| Vendor & Product | Event Type | Version | Parser Name | Collection Method | Device Class | Category | Resources |
|---|---|---|---|---|---|---|---|
| A10 Networks Thunder Series | SSL Decrypt | Implementation Guide Solution Brief |
|||||
| Absolute Data and Device Security (DDS) | Absolute DDS Customer Center 5.26+, SIEM Connector 1.1 | absolutesiemconnectorpe | Syslog | Analysis | Log Collection | Implementation Guide | Source Package |
|
| Acalvio ShadowPlex | 2017.07 | cef | Syslog | Advanced Threat Detection | Log Collection | Implementation Guide | |
| Accurev | 6.0.1 | accurev | File | CMS | Log Collection | Implementation Guide | Source Package | |
| Actiance Vantage | 12.2 | actiancevantage | ODBC | Analysis | Log Collection | Implementation Guide | |
| ActivIdentity 4TRESS AAA Server | 6.4.1 | actividentity | ODBC | Access Control | Log Collection | Implementation Guide | |
| AirMagnet Enterprise | 7.5, 8.5, 10.1 | airmagnetenterprise | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
| AirTight Management Console | 7.0, 7.1 U4 | airtightmc | Syslog | Intrusion | Log Collection | Implementation Guide | |
| AirTight Networks SpectraGuard Enterprise | 6.5, 6.6, 6.7 | atnspectraguardpe | Syslog | IPS | Log Collection | Implementation Guide Source Package |
|
| Akamai Kona Site Defender | 1 | cef | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Alcatel-Lucent OmniSwitch | 6600, 6850, 9700 | alcatelomniswitch | Syslog, SNMP | Switch | Log Collection | Implementation Guide | |
| ALTOR (A Juniper Networks Company) Security Suite | 4.0 | altorpe | Syslog | Firewall | Log Collection | Implementation Guide Source Package |
|
| Amazon AWS AppFabric | Audit Logs | N/A | appfabric | Plugin | Cloud | Log Collection | Implementation Guide |
| Amazon AWS CloudTrail | N/A | cef | Plugin | Cloud | Log Collection | ||
| Amazon AWS Detective | API v1.0 | cef | Plugin | Cloud | Log Collection | ||
| Amazon AWS GuardDuty | All | cef | Plugin | Cloud | Log Collection | Implementation Guide Product Manager Blog |
|
| Amazon AWS Kinesis | API v1.0 | aws, aws_cloudtrail, aws_route53resolver | Plugin | Cloud | Log Collection | Implementation Guide | |
| Amazon AWS Security Hub | API v1.0 | aws_securityhub | Plugin | Cloud | Log Collection | Implementation Guide | |
| Amazon AWS VPC Flow Logs | All | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
| Amazon AWS VPC Traffic Mirror | All | Network TAP | Implementation Guide | ||||
| Amazon AWS Cloudwatch | API v1.0 | aws, aws_cloudtrail, aws_route53resolver, aws_windows | Plugin | Cloud | Log Collection | Implementation Guide | |
| Amazon S3 Universal Connector |
Cloudtrail, VPC Flow Logs, AWS WAF Logs, AWS Directory Service, Windows Logs, CiscoUmbrella, Opswat MetaAccess Cloud, Jamf Protect, Application Load Balancer (ALB) access logs, cloudflarerbi, AppFabric, CloudFront access logs | API v1.0 | aws, aws_cloudtrail, cisco_umbrella, aws_windows, aws_waf, jamf, cloudflarerbi, appfabric | Plugin | Cloud | Log Collection | Implementation Guide |
| Anomali Link | API v1.0 | Plugin | Cloud | Log Collection | Implementation Guide | ||
| Anomali ThreatStream Intelligence Platform | Threat Intel | Implementation Guide | |||||
| Anomali STAXX | Threat Intel | Implementation Guide | |||||
| Apache HTTP Server | 2.x | apache | Syslog, File | Web Logs | Log Collection | Implementation Guide | Source Package | |
| Apache Tomcat Server | 6.0, 7.0, 8.x | apachetomcat | Syslog, File | Web Logs | Log Collection | Implementation Guide | Source Package | |
| APCON Inc. IntellaFlex Series 3000 | Network TAP | Implementation Guide | |||||
| Apcon IntellaPatch Series 3000 Network Monitoring Switch | 4.34.2 | apconintellapatch | Syslog | Switch | Log Collection | Implementation Guide | |
| Trustwave DbProtect (formerly Application Security; part of Singtel) | 6.0 | appsecdbprotect | ODBC | Database | Log Collection | Implementation Guide | |
| Arbor Networks Peakflow SP5 | 5.X, 9.X | arborpeakflowsp | Syslog | IPS | Log Collection | Implementation Guide | |
| Arbor Networks Peakflow X | 4.1 | arborpeakflow | Syslog | IPS | Log Collection | Implementation Guide | |
| ArcSight ESM | Other | Implementation Guide & Source Package | |||||
| Array Networks SPX Series Universal Access Controllers | 8.4.6 | arrayspxpe | Syslog | VPN | Log Collection | Implementation Guide Source Package |
|
| Artifactory | 3.3.0.1 | artifactory | File | CMS | Log Collection | Implementation Guide | Source Package | |
| Aruba Networks AirWave | 6.3.x, 6.4.x, 7.5.x | arubaairwave | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
| Aruba Networks ClearPass Policy Manager | 5.2, 6.x | arubacppm | Syslog | Access Control | Log Collection | Implementation Guide | |
| Aruba Networks Mobility Controller | ArubaOS 2.5.4.0, 3.4, 6.x | arubanetworks | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
| Atlassian Stash | 2.12, 3.3.1, 3.5.1 | stash | File | CMS | Log Collection | Implementation Guide | Source Package | |
| AttackIQ Platform | Dec 2020 | Analysis | Log Collection | Configuration Guide | |||
| Attivo ThreatMatrix Platform | 4.x | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| Avecto Privilege Guard | 3.5 | avectopg | Windows | Access Control | Log Collection | Implementation Guide | |
| Avocent IP KVM | Dell PowerEdge 2161DS-2 | avocentkvm | SNMP | Network | Log Collection | Implementation Guide | |
| Azure Sentinel Incidents | api-version = 2023-02-01 | azure |
Plugin
via msazuregraph plugin |
Cloud | Log Collection | Implementation Guide | |
| Barracuda Spam Firewall | 3.4, 3.5, 6.1.x, 8.x | barracudasf | Syslog | Antivirus | Log Collection | Implementation Guide | |
| Barracuda Web Application Firewall | Firmware: 7.4.0, 7.8.0, 7.9.2, 8.x, 9.x | barracudawaf | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Bayshore Networks SingleKey | 6.3 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| DenyAll WAF (formerly Bee Ware Web Application Firewall) | 5.x | beewarewaf | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| BeyondTrust Powerbroker Endpoint Protection (formerly eEye Blink Endpoint Protection) | 4.x | eeyeblink | SNMP | Intrusion | Log Collection | Implementation Guide | |
| BeyondTrust Retina Network Security Scanner (formerly eEye Retina Network Security Scanner) | 5.1 | eeyeretina | Syslog, SNMP | IDS | Log Collection | Implementation Guide | |
| BeyondTrust PowerBroker Servers | 7, 8 | beyondtrustpe | Syslog | Access Control | Log Collection | Implementation Guide | Source Package |
|
| BigFix Enterprise Suite | 7.2 | bigfix | ODBC | Configuration Management | Log Collection | Implementation Guide | |
| Bind DNS |
|
Bind: 9.x, 11 RHEL: 3.x, 4.x, 5.x, 6.0, 7.0 Solaris: 8, 9, 10, 11.x |
rhlinux, solaris | Syslog | UNIX | Log Collection | Implementation Guide |
| Bit9 Security Platform | 6.0.2, 7.0, 7.2 | bit9 | Syslog, ODBC | Application Firewall | Log Collection | Implementation Guide | |
| Blackberry Ltd Enterprise Server | 5.x | blackberryes | File | Messaging | Log Collection | Implementation Guide | |
| Blue Coat Systems Inc. Director (part of Broadcom Inc.) | 5.5.1.1, 5.5.2.3, 6.1.1.1 | bluecoatdirector | Syslog | Configuration Management | Log Collection | Implementation Guide | |
| Blue Coat Systems Inc. ProxyAV (part of Broadcom Inc.) | 3.3.1.2, 3.5.1.1 | bluecoatproxyav | Syslog, SNMP | Antivirus | Log Collection | Implementation Guide | |
| Blue Coat Systems Inc. ProxySG SGOS (part of Broadcom Inc.) | 4.x, 5.x, 6.x, 7.x | cacheflowelff | Syslog, File | Web Logs | Log Collection | Implementation Guide | |
