This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Platform Integrations
Browse the vast catalog of parsers, rules, feeds and more that can enhance your experience with the NetWitness Platform.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • Products
  • NetWitness Platform
  • Integrations
  • Options
    • My Contributions
    • Subscribe
    • Bookmark
    • Subscribe to RSS Feed
Vendor & Product Event Type Version Parser Name Collection Method Device Class Category Resources
A10 Networks Thunder Series           SSL Decrypt Implementation Guide
Solution Brief
Absolute Data and Device Security (DDS)   Absolute DDS Customer Center 5.26+, SIEM Connector 1.1 absolutesiemconnectorpe Syslog Analysis Log Collection Implementation Guide | 
Source Package
Acalvio ShadowPlex   2017.07 cef Syslog Advanced Threat Detection Log Collection Implementation Guide
Accurev   6.0.1 accurev File CMS Log Collection Implementation Guide | Source Package
Actiance Vantage   12.2 actiancevantage ODBC Analysis Log Collection Implementation Guide
ActivIdentity 4TRESS AAA Server   6.4.1 actividentity ODBC Access Control Log Collection Implementation Guide
AirMagnet Enterprise   7.5, 8.5, 10.1 airmagnetenterprise Syslog Wireless Devices Log Collection Implementation Guide
AirTight Management Console   7.0, 7.1 U4 airtightmc Syslog Intrusion Log Collection Implementation Guide
AirTight Networks SpectraGuard Enterprise   6.5, 6.6, 6.7 atnspectraguardpe Syslog IPS Log Collection Implementation Guide
Source Package
Akamai Kona Site Defender   1 cef Syslog Application Firewall Log Collection Implementation Guide
Alcatel-Lucent OmniSwitch   6600, 6850, 9700 alcatelomniswitch Syslog, SNMP Switch Log Collection Implementation Guide
ALTOR (A Juniper Networks Company) Security Suite   4.0 altorpe Syslog Firewall Log Collection Implementation Guide
Source Package
Amazon AWS AppFabric Audit Logs N/A appfabric Plugin Cloud Log Collection Implementation Guide
Amazon AWS CloudTrail   N/A cef Plugin Cloud Log Collection

Implementation Guide

Implementation Guide 

Amazon AWS Detective   API v1.0 cef Plugin Cloud Log Collection

Implementation Guide

Product Manager Blog

Amazon AWS GuardDuty   All cef Plugin Cloud Log Collection Implementation Guide
Product Manager Blog
Amazon AWS Kinesis   API v1.0 aws, aws_cloudtrail, aws_route53resolver Plugin Cloud Log Collection Implementation Guide
Amazon AWS Security Hub   API v1.0 aws_securityhub Plugin Cloud Log Collection Implementation Guide
Amazon AWS VPC Flow Logs   All cef Plugin Cloud Log Collection Implementation Guide
Amazon AWS VPC Traffic Mirror   All       Network TAP Implementation Guide
Amazon AWS Cloudwatch   API v1.0 aws, aws_cloudtrail, aws_route53resolver, aws_windows Plugin Cloud Log Collection Implementation Guide
Amazon S3 Universal Connector
 Cloudtrail, VPC Flow Logs, AWS WAF Logs, AWS Directory Service, Windows Logs, CiscoUmbrella, Opswat MetaAccess Cloud, Jamf Protect, Application Load Balancer (ALB) access logs, cloudflarerbi, AppFabric, CloudFront access logs API v1.0 aws, aws_cloudtrail, cisco_umbrella, aws_windows, aws_waf, jamf, cloudflarerbi, appfabric Plugin Cloud Log Collection Implementation Guide
Anomali Link    API v1.0   Plugin Cloud Log Collection Implementation Guide
Anomali ThreatStream Intelligence Platform           Threat Intel Implementation Guide
Anomali STAXX           Threat Intel Implementation Guide
Apache HTTP Server   2.x apache Syslog, File Web Logs Log Collection Implementation Guide | Source Package
Apache Tomcat Server   6.0, 7.0, 8.x apachetomcat Syslog, File Web Logs Log Collection Implementation Guide | Source Package
APCON Inc. IntellaFlex Series 3000           Network TAP Implementation Guide
Apcon IntellaPatch Series 3000 Network Monitoring Switch   4.34.2 apconintellapatch Syslog Switch Log Collection Implementation Guide
Trustwave DbProtect (formerly Application Security; part of Singtel)   6.0 appsecdbprotect ODBC Database Log Collection Implementation Guide
Arbor Networks Peakflow SP5   5.X, 9.X arborpeakflowsp Syslog IPS Log Collection Implementation Guide
Arbor Networks Peakflow X   4.1 arborpeakflow Syslog IPS Log Collection Implementation Guide
ArcSight ESM           Other Implementation Guide & Source Package
Array Networks SPX Series Universal Access Controllers   8.4.6 arrayspxpe Syslog VPN Log Collection Implementation Guide
Source Package
Artifactory   3.3.0.1 artifactory File CMS Log Collection Implementation Guide | Source Package
Aruba Networks AirWave   6.3.x, 6.4.x, 7.5.x arubaairwave Syslog Wireless Devices Log Collection Implementation Guide
Aruba Networks ClearPass Policy Manager   5.2, 6.x arubacppm Syslog Access Control Log Collection Implementation Guide
Aruba Networks Mobility Controller   ArubaOS 2.5.4.0, 3.4, 6.x arubanetworks Syslog Wireless Devices Log Collection Implementation Guide
Atlassian Stash   2.12, 3.3.1, 3.5.1 stash File CMS Log Collection Implementation Guide | Source Package
AttackIQ Platform   Dec 2020     Analysis Log Collection Configuration Guide
Attivo ThreatMatrix Platform   4.x cef Syslog Analysis Log Collection Implementation Guide
Avecto Privilege Guard   3.5 avectopg Windows Access Control Log Collection Implementation Guide
Avocent IP KVM   Dell PowerEdge 2161DS-2 avocentkvm SNMP Network Log Collection Implementation Guide
Azure Sentinel Incidents   api-version = 2023-02-01 azure

Plugin

 

via msazuregraph plugin

Cloud Log Collection Implementation Guide
Barracuda Spam Firewall   3.4, 3.5, 6.1.x, 8.x barracudasf Syslog Antivirus Log Collection Implementation Guide
Barracuda Web Application Firewall   Firmware: 7.4.0, 7.8.0, 7.9.2, 8.x, 9.x barracudawaf Syslog Application Firewall Log Collection Implementation Guide
Bayshore Networks SingleKey   6.3 cef Syslog Analysis Log Collection Implementation Guide
DenyAll WAF (formerly Bee Ware Web Application Firewall)   5.x beewarewaf Syslog Application Firewall Log Collection Implementation Guide
BeyondTrust Powerbroker Endpoint Protection (formerly eEye Blink Endpoint Protection)   4.x eeyeblink SNMP Intrusion Log Collection Implementation Guide
BeyondTrust Retina Network Security Scanner (formerly eEye Retina Network Security Scanner)   5.1 eeyeretina Syslog, SNMP IDS Log Collection Implementation Guide
BeyondTrust PowerBroker Servers   7, 8 beyondtrustpe Syslog Access Control Log Collection Implementation Guide | 
Source Package
BigFix Enterprise Suite   7.2 bigfix ODBC Configuration Management Log Collection Implementation Guide
Bind DNS

 

Bind: 9.x, 11

RHEL: 3.x, 4.x, 5.x, 6.0, 7.0

Solaris: 8, 9, 10, 11.x

rhlinux, solaris Syslog UNIX Log Collection Implementation Guide
Bit9 Security Platform   6.0.2, 7.0, 7.2 bit9 Syslog, ODBC Application Firewall Log Collection Implementation Guide
Blackberry Ltd Enterprise Server   5.x blackberryes File Messaging Log Collection Implementation Guide
Blue Coat Systems Inc. Director (part of Broadcom Inc.)   5.5.1.1, 5.5.2.3, 6.1.1.1 bluecoatdirector Syslog Configuration Management Log Collection Implementation Guide
Blue Coat Systems Inc. ProxyAV (part of Broadcom Inc.)    3.3.1.2, 3.5.1.1 bluecoatproxyav Syslog, SNMP Antivirus Log Collection Implementation Guide
Blue Coat Systems Inc. ProxySG SGOS (part of Broadcom Inc.)    4.x, 5.x, 6.x, 7.x cacheflowelff Syslog, File Web Logs Log Collection Implementation Guide
Blue Coat Systems Inc. SSL Visibility Appliance (part of Broadcom Inc.)           SSL Decrypt Implementation Guide
BlueCat   Adonis 7.0 bluecat Syslog System Log Collection Implementation Guide
BluVector Cortex   3.1 cef Syslog Analysis Log Collection Implementation Guide
BMC Remedy IT Service Management   7.6.04 bmcremedyitsm ODBC Configuration Management Log Collection Implementation Guide
Brocade FastIron Switch   FGS624P- STK brocadeswitch Syslog Switch Log Collection Implementation Guide
CA ACF2 (formerly IBM Mainframe ACF2)

