on 2019-07-27 12:47 PM - edited 3 weeks ago by raj17
Vendor & Product | Event Type | Version | Parser Name | Collection Method | Device Class | Category | Resources |
---|---|---|---|---|---|---|---|
A10 Networks Thunder Series | SSL Decrypt | Implementation Guide Solution Brief |
|||||
Absolute Data and Device Security (DDS) | Absolute DDS Customer Center 5.26+, SIEM Connector 1.1 | absolutesiemconnectorpe | Syslog | Analysis | Log Collection | Implementation Guide | Source Package |
|
Acalvio ShadowPlex | 2017.07 | cef | Syslog | Advanced Threat Detection | Log Collection | Implementation Guide | |
Accurev | 6.0.1 | accurev | File | CMS | Log Collection | Implementation Guide | Source Package | |
Actiance Vantage | 12.2 | actiancevantage | ODBC | Analysis | Log Collection | Implementation Guide | |
ActivIdentity 4TRESS AAA Server | 6.4.1 | actividentity | ODBC | Access Control | Log Collection | Implementation Guide | |
AirMagnet Enterprise | 7.5, 8.5, 10.1 | airmagnetenterprise | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
AirTight Management Console | 7.0, 7.1 U4 | airtightmc | Syslog | Intrusion | Log Collection | Implementation Guide | |
AirTight Networks SpectraGuard Enterprise | 6.5, 6.6, 6.7 | atnspectraguardpe | Syslog | IPS | Log Collection | Implementation Guide Source Package |
|
Akamai Kona Site Defender | 1 | cef | Syslog | Application Firewall | Log Collection | Implementation Guide | |
Alcatel-Lucent OmniSwitch | 6600, 6850, 9700 | alcatelomniswitch | Syslog, SNMP | Switch | Log Collection | Implementation Guide | |
ALTOR (A Juniper Networks Company) Security Suite | 4.0 | altorpe | Syslog | Firewall | Log Collection | Implementation Guide Source Package |
|
Amazon AWS AppFabric | Audit Logs | N/A | appfabric | Plugin | Cloud | Log Collection | Implementation Guide |
Amazon AWS Detective | API v1.0 | cef | Plugin | Cloud | Log Collection | ||
Amazon AWS GuardDuty | All | cef | Plugin | Cloud | Log Collection | Implementation Guide Product Manager Blog |
|
Amazon AWS Security Hub | API v1.0 | aws_securityhub | Plugin | Cloud | Log Collection | Implementation Guide | |
Amazon AWS VPC Traffic Mirror | All | Network TAP | Implementation Guide | ||||
Amazon AWS Cloudwatch | API v1.0 | aws, aws_cloudtrail, aws_route53resolver, aws_windows | Plugin | Cloud | Log Collection | Implementation Guide | |
Amazon S3 Universal Connector |
Cloudtrail, VPC Flow Logs, AWS WAF Logs, AWS Directory Service, Windows Logs, CiscoUmbrella, Opswat MetaAccess Cloud, Jamf Protect, Application Load Balancer (ALB) access logs, cloudflarerbi, AppFabric, CloudFront access logs | API v1.0 | aws, aws_cloudtrail, cisco_umbrella, aws_windows, aws_waf, jamf, cloudflarerbi, appfabric | Plugin | Cloud | Log Collection | Implementation Guide |
Anomali Link | API v1.0 | Plugin | Cloud | Log Collection | Implementation Guide | ||
Anomali ThreatStream Intelligence Platform | Threat Intel | Implementation Guide | |||||
Anomali STAXX | Threat Intel | Implementation Guide | |||||
Apache HTTP Server | 2.x | apache | Syslog, File | Web Logs | Log Collection | Implementation Guide | Source Package | |
Apache Tomcat Server | 6.0, 7.0, 8.x | apachetomcat | Syslog, File | Web Logs | Log Collection | Implementation Guide | Source Package | |
APCON Inc. IntellaFlex Series 3000 | Network TAP | Implementation Guide | |||||
Apcon IntellaPatch Series 3000 Network Monitoring Switch | 4.34.2 | apconintellapatch | Syslog | Switch | Log Collection | Implementation Guide | |
Trustwave DbProtect (formerly Application Security; part of Singtel) | 6.0 | appsecdbprotect | ODBC | Database | Log Collection | Implementation Guide | |
Arbor Networks Peakflow SP5 | 5.X, 9.X | arborpeakflowsp | Syslog | IPS | Log Collection | Implementation Guide | |
Arbor Networks Peakflow X | 4.1 | arborpeakflow | Syslog | IPS | Log Collection | Implementation Guide | |
ArcSight ESM | Other | Implementation Guide & Source Package | |||||
Array Networks SPX Series Universal Access Controllers | 8.4.6 | arrayspxpe | Syslog | VPN | Log Collection | Implementation Guide Source Package |
|
Artifactory | 3.3.0.1 | artifactory | File | CMS | Log Collection | Implementation Guide | Source Package | |
Aruba Networks AirWave | 6.3.x, 6.4.x, 7.5.x | arubaairwave | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
Aruba Networks ClearPass Policy Manager | 5.2, 6.x | arubacppm | Syslog | Access Control | Log Collection | Implementation Guide | |
Aruba Networks Mobility Controller | ArubaOS 2.5.4.0, 3.4, 6.x, 8.10.0.7 | arubanetworks | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
Atlassian Stash | 2.12, 3.3.1, 3.5.1 | stash | File | CMS | Log Collection | Implementation Guide | Source Package | |
AttackIQ Platform | Dec 2020 | Analysis | Log Collection | Configuration Guide | |||
Attivo ThreatMatrix Platform | 4.x | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
Avecto Privilege Guard | 3.5 | avectopg | Windows | Access Control | Log Collection | Implementation Guide | |
Avocent IP KVM | Dell PowerEdge 2161DS-2 | avocentkvm | SNMP | Network | Log Collection | Implementation Guide | |
Barracuda Spam Firewall | 3.4, 3.5, 6.1.x, 8.x | barracudasf | Syslog | Antivirus | Log Collection | Implementation Guide | |
Barracuda Web Application Firewall | Firmware: 7.4.0, 7.8.0, 7.9.2, 8.x, 9.x | barracudawaf | Syslog | Application Firewall | Log Collection | Implementation Guide | |
Bayshore Networks SingleKey | 6.3 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
DenyAll WAF (formerly Bee Ware Web Application Firewall) | 5.x | beewarewaf | Syslog | Application Firewall | Log Collection | Implementation Guide | |
BeyondTrust Powerbroker Endpoint Protection (formerly eEye Blink Endpoint Protection) | 4.x | eeyeblink | SNMP | Intrusion | Log Collection | Implementation Guide | |
BeyondTrust Retina Network Security Scanner (formerly eEye Retina Network Security Scanner) | 5.1 | eeyeretina | Syslog, SNMP | IDS | Log Collection | Implementation Guide | |
BeyondTrust PowerBroker Servers | 7, 8 | beyondtrustpe | Syslog | Access Control | Log Collection | Implementation Guide | Source Package |
|
BigFix Enterprise Suite | 7.2 | bigfix | ODBC | Configuration Management | Log Collection | Implementation Guide | |
BigFix Enterprise Suite | Enterprise Suite | 7.2 | bigfix | JDBC/Logstash | Configuration Management | Log Collection | Implementation Guide |
Bind DNS |
|
Bind: 9.x, 11 RHEL: 3.x, 4.x, 5.x, 6.0, 7.0 Solaris: 8, 9, 10, 11.x |
rhlinux, solaris | Syslog | UNIX | Log Collection | Implementation Guide |
Bit9 Security Platform | 6.0.2, 7.0, 7.2 | bit9 | Syslog, ODBC | Application Firewall | Log Collection | Implementation Guide | |
Blackberry Ltd Enterprise Server | 5.x | blackberryes | File | Messaging | Log Collection | Implementation Guide | |
Blue Coat Systems Inc. Director (part of Broadcom Inc.) | 5.5.1.1, 5.5.2.3, 6.1.1.1 | bluecoatdirector | Syslog | Configuration Management | Log Collection | Implementation Guide | |
Blue Coat Systems Inc. ProxyAV (part of Broadcom Inc.) | 3.3.1.2, 3.5.1.1 | bluecoatproxyav | Syslog, SNMP | Antivirus | Log Collection | Implementation Guide | |
Blue Coat Systems Inc. ProxySG SGOS (part of Broadcom Inc.) | 4.x, 5.x, 6.x, 7.x | cacheflowelff | Syslog, File | Web Logs | Log Collection | Implementation Guide | |
Blue Coat Systems Inc. SSL Visibility Appliance (part of Broadcom Inc.) | SSL Decrypt | Implementation Guide | |||||
BlueCat | Adonis 7.0 | bluecat | Syslog | System | Log Collection | Implementation Guide | |
BluVector Cortex | 3.1 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
BMC Remedy IT Service Management | 7.6.04 | bmcremedyitsm | ODBC | Configuration Management | Log Collection | Implementation Guide | |
