Vendor/Product |
Category |
Ingestion Label |
Format |
Absolute Mobile Device Management |
Mobile Device Management |
ABSOLUTE |
SYSLOG + KV (CEF) |
Acalvio |
Deception Software |
ACALVIO |
SYSLOG + KV |
Active Countermeasures |
Alert |
AI_HUNTER |
SYSLOG |
Akamai Cloud Monitor |
Load Balancer, Traffic Shaper, ADC |
AKAMAI_CLOUD_MONITOR |
JSON |
Akamai DNS |
DNS |
AKAMAI_DNS |
CSV |
Akamai WAF |
WAF |
AKAMAI_WAF |
SYSLOG |
AlgoSec Security Management |
Policy Management |
ALGOSEC |
SYSLOG + KV (CEF) |
AlphaSOC |
Alert |
ASOC_ALERT |
JSON |
Anomali |
IOC |
ANOMALI_IOC |
JSON, CEF |
Apache |
Web Server |
APACHE |
SYSLOG |
Apache Cassandra |
Web server |
CASSANDRA |
JSON |
Apache Hadoop |
open-source software |
HADOOP |
SYSLOG + KV |
Apache Tomcat |
Web server |
TOMCAT |
JSON |
Apple MacOS |
AV / Endpoint |
MACOS |
SYSLOG |
Aqua Security |
IaaS Applications |
AQUA_SECURITY |
JSON |
Archer Integrated Risk Management |
Risk Management Solution |
ARCHER_IRM |
SYSLOG |
Aruba |
Wireless |
ARUBA_WIRELESS |
SYSLOG |
Aruba Airwave |
Wireless |
ARUBA_AIRWAVE |
XML |
Aruba IPS |
IPS |
ARUBA_IPS |
JSON |
Atlassian Confluence |
Knowledge base |
ATLASSIAN_CONFLUENCE |
SYSLOG |
Atlassian Jira |
Ticketing Application |
ATLASSIAN_JIRA |
SYSLOG |
Automation Anywhere |
Automation Tools |
AUTOMATION_ANYWHERE |
SYSLOG + KV |
Avanan Email Security |
Email Server |
AVANAN_EMAIL |
JSON |
Avatier Password Management |
SaaS Application |
AVATIER |
SYSLOG + KV |
AWS CloudFront |
CDN |
AWS_CLOUDFRONT |
SYSLOG |
AWS Cloudtrail |
Cloud Log Aggregator |
AWS_CLOUDTRAIL |
JSON |
AWS CloudWatch |
Cloud service monitoring |
AWS_CLOUDWATCH |
JSON, GROK |
AWS Config |
AWS Specific |
AWS_CONFIG |
JSON |
AWS Elastic Load Balancer |
AWS Specific |
AWS_ELB |
SYSLOG |
AWS GuardDuty |
IDS/IPS |
GUARDDUTY |
JSON |
AWS Key Management Service |
AWS Specific |
AWS_KMS |
JSON |
AWS Security Hub |
IDS/IPS |
AWS_SECURITY_HUB |
JSON |
AWS VPC Flow |
AWS Specific |
AWS_VPC_FLOW |
SYSLOG |
Azure AD |
LDAP |
AZURE_AD |
JSON |
Azure AD Directory Audit |
Audit |
AZURE_AD_AUDIT |
JSON |
Azure AD Organizational Context |
LDAP |
AZURE_AD_CONTEXT |
JSON |
Azure Cosmos DB |
Database |
AZURE_COSMOS_DB |
JSON |
Azure DevOps Audit |
Automation and DevOps Tools |
AZURE_DEVOPS |
JSON |
Azure Firewall |
Azure Firewall Application Rule |
AZURE_FIREWALL |
JSON |
Azure SQL |
Database |
AZURE_SQL |
JSON |
Barracuda Email |
Email Server |
BARRACUDA_EMAIL |
JSON |
Barracuda Firewall |
Firewall |
BARRACUDA_FIREWALL |
SYSLOG |
BeyondTrust |
Privilege Account Activity |
BOMGAR |
SYSLOG |
BeyondTrust Secure Remote Access |
Remote Access Tools |
BEYONDTRUST_REMOTE_ACCESS |
SYSLOG + KV |
Big Switch BigCloudFabric |
Switches, Routers |
BIGSWITCH_BCF |
SYSLOG |
BIND |
DNS |
BIND_DNS |
SYSLOG |
Bitdefender |
AV / Endpoint |
BITDEFENDER |
CSV |
Blue Coat Proxy |
Web Proxy |
BLUECOAT_WEBPROXY |
SYSLOG + JSON, SYSLOG + KV |