| Blue Coat Systems Inc. SSL Visibility Appliance (part of Broadcom Inc.) | SSL Decrypt | Implementation Guide | |||||
| BlueCat | Adonis 7.0 | bluecat | Syslog | System | Log Collection | Implementation Guide | |
| BluVector Cortex | 3.1 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| BMC Remedy IT Service Management | 7.6.04 | bmcremedyitsm | ODBC | Configuration Management | Log Collection | Implementation Guide | |
| Brocade FastIron Switch | FGS624P- STK | brocadeswitch | Syslog | Switch | Log Collection | Implementation Guide | |
| CA ACF2 (formerly IBM Mainframe ACF2) |
|
Versions : r14 and higher Supported Platforms : z/OS v1.9, v1.10, v1.11, v1.12, and v1.13 |
ibmacf2 | FIle | Mainframe | Log Collection | Implementation Guide | Source Package |
| CA Integrated Threat Management | r8, r8.1 | caitm | SNMP | Antivirus | Log Collection | Implementation Guide | |
| CA SiteMinder | r12 | casiteminder | File | Access Control | Log Collection | Implementation Guide | Source Package |
|
| CA Top Secret | z/OS | ibmtopsecret | File | Mainframe | Log Collection | Implementation Guide | Source Package |
|
| Carbon Black Cb Response | N/A | carbonblack | Syslog | System | Log Collection | Implementation Guide Source Package |
|
| Check Point GAiA | R77.20 | rhlinux, checkpointfw | Syslog | UNIX | Log Collection | Implementation Guide | |
| Check Point IPSO (formerly Nokia IPSO) | 3.6, 3.7, 3.8, 3.9, 6.2 | nokiaipso | Syslog | UNIX | Log Collection | Implementation Guide | |
| Check Point Security Suite (IPS-1) | R76, R77.x, R80.x | checkpointfw1, cef | Check Point, Syslog | Firewall | Log Collection | Implementation Guide | |
| Check Point SPLAT OS | R75, 77.10 | rhlinux | Syslog | UNIX | Log Collection | Implementation Guide | |
| Cimcor CimTrak | 2.0.6.11 | cimcorcimtrakpe | Syslog | Intrusion | Log Collection | Implementation Guide Source Package |
|
| Cisco 3300 Series Mobility Services Engine | 5.2.91.0, 6.0.97.0, 7.0.105.0 | ciscomse | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
| Cisco Adaptive Security Appliance (ASA) | 7.x, 8.x, 9.x, 11.13 | ciscoasa | Syslog | Firewall | Log Collection | Implementation Guide | |
| Cisco Aggregation Services Router | 3.3 | ciscorouter | Syslog | Router | Log Collection | Implementation Guide | |
| Cisco Aironet AP (Wireless Access Point) | IOS 12.2 | ciscorouter | Syslog | Router | Log Collection | Implementation Guide | |
| Cisco Application Control Engine | 4710 | ciscoace | Syslog | Application Delivery | Log Collection | Implementation Guide | |
| Cisco ASA Security Services Module | 4.x. 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 7.1.1 | ciscoidsxml | SDEE | IDS | Log Collection | Implementation Guide | |
| Cisco Catalyst Switch | Cisco Catalyst 6500, Cisco Catalyst 2960-CX | ciscorouter | Syslog | Router | Log Collection | Implementation Guide | |
| Cisco Firewall Service Module | 4.1(5) | ciscoasa | Syslog | Firewall | Log Collection | Implementation Guide | |
| Cisco Identity Services Engine (ISE) | 1.0, 1.1, 1.3, 1.4, 2.x | ciscosecureacs | Syslog | Access Control | Log Collection | Implementation Guide | |
| Cisco IOS | IOS 12.4, 15.x | ciscorouter | Syslog | Router | Log Collection | Implementation Guide | |
| Cisco IronPort Email Security Appliance | 5.7.0, 7.1.3, 8.0.1, 8.5.x, 11.x | ciscoiportesa | File, Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Cisco IronPort Web Security Appliance (WSA) | 5.7.0, 6.3, 7.x, 8.x, 9.x, 10.x | ciscoiportwsa | File, Syslog | Web Logs | Log Collection | Implementation Guide | Source Package | |
| CiscoWorks LAN Management Solution | 3.2, 4.0 | ciscolms | ODBC | Configuration Management | Log Collection | Implementation Guide | |
| Cisco Advanced Malware Protection (AMP) for Endpoints | All | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
| Cisco Meraki | MX60, GA 12.26 | ciscomeraki | Syslog | Configuration Management | Log Collection | Implementation Guide | |
| Cisco Network Admission Control (NAC) | 4.7, 4.9 | cisconac | Syslog | Access Control | Log Collection | Implementation Guide | |
| Cisco Nexus | 1000V, 5000V and 7000V | cisconxos | Syslog | Switch | Log Collection | Implementation Guide | |
| Cisco Prime Infrastructure & Wireless Control System |
|
Prime Infrastructure: 1.1, 1.2, 2.0, 2.1 Wireless Control System: 7.0 |
ciscowcs | SNMP | Configuration Management | Log Collection | Implementation Guide |
| Cisco Secure Access Control Server (ACS) |
|
Software only: 4.2 Appliance:5.x |
ciscosecureacs | Syslog | Access Control | Log Collection | Implementation Guide |
| Cisco Secure Access Control Server (ACS) Express | 5 | ciscoacsxp | Syslog | Access Control | Log Collection | Implementation Guide | |
| Cisco Secure IDS or IPS | 4.x, 5.0, 5.1, 6.0, 6.1, 6.2, 7.x; Signature Engines: E1, E2, E3, E4 | ciscoidsxml | SDEE | IDS | Log Collection | Implementation Guide | |
| Cisco Security Agent | 4.0, 5.1, 6.0 | ciscosecagent | ODBC, SNMP | IDS | Log Collection | Implementation Guide | |
| Cisco Sourcefire Defense Center / SNORT | 4.x, 5.x, 6.x | snort | Syslog | IDS | Log Collection | Implementation Guide | |
| Cisco ThreatGRID | Threat Intel | Implementation Guide | |||||
| Cisco Umbrella | Schema Version 4 | cisco_umbrella | Plugin | Cloud | Log Collection | Implementation Guide | |
| Cisco Unified Computing System Manager | 1.0 (2d) | ciscoucs, cisconxos | Syslog | Configuration Management | Log Collection | Implementation Guide | |
| Cisco Virtual Security Gateway | 4.2(1)VSG(1) | cisconxos | Syslog | Switch | Log Collection | Implementation Guide | |
| Cisco Wireless LAN Controller (WLC) (2100 Series, 4400 Series, and 9800 Series) | 5.2.157.0, 6.0.188, 7.0.9, 8.0, 8.x, 17.03.03 | ciscowlc | Syslog, SNMP | Wireless Devices | Log Collection | Implementation Guide | |
| CiscoWorks Common Services/Cisco Security Manager | 2.3, 3.0, 3.3, 4.0 | ciscoworks | File | Configuration Management | Log Collection | Implementation Guide | Source Package | |
| Citrix Access Gateway | 4.5, 4.6, 5.0 | citrixag | Syslog, File | VPN | Log Collection | Implementation Guide | |
| Citrix NetScaler | 9.1, 9.2, 9.3, 10.0, 10.1, 10.5, 11.x, 13.x | citrixns | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Citrix XenApp | 5 (for Windows Server 2003), 6, 6.5, 7.x | citrixxa | ODBC | Virtualization | Log Collection | Implementation Guide | |
| Citrix XenMobile MDM (formerly Zenprise MobileManager) |
|
XenMobile Server 10.x Xenmobile MDM version 8.6 Zenprise MobileManager 6.6 |
zenprisemdm | Syslog, File | Configuration Management | Log Collection | Implementation Guide |
| Claroty Platform | 2.0, 2.1 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| Clearswift SECURE Gateway Suite |
|
Web Gateway: 3.0 Email Gateway: 3.6 Exchange Gateway: 1.0 ICAP Gateway: 1.0 |
clearswiftpe | Syslog | Application Servers | Log Collection | Implementation Guide Source Package |
| Cloudera Navigator | 4.8, 5.x | clouderanavigator | Syslog | Access Control | Log Collection | Implementation Guide | |
| CloudLink SecureVSA | 3 | aforecloudlink | Syslog | Access Control | Log Collection | Implementation Guide | |
| Cofense Intelligence (formerly PhishMe) | Threat Intel | Implementation Guide | |||||
| CoreTrace Bouncer | 6.0.1 | coretracebouncerpe | Syslog | Application Firewall | Log Collection | Implementation Guide, Source Package |
|
| CorreLog, Inc. SIEM Agent for IBM z/OS (part of BMC Software, Inc.) | 5.5.1 z/OS | cef | Syslog | Mainframe | Log Collection | Implementation Guide | |
| CounterTack Event Horizon | 3.1,3.1.7 | countertackehpe | Syslog | Analysis | Log Collection | Implementation Guide | Source Package | |