Brocade FastIron Switch | FGS624P- STK | brocadeswitch | Syslog | Switch | Log Collection | Implementation Guide | |
CA ACF2 (formerly IBM Mainframe ACF2) |
|
Versions : r14 and higher Supported Platforms : z/OS v1.9, v1.10, v1.11, v1.12, and v1.13 |
ibmacf2 | FIle | Mainframe | Log Collection | Implementation Guide | Source Package |
CA Integrated Threat Management | r8, r8.1 | caitm | SNMP | Antivirus | Log Collection | Implementation Guide | |
CA SiteMinder | r12 | casiteminder | File | Access Control | Log Collection | Implementation Guide | Source Package |
|
CA Top Secret | z/OS | ibmtopsecret | File | Mainframe | Log Collection | Implementation Guide | Source Package |
|
Carbon Black Cb Response | N/A | carbonblack | Syslog | System | Log Collection | Implementation Guide Source Package |
|
Check Point GAiA | R77.20 | rhlinux, checkpointfw | Syslog | UNIX | Log Collection | Implementation Guide | |
Check Point IPSO (formerly Nokia IPSO) | 3.6, 3.7, 3.8, 3.9, 6.2 | nokiaipso | Syslog | UNIX | Log Collection | Implementation Guide | |
Check Point Security Suite (IPS-1) | R76, R77.x, R80.x, R81.10 | checkpointfw1, cef | Check Point, Syslog | Firewall | Log Collection | Implementation Guide | |
Check Point SPLAT OS | R75, 77.10 | rhlinux | Syslog | UNIX | Log Collection | Implementation Guide | |
Cimcor CimTrak | 2.0.6.11 | cimcorcimtrakpe | Syslog | Intrusion | Log Collection | Implementation Guide Source Package |
|
Cisco 3300 Series Mobility Services Engine | 5.2.91.0, 6.0.97.0, 7.0.105.0 | ciscomse | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
Cisco Adaptive Security Appliance (ASA) | 7.x, 8.x, 9.x, 11.13 | ciscoasa | Syslog | Firewall | Log Collection | Implementation Guide | |
Cisco Aggregation Services Router | 3.3 | ciscorouter | Syslog | Router | Log Collection | Implementation Guide | |
Cisco Aironet AP (Wireless Access Point) | IOS 12.2 | ciscorouter | Syslog | Router | Log Collection | Implementation Guide | |
Cisco Application Control Engine | 4710 | ciscoace | Syslog | Application Delivery | Log Collection | Implementation Guide | |
Cisco ASA Security Services Module | 4.x. 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 7.1.1 | ciscoidsxml | SDEE | IDS | Log Collection | Implementation Guide | |
Cisco Catalyst Switch | Cisco Catalyst 6500, Cisco Catalyst 2960-CX | ciscorouter | Syslog | Router | Log Collection | Implementation Guide | |
Cisco Firewall Service Module | 4.1(5) | ciscoasa | Syslog | Firewall | Log Collection | Implementation Guide | |
Cisco Firepower System Event Streamer ( eStreamer) | Intrusion events, Discovery events, Correlation and allow list events, Impact flag alerts, User activity events, Malware events, File events
|
6.x, 7.x | cefe | Syslog | access control | Log Collection | Implementation Guide |
Cisco Identity Services Engine (ISE) | 1.0, 1.1, 1.3, 1.4, 2.x | ciscosecureacs | Syslog | Access Control | Log Collection | Implementation Guide | |
Cisco IOS | IOS 12.4, 15.x | ciscorouter | Syslog | Router | Log Collection | Implementation Guide | |
Cisco IronPort Email Security Appliance | 5.7.0, 7.1.3, 8.0.1, 8.5.x, 11.x | ciscoiportesa | File, Syslog | Application Firewall | Log Collection | Implementation Guide | |
Cisco IronPort Web Security Appliance (WSA) | 5.7.0, 6.3, 7.x, 8.x, 9.x, 10.x | ciscoiportwsa | File, Syslog | Web Logs | Log Collection | Implementation Guide | Source Package | |
CiscoWorks LAN Management Solution | 3.2, 4.0 | ciscolms | ODBC | Configuration Management | Log Collection | Implementation Guide | |
Cisco Advanced Malware Protection (AMP) for Endpoints | All | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
Cisco Meraki | MX60, GA 12.26 | ciscomeraki | Syslog | Configuration Management | Log Collection | Implementation Guide | |
Cisco Network Admission Control (NAC) | 4.7, 4.9 | cisconac | Syslog | Access Control | Log Collection | Implementation Guide | |
Cisco Nexus | 1000V, 5000V and 7000V | cisconxos | Syslog | Switch | Log Collection | Implementation Guide | |
Cisco Prime Infrastructure & Wireless Control System |
|
Prime Infrastructure: 1.1, 1.2, 2.0, 2.1 Wireless Control System: 7.0 |
ciscowcs | SNMP | Configuration Management | Log Collection | Implementation Guide |
Cisco Secure Access Control Server (ACS) |
|
Software only: 4.2 Appliance:5.x |
ciscosecureacs | Syslog | Access Control | Log Collection | Implementation Guide |
Cisco Secure Access Control Server (ACS) Express | 5 | ciscoacsxp | Syslog | Access Control | Log Collection | Implementation Guide | |
Cisco Secure IDS or IPS | 4.x, 5.0, 5.1, 6.0, 6.1, 6.2, 7.x; Signature Engines: E1, E2, E3, E4 | ciscoidsxml | SDEE | IDS | Log Collection | Implementation Guide | |
Cisco Security Agent | 4.0, 5.1, 6.0 | ciscosecagent | ODBC, SNMP | IDS | Log Collection | Implementation Guide | |
Cisco Sourcefire Defense Center / SNORT | 4.x, 5.x, 6.x | snort | Syslog | IDS | Log Collection | Implementation Guide | |
Cisco ThreatGRID | Threat Intel | Implementation Guide | |||||
Cisco Umbrella | Schema Version 5 | cisco_umbrella | Plugin | Cloud | Log Collection | Implementation Guide | |
Cisco Unified Computing System Manager | 1.0 (2d) | ciscoucs, cisconxos | Syslog | Configuration Management | Log Collection | Implementation Guide | |
Cisco Virtual Security Gateway | 4.2(1)VSG(1) | cisconxos | Syslog | Switch | Log Collection | Implementation Guide | |
Cisco Wireless LAN Controller (WLC) (2100 Series, 4400 Series, and 9800 Series) | 5.2.157.0, 6.0.188, 7.0.9, 8.0, 8.x, 17.03.03 | ciscowlc | Syslog, SNMP | Wireless Devices | Log Collection | Implementation Guide | |
CiscoWorks Common Services/Cisco Security Manager | 2.3, 3.0, 3.3, 4.0 | ciscoworks | File | Configuration Management | Log Collection | Implementation Guide | Source Package | |
Citrix Access Gateway | 4.5, 4.6, 5.0 | citrixag | Syslog, File | VPN | Log Collection | Implementation Guide | |
Citrix NetScaler | 9.1, 9.2, 9.3, 10.0, 10.1, 10.5, 11.x, 13.x, 14.x | citrixns | Syslog | Application Firewall | Log Collection | Implementation Guide | |
Citrix XenApp | 5 (for Windows Server 2003), 6, 6.5, 7.x | citrixxa | ODBC | Virtualization | Log Collection | Implementation Guide | |
Citrix XenMobile MDM (formerly Zenprise MobileManager) |
|
XenMobile Server 10.x Xenmobile MDM version 8.6 Zenprise MobileManager 6.6 |
zenprisemdm | Syslog, File | Configuration Management | Log Collection | Implementation Guide |
Claroty Platform | 2.0, 2.1 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
Clearswift SECURE Gateway Suite |
|
Web Gateway: 3.0 Email Gateway: 3.6 Exchange Gateway: 1.0 ICAP Gateway: 1.0 |
clearswiftpe | Syslog | Application Servers | Log Collection | Implementation Guide Source Package |
Cloudera Navigator | 4.8, 5.x | clouderanavigator | Syslog | Access Control | Log Collection | Implementation Guide | |
CloudLink SecureVSA | 3 | aforecloudlink | Syslog | Access Control | Log Collection | Implementation Guide | |
Cofense Intelligence (formerly PhishMe) | Threat Intel | Implementation Guide | |||||
CoreTrace Bouncer | 6.0.1 | coretracebouncerpe | Syslog | Application Firewall | Log Collection | Implementation Guide, Source Package |
|
CorreLog, Inc. SIEM Agent for IBM z/OS (part of BMC Software, Inc.) | 5.5.1 z/OS | cef | Syslog | Mainframe | Log Collection | Implementation Guide | |
CounterTack Event Horizon | 3.1,3.1.7 | countertackehpe | Syslog | Analysis | Log Collection | CounterTack Inc. Event Horizon - RSA NetWitness Parser Implementation Guide - NetWitness Community - 563634 | Source Package | |
Courion PasswordCourier | 5 | courionpc | File | Access Control | Log Collection | Implementation Guide I Source Package | |
cPacket Networks CVU Family | Network TAP | Implementation Guide | |||||