Bluecat DDI |
DDI (DNS, DHCP, IPAM) |
BLUECAT_DDI |
SYSLOG |
Bluecat Edge DNS Resolver |
DNS |
BLUECAT_EDGE |
JSON,KV,SYSLOG |
Box |
Collaboration |
BOX |
JSON |
Brocade ServerIron ADX |
Load Balancer |
BROCADE_SERVERIRON |
SYSLOG |
CA Access Control |
Access Management |
CA_ACCESS_CONTROL |
JSON+SYSLOG, SYSLOG |
CA ACF2 |
Mainframe |
CA_ACF2 |
LEEF |
Carbon Black |
EDR |
CB_EDR |
JSON |
Carbon Black App Control |
Security log |
CB_APP_CONTROL |
CEF,JSON |
Cato Networks |
NDR |
CATO_NETWORKS |
JSON |
Centrify |
SSO |
CENTRIFY_SSO |
JSON |
Centripetal Networks IOC |
IOC |
CENTRIPETAL_IOC |
SYSLOG + KV |
Check Point |
Firewall |
CHECKPOINT_FIREWALL |
SYSLOG + KV , JSON |
Check Point Sandblast |
EDR |
CHECKPOINT_EDR |
SYSLOG + KV |
CIS Albert Alerts |
Alerts |
CIS_ALBERT_ALERT |
SYSLOG |
Cisco ACS |
Authentication |
CISCO_ACS |
SYSLOG + KV |
Cisco AMP |
AV / Endpoint |
CISCO_AMP |
JSON |
Cisco Application Control Engine |
Load Balancer, Traffic Shaper, ADC |
CISCO_ACE |
SYSLOG |
Cisco ASA |
Firewall |
CISCO_ASA_FIREWALL |
JSON, SYSLOG |
Cisco CloudLock |
CASB |
CISCO_CLOUDLOCK_CASB |
JSON |
Cisco CTS |
Telephone Software |
CISCO_CTS |
SYSLOG + KV |
Cisco DHCP |
DHCP |
CISCO_DHCP |
CSV + Syslog |
Cisco Email Security |
Email Server |
CISCO_EMAIL_SECURITY |
SYSLOG + KV |
Cisco Firepower NGFW |
Firewall |
CISCO_FIREPOWER_FIREWALL |
SYSLOG |
Cisco FireSIGHT Management Center |
SaaS Application |
CISCO_FIRESIGHT |
KV |
Cisco Internetwork Operating System |
Network Infrastructure |
CISCO_IOS |
SYSLOG |
Cisco ISE |
Identity and Access Management |
CISCO_ISE |
SYSLOG |
Cisco Meraki |
Wireless |
CISCO_MERAKI |
SYSLOG, JSON |
Cisco NX-OS |
OS |
CISCO_NX_OS |
SYSLOG |
Cisco Prime |
Network Management and Optimization |
CISCO_PRIME |
SYSLOG |
Cisco Router |
Switches, Routers |
CISCO_ROUTER |
SYSLOG |
Cisco Stealthwatch |
Log Aggregator |
CISCO_STEALTHWATCH |
JSON |
Cisco Switch |
Switches, Routers |
CISCO_SWITCH |
SYSLOG |
Cisco TACACS+ |
Authentication |
CISCO_TACACS |
SYSLOG + KV |
Cisco UCS |
OS logs |
CISCO_UCS |
SYSLOG |
Cisco Umbrella Cloud Firewall |
Firewall |
UMBRELLA_FIREWALL |
CSV |
Cisco Umbrella DNS |
DNS |
UMBRELLA_DNS |
CSV,JSON |
Cisco Umbrella IP |
Web Proxy |
UMBRELLA_IP |
SYSLOG |
Cisco Umbrella Web Proxy |
Web Proxy |
UMBRELLA_WEBPROXY |
CSV |
Cisco VPN |
VPN |
CISCO_VPN |
SYSLOG |
Cisco WLC/WCS |
Wireless |
CISCO_WIRELESS |
SYSLOG |
Citrix Netscaler |
Load Balancer, Traffic Shaper, ADC |
CITRIX_NETSCALER |
SYSLOG + KV |
Citrix Storefront |
Remote Access Tools |
CITRIX_STOREFRONT |
JSON |
ClamAV |
AV / Endpoint |
CLAM_AV |
JSON |
Cloud Passage |
SaaS Application |
CLOUD_PASSAGE |
JSON |
Cloudflare |
SaaS Application |
CLOUDFLARE |
JSON |
CloudGenix SD-WAN |
Switches, Routers |
CLOUDGENIX_SDWAN |
SYSLOG + KV |
Cloudian hyperstore |
Storage Solutions |
CLOUDIAN_HYPERSTORE |
SYSLOG |
CloudM |
Identity and Access Management |
CLOUDM |