| Courion PasswordCourier | 5 | courionpc | File | Access Control | Log Collection | Implementation Guide I Source Package | |
| cPacket Networks CVU Family | Network TAP | Implementation Guide | |||||
| Crossbeam C-Series | 4.x, 5.x, 6.x | crossbeamc | Syslog | UNIX | Log Collection | Implementation Guide | |
| CryptoniteNXT | CEF | Log Collection | Implementation Guide | ||||
| Cuckoo Sandbox | Other | Implementation Guide | |||||
| Custom JDBC | Database audit logs | Any version of Oracle or ibmdb2 | Logstash | Database | Log Collection | Implementation Guide | |
| CyberArk Account Security and Identity Management |
|
7.x, 8.x, 9.x, 10.x, 12.1 |
cyberark | Syslog | Access Control | Log Collection | |
| CyberArk Privileged Threat Analytics | 2.6.3.1 | cef | Syslog | Access Control | Log Collection | Implementation Guide | |
| Cyberoam UTM | 10.04.3 | cyberoamutm | Syslog | Firewall | Log Collection | Implementation Guide | |
| CyberSponse CyOps | Orchestration & Automation | Implementation Guide | |||||
| CyberX Platform 2.0 | 2.0 | cef | Syslog | ICS | Log Collection | Implementation Guide | |
| Cylance Protect | 1.x | cylance | Syslog | Antivirus | Log Collection | Implementation Guide | |
| Cymulate Integration |
Implementation Guide | ||||||
| Cyware Integration | Implementation Guide | ||||||
| Damballa Failsafe | 5.0.2, 6.2.0 | damballa | Syslog | Antivirus | Log Collection | Implementation Guide | |
| DataSunrise Database Security Suite | 3.7 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| Dell iDRAC | DRAC 5, iDrac 6, iDRAC 9.x | delldrac | SNMP, Syslog | Access Control | Log Collection | Implementation Guide | |
| Dell PowerConnect 5324 Switch | 1.0.0.47 | dellswitch | Syslog | Switch | Log Collection | Implementation Guide | |
| Dell EMC Avamar | 4.1, 6.0, 7.0 | emcavamar | ODBC, Syslog | Storage | Log Collection | Implementation Guide | |
| Dell EMC Celerra (also known as Dell EMC Control Station, Blades, DataMover, NSX) | 7.0, 7.1 | celerra | SNMP | Storage | Log Collection | Implementation Guide | |
| Dell EMC Data Domain | 5.1.0.4 | emcdatadomain | Syslog | Storage | Log Collection | Implementation Guide | |
| Dell EMC Data Protection Advisor | 5.6 | emcdpa | ODBC | Analysis | Log Collection | Implementation Guide | |
| Dell EMC Greenplum Database | 4 | greenplum | FIle | Database | Log Collection | Implementation Guide | |
| Dell EMC Greenplum HD | 1.2 | greenplumhd | File | Storage | Log Collection | Implementation Guide | |
| Dell EMC Ionix Unified Infrastructure Manager | 1.0, 2.1, 3.0, 3.1 | emcionixuim | Syslog, File, ODBC | Configuration Management | Log Collection | Implementation Guide | |
| Dell EMC Isilon | 6.5.3.32, 6.5.5.7.x, 8.x | emcisilon | File, Syslog | Storage | Log Collection | Implementation Guide | |
| Dell EMC NetWorker | 7.6 SP2 | emcnetworker | File | Storage | Log Collection | Implementation Guide | |
| Dell EMC Secure Remote Support (ESRS) | 2 | esrs | Syslog | Access Control | Log Collection | Implementation Guide | |
| Dell EMC Symmetrix Solutions Enabler | 6.4, 6.5.3, 7.0, 7.1, 7.3.0.1, 7.6.1 | symmetrix | Syslog, File | Storage | Log Collection | Implementation Guide | |
| Dell EMC VNX (formerly Clariion Navisphere) | Navisphere 6.28 and Unisphere 1.1 | clariion | SNMP | Storage | Log Collection | Implementation Guide | |
| Dell EMC Voyence | 4.0.1 | voyence | SNMP | Access Control | Log Collection | Implementation Guide | |
| Dell EMC VPLEX | all | emcvplex | File | Storage | Log Collection | Implementation Guide | |
| Demisto Enterprise | Orchestration & Automation | Implementation Guide | |||||
| DFLabs IncMan | 4.5+ | Orchestration & Automation | Implementation Guide | ||||
| Digital Guardian | 6.1 | Syslog | DLP | Log Collection | Implementation Guide | Source Package |
||
| Dropbox | dropbox events | API v2.0 | cef | Plugin | Cloud | Log Collection | Implementation Guide Product Manager Blog |
| EclecticIQ Threat Intelligence Platform | Threat Intel | Implementation Guide | |||||
| EMC Fabric OS | 6.1, 6.2 | fabricos | Syslog | Switch | Log Collection | Implementation Guide | |
| Endgame | 2.5.4 | cef | Syslog | System | Log Collection | Implementation Guide | |
| Enforcive Enterprise Security (part of Precisely) | 7.x | cef | Syslog | Access Control | Log Collection | Implementation Guide |
|
| Extreme Networks Dragon IPS (formerly Enterasys Dragon) | 5.x, 6.x, 7.2, 7.4 | dragonids | SNMP | IDS | Log Collection | Implementation Guide | |
| Extreme Networks Switch (formerly Enterasys Switch | S-Series | enterasysswitch | Syslog | Switch | Log Collection | Implementation Guide | |
| Enterprise IT-Security SF-NoEvasion | 7.1 | enterpriseitsfne | Syslog | Mainframe | Log Collection | Implementation Guide | |
| Entrust Identity Guard | 10.1 | entrustig | Syslog | Access Control | Log Collection | Implementation Guide | |
| ESET Remote Administrator | 4.0, 5.0 | eseterape | ODBC | Antivirus | Log Collection | Implementation Guide Source Package |
|
| Evidian Authentication Manager | 9.x, 10.x | evidian | ODBC | Access Control | Log Collection | Implementation Guide | |
| Exabeam Advanced Analytics | 3.0 | exabeampe | Syslog | Analysis | Log Collection | Implementation Guide | |
| F-Secure | 5.x | fsecureav, cef | Syslog, Windows | Antivirus | Log Collection | Implementation Guide | |
| F5 BIG-IP Access Policy Manager | 10.2.0, 11.4 HF4, 11.5.2 HF1, 15.x | bigipapm | Syslog | Access Control | Log Collection | Implementation Guide | |
| F5 BIG-IP Advanced Firewall Manager | 11.5 | bigipafm | Syslog | Firewall | Log Collection | Implementation Guide | |
| F5 BIG-IP Application Security Manager | 10.2.0, 11.2, 11.5.x, 11.6,13.x, 14.x | bigipasm | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| F5 BIG-IP Local Traffic Manager | 9.4, 10.2.0, 11.x, 12.x, 13.x, 14.x, 15.x | bigip | Syslog | Switch | Log Collection | Implementation Guide | |
| F5 BIG-IP Virtual Edition | SSL Decrypt | Deployment Guide (Version 11.3) | |||||
| F5 Firepass SSL VPN | 5.5-20051019, 7.0.1 | firepass | Syslog | VPN | Log Collection | Implementation Guide | |
| F5 SSL Orchestrator | SSL Decrypt | Implementation Guide | |||||
| FairWarning Privacy Monitoring | 2.9.2, 4.x | fairwarningpm | File | Analysis | Log Collection | Implementation Guide | |
| FireEye Web Malware Protection System | 6.x, 7.x, 8.x, 9.x | fireeyewebmps | Syslog | Malware | Log Collection | Implementation Guide | |
| FireEye Endpoint Security (FireEye HX) | 5.1.x | fireeyehx | Logstash | IPS | Log Collection | Implementation Guide | |
| FluentD | 1.15.1 | Log Collection | |||||
| Forcepoint DLP (formerly Websense Data Security) | 7.x, 8.x | websenseds | Syslog | DLP | Log Collection | Implementation Guide | |
| Forcepoint Email Security) | 8.x | cef | Syslog | Antivirus | Log Collection | Implementation Guide | |
| Forcepoint Web Security (formerly Websense Web Security) | 5.5, 6.3, 7.0, 7.1, 7.5, 7.6, 7.7, 7.8.1, 7.8.4, 8.x | websense | SNMP, ODBC (7.5, 7.6, 7.7), (Syslog for 7.7 and later) | Web Logs | Log Collection | Implementation Guide | |
| ForeScout CounterACT | 6.3.4.0, 7.x, 8.x | forescoutcounteract | Syslog | Access Control | Log Collection | Implementation Guide | |
| Fortinet FortiAnalyzer | 5.x, 6.x, 7.x | fortinetmgr | Syslog | Firewall | Log Collection | Implementation Guide | |
| Fortinet Forticlient Endpoint Security | 4.x | forticlientendpoint | Syslog | Firewall | Log Collection | Implementation Guide | |
| Fortinet FortiGate | 2.8, 3.0, 4.0 MR1, 4.0 MR2, 5.x, 6.x | fortinet | Syslog | Firewall | Log Collection | Implementation Guide | |