 

Versions : r14 and higher

Supported Platforms : z/OS v1.9, v1.10, v1.11, v1.12, and v1.13

ibmacf2 FIle Mainframe Log Collection Implementation Guide | 
Source Package
CA Integrated Threat Management   r8, r8.1 caitm SNMP Antivirus Log Collection Implementation Guide
CA SiteMinder   r12 casiteminder File Access Control Log Collection Implementation Guide | 
Source Package
CA Top Secret   z/OS ibmtopsecret File Mainframe Log Collection Implementation Guide | 
Source Package
Carbon Black Cb Response   N/A carbonblack Syslog System Log Collection Implementation Guide
Source Package
Check Point GAiA   R77.20 rhlinux, checkpointfw Syslog UNIX Log Collection Implementation Guide
Check Point IPSO (formerly Nokia IPSO)   3.6, 3.7, 3.8, 3.9, 6.2 nokiaipso Syslog UNIX Log Collection Implementation Guide
Check Point Security Suite (IPS-1)   R76, R77.x, R80.x checkpointfw1, cef Check Point, Syslog Firewall Log Collection Implementation Guide
Check Point SPLAT OS   R75, 77.10 rhlinux Syslog UNIX Log Collection Implementation Guide
Cimcor CimTrak   2.0.6.11 cimcorcimtrakpe Syslog Intrusion Log Collection Implementation Guide
Source Package
Cisco 3300 Series Mobility Services Engine   5.2.91.0, 6.0.97.0, 7.0.105.0 ciscomse Syslog Wireless Devices Log Collection Implementation Guide
Cisco Adaptive Security Appliance (ASA)   7.x, 8.x, 9.x, 11.13 ciscoasa Syslog Firewall Log Collection Implementation Guide
Cisco Aggregation Services Router   3.3 ciscorouter Syslog Router Log Collection Implementation Guide
Cisco Aironet AP (Wireless Access Point)   IOS 12.2 ciscorouter Syslog Router Log Collection Implementation Guide
Cisco Application Control Engine   4710 ciscoace Syslog Application Delivery Log Collection Implementation Guide
Cisco ASA Security Services Module   4.x. 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 7.1.1 ciscoidsxml SDEE IDS Log Collection Implementation Guide
Cisco Catalyst Switch   Cisco Catalyst 6500, Cisco Catalyst 2960-CX ciscorouter Syslog Router Log Collection Implementation Guide
Cisco Firewall Service Module   4.1(5) ciscoasa Syslog Firewall Log Collection Implementation Guide
Cisco Identity Services Engine (ISE)   1.0, 1.1, 1.3, 1.4, 2.x ciscosecureacs Syslog Access Control Log Collection Implementation Guide
Cisco IOS   IOS 12.4, 15.x ciscorouter Syslog Router Log Collection Implementation Guide
Cisco IronPort Email Security Appliance   5.7.0, 7.1.3, 8.0.1, 8.5.x, 11.x ciscoiportesa File, Syslog Application Firewall Log Collection Implementation Guide
Cisco IronPort Web Security Appliance (WSA)   5.7.0, 6.3, 7.x, 8.x, 9.x, 10.x ciscoiportwsa File, Syslog Web Logs Log Collection Implementation Guide | Source Package
CiscoWorks LAN Management Solution   3.2, 4.0 ciscolms ODBC Configuration Management Log Collection Implementation Guide
Cisco Advanced Malware Protection (AMP) for Endpoints   All cef Plugin Cloud Log Collection Implementation Guide
Cisco Meraki   MX60, GA 12.26 ciscomeraki Syslog Configuration Management Log Collection Implementation Guide
Cisco Network Admission Control (NAC)   4.7, 4.9 cisconac Syslog Access Control Log Collection Implementation Guide
Cisco Nexus   1000V, 5000V and 7000V cisconxos Syslog Switch Log Collection Implementation Guide
Cisco Prime Infrastructure & Wireless Control System

 

Prime Infrastructure: 1.1, 1.2, 2.0, 2.1

Wireless Control System: 7.0

ciscowcs SNMP Configuration Management Log Collection Implementation Guide
Cisco Secure Access Control Server (ACS)

 

Software only: 4.2

Appliance:5.x

ciscosecureacs Syslog Access Control Log Collection Implementation Guide
Cisco Secure Access Control Server (ACS) Express   5 ciscoacsxp Syslog Access Control Log Collection Implementation Guide
Cisco Secure IDS or IPS   4.x, 5.0, 5.1, 6.0, 6.1, 6.2, 7.x; Signature Engines: E1, E2, E3, E4 ciscoidsxml SDEE IDS Log Collection Implementation Guide
Cisco Security Agent   4.0, 5.1, 6.0 ciscosecagent ODBC, SNMP IDS Log Collection Implementation Guide
Cisco Sourcefire Defense Center / SNORT   4.x, 5.x, 6.x snort Syslog IDS Log Collection Implementation Guide
Cisco ThreatGRID           Threat Intel Implementation Guide
Cisco Umbrella   Schema Version 4 cisco_umbrella Plugin Cloud Log Collection Implementation Guide
Cisco Unified Computing System Manager   1.0 (2d) ciscoucs, cisconxos Syslog Configuration Management Log Collection Implementation Guide
Cisco Virtual Security Gateway   4.2(1)VSG(1) cisconxos Syslog Switch Log Collection Implementation Guide
Cisco Wireless LAN Controller (WLC) (2100 Series, 4400 Series, and 9800 Series)   5.2.157.0, 6.0.188, 7.0.9, 8.0, 8.x, 17.03.03 ciscowlc Syslog, SNMP Wireless Devices Log Collection Implementation Guide
CiscoWorks Common Services/Cisco Security Manager   2.3, 3.0, 3.3, 4.0 ciscoworks File Configuration Management Log Collection Implementation Guide | Source Package
Citrix Access Gateway   4.5, 4.6, 5.0 citrixag Syslog, File VPN Log Collection Implementation Guide
Citrix NetScaler   9.1, 9.2, 9.3, 10.0, 10.1, 10.5, 11.x, 13.x citrixns Syslog Application Firewall Log Collection Implementation Guide
Citrix XenApp   5 (for Windows Server 2003), 6, 6.5, 7.x citrixxa ODBC Virtualization Log Collection Implementation Guide
Citrix XenMobile MDM (formerly Zenprise MobileManager)

 

XenMobile Server 10.x

Xenmobile MDM version 8.6

Zenprise MobileManager 6.6

zenprisemdm Syslog, File Configuration Management Log Collection Implementation Guide
Claroty Platform   2.0, 2.1 cef Syslog Analysis Log Collection Implementation Guide
Clearswift SECURE Gateway Suite

 

Web Gateway: 3.0

Email Gateway: 3.6

Exchange Gateway: 1.0

ICAP Gateway: 1.0

clearswiftpe Syslog Application Servers Log Collection Implementation Guide
Source Package
Cloudera Navigator   4.8, 5.x clouderanavigator Syslog Access Control Log Collection Implementation Guide
CloudLink SecureVSA   3 aforecloudlink Syslog Access Control Log Collection Implementation Guide
Cofense Intelligence (formerly PhishMe)           Threat Intel Implementation Guide
CoreTrace Bouncer   6.0.1 coretracebouncerpe Syslog Application Firewall Log Collection Implementation Guide,
Source Package
CorreLog, Inc. SIEM Agent for IBM z/OS (part of BMC Software, Inc.)   5.5.1 z/OS cef Syslog Mainframe Log Collection Implementation Guide
CounterTack Event Horizon   3.1,3.1.7 countertackehpe Syslog Analysis Log Collection Implementation Guide | Source Package
Courion PasswordCourier   5 courionpc File Access Control Log Collection Implementation Guide I Source Package
cPacket Networks CVU Family           Network TAP Implementation Guide
Crossbeam C-Series   4.x, 5.x, 6.x crossbeamc Syslog UNIX Log Collection Implementation Guide
CryptoniteNXT       CEF   Log Collection Implementation Guide
Cuckoo Sandbox           Other Implementation Guide
Custom JDBC Database audit logs Any version of Oracle or ibmdb2    Logstash Database Log Collection Implementation Guide 
CyberArk Account Security and Identity Management

