMC_DATA_DOMAIN | SYSLOG + KV |
| Dell EMC Isilon NAS | Storage | DELL_EMC_NAS | SYSLOG |
| Dell OpenManage | Systems Management Application | DELL_OPENMANAGE | Syslog |
| Department of Homeland Security | Threat detection | DHS_IOC | xml |
| Digital Guardian | EDR | DIGITALGUARDIAN_EDR | KV |
| Digital Shadows Indicators | IOC | DIGITAL_SHADOWS_IOC | JSON |
| Digital Shadows SearchLight | Threat Intelligence | DIGITAL_SHADOWS_SEARCHLIGHT | JSON |
| DMP | Physcial Security | DMP_ENTRE | SYSLOG |
| Duo Auth | Authentication | DUO_AUTH | JSON |
| Duo Entity context data | Identity and Access Management | DUO_CONTEXT | JSON |
| Duo User Context | Identity and Access Management | DUO_USER_CONTEXT | JSON |
| EfficientIP DDI | Network | EFFICIENTIP_DDI | SYSLOG + KV |
| Elastic Audit Beats | ALERTING | ELASTIC_AUDITBEAT | JSON |
| Elastic Packet Beats | Log Aggregator | ELASTIC_PACKETBEATS | SYSLOG + JSON |
| Elastic Windows Event Log Beats | Log Aggregator | ELASTIC_WINLOGBEAT | SYSLOG + JSON |
| Emerging Threats Pro | IOC | ET_PRO_IOC | CSV |
| EPIC Systems | Discovery and Monitoring | EPIC | LEEF + KV |
| ESET | EDR | ESET_EDR | SYSLOG + JSON |
| ESET Threat Intelligence | IOC | ESET_IOC | JSON |
| ExtraHop DNS | DNS | EXTRAHOP_DNS | JSON |
| ExtraHop RevealX | Firewall IDS/IPS | EXTRAHOP | JSON,SYSLOG |
| F5 ASM | WAF | F5_ASM | SYSLOG |
| F5 BIGIP LTM | Load Balancer, Traffic Shaper, ADC | F5_BIGIP_LTM | SYSLOG |
| F5 DNS | DNS | F5_DNS | SYSLOG |
| F5 Shape | Security log | F5_SHAPE | JSON |
| F5 VPN | VPN | F5_VPN | SYSLOG |
| Falco IDS | IDS/IPS | FALCO_IDS | JSON |
| Fastly WAF | WAF | FASTLY_WAF | JSON |
| Fidelis Network | NDR | FIDELIS_NETWORK | SYSLOG + KV |
| File Scanning Framework | File scanning | FILE_SCANNING_FRAMEWORK | JSON |
| FileZilla | File transer | FILEZILLA_FTP | SYSLOG |
| FireEye | Alerts | FIREEYE_ALERT | SYSLOG + JSON |
| Fireeye ETP | Email Server | FIREEYE_ETP | JSON |
| FireEye HX | EDR | FIREEYE_HX | JSON |
| FireEye NX | NDR | FIREEYE_NX | JSON |
| Forcepoint NGFW | Network | FORCEPOINT_FIREWALL | JSON |
| Forcepoint Proxy | Web Proxy | FORCEPOINT_WEBPROXY | SYSLOG + KV (CEF), LEEF |
| Forescout NAC | NAC | FORESCOUT_NAC | SYSLOG |
| ForgeRock OpenAM | Identity and Access Management | OPENAM | CSV, SYSLOG + KV |
| ForgeRock OpenDJ | LDAP | OPENDJ | SYSLOG + KV |
| Forseti Open Source | GCP Specific | FORSETI | JSON |
| FortiGate | Firewall | FORTINET_FIREWALL | JSON, SYSLOG + KV |
| Fortinet | DHCP | FORTINET_DHCP | KV |
| Fortinet FortiEDR | EDR | FORTINET_FORTIEDR | SYSLOG + KV |
| Fortinet FortiNAC | NAC | FORTINET_FORTINAC | SYSLOG |
| GCP Apigee | GCP Specific | GCP_APIGEE | JSON |
| GCP Cloud Identity Device Users | GCP Specific | GCP_CLOUDIDENTITY_DEVICEUSERS | JSON |
| GCP Cloud Identity Devices | GCP Specific | GCP_CLOUDIDENTITY_DEVICES | JSON |
