A10 Networks Thunder Series |
|
|
|
|
|
SSL Decrypt |
Implementation Guide Solution Brief |
Absolute Data and Device Security (DDS) |
|
Absolute DDS Customer Center 5.26+, SIEM Connector 1.1 |
absolutesiemconnectorpe |
Syslog |
Analysis |
Log Collection |
Implementation Guide | Source Package |
Acalvio ShadowPlex |
|
2017.07 |
cef |
Syslog |
Advanced Threat Detection |
Log Collection |
Implementation Guide |
Accurev |
|
6.0.1 |
accurev |
File |
CMS |
Log Collection |
Implementation Guide | Source Package |
Actiance Vantage |
|
12.2 |
actiancevantage |
ODBC |
Analysis |
Log Collection |
Implementation Guide |
ActivIdentity 4TRESS AAA Server |
|
6.4.1 |
actividentity |
ODBC |
Access Control |
Log Collection |
Implementation Guide |
AirMagnet Enterprise |
|
7.5, 8.5, 10.1 |
airmagnetenterprise |
Syslog |
Wireless Devices |
Log Collection |
Implementation Guide |
AirTight Management Console |
|
7.0, 7.1 U4 |
airtightmc |
Syslog |
Intrusion |
Log Collection |
Implementation Guide |
AirTight Networks SpectraGuard Enterprise |
|
6.5, 6.6, 6.7 |
atnspectraguardpe |
Syslog |
IPS |
Log Collection |
Implementation Guide Source Package |
Akamai Kona Site Defender |
|
1 |
cef |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Alcatel-Lucent OmniSwitch |
|
6600, 6850, 9700 |
alcatelomniswitch |
Syslog, SNMP |
Switch |
Log Collection |
Implementation Guide |
ALTOR (A Juniper Networks Company) Security Suite |
|
4.0 |
altorpe |
Syslog |
Firewall |
Log Collection |
Implementation Guide Source Package |
Amazon AWS AppFabric |
Audit Logs |
N/A |
appfabric |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Amazon AWS Detective |
|
API v1.0 |
cef |
Plugin |
Cloud |
Log Collection |
Implementation Guide
Product Manager Blog
|
Amazon AWS GuardDuty |
|
All |
cef |
Plugin |
Cloud |
Log Collection |
Implementation Guide Product Manager Blog |
Amazon AWS Security Hub |
|
API v1.0 |
aws_securityhub |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Amazon AWS VPC Traffic Mirror |
|
All |
|
|
|
Network TAP |
Implementation Guide |
Amazon AWS Cloudwatch |
|
API v1.0 |
aws, aws_cloudtrail, aws_route53resolver, aws_windows |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Amazon S3 Universal Connector
|
Cloudtrail, VPC Flow Logs, AWS WAF Logs, AWS Directory Service, Windows Logs, CiscoUmbrella, Opswat MetaAccess Cloud, Jamf Protect, Application Load Balancer (ALB) access logs, cloudflarerbi, AppFabric, CloudFront access logs |
API v1.0 |
aws, aws_cloudtrail, cisco_umbrella, aws_windows, aws_waf, jamf, cloudflarerbi, appfabric |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Anomali Link |
|
API v1.0 |
|
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Anomali ThreatStream Intelligence Platform |
|
|
|
|
|
Threat Intel |
Implementation Guide |
Anomali STAXX |
|
|
|
|
|
Threat Intel |
Implementation Guide |
Apache HTTP Server |
|
2.x |
apache |
Syslog, File |
Web Logs |
Log Collection |
Implementation Guide | Source Package |
Apache Tomcat Server |
|
6.0, 7.0, 8.x |
apachetomcat |
Syslog, File |
Web Logs |
Log Collection |
Implementation Guide | Source Package |
APCON Inc. IntellaFlex Series 3000 |
|
|
|
|
|
Network TAP |
Implementation Guide |
Apcon IntellaPatch Series 3000 Network Monitoring Switch |
|
4.34.2 |
apconintellapatch |
Syslog |
Switch |
Log Collection |
Implementation Guide |
Trustwave DbProtect (formerly Application Security; part of Singtel) |
|
6.0 |
appsecdbprotect |
ODBC |
Database |
Log Collection |
Implementation Guide |
Arbor Networks Peakflow SP5 |
|
5.X, 9.X |
arborpeakflowsp |
Syslog |
IPS |
Log Collection |
Implementation Guide |
Arbor Networks Peakflow X |
|
4.1 |
arborpeakflow |
Syslog |
IPS |
Log Collection |
Implementation Guide |
ArcSight ESM |
|
|
|
|
|
Other |
Implementation Guide & Source Package |
Array Networks SPX Series Universal Access Controllers |
|
8.4.6 |
arrayspxpe |
Syslog |
VPN |
Log Collection |
Implementation Guide Source Package |
Artifactory |
|
3.3.0.1 |
artifactory |
File |
CMS |
Log Collection |
Implementation Guide | Source Package |
Aruba Networks AirWave |
|
6.3.x, 6.4.x, 7.5.x |
arubaairwave |
Syslog |
Wireless Devices |
Log Collection |
Implementation Guide |
Aruba Networks ClearPass Policy Manager |
|
5.2, 6.x |
arubacppm |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Aruba Networks Mobility Controller |
|
ArubaOS 2.5.4.0, 3.4, 6.x, 8.10.0.7 |
arubanetworks |
Syslog |
Wireless Devices |
Log Collection |
Implementation Guide |
Atlassian Stash |
|
2.12, 3.3.1, 3.5.1 |
stash |
File |
CMS |
Log Collection |
Implementation Guide | Source Package |
AttackIQ Platform |
|
Dec 2020 |
|
|
Analysis |
Log Collection |
Configuration Guide |
Attivo ThreatMatrix Platform |
|
4.x |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Avecto Privilege Guard |
|
3.5 |
avectopg |
Windows |
Access Control |
Log Collection |
Implementation Guide |
Avocent IP KVM |
|
Dell PowerEdge 2161DS-2 |
avocentkvm |
SNMP |
Network |
Log Collection |
Implementation Guide |
Barracuda Spam Firewall |
|
3.4, 3.5, 6.1.x, 8.x |
barracudasf |
Syslog |
Antivirus |
Log Collection |
Implementation Guide |
Barracuda Web Application Firewall |
|
Firmware: 7.4.0, 7.8.0, 7.9.2, 8.x, 9.x |