 

7.x, 8.x, 9.x, 10.x, 12.1

cyberark Syslog Access Control Log Collection

Implementation Guide | 
Source Package | 

Solution Brief

CyberArk Privileged Threat Analytics   2.6.3.1 cef Syslog Access Control Log Collection Implementation Guide
Cyberoam UTM   10.04.3 cyberoamutm Syslog Firewall Log Collection Implementation Guide
CyberSponse CyOps           Orchestration & Automation Implementation Guide
CyberX Platform 2.0   2.0 cef Syslog ICS Log Collection Implementation Guide
Cylance Protect   1.x cylance Syslog Antivirus Log Collection Implementation Guide
Cymulate Integration 
            Implementation Guide
Cyware Integration              Implementation Guide 
Damballa Failsafe   5.0.2, 6.2.0 damballa Syslog Antivirus Log Collection Implementation Guide
DataSunrise Database Security Suite   3.7 cef Syslog Analysis Log Collection Implementation Guide
Dell iDRAC   DRAC 5, iDrac 6, iDRAC 9.x delldrac SNMP, Syslog Access Control Log Collection Implementation Guide
Dell PowerConnect 5324 Switch   1.0.0.47 dellswitch Syslog Switch Log Collection Implementation Guide
Dell EMC Avamar   4.1, 6.0, 7.0 emcavamar ODBC, Syslog Storage Log Collection Implementation Guide
Dell EMC Celerra (also known as Dell EMC Control Station, Blades, DataMover, NSX)   7.0, 7.1 celerra SNMP Storage Log Collection Implementation Guide
Dell EMC Data Domain   5.1.0.4 emcdatadomain Syslog Storage Log Collection Implementation Guide
Dell EMC Data Protection Advisor   5.6 emcdpa ODBC Analysis Log Collection Implementation Guide
Dell EMC Greenplum Database   4 greenplum FIle Database Log Collection Implementation Guide
Dell EMC Greenplum HD   1.2 greenplumhd File Storage Log Collection Implementation Guide
Dell EMC Ionix Unified Infrastructure Manager   1.0, 2.1, 3.0, 3.1 emcionixuim Syslog, File, ODBC Configuration Management Log Collection Implementation Guide
Dell EMC Isilon   6.5.3.32, 6.5.5.7.x, 8.x emcisilon File, Syslog Storage Log Collection Implementation Guide
Dell EMC NetWorker   7.6 SP2 emcnetworker File Storage Log Collection Implementation Guide
Dell EMC Secure Remote Support (ESRS)   2 esrs Syslog Access Control Log Collection Implementation Guide
Dell EMC Symmetrix Solutions Enabler   6.4, 6.5.3, 7.0, 7.1, 7.3.0.1, 7.6.1 symmetrix Syslog, File Storage Log Collection Implementation Guide
Dell EMC VNX (formerly Clariion Navisphere)   Navisphere 6.28 and Unisphere 1.1 clariion SNMP Storage Log Collection Implementation Guide
Dell EMC Voyence   4.0.1 voyence SNMP Access Control Log Collection Implementation Guide
Dell EMC VPLEX   all emcvplex File Storage Log Collection Implementation Guide
Demisto Enterprise           Orchestration & Automation Implementation Guide
DFLabs IncMan   4.5+       Orchestration & Automation Implementation Guide
Digital Guardian   6.1   Syslog DLP Log Collection Implementation Guide | 
Source Package
Dropbox  dropbox events API v2.0 cef Plugin Cloud Log Collection Implementation Guide
Product Manager Blog
EclecticIQ Threat Intelligence Platform           Threat Intel Implementation Guide
EMC Fabric OS   6.1, 6.2 fabricos Syslog Switch Log Collection Implementation Guide
Endgame   2.5.4 cef Syslog System Log Collection Implementation Guide
Enforcive Enterprise Security (part of Precisely)   7.x cef Syslog Access Control Log Collection Implementation Guide

Extreme Networks Dragon IPS (formerly Enterasys Dragon)   5.x, 6.x, 7.2, 7.4 dragonids SNMP IDS Log Collection Implementation Guide
Extreme Networks Switch (formerly Enterasys Switch   S-Series enterasysswitch Syslog Switch Log Collection Implementation Guide
Enterprise IT-Security SF-NoEvasion   7.1 enterpriseitsfne Syslog Mainframe Log Collection Implementation Guide
Entrust Identity Guard   10.1 entrustig Syslog Access Control Log Collection Implementation Guide
ESET Remote Administrator   4.0, 5.0 eseterape ODBC Antivirus Log Collection Implementation Guide
Source Package
Evidian Authentication Manager   9.x, 10.x evidian ODBC Access Control Log Collection Implementation Guide
Exabeam Advanced Analytics   3.0 exabeampe Syslog Analysis Log Collection Implementation Guide
F-Secure   5.x fsecureav, cef Syslog, Windows Antivirus Log Collection Implementation Guide
F5 BIG-IP Access Policy Manager   10.2.0, 11.4 HF4, 11.5.2 HF1, 15.x bigipapm Syslog Access Control Log Collection Implementation Guide
F5 BIG-IP Advanced Firewall Manager   11.5 bigipafm Syslog Firewall Log Collection Implementation Guide
F5 BIG-IP Application Security Manager   10.2.0, 11.2, 11.5.x, 11.6,13.x, 14.x bigipasm Syslog Application Firewall Log Collection Implementation Guide
F5 BIG-IP Local Traffic Manager   9.4, 10.2.0, 11.x, 12.x, 13.x, 14.x, 15.x bigip Syslog Switch Log Collection Implementation Guide
F5 BIG-IP Virtual Edition           SSL Decrypt Deployment Guide (Version 11.3)
F5 Firepass SSL VPN   5.5-20051019, 7.0.1 firepass Syslog VPN Log Collection Implementation Guide
F5 SSL Orchestrator           SSL Decrypt Implementation Guide
FairWarning Privacy Monitoring   2.9.2, 4.x fairwarningpm File Analysis Log Collection Implementation Guide
FireEye Web Malware Protection System   6.x, 7.x, 8.x,  9.x fireeyewebmps Syslog Malware Log Collection Implementation Guide
FireEye Endpoint Security (FireEye HX)   5.1.x fireeyehx Logstash IPS Log Collection Implementation Guide
FluentD   1.15.1       Log Collection