| GCP Cloud IOT | GCP Specific | GCP_CLOUDIOT | JSON |
| GCP Cloud Run | GCP Specific | GCP_RUN | JSON |
| GCP Compute | GCP Specific | GCP_COMPUTE | JSON |
| GCP IDS | IDS | GCP_IDS | JSON |
| GCP Load Balancing | Load Balancer | GCP_LOADBALANCING | JSON |
| GCP VPC Flow | GCP Specific | GCP_VPC_FLOW | JSON |
| GitHub | SaaS Application | GITHUB | JSON |
| GMAIL Logs | GCP Specific | GMAIL_LOGS | JSON |
| GMV Checker ATM Security | ATM Audit | GMV_CHECKER | SYSLOG |
| Google Chrome Browser Cloud Management (CBCM) | Alerts | N/A | JSON |
| HCL BigFix | Network Management and Optimization | HCL_BIGFIX | JSON |
| Honeyd | Deception Software | HONEYD | SYSLOG |
| HP Aruba(Clearpass) | Identity and Access Management | CLEARPASS | SYSLOG + KV |
| HP Procurve Switch | Switches | HP_PROCURVE | SYSLOG |
| HPE ILO | Server Management | HPE_ILO | SYSLOG |
| IBM AS/400 | Application System | IBM_AS400 | SYSLOG + KV |
| IBM CICS | Service Bus | IBM_CICS | LEEF |
| IBM DataPower Gateway | API Gateway | IBM_DATAPOWER | Message |
| IBM DB2 | Database | DB2_DB | LEEF |
| IBM Guardium | Database DLP | GUARDIUM | CSV, CEF |
| IBM Informix | DATABASE | INFORMIX | JSON + SYSLOG |
| IBM Tivoli | Monitoring | IBM_TIVOLI | JSON,SYSLOG |
| IBM Websphere Application Server | Web server | IBM_WEBSPHERE_APP_SERVER | JSON,SYSLOG |
| IBM z/OS | OS | IBM_ZOS | LEEF |
| Imperva | WAF | IMPERVA_WAF | SYSLOG + KV + JSON |
| Imperva Database | Cloud Application and Edge Security | IMPERVA_DB | SYSLOG |
| Imperva SecureSphere Management | Data Security / Insider Threat | IMPERVA_SECURESPHERE | SYSLOG + KV (CEF) |
| Infoblox | DHCP, DNS | INFOBLOX | SYSLOG |
| Infoblox DHCP | DHCP | INFOBLOX_DHCP | SYSLOG |
| Infoblox DNS | DNS | INFOBLOX_DNS | SYSLOG, CEF |
| Ipswitch MOVEit Transfer | Switches | IPSWITCH_MOVEIT_TRANSFER | SYSLOG |
| Ipswitch SFTP | Data Transfer | IPSWITCH_SFTP | SYSLOG, JSON |
| ISC DHCP | DHCP | ISC_DHCP | JSON + SYSLOG + KV |
| JAMF CMDB | Computer Inventory | JAMF | JSON |
| JAMF Protect | ENDPOINT SECURITY | JAMF_PROTECT | JSON |
| Juniper | Firewall | JUNIPER_FIREWALL | SYSLOG + KV |
| Juniper IPS | IDS/IPS | JUNIPER_IPS | SYSLOG + KV |
| Juniper Junos | Network Device | JUNIPER_JUNOS | SYSLOG + KV |
| Juniper MX Router | Routers and Switches | JUNIPER_MX | SYSLOG + KV |
| Kaspersky AV | AV / Endpoint | KASPERSKY_AV | KV + CEF |
| Kea DHCP | DHCP | KEA_DHCP | SYSLOG |
| Kemp Load Balancer | Load Balancer, Traffic Shaper, ADC | KEMP_LOADBALANCER | SYSLOG |
| Kubernetes audit logs | K8s cluster audit logs | KUBERNETES_AUDIT | JSON |
| Kubernetes Node logs | Cloud security | KUBERNETES_NODE | JSON |
| Kyriba Treasury Management | SaaS Application | KYRIBA | CSV |
| Layer7 SiteMinder | SSO | SITEMINDER_SSO | KV+JSON |
| LimaCharlie | EDR | LIMACHARLIE_EDR | JSON |
| Linux Auditing System (AuditD) | OS | AUDITD | SYSLOG |