barracudawaf |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Bayshore Networks SingleKey |
|
6.3 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
DenyAll WAF (formerly Bee Ware Web Application Firewall) |
|
5.x |
beewarewaf |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
BeyondTrust Powerbroker Endpoint Protection (formerly eEye Blink Endpoint Protection) |
|
4.x |
eeyeblink |
SNMP |
Intrusion |
Log Collection |
Implementation Guide |
BeyondTrust Retina Network Security Scanner (formerly eEye Retina Network Security Scanner) |
|
5.1 |
eeyeretina |
Syslog, SNMP |
IDS |
Log Collection |
Implementation Guide |
BeyondTrust PowerBroker Servers |
|
7, 8 |
beyondtrustpe |
Syslog |
Access Control |
Log Collection |
Implementation Guide | Source Package |
BigFix Enterprise Suite |
|
7.2 |
bigfix |
ODBC |
Configuration Management |
Log Collection |
Implementation Guide |
BigFix Enterprise Suite |
Enterprise Suite |
7.2 |
bigfix |
JDBC/Logstash |
Configuration Management |
Log Collection |
Implementation Guide |
Bind DNS |
|
Bind: 9.x, 11
RHEL: 3.x, 4.x, 5.x, 6.0, 7.0
Solaris: 8, 9, 10, 11.x
|
rhlinux, solaris |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Bit9 Security Platform |
|
6.0.2, 7.0, 7.2 |
bit9 |
Syslog, ODBC |
Application Firewall |
Log Collection |
Implementation Guide |
Blackberry Ltd Enterprise Server |
|
5.x |
blackberryes |
File |
Messaging |
Log Collection |
Implementation Guide |
Blue Coat Systems Inc. Director (part of Broadcom Inc.) |
|
5.5.1.1, 5.5.2.3, 6.1.1.1 |
bluecoatdirector |
Syslog |
Configuration Management |
Log Collection |
Implementation Guide |
Blue Coat Systems Inc. ProxyAV (part of Broadcom Inc.) |
|
3.3.1.2, 3.5.1.1 |
bluecoatproxyav |
Syslog, SNMP |
Antivirus |
Log Collection |
Implementation Guide |
Blue Coat Systems Inc. ProxySG SGOS (part of Broadcom Inc.) |
|
4.x, 5.x, 6.x, 7.x |
cacheflowelff |
Syslog, File |
Web Logs |
Log Collection |
Implementation Guide |
Blue Coat Systems Inc. SSL Visibility Appliance (part of Broadcom Inc.) |
|
|
|
|
|
SSL Decrypt |
Implementation Guide |
BlueCat |
|
Adonis 7.0 |
bluecat |
Syslog |
System |
Log Collection |
Implementation Guide |
BluVector Cortex |
|
3.1 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
BMC Remedy IT Service Management |
|
7.6.04 |
bmcremedyitsm |
ODBC |
Configuration Management |
Log Collection |
Implementation Guide |
Brocade FastIron Switch |
|
FGS624P- STK |
brocadeswitch |
Syslog |
Switch |
Log Collection |
Implementation Guide |
CA ACF2 (formerly IBM Mainframe ACF2) |
|
Versions : r14 and higher
Supported Platforms : z/OS v1.9, v1.10, v1.11, v1.12, and v1.13
|
ibmacf2 |
FIle |
Mainframe |
Log Collection |
Implementation Guide | Source Package |
CA Integrated Threat Management |
|
r8, r8.1 |
caitm |
SNMP |
Antivirus |
Log Collection |
Implementation Guide |
CA SiteMinder |
|
r12 |
casiteminder |
File |
Access Control |
Log Collection |
Implementation Guide | Source Package |
CA Top Secret |
|
z/OS |
ibmtopsecret |
File |
Mainframe |
Log Collection |
Implementation Guide | Source Package |
Carbon Black Cb Response |
|
N/A |
carbonblack |
Syslog |
System |
Log Collection |
Implementation Guide Source Package |
Check Point GAiA |
|
R77.20 |
rhlinux, checkpointfw |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Check Point IPSO (formerly Nokia IPSO) |
|
3.6, 3.7, 3.8, 3.9, 6.2 |
nokiaipso |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Check Point Security Suite (IPS-1) |
|
R76, R77.x, R80.x, R81.10 |
checkpointfw1, cef |
Check Point, Syslog |
Firewall |
Log Collection |
Implementation Guide |
Check Point SPLAT OS |
|
R75, 77.10 |
rhlinux |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Cimcor CimTrak |
|
2.0.6.11 |
cimcorcimtrakpe |
Syslog |
Intrusion |
Log Collection |
Implementation Guide Source Package |
Cisco 3300 Series Mobility Services Engine |
|
5.2.91.0, 6.0.97.0, 7.0.105.0 |
ciscomse |
Syslog |
Wireless Devices |
Log Collection |
Implementation Guide |
Cisco Adaptive Security Appliance (ASA) |
|
7.x, 8.x, 9.x, 11.13 |
ciscoasa |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
Cisco Aggregation Services Router |
|
3.3 |
ciscorouter |
Syslog |
Router |
Log Collection |
Implementation Guide |
Cisco Aironet AP (Wireless Access Point) |
|
IOS 12.2 |
ciscorouter |
Syslog |
Router |
Log Collection |
Implementation Guide |
Cisco Application Control Engine |
|
4710 |
ciscoace |
Syslog |
Application Delivery |
Log Collection |
Implementation Guide |
Cisco ASA Security Services Module |
|
4.x. 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 7.1.1 |
ciscoidsxml |
SDEE |
IDS |
Log Collection |
Implementation Guide |
Cisco Catalyst Switch |
|
Cisco Catalyst 6500, Cisco Catalyst 2960-CX |
ciscorouter |
Syslog |
Router |
Log Collection |
Implementation Guide |
Cisco Firewall Service Module |
|
4.1(5) |
ciscoasa |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
Cisco Firepower System Event Streamer ( eStreamer) |
Intrusion events, Discovery events, Correlation and allow list events, Impact flag alerts, User activity events, Malware events, File events
|
6.x, 7.x |
cefe |
Syslog |
access control |
Log Collection |
Implementation Guide |
Cisco Identity Services Engine (ISE) |
|
1.0, 1.1, 1.3, 1.4, 2.x |