JSON |
Cofense |
Email Server |
COFENSE_TRIAGE |
SYSLOG + KV (CEF) |
Comodo |
AV / Endpoint |
COMODO_AV |
SYSLOG + KV (CEF) |
Corelight |
NDR |
CORELIGHT |
JSON |
COVID-19 Cyber Threat Coalition |
IOC |
COVID_CTC_IOC |
Value Entry |
CrowdStrike Falcon |
EDR |
CS_EDR |
JSON |
CrowdStrike Falcon Stream |
Alerts |
CS_STREAM |
KV (LEEF) |
Crowdstrike IOC |
IOC |
CROWDSTRIKE_IOC |
JSON |
CSV Custom IOC |
IOC |
CSV_CUSTOM_IOC |
CSV |
Custom Security Data Analytics |
Log Aggregation |
CUSTOM_SECURITY_DATA_ANALYTICS |
JSON |
CyberArk |
Privilege Account Management |
CYBERARK |
KV (CEF) |
Cybereason EDR |
EDR |
CYBEREASON_EDR |
JSON |
Cylance Protect |
Alerts |
CYLANCE_PROTECT |
SYSLOG + KV |
D3 Banking |
BANKING |
D3_BANKING |
JSON |
Darktrace |
NDR |
DARKTRACE |
SYSLOG + KV (CEF) |
Dell EMC Data Domain |
Storage system |
DELL_EMC_DATA_DOMAIN |
SYSLOG + KV |
Dell EMC Isilon NAS |
Storage |
DELL_EMC_NAS |
SYSLOG |
Dell OpenManage |
Systems Management Application |
DELL_OPENMANAGE |
Syslog |
Department of Homeland Security |
Threat detection |
DHS_IOC |
xml |
Digital Guardian |
EDR |
DIGITALGUARDIAN_EDR |
KV |
Digital Shadows Indicators |
IOC |
DIGITAL_SHADOWS_IOC |
JSON |
Digital Shadows SearchLight |
Threat Intelligence |
DIGITAL_SHADOWS_SEARCHLIGHT |
JSON |
DMP |
Physcial Security |
DMP_ENTRE |
SYSLOG |
Duo Auth |
Authentication |
DUO_AUTH |
JSON |
Duo Entity context data |
Identity and Access Management |
DUO_CONTEXT |
JSON |
Duo User Context |
Identity and Access Management |
DUO_USER_CONTEXT |
JSON |
EfficientIP DDI |
Network |
EFFICIENTIP_DDI |
SYSLOG + KV |
Elastic Audit Beats |
ALERTING |
ELASTIC_AUDITBEAT |
JSON |
Elastic Packet Beats |
Log Aggregator |
ELASTIC_PACKETBEATS |
SYSLOG + JSON |
Elastic Windows Event Log Beats |
Log Aggregator |
ELASTIC_WINLOGBEAT |
SYSLOG + JSON |
Emerging Threats Pro |
IOC |
ET_PRO_IOC |
CSV |
EPIC Systems |
Discovery and Monitoring |
EPIC |
LEEF + KV |
ESET |
EDR |
ESET_EDR |
SYSLOG + JSON |
ESET Threat Intelligence |
IOC |
ESET_IOC |
JSON |
ExtraHop DNS |
DNS |
EXTRAHOP_DNS |
JSON |
ExtraHop RevealX |
Firewall IDS/IPS |
EXTRAHOP |
JSON,SYSLOG |
F5 ASM |
WAF |
F5_ASM |
SYSLOG |
F5 BIGIP LTM |
Load Balancer, Traffic Shaper, ADC |
F5_BIGIP_LTM |
SYSLOG |
F5 DNS |
DNS |
F5_DNS |
SYSLOG |
F5 Shape |
Security log |
F5_SHAPE |
JSON |
F5 VPN |
VPN |
F5_VPN |
SYSLOG |
Falco IDS |
IDS/IPS |
FALCO_IDS |
JSON |
Fastly WAF |
WAF |
FASTLY_WAF |
JSON |
Fidelis Network |
NDR |
FIDELIS_NETWORK |
SYSLOG + KV |
File Scanning Framework |
File scanning |
FILE_SCANNING_FRAMEWORK |
JSON |
FileZilla |
File transer |
FILEZILLA_FTP |
SYSLOG |
FireEye |
Alerts |
FIREEYE_ALERT |
SYSLOG + JSON |
Fireeye ETP |
Email Server |
FIREEYE_ETP |
JSON |
FireEye HX |
EDR |
FIREEYE_HX |
JSON |
FireEye NX |
NDR |
FIREEYE_NX |
JSON |
Forcepoint NGFW |
Network |
FORCEPOINT_FIREWALL |
JSON |
Forcepoint Proxy |
Web Proxy |
FORCEPOINT_WEBPROXY |