| Linux DHCP | DHCP | LINUX_DHCP | SYSLOG |
| Linux Sysmon | DNS | LINUX_SYSMON | XML |
| ManageEngine ADAudit Plus | Active Directory Audit | ADAUDIT_PLUS | SYSLOG + KV (CEF) |
| McAfee DLP | DLP | MCAFEE_DLP | CSV |
| McAfee Enterprise Security Manager | Log Aggregator | MCAFEE_ESM | SYSLOG + JSON |
| McAfee ePolicy Orchestrator | Policy Management | MCAFEE_EPO | SYSLOG + XML, CSV |
| McAfee IPS | IDS/IPS | MCAFEE_IPS | SYSLOG |
| McAfee MVISION CASB | CLOUD SECURITY | MCAFEE_MVISION_CASB | KV |
| McAfee Unified Cloud Edge | SaaS Application | MCAFEE_UCE | JSON |
| McAfee Web Gateway | Web Proxy | MCAFEE_WEBPROXY | SYSLOG + KV (CEF), JSON |
| McAfee Web Protection | SaaS Application | MCAFEE_WEB_PROTECTION | JSON |
| Medigate IoT | IoT | MEDIGATE_IOT | SYSLOG + JSON |
| Men and Mice DNS | DNS | MENANDMICE_DNS | SYSLOG |
| Microsoft AD | LDAP | WINDOWS_AD | JSON |
| Microsoft AD FS | LDAP | ADFS | JSON |
| Microsoft ATA | IDS/IPS | MICROSOFT_ATA | SYSLOG + KV |
| Microsoft Azure Activity | Misc Windows Specific | AZURE_ACTIVITY | JSON |
| Microsoft Azure NSG Flow | Network Flow | AZURE_NSG_FLOW | JSON |
| Microsoft Azure Resource | Log Aggregator | AZURE_RESOURCE_LOGS | JSON |
| Microsoft CASB | CASB | MICROSOFT_CASB | SYSLOG + KV (CEF) |
| Microsoft Defender for Endpoint | EDR | MICROSOFT_DEFENDER_ENDPOINT | JSON |
| Microsoft Defender for Identity | EDR | MICROSOFT_DEFENDER_IDENTITY | JSON |
| Microsoft Exchange | Email Server | EXCHANGE_MAIL | SYSLOG |
| View Change | |||
| Microsoft Graph API Alerts | Gateway to data and intelligence | MICROSOFT_GRAPH_ALERT | JSON |
| Microsoft IIS | Web Server | IIS | SYSLOG + KV |
| Microsoft Intune | Mobile Device Management | AZURE_MDM_INTUNE | JSON |
| Microsoft Powershell | Misc. Windows-specific | POWERSHELL | SYSLOG + JSON |
| Microsoft SQL Server | Database | MICROSOFT_SQL | SYSLOG + KV, JSON |
| Mimecast | Email Server | MIMECAST_MAIL | KV |
| Mobileiron | ENDPOINT MANAGEMENT | MOBILEIRON | JSON |
| Mongo Database | DATABASE | MONGO_DB | JSON |
| MySQL | Database | MYSQL | SYSLOG |
| Nasuni File Services Platform | Data Transfer | NASUNI_FILE_SERVICES | SYSLOG + JSON |
| Netfilter IPtables | Firewall | NETFILTER_IPTABLES | SYSLOG + KV |
| Netskope | Cloud Security | NETSKOPE_ALERT | JSON |
| Netskope Web Proxy | Web Proxy | NETSKOPE_WEBPROXY | SYSLOG |
| NIMBLE OS | OS | NIMBLE_OS | SYSLOG |
| Nokia VitalQIP | DDI (DNS, DHCP, IPAM) | VITALQIP | SYSLOG |
| Nucleus Asset Metadata | Nucleus Specific | NUCLEUS_ASSET | JSON |
| Nucleus Unified Vulnerability Management | Nucleus Specific | NUCLEUS_VULNERABILITY | JSON |
| Nutanix Prism | Firewall | NUTANIX_PRISM | JSON |
| NXLog Manager | Log Aggregator | NXLOG_MANAGER | SYSLOG |
| Office 365 | SaaS Application | OFFICE_365 | JSON |
| Okta | Identity and Access Management | OKTA | JSON |