Implementation Guide   

Source Package

Forcepoint DLP (formerly Websense Data Security)   7.x, 8.x websenseds Syslog DLP Log Collection Implementation Guide
Forcepoint Email Security)   8.x cef Syslog Antivirus Log Collection Implementation Guide
Forcepoint Web Security (formerly Websense Web Security)   5.5, 6.3, 7.0, 7.1, 7.5, 7.6, 7.7, 7.8.1, 7.8.4, 8.x websense SNMP, ODBC (7.5, 7.6, 7.7), (Syslog for 7.7 and later) Web Logs Log Collection Implementation Guide
ForeScout CounterACT   6.3.4.0, 7.x, 8.x forescoutcounteract Syslog Access Control Log Collection Implementation Guide
Fortinet FortiAnalyzer   5.x, 6.x, 7.x fortinetmgr Syslog Firewall Log Collection Implementation Guide
Fortinet Forticlient Endpoint Security   4.x forticlientendpoint Syslog Firewall Log Collection Implementation Guide
Fortinet FortiGate   2.8, 3.0, 4.0 MR1, 4.0 MR2, 5.x, 6.x fortinet Syslog Firewall Log Collection Implementation Guide
Fortinet FortiMail   4.0, 5.2, 6.x fortinetfortimail Syslog Application Firewall Log Collection Implementation Guide
Fortinet Manager   5.x, 6.x, 7.x fortinetmgr Syslog Firewall Log Collection Implementation Guide
Fox Technologies Server Control   6.5, 6.6 foxtpe Syslog Access Control Log Collection Implementation Guide
Source Package
Free BSD   5.x hpux Syslog UNIX Log Collection Implementation Guide
General Electric (GE) Centricity Enterprise Archive   4 gecea ODBC Document Log Collection Implementation Guide
General Electric (GE) Centricity PACS-IW   3.7.3 gepacs ODBC Document Log Collection Implementation Guide
Gigamon GigaSECURE           Network TAP Implementation Guide
Gigamon GigaSECURE OpenStack           Network TAP Implementation Guide
Gigamon GigaVUE FM Series           Network TAP Deployment Guide 
Gigamon SSL Solution           SSL Decrypt Implementation Guide
Git   1.7.6 git File CMS Log Collection Implementation Guide
GitHub Enterprise   2.8.x git Syslog CMS Log Collection Implementation Guide
GlobalSCAPE Enhanced File Transfer (EFT) Server   all versions up to 6.3.8 gseftserver File Web Logs Log Collection Implementation Guide
Google Cloud Platform (GCP)   API v1.0 cef/gcp Plugin Cloud Log Collection Implementation Guide
Google G Suite   API v1.0 googlesuite Plugin Cloud Log Collection Implementation Guide
Gurucul Risk Analytics           Other Implementation Guide
HelpSystems PowerTech Interact   3 powertechpe Syslog Analysis Log Collection Implementation Guide
Source Package
Hewlett Packard Integrity NonStop Server   All NonStop OS releases supported by HP hpnonstopserver Syslog Analysis Log Collection Implementation Guide
Hewlett Packard OpenVMS   all openvms File Midrange Log Collection Implementation Guide
Hewlett Packard ProCurve Switch   series 2600, 2800, 5300, 7510 hpprocurvesw Syslog Switch Log Collection Implementation Guide
Hewlett Packard UNIX   11.X, C2 v11.X hpux Syslog UNIX Log Collection Implementation Guide
Hitachi ID Privileged Access Manager / Password Manager   7.1.x, 7.2.x, 7.3.x hitachiidmsuitepe ODBC Access Control Log Collection Implementation Guide | Source Package
Huawei VRP   5.x, 6.x, 8.x huaweivrp Syslog Router Log Collection Implementation Guide
HyTrust CloudControl (formerly HyTrust Appliance)

 

Appliance: 2.0.10264, 2.5.1, 3.0.2, 3.6

CloudControl: 4.0

hytrust Syslog Access Control Log Collection Implementation Guide
IBM AIX   5L (Security and Authentication messages only), 6.1, 7.x aix Syslog UNIX Log Collection Implementation Guide
IBM DB2 Universal Database   7, 8, 8.1, 9.1, 9.5, 9.7, 10.x ibmdb2 File, ODBC Database Log Collection Implementation Guide
IBM DB2 Database Audit Logs 7, 8, 8.1, 9.1, 9.5, 9.7, 10.x   Logstash Database Log Collection Implementation Guide
IBM Domino   8.5, 9.x lotusdomino SNMP Mail Servers Log Collection Implementation Guide
IBM Guardium SQL Guard   7, 8.0.2, 9.5.x guardium Syslog Firewall Log Collection Implementation Guide
IBM iSeries AS400   V6.1.x, V7.1, V7.2 iseries File Midrange Log Collection Implementation Guide | Source Package
IBM ISS SiteProtector   2.0 SP6.1, SP7.0, SP8.0, SP8.1, SP9.0 iss ODBC IDS Log Collection Implementation Guide
IBM Mainframe DB2 for z/OS   Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, v2.1 and v2.2 ibmdb2 File Database Log Collection Implementation Guide | Source Package
IBM Mainframe ICSF   Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 ibmicsf File Mainframe Log Collection Implementation Guide
IBM Mainframe IDMS   Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 ibmidms File Mainframe Log Collection Implementation Guide
IBM Mainframe IMS   Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 ibmims File Mainframe Log Collection Implementation Guide
IBM Mainframe IPSec   Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 ibmmainframeipsec File Mainframe Log Collection Implementation Guide
IBM Mainframe RACF   Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, v2.1 and v2.2 ibmracf File Mainframe Log Collection Implementation Guide
IBM Mainframe Syslog and Hardcopy Log Facility   Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, 2.x ibmmfzossyslog File Mainframe Log Collection Implementation Guide
IBM Qradar   N/A       Other Implementation Guide
Supporting Files
IBM Tivoli Access Manager ESSO   8.0.1 ibmtamesso ODBC Access Control Log Collection Implementation Guide
IBM Tivoli Access Manager WebSEAL   6.0, 7.x, 9.x ibmtamws File, Syslog Access Control Log Collection Implementation Guide
IBM Tivoli Identity Manager   5.1 ibmtim ODBC Access Control Log Collection Implementation Guide
IBM WebSphere   6.0.0.1, 7.0.0.9, 8.0, 8.5 ibmwebsphere File Application Servers Log Collection Implementation Guide
IBM WebSphere DataPower   3.8.1, 7.x ibmwebspheredp Syslog System Log Collection Implementation Guide
IBM MQ (formerly branded as WebSphere MQ)   7.0.1 ibmwebspheremq File Messaging Log Collection Implementation Guide
Imperva CounterBreach   11.5 cef Syslog Analysis Log Collection Implementation Guide
Imperva SecureSphere   6, 7, 8, 8.5, 9.0, 9.5, 10.0 impervawaf Syslog Application Firewall Log Collection Implementation Guide
Tenable.ot powered by Indegy   3.x cef Syslog Analysis Log Collection Implementation Guide
Infoblox NIOS   5.1, 6.4.5, 8.x infobloxnios Syslog System Log Collection Implementation Guide
Interface Masters Niagara 2299           Network TAP Implementation Guide
Interface Masters Niagara 4272           Network TAP Implementation Guide
Intersect Alliance Snare for Linux   3.7 and later linux_snare Syslog UNIX Log Collection Implementation Guide
Invincea Threat Data Server   2.6 invincea Syslog Antivirus Log Collection Implementation Guide

IPFIX

  NetFlow v10 ipfix Logstash Switch Log Collection Implementation Guide
Ixia CloudLens (part of Keysight)           Network TAP Implementation Guide,
Deployment Guide (NW 10.6.x)
Deployment Guide (NW 11.3)
Ixia Vision ONE (part of Keysight)           Network TAP Implementation Guide
Ixia Phantom vTap (part of Keysight)           Network TAP Implementation Guide
Jamf Protect Alerts, Audit, Computer List API v1.0 jamf Plugin Cloud Log Collection Implementation Guide
J4Care Healthcare Connector   N/A j4carehcc Syslog Document Log Collection Implementation Guide
JBoss Application Server  

Application Server: 4.2, 5.0, 7.0

 