Crossbeam C-Series | 4.x, 5.x, 6.x | crossbeamc | Syslog | UNIX | Log Collection | Implementation Guide | |
CrowdStrike Falcon | N/A | crowdstrike | Syslog | Endpoint | Log Collection | ||
CryptoniteNXT | CEF | Log Collection | Implementation Guide | ||||
Cuckoo Sandbox | Other | Implementation Guide | |||||
Custom JDBC | Database audit logs | Any version of Oracle or ibmdb2 | Logstash | Database | Log Collection | Implementation Guide | |
CyberArk Account Security and Identity Management |
|
7.x, 8.x, 9.x, 10.x, 12.1 |
cyberark | Syslog | Access Control | Log Collection | |
CyberArk Privileged Threat Analytics | 2.6.3.1 | cef | Syslog | Access Control | Log Collection | Implementation Guide | |
Cyberoam UTM | 10.04.3 | cyberoamutm | Syslog | Firewall | Log Collection | Implementation Guide | |
CyberSponse CyOps | Orchestration & Automation | Implementation Guide | |||||
CyberX Platform 2.0 | 2.0 | cef | Syslog | ICS | Log Collection | Implementation Guide | |
Cylance Protect | 1.x | cylance | Syslog | Antivirus | Log Collection | Implementation Guide | |
Cymulate Integration |
Implementation Guide | ||||||
Cyware Integration | Implementation Guide | ||||||
Damballa Failsafe | 5.0.2, 6.2.0 | damballa | Syslog | Antivirus | Log Collection | Implementation Guide | |
DataSunrise Database Security Suite | 3.7 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
DeepInspect | 2.1 | deepinspect | Syslog | ICS | Log Collection | Implementation Guide | |
Dell iDRAC | DRAC 5, iDrac 6, iDRAC 9.x | delldrac | SNMP, Syslog | Access Control | Log Collection | Implementation Guide | |
Dell PowerConnect 5324 Switch | 1.0.0.47 | dellswitch | Syslog | Switch | Log Collection | Implementation Guide | |
Dell EMC Avamar | 4.1, 6.0, 7.0 | emcavamar | ODBC, Syslog | Storage | Log Collection | Implementation Guide | |
Dell EMC Celerra (also known as Dell EMC Control Station, Blades, DataMover, NSX) | 7.0, 7.1 | celerra | SNMP | Storage | Log Collection | Implementation Guide | |
Dell EMC Data Domain | 5.1.0.4 | emcdatadomain | Syslog | Storage | Log Collection | Implementation Guide | |
Dell EMC Data Protection Advisor | 5.6 | emcdpa | ODBC | Analysis | Log Collection | Implementation Guide | |
Dell EMC Greenplum Database | 4 | greenplum | FIle | Database | Log Collection | Implementation Guide | |
Dell EMC Greenplum HD | 1.2 | greenplumhd | File | Storage | Log Collection | Implementation Guide | |
Dell EMC Ionix Unified Infrastructure Manager | 1.0, 2.1, 3.0, 3.1 | emcionixuim | Syslog, File, ODBC | Configuration Management | Log Collection | Implementation Guide | |
Dell EMC Isilon | 6.5.3.32, 6.5.5.7.x, 8.x | emcisilon | File, Syslog | Storage | Log Collection | Implementation Guide | |
Dell EMC NetWorker | 7.6 SP2 | emcnetworker | File | Storage | Log Collection | Implementation Guide | |
Dell EMC Secure Remote Support (ESRS) | 2 | esrs | Syslog | Access Control | Log Collection | Implementation Guide | |
Dell EMC Symmetrix Solutions Enabler | 6.4, 6.5.3, 7.0, 7.1, 7.3.0.1, 7.6.1 | symmetrix | Syslog, File | Storage | Log Collection | Implementation Guide | |
Dell EMC VNX (formerly Clariion Navisphere) | Navisphere 6.28 and Unisphere 1.1 | clariion | SNMP | Storage | Log Collection | Implementation Guide | |
Dell EMC Voyence | 4.0.1 | voyence | SNMP | Access Control | Log Collection | Implementation Guide | |
Dell EMC VPLEX | all | emcvplex | File | Storage | Log Collection | Implementation Guide | |
Demisto Enterprise | Orchestration & Automation | Implementation Guide | |||||
DFLabs IncMan | 4.5+ | Orchestration & Automation | Implementation Guide | ||||
Digital Guardian | 6.1 | Syslog | DLP | Log Collection | Implementation Guide | Source Package |
||
Dropbox | dropbox events | API v2.0 | cef | Plugin | Cloud | Log Collection | Implementation Guide Product Manager Blog |
EclecticIQ Threat Intelligence Platform | Threat Intel | Implementation Guide | |||||
EMC Fabric OS | 6.1, 6.2 | fabricos | Syslog | Switch | Log Collection | Implementation Guide | |
Endgame | 2.5.4 | cef | Syslog | System | Log Collection | Implementation Guide | |
Enforcive Enterprise Security (part of Precisely) | 7.x | cef | Syslog | Access Control | Log Collection | Implementation Guide |
|
Extreme Networks Dragon IPS (formerly Enterasys Dragon) | 5.x, 6.x, 7.2, 7.4 | dragonids | SNMP | IDS | Log Collection | Implementation Guide | |
Extreme Networks Switch (formerly Enterasys Switch | S-Series | enterasysswitch | Syslog | Switch | Log Collection | Implementation Guide | |
Enterprise IT-Security SF-NoEvasion | 7.1 | enterpriseitsfne | Syslog | Mainframe | Log Collection | Implementation Guide | |
Entrust Identity Guard | 10.1 | entrustig | Syslog | Access Control | Log Collection | Implementation Guide | |
ESET Remote Administrator | 4.0, 5.0 | eseterape | ODBC | Antivirus | Log Collection | Implementation Guide Source Package |
|
Evidian Authentication Manager | 9.x, 10.x | evidian | ODBC | Access Control | Log Collection | Implementation Guide | |
Exabeam Advanced Analytics | 3.0 | exabeampe | Syslog | Analysis | Log Collection | Implementation Guide | |
F-Secure | 5.x | fsecureav, cef | Syslog, Windows | Antivirus | Log Collection | Implementation Guide | |
F5 BIG-IP Access Policy Manager | 10.2.0, 11.4 HF4, 11.5.2 HF1, 15.x | bigipapm | Syslog | Access Control | Log Collection | Implementation Guide | |
F5 BIG-IP Advanced Firewall Manager | 11.5 | bigipafm | Syslog | Firewall | Log Collection | Implementation Guide | |
F5 BIG-IP Application Security Manager | 10.2.0, 11.2, 11.5.x, 11.6,13.x, 14.x | bigipasm | Syslog | Application Firewall | Log Collection | Implementation Guide | |
F5 BIG-IP Local Traffic Manager | 9.4, 10.2.0, 11.x, 12.x, 13.x, 14.x, 15.x | bigip | Syslog | Switch | Log Collection | Implementation Guide | |
F5 Firepass SSL VPN | 5.5-20051019, 7.0.1 | firepass | Syslog | VPN | Log Collection | Implementation Guide | |
F5 SSL Orchestrator | SSL Decrypt | Implementation Guide | |||||
FairWarning Privacy Monitoring | 2.9.2, 4.x | fairwarningpm | File | Analysis | Log Collection | Implementation Guide | |
FireEye Web Malware Protection System | 6.x, 7.x, 8.x, 9.x | fireeyewebmps | Syslog | Malware | Log Collection | Implementation Guide | |
FireEye Endpoint Security (FireEye HX) | 5.1.x | fireeyehx | Logstash | IPS | Log Collection | Implementation Guide | |
FluentD | 1.15.1 | Log Collection | |||||
Forcepoint DLP (formerly Websense Data Security) | 7.x, 8.x | websenseds | Syslog | DLP | Log Collection | Implementation Guide | |
Forcepoint Email Security) | 8.x | cef | Syslog | Antivirus | Log Collection | Implementation Guide | |
Forcepoint Web Security (formerly Websense Web Security) | 5.5, 6.3, 7.0, 7.1, 7.5, 7.6, 7.7, 7.8.1, 7.8.4, 8.x | websense | SNMP, ODBC (7.5, 7.6, 7.7), (Syslog for 7.7 and later) | Web Logs | Log Collection | Implementation Guide | |
ForeScout CounterACT | 6.3.4.0, 7.x, 8.x | forescoutcounteract | Syslog | Access Control | Log Collection | Implementation Guide | |
Fortinet FortiAnalyzer | 5.x, 6.x, 7.x | fortinetmgr | Syslog | Firewall | Log Collection | Implementation Guide | |
Fortinet Forticlient Endpoint Security | 4.x | forticlientendpoint | Syslog | Firewall | Log Collection | Implementation Guide | |
Fortinet FortiGate | 2.8, 3.0, 4.0 MR1, 4.0 MR2, 5.x, 6.x, 7.4.4 | fortinet | Syslog | Firewall | Log Collection | Implementation Guide | |
Fortinet FortiMail | 4.0, 5.2, 6.x | fortinetfortimail | Syslog | Application Firewall | Log Collection | Implementation Guide | |
Fortinet Manager | 5.x, 6.x, 7.x | fortinetmgr | Syslog | Firewall | Log Collection | Implementation Guide | |
Fox Technologies Server Control | 6.5, 6.6 | foxtpe | Syslog | Access Control | Log Collection | Implementation Guide Source Package |