ciscosecureacs |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Cisco IOS |
|
IOS 12.4, 15.x |
ciscorouter |
Syslog |
Router |
Log Collection |
Implementation Guide |
Cisco IronPort Email Security Appliance |
|
5.7.0, 7.1.3, 8.0.1, 8.5.x, 11.x |
ciscoiportesa |
File, Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Cisco IronPort Web Security Appliance (WSA) |
|
5.7.0, 6.3, 7.x, 8.x, 9.x, 10.x |
ciscoiportwsa |
File, Syslog |
Web Logs |
Log Collection |
Implementation Guide | Source Package |
CiscoWorks LAN Management Solution |
|
3.2, 4.0 |
ciscolms |
ODBC |
Configuration Management |
Log Collection |
Implementation Guide |
Cisco Advanced Malware Protection (AMP) for Endpoints |
|
All |
cef |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Cisco Meraki |
|
MX60, GA 12.26 |
ciscomeraki |
Syslog |
Configuration Management |
Log Collection |
Implementation Guide |
Cisco Network Admission Control (NAC) |
|
4.7, 4.9 |
cisconac |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Cisco Nexus |
|
1000V, 5000V and 7000V |
cisconxos |
Syslog |
Switch |
Log Collection |
Implementation Guide |
Cisco Prime Infrastructure & Wireless Control System |
|
Prime Infrastructure: 1.1, 1.2, 2.0, 2.1
Wireless Control System: 7.0
|
ciscowcs |
SNMP |
Configuration Management |
Log Collection |
Implementation Guide |
Cisco Secure Access Control Server (ACS) |
|
Software only: 4.2
Appliance:5.x
|
ciscosecureacs |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Cisco Secure Access Control Server (ACS) Express |
|
5 |
ciscoacsxp |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Cisco Secure IDS or IPS |
|
4.x, 5.0, 5.1, 6.0, 6.1, 6.2, 7.x; Signature Engines: E1, E2, E3, E4 |
ciscoidsxml |
SDEE |
IDS |
Log Collection |
Implementation Guide |
Cisco Security Agent |
|
4.0, 5.1, 6.0 |
ciscosecagent |
ODBC, SNMP |
IDS |
Log Collection |
Implementation Guide |
Cisco Sourcefire Defense Center / SNORT |
|
4.x, 5.x, 6.x |
snort |
Syslog |
IDS |
Log Collection |
Implementation Guide |
Cisco ThreatGRID |
|
|
|
|
|
Threat Intel |
Implementation Guide |
Cisco Umbrella |
|
Schema Version 5 |
cisco_umbrella |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Cisco Unified Computing System Manager |
|
1.0 (2d) |
ciscoucs, cisconxos |
Syslog |
Configuration Management |
Log Collection |
Implementation Guide |
Cisco Virtual Security Gateway |
|
4.2(1)VSG(1) |
cisconxos |
Syslog |
Switch |
Log Collection |
Implementation Guide |
Cisco Wireless LAN Controller (WLC) (2100 Series, 4400 Series, and 9800 Series) |
|
5.2.157.0, 6.0.188, 7.0.9, 8.0, 8.x, 17.03.03 |
ciscowlc |
Syslog, SNMP |
Wireless Devices |
Log Collection |
Implementation Guide |
CiscoWorks Common Services/Cisco Security Manager |
|
2.3, 3.0, 3.3, 4.0 |
ciscoworks |
File |
Configuration Management |
Log Collection |
Implementation Guide | Source Package |
Citrix Access Gateway |
|
4.5, 4.6, 5.0 |
citrixag |
Syslog, File |
VPN |
Log Collection |
Implementation Guide |
Citrix NetScaler |
|
9.1, 9.2, 9.3, 10.0, 10.1, 10.5, 11.x, 13.x, 14.x |
citrixns |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Citrix XenApp |
|
5 (for Windows Server 2003), 6, 6.5, 7.x |
citrixxa |
ODBC |
Virtualization |
Log Collection |
Implementation Guide |
Citrix XenMobile MDM (formerly Zenprise MobileManager) |
|
XenMobile Server 10.x
Xenmobile MDM version 8.6
Zenprise MobileManager 6.6
|
zenprisemdm |
Syslog, File |
Configuration Management |
Log Collection |
Implementation Guide |
Claroty Platform |
|
2.0, 2.1 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Clearswift SECURE Gateway Suite |
|
Web Gateway: 3.0
Email Gateway: 3.6
Exchange Gateway: 1.0
ICAP Gateway: 1.0
|
clearswiftpe |
Syslog |
Application Servers |
Log Collection |
Implementation Guide Source Package |
Cloudera Navigator |
|
4.8, 5.x |
clouderanavigator |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
CloudLink SecureVSA |
|
3 |
aforecloudlink |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Cofense Intelligence (formerly PhishMe) |
|
|
|
|
|
Threat Intel |
Implementation Guide |
CoreTrace Bouncer |
|
6.0.1 |
coretracebouncerpe |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide, Source Package |
CorreLog, Inc. SIEM Agent for IBM z/OS (part of BMC Software, Inc.) |
|
5.5.1 z/OS |
cef |
Syslog |
Mainframe |
Log Collection |
Implementation Guide |
CounterTack Event Horizon |
|
3.1,3.1.7 |
countertackehpe |
Syslog |
Analysis |
Log Collection |
CounterTack Inc. Event Horizon - RSA NetWitness Parser Implementation Guide - NetWitness Community - 563634 | Source Package |
Courion PasswordCourier |
|
5 |
courionpc |
File |
Access Control |
Log Collection |
Implementation Guide I Source Package |
cPacket Networks CVU Family |
|
|
|
|
|
Network TAP |
Implementation Guide |
Crossbeam C-Series |
|
4.x, 5.x, 6.x |
crossbeamc |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
CrowdStrike Falcon |
|
N/A |
crowdstrike |
Syslog |
Endpoint |
Log Collection |
Implementation Guide
Configuration file
|
CryptoniteNXT |
|
|
|
CEF |
|
Log Collection |
Implementation Guide |
Cuckoo Sandbox |
|
|
|
|
|
Other |
Implementation Guide |
Custom JDBC |
Database audit logs |
Any version of Oracle or ibmdb2 |
|
Logstash |
Database |
Log Collection |
Implementation Guide |