| Fortinet FortiMail | 4.0, 5.2, 6.x | fortinetfortimail | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Fortinet Manager | 5.x, 6.x, 7.x | fortinetmgr | Syslog | Firewall | Log Collection | Implementation Guide | |
| Fox Technologies Server Control | 6.5, 6.6 | foxtpe | Syslog | Access Control | Log Collection | Implementation Guide Source Package |
|
| Free BSD | 5.x | hpux | Syslog | UNIX | Log Collection | Implementation Guide | |
| General Electric (GE) Centricity Enterprise Archive | 4 | gecea | ODBC | Document | Log Collection | Implementation Guide | |
| General Electric (GE) Centricity PACS-IW | 3.7.3 | gepacs | ODBC | Document | Log Collection | Implementation Guide | |
| Gigamon GigaSECURE | Network TAP | Implementation Guide | |||||
| Gigamon GigaSECURE OpenStack | Network TAP | Implementation Guide | |||||
| Gigamon GigaVUE FM Series | Network TAP | Deployment Guide | |||||
| Gigamon SSL Solution | SSL Decrypt | Implementation Guide | |||||
| Git | 1.7.6 | git | File | CMS | Log Collection | Implementation Guide | |
| GitHub Enterprise | 2.8.x | git | Syslog | CMS | Log Collection | Implementation Guide | |
| GlobalSCAPE Enhanced File Transfer (EFT) Server | all versions up to 6.3.8 | gseftserver | File | Web Logs | Log Collection | Implementation Guide | |
| Google Cloud Platform (GCP) | API v1.0 | cef/gcp | Plugin | Cloud | Log Collection | Implementation Guide | |
| Google G Suite | API v1.0 | googlesuite | Plugin | Cloud | Log Collection | Implementation Guide | |
| Gurucul Risk Analytics | Other | Implementation Guide | |||||
| HelpSystems PowerTech Interact | 3 | powertechpe | Syslog | Analysis | Log Collection | Implementation Guide Source Package |
|
| Hewlett Packard Integrity NonStop Server | All NonStop OS releases supported by HP | hpnonstopserver | Syslog | Analysis | Log Collection | Implementation Guide | |
| Hewlett Packard OpenVMS | all | openvms | File | Midrange | Log Collection | Implementation Guide | |
| Hewlett Packard ProCurve Switch | series 2600, 2800, 5300, 7510 | hpprocurvesw | Syslog | Switch | Log Collection | Implementation Guide | |
| Hewlett Packard UNIX | 11.X, C2 v11.X | hpux | Syslog | UNIX | Log Collection | Implementation Guide | |
| Hitachi ID Privileged Access Manager / Password Manager | 7.1.x, 7.2.x, 7.3.x | hitachiidmsuitepe | ODBC | Access Control | Log Collection | Implementation Guide | Source Package | |
| Huawei VRP | 5.x, 6.x, 8.x | huaweivrp | Syslog | Router | Log Collection | Implementation Guide | |
| HyTrust CloudControl (formerly HyTrust Appliance) |
|
Appliance: 2.0.10264, 2.5.1, 3.0.2, 3.6 CloudControl: 4.0 |
hytrust | Syslog | Access Control | Log Collection | Implementation Guide |
| IBM AIX | 5L (Security and Authentication messages only), 6.1, 7.x | aix | Syslog | UNIX | Log Collection | Implementation Guide | |
| IBM DB2 Universal Database | 7, 8, 8.1, 9.1, 9.5, 9.7, 10.x | ibmdb2 | File, ODBC | Database | Log Collection | Implementation Guide | |
| IBM DB2 | Database Audit Logs | 7, 8, 8.1, 9.1, 9.5, 9.7, 10.x | Logstash | Database | Log Collection | Implementation Guide | |
| IBM Domino | 8.5, 9.x | lotusdomino | SNMP | Mail Servers | Log Collection | Implementation Guide | |
| IBM Guardium SQL Guard | 7, 8.0.2, 9.5.x | guardium | Syslog | Firewall | Log Collection | Implementation Guide | |
| IBM iSeries AS400 | V6.1.x, V7.1, V7.2 | iseries | File | Midrange | Log Collection | Implementation Guide | Source Package | |
| IBM ISS SiteProtector | 2.0 SP6.1, SP7.0, SP8.0, SP8.1, SP9.0 | iss | ODBC | IDS | Log Collection | Implementation Guide | |
| IBM Mainframe DB2 for z/OS | Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, v2.1 and v2.2 | ibmdb2 | File | Database | Log Collection | Implementation Guide | Source Package | |
| IBM Mainframe ICSF | Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 | ibmicsf | File | Mainframe | Log Collection | Implementation Guide | |
| IBM Mainframe IDMS | Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 | ibmidms | File | Mainframe | Log Collection | Implementation Guide | |
| IBM Mainframe IMS | Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 | ibmims | File | Mainframe | Log Collection | Implementation Guide | |
| IBM Mainframe IPSec | Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 | ibmmainframeipsec | File | Mainframe | Log Collection | Implementation Guide | |
| IBM Mainframe RACF | Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, v2.1 and v2.2 | ibmracf | File | Mainframe | Log Collection | Implementation Guide | |
| IBM Mainframe Syslog and Hardcopy Log Facility | Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, 2.x | ibmmfzossyslog | File | Mainframe | Log Collection | Implementation Guide | |
| IBM Qradar | N/A | Other | Implementation Guide Supporting Files |
||||
| IBM Tivoli Access Manager ESSO | 8.0.1 | ibmtamesso | ODBC | Access Control | Log Collection | Implementation Guide | |
| IBM Tivoli Access Manager WebSEAL | 6.0, 7.x, 9.x | ibmtamws | File, Syslog | Access Control | Log Collection | Implementation Guide | |
| IBM Tivoli Identity Manager | 5.1 | ibmtim | ODBC | Access Control | Log Collection | Implementation Guide | |
| IBM WebSphere | 6.0.0.1, 7.0.0.9, 8.0, 8.5 | ibmwebsphere | File | Application Servers | Log Collection | Implementation Guide | |
| IBM WebSphere DataPower | 3.8.1, 7.x | ibmwebspheredp | Syslog | System | Log Collection | Implementation Guide | |
| IBM MQ (formerly branded as WebSphere MQ) | 7.0.1 | ibmwebspheremq | File | Messaging | Log Collection | Implementation Guide | |
| Imperva CounterBreach | 11.5 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| Imperva SecureSphere | 6, 7, 8, 8.5, 9.0, 9.5, 10.0 | impervawaf | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Tenable.ot powered by Indegy | 3.x | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| Infoblox NIOS | 5.1, 6.4.5, 8.x | infobloxnios | Syslog | System | Log Collection | Implementation Guide | |
| Interface Masters Niagara 2299 | Network TAP | Implementation Guide | |||||
| Interface Masters Niagara 4272 | Network TAP | Implementation Guide | |||||
| Intersect Alliance Snare for Linux | 3.7 and later | linux_snare | Syslog | UNIX | Log Collection | Implementation Guide | |
| Invincea Threat Data Server | 2.6 | invincea | Syslog | Antivirus | Log Collection | Implementation Guide | |
|
IPFIX |
NetFlow v10 | ipfix | Logstash | Switch | Log Collection | Implementation Guide | |
| Ixia CloudLens (part of Keysight) | Network TAP | Implementation Guide, Deployment Guide (NW 10.6.x) Deployment Guide (NW 11.3) |
|||||
| Ixia Vision ONE (part of Keysight) | Network TAP | Implementation Guide | |||||
| Ixia Phantom vTap (part of Keysight) | Network TAP | Implementation Guide | |||||
| Jamf Protect | Alerts, Audit, Computer List | API v1.0 | jamf | Plugin | Cloud | Log Collection | Implementation Guide |
| J4Care Healthcare Connector | N/A | j4carehcc | Syslog | Document | Log Collection | Implementation Guide | |
| JBoss Application Server |
Application Server: 4.2, 5.0, 7.0
Enterprise Application Platform (EAP) : 4.3, 5.1, 6.4, and 7.1 on Windows |
jboss | File, Syslog | Application Servers | Log Collection | Implementation Guide | |
| Jenkins | 1.58, 1.8.x, 2.x | jenkins | Syslog | Application Servers | Log Collection | Implementation Guide | |
| Juniper Networks Intrusion Detection and Prevention (IDP) | 3.0, 3.1, 3.2, 4.0, 4.1, 5.0 | netscreenidp | Syslog, File | IDP | Log Collection | Implementation Guide | |
| Juniper Networks JUNOS | 6.1, JUNOS 9.4, 9.6, 10.0, 10.3, 10.4, 11.1, 11.2, 11.4, 12.1, 17.x | junosrouter | Syslog | Router | Log Collection | Implementation Guide | |