|
Free BSD | 5.x | hpux | Syslog | UNIX | Log Collection | Implementation Guide | |
General Electric (GE) Centricity Enterprise Archive | 4 | gecea | ODBC | Document | Log Collection | Implementation Guide | |
General Electric (GE) Centricity PACS-IW | 3.7.3 | gepacs | ODBC | Document | Log Collection | Implementation Guide | |
Gigamon GigaSECURE | Network TAP | Implementation Guide | |||||
Gigamon GigaSECURE OpenStack | Network TAP | Implementation Guide | |||||
Gigamon GigaVUE FM Series | Network TAP | Deployment Guide | |||||
Gigamon SSL Solution | SSL Decrypt | Implementation Guide | |||||
Git | 1.7.6 | git | File | CMS | Log Collection | Implementation Guide | |
GitHub Enterprise | 2.8.x | git | Syslog | CMS | Log Collection | Implementation Guide | |
GlobalSCAPE Enhanced File Transfer (EFT) Server | all versions up to 6.3.8 | gseftserver | File | Web Logs | Log Collection | Implementation Guide | |
Google Cloud Platform (GCP) | API v1.0 | cef/gcp | Plugin | Cloud | Log Collection | Implementation Guide | |
Google Workspace (Formerly Google G Suite) | API v1.0 | googlesuite | Plugin | Cloud | Log Collection | Implementation Guide | |
Gurucul Risk Analytics | Other | Implementation Guide | |||||
HelpSystems PowerTech Interact | 3 | powertechpe | Syslog | Analysis | Log Collection | Implementation Guide Source Package |
|
Hewlett Packard Integrity NonStop Server | All NonStop OS releases supported by HP | hpnonstopserver | Syslog | Analysis | Log Collection | Implementation Guide | |
Hewlett Packard OpenVMS | all | openvms | File | Midrange | Log Collection | Implementation Guide | |
Hewlett Packard ProCurve Switch | series 2600, 2800, 5300, 7510 | hpprocurvesw | Syslog | Switch | Log Collection | Implementation Guide | |
Hewlett Packard UNIX | 11.X, C2 v11.X | hpux | Syslog | UNIX | Log Collection | Implementation Guide | |
Hitachi ID Privileged Access Manager / Password Manager | 7.1.x, 7.2.x, 7.3.x | hitachiidmsuitepe | ODBC | Access Control | Log Collection | Implementation Guide | Source Package | |
Huawei VRP | 5.x, 6.x, 8.x | huaweivrp | Syslog | Router | Log Collection | Implementation Guide | |
HyTrust CloudControl (formerly HyTrust Appliance) |
|
Appliance: 2.0.10264, 2.5.1, 3.0.2, 3.6 CloudControl: 4.0 |
hytrust | Syslog | Access Control | Log Collection | Implementation Guide |
IBM AIX | 5L (Security and Authentication messages only), 6.1, 7.x | aix | Syslog | UNIX | Log Collection | Implementation Guide | |
IBM DB2 Universal Database | 7, 8, 8.1, 9.1, 9.5, 9.7, 10.x, 11.5.6 (File Collection for AIX) | ibmdb2 | File, ODBC | Database | Log Collection | Implementation Guide | |
IBM DB2 | Database Audit Logs | 7, 8, 8.1, 9.1, 9.5, 9.7, 10.x | Logstash | Database | Log Collection | Implementation Guide | |
IBM Domino | 8.5, 9.x | lotusdomino | SNMP | Mail Servers | Log Collection | Implementation Guide | |
IBM Guardium SQL Guard | 7, 8.0.2, 9.5.x | guardium | Syslog | Firewall | Log Collection | Implementation Guide | |
IBM iSeries AS400 | V6.1.x, V7.1, V7.2 | iseries | File | Midrange | Log Collection | Implementation Guide | Source Package | |
IBM ISS SiteProtector | 2.0 SP6.1, SP7.0, SP8.0, SP8.1, SP9.0 | iss | ODBC | IDS | Log Collection | Implementation Guide | |
IBM Mainframe DB2 for z/OS | Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, v2.1 and v2.2 | ibmdb2 | File | Database | Log Collection | Implementation Guide | Source Package | |
IBM Mainframe ICSF | Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 | ibmicsf | File | Mainframe | Log Collection | Implementation Guide | |
IBM Mainframe IDMS | Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 | ibmidms | File | Mainframe | Log Collection | Implementation Guide | |
IBM Mainframe IMS | Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 | ibmims | File | Mainframe | Log Collection | Implementation Guide | |
IBM Mainframe IPSec | Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 | ibmmainframeipsec | File | Mainframe | Log Collection | Implementation Guide | |
IBM Mainframe RACF | Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, v2.1 and v2.2 | ibmracf | File | Mainframe | Log Collection | Implementation Guide | |
IBM Mainframe Syslog and Hardcopy Log Facility | Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, 2.x | ibmmfzossyslog | File | Mainframe | Log Collection | Implementation Guide | |
IBM Qradar | N/A | Other | Implementation Guide | ||||
IBM Tivoli Access Manager ESSO | 8.0.1 | ibmtamesso | ODBC | Access Control | Log Collection | Implementation Guide | |
IBM Tivoli Access Manager WebSEAL | 6.0, 7.x, 9.x | ibmtamws | File, Syslog | Access Control | Log Collection | Implementation Guide | |
IBM Tivoli Identity Manager | 5.1 | ibmtim | ODBC | Access Control | Log Collection | Implementation Guide | |
IBM WebSphere | 6.0.0.1, 7.0.0.9, 8.0, 8.5 | ibmwebsphere | File | Application Servers | Log Collection | Implementation Guide | |
IBM WebSphere DataPower | 3.8.1, 7.x | ibmwebspheredp | Syslog | System | Log Collection | Implementation Guide | |
IBM MQ (formerly branded as WebSphere MQ) | 7.0.1 | ibmwebspheremq | File | Messaging | Log Collection | Implementation Guide | |
Imperva CounterBreach | 11.5 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
Imperva SecureSphere |
6, 7, 8, 8.5, 9.0, 9.5,10.0, 14.12.1.10 |
impervawaf | Syslog | Application Firewall | Log Collection | Implementation Guide | |
Tenable.ot powered by Indegy | 3.x | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
Infoblox NIOS | 5.1, 6.4.5, 8.x | infobloxnios | Syslog | System | Log Collection | Implementation Guide | |
Interface Masters Niagara 2299 | Network TAP | Implementation Guide | |||||
Interface Masters Niagara 4272 | Network TAP | Implementation Guide | |||||
Intersect Alliance Snare for Linux | 3.7 and later | linux_snare | Syslog | UNIX | Log Collection | Implementation Guide | |
Invincea Threat Data Server | 2.6 | invincea | Syslog | Antivirus | Log Collection | Implementation Guide | |
IPFIX |
NetFlow v10 | ipfix | Logstash | Switch | Log Collection | Implementation Guide | |
Ixia CloudLens (part of Keysight) | Network TAP | Implementation Guide, Deployment Guide (NW 10.6.x) |
|||||
Ixia Vision ONE (part of Keysight) | Network TAP | Implementation Guide | |||||
Ixia Phantom vTap (part of Keysight) | Network TAP | Implementation Guide | |||||
Jamf Protect | Alerts, Audit, Computer List | API v1.0 | jamf | Plugin | Cloud | Log Collection | Implementation Guide |
J4Care Healthcare Connector | N/A | j4carehcc | Syslog | Document | Log Collection | Implementation Guide | |
JBoss Application Server |
Application Server: 4.2, 5.0, 7.0
Enterprise Application Platform (EAP) : 4.3, 5.1, 6.4, and 7.1 on Windows |
jboss | File, Syslog | Application Servers | Log Collection | Implementation Guide | |
Jenkins | 1.58, 1.8.x, 2.x | jenkins | Syslog | Application Servers | Log Collection | Implementation Guide | |
Juniper Networks Intrusion Detection and Prevention (IDP) | 3.0, 3.1, 3.2, 4.0, 4.1, 5.0 | netscreenidp | Syslog, File | IDP | Log Collection | Implementation Guide | |
Juniper Networks JUNOS | 6.1, JUNOS 9.4, 9.6, 10.0, 10.3, 10.4, 11.1, 11.2, 11.4, 12.1, 17.x | junosrouter | Syslog | Router | Log Collection | Implementation Guide | |
Juniper Networks NetScreen Firewall | 5.1, 5.3, 5.4, 6.x | netscreen | Syslog | Firewall | Log Collection | Implementation Guide | |
Juniper Networks NetScreen ScreenOS | 5.1, 5.3, 5.4, 6.x | netscreen | Syslog | Firewall | Log Collection | Implementation Guide | |
Juniper Networks NetScreen-Security Manager | 2006, 2007, 2010, 2011, 2012 | nsm | Syslog, File | Configuration Management | Log Collection | Implementation Guide | |