CyberArk Account Security and Identity Management |
|
7.x, 8.x, 9.x, 10.x, 12.1
|
cyberark |
Syslog |
Access Control |
Log Collection |
Implementation Guide | Source Package |
Solution Brief
|
CyberArk Privileged Threat Analytics |
|
2.6.3.1 |
cef |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Cyberoam UTM |
|
10.04.3 |
cyberoamutm |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
CyberSponse CyOps |
|
|
|
|
|
Orchestration & Automation |
Implementation Guide |
CyberX Platform 2.0 |
|
2.0 |
cef |
Syslog |
ICS |
Log Collection |
Implementation Guide |
Cylance Protect |
|
1.x |
cylance |
Syslog |
Antivirus |
Log Collection |
Implementation Guide |
Cymulate Integration
|
|
|
|
|
|
|
Implementation Guide |
Cyware Integration |
|
|
|
|
|
|
Implementation Guide |
Damballa Failsafe |
|
5.0.2, 6.2.0 |
damballa |
Syslog |
Antivirus |
Log Collection |
Implementation Guide |
DataSunrise Database Security Suite |
|
3.7 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
DeepInspect |
|
2.1 |
deepinspect |
Syslog |
ICS |
Log Collection |
Implementation Guide |
Dell iDRAC |
|
DRAC 5, iDrac 6, iDRAC 9.x |
delldrac |
SNMP, Syslog |
Access Control |
Log Collection |
Implementation Guide |
Dell PowerConnect 5324 Switch |
|
1.0.0.47 |
dellswitch |
Syslog |
Switch |
Log Collection |
Implementation Guide |
Dell EMC Avamar |
|
4.1, 6.0, 7.0 |
emcavamar |
ODBC, Syslog |
Storage |
Log Collection |
Implementation Guide |
Dell EMC Celerra (also known as Dell EMC Control Station, Blades, DataMover, NSX) |
|
7.0, 7.1 |
celerra |
SNMP |
Storage |
Log Collection |
Implementation Guide |
Dell EMC Data Domain |
|
5.1.0.4 |
emcdatadomain |
Syslog |
Storage |
Log Collection |
Implementation Guide |
Dell EMC Data Protection Advisor |
|
5.6 |
emcdpa |
ODBC |
Analysis |
Log Collection |
Implementation Guide |
Dell EMC Greenplum Database |
|
4 |
greenplum |
FIle |
Database |
Log Collection |
Implementation Guide |
Dell EMC Greenplum HD |
|
1.2 |
greenplumhd |
File |
Storage |
Log Collection |
Implementation Guide |
Dell EMC Ionix Unified Infrastructure Manager |
|
1.0, 2.1, 3.0, 3.1 |
emcionixuim |
Syslog, File, ODBC |
Configuration Management |
Log Collection |
Implementation Guide |
Dell EMC Isilon |
|
6.5.3.32, 6.5.5.7.x, 8.x |
emcisilon |
File, Syslog |
Storage |
Log Collection |
Implementation Guide |
Dell EMC NetWorker |
|
7.6 SP2 |
emcnetworker |
File |
Storage |
Log Collection |
Implementation Guide |
Dell EMC Secure Remote Support (ESRS) |
|
2 |
esrs |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Dell EMC Symmetrix Solutions Enabler |
|
6.4, 6.5.3, 7.0, 7.1, 7.3.0.1, 7.6.1 |
symmetrix |
Syslog, File |
Storage |
Log Collection |
Implementation Guide |
Dell EMC VNX (formerly Clariion Navisphere) |
|
Navisphere 6.28 and Unisphere 1.1 |
clariion |
SNMP |
Storage |
Log Collection |
Implementation Guide |
Dell EMC Voyence |
|
4.0.1 |
voyence |
SNMP |
Access Control |
Log Collection |
Implementation Guide |
Dell EMC VPLEX |
|
all |
emcvplex |
File |
Storage |
Log Collection |
Implementation Guide |
Demisto Enterprise |
|
|
|
|
|
Orchestration & Automation |
Implementation Guide |
DFLabs IncMan |
|
4.5+ |
|
|
|
Orchestration & Automation |
Implementation Guide |
Digital Guardian |
|
6.1 |
|
Syslog |
DLP |
Log Collection |
Implementation Guide | Source Package |
Dropbox |
dropbox events |
API v2.0 |
cef |
Plugin |
Cloud |
Log Collection |
Implementation Guide Product Manager Blog |
EclecticIQ Threat Intelligence Platform |
|
|
|
|
|
Threat Intel |
Implementation Guide |
EMC Fabric OS |
|
6.1, 6.2 |
fabricos |
Syslog |
Switch |
Log Collection |
Implementation Guide |
Endgame |
|
2.5.4 |
cef |
Syslog |
System |
Log Collection |
Implementation Guide |
Enforcive Enterprise Security (part of Precisely) |
|
7.x |
cef |
Syslog |
Access Control |
Log Collection |
Implementation Guide
|
Extreme Networks Dragon IPS (formerly Enterasys Dragon) |
|
5.x, 6.x, 7.2, 7.4 |
dragonids |
SNMP |
IDS |
Log Collection |
Implementation Guide |
Extreme Networks Switch (formerly Enterasys Switch |
|
S-Series |
enterasysswitch |
Syslog |
Switch |
Log Collection |
Implementation Guide |
Enterprise IT-Security SF-NoEvasion |
|
7.1 |
enterpriseitsfne |
Syslog |
Mainframe |
Log Collection |
Implementation Guide |
Entrust Identity Guard |
|
10.1 |
entrustig |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
ESET Remote Administrator |
|
4.0, 5.0 |
eseterape |
ODBC |
Antivirus |
Log Collection |
Implementation Guide Source Package |
Evidian Authentication Manager |
|
9.x, 10.x |
evidian |
ODBC |
Access Control |
Log Collection |
Implementation Guide |
Exabeam Advanced Analytics |
|
3.0 |
exabeampe |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
F-Secure |
|
5.x |
fsecureav, cef |
Syslog, Windows |
Antivirus |
Log Collection |
Implementation Guide |
F5 BIG-IP Access Policy Manager |
|
10.2.0, 11.4 HF4, 11.5.2 HF1, 15.x |
bigipapm |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
F5 BIG-IP Advanced Firewall Manager |
|
11.5 |
bigipafm |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
F5 BIG-IP Application Security Manager |
|
10.2.0, 11.2, 11.5.x, 11.6,13.x, 14.x |
bigipasm |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
F5 BIG-IP Local Traffic Manager |
|