Enterprise Application Platform (EAP) :  4.3, 5.1, 6.4, and 7.1 on Windows

jboss File, Syslog Application Servers Log Collection Implementation Guide
Jenkins   1.58, 1.8.x, 2.x jenkins Syslog Application Servers Log Collection Implementation Guide
Juniper Networks Intrusion Detection and Prevention (IDP)   3.0, 3.1, 3.2, 4.0, 4.1, 5.0 netscreenidp Syslog, File IDP Log Collection Implementation Guide
Juniper Networks JUNOS   6.1, JUNOS 9.4, 9.6, 10.0, 10.3, 10.4, 11.1, 11.2, 11.4, 12.1, 17.x junosrouter Syslog Router Log Collection Implementation Guide
Juniper Networks NetScreen Firewall   5.1, 5.3, 5.4, 6.x netscreen Syslog Firewall Log Collection Implementation Guide
Juniper Networks NetScreen ScreenOS   5.1, 5.3, 5.4, 6.x netscreen Syslog Firewall Log Collection Implementation Guide
Juniper Networks NetScreen-Security Manager   2006, 2007, 2010, 2011, 2012 nsm Syslog, File Configuration Management Log Collection Implementation Guide
Juniper Networks Unified Access Control   2.2, 3.1, 4.5 juniperic Syslog Access Control Log Collection Implementation Guide
Juniper Networks Wireless LAN Controller   7.6.1 juniperwlc Syslog Wireless Devices Log Collection Implementation Guide
Juniper Steel-Belted Radius   5.4, 6.x junipersbr File Access Control Log Collection Implementation Guide
Kaspersky Anti-Virus   Kaspersky Security Center 9.0, 10.x,11.x, 14.0 Kaspersky Administration Kit 8.0 Kaspersky Anti-Virus for Microsoft ISA Server 2004 Enterprise Edition and 2006 Enterprise Edition kasperskyav ODBC, File Antivirus Log Collection Implementation Guide
Kaspersky CyberTrace (formerly Threat Feed Service)           Threat Intel Implementation Guide
Kaspersky Threat Intelligence Portal           Threat Intel Implementation Guide
Kernel Based Virtual Machine (KVM)   2.6.32-220 kvm File Virtualization Log Collection Implementation Guide
Kubernetes   1.18 kubernetes Logstash Configuration Management Log Collection Implementation Guide
Lancope StealthWatch   5.5, 5.6, 5.9, 5.10, 6.0 stealthwatch Syslog IDS Log Collection Implementation Guide
LANDesk Management Suite   9.0 Service Pack 2, 9.5 landesk ODBC Configuration Management Log Collection Implementation Guide
Lieberman Enterprise Random Password Manager (ERPM)   4.83.6 liebsofterpmpe Syslog Application Servers Log Collection Implementation Guide
Source Package
Linux (CentOS)   6 rhlinux Syslog UNIX Log Collection Implementation Guide
Linux (Debian GNU)   3.1, 4.0 rhlinux Syslog UNIX Log Collection Implementation Guide
Linux (Novell SuSE)   9, 10, 10.2, 11, 12.x, 15 rhlinux Syslog UNIX Log Collection Implementation Guide
Linux (Red Hat/RHEL)   3.x, 4.x, 5.x, 6.0, 7.x rhlinux Syslog UNIX Log Collection Implementation Guide
LogRhythm Platform           Other Implementation Guide
Lumension Endpoint Management and Security Suite   7 lumensionemss ODBC Configuration Management Log Collection Implementation Guide
M86 Secure Web Gateway (part of Trustwave)   10.1, 10.2 m86swgpe Syslog Application Firewall Log Collection Implementation Guide
Source Package
ManageEngine Netflow Analyzer   8.0, 9.5 manageenginenetflow ODBC Analysis Log Collection Implementation Guide
MapR Converged Data Platform (part of Hewlett Packard Enterprise)           Other Implementation Guide
McAfee Data Loss Prevention Endpoint   2.2, 3.0, 9.0, 9.1, 9.2, 9.3, 9.4.x, 10.x mcafeedlp ODBC DLP Log Collection Implementation Guide
McAfee Database Security   4.2, 5.x mcafeeds Syslog Application Firewall Log Collection Implementation Guide
McAfee Email Gateway (formerly CipherTrust IronMail)   5.5, 7.x ironmail, cef Syslog, SNMP Antivirus Log Collection Implementation Guide
McAfee Endpoint Encryption   5.2.2. 5.2.12 mcafeeendpoint File Access Control Log Collection Implementation Guide
McAfee Endpoint Security   10.x epolicy ODBC Antivirus Log Collection Implementation Guide
McAfee ePolicy Orchestrator   3.5, 3.6.0, 3.6.1, 4.0, 4.5, 4.6, 5.x epolicy ODBC Antivirus Log Collection Implementation Guide
McAfee Firewall Enterprise   6.1.1.x, 6.1.2.x, 7.0.0.x, 8.0, 8.x sidewinder Syslog Firewall Log Collection Implementation Guide
McAfee Host Intrusion Prevention (aka Entercept)   6.0.1 supported on McAfee ePolicy Orchestrator 3.6.0, 3.6.1 7.0, 8.0 supported on McAfee ePolicy Orchestrator 4.0 entercept ODBC IDS Log Collection Implementation Guide
McAfee Integrity Control   5.0.2, 5.1.0, 6.x mcafeeic ODBC Configuration Management Log Collection Implementation Guide
McAfee Network Access Control   3.1.1 mcafeenac ODBC Access Control Log Collection Implementation Guide
McAfee Network Data Loss Prevention (Reconnex)   8.6, 9.x mcafeereconnex ODBC, Syslog DLP Log Collection Implementation Guide
McAfee Network Security Platform   2.1, 3.1, 4.1, 5.1, 6.1, 7.1, 8.x, 9.x intrushield Syslog, ODBC (for version 5.1) IDS Log Collection Implementation Guide
McAfee Policy Auditor   5.2, 6.01, 6.2 mcafeepa ODBC Configuration Management Log Collection Implementation Guide
McAfee Security for Microsoft Exchange   8.x mcafeesecurity ODBC Antivirus Log Collection Implementation Guide
McAfee VirusScan Enterprise   8.x mcafeevirusscan ODBC Antivirus Log Collection Implementation Guide
McAfee Vulnerability Manager   5.0, 6.5.1, 6.8, 7.0, 7.5 mcafeefoundscan ODBC IDS Log Collection Implementation Guide
McAfee Web Gateway   6.8.5, 7.x, 8.x mcafeewg File, Syslog Web Logs Log Collection Implementation Guide
McKesson Horizon Patient Folder   15 mckessonhpf ODBC Document Log Collection Implementation Guide
Microdasys XML Security Gateway   1.1.0 microdasys_xsg File Application Firewall Log Collection Implementation Guide
Microsoft Audit Collection Services   2007 SP1 msacs ODBC Windows Hosts Log Collection Implementation Guide
Microsoft Azure Graph API  Directory Audit , Sign-Ins , Risk Detections , Security Alerts , Azure Sentinel Incidents API v1.0 azure Plugin Cloud Log Collection Implementation Guide 
Microsoft Azure: Admin Logs, Azure AD Audit/Sign-in (via native API)   All cef Plugin Cloud Log Collection Implementation Guide
Microsoft Azure: Admin Logs, Azure AD Audit/Sign-in (via Event Hub)   All cef Plugin Cloud Log Collection Implementation Guide
Product Manager Blog
Microsoft Azure Log Analytics Workspace Azure Kubernetes  All azure_loganalytics Plugin Cloud Log Collection Implementation Guide
Microsoft Azure NSG   All cef Plugin Cloud Log Collection Implementation Guide
Product Manager Blog
Microsoft Azure Monitor    API v1.0 cef, azure Plugin Cloud Log Collection Implementation Guide
Microsoft Azure Security Alerts   API v1.0 cef Plugin Cloud Log Collection Implementation Guide
Microsoft DHCP Server   2000, 2003, 2008, 2012, 2019 msdhcp File Application Servers Log Collection Implementation Guide | Source Package
Microsoft Exchange Server   2003, 2007, 2010, 2013, 2016, 2019 msexchange File, Windows Mail Servers Log Collection Implementation Guide
Microsoft Forefront Endpoint Protection   Forefront Client Security 1.1, 1.5 Forefront Endpoint Protection 2010 System Center 2012 Endpoint Protection msforefrontcs Windows, ODBC (for Forefront Client Security only) Antivirus Log Collection Implementation Guide
Microsoft Forefront Threat Management Gateway   Beta, ISA 2006, TMG 2010 msisa File, ODBC Firewall Log Collection Implementation Guide
Microsoft Forefront Unified Access Gateway   2010 msfuag Syslog, ODBC VPN Log Collection Implementation Guide
Microsoft Internet Information Services (IIS)   5.x, 6.x, 7.x, 8.x, 10.x microsoftiis File Web Logs Log Collection Implementation Guide
Microsoft Internet Security and Acceleration (ISA) Server   2000, 2004, 2006 msisa File, Windows Web Logs Log Collection Implementation Guide
Microsoft Network Access Protection   1.1 msnap ODBC Access Control Log Collection Implementation Guide
Microsoft Network Policy Server (NPS)   3.2, 4.0 msias File, Windows Access Control Log Collection Implementation Guide
Microsoft Office 365   API v1.0 msoffice365/cef Plugin Cloud Log Collection Implementation Guide
Product Manager Blog
Microsoft SharePoint Server   2007, 2010, 2013, 2016 mssharepoint Windows Storage Log Collection Implementation Guide
Microsoft SQL Server   2000, 2005, 2008, 2012, 2014, 2016, 2019, and MS SQL Express mssql ODBC, File, Windows Database Log Collection