| Okta Access Gateway | OKTA specific | OKTA_ACCESS_GATEWAY | JSON |
| Okta User Context | Identity and Access Management | OKTA_USER_CONTEXT | JSON |
| OneLogin | SSO | ONELOGIN_SSO | JSON |
| OpenSSH | Logging and Troubleshooting | OPENSSH | SYSLOG |
| OpenVPN | Network | OPEN_VPN | SYSLOG + KV |
| Oracle | DATABASE | ORACLE_DB | SYSLOG + KV |
| Ordr IoT | IoT | ORDR_IOT | SYSLOG + JSON |
| OSSEC | IDS/IPS | OSSEC | SYSLOG |
| Palo Alto Cortex XDR | NDR | CORTEX_XDR | JSON |
| Palo Alto Networks Firewall | Firewall | PAN_FIREWALL | SYSLOG + LEEF |
| Palo Alto Networks Traps | EDR | PAN_EDR | JSON |
| Palo Alto Prisma Cloud | SECURITY PLATFORM | PAN_PRISMA_CLOUD | JSON |
| PAN Autofocus | IOC | PAN_IOC | JSON |
| Passive DNS | DNS | PASSIVE_DNS | JSON |
| pfSense | FIREWALL | PFSENSE | SYSLOG |
| Ping Identity | Authentication | PING | JSON, SYSLOG + KV |
| PostFix Mail | Email Server | POSTFIX_MAIL | SYSLOG |
| Preempt Alert | Identity and Access Management | PREEMPT | SYSLOG + KV (CEF) |
| View Change | |||
| Preempt Auth | Identity and Access Management | PREEMPT_AUTH | SYSLOG + JSON |
| Proofpoint Email Filter | Email Server | PROOFPOINT_MAIL_FILTER | KV |
| Proofpoint Observeit | Email Server | OBSERVEIT | JSON, KV |
| Proofpoint On Demand | Email Server | PROOFPOINT_ON_DEMAND | JSON |
| Proofpoint Tap Alerts | Email Server | PROOFPOINT_MAIL | JSON |
| Pulse Secure | VPN | PULSE_SECURE_VPN | SYSLOG |
| Qualys VM | Vulnerability Scanner | QUALYS_VM | KV |
| Quest Active Directory | Authentication log | QUEST_AD | CEF Syslog |
| Radware Web Application Firewall | Firewall | RADWARE_FIREWALL | SYSLOG |
| Rapid7 | Vunerability Scanner | RAPID7_NEXPOSE | JSON |
| Rapid7 Insight | Vunerability Scanner | RAPID7_INSIGHT | JSON |
| Recorded Future | IOC | RECORDED_FUTURE_IOC | JSON |
| Red Canary | EDR | REDCANARY_EDR | JSON |
| Red Hat Directory Server LDAP | Identity and Access Management | REDHAT_DIRECTORY_SERVER | JSON + SYSLOG + KV |
| RH-ISAC | IOC | RH_ISAC_IOC | JSON |
| RSA | Identity and Access Management | RSA_AUTH_MANAGER | CSV |
| Rubrik | Backup software | RUBRIK | SYSLOG |
| SailPoint IAM | Identity and Access Management | SAILPOINT_IAM | JSON |
| Salesforce | SaaS Application | SALESFORCE | KV (LEEF), CSV |
| SecureAuth | SSO | SECUREAUTH_SSO | SYSLOG, XML |
| SecureLink | Remote Access Tools | SECURELINK | SYSLOG |
| Semperis DSP | LDAP | SEMPERIS_DSP | SYSLOG |
| Sendmail | Email Server | SENDMAIL | SYSLOG + KV |
| SentinelOne Deep Visibility | EDR | SENTINEL_DV | JSON |
| SentinelOne EDR | EDR | SENTINEL_EDR | SYSLOG + JSON |
| ServiceNow CMDB | Policy Management | SERVICENOW_CMDB | JSON |
| ServiceNow Security | SaaS Application | SERVICENOW_SECURITY | JSON |
| Shibboleth IDP | Identity and Access Management | SHIBBOLETH_IDP | SYSLOG |
| Signal Sciences WAF | WAF | SIGNAL_SCIENCES_WAF | JSON |