Juniper Networks Unified Access Control | 2.2, 3.1, 4.5 | juniperic | Syslog | Access Control | Log Collection | Implementation Guide | |
Juniper Networks Wireless LAN Controller | 7.6.1 | juniperwlc | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
Juniper Steel-Belted Radius | 5.4, 6.x | junipersbr | File | Access Control | Log Collection | Implementation Guide | |
Kaspersky Anti-Virus | Kaspersky Security Center 9.0, 10.x,11.x, 14.0 Kaspersky Administration Kit 8.0 Kaspersky Anti-Virus for Microsoft ISA Server 2004 Enterprise Edition and 2006 Enterprise Edition | kasperskyav | ODBC, File | Antivirus | Log Collection | Implementation Guide | |
Kaspersky CyberTrace (formerly Threat Feed Service) | Threat Intel | Implementation Guide | |||||
Kaspersky Threat Intelligence Portal | Threat Intel | Implementation Guide | |||||
Kernel Based Virtual Machine (KVM) | 2.6.32-220 | kvm | File | Virtualization | Log Collection | Implementation Guide | |
Kubernetes | 1.18 | kubernetes | Logstash | Configuration Management | Log Collection | Implementation Guide | |
Lancope StealthWatch | 5.5, 5.6, 5.9, 5.10, 6.0 | stealthwatch | Syslog | IDS | Log Collection | Implementation Guide | |
LANDesk Management Suite | 9.0 Service Pack 2, 9.5 | landesk | ODBC | Configuration Management | Log Collection | Implementation Guide | |
Lieberman Enterprise Random Password Manager (ERPM) | 4.83.6 | liebsofterpmpe | Syslog | Application Servers | Log Collection | Implementation Guide Source Package |
|
Linux (CentOS) | 6 | rhlinux | Syslog | UNIX | Log Collection | Implementation Guide | |
Linux (Debian GNU) | 3.1, 4.0 | rhlinux | Syslog | UNIX | Log Collection | Implementation Guide | |
Linux (Novell SuSE) | 9, 10, 10.2, 11, 12.x, 15 | rhlinux | Syslog | UNIX | Log Collection | Implementation Guide | |
Linux (Red Hat/RHEL) | 3.x, 4.x, 5.x, 6.0, 7.x | rhlinux | Syslog | UNIX | Log Collection | Implementation Guide | |
LogRhythm Platform | Other | Implementation Guide | |||||
Lumension Endpoint Management and Security Suite | 7 | lumensionemss | ODBC | Configuration Management | Log Collection | Implementation Guide | |
M86 Secure Web Gateway (part of Trustwave) | 10.1, 10.2 | m86swgpe | Syslog | Application Firewall | Log Collection | Implementation Guide Source Package |
|
ManageEngine Netflow Analyzer | 8.0, 9.5 | manageenginenetflow | ODBC | Analysis | Log Collection | Implementation Guide | |
MapR Converged Data Platform (part of Hewlett Packard Enterprise) | Other | Implementation Guide | |||||
McAfee Data Loss Prevention Endpoint | 2.2, 3.0, 9.0, 9.1, 9.2, 9.3, 9.4.x, 10.x | mcafeedlp | ODBC | DLP | Log Collection | Implementation Guide | |
McAfee Data Loss Prevention Endpoint | 2.2, 3.0, 9.0, 9.1, 9.2, 9.3, 9.4.x, 10.x | mcafeedlp | JDBC/Logstash | DLP | Log Collection | Implementation Guide | |
McAfee Database Security | 4.2, 5.x | mcafeeds | Syslog | Application Firewall | Log Collection | Implementation Guide | |
McAfee Email Gateway (formerly CipherTrust IronMail) | 5.5, 7.x | ironmail, cef | Syslog, SNMP | Antivirus | Log Collection | Implementation Guide | |
McAfee Endpoint Encryption | 5.2.2. 5.2.12 | mcafeeendpoint | File | Access Control | Log Collection | Implementation Guide | |
McAfee Endpoint Security | 10.x | epolicy | ODBC | Antivirus | Log Collection | Implementation Guide | |
McAfee Endpoint Security | 10.x | epolicy | JDBC/Logstash | Antivirus | Log Collection | Implementation Guide | |
Trellix ePolicy Orchestrator (formerly McAfee ePolicy Orchestrator) | 3.5, 3.6.0, 3.6.1, 4.0, 4.5, 4.6, 5.x | epolicy | ODBC, Syslog | Antivirus | Log Collection | Implementation Guide | |
Trellix ePolicy Orchestrator | ePolicy Orchestrator | 7.2 | epolicy | JDBC/ Logstash | Security | Log Collection | Implementation Guide |
McAfee Firewall Enterprise | 6.1.1.x, 6.1.2.x, 7.0.0.x, 8.0, 8.x | sidewinder | Syslog | Firewall | Log Collection | Implementation Guide | |
McAfee Host Intrusion Prevention (aka Entercept) | 6.0.1 supported on McAfee ePolicy Orchestrator 3.6.0, 3.6.1 7.0, 8.0 supported on McAfee ePolicy Orchestrator 4.0 | entercept | ODBC | IDS | Log Collection | Implementation Guide | |
McAfee Integrity Control | 5.0.2, 5.1.0, 6.x | mcafeeic | ODBC | Configuration Management | Log Collection | Implementation Guide | |
McAfee Network Access Control | 3.1.1 | mcafeenac | ODBC | Access Control | Log Collection | Implementation Guide | |
McAfee Network Data Loss Prevention (Reconnex) | 8.6, 9.x | mcafeereconnex | ODBC, Syslog | DLP | Log Collection | Implementation Guide | |
McAfee Network Security Platform | 2.1, 3.1, 4.1, 5.1, 6.1, 7.1, 8.x, 9.x | intrushield | Syslog, ODBC (for version 5.1) | IDS | Log Collection | Implementation Guide | |
McAfee Policy Auditor | 5.2, 6.01, 6.2 | mcafeepa | ODBC & Logstash | Configuration Management | Log Collection | Implementation Guide | |
McAfee Security for Microsoft Exchange | 8.x | mcafeesecurity | ODBC | Antivirus | Log Collection | Implementation Guide | |
McAfee VirusScan Enterprise | 8.x | mcafeevirusscan | ODBC & Logstash | Antivirus | Log Collection | Implementation Guide | |
McAfee Vulnerability Manager | 5.0, 6.5.1, 6.8, 7.0, 7.5 | mcafeefoundscan | ODBC & Logstash | IDS | Log Collection | Implementation Guide | |
Skyhigh Web Gateway (previously known as McAfee Web Gateway) | 6.8.5, 7.x, 8.x, 11.2.16 | mcafeewg | File, Syslog | Web Logs | Log Collection | Implementation Guide | |
McKesson Horizon Patient Folder | 15 | mckessonhpf | ODBC & Logstash | Document | Log Collection | Implementation Guide | |
Microdasys XML Security Gateway | 1.1.0 | microdasys_xsg | File | Application Firewall | Log Collection | Implementation Guide | |
Microsoft Audit Collection Services | 2007 SP1 | msacs | ODBC & Logstash | Windows Hosts | Log Collection | Implementation Guide | |
Microsoft Azure via Azure Audit |
All | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
Microsoft Azure Log Analytics Workspace |
Azure Kubernetes, Azure DevOps (audit logs) |
All | azure_loganalytics | Plugin | Cloud | Log Collection | Implementation Guide |
Microsoft Azure Graph API | API v1.0 | azure | Plugin | Cloud | Log Collection | Implementation Guide | |
Microsoft Azure NSG | All | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
Microsoft Azure Monitor | API v1.0 | cef, azure | Plugin | Cloud | Log Collection | Implementation Guide | |
Microsoft DHCP Server | 2000, 2003, 2008, 2012, 2019 | msdhcp | File | Application Servers | Log Collection | Implementation Guide | Source Package | |
Microsoft Exchange Server | 2003, 2007, 2010, 2013, 2016, 2019 | msexchange | File, Windows | Mail Servers | Log Collection | Implementation Guide | |
Microsoft Forefront Endpoint Protection | Forefront Client Security 1.1, 1.5 Forefront Endpoint Protection 2010 System Center 2012 Endpoint Protection | msforefrontcs | Windows, ODBC & Logstash (for Forefront Client Security only) | Antivirus | Log Collection | Implementation Guide | |
Microsoft Forefront Threat Management Gateway | Beta, ISA 2006, TMG 2010 | msisa | File, ODBC | Firewall | Log Collection | Implementation Guide | |
Microsoft Forefront Unified Access Gateway | 2010 | msfuag | Syslog, ODBC | VPN | Log Collection | Implementation Guide | |
Microsoft Internet Information Services (IIS) | 5.x, 6.x, 7.x, 8.x, 10.x | microsoftiis | File | Web Logs | Log Collection | Implementation Guide | |
Microsoft Internet Security and Acceleration (ISA) Server | 2000, 2004, 2006 | msisa | File, Windows | Web Logs | Log Collection | Implementation Guide | |
Microsoft Network Access Protection | 1.1 | msnap | ODBC & Logstash | Access Control | Log Collection | Implementation Guide | |