| Juniper Networks NetScreen Firewall | 5.1, 5.3, 5.4, 6.x | netscreen | Syslog | Firewall | Log Collection | Implementation Guide | |
| Juniper Networks NetScreen ScreenOS | 5.1, 5.3, 5.4, 6.x | netscreen | Syslog | Firewall | Log Collection | Implementation Guide | |
| Juniper Networks NetScreen-Security Manager | 2006, 2007, 2010, 2011, 2012 | nsm | Syslog, File | Configuration Management | Log Collection | Implementation Guide | |
| Juniper Networks Unified Access Control | 2.2, 3.1, 4.5 | juniperic | Syslog | Access Control | Log Collection | Implementation Guide | |
| Juniper Networks Wireless LAN Controller | 7.6.1 | juniperwlc | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
| Juniper Steel-Belted Radius | 5.4, 6.x | junipersbr | File | Access Control | Log Collection | Implementation Guide | |
| Kaspersky Anti-Virus | Kaspersky Security Center 9.0, 10.x,11.x, 14.0 Kaspersky Administration Kit 8.0 Kaspersky Anti-Virus for Microsoft ISA Server 2004 Enterprise Edition and 2006 Enterprise Edition | kasperskyav | ODBC, File | Antivirus | Log Collection | Implementation Guide | |
| Kaspersky CyberTrace (formerly Threat Feed Service) | Threat Intel | Implementation Guide | |||||
| Kaspersky Threat Intelligence Portal | Threat Intel | Implementation Guide | |||||
| Kernel Based Virtual Machine (KVM) | 2.6.32-220 | kvm | File | Virtualization | Log Collection | Implementation Guide | |
| Kubernetes | 1.18 | kubernetes | Logstash | Configuration Management | Log Collection | Implementation Guide | |
| Lancope StealthWatch | 5.5, 5.6, 5.9, 5.10, 6.0 | stealthwatch | Syslog | IDS | Log Collection | Implementation Guide | |
| LANDesk Management Suite | 9.0 Service Pack 2, 9.5 | landesk | ODBC | Configuration Management | Log Collection | Implementation Guide | |
| Lieberman Enterprise Random Password Manager (ERPM) | 4.83.6 | liebsofterpmpe | Syslog | Application Servers | Log Collection | Implementation Guide Source Package |
|
| Linux (CentOS) | 6 | rhlinux | Syslog | UNIX | Log Collection | Implementation Guide | |
| Linux (Debian GNU) | 3.1, 4.0 | rhlinux | Syslog | UNIX | Log Collection | Implementation Guide | |
| Linux (Novell SuSE) | 9, 10, 10.2, 11, 12.x, 15 | rhlinux | Syslog | UNIX | Log Collection | Implementation Guide | |
| Linux (Red Hat/RHEL) | 3.x, 4.x, 5.x, 6.0, 7.x | rhlinux | Syslog | UNIX | Log Collection | Implementation Guide | |
| LogRhythm Platform | Other | Implementation Guide | |||||
| Lumension Endpoint Management and Security Suite | 7 | lumensionemss | ODBC | Configuration Management | Log Collection | Implementation Guide | |
| M86 Secure Web Gateway (part of Trustwave) | 10.1, 10.2 | m86swgpe | Syslog | Application Firewall | Log Collection | Implementation Guide Source Package |
|
| ManageEngine Netflow Analyzer | 8.0, 9.5 | manageenginenetflow | ODBC | Analysis | Log Collection | Implementation Guide | |
| MapR Converged Data Platform (part of Hewlett Packard Enterprise) | Other | Implementation Guide | |||||
| McAfee Data Loss Prevention Endpoint | 2.2, 3.0, 9.0, 9.1, 9.2, 9.3, 9.4.x, 10.x | mcafeedlp | ODBC | DLP | Log Collection | Implementation Guide | |
| McAfee Database Security | 4.2, 5.x | mcafeeds | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| McAfee Email Gateway (formerly CipherTrust IronMail) | 5.5, 7.x | ironmail, cef | Syslog, SNMP | Antivirus | Log Collection | Implementation Guide | |
| McAfee Endpoint Encryption | 5.2.2. 5.2.12 | mcafeeendpoint | File | Access Control | Log Collection | Implementation Guide | |
| McAfee Endpoint Security | 10.x | epolicy | ODBC | Antivirus | Log Collection | Implementation Guide | |
| McAfee ePolicy Orchestrator | 3.5, 3.6.0, 3.6.1, 4.0, 4.5, 4.6, 5.x | epolicy | ODBC | Antivirus | Log Collection | Implementation Guide | |
| McAfee Firewall Enterprise | 6.1.1.x, 6.1.2.x, 7.0.0.x, 8.0, 8.x | sidewinder | Syslog | Firewall | Log Collection | Implementation Guide | |
| McAfee Host Intrusion Prevention (aka Entercept) | 6.0.1 supported on McAfee ePolicy Orchestrator 3.6.0, 3.6.1 7.0, 8.0 supported on McAfee ePolicy Orchestrator 4.0 | entercept | ODBC | IDS | Log Collection | Implementation Guide | |
| McAfee Integrity Control | 5.0.2, 5.1.0, 6.x | mcafeeic | ODBC | Configuration Management | Log Collection | Implementation Guide | |
| McAfee Network Access Control | 3.1.1 | mcafeenac | ODBC | Access Control | Log Collection | Implementation Guide | |
| McAfee Network Data Loss Prevention (Reconnex) | 8.6, 9.x | mcafeereconnex | ODBC, Syslog | DLP | Log Collection | Implementation Guide | |
| McAfee Network Security Platform | 2.1, 3.1, 4.1, 5.1, 6.1, 7.1, 8.x, 9.x | intrushield | Syslog, ODBC (for version 5.1) | IDS | Log Collection | Implementation Guide | |
| McAfee Policy Auditor | 5.2, 6.01, 6.2 | mcafeepa | ODBC | Configuration Management | Log Collection | Implementation Guide | |
| McAfee Security for Microsoft Exchange | 8.x | mcafeesecurity | ODBC | Antivirus | Log Collection | Implementation Guide | |
| McAfee VirusScan Enterprise | 8.x | mcafeevirusscan | ODBC | Antivirus | Log Collection | Implementation Guide | |
| McAfee Vulnerability Manager | 5.0, 6.5.1, 6.8, 7.0, 7.5 | mcafeefoundscan | ODBC | IDS | Log Collection | Implementation Guide | |
| McAfee Web Gateway | 6.8.5, 7.x, 8.x | mcafeewg | File, Syslog | Web Logs | Log Collection | Implementation Guide | |
| McKesson Horizon Patient Folder | 15 | mckessonhpf | ODBC | Document | Log Collection | Implementation Guide | |
| Microdasys XML Security Gateway | 1.1.0 | microdasys_xsg | File | Application Firewall | Log Collection | Implementation Guide | |
| Microsoft Audit Collection Services | 2007 SP1 | msacs | ODBC | Windows Hosts | Log Collection | Implementation Guide | |
| Microsoft Azure Graph API | Directory Audit , Sign-Ins , Risk Detections , Security Alerts , Azure Sentinel Incidents | API v1.0 | azure | Plugin | Cloud | Log Collection | Implementation Guide |
| Microsoft Azure: Admin Logs, Azure AD Audit/Sign-in (via native API) | All | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
| Microsoft Azure: Admin Logs, Azure AD Audit/Sign-in (via Event Hub) | All | cef | Plugin | Cloud | Log Collection | Implementation Guide Product Manager Blog |
|
| Microsoft Azure Log Analytics Workspace | Azure Kubernetes | All | azure_loganalytics | Plugin | Cloud | Log Collection | Implementation Guide |
| Microsoft Azure NSG | All | cef | Plugin | Cloud | Log Collection | Implementation Guide Product Manager Blog |
|
| Microsoft Azure Monitor | API v1.0 | cef, azure | Plugin | Cloud | Log Collection | Implementation Guide | |
| Microsoft Azure Security Alerts | API v1.0 | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
| Microsoft DHCP Server | 2000, 2003, 2008, 2012, 2019 | msdhcp | File | Application Servers | Log Collection | Implementation Guide | Source Package | |
| Microsoft Exchange Server | 2003, 2007, 2010, 2013, 2016, 2019 | msexchange | File, Windows | Mail Servers | Log Collection | Implementation Guide | |
| Microsoft Forefront Endpoint Protection | Forefront Client Security 1.1, 1.5 Forefront Endpoint Protection 2010 System Center 2012 Endpoint Protection | msforefrontcs | Windows, ODBC (for Forefront Client Security only) | Antivirus | Log Collection | Implementation Guide | |
| Microsoft Forefront Threat Management Gateway | Beta, ISA 2006, TMG 2010 | msisa | File, ODBC | Firewall | Log Collection | Implementation Guide | |
| Microsoft Forefront Unified Access Gateway | 2010 | msfuag | Syslog, ODBC | VPN | Log Collection | Implementation Guide | |