SYSLOG + KV (CEF), LEEF |
Forescout NAC |
NAC |
FORESCOUT_NAC |
SYSLOG |
ForgeRock OpenAM |
Identity and Access Management |
OPENAM |
CSV, SYSLOG + KV |
ForgeRock OpenDJ |
LDAP |
OPENDJ |
SYSLOG + KV |
Forseti Open Source |
GCP Specific |
FORSETI |
JSON |
FortiGate |
Firewall |
FORTINET_FIREWALL |
JSON, SYSLOG + KV |
Fortinet |
DHCP |
FORTINET_DHCP |
KV |
Fortinet FortiEDR |
EDR |
FORTINET_FORTIEDR |
SYSLOG + KV |
Fortinet FortiNAC |
NAC |
FORTINET_FORTINAC |
SYSLOG |
GCP Apigee |
GCP Specific |
GCP_APIGEE |
JSON |
GCP Cloud Identity Device Users |
GCP Specific |
GCP_CLOUDIDENTITY_DEVICEUSERS |
JSON |
GCP Cloud Identity Devices |
GCP Specific |
GCP_CLOUDIDENTITY_DEVICES |
JSON |
GCP Cloud IOT |
GCP Specific |
GCP_CLOUDIOT |
JSON |
GCP Cloud Run |
GCP Specific |
GCP_RUN |
JSON |
GCP Compute |
GCP Specific |
GCP_COMPUTE |
JSON |
GCP IDS |
IDS |
GCP_IDS |
JSON |
GCP Load Balancing |
Load Balancer |
GCP_LOADBALANCING |
JSON |
GCP VPC Flow |
GCP Specific |
GCP_VPC_FLOW |
JSON |
GitHub |
SaaS Application |
GITHUB |
JSON |
GMAIL Logs |
GCP Specific |
GMAIL_LOGS |
JSON |
GMV Checker ATM Security |
ATM Audit |
GMV_CHECKER |
SYSLOG |
Google Chrome Browser Cloud Management (CBCM) |
Alerts |
N/A |
JSON |
HCL BigFix |
Network Management and Optimization |
HCL_BIGFIX |
JSON |
Honeyd |
Deception Software |
HONEYD |
SYSLOG |
HP Aruba(Clearpass) |
Identity and Access Management |
CLEARPASS |
SYSLOG + KV |
HP Procurve Switch |
Switches |
HP_PROCURVE |
SYSLOG |
HPE ILO |
Server Management |
HPE_ILO |
SYSLOG |
IBM AS/400 |
Application System |
IBM_AS400 |
SYSLOG + KV |
IBM CICS |
Service Bus |
IBM_CICS |
LEEF |
IBM DataPower Gateway |
API Gateway |
IBM_DATAPOWER |
Message |
IBM DB2 |
Database |
DB2_DB |
LEEF |
IBM Guardium |
Database DLP |
GUARDIUM |
CSV, CEF |
IBM Informix |
DATABASE |
INFORMIX |
JSON + SYSLOG |
IBM Tivoli |
Monitoring |
IBM_TIVOLI |
JSON,SYSLOG |
IBM Websphere Application Server |
Web server |
IBM_WEBSPHERE_APP_SERVER |
JSON,SYSLOG |
IBM z/OS |
OS |
IBM_ZOS |
LEEF |
Imperva |
WAF |
IMPERVA_WAF |
SYSLOG + KV + JSON |
Imperva Database |
Cloud Application and Edge Security |
IMPERVA_DB |
SYSLOG |
Imperva SecureSphere Management |
Data Security / Insider Threat |
IMPERVA_SECURESPHERE |
SYSLOG + KV (CEF) |
Infoblox |
DHCP, DNS |
INFOBLOX |
SYSLOG |
Infoblox DHCP |
DHCP |
INFOBLOX_DHCP |
SYSLOG |
Infoblox DNS |
DNS |
INFOBLOX_DNS |
SYSLOG, CEF |
Ipswitch MOVEit Transfer |
Switches |
IPSWITCH_MOVEIT_TRANSFER |
SYSLOG |
Ipswitch SFTP |
Data Transfer |
IPSWITCH_SFTP |
SYSLOG, JSON |
ISC DHCP |
DHCP |
ISC_DHCP |
JSON + SYSLOG + KV |
JAMF CMDB |
Computer Inventory |
JAMF |
JSON |
JAMF Protect |
ENDPOINT SECURITY |
JAMF_PROTECT |
JSON |
Juniper |
Firewall |
JUNIPER_FIREWALL |
SYSLOG + KV |
Juniper IPS |
IDS/IPS |
JUNIPER_IPS |
SYSLOG + KV |
Juniper Junos |
Network Device |
JUNIPER_JUNOS |
SYSLOG + KV |
Juniper MX Router |
Routers and Switches |
JUNIPER_MX |