Microsoft Network Policy Server (NPS) | 3.2, 4.0 | msias | File, Windows | Access Control | Log Collection | Implementation Guide | |
Microsoft Office 365 | API v1.0 | msoffice365/cef | Plugin | Cloud | Log Collection | Implementation Guide Product Manager Blog |
|
Microsoft SharePoint Server | 2007, 2010, 2013, 2016 | mssharepoint | Windows | Storage | Log Collection | Implementation Guide | |
Microsoft SQL Server | 2000, 2005, 2008, 2012, 2014, 2016, 2019, 2022 and MS SQL Express | mssql | File, Windows | Database | Log Collection | ||
Microsoft System Center Configuration Manager | 2007, 2012 | mssccm | Windows | Configuration Management | Log Collection | Implementation Guide | |
Microsoft System Center Operations Manager | 2005, 2007, 2012, 2012 R2 | mom | Windows | Configuration Management | Log Collection | Implementation Guide | |
Microsoft Team Foundation Server (TFS) | Microsoft TFS 2018 | mstfs | ODBC & Logstash | CMS | Log Collection | Implementation Guide | |
Microsoft URL Scan | 3.x | msurlscan | File | Web Logs | Log Collection | Implementation Guide | |
Microsoft Windows (Legacy) | Microsoft Windows Server versions 2003 and earlier | winevent_nic | Windows Legacy | Windows Hosts | Log Collection | Implementation Guide | |
Microsoft Windows (via WinRM) | Server 2008, 2008 R2, 2012, 2012 R2 Data Center Edition, 2016, 2019 | Windows 7, 8 and 10 | winevent_nic | Windows | Windows Hosts | Log Collection | Implementation Guide | |
Microsoft Windows (via Adiscon Event Reporter, Intersect Alliance SNARE) | NT | 2000 | XP | 2003 | Vista Business, Ultimate and Enterprise | Server 2008, 2008 Enterprise with Hyper-V | Server 2008 R2 Standard, Enterprise, and Datacenter | Web Server 2008 R2 | Windows 7 Professional, Ultimate, and Enterprise | Server 2012 | Server 2016 | Server 2019 | Windows 8 and 10 | winevent_er, winevent_snare | Syslog | Windows Hosts | Log Collection | Implementation Guide | |
Microsoft Windows (via NetWitness Endpoint) | Windows 7, 8, 8.1, 10 | Windows Server 2008, 2012, 2016, 2019 | windows | Syslog (via Agent) | Windows Hosts | Log Collection | Implementation Guide | |
Microsoft Windows DNS | 2008, 2012, 2016, 2019 | winevent_snare, winevent_er, winevent_nic | Syslog, File | Windows Hosts | Log Collection | Implementation Guide | |
Microsoft Windows Server Update Service | 3.0 SP 2 | mswsus | ODBC & Logstash | Configuration Management | Log Collection | Implementation Guide | |
Morphisec Endpoint Threat Prevention | 2.7 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
Motorola AirDefense Enterprise Console | 7.2, 7.3, 8.1, 9.0 | airdefense | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
nCircle Configuration Compliance Manager | 5.1 | ncircleccm | Syslog | Configuration Management | Log Collection | Implementation Guide | |
NetApp Data ONTAP | 6.x, 7.0-7.3.1.1, 8.x, 9.x | netapp | Syslog, Windows Legacy | Storage | Log Collection | Implementation Guide | |
NETASQ Unified Manager | 8.1.3, 9.0.2, 9.0.3.2 | netasqutm | Syslog | Firewall | Log Collection | Implementation Guide | |
NetClarity NACwall | 8.0.6 | netclaritype | Syslog | Access Control | Log Collection | Implementation Guide Source Package |
|
Netflow | 5, 9 | cef, rsaflow | Netflow | Analysis | Log Collection | Implementation Guide | |
Netskope | API v2 | json | Plugin | Cloud | Log Collection | Implementation Guide | |
Network Critical SmartNAx Series | Network TAP | Implementation Guide | |||||
NFDump | netflow v5, v7, v9NFDump v1.5.7, 1.6.x | nfdump | File | System | Log Collection | Implementation Guide | Source Package | |
NFR NIDS | 3.x, 4.x, 5.x | nfrnids | Syslog | IDS | Log Collection | Implementation Guide | |
Nginx |
1,22 | nginx | Logstash | Web Logs | Log Collection | Implementation Guide | |
Nominum Vantio (part of Akamai) | 5.2 | nominumvantiope | Syslog | Application Servers | Log Collection | Implementation Guide Source Package |
|
Novell eDirectory | 8.8 for Windows and Linux | edirectory | SNMP | Router | Log Collection | Implementation Guide | |
Nozomi Networks | Alert Events | N/A | nozomi | Syslog | Cloud | Log Collection | Implementation Guide |
NXLog | Enterprise Edition | cef | Syslog | Access Control | Log Collection | Implementation Guide | |
Proofpoint ObserveIT User Activity Monitoring | 7.1.0 | cef | Syslog | Access Control | Log Collection | Implementation Guide | |
Okta Workforce Identity Cloud | N/A | okta | Plugin | Cloud | Log Collection | Implementation Guide | |
OpenText Documentum (formerly EMC Documentum) |
6.5, 6.7, 7.0, 7.1 | emcdocumentum | ODBC | Database | Log Collection | Implementation Guide | |
OPSWAT MetaAccess Cloud | admin, device, webhook, device_report | 3.2 | opswat | Plugin | Cloud | Log Collection | Implementation Guide |
OPSWAT MetaDefender | 3.10 | REST | Endpoint | Log Collection | Implementation Guide | ||
Oracle Access Manager | 10.1.4.0.3,11g R2 | oracleam | File,ODBC (for v11g R2) | Access Control | Log Collection | Implementation Guide | |
Oracle Audit Vault | 10.3, 12.x, 20.3 | oracleav | ODBC & Logstash | Database | Log Collection | Implementation Guide | |
Oracle Database | 8i, 9i, 10g, 11g, 11.2g, 12c (Mixed mode auditing and Unified auditing on Windows), 18c (Unified auditing on Unix and Windows), 19c (Unified auditing on Unix and Windows). | oracle | Syslog, ODBC, File, Logstash | Database | Log Collection | Implementation Guide | |
Oracle Database (JDBC) | Database Audit Logs | Oracle 11.xg, Oracle 12c, 18c, 19c (Unified auditing on Unix and Windows) | Logstash | Database | Log collection | Implementation guide | |
Oracle Database Vault | 10g R2 | oracledv | ODBC, Logstash | Access Control | Log Collection | Implementation Guide | |
Oracle Directory Server / Sun ONE | 11.1.1.7.1 | sunoneldap | File | Access Control | Log Collection | Implementation Guide | |
Oracle Identity Manager | 9.1 | oracleim | ODBC, Logstash | Access Control | Log Collection | Implementation Guide | |
Oracle Internet Directory | 10.x | oracleid | ODBC, Logstash | Access Control | Log Collection | Implementation Guide | |
Oracle iPlanet Web Server | 6.1, 7.0 | oracleiplanetweb | File | Web Logs | Log Collection | Implementation Guide | |
Oracle MySQL Enterprise | 5.x | mysql | SNMP | Database | Log Collection | Implementation Guide | |
Oracle Solaris (formerly Sun Solaris) | 8, 9, 10, 11.x | solaris | Syslog | UNIX | Log Collection | Implementation Guide | |
Oracle Solaris Basic Security Model (BSM) | 8, 9, 10, 11 | solarisbsm | Syslog, File | UNIX | Log Collection | Implementation Guide | |
Oracle WebLogic Server | 10.0, 10.3, 10.3.2, 10.3.5, 10.3.6, 12.x | oracleweblogic | File | Application Servers | Log Collection | Implementation Guide | |
Palo Alto Enterprise Firewall | PAN OS versions 3.0, 4.0.7, 5.0, 6.0, 6.1, 6.1.x, 7.0, 7.1, 8.x, 9.x, 10.x | paloaltonetworks, cef | Syslog | Firewall | Log Collection | Implementation Guide | |
Palo Alto Enterprise Firewall | SSL Decrypt | Implementation Guide | |||||
Palo Alto Panorama Management Server | 4.1.0, 5.1.4, 7.1, 8.x | paloaltonetworks | Syslog | Firewall | Log Collection | Implementation Guide | |
Palo Alto Prisma Access | Common, Endpoint, Network Logs | 2.1 Schema | paloaltonetworks | Syslog | Cloud | Log Collection | Implementation Guide |
Palo Alto Prisma Cloud |
21.x | prismacloud_audit | Syslog | Cloud | Log Collection | Implementation Guide | |
PAS Global ICS | 5.5 | pasics | File | ICS | Log Collection | Implementation Guide Source Package |
|
Picus | APIv1.0 | Implementation Guide | |||||
Splunk Phantom RSA NetWitness Logs & Network App | Orchestration & Automation | Implementation Guide | |||||
Splunk Phantom RSA Security Analytics App | Orchestration & Automation | Implementation Guide | |||||
Pivotal HD | Other | Implementation Guide | |||||