| Microsoft Internet Information Services (IIS) | 5.x, 6.x, 7.x, 8.x, 10.x | microsoftiis | File | Web Logs | Log Collection | Implementation Guide | |
| Microsoft Internet Security and Acceleration (ISA) Server | 2000, 2004, 2006 | msisa | File, Windows | Web Logs | Log Collection | Implementation Guide | |
| Microsoft Network Access Protection | 1.1 | msnap | ODBC | Access Control | Log Collection | Implementation Guide | |
| Microsoft Network Policy Server (NPS) | 3.2, 4.0 | msias | File, Windows | Access Control | Log Collection | Implementation Guide | |
| Microsoft Office 365 | API v1.0 | msoffice365/cef | Plugin | Cloud | Log Collection | Implementation Guide Product Manager Blog |
|
| Microsoft SharePoint Server | 2007, 2010, 2013, 2016 | mssharepoint | Windows | Storage | Log Collection | Implementation Guide | |
| Microsoft SQL Server | 2000, 2005, 2008, 2012, 2014, 2016, 2019, and MS SQL Express | mssql | ODBC, File, Windows | Database | Log Collection | ||
| Microsoft System Center Configuration Manager | 2007, 2012 | mssccm | Windows | Configuration Management | Log Collection | Implementation Guide | |
| Microsoft System Center Operations Manager | 2005, 2007, 2012, 2012 R2 | mom | Windows | Configuration Management | Log Collection | Implementation Guide | |
| Microsoft Team Foundation Server (TFS) | Microsoft TFS 2018 | mstfs | ODBC | CMS | Log Collection | Implementation Guide | |
| Microsoft URL Scan | 3.x | msurlscan | File | Web Logs | Log Collection | Implementation Guide | |
| Microsoft Windows (Legacy) | Microsoft Windows Server versions 2003 and earlier | winevent_nic | Windows Legacy | Windows Hosts | Log Collection | Implementation Guide | |
| Microsoft Windows (via WinRM) | Server 2008, 2008 R2, 2012, 2012 R2 Data Center Edition, 2016, 2019 | Windows 7, 8 and 10 | winevent_nic | Windows | Windows Hosts | Log Collection | Implementation Guide | |
| Microsoft Windows (via Adiscon Event Reporter, Intersect Alliance SNARE) | NT | 2000 | XP | 2003 | Vista Business, Ultimate and Enterprise | Server 2008, 2008 Enterprise with Hyper-V | Server 2008 R2 Standard, Enterprise, and Datacenter | Web Server 2008 R2 | Windows 7 Professional, Ultimate, and Enterprise | Server 2012 | Server 2016 | Server 2019 | Windows 8 and 10 | winevent_er, winevent_snare | Syslog | Windows Hosts | Log Collection | Implementation Guide | |
| Microsoft Windows (via RSA NetWitness Endpoint) | Windows 7, 8, 8.1, 10 | Windows Server 2008, 2012, 2016, 2019 | windows | Syslog (via Agent) | Windows Hosts | Log Collection | Implementation Guide | Blog Post | |
| Microsoft Windows DNS | 2008, 2012, 2016, 2019 | winevent_snare, winevent_er, winevent_nic | Syslog, File | Windows Hosts | Log Collection | Implementation Guide | |
| Microsoft Windows Server Update Service | 3.0 SP 2 | mswsus | ODBC | Configuration Management | Log Collection | Implementation Guide | |
| Morphisec Endpoint Threat Prevention | 2.7 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| Motorola AirDefense Enterprise Console | 7.2, 7.3, 8.1, 9.0 | airdefense | Syslog | Wireless Devices | Log Collection | Implementation Guide | |
| nCircle Configuration Compliance Manager | 5.1 | ncircleccm | Syslog | Configuration Management | Log Collection | Implementation Guide | |
| NetApp Data ONTAP | 6.x, 7.0-7.3.1.1, 8.x, 9.x | netapp | Syslog, Windows Legacy | Storage | Log Collection | Implementation Guide | |
| NETASQ Unified Manager | 8.1.3, 9.0.2, 9.0.3.2 | netasqutm | Syslog | Firewall | Log Collection | Implementation Guide | |
| NetClarity NACwall | 8.0.6 | netclaritype | Syslog | Access Control | Log Collection | Implementation Guide Source Package |
|
| Netflow | 5, 9 | cef, rsaflow | Netflow | Analysis | Log Collection | Implementation Guide | |
| Netskope | API v1.0 | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
| Network Critical SmartNAx Series | Network TAP | Implementation Guide | |||||
| NFDump | netflow v5, v7, v9NFDump v1.5.7, 1.6.x | nfdump | File | System | Log Collection | Implementation Guide | Source Package | |
| NFR NIDS | 3.x, 4.x, 5.x | nfrnids | Syslog | IDS | Log Collection | Implementation Guide | |
|
Nginx |
1,22 | nginx | Logstash | Web Logs | Log Collection | Implementation Guide | |
| Nominum Vantio (part of Akamai) | 5.2 | nominumvantiope | Syslog | Application Servers | Log Collection | Implementation Guide Source Package |
|
| Novell eDirectory | 8.8 for Windows and Linux | edirectory | SNMP | Router | Log Collection | Implementation Guide | |
| NXLog | Enterprise Edition | cef | Syslog | Access Control | Log Collection | Implementation Guide | |
| Proofpoint ObserveIT User Activity Monitoring | 7.1.0 | cef | Syslog | Access Control | Log Collection | Implementation Guide | |
|
OpenText Documentum (formerly EMC Documentum) |
6.5, 6.7, 7.0, 7.1 | emcdocumentum | ODBC | Database | Log Collection | Implementation Guide | |
| OPSWAT MetaAccess Cloud | admin, device, webhook, device_report | 3.2 | opswat | Plugin | Cloud | Log Collection | Implementation Guide |
| OPSWAT MetaDefender | 3.10 | REST | Endpoint | Log Collection | Implementation Guide | ||
| Oracle Access Manager | 10.1.4.0.3,11g R2 | oracleam | File,ODBC (for v11g R2) | Access Control | Log Collection | Implementation Guide | |
| Oracle Audit Vault | 10.3, 12.x, 20.3 | oracleav | ODBC | Database | Log Collection | Implementation Guide | |
| Oracle Database | 8i, 9i, 10g, 11g, 11.2g, 12c (Mixed mode auditing and Unified auditing on Windows), 18c (Unified auditing on Unix and Windows), 19c (Unified auditing on Unix and Windows). | oracle | Syslog, ODBC, File | Database | Log Collection | Implementation Guide | |
| Oracle Database (JDBC) | Database Audit Logs | Oracle 11.xg, Oracle 12c, 18c, 19c (Unified auditing on Unix and Windows) | Logstash | Database | Log collection | Implementation guide | |
| Oracle Database Vault | 10g R2 | oracledv | ODBC | Access Control | Log Collection | Implementation Guide | |
| Oracle Directory Server / Sun ONE | 11.1.1.7.1 | sunoneldap | File | Access Control | Log Collection | Implementation Guide | |
| Oracle Identity Manager | 9.1 | oracleim | ODBC | Access Control | Log Collection | Implementation Guide | |
| Oracle Internet Directory | 10.x | oracleid | ODBC | Access Control | Log Collection | Implementation Guide | |
| Oracle iPlanet Web Server | 6.1, 7.0 | oracleiplanetweb | File | Web Logs | Log Collection | Implementation Guide | |
| Oracle MySQL Enterprise | 5.x | mysql | SNMP | Database | Log Collection | Implementation Guide | |
| Oracle Solaris (formerly Sun Solaris) | 8, 9, 10, 11.x | solaris | Syslog | UNIX | Log Collection | Implementation Guide | |
| Oracle Solaris Basic Security Model (BSM) | 8, 9, 10, 11 | solarisbsm | Syslog, File | UNIX | Log Collection | Implementation Guide | |
| Oracle WebLogic Server | 10.0, 10.3, 10.3.2, 10.3.5, 10.3.6, 12.x | oracleweblogic | File | Application Servers | Log Collection | Implementation Guide | |
| Palo Alto Enterprise Firewall | PAN OS versions 3.0, 4.0.7, 5.0, 6.0, 6.1, 6.1.x, 7.0, 7.1, 8.x, 9.x, 10.x | paloaltonetworks | Syslog | Firewall | Log Collection | Implementation Guide | |
| Palo Alto Enterprise Firewall | SSL Decrypt | Implementation Guide | |||||
| Palo Alto Panorama Management Server | 4.1.0, 5.1.4, 7.1, 8.x | paloaltonetworks | Syslog | Firewall | Log Collection | Implementation Guide | |
| Palo Alto Prisma Cloud |
21.x | prismacloud_audit | Syslog | Cloud | Log Collection | Implementation Guide | |
| PAS Global ICS | 5.5 | pasics | File | ICS | Log Collection | Implementation Guide Source Package |
|
| Picus | APIv1.0 | Implementation Guide | |||||