SYSLOG + KV |
Kaspersky AV |
AV / Endpoint |
KASPERSKY_AV |
KV + CEF |
Kea DHCP |
DHCP |
KEA_DHCP |
SYSLOG |
Kemp Load Balancer |
Load Balancer, Traffic Shaper, ADC |
KEMP_LOADBALANCER |
SYSLOG |
Kubernetes audit logs |
K8s cluster audit logs |
KUBERNETES_AUDIT |
JSON |
Kubernetes Node logs |
Cloud security |
KUBERNETES_NODE |
JSON |
Kyriba Treasury Management |
SaaS Application |
KYRIBA |
CSV |
Layer7 SiteMinder |
SSO |
SITEMINDER_SSO |
KV+JSON |
LimaCharlie |
EDR |
LIMACHARLIE_EDR |
JSON |
Linux Auditing System (AuditD) |
OS |
AUDITD |
SYSLOG |
Linux DHCP |
DHCP |
LINUX_DHCP |
SYSLOG |
Linux Sysmon |
DNS |
LINUX_SYSMON |
XML |
ManageEngine ADAudit Plus |
Active Directory Audit |
ADAUDIT_PLUS |
SYSLOG + KV (CEF) |
McAfee DLP |
DLP |
MCAFEE_DLP |
CSV |
McAfee Enterprise Security Manager |
Log Aggregator |
MCAFEE_ESM |
SYSLOG + JSON |
McAfee ePolicy Orchestrator |
Policy Management |
MCAFEE_EPO |
SYSLOG + XML, CSV |
McAfee IPS |
IDS/IPS |
MCAFEE_IPS |
SYSLOG |
McAfee MVISION CASB |
CLOUD SECURITY |
MCAFEE_MVISION_CASB |
KV |
McAfee Unified Cloud Edge |
SaaS Application |
MCAFEE_UCE |
JSON |
McAfee Web Gateway |
Web Proxy |
MCAFEE_WEBPROXY |
SYSLOG + KV (CEF), JSON |
McAfee Web Protection |
SaaS Application |
MCAFEE_WEB_PROTECTION |
JSON |
Medigate IoT |
IoT |
MEDIGATE_IOT |
SYSLOG + JSON |
Men and Mice DNS |
DNS |
MENANDMICE_DNS |
SYSLOG |
Microsoft AD |
LDAP |
WINDOWS_AD |
JSON |
Microsoft AD FS |
LDAP |
ADFS |
JSON |
Microsoft ATA |
IDS/IPS |
MICROSOFT_ATA |
SYSLOG + KV |
Microsoft Azure Activity |
Misc Windows Specific |
AZURE_ACTIVITY |
JSON |
Microsoft Azure NSG Flow |
Network Flow |
AZURE_NSG_FLOW |
JSON |
Microsoft Azure Resource |
Log Aggregator |
AZURE_RESOURCE_LOGS |
JSON |
Microsoft CASB |
CASB |
MICROSOFT_CASB |
SYSLOG + KV (CEF) |
Microsoft Defender for Endpoint |
EDR |
MICROSOFT_DEFENDER_ENDPOINT |
JSON |
Microsoft Defender for Identity |
EDR |
MICROSOFT_DEFENDER_IDENTITY |
JSON |
Microsoft Exchange |
Email Server |
EXCHANGE_MAIL |
SYSLOG |
View Change |
|
|
|
Microsoft Graph API Alerts |
Gateway to data and intelligence |
MICROSOFT_GRAPH_ALERT |
JSON |
Microsoft IIS |
Web Server |
IIS |
SYSLOG + KV |
Microsoft Intune |
Mobile Device Management |
AZURE_MDM_INTUNE |
JSON |
Microsoft Powershell |
Misc. Windows-specific |
POWERSHELL |
SYSLOG + JSON |
Microsoft SQL Server |
Database |
MICROSOFT_SQL |
SYSLOG + KV, JSON |
Mimecast |
Email Server |
MIMECAST_MAIL |
KV |
Mobileiron |
ENDPOINT MANAGEMENT |
MOBILEIRON |
JSON |
Mongo Database |
DATABASE |
MONGO_DB |
JSON |
MySQL |
Database |
MYSQL |
SYSLOG |
Nasuni File Services Platform |
Data Transfer |
NASUNI_FILE_SERVICES |
SYSLOG + JSON |
Netfilter IPtables |
Firewall |
NETFILTER_IPTABLES |
SYSLOG + KV |
Netskope |
Cloud Security |
NETSKOPE_ALERT |
JSON |
Netskope Web Proxy |
Web Proxy |
NETSKOPE_WEBPROXY |
SYSLOG |
NIMBLE OS |
OS |
NIMBLE_OS |
SYSLOG |
Nokia VitalQIP |