PostgreSQL | 8.4,9.x,15.x | postgresql | Syslog | Database | Log Collection | Implementation Guide | |
Progress WhatsUp Gold | 14.2 | whatsupgold | ODBC | Configuration Management | Log Collection | Implementation Guide | |
Preempt Security Behavioral Firewall | 2.2 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
Proofpoint Email Security | 6.3, 7.2, 7.5, 8.x | proofpoint | Syslog | Application Firewall | Log Collection | Implementation Guide | |
Proofpoint Targeted Attack Protection | API v1.0 | proofpoint | Plugin | Cloud | Log Collection | Implementation Guide | |
Pulse Connect Secure (formerly Juniper SSL VPN) | 5.4, 5.5, 6.0, 6.2 R2, 6.5 R2, 7.0 R2, 7.1 R5, 7.2 R1, 8.0, 8.0 R7.1, 8.x, and 9.x | junipervpn | Syslog | VPN | Log Collection | Implementation Guide | |
Qualys Vulnerability Management | API V2.0 | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
Radiator Radius Server | 4.x | radiator | File | Access Control | Log Collection | Implementation Guide | |
Radiflow iSID | N/A | cef | Syslog | ICS | Log Collection | Implementation Guide | |
Radware AppWall | 5.6 | radwarepe | Syslog | Application Firewall | Log Collection | Implementation Guide Source Package |
|
Radware DDoS | Alerts | API v1.0 | radware_ddos | Plugin | Cloud | Log Collection | Implementation Guide |
Radware DefensePro | 5.01.02, 6.05, 8.x | radwaredp | Syslog, SNMP | IPS | Log Collection | Implementation Guide | |
Rapid7 NeXpose | 4.8, 5.0, 5.2, 5.10, 6.x | nexpose | File | Vulnerability | Log Collection | Implementation Guide | Source Implementation | |
Raz-Lee iSecurity for IBM iSeries | 11.4 | cef | Syslog | Application Firewall | Log Collection | Implementation Guide | |
Recorded Future Cyber Threat Intelligence | Threat Intel | Implementation Guide | Integration Guide | |||||
Riverbed Cascade Profiler (formerly known as mazu Profiler) | 5.5.2, 6.0, 7.0, 9.5.1 | mazuprofiler | SNMP | IPS | Log Collection | Implementation Guide | |
Riverbed Steelhead | 7.0.2, 9.x | riverbedsteelhead | Syslog, SNMP | Router | Log Collection | Implementation Guide | |
RSA Access Manager | 6.0, 6.2 on Solaris, Windows, and Linux | rsaaccessmgr | File | Access Control | Log Collection | Implementation Guide | |
RSA Adaptive Authentication (Hosted) | 8.8, 8.9, 9.0, 9.1 | rsaaah | File | Access Control | Log Collection | Implementation Guide | |
RSA Adaptive Authentication (OnPrem) | 6.0.2.1 | rsaaaop | Syslog | Access Control | Log Collection | Implementation Guide | |
RSA Archer Suite | 5.1, 5.5.1, 6.x | rsaarcher | ODBC | Application Servers | Log Collection | Implementation Guide | |
RSA Certificate Manager | 6.8 | rsacm | File | Access Control | Log Collection | Implementation Guide | Source Package | |
RSA Data Loss Prevention Suite | 7.0.0, 8.0, 8.0 SP1, 8.5, 8.8, 9.x | rsadlp | Syslog | DLP | Log Collection | Implementation Guide | |
RSA Data Protection Manager (formerly RSA Key Manager) | 2.1.3, 2.5, 2.7, 3.1 | rsakeymanager | Syslog | Access Control | Log Collection | Implementation Guide | |
RSA Federated Identity Manager | 4.1 | rsafim | File | Access Control | Log Collection | Implementation Guide | |
RSA Identity Governance & Lifecycle | 6.5.1, 6.9 | rsaaveksa | ODBC | Access Control | Log Collection | Implementation Guide | |
RSA NetWitness Endpoint (formerly ECAT) | 3.4, 4.x | rsaecat | Syslog | Antivirus | Log Collection | Implementation Guide | |
RSA NetWitness Platform (formerly RSA NetWitness Suite) | 10.5, 10.6 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
RSA NetWitness Platform Malware Analysis | 1.0.5.0 | netwitnessspectrum, cef | Syslog | Antivirus | Log Collection | Implementation Guide | |
RSA SecurID Access Authentication Mgr | 8.x | rsaacesrv | Syslog | Access Control | Log Collection | Implementation Guide | |
RSA SecurID Access Identity Router (formerly Via Access) | All latest versions | rsaviaaccess | Syslog | Access Control | Log Collection | Implementation Guide | |
RSA SecurID Access Cloud Authentication Service | All latest versions | cef (v11.4.x), rsasecuridaccess (v11.5 and beyond) | Plugin | Access Control | Log Collection | Implementation Guide | |
RSA Web Threat Detection (formerly Silver Tail System Forensics and Mitigator) |
|
Forensics 1.x, 2.x, and 3.x Mitigator 1.x, 2.x and 3.x Web Threat Detection 4.6, 5.0, 5.0.2 |
silvertailforensics | Syslog | Analysis | Log Collection | Implementation Guide |
SafeBreach | N/A | N/A | N/A | N/A | Log Collection | Implementation Guide | |
Safend Protector | 3.x | safendprotector | Syslog | Configuration Management | Log Collection | Implementation Guide | |
SafeNet Hardware Security Module | 6.2.0, 8.x | safenethsm | Syslog | Access Control | Log Collection | Implementation Guide | |
Safestone DetectIT | 14.3 | detectit | Syslog | Analysis | Log Collection | Implementation Guide | |
Salesforce | API v1.0 | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
SAP ERP Central Component | 4.6 through 7.x | sap | File | Application Servers | Log Collection | Implementation Guide | Source Package | |
Secdo Platform | Other | Implementation Guide | |||||
SECUDE Halocore | Halocore v3.8/ BI Launchpad 4.1 minimum SP2 | cef | Syslog | Document | Log Collection | Implementation Guide | |
SECUDE Security Intelligence | 1 | secudesi | File | Analysis | Log Collection | Implementation Guide | |
Securaa | APIv1.0 | Implementation Guide | |||||
Securonix SNYPR | 6.0 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
Sendmail |
|
Sendmail : 8.x Solaris: 8, 9, 10, 11.x Red Hat Enterprise Linux : 3.x, 4.x, 5.x, 6.0, 7.0 |
rhlinux, solaris | Syslog | UNIX | Log Collection | Implementation Guide |
Senrio Insight | 1.0 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
Sentryo ICS CyberVision (part of Cisco Systems) | 2.0.3 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
ServiceNow ITSM | Other | Implementation Guide | |||||
Siemplify ThreatNexus | 2.5 | Orchestration & Automation | Implementation Guide | ||||
Silver Peak WAN | 5.1.1.0 | silverpeakwan | Syslog | Router | Log Collection | Implementation Guide | |
SkyFormation | 2.2.4 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
SkyHigh Networks Enterprise Connector | 3.3.3 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
Slack | Other | Implementation Guide | |||||
Solarwinds IPAM | 4.x | solarwindsipam | Syslog | Configuration Management | Log Collection | Implementation Guide | |
Soltra Edge | Threat Intel | Implementation Guide | |||||
SonicWALL Firewall | SonicOS 5.8 and SonicOS Enhanced 6.x | sonicwall | Syslog | Firewall | Log Collection | Implementation Guide | |
SonicWall E-Class SRA / Aventail SSL VPN | 8.8, 9.0, 10.x | aventail | Syslog, File | VPN | Log Collection | Implementation Guide | |
SonicWALL Email Security | 7.2 | sonicwallemail | Syslog | VPN | Log Collection | Implementation Guide | |
SonicWALL Global Management System | 6 | sonicwallgms | ODBC | Configuration Management | Log Collection | Implementation Guide | |
Sophos Enterprise Console | 3.0, 4.5, 4.7, 5.x | sophos | ODBC,SNMP | Antivirus | Log Collection | Implementation Guide | |
Sophos UTM (formerly Astaro SG) | 9.x, 17.x | astarosg | Syslog | Firewall | Log Collection | Implementation Guide | Solution Data Sheet | |
Splunk | Other | Implementation Guide | |||||
Squid | 2.5.9, 2.7, 3.x | squid | File | Web Logs | Log Collection | Implementation Guide | |
SSH Communications Security CryptoAuditor | SSL Decrypt | Implementation Guide | |||||
STEALTHbits StealthINTERCEPT | 3.3 | stealthinterceptpe | Syslog | Access Control | Log Collection | Implementation Guide Source Package |
|
Stonesoft StoneGate Management Center (part of Forcepoint LLC.) | 5.3 | stonesoftsgpe | Syslog | Firewall | Log Collection | Implementation Guide Source Package |