| Splunk Phantom RSA NetWitness Logs & Network App | Orchestration & Automation | Implementation Guide | |||||
| Splunk Phantom RSA Security Analytics App | Orchestration & Automation | Implementation Guide | |||||
| Pivotal HD | Other | Implementation Guide | |||||
| PostgreSQL | 8.4, 9.x | postgresql | Syslog | Database | Log Collection | Implementation Guide | |
| Progress WhatsUp Gold | 14.2 | whatsupgold | ODBC | Configuration Management | Log Collection | Implementation Guide | |
| Preempt Security Behavioral Firewall | 2.2 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| Proofpoint Email Security | 6.3, 7.2, 7.5, 8.x | proofpoint | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Proofpoint Targeted Attack Protection | API v1.0 | proofpoint | Plugin | Cloud | Log Collection | Implementation Guide | |
| Pulse Connect Secure (formerly Juniper SSL VPN) | 5.4, 5.5, 6.0, 6.2 R2, 6.5 R2, 7.0 R2, 7.1 R5, 7.2 R1, 8.0, 8.0 R7.1, 8.x, and 9.x | junipervpn | Syslog | VPN | Log Collection | Implementation Guide | |
| Qualys Vulnerability Management | API V2.0 | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
| Radiator Radius Server | 4.x | radiator | File | Access Control | Log Collection | Implementation Guide | |
| Radiflow iSID | N/A | cef | Syslog | ICS | Log Collection | Implementation Guide | |
| Radware AppWall | 5.6 | radwarepe | Syslog | Application Firewall | Log Collection | Implementation Guide Source Package |
|
| Radware DefensePro | 5.01.02, 6.05, 8.x | radwaredp | Syslog, SNMP | IPS | Log Collection | Implementation Guide | |
| Rapid7 NeXpose | 4.8, 5.0, 5.2, 5.10, 6.x | nexpose | File | Vulnerability | Log Collection | Implementation Guide | Source Implementation | |
| Raz-Lee iSecurity for IBM iSeries | 11.4 | cef | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Recorded Future Cyber Threat Intelligence | Threat Intel | Implementation Guide | Integration Guide | |||||
| Riverbed Cascade Profiler (formerly known as mazu Profiler) | 5.5.2, 6.0, 7.0, 9.5.1 | mazuprofiler | SNMP | IPS | Log Collection | Implementation Guide | |
| Riverbed Steelhead | 7.0.2, 9.x | riverbedsteelhead | Syslog, SNMP | Router | Log Collection | Implementation Guide | |
| RSA Access Manager | 6.0, 6.2 on Solaris, Windows, and Linux | rsaaccessmgr | File | Access Control | Log Collection | Implementation Guide | |
| RSA Adaptive Authentication (Hosted) | 8.8, 8.9, 9.0, 9.1 | rsaaah | File | Access Control | Log Collection | Implementation Guide | |
| RSA Adaptive Authentication (OnPrem) | 6.0.2.1 | rsaaaop | Syslog | Access Control | Log Collection | Implementation Guide | |
| RSA Archer Suite | 5.1, 5.5.1, 6.x | rsaarcher | ODBC | Application Servers | Log Collection | Implementation Guide | |
| RSA Certificate Manager | 6.8 | rsacm | File | Access Control | Log Collection | Implementation Guide | Source Package | |
| RSA Data Loss Prevention Suite | 7.0.0, 8.0, 8.0 SP1, 8.5, 8.8, 9.x | rsadlp | Syslog | DLP | Log Collection | Implementation Guide | |
| RSA Data Protection Manager (formerly RSA Key Manager) | 2.1.3, 2.5, 2.7, 3.1 | rsakeymanager | Syslog | Access Control | Log Collection | Implementation Guide | |
| RSA Federated Identity Manager | 4.1 | rsafim | File | Access Control | Log Collection | Implementation Guide | |
| RSA Identity Governance & Lifecycle | 6.5.1, 6.9 | rsaaveksa | ODBC | Access Control | Log Collection | Implementation Guide | |
| RSA NetWitness Endpoint (formerly ECAT) | 3.4, 4.x | rsaecat | Syslog | Antivirus | Log Collection | Implementation Guide | |
| RSA NetWitness Platform (formerly RSA NetWitness Suite) | 10.5, 10.6 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| RSA NetWitness Platform Malware Analysis | 1.0.5.0 | netwitnessspectrum, cef | Syslog | Antivirus | Log Collection | Implementation Guide | |
| RSA SecurID Access Authentication Mgr | 8.x | rsaacesrv | Syslog | Access Control | Log Collection | Implementation Guide | |
| RSA SecurID Access Identity Router (formerly Via Access) | All latest versions | rsaviaaccess | Syslog | Access Control | Log Collection | Implementation Guide | |
| RSA SecurID Access Cloud Authentication Service | All latest versions | cef (v11.4.x), rsasecuridaccess (v11.5 and beyond) | Plugin | Access Control | Log Collection | Implementation Guide | |
| RSA Web Threat Detection (formerly Silver Tail System Forensics and Mitigator) |
|
Forensics 1.x, 2.x, and 3.x Mitigator 1.x, 2.x and 3.x Web Threat Detection 4.6, 5.0, 5.0.2 |
silvertailforensics | Syslog | Analysis | Log Collection | Implementation Guide |
| SafeBreach | N/A | N/A | N/A | N/A | Log Collection | Implementation Guide | |
| Safend Protector | 3.x | safendprotector | Syslog | Configuration Management | Log Collection | Implementation Guide | |
| SafeNet Hardware Security Module | 6.2.0, 8.x | safenethsm | Syslog | Access Control | Log Collection | Implementation Guide | |
| Safestone DetectIT | 14.3 | detectit | Syslog | Analysis | Log Collection | Implementation Guide | |
| Salesforce | API v1.0 | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
| SAP ERP Central Component | 4.6 through 7.x | sap | File | Application Servers | Log Collection | Implementation Guide | Source Package | |
| Secdo Platform | Other | Implementation Guide | |||||
| SECUDE Halocore | Halocore v3.8/ BI Launchpad 4.1 minimum SP2 | cef | Syslog | Document | Log Collection | Implementation Guide | |
| SECUDE Security Intelligence | 1 | secudesi | File | Analysis | Log Collection | Implementation Guide | |
| Securaa | APIv1.0 | Implementation Guide | |||||
| Securonix SNYPR | 6.0 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| Sendmail |
|
Sendmail : 8.x Solaris: 8, 9, 10, 11.x Red Hat Enterprise Linux : 3.x, 4.x, 5.x, 6.0, 7.0 |
rhlinux, solaris | Syslog | UNIX | Log Collection | Implementation Guide |
| Senrio Insight | 1.0 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| Sentryo ICS CyberVision (part of Cisco Systems) | 2.0.3 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| ServiceNow ITSM | Other | Implementation Guide | |||||
| Siemplify ThreatNexus | 2.5 | Orchestration & Automation | Implementation Guide | ||||
| Silver Peak WAN | 5.1.1.0 | silverpeakwan | Syslog | Router | Log Collection | Implementation Guide | |
| SkyFormation | 2.2.4 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| SkyHigh Networks Enterprise Connector | 3.3.3 | cef | Syslog | Analysis | Log Collection | Implementation Guide | |
| Slack | Other | Implementation Guide | |||||
| Solarwinds IPAM | 4.x | solarwindsipam | Syslog | Configuration Management | Log Collection | Implementation Guide | |
| Soltra Edge | Threat Intel | Implementation Guide | |||||
| SonicWALL Firewall | SonicOS 5.8 and SonicOS Enhanced 6.x | sonicwall | Syslog | Firewall | Log Collection | Implementation Guide | |
| SonicWall E-Class SRA / Aventail SSL VPN | 8.8, 9.0, 10.x | aventail | Syslog, File | VPN | Log Collection | Implementation Guide | |
| SonicWALL Email Security | 7.2 | sonicwallemail | Syslog | VPN | Log Collection | Implementation Guide | |
| SonicWALL Global Management System | 6 | sonicwallgms | ODBC | Configuration Management | Log Collection | Implementation Guide | |
| Sophos Enterprise Console | 3.0, 4.5, 4.7, 5.x | sophos | ODBC,SNMP | Antivirus | Log Collection | Implementation Guide | |
| Sophos UTM (formerly Astaro SG) | 9.x, 17.x | astarosg | Syslog | Firewall | Log Collection | Implementation Guide | Solution Brief | Solution Data Sheet | |
| Splunk | Other | Implementation Guide | |||||
| Squid | 2.5.9, 2.7, 3.x | squid | File | Web Logs | Log Collection | Implementation Guide | |