9.4, 10.2.0, 11.x, 12.x, 13.x, 14.x, 15.x |
bigip |
Syslog |
Switch |
Log Collection |
Implementation Guide |
F5 Firepass SSL VPN |
|
5.5-20051019, 7.0.1 |
firepass |
Syslog |
VPN |
Log Collection |
Implementation Guide |
F5 SSL Orchestrator |
|
|
|
|
|
SSL Decrypt |
Implementation Guide |
FairWarning Privacy Monitoring |
|
2.9.2, 4.x |
fairwarningpm |
File |
Analysis |
Log Collection |
Implementation Guide |
FireEye Web Malware Protection System |
|
6.x, 7.x, 8.x, 9.x |
fireeyewebmps |
Syslog |
Malware |
Log Collection |
Implementation Guide |
FireEye Endpoint Security (FireEye HX) |
|
5.1.x |
fireeyehx |
Logstash |
IPS |
Log Collection |
Implementation Guide |
FluentD |
|
1.15.1 |
|
|
|
Log Collection |
Implementation Guide
Source Package
|
Forcepoint DLP (formerly Websense Data Security) |
|
7.x, 8.x |
websenseds |
Syslog |
DLP |
Log Collection |
Implementation Guide |
Forcepoint Email Security) |
|
8.x |
cef |
Syslog |
Antivirus |
Log Collection |
Implementation Guide |
Forcepoint Web Security (formerly Websense Web Security) |
|
5.5, 6.3, 7.0, 7.1, 7.5, 7.6, 7.7, 7.8.1, 7.8.4, 8.x |
websense |
SNMP, ODBC (7.5, 7.6, 7.7), (Syslog for 7.7 and later) |
Web Logs |
Log Collection |
Implementation Guide |
ForeScout CounterACT |
|
6.3.4.0, 7.x, 8.x |
forescoutcounteract |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Fortinet FortiAnalyzer |
|
5.x, 6.x, 7.x |
fortinetmgr |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
Fortinet Forticlient Endpoint Security |
|
4.x |
forticlientendpoint |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
Fortinet FortiGate |
|
2.8, 3.0, 4.0 MR1, 4.0 MR2, 5.x, 6.x, 7.4.4 |
fortinet |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
Fortinet FortiMail |
|
4.0, 5.2, 6.x |
fortinetfortimail |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Fortinet Manager |
|
5.x, 6.x, 7.x |
fortinetmgr |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
Fox Technologies Server Control |
|
6.5, 6.6 |
foxtpe |
Syslog |
Access Control |
Log Collection |
Implementation Guide Source Package |
Free BSD |
|
5.x |
hpux |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
General Electric (GE) Centricity Enterprise Archive |
|
4 |
gecea |
ODBC |
Document |
Log Collection |
Implementation Guide |
General Electric (GE) Centricity PACS-IW |
|
3.7.3 |
gepacs |
ODBC |
Document |
Log Collection |
Implementation Guide |
Gigamon GigaSECURE |
|
|
|
|
|
Network TAP |
Implementation Guide |
Gigamon GigaSECURE OpenStack |
|
|
|
|
|
Network TAP |
Implementation Guide |
Gigamon GigaVUE FM Series |
|
|
|
|
|
Network TAP |
Deployment Guide |
Gigamon SSL Solution |
|
|
|
|
|
SSL Decrypt |
Implementation Guide |
Git |
|
1.7.6 |
git |
File |
CMS |
Log Collection |
Implementation Guide |
GitHub Enterprise |
|
2.8.x |
git |
Syslog |
CMS |
Log Collection |
Implementation Guide |
GlobalSCAPE Enhanced File Transfer (EFT) Server |
|
all versions up to 6.3.8 |
gseftserver |
File |
Web Logs |
Log Collection |
Implementation Guide |
Google Cloud Platform (GCP) |
|
API v1.0 |
cef/gcp |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Google Workspace (Formerly Google G Suite) |
|
API v1.0 |
googlesuite |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Gurucul Risk Analytics |
|
|
|
|
|
Other |
Implementation Guide |
HelpSystems PowerTech Interact |
|
3 |
powertechpe |
Syslog |
Analysis |
Log Collection |
Implementation Guide Source Package |
Hewlett Packard Integrity NonStop Server |
|
All NonStop OS releases supported by HP |
hpnonstopserver |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Hewlett Packard OpenVMS |
|
all |
openvms |
File |
Midrange |
Log Collection |
Implementation Guide |
Hewlett Packard ProCurve Switch |
|
series 2600, 2800, 5300, 7510 |
hpprocurvesw |
Syslog |
Switch |
Log Collection |
Implementation Guide |
Hewlett Packard UNIX |
|
11.X, C2 v11.X |
hpux |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Hitachi ID Privileged Access Manager / Password Manager |
|
7.1.x, 7.2.x, 7.3.x |
hitachiidmsuitepe |
ODBC |
Access Control |
Log Collection |
Implementation Guide | Source Package |
Huawei VRP |
|
5.x, 6.x, 8.x |
huaweivrp |
Syslog |
Router |
Log Collection |
Implementation Guide |
HyTrust CloudControl (formerly HyTrust Appliance) |
|
Appliance: 2.0.10264, 2.5.1, 3.0.2, 3.6
CloudControl: 4.0
|
hytrust |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
IBM AIX |
|
5L (Security and Authentication messages only), 6.1, 7.x |
aix |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
IBM DB2 Universal Database |
|
7, 8, 8.1, 9.1, 9.5, 9.7, 10.x, 11.5.6 (File Collection for AIX) |
ibmdb2 |
File, ODBC |
Database |
Log Collection |
Implementation Guide |
IBM DB2 |
Database Audit Logs |
7, 8, 8.1, 9.1, 9.5, 9.7, 10.x |
|
Logstash |
Database |
Log Collection |
Implementation Guide |
IBM Domino |
|
8.5, 9.x |
lotusdomino |
SNMP |
Mail Servers |
Log Collection |
Implementation Guide |
IBM Guardium SQL Guard |
|
7, 8.0.2, 9.5.x |
guardium |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
IBM iSeries AS400 |
|
V6.1.x, V7.1, V7.2 |
iseries |
File |
Midrange |
Log Collection |
Implementation Guide | Source Package |
IBM ISS SiteProtector |
|
2.0 SP6.1, SP7.0, SP8.0, SP8.1, SP9.0 |
iss |
ODBC |
IDS |