DDI (DNS, DHCP, IPAM) |
VITALQIP |
SYSLOG |
Nucleus Asset Metadata |
Nucleus Specific |
NUCLEUS_ASSET |
JSON |
Nucleus Unified Vulnerability Management |
Nucleus Specific |
NUCLEUS_VULNERABILITY |
JSON |
Nutanix Prism |
Firewall |
NUTANIX_PRISM |
JSON |
NXLog Manager |
Log Aggregator |
NXLOG_MANAGER |
SYSLOG |
Office 365 |
SaaS Application |
OFFICE_365 |
JSON |
Okta |
Identity and Access Management |
OKTA |
JSON |
Okta Access Gateway |
OKTA specific |
OKTA_ACCESS_GATEWAY |
JSON |
Okta User Context |
Identity and Access Management |
OKTA_USER_CONTEXT |
JSON |
OneLogin |
SSO |
ONELOGIN_SSO |
JSON |
OpenSSH |
Logging and Troubleshooting |
OPENSSH |
SYSLOG |
OpenVPN |
Network |
OPEN_VPN |
SYSLOG + KV |
Oracle |
DATABASE |
ORACLE_DB |
SYSLOG + KV |
Ordr IoT |
IoT |
ORDR_IOT |
SYSLOG + JSON |
OSSEC |
IDS/IPS |
OSSEC |
SYSLOG |
Palo Alto Cortex XDR |
NDR |
CORTEX_XDR |
JSON |
Palo Alto Networks Firewall |
Firewall |
PAN_FIREWALL |
SYSLOG + LEEF |
Palo Alto Networks Traps |
EDR |
PAN_EDR |
JSON |
Palo Alto Prisma Cloud |
SECURITY PLATFORM |
PAN_PRISMA_CLOUD |
JSON |
PAN Autofocus |
IOC |
PAN_IOC |
JSON |
Passive DNS |
DNS |
PASSIVE_DNS |
JSON |
pfSense |
FIREWALL |
PFSENSE |
SYSLOG |
Ping Identity |
Authentication |
PING |
JSON, SYSLOG + KV |
PostFix Mail |
Email Server |
POSTFIX_MAIL |
SYSLOG |
Preempt Alert |
Identity and Access Management |
PREEMPT |
SYSLOG + KV (CEF) |
View Change |
|
|
|
Preempt Auth |
Identity and Access Management |
PREEMPT_AUTH |
SYSLOG + JSON |
Proofpoint Email Filter |
Email Server |
PROOFPOINT_MAIL_FILTER |
KV |
Proofpoint Observeit |
Email Server |
OBSERVEIT |
JSON, KV |
Proofpoint On Demand |
Email Server |
PROOFPOINT_ON_DEMAND |
JSON |
Proofpoint Tap Alerts |
Email Server |
PROOFPOINT_MAIL |
JSON |
Pulse Secure |
VPN |
PULSE_SECURE_VPN |
SYSLOG |
Qualys VM |
Vulnerability Scanner |
QUALYS_VM |
KV |
Quest Active Directory |
Authentication log |
QUEST_AD |
CEF Syslog |
Radware Web Application Firewall |
Firewall |
RADWARE_FIREWALL |
SYSLOG |
Rapid7 |
Vunerability Scanner |
RAPID7_NEXPOSE |
JSON |
Rapid7 Insight |
Vunerability Scanner |
RAPID7_INSIGHT |
JSON |
Recorded Future |
IOC |
RECORDED_FUTURE_IOC |
JSON |
Red Canary |
EDR |
REDCANARY_EDR |
JSON |
Red Hat Directory Server LDAP |
Identity and Access Management |
REDHAT_DIRECTORY_SERVER |
JSON + SYSLOG + KV |
RH-ISAC |
IOC |
RH_ISAC_IOC |
JSON |
RSA |
Identity and Access Management |
RSA_AUTH_MANAGER |
CSV |
Rubrik |
Backup software |
RUBRIK |
SYSLOG |
SailPoint IAM |
Identity and Access Management |
SAILPOINT_IAM |
JSON |
Salesforce |
SaaS Application |
SALESFORCE |
KV (LEEF), CSV |
SecureAuth |
SSO |
SECUREAUTH_SSO |
SYSLOG, XML |
SecureLink |
Remote Access Tools |
SECURELINK |
SYSLOG |
Semperis DSP |
LDAP |
SEMPERIS_DSP |
SYSLOG |
Sendmail |
Email Server |
SENDMAIL |
SYSLOG + KV |
SentinelOne Deep Visibility |
EDR |
SENTINEL_DV |
JSON |
SentinelOne EDR |
EDR |
SENTINEL_EDR |