|
Swimlane | Orchestration & Automation | Implementation Guide | |||||
Sybase ASE | Audit Logs | 15.x | sybasease | ODBC | Database | Log Collection | Implementation Guide |
Symantec Brightmail (part of Broadcom Inc.) | 9.5.3 | symantecbrightmail | Syslog | Application Firewall | Log Collection | Implementation Guide | |
Symantec Critical Systems Protection (part of Broadcom Inc.) | 5.2.4, 5.2.8, 5.2.9 | symanteccsp | ODBC, SNMP | IPS | Log Collection | Implementation Guide | |
Symantec Data Center Security | All Events : CSPEVENT_VW | 6.9 | symantecdcs | ODBC | Security.IDS | Log Collection | Implementation Guide |
Symantec Data Center Security | All Events : CSPEVENT_VW | 6.9 | symantecdcs | JDBC/Logstash | Security IDS | Log Collection | Implementation Guide |
Symantec DeepSight Intelligence (part of Broadcom Inc.) | Threat Intel | Implementation Guide | |||||
Symantec DLP (part of Broadcom Inc.) | 10.5.1, 11, 12.x, 14.x, 15.x | symantecdlp | Syslog | DLP | Log Collection | Implementation Guide | |
Symantec Endpoint Protection (part of Broadcom Inc.) | 9.0, 10.0, 10.1, 10.2, 11, 11.0.5, 11.0.6, 12, 14, 15 (Syslog only) | symantecav | Sylog, ODBC, SNMP | Antivirus | Log Collection | Implementation Guide | |
Symantec Endpoint Security Events |
14.3.x | symantec_endpointsecurity | Plugin | Host.Cloud | Log Collection | Implementation Guide | |
Symantec Endpoint Security Incidents | 14.3.x | symantec_endpointsecurity | Plugin | Host.Cloud | Log Collection | Implementation Guide | |
Symantec Web Security Services (part of Broadcom Inc.) | API v1.0 | symantec_wss | Plugin | Host.Cloud | Log Collection | Implementation Guide | |
Symantec Zero Trust Network Access (ZTNA) |
v2 | symantecztna | Plugin | Host.Cloud | Log Collection | Implementation Guide | |
Syncurity IR Flow | Orchestration & Automation | Implementation Guide | |||||
Tenable Nessus | NessusClient 1.0.2 Nessus 3.0.6, 4.0.1, 4.2, 4.4, 5.0, 7.x, 8.x | nessusvs | File | Vulnerability | Log Collection | ||
ThreatConnect Threat Intelligence Platform | Threat Intel | Implementation Guide | |||||
ThreatQuotient Threat Intelligence Platform | Threat Intel | Implementation Guide | |||||
Trend Micro Deep Security | 7.0, 7.5, 8.0, 9.x,10.x, 11.x, 12.x, 20.0.x | trendmicrods, cef | Syslog | Application Firewall | Log Collection | Implementation Guide | |
Trend Micro Deep Security Agent | 7.0, 7.5, 9.x, 10.x | trendmicrodsa | Syslog | Application Firewall | Log Collection | Implementation Guide | |
Trend Micro Deep Discovery Analyser | 6.x | cef | Syslog | Advanced Threat Detection | Log Collection | Implementation Guide | |
Trend Micro InterScan Messaging Security Suite | 7.1, 9.1 | trendmicroimss | File, SNMP (for 7.1)Syslog (for 9.1) | Application Firewall | Log Collection | Implementation Guide | |
Trend Micro InterScan Web Security | 3.1, 5.6, 6.x | trendmicroiwss | File,ODBC (3.1 only), Syslog (5.6, 6.x) | Web Logs | Log Collection | Implementation Guide | |
Trend Micro OfficeScan / Control Manager | 7.0, 8.0, 10.0, 10.5, 10.6, 11.x | trendmicro | Syslog, SNMP | Antivirus | Log Collection | Implementation Guide | |
Trend Micro OSSEC | 2.5.1, 2.6 | trendmicroossec | Syslog | Intrusion | Log Collection | Implementation Guide | |
Trend Micro TippingPoint (formerly HP TippingPoint) | 2.x, 3 . x, 4.x, 5.x | tippingpoint | Syslog | IDS | Log Collection | Implementation Guide | |
Trend Micro ScanMail | ScanMail 8.0 Service Pack 1, 10.2, 14.x | trendmicroscanmail, cef | SNMP | Application Firewall | Log Collection | Implementation Guide | |
Trend Micro Server Protect | 5.8 | trendmicrosp | SNMP | Antivirus | Log Collection | Implementation Guide | |
Tripwire Enterprise | 5.4, 5.5, 7.x, 8.x | tripwire | Syslog,File | Configuration Management | Log Collection | Implementation Guide | |
Tufin SecureTrack | 12.2, 20.1 | tufinsecuretrack | Syslog | Configuration Management | Log Collection | Implementation Guide | |
UnboundID Identity Data Store | 4.5.1.1 | unboundidids | Syslog | Access Control | Log Collection | Implementation Guide | |
Universal REST API | o365 message trace, proofpoint SIEM, sailpointiiq | API v1.0 | o365_trace, proofpoint, sailpointiiq | Plugin | Cloud | Log Collection | Implementation Guide |
Varonis DatAdvantage | 5.5, 5.9, (6.x for Syslog only) | varonisprobe | ODBC for 5.5Syslog for 5.9 | Access Control | Log Collection | Implementation Guide | |
FireEye Mandiant Security Validation (formerly Verodin) | Other | Implementation Guide | |||||
VMware Unified Access Gateway (UAG) | 2209 | vmwareuag | Syslog | Access Control | Log Collection | Implementation Guide | |
VMware AppDefense | API v1.0 | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
VMware Workspace ONE UEM | 1904 & above | vmwareworkspaceone | Syslog | Configuration Management | Log Collection | Implementation Guide | |
VMware ESX / ESXi |
ESX: 3.0.3, 3.5, 4.0, 4.1ESXi: 3.5, 4.0, 4.1, 5.0, 5.1, 5.5, 6.x, 7.0 U2 Embedded ESXi: 3.5, 4.0 |
vmware_esx_esxi | Plugin | Virtualization | Log Collection | Implementation Guide | |
VMware NSX | 6.x | vmware_nsx | Syslog | Virtualization | Log Collection | Implementation Guide | |
VMware Orchestrator | 5.5 | vmware_vco | ODBC | Virtualization | Log Collection | Implementation Guide | |
VMware vCenter Server | VirtualCenter Server: 2.0.2, 2.5vCenter Server: 4.1, 5.0, 5.1, 5.5, 6.x | vmware_vc | Plugin | Virtualization | Log Collection | Implementation Guide | |
VMware vCloud Director | 1 | vmware_vcloud | Syslog | Configuration Management | Log Collection | Implementation Guide | |
VMware View | 3.1, 4.0, 4.5, 4.6, 5.0, 5.1, 5.2, 5.3, 6.0, 7.x | vmware_view | File, ODBC, Syslog | Virtualization | Log Collection | Implementation Guide | |
VMware vRealize Automation | 6.0.1, 6.2 | vmware_vcac | ODBC | Virtualization | Log Collection | Implementation Guide | |
VMware vRealize Operations Manager | 5.8.2, 6.0 | vmware_vcops | SNMP, Syslog | Virtualization | Log Collection | Implementation Guide | |
VMware vShield and vShield Manager | 4.1, 5.0, 5.1.4 | vmware_vshield | Syslog | Firewall | Log Collection | Implementation Guide | |
VMware vSphere |
ESXi : 7.0 U2 and later vCenter : 7.0 U2 and later |
vmware_esx_esxi or vmware_vc | Plugin | Virtualization | Log Collection | Implementation Guide | |
Voltage SecureData | 5.x, 6.x | voltagesecuredata | Syslog | DLP | Log Collection | Implementation Guide | |
Vorstack Automation and Collaboration Platform ACP | 5.1 | Orchestration & Automation | Implementation Guide | ||||
VSS Monitoring | 2.3 | vssmonitoring | SNMP | System | Log Collection | Implementation Guide | |
WatchGuard EPDR | 8.x | watchguard | Syslog | Endpoint | Log Collection | Implementation Guide | |
X15 Enterprise | Other | Implementation Guide | |||||
Zscaler NSS | Web Logs | 4.1M | zscalernss | Syslog | Web Logs | Log Collection |
NetWitness recommends you to use ZScaler ZIA parser to collect Web Logs. Zscaler NSS will be discontinued and NetWitness deprecates the Zscaler NSS.
|
Zscaler Deception | 4.13.10 | deception | Syslog | IPS | Log Collection | Implementation Guide | |
Zscaler ZIA | Web Logs, Tunnel Logs, Firewall Logs, DNS Logs, SAAS Security, SAAS Security Activity | 4.1M | zscalerzia | Syslog | SASE | Log Collection | Implementation Guide |
Zscaler ZPA | User Activity, User Status, App Connector Status, Private Service Edge Status, Browser Access, Audit Logs, App Connector Metrics, or Private Service Edge Metrics | 4.1M | zscalerzpa | Syslog | VPN | Log Collection | Implementation Guide |
IOTech Edge XPERT | IoT | ||||||
SmartHub INFER | IoT | ||||||
Technotects EdgeX | IoT | ||||||
Technotects EdgeSmart | IoT | ||||||
Websym FaktoryWize | IoT | ||||||
Websym Tezeva | IoT |