Implementation Guide 

Source Package

Microsoft System Center Configuration Manager   2007, 2012 mssccm Windows Configuration Management Log Collection Implementation Guide
Microsoft System Center Operations Manager   2005, 2007, 2012, 2012 R2 mom Windows Configuration Management Log Collection Implementation Guide
Microsoft Team Foundation Server (TFS)   Microsoft TFS 2018 mstfs ODBC CMS Log Collection Implementation Guide
Microsoft URL Scan   3.x msurlscan File Web Logs Log Collection Implementation Guide
Microsoft Windows (Legacy)   Microsoft Windows Server versions 2003 and earlier winevent_nic Windows Legacy Windows Hosts Log Collection Implementation Guide
Microsoft Windows (via WinRM)   Server 2008, 2008 R2, 2012, 2012 R2 Data Center Edition, 2016, 2019 |  Windows 7, 8 and 10 winevent_nic Windows Windows Hosts Log Collection Implementation Guide
Microsoft Windows (via Adiscon Event Reporter, Intersect Alliance SNARE)   NT | 2000 | XP | 2003 |  Vista Business, Ultimate and Enterprise | Server 2008, 2008 Enterprise with Hyper-V | Server 2008 R2 Standard, Enterprise, and Datacenter | Web Server 2008 R2 |  Windows 7 Professional, Ultimate, and Enterprise  | Server 2012 | Server 2016 |  Server 2019 | Windows 8 and 10 winevent_er, winevent_snare Syslog Windows Hosts Log Collection Implementation Guide
Microsoft Windows (via RSA NetWitness Endpoint)   Windows 7, 8, 8.1, 10 |  Windows Server 2008, 2012, 2016, 2019 windows Syslog (via Agent) Windows Hosts Log Collection Implementation Guide | Blog Post
Microsoft Windows DNS   2008, 2012, 2016, 2019 winevent_snare, winevent_er, winevent_nic Syslog, File Windows Hosts Log Collection Implementation Guide
Microsoft Windows Server Update Service   3.0 SP 2 mswsus ODBC Configuration Management Log Collection Implementation Guide
Morphisec Endpoint Threat Prevention   2.7 cef Syslog Analysis Log Collection Implementation Guide
Motorola AirDefense Enterprise Console   7.2, 7.3, 8.1, 9.0 airdefense Syslog Wireless Devices Log Collection Implementation Guide
nCircle Configuration Compliance Manager   5.1 ncircleccm Syslog Configuration Management Log Collection Implementation Guide
NetApp Data ONTAP   6.x, 7.0-7.3.1.1, 8.x, 9.x netapp Syslog, Windows Legacy Storage Log Collection Implementation Guide
NETASQ Unified Manager   8.1.3, 9.0.2, 9.0.3.2 netasqutm Syslog Firewall Log Collection Implementation Guide
NetClarity NACwall   8.0.6 netclaritype Syslog Access Control Log Collection Implementation Guide
Source Package
Netflow   5, 9 cef, rsaflow Netflow Analysis Log Collection Implementation Guide
Netskope   API v1.0 cef Plugin Cloud Log Collection Implementation Guide
Network Critical SmartNAx Series           Network TAP Implementation Guide
NFDump   netflow v5, v7, v9NFDump v1.5.7, 1.6.x nfdump File System Log Collection Implementation Guide | Source Package
NFR NIDS   3.x, 4.x, 5.x nfrnids Syslog IDS Log Collection Implementation Guide

Nginx

  1,22 nginx Logstash Web Logs Log Collection Implementation Guide
Nominum Vantio (part of Akamai)   5.2 nominumvantiope Syslog Application Servers Log Collection Implementation Guide
Source Package
Novell eDirectory   8.8 for Windows and Linux edirectory SNMP Router Log Collection Implementation Guide
NXLog   Enterprise Edition cef Syslog Access Control Log Collection Implementation Guide
Proofpoint ObserveIT User Activity Monitoring   7.1.0 cef Syslog Access Control Log Collection Implementation Guide

OpenText Documentum

(formerly EMC Documentum)

  6.5, 6.7, 7.0, 7.1 emcdocumentum ODBC Database Log Collection Implementation Guide
OPSWAT MetaAccess Cloud admin, device, webhook, device_report 3.2 opswat Plugin Cloud Log Collection Implementation Guide
OPSWAT MetaDefender   3.10   REST Endpoint Log Collection Implementation Guide
Oracle Access Manager   10.1.4.0.3,11g R2 oracleam File,ODBC (for v11g R2) Access Control Log Collection Implementation Guide
Oracle Audit Vault   10.3, 12.x, 20.3 oracleav ODBC Database Log Collection Implementation Guide
Oracle Database   8i, 9i, 10g, 11g, 11.2g, 12c (Mixed mode auditing and Unified auditing on Windows), 18c (Unified auditing on Unix and Windows), 19c (Unified auditing on Unix and Windows). oracle Syslog, ODBC, File Database Log Collection Implementation Guide
Oracle Database (JDBC) Database Audit Logs Oracle 11.xg, Oracle 12c, 18c, 19c (Unified auditing on Unix and Windows)   Logstash Database Log collection Implementation guide
Oracle Database Vault   10g R2 oracledv ODBC Access Control Log Collection Implementation Guide
Oracle Directory Server / Sun ONE   11.1.1.7.1 sunoneldap File Access Control Log Collection Implementation Guide
Oracle Identity Manager   9.1 oracleim ODBC Access Control Log Collection Implementation Guide
Oracle Internet Directory   10.x oracleid ODBC Access Control Log Collection Implementation Guide
Oracle iPlanet Web Server   6.1, 7.0 oracleiplanetweb File Web Logs Log Collection Implementation Guide
Oracle MySQL Enterprise   5.x mysql SNMP Database Log Collection Implementation Guide
Oracle Solaris (formerly Sun Solaris)   8, 9, 10, 11.x solaris Syslog UNIX Log Collection Implementation Guide
Oracle Solaris Basic Security Model (BSM)   8, 9, 10, 11 solarisbsm Syslog, File UNIX Log Collection Implementation Guide
Oracle WebLogic Server   10.0, 10.3, 10.3.2, 10.3.5, 10.3.6, 12.x oracleweblogic File Application Servers Log Collection Implementation Guide
Palo Alto Enterprise Firewall   PAN OS versions 3.0, 4.0.7, 5.0, 6.0, 6.1, 6.1.x, 7.0, 7.1, 8.x, 9.x, 10.x paloaltonetworks Syslog Firewall Log Collection Implementation Guide
Palo Alto Enterprise Firewall           SSL Decrypt Implementation Guide
Palo Alto Panorama Management Server   4.1.0, 5.1.4, 7.1, 8.x paloaltonetworks Syslog Firewall Log Collection Implementation Guide
Palo Alto Prisma Cloud
  21.x prismacloud_audit Syslog Cloud  Log Collection Implementation Guide
PAS Global ICS   5.5 pasics File ICS Log Collection Implementation Guide
Source Package
Picus    APIv1.0         Implementation Guide
Splunk Phantom RSA NetWitness Logs & Network App           Orchestration & Automation Implementation Guide
Splunk Phantom RSA Security Analytics App           Orchestration & Automation Implementation Guide
Pivotal HD           Other Implementation Guide
PostgreSQL   8.4, 9.x postgresql Syslog Database Log Collection Implementation Guide
Progress WhatsUp Gold   14.2 whatsupgold ODBC Configuration Management Log Collection Implementation Guide
Preempt Security Behavioral Firewall   2.2 cef Syslog Analysis Log Collection Implementation Guide
Proofpoint Email Security   6.3, 7.2, 7.5, 8.x proofpoint Syslog Application Firewall Log Collection Implementation Guide
Proofpoint Targeted Attack Protection   API v1.0 proofpoint Plugin Cloud Log Collection Implementation Guide
Pulse Connect Secure (formerly Juniper SSL VPN)   5.4, 5.5, 6.0, 6.2 R2, 6.5 R2, 7.0 R2, 7.1 R5, 7.2 R1, 8.0, 8.0 R7.1, 8.x, and 9.x junipervpn Syslog VPN Log Collection Implementation Guide
Qualys Vulnerability Management   API V2.0 cef Plugin Cloud Log Collection Implementation Guide
Radiator Radius Server   4.x radiator File Access Control Log Collection Implementation Guide
Radiflow iSID   N/A cef Syslog ICS Log Collection Implementation Guide
Radware AppWall   5.6 radwarepe Syslog Application Firewall Log Collection Implementation Guide
Source Package
Radware DefensePro   5.01.02, 6.05, 8.x radwaredp Syslog, SNMP IPS Log Collection Implementation Guide
Rapid7 NeXpose   4.8, 5.0, 5.2, 5.10, 6.x nexpose File Vulnerability Log Collection Implementation Guide | Source Implementation
Raz-Lee iSecurity for IBM iSeries   11.4 cef Syslog Application Firewall Log Collection Implementation Guide
Recorded Future Cyber Threat Intelligence           Threat Intel Implementation Guide | Integration Guide
Riverbed Cascade Profiler (formerly known as mazu Profiler)   5.5.2, 6.0, 7.0, 9.5.1 mazuprofiler SNMP IPS Log Collection Implementation Guide
Riverbed Steelhead   7.0.2, 9.x riverbedsteelhead Syslog, SNMP Router Log Collection Implementation Guide
RSA Access Manager   6.0, 6.2 on Solaris, Windows, and Linux rsaaccessmgr File Access Control Log Collection Implementation Guide
RSA Adaptive Authentication (Hosted)   8.8, 8.9, 9.0, 9.1 rsaaah File Access Control Log Collection Implementation Guide
RSA Adaptive Authentication (OnPrem)   6.0.2.1 rsaaaop Syslog Access Control Log Collection Implementation Guide
RSA Archer Suite   5.1, 5.5.1, 6.x rsaarcher ODBC Application Servers Log Collection Implementation Guide
RSA Certificate Manager   6.8 rsacm File Access Control Log Collection Implementation Guide | Source Package
RSA Data Loss Prevention Suite   7.0.0, 8.0, 8.0 SP1, 8.5, 8.8, 9.x rsadlp Syslog DLP Log Collection Implementation Guide
RSA Data Protection Manager (formerly RSA Key Manager)   2.1.3, 2.5, 2.7, 3.1 rsakeymanager Syslog Access Control Log Collection Implementation Guide
RSA Federated Identity Manager   4.1 rsafim File Access Control Log Collection Implementation Guide
RSA Identity Governance & Lifecycle   6.5.1, 6.9 rsaaveksa ODBC Access Control Log Collection Implementation Guide
RSA NetWitness Endpoint (formerly ECAT)   3.4, 4.x rsaecat Syslog Antivirus Log Collection Implementation Guide
RSA NetWitness Platform (formerly RSA NetWitness Suite)   10.5, 10.6 cef Syslog Analysis Log Collection Implementation Guide
RSA NetWitness Platform Malware Analysis   1.0.5.0 netwitnessspectrum, cef Syslog Antivirus Log Collection Implementation Guide
RSA SecurID Access Authentication Mgr   8.x rsaacesrv Syslog Access Control Log Collection Implementation Guide
RSA SecurID Access Identity Router (formerly Via Access)   All latest versions rsaviaaccess Syslog Access Control Log Collection Implementation Guide
RSA SecurID Access Cloud Authentication Service   All latest versions cef (v11.4.x), rsasecuridaccess (v11.5 and beyond)  Plugin Access Control Log Collection Implementation Guide
RSA Web Threat Detection (formerly Silver Tail System Forensics and Mitigator)