Log Collection |
Implementation Guide |
IBM Mainframe DB2 for z/OS |
|
Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, v2.1 and v2.2 |
ibmdb2 |
File |
Database |
Log Collection |
Implementation Guide | Source Package |
IBM Mainframe ICSF |
|
Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 |
ibmicsf |
File |
Mainframe |
Log Collection |
Implementation Guide |
IBM Mainframe IDMS |
|
Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 |
ibmidms |
File |
Mainframe |
Log Collection |
Implementation Guide |
IBM Mainframe IMS |
|
Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 |
ibmims |
File |
Mainframe |
Log Collection |
Implementation Guide |
IBM Mainframe IPSec |
|
Mainframe z/OS v1.9, v1.10, v1.11, v1.12 and v1.13 |
ibmmainframeipsec |
File |
Mainframe |
Log Collection |
Implementation Guide |
IBM Mainframe RACF |
|
Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, v2.1 and v2.2 |
ibmracf |
File |
Mainframe |
Log Collection |
Implementation Guide |
IBM Mainframe Syslog and Hardcopy Log Facility |
|
Mainframe z/OS v1.9, v1.10, v1.11, v1.12, v1.13, 2.x |
ibmmfzossyslog |
File |
Mainframe |
Log Collection |
Implementation Guide |
IBM Qradar |
|
N/A |
|
|
|
Other |
Implementation Guide |
IBM Tivoli Access Manager ESSO |
|
8.0.1 |
ibmtamesso |
ODBC |
Access Control |
Log Collection |
Implementation Guide |
IBM Tivoli Access Manager WebSEAL |
|
6.0, 7.x, 9.x |
ibmtamws |
File, Syslog |
Access Control |
Log Collection |
Implementation Guide |
IBM Tivoli Identity Manager |
|
5.1 |
ibmtim |
ODBC |
Access Control |
Log Collection |
Implementation Guide |
IBM WebSphere |
|
6.0.0.1, 7.0.0.9, 8.0, 8.5 |
ibmwebsphere |
File |
Application Servers |
Log Collection |
Implementation Guide |
IBM WebSphere DataPower |
|
3.8.1, 7.x |
ibmwebspheredp |
Syslog |
System |
Log Collection |
Implementation Guide |
IBM MQ (formerly branded as WebSphere MQ) |
|
7.0.1 |
ibmwebspheremq |
File |
Messaging |
Log Collection |
Implementation Guide |
Imperva CounterBreach |
|
11.5 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Imperva SecureSphere |
|
6, 7, 8, 8.5, 9.0, 9.5,10.0,
14.12.1.10
|
impervawaf |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Tenable.ot powered by Indegy |
|
3.x |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Infoblox NIOS |
|
5.1, 6.4.5, 8.x |
infobloxnios |
Syslog |
System |
Log Collection |
Implementation Guide |
Interface Masters Niagara 2299 |
|
|
|
|
|
Network TAP |
Implementation Guide |
Interface Masters Niagara 4272 |
|
|
|
|
|
Network TAP |
Implementation Guide |
Intersect Alliance Snare for Linux |
|
3.7 and later |
linux_snare |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Invincea Threat Data Server |
|
2.6 |
invincea |
Syslog |
Antivirus |
Log Collection |
Implementation Guide |
IPFIX
|
|
NetFlow v10 |
ipfix |
Logstash |
Switch |
Log Collection |
Implementation Guide |
Ixia CloudLens (part of Keysight) |
|
|
|
|
|
Network TAP |
Implementation Guide, Deployment Guide (NW 10.6.x) |
Ixia Vision ONE (part of Keysight) |
|
|
|
|
|
Network TAP |
Implementation Guide |
Ixia Phantom vTap (part of Keysight) |
|
|
|
|
|
Network TAP |
Implementation Guide |
Jamf Protect |
Alerts, Audit, Computer List |
API v1.0 |
jamf |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
J4Care Healthcare Connector |
|
N/A |
j4carehcc |
Syslog |
Document |
Log Collection |
Implementation Guide |
JBoss Application Server |
|
Application Server: 4.2, 5.0, 7.0
Enterprise Application Platform (EAP) : 4.3, 5.1, 6.4, and 7.1 on Windows
|
jboss |
File, Syslog |
Application Servers |
Log Collection |
Implementation Guide |
Jenkins |
|
1.58, 1.8.x, 2.x |
jenkins |
Syslog |
Application Servers |
Log Collection |
Implementation Guide |
Juniper Networks Intrusion Detection and Prevention (IDP) |
|
3.0, 3.1, 3.2, 4.0, 4.1, 5.0 |
netscreenidp |
Syslog, File |
IDP |
Log Collection |
Implementation Guide |
Juniper Networks JUNOS |
|
6.1, JUNOS 9.4, 9.6, 10.0, 10.3, 10.4, 11.1, 11.2, 11.4, 12.1, 17.x |
junosrouter |
Syslog |
Router |
Log Collection |
Implementation Guide |
Juniper Networks NetScreen Firewall |
|
5.1, 5.3, 5.4, 6.x |
netscreen |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
Juniper Networks NetScreen ScreenOS |
|
5.1, 5.3, 5.4, 6.x |
netscreen |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
Juniper Networks NetScreen-Security Manager |
|
2006, 2007, 2010, 2011, 2012 |
nsm |
Syslog, File |
Configuration Management |
Log Collection |
Implementation Guide |
Juniper Networks Unified Access Control |
|
2.2, 3.1, 4.5 |
juniperic |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Juniper Networks Wireless LAN Controller |
|
7.6.1 |
juniperwlc |
Syslog |
Wireless Devices |
Log Collection |
Implementation Guide |
Juniper Steel-Belted Radius |
|
5.4, 6.x |
junipersbr |
File |
Access Control |
Log Collection |
Implementation Guide |
Kaspersky Anti-Virus |
|
Kaspersky Security Center 9.0, 10.x,11.x, 14.0 Kaspersky Administration Kit 8.0 Kaspersky Anti-Virus for Microsoft ISA Server 2004 Enterprise Edition and 2006 Enterprise Edition |
kasperskyav |
ODBC, File |
Antivirus |
Log Collection |
Implementation Guide |
Kaspersky CyberTrace (formerly Threat Feed Service) |
|
|
|
|
|
Threat Intel |
Implementation Guide |