SYSLOG + JSON |
ServiceNow CMDB |
Policy Management |
SERVICENOW_CMDB |
JSON |
ServiceNow Security |
SaaS Application |
SERVICENOW_SECURITY |
JSON |
Shibboleth IDP |
Identity and Access Management |
SHIBBOLETH_IDP |
SYSLOG |
Signal Sciences WAF |
WAF |
SIGNAL_SCIENCES_WAF |
JSON |
Silverfort Authentication Platform |
Identity and Access Management |
SILVERFORT |
CEF Syslog |
Slack Audit |
Productivity |
SLACK_AUDIT |
JSON |
Snort |
IDS/IPS |
SNORT_IDS |
SYSLOG + JSON |
SonicWall |
Firewall |
SONIC_FIREWALL |
SYSLOG + KV |
Sophos AV |
AV / Endpoint |
SOPHOS_AV |
CSV, JSON |
Sophos Capsule8 |
Container Security |
SOPHOS_CAPSULE8 |
JSON |
Sophos DHCP |
DHCP |
SOPHOS_DHCP |
SYSLOG + KV |
Sophos Firewall (Next Gen) |
Firewall |
SOPHOS_FIREWALL |
KV |
Sophos UTM |
Unified Threat Management |
SOPHOS_UTM |
KV |
Sourcefire |
IDS/IPS |
SOURCEFIRE_IDS |
JSON |
Squid Web Proxy |
Web Proxy |
SQUID_WEBPROXY |
SYSLOG |
Static IP |
DHCP |
ASSET_STATIC_IP |
CSV |
Stealthbits Audit |
File system monitoring |
STEALTHBITS_AUDIT |
JSON |
Stealthbits Defend |
Security System for Active Directory and File Systems. |
STEALTHBITS_DEFEND |
SYSLOG + KV (LEEF) |
Strong Swan VPN |
VPN |
STRONGSWAN_VPN |
JSON |
Suricata EVE |
IPS IDS |
SURICATA_EVE |
JSON |
Suricata IDS |
IDS/IPS |
SURICATA_IDS |
JSON |
Symantec CloudSOC CASB |
CASB |
SYMANTEC_CASB |
SYSLOG+JSON |
Symantec DLP |
DLP |
SYMANTEC_DLP |
SYSLOG + KV (CEF), XML |
Symantec EDR |
EDR |
SYMANTEC_EDR |
JSON |
Symantec Endpoint Protection |
AV / Endpoint |
SEP |
SYSLOG |
Symantec Event export |
SEP |
SYMANTEC_EVENT_EXPORT |
JSON |
Symantec VIP Gateway |
Email Server |
SYMANTEC_VIP |
SYSLOG |
Symantec Web Isolation |
Secure Access Service Edge |
SYMANTEC_WEB_ISOLATION |
JSON |
Symantec Web Security Service |
Web Proxy |
SYMANTEC_WSS |
JSON |
Tanium Asset |
Tanium Specific |
TANIUM_ASSET |
JSON |
Tanium Audit |
SCAN NETWORK |
TANIUM_AUDIT |
JSON |
Tanium Comply |
Tanium Specific |
TANIUM_COMPLY |
JSON |
Tanium Discover |
Tanium Specific |
TANIUM_DISCOVER |
JSON |
Tanium Insight |
Tanium Specific |
TANIUM_INSIGHT |
SYSLOG + KV |
Tanium Patch |
Tanium Specific |
TANIUM_PATCH |
JSON |
Tanium Reveal |
Tanium Specific |
TANIUM_REVEAL |
JSON |
Tanium Stream |
Tanium Specific |
TANIUM_TH |
JSON |
Tanium Threat Response |
Tanium Specific |
TANIUM_THREAT_RESPONSE |
JSON |
TeamViewer |
Remote Support |
TEAMVIEWER |
JSON |
Tenable Security Center |
Vulnerability Scanner |
TENABLE_SC |
SYSLOG |
tenable.io |
Vunerability Scanner |
TENABLE_IO |
JSON |
Thales Digital Identity and Security |
Digital Identity & Security |
THALES_DIS |
SYSLOG |
Thales Luna Hardware Security Module |
THALES_LUNA_HSM specific |
THALES_LUNA_HSM |
JSON/GROK |
Thales MFA |
Authentication |
THALES_MFA |
SYSLOG + KV (CEF) |
Thales Vormetric |
Encryption |
VORMETRIC |
SYSLOG |
Thinkst Canary |
Deception Software |
THINKST_CANARY |
JSON |
ThreatConnect |