 

Forensics 1.x, 2.x, and 3.x

Mitigator 1.x, 2.x and 3.x

Web Threat Detection 4.6, 5.0, 5.0.2

silvertailforensics Syslog Analysis Log Collection Implementation Guide
SafeBreach   N/A N/A N/A N/A Log Collection Implementation Guide
Safend Protector   3.x safendprotector Syslog Configuration Management Log Collection Implementation Guide
SafeNet Hardware Security Module   6.2.0, 8.x safenethsm Syslog Access Control Log Collection Implementation Guide
Safestone DetectIT   14.3 detectit Syslog Analysis Log Collection Implementation Guide
Salesforce   API v1.0 cef Plugin Cloud Log Collection Implementation Guide
SAP ERP Central Component   4.6 through 7.x sap File Application Servers Log Collection Implementation Guide | Source Package
Secdo Platform           Other Implementation Guide
SECUDE Halocore   Halocore v3.8/ BI Launchpad 4.1 minimum SP2 cef Syslog Document Log Collection Implementation Guide
SECUDE Security Intelligence   1 secudesi File Analysis Log Collection Implementation Guide
Securaa   APIv1.0         Implementation Guide
Securonix SNYPR   6.0 cef Syslog Analysis Log Collection Implementation Guide
Sendmail

 

Sendmail : 8.x

Solaris: 8, 9, 10, 11.x

Red Hat Enterprise Linux : 3.x, 4.x, 5.x, 6.0, 7.0

rhlinux, solaris Syslog UNIX Log Collection Implementation Guide
Senrio Insight   1.0 cef Syslog Analysis Log Collection Implementation Guide
Sentryo ICS CyberVision (part of Cisco Systems)   2.0.3 cef Syslog Analysis Log Collection Implementation Guide
ServiceNow ITSM           Other Implementation Guide
Siemplify ThreatNexus   2.5       Orchestration & Automation Implementation Guide
Silver Peak WAN   5.1.1.0 silverpeakwan Syslog Router Log Collection Implementation Guide
SkyFormation   2.2.4 cef Syslog Analysis Log Collection Implementation Guide
SkyHigh Networks Enterprise Connector   3.3.3 cef Syslog Analysis Log Collection Implementation Guide
Slack           Other Implementation Guide
Solarwinds IPAM   4.x solarwindsipam Syslog Configuration Management Log Collection Implementation Guide
Soltra Edge           Threat Intel Implementation Guide
SonicWALL Firewall   SonicOS 5.8 and SonicOS Enhanced 6.x sonicwall Syslog Firewall Log Collection Implementation Guide
SonicWall E-Class SRA / Aventail SSL VPN   8.8, 9.0, 10.x aventail Syslog, File VPN Log Collection Implementation Guide
SonicWALL Email Security   7.2 sonicwallemail Syslog VPN Log Collection Implementation Guide
SonicWALL Global Management System   6 sonicwallgms ODBC Configuration Management Log Collection Implementation Guide
Sophos Enterprise Console   3.0, 4.5, 4.7, 5.x sophos ODBC,SNMP Antivirus Log Collection Implementation Guide
Sophos UTM (formerly Astaro SG)   9.x, 17.x astarosg Syslog Firewall Log Collection Implementation Guide | Solution Brief | Solution Data Sheet
Splunk           Other Implementation Guide
Squid   2.5.9, 2.7, 3.x squid File Web Logs Log Collection Implementation Guide
SSH Communications Security CryptoAuditor           SSL Decrypt Implementation Guide
STEALTHbits StealthINTERCEPT   3.3 stealthinterceptpe Syslog Access Control Log Collection Implementation Guide
Source Package
Stonesoft StoneGate Management Center (part of Forcepoint LLC.)   5.3 stonesoftsgpe Syslog Firewall Log Collection Implementation Guide
Source Package
Swimlane           Orchestration & Automation Implementation Guide
Sybase ASE   15.x sybasease ODBC Database Log Collection Implementation Guide
Symantec Brightmail (part of Broadcom Inc.)   9.5.3 symantecbrightmail Syslog Application Firewall Log Collection Implementation Guide
Symantec Critical Systems Protection (part of Broadcom Inc.)   5.2.4, 5.2.8, 5.2.9 symanteccsp ODBC, SNMP IPS Log Collection Implementation Guide
Symantec Data Center Security  All Events : CSPEVENT_VW 6.9 symantecdcs ODBC Security.IDS Log Collection Implementation Guide
Symantec DeepSight Intelligence (part of Broadcom Inc.)           Threat Intel Implementation Guide
Symantec DLP (part of Broadcom Inc.)   10.5.1, 11, 12.x, 14.x, 15.x symantecdlp Syslog DLP Log Collection Implementation Guide
Symantec Endpoint Protection (part of Broadcom Inc.)   9.0, 10.0, 10.1, 10.2, 11, 11.0.5, 11.0.6, 12, 14, 15 (Syslog only) symantecav Sylog, ODBC, SNMP Antivirus Log Collection Implementation Guide

Symantec Endpoint Security Events

  14.3.x symantec_endpointsecurity Plugin Host.Cloud  Log Collection Implementation Guide
Symantec Endpoint Security Incidents   14.3.x symantec_endpointsecurity Plugin Host.Cloud  Log Collection  Implementation Guide
Symantec Web Security Services (part of Broadcom Inc.)   API v1.0 symantec_wss Plugin  Host.Cloud  Log Collection Implementation Guide
Syncurity IR Flow           Orchestration & Automation Implementation Guide
Tenable Nessus   NessusClient 1.0.2 Nessus 3.0.6, 4.0.1, 4.2, 4.4, 5.0, 7.x, 8.x nessusvs File Vulnerability Log Collection