Kaspersky Threat Intelligence Portal |
|
|
|
|
|
Threat Intel |
Implementation Guide |
Kernel Based Virtual Machine (KVM) |
|
2.6.32-220 |
kvm |
File |
Virtualization |
Log Collection |
Implementation Guide |
Kubernetes |
|
1.18 |
kubernetes |
Logstash |
Configuration Management |
Log Collection |
Implementation Guide |
Lancope StealthWatch |
|
5.5, 5.6, 5.9, 5.10, 6.0 |
stealthwatch |
Syslog |
IDS |
Log Collection |
Implementation Guide |
LANDesk Management Suite |
|
9.0 Service Pack 2, 9.5 |
landesk |
ODBC |
Configuration Management |
Log Collection |
Implementation Guide |
Lieberman Enterprise Random Password Manager (ERPM) |
|
4.83.6 |
liebsofterpmpe |
Syslog |
Application Servers |
Log Collection |
Implementation Guide Source Package |
Linux (CentOS) |
|
6 |
rhlinux |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Linux (Debian GNU) |
|
3.1, 4.0 |
rhlinux |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Linux (Novell SuSE) |
|
9, 10, 10.2, 11, 12.x, 15 |
rhlinux |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Linux (Red Hat/RHEL) |
|
3.x, 4.x, 5.x, 6.0, 7.x |
rhlinux |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
LogRhythm Platform |
|
|
|
|
|
Other |
Implementation Guide |
Lumension Endpoint Management and Security Suite |
|
7 |
lumensionemss |
ODBC |
Configuration Management |
Log Collection |
Implementation Guide |
M86 Secure Web Gateway (part of Trustwave) |
|
10.1, 10.2 |
m86swgpe |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide Source Package |
ManageEngine Netflow Analyzer |
|
8.0, 9.5 |
manageenginenetflow |
ODBC |
Analysis |
Log Collection |
Implementation Guide |
MapR Converged Data Platform (part of Hewlett Packard Enterprise) |
|
|
|
|
|
Other |
Implementation Guide |
McAfee Data Loss Prevention Endpoint |
|
2.2, 3.0, 9.0, 9.1, 9.2, 9.3, 9.4.x, 10.x |
mcafeedlp |
ODBC |
DLP |
Log Collection |
Implementation Guide |
McAfee Data Loss Prevention Endpoint |
|
2.2, 3.0, 9.0, 9.1, 9.2, 9.3, 9.4.x, 10.x |
mcafeedlp |
JDBC/Logstash |
DLP |
Log Collection |
Implementation Guide |
McAfee Database Security |
|
4.2, 5.x |
mcafeeds |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
McAfee Email Gateway (formerly CipherTrust IronMail) |
|
5.5, 7.x |
ironmail, cef |
Syslog, SNMP |
Antivirus |
Log Collection |
Implementation Guide |
McAfee Endpoint Encryption |
|
5.2.2. 5.2.12 |
mcafeeendpoint |
File |
Access Control |
Log Collection |
Implementation Guide |
McAfee Endpoint Security |
|
10.x |
epolicy |
ODBC |
Antivirus |
Log Collection |
Implementation Guide |
McAfee Endpoint Security |
|
10.x |
epolicy |
JDBC/Logstash |
Antivirus |
Log Collection |
Implementation Guide |
Trellix ePolicy Orchestrator (formerly McAfee ePolicy Orchestrator) |
|
3.5, 3.6.0, 3.6.1, 4.0, 4.5, 4.6, 5.x |
epolicy |
ODBC, Syslog |
Antivirus |
Log Collection |
Implementation Guide |
Trellix ePolicy Orchestrator |
ePolicy Orchestrator |
7.2 |
epolicy |
JDBC/ Logstash |
Security |
Log Collection |
Implementation Guide |
McAfee Firewall Enterprise |
|
6.1.1.x, 6.1.2.x, 7.0.0.x, 8.0, 8.x |
sidewinder |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
McAfee Host Intrusion Prevention (aka Entercept) |
|
6.0.1 supported on McAfee ePolicy Orchestrator 3.6.0, 3.6.1 7.0, 8.0 supported on McAfee ePolicy Orchestrator 4.0 |
entercept |
ODBC |
IDS |
Log Collection |
Implementation Guide |
McAfee Integrity Control |
|
5.0.2, 5.1.0, 6.x |
mcafeeic |
ODBC |
Configuration Management |
Log Collection |
Implementation Guide |
McAfee Network Access Control |
|
3.1.1 |
mcafeenac |
ODBC |
Access Control |
Log Collection |
Implementation Guide |
McAfee Network Data Loss Prevention (Reconnex) |
|
8.6, 9.x |
mcafeereconnex |
ODBC, Syslog |
DLP |
Log Collection |
Implementation Guide |
McAfee Network Security Platform |
|
2.1, 3.1, 4.1, 5.1, 6.1, 7.1, 8.x, 9.x |
intrushield |
Syslog, ODBC (for version 5.1) |
IDS |
Log Collection |
Implementation Guide |
McAfee Policy Auditor |
|
5.2, 6.01, 6.2 |
mcafeepa |
ODBC & Logstash |
Configuration Management |
Log Collection |
Implementation Guide |
McAfee Security for Microsoft Exchange |
|
8.x |
mcafeesecurity |
ODBC |
Antivirus |
Log Collection |
Implementation Guide |
McAfee VirusScan Enterprise |
|
8.x |
mcafeevirusscan |
ODBC & Logstash |
Antivirus |
Log Collection |
Implementation Guide |
McAfee Vulnerability Manager |
|
5.0, 6.5.1, 6.8, 7.0, 7.5 |
mcafeefoundscan |
ODBC & Logstash |
IDS |
Log Collection |
Implementation Guide |
Skyhigh Web Gateway (previously known as McAfee Web Gateway) |
|
6.8.5, 7.x, 8.x, 11.2.16 |
mcafeewg |
File, Syslog |
Web Logs |
Log Collection |
Implementation Guide |
McKesson Horizon Patient Folder |
|
15 |
mckessonhpf |
ODBC & Logstash |
Document |
Log Collection |
Implementation Guide |
Microdasys XML Security Gateway |
|
1.1.0 |
microdasys_xsg |
File |
Application Firewall |
Log Collection |
Implementation Guide |
Microsoft Audit Collection Services |
|
2007 SP1 |
msacs |
ODBC & Logstash |
Windows Hosts |
Log Collection |
Implementation Guide |
Microsoft Azure via Azure Audit
|
|
All |
cef |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Microsoft Azure Log Analytics Workspace |
Azure Kubernetes,
Azure DevOps (audit logs)
|
All |