| Silverfort Authentication Platform | Identity and Access Management | SILVERFORT | CEF Syslog |
| Slack Audit | Productivity | SLACK_AUDIT | JSON |
| Snort | IDS/IPS | SNORT_IDS | SYSLOG + JSON |
| SonicWall | Firewall | SONIC_FIREWALL | SYSLOG + KV |
| Sophos AV | AV / Endpoint | SOPHOS_AV | CSV, JSON |
| Sophos Capsule8 | Container Security | SOPHOS_CAPSULE8 | JSON |
| Sophos DHCP | DHCP | SOPHOS_DHCP | SYSLOG + KV |
| Sophos Firewall (Next Gen) | Firewall | SOPHOS_FIREWALL | KV |
| Sophos UTM | Unified Threat Management | SOPHOS_UTM | KV |
| Sourcefire | IDS/IPS | SOURCEFIRE_IDS | JSON |
| Squid Web Proxy | Web Proxy | SQUID_WEBPROXY | SYSLOG |
| Static IP | DHCP | ASSET_STATIC_IP | CSV |
| Stealthbits Audit | File system monitoring | STEALTHBITS_AUDIT | JSON |
| Stealthbits Defend | Security System for Active Directory and File Systems. | STEALTHBITS_DEFEND | SYSLOG + KV (LEEF) |
| Strong Swan VPN | VPN | STRONGSWAN_VPN | JSON |
| Suricata EVE | IPS IDS | SURICATA_EVE | JSON |
| Suricata IDS | IDS/IPS | SURICATA_IDS | JSON |
| Symantec CloudSOC CASB | CASB | SYMANTEC_CASB | SYSLOG+JSON |
| Symantec DLP | DLP | SYMANTEC_DLP | SYSLOG + KV (CEF), XML |
| Symantec EDR | EDR | SYMANTEC_EDR | JSON |
| Symantec Endpoint Protection | AV / Endpoint | SEP | SYSLOG |
| Symantec Event export | SEP | SYMANTEC_EVENT_EXPORT | JSON |
| Symantec VIP Gateway | Email Server | SYMANTEC_VIP | SYSLOG |
| Symantec Web Isolation | Secure Access Service Edge | SYMANTEC_WEB_ISOLATION | JSON |
| Symantec Web Security Service | Web Proxy | SYMANTEC_WSS | JSON |
| Tanium Asset | Tanium Specific | TANIUM_ASSET | JSON |
| Tanium Audit | SCAN NETWORK | TANIUM_AUDIT | JSON |
| Tanium Comply | Tanium Specific | TANIUM_COMPLY | JSON |
| Tanium Discover | Tanium Specific | TANIUM_DISCOVER | JSON |
| Tanium Insight | Tanium Specific | TANIUM_INSIGHT | SYSLOG + KV |
| Tanium Patch | Tanium Specific | TANIUM_PATCH | JSON |
| Tanium Reveal | Tanium Specific | TANIUM_REVEAL | JSON |
| Tanium Stream | Tanium Specific | TANIUM_TH | JSON |
| Tanium Threat Response | Tanium Specific | TANIUM_THREAT_RESPONSE | JSON |
| TeamViewer | Remote Support | TEAMVIEWER | JSON |
| Tenable Security Center | Vulnerability Scanner | TENABLE_SC | SYSLOG |
| tenable.io | Vunerability Scanner | TENABLE_IO | JSON |
| Thales Digital Identity and Security | Digital Identity & Security | THALES_DIS | SYSLOG |
| Thales Luna Hardware Security Module | THALES_LUNA_HSM specific | THALES_LUNA_HSM | JSON/GROK |
| Thales MFA | Authentication | THALES_MFA | SYSLOG + KV (CEF) |
| Thales Vormetric | Encryption | VORMETRIC | SYSLOG |
| Thinkst Canary | Deception Software | THINKST_CANARY | JSON |
| ThreatConnect | IOC | THREATCONNECT_IOC | JSON |
| Thycotic | Identity and Access Management | THYCOTIC | SYSLOG + KV (CEF) |