Implementation Guide

Source Package

ThreatConnect Threat Intelligence Platform           Threat Intel Implementation Guide
ThreatQuotient Threat Intelligence Platform           Threat Intel Implementation Guide
Trend Micro Deep Security   7.0, 7.5, 8.0, 9.x,10.x, 11.x, 12.x trendmicrods, cef Syslog Application Firewall Log Collection Implementation Guide
Trend Micro Deep Security Agent   7.0, 7.5, 9.x, 10.x trendmicrodsa Syslog Application Firewall Log Collection Implementation Guide
Trend Micro Deep Discovery Analyser   6.x cef Syslog Advanced Threat Detection Log Collection Implementation Guide 
Trend Micro InterScan Messaging Security Suite   7.1, 9.1 trendmicroimss File, SNMP (for 7.1)Syslog (for 9.1) Application Firewall Log Collection Implementation Guide
Trend Micro InterScan Web Security   3.1, 5.6, 6.x trendmicroiwss File,ODBC (3.1 only), Syslog (5.6, 6.x) Web Logs Log Collection Implementation Guide
Trend Micro OfficeScan / Control Manager   7.0, 8.0, 10.0, 10.5, 10.6, 11.x trendmicro Syslog, SNMP Antivirus Log Collection Implementation Guide
Trend Micro OSSEC   2.5.1, 2.6 trendmicroossec Syslog Intrusion Log Collection Implementation Guide
Trend Micro  TippingPoint  (formerly HP TippingPoint)   2.x, 3 . x, 4.x, 5.x tippingpoint Syslog IDS Log Collection Implementation Guide
Trend Micro ScanMail   ScanMail 8.0 Service Pack 1, 10.2, 14.x trendmicroscanmail, cef SNMP Application Firewall Log Collection Implementation Guide
Trend Micro Server Protect   5.8 trendmicrosp SNMP Antivirus Log Collection Implementation Guide
Tripwire Enterprise   5.4, 5.5, 7.x, 8.x tripwire Syslog,File Configuration Management Log Collection Implementation Guide
Tufin SecureTrack   12.2, 20.1 tufinsecuretrack Syslog Configuration Management Log Collection Implementation Guide
UnboundID Identity Data Store   4.5.1.1 unboundidids Syslog Access Control Log Collection Implementation Guide
Universal REST API  o365 message trace, proofpoint SIEM, sailpointiiq API v1.0 o365_trace, proofpoint, sailpointiiq Plugin Cloud Log Collection Implementation Guide
Varonis DatAdvantage   5.5, 5.9, (6.x for Syslog only) varonisprobe ODBC for 5.5Syslog for 5.9 Access Control Log Collection Implementation Guide
FireEye Mandiant Security Validation (formerly Verodin)           Other Implementation Guide
VMware Unified Access Gateway (UAG)   2209 vmwareuag Syslog Access Control Log Collection Implementation Guide
VMware AppDefense   API v1.0 cef Plugin Cloud Log Collection Implementation Guide
VMware Workspace ONE UEM    1904 & above vmwareworkspaceone Syslog Configuration Management Log Collection  Implementation Guide
VMware ESX / ESXi   ESX: 3.0.3, 3.5, 4.0, 4.1ESXi: 3.5, 4.0, 4.1, 5.0, 5.1, 5.5, 6.xEmbedded ESXi: 3.5, 4.0 vmware_esx_esxi VMware Collector Virtualization Log Collection Implementation Guide
VMware NSX   6.x vmware_nsx Syslog Virtualization Log Collection Implementation Guide
VMware Orchestrator   5.5 vmware_vco ODBC Virtualization Log Collection Implementation Guide
VMware vCenter Server   VirtualCenter Server: 2.0.2, 2.5vCenter Server: 4.1, 5.0, 5.1, 5.5, 6.x vmware_vc VMware Collector Virtualization Log Collection Implementation Guide
VMware vCloud Director   1 vmware_vcloud Syslog Configuration Management Log Collection Implementation Guide
VMware View   3.1, 4.0, 4.5, 4.6, 5.0, 5.1, 5.2, 5.3, 6.0, 7.x vmware_view File, ODBC, Syslog Virtualization Log Collection Implementation Guide
VMware vRealize Automation   6.0.1, 6.2 vmware_vcac ODBC Virtualization Log Collection Implementation Guide
VMware vRealize Operations Manager   5.8.2, 6.0 vmware_vcops SNMP, Syslog Virtualization Log Collection Implementation Guide
VMware vShield and vShield Manager   4.1, 5.0, 5.1.4 vmware_vshield Syslog Firewall Log Collection Implementation Guide
Voltage SecureData   5.x, 6.x voltagesecuredata Syslog DLP Log Collection Implementation Guide
Vorstack Automation and Collaboration Platform ACP   5.1       Orchestration & Automation Implementation Guide
VSS Monitoring   2.3 vssmonitoring SNMP System Log Collection Implementation Guide
X15 Enterprise           Other Implementation Guide
Zscaler NSS  Web Logs 4.1M zscalernss Syslog Web Logs Log Collection

Implementation Guide

 
NetWitness recommends you to use ZScaler ZIA parser to collect Web Logs. Zscaler NSS will be discontinued and NetWitness deprecates the Zscaler NSS.

 

Zscaler Deception   4.13.10 deception Syslog IPS Log Collection Implementation Guide
Zscaler ZIA  Web Logs, Tunnel Logs, Firewall Logs, DNS Logs, SAAS Security, SAAS Security Activity 4.1M zscalerzia Syslog Cloud Log Collection  Implementation Guide   
Zscaler ZPA   4.1M zscalerzpa Syslog User Activity, User Status, App Connector Status, Private Service Edge Status, Browser Access, Audit Logs, App Connector Metrics, or Private Service Edge Metrics Log Collection Implementation Guide
IOTech Edge XPERT           IoT  
SmartHub INFER           IoT  
Technotects EdgeX           IoT  
Technotects EdgeSmart           IoT  
Websym FaktoryWize           IoT  
Websym Tezeva           IoT  

 

Product Resources

  •   Advisories
    •   NetWitness Platform
      •   Product Advisories
      •   Security Advisories
      •   Service Notifications
      •   Technical Advisories
    •   NetWitness Orchestrator
      •   Product Advisories
      •   Security Advisories
      •   Service Notifications
      •   Technical Advisories
  •   Blog
  •   Discussions
  •   Documentation
    •   NetWitness Platform
    •   Cloud SIEM
    •   Detect AI
    •   Hardware Setup Guides
    •   Investigator
    •   Orchestrator
    •   Threat Intelligence
  •   Downloads
    •   RSA NetWitness Platform
    •   RSA NetWitness Investigator
    •   RSA NetWitness Endpoint
  •   Events
  •   Ideas
  •   Integrations
  •   Knowledge Base
    •   NetWitness Platform
    •   NetWitness Endpoint 4.x
  •   Training
  •   Videos
Helpful Links
Vote on Integration Ideas Submit an Integration Idea

Featured Integrations

Log Collection (Cloud)

Microsoft_Azure.png aws.png Cisco.png Google.png Dropbox.png
Azure Monitor
AWS CloudTrail
Cisco AMP for Endpoint
Google Cloud Platform
Dropbox

Log Collection (On-Prem)

Cisco.png Symantec.png Microsoft Windows.png McAfee Endpoint.png F5BIG-IP.png
Cisco ASA
Symantec Endpoint Protection
Microsoft Windows
McAfee Endpoint Security
F5 BigIp ASM

Network TAP

Gigamon.png Ixia.png Apcon.png aws.png Cpacket.png
Gigamon GigaSECURE
Ixia Vision ONE
Apcon IntellaFlex
AWS VPC Traffic Mirror
cPacket Networks

Orchestration & Automation

CyberSponse CyOps.png Siemplify ThreatNexus.png Swimlane.png Syncurity.png ThreatConnect.png
CyberSponse CyOps
Siemplify ThreatNexus
Swimlane
Syncurity IR Flow
ThreatConnect

SSL Decrypt

BlueCoat.png F5BIG-IP.png Gigamon.png Paloalto.png A10Networks.png
BlueCoat SSL Visibility
F5 SSL Orchestrator
Gigamon SSL Solution
Palo Alto Enterprise Firewall
A10 Networks Thunder

3rd Party Threat Intel

Cisco.png ThreatConnect.png Symantec.png Kaspersky Cyber Trace.png Cofense Intelligence (PhishMe).png
Cisco ThreatGRID
ThreatConnect Threat Intel
Symantec DeepSight
Kaspersky CyberTrace
Cofense Intelligence (PhishMe)
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.