IOC |
THREATCONNECT_IOC |
JSON |
Thycotic |
Identity and Access Management |
THYCOTIC |
SYSLOG + KV (CEF) |
Trend Micro AV |
AV / Endpoint |
TRENDMICRO_AV |
SYSLOG + KV, CEF |
TrendMicro Web Proxy |
Web Proxy |
TRENDMICRO_WEBPROXY |
SYSLOG + KV |
Tripwire |
DLP |
TRIPWIRE_FIM |
SYSLOG |
Ubiquiti UniFi Switch |
Switch |
UBIQUITI_SWITCH |
SYSLOG |
Unbound DNS |
DNS |
UNBOUND_DNS |
SYSLOG |
Unifi AP |
Switches and Routers |
UNIFI_AP |
SYSLOG + KV, SYSLOG + JSON |
Unix system |
OS |
NIX_SYSTEM |
SYSLOG |
Uptycs EDR |
Endpoint detection and response |
UPTYCS_EDR |
JSON |
VanDyke SFTP |
Data Transfer |
VANDYKE_SFTP |
JSON,SYSLOG |
Varonis |
Data Security / Insider Threat |
VARONIS |
SYSLOG + KV (CEF) |
Vectra Detect |
NDR |
VECTRA_DETECT |
SYSLOG + JSON |
Vectra Stream |
NDR |
VECTRA_STREAM |
SYSLOG + KV |
VMware AirWatch |
Wireless |
AIRWATCH |
SYSLOG + KV |
VMware ESXi |
Hypervisor |
VMWARE_ESX |
SYSLOG |
VMware Horizon |
VDI |
VMWARE_HORIZON |
SYSLOG |
VMware NSX |
Network and Security Virtualization |
VMWARE_NSX |
KV |
VMware Tanzu Kubernetes Grid |
IDS/IPS |
VMWARE_TANZU |
JSON |
VMware vCenter |
Server |
VMWARE_VCENTER |
SYSLOG + JSON |
VMware vRealize Suite |
Cloud |
VMWARE_VREALIZE |
SYSLOG |
WatchGuard |
Syslog and KV |
WATCHGUARD |
JSON |
Wazuh |
Log Aggregator |
WAZUH |
SYSLOG + JSON |
Windows Applocker |
Application Locker |
WINDOWS_APPLOCKER |
SYSLOG + KV |
Windows Defender ATP |
AV / Endpoint |
WINDOWS_DEFENDER_ATP |
SYSLOG + JSON, XML |
Windows Defender AV |
AV / Endpoint |
WINDOWS_DEFENDER_AV |
JSON, XML |
Windows DHCP |
DHCP |
WINDOWS_DHCP |
JSON, SYSLOG, CSV |
Windows DNS |
DNS |
WINDOWS_DNS |
JSON, XML, SYSLOG + KV |
Windows Event |
Endpoint |
WINEVTLOG |
JSON + KV |
Windows Event (XML) |
AV / Endpoint |
WINEVTLOG_XML |
SYSLOG + XML |
Windows Firewall |
Firewall |
WINDOWS_FIREWALL |
Space Separated Value |
Windows Network Policy Server |
Authentication |
WINDOWS_NET_POLICY_SERVER |
SYSLOG, JSON, SYSLOG + XML |
Windows Sysmon |
DNS |
WINDOWS_SYSMON |
JSON, XML |
Workday |
SaaS Application |
WORKDAY |
JSON |
Workspace Activities |
GCP Specific |
WORKSPACE_ACTIVITY |
JSON |
Workspace Alerts |
|
WORKSPACE_ALERTS |
JSON |
Workspace ChromeOS Devices |
GCP Specific |
WORKSPACE_CHROMEOS |
JSON |
Workspace Groups |
GCP Specific |
WORKSPACE_GROUPS |
JSON |
Workspace Mobile Devices |
GCP Specific |
WORKSPACE_MOBILE |
JSON |
Workspace Privileges |
GCP Specific |
WORKSPACE_PRIVILEGES |
JSON |
Workspace Users |
GCP Specific |
WORKSPACE_USERS |
JSON |
Zeek JSON |
Format Specific |
BRO_JSON |
SYSLOG + JSON |
Zeek TSV |
Format Specific |
BRO_TSV |
SYSLOG + TSV |
Zscaler |
Web Proxy |
ZSCALER_WEBPROXY |
SYSLOG + KV, CSV |
ZScaler DNS |
DNS |
ZSCALER_DNS |
SYSLOG + KV |
ZScaler NGFW |
Firewall |
ZSCALER_FIREWALL |
SYSLOG + KV (CEF), CSV |
ZScaler VPN |
VPN |
ZSCALER_VPN |
SYSLOG + CSV |
Comments
0 comments
Please sign in to leave a comment.