| Trend Micro AV | AV / Endpoint | TRENDMICRO_AV | SYSLOG + KV, CEF |
| TrendMicro Web Proxy | Web Proxy | TRENDMICRO_WEBPROXY | SYSLOG + KV |
| Tripwire | DLP | TRIPWIRE_FIM | SYSLOG |
| Ubiquiti UniFi Switch | Switch | UBIQUITI_SWITCH | SYSLOG |
| Unbound DNS | DNS | UNBOUND_DNS | SYSLOG |
| Unifi AP | Switches and Routers | UNIFI_AP | SYSLOG + KV, SYSLOG + JSON |
| Unix system | OS | NIX_SYSTEM | SYSLOG |
| Uptycs EDR | Endpoint detection and response | UPTYCS_EDR | JSON |
| VanDyke SFTP | Data Transfer | VANDYKE_SFTP | JSON,SYSLOG |
| Varonis | Data Security / Insider Threat | VARONIS | SYSLOG + KV (CEF) |
| Vectra Detect | NDR | VECTRA_DETECT | SYSLOG + JSON |
| Vectra Stream | NDR | VECTRA_STREAM | SYSLOG + KV |
| VMware AirWatch | Wireless | AIRWATCH | SYSLOG + KV |
| VMware ESXi | Hypervisor | VMWARE_ESX | SYSLOG |
| VMware Horizon | VDI | VMWARE_HORIZON | SYSLOG |
| VMware NSX | Network and Security Virtualization | VMWARE_NSX | KV |
| VMware Tanzu Kubernetes Grid | IDS/IPS | VMWARE_TANZU | JSON |
| VMware vCenter | Server | VMWARE_VCENTER | SYSLOG + JSON |
| VMware vRealize Suite | Cloud | VMWARE_VREALIZE | SYSLOG |
| WatchGuard | Syslog and KV | WATCHGUARD | JSON |
| Wazuh | Log Aggregator | WAZUH | SYSLOG + JSON |
| Windows Applocker | Application Locker | WINDOWS_APPLOCKER | SYSLOG + KV |
| Windows Defender ATP | AV / Endpoint | WINDOWS_DEFENDER_ATP | SYSLOG + JSON, XML |
| Windows Defender AV | AV / Endpoint | WINDOWS_DEFENDER_AV | JSON, XML |
| Windows DHCP | DHCP | WINDOWS_DHCP | JSON, SYSLOG, CSV |
| Windows DNS | DNS | WINDOWS_DNS | JSON, XML, SYSLOG + KV |
| Windows Event | Endpoint | WINEVTLOG | JSON + KV |
| Windows Event (XML) | AV / Endpoint | WINEVTLOG_XML | SYSLOG + XML |
| Windows Firewall | Firewall | WINDOWS_FIREWALL | Space Separated Value |
| Windows Network Policy Server | Authentication | WINDOWS_NET_POLICY_SERVER | SYSLOG, JSON, SYSLOG + XML |
| Windows Sysmon | DNS | WINDOWS_SYSMON | JSON, XML |
| Workday | SaaS Application | WORKDAY | JSON |
| Workspace Activities | GCP Specific | WORKSPACE_ACTIVITY | JSON |
| Workspace Alerts | WORKSPACE_ALERTS | JSON | |
| Workspace ChromeOS Devices | GCP Specific | WORKSPACE_CHROMEOS | JSON |
| Workspace Groups | GCP Specific | WORKSPACE_GROUPS | JSON |
| Workspace Mobile Devices | GCP Specific | WORKSPACE_MOBILE | JSON |
| Workspace Privileges | GCP Specific | WORKSPACE_PRIVILEGES | JSON |
| Workspace Users | GCP Specific | WORKSPACE_USERS | JSON |
| Zeek JSON | Format Specific | BRO_JSON | SYSLOG + JSON |
| Zeek TSV | Format Specific | BRO_TSV | SYSLOG + TSV |
| Zscaler | Web Proxy | ZSCALER_WEBPROXY | SYSLOG + KV, CSV |
| ZScaler DNS | DNS | ZSCALER_DNS | SYSLOG + KV |
| ZScaler NGFW | Firewall | ZSCALER_FIREWALL | SYSLOG + KV (CEF), CSV |
| ZScaler VPN | VPN | ZSCALER_VPN | SYSLOG + CSV |
Comments
0 comments
Please sign in to leave a comment.