| SSH Communications Security CryptoAuditor | SSL Decrypt | Implementation Guide | |||||
| STEALTHbits StealthINTERCEPT | 3.3 | stealthinterceptpe | Syslog | Access Control | Log Collection | Implementation Guide Source Package |
|
| Stonesoft StoneGate Management Center (part of Forcepoint LLC.) | 5.3 | stonesoftsgpe | Syslog | Firewall | Log Collection | Implementation Guide Source Package |
|
| Swimlane | Orchestration & Automation | Implementation Guide | |||||
| Sybase ASE | 15.x | sybasease | ODBC | Database | Log Collection | Implementation Guide | |
| Symantec Brightmail (part of Broadcom Inc.) | 9.5.3 | symantecbrightmail | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Symantec Critical Systems Protection (part of Broadcom Inc.) | 5.2.4, 5.2.8, 5.2.9 | symanteccsp | ODBC, SNMP | IPS | Log Collection | Implementation Guide | |
| Symantec Data Center Security | All Events : CSPEVENT_VW | 6.9 | symantecdcs | ODBC | Security.IDS | Log Collection | Implementation Guide |
| Symantec DeepSight Intelligence (part of Broadcom Inc.) | Threat Intel | Implementation Guide | |||||
| Symantec DLP (part of Broadcom Inc.) | 10.5.1, 11, 12.x, 14.x, 15.x | symantecdlp | Syslog | DLP | Log Collection | Implementation Guide | |
| Symantec Endpoint Protection (part of Broadcom Inc.) | 9.0, 10.0, 10.1, 10.2, 11, 11.0.5, 11.0.6, 12, 14, 15 (Syslog only) | symantecav | Sylog, ODBC, SNMP | Antivirus | Log Collection | Implementation Guide | |
|
Symantec Endpoint Security Events |
14.3.x | symantec_endpointsecurity | Plugin | Host.Cloud | Log Collection | Implementation Guide | |
| Symantec Endpoint Security Incidents | 14.3.x | symantec_endpointsecurity | Plugin | Host.Cloud | Log Collection | Implementation Guide | |
| Symantec Web Security Services (part of Broadcom Inc.) | API v1.0 | symantec_wss | Plugin | Host.Cloud | Log Collection | Implementation Guide | |
| Syncurity IR Flow | Orchestration & Automation | Implementation Guide | |||||
| Tenable Nessus | NessusClient 1.0.2 Nessus 3.0.6, 4.0.1, 4.2, 4.4, 5.0, 7.x, 8.x | nessusvs | File | Vulnerability | Log Collection | ||
| ThreatConnect Threat Intelligence Platform | Threat Intel | Implementation Guide | |||||
| ThreatQuotient Threat Intelligence Platform | Threat Intel | Implementation Guide | |||||
| Trend Micro Deep Security | 7.0, 7.5, 8.0, 9.x,10.x, 11.x, 12.x | trendmicrods, cef | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Trend Micro Deep Security Agent | 7.0, 7.5, 9.x, 10.x | trendmicrodsa | Syslog | Application Firewall | Log Collection | Implementation Guide | |
| Trend Micro Deep Discovery Analyser | 6.x | cef | Syslog | Advanced Threat Detection | Log Collection | Implementation Guide | |
| Trend Micro InterScan Messaging Security Suite | 7.1, 9.1 | trendmicroimss | File, SNMP (for 7.1)Syslog (for 9.1) | Application Firewall | Log Collection | Implementation Guide | |
| Trend Micro InterScan Web Security | 3.1, 5.6, 6.x | trendmicroiwss | File,ODBC (3.1 only), Syslog (5.6, 6.x) | Web Logs | Log Collection | Implementation Guide | |
| Trend Micro OfficeScan / Control Manager | 7.0, 8.0, 10.0, 10.5, 10.6, 11.x | trendmicro | Syslog, SNMP | Antivirus | Log Collection | Implementation Guide | |
| Trend Micro OSSEC | 2.5.1, 2.6 | trendmicroossec | Syslog | Intrusion | Log Collection | Implementation Guide | |
| Trend Micro TippingPoint (formerly HP TippingPoint) | 2.x, 3 . x, 4.x, 5.x | tippingpoint | Syslog | IDS | Log Collection | Implementation Guide | |
| Trend Micro ScanMail | ScanMail 8.0 Service Pack 1, 10.2, 14.x | trendmicroscanmail, cef | SNMP | Application Firewall | Log Collection | Implementation Guide | |
| Trend Micro Server Protect | 5.8 | trendmicrosp | SNMP | Antivirus | Log Collection | Implementation Guide | |
| Tripwire Enterprise | 5.4, 5.5, 7.x, 8.x | tripwire | Syslog,File | Configuration Management | Log Collection | Implementation Guide | |
| Tufin SecureTrack | 12.2, 20.1 | tufinsecuretrack | Syslog | Configuration Management | Log Collection | Implementation Guide | |
| UnboundID Identity Data Store | 4.5.1.1 | unboundidids | Syslog | Access Control | Log Collection | Implementation Guide | |
| Universal REST API | o365 message trace, proofpoint SIEM, sailpointiiq | API v1.0 | o365_trace, proofpoint, sailpointiiq | Plugin | Cloud | Log Collection | Implementation Guide |
| Varonis DatAdvantage | 5.5, 5.9, (6.x for Syslog only) | varonisprobe | ODBC for 5.5Syslog for 5.9 | Access Control | Log Collection | Implementation Guide | |
| FireEye Mandiant Security Validation (formerly Verodin) | Other | Implementation Guide | |||||
| VMware Unified Access Gateway (UAG) | 2209 | vmwareuag | Syslog | Access Control | Log Collection | Implementation Guide | |
| VMware AppDefense | API v1.0 | cef | Plugin | Cloud | Log Collection | Implementation Guide | |
| VMware Workspace ONE UEM | 1904 & above | vmwareworkspaceone | Syslog | Configuration Management | Log Collection | Implementation Guide | |
| VMware ESX / ESXi | ESX: 3.0.3, 3.5, 4.0, 4.1ESXi: 3.5, 4.0, 4.1, 5.0, 5.1, 5.5, 6.xEmbedded ESXi: 3.5, 4.0 | vmware_esx_esxi | VMware Collector | Virtualization | Log Collection | Implementation Guide | |
| VMware NSX | 6.x | vmware_nsx | Syslog | Virtualization | Log Collection | Implementation Guide | |
| VMware Orchestrator | 5.5 | vmware_vco | ODBC | Virtualization | Log Collection | Implementation Guide | |
| VMware vCenter Server | VirtualCenter Server: 2.0.2, 2.5vCenter Server: 4.1, 5.0, 5.1, 5.5, 6.x | vmware_vc | VMware Collector | Virtualization | Log Collection | Implementation Guide | |
| VMware vCloud Director | 1 | vmware_vcloud | Syslog | Configuration Management | Log Collection | Implementation Guide | |
| VMware View | 3.1, 4.0, 4.5, 4.6, 5.0, 5.1, 5.2, 5.3, 6.0, 7.x | vmware_view | File, ODBC, Syslog | Virtualization | Log Collection | Implementation Guide | |
| VMware vRealize Automation | 6.0.1, 6.2 | vmware_vcac | ODBC | Virtualization | Log Collection | Implementation Guide | |
| VMware vRealize Operations Manager | 5.8.2, 6.0 | vmware_vcops | SNMP, Syslog | Virtualization | Log Collection | Implementation Guide | |
| VMware vShield and vShield Manager | 4.1, 5.0, 5.1.4 | vmware_vshield | Syslog | Firewall | Log Collection | Implementation Guide | |
| Voltage SecureData | 5.x, 6.x | voltagesecuredata | Syslog | DLP | Log Collection | Implementation Guide | |
| Vorstack Automation and Collaboration Platform ACP | 5.1 | Orchestration & Automation | Implementation Guide | ||||
| VSS Monitoring | 2.3 | vssmonitoring | SNMP | System | Log Collection | Implementation Guide | |
| X15 Enterprise | Other | Implementation Guide | |||||
| Zscaler NSS | Web Logs | 4.1M | zscalernss | Syslog | Web Logs | Log Collection |
NetWitness recommends you to use ZScaler ZIA parser to collect Web Logs. Zscaler NSS will be discontinued and NetWitness deprecates the Zscaler NSS.
|
| Zscaler Deception | 4.13.10 | deception | Syslog | IPS | Log Collection | Implementation Guide | |
| Zscaler ZIA | Web Logs, Tunnel Logs, Firewall Logs, DNS Logs, SAAS Security, SAAS Security Activity | 4.1M | zscalerzia | Syslog | Cloud | Log Collection | Implementation Guide |
| Zscaler ZPA | 4.1M | zscalerzpa | Syslog | User Activity, User Status, App Connector Status, Private Service Edge Status, Browser Access, Audit Logs, App Connector Metrics, or Private Service Edge Metrics | Log Collection | Implementation Guide | |
| IOTech Edge XPERT | IoT | ||||||
| SmartHub INFER | IoT | ||||||
| Technotects EdgeX | IoT | ||||||
| Technotects EdgeSmart | IoT | ||||||
| Websym FaktoryWize | IoT | ||||||
| Websym Tezeva | IoT |
Helpful Links
Featured Integrations