azure_loganalytics |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Microsoft Azure Graph API |
|
API v1.0 |
azure |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Microsoft Azure NSG |
|
All |
cef |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Microsoft Azure Monitor |
|
API v1.0 |
cef, azure |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Microsoft DHCP Server |
|
2000, 2003, 2008, 2012, 2019 |
msdhcp |
File |
Application Servers |
Log Collection |
Implementation Guide | Source Package |
Microsoft Exchange Server |
|
2003, 2007, 2010, 2013, 2016, 2019 |
msexchange |
File, Windows |
Mail Servers |
Log Collection |
Implementation Guide |
Microsoft Forefront Endpoint Protection |
|
Forefront Client Security 1.1, 1.5 Forefront Endpoint Protection 2010 System Center 2012 Endpoint Protection |
msforefrontcs |
Windows, ODBC & Logstash (for Forefront Client Security only) |
Antivirus |
Log Collection |
Implementation Guide |
Microsoft Forefront Threat Management Gateway |
|
Beta, ISA 2006, TMG 2010 |
msisa |
File, ODBC |
Firewall |
Log Collection |
Implementation Guide |
Microsoft Forefront Unified Access Gateway |
|
2010 |
msfuag |
Syslog, ODBC |
VPN |
Log Collection |
Implementation Guide |
Microsoft Internet Information Services (IIS) |
|
5.x, 6.x, 7.x, 8.x, 10.x |
microsoftiis |
File |
Web Logs |
Log Collection |
Implementation Guide |
Microsoft Internet Security and Acceleration (ISA) Server |
|
2000, 2004, 2006 |
msisa |
File, Windows |
Web Logs |
Log Collection |
Implementation Guide |
Microsoft Network Access Protection |
|
1.1 |
msnap |
ODBC & Logstash |
Access Control |
Log Collection |
Implementation Guide |
Microsoft Network Policy Server (NPS) |
|
3.2, 4.0 |
msias |
File, Windows |
Access Control |
Log Collection |
Implementation Guide |
Microsoft Office 365 |
|
API v1.0 |
msoffice365/cef |
Plugin |
Cloud |
Log Collection |
Implementation Guide Product Manager Blog |
Microsoft SharePoint Server |
|
2007, 2010, 2013, 2016 |
mssharepoint |
Windows |
Storage |
Log Collection |
Implementation Guide |
Microsoft SQL Server |
|
2000, 2005, 2008, 2012, 2014, 2016, 2019, 2022 and MS SQL Express |
mssql |
File, Windows |
Database |
Log Collection |
Implementation Guide
Source Package
|
Microsoft System Center Configuration Manager |
|
2007, 2012 |
mssccm |
Windows |
Configuration Management |
Log Collection |
Implementation Guide |
Microsoft System Center Operations Manager |
|
2005, 2007, 2012, 2012 R2 |
mom |
Windows |
Configuration Management |
Log Collection |
Implementation Guide |
Microsoft Team Foundation Server (TFS) |
|
Microsoft TFS 2018 |
mstfs |
ODBC & Logstash |
CMS |
Log Collection |
Implementation Guide |
Microsoft URL Scan |
|
3.x |
msurlscan |
File |
Web Logs |
Log Collection |
Implementation Guide |
Microsoft Windows (Legacy) |
|
Microsoft Windows Server versions 2003 and earlier |
winevent_nic |
Windows Legacy |
Windows Hosts |
Log Collection |
Implementation Guide |
Microsoft Windows (via WinRM) |
|
Server 2008, 2008 R2, 2012, 2012 R2 Data Center Edition, 2016, 2019 | Windows 7, 8 and 10 |
winevent_nic |
Windows |
Windows Hosts |
Log Collection |
Implementation Guide |
Microsoft Windows (via Adiscon Event Reporter, Intersect Alliance SNARE) |
|
NT | 2000 | XP | 2003 | Vista Business, Ultimate and Enterprise | Server 2008, 2008 Enterprise with Hyper-V | Server 2008 R2 Standard, Enterprise, and Datacenter | Web Server 2008 R2 | Windows 7 Professional, Ultimate, and Enterprise | Server 2012 | Server 2016 | Server 2019 | Windows 8 and 10 |
winevent_er, winevent_snare |
Syslog |
Windows Hosts |
Log Collection |
Implementation Guide |
Microsoft Windows (via NetWitness Endpoint) |
|
Windows 7, 8, 8.1, 10 | Windows Server 2008, 2012, 2016, 2019 |
windows |
Syslog (via Agent) |
Windows Hosts |
Log Collection |
Implementation Guide |
Microsoft Windows DNS |
|
2008, 2012, 2016, 2019 |
winevent_snare, winevent_er, winevent_nic |
Syslog, File |
Windows Hosts |
Log Collection |
Implementation Guide |
Microsoft Windows Server Update Service |
|
3.0 SP 2 |
mswsus |
ODBC & Logstash |
Configuration Management |
Log Collection |
Implementation Guide |
Morphisec Endpoint Threat Prevention |
|
2.7 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Motorola AirDefense Enterprise Console |
|
7.2, 7.3, 8.1, 9.0 |
airdefense |
Syslog |
Wireless Devices |
Log Collection |
Implementation Guide |
nCircle Configuration Compliance Manager |
|
5.1 |
ncircleccm |
Syslog |
Configuration Management |
Log Collection |
Implementation Guide |
NetApp Data ONTAP |
|
6.x, 7.0-7.3.1.1, 8.x, 9.x |
netapp |
Syslog, Windows Legacy |
Storage |
Log Collection |
Implementation Guide |
NETASQ Unified Manager |
|
8.1.3, 9.0.2, 9.0.3.2 |
netasqutm |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
NetClarity NACwall |
|
8.0.6 |
netclaritype |
Syslog |
Access Control |
Log Collection |
Implementation Guide Source Package |
Netflow |
|
5, 9 |
cef, rsaflow |
Netflow |
Analysis |
Log Collection |
Implementation Guide |
Netskope |
|
API v2 |
json |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Network Critical SmartNAx Series |
|
|
|
|
|
Network TAP |
Implementation Guide |
NFDump |
|
netflow v5, v7, v9NFDump v1.5.7, 1.6.x |
nfdump |
File |
System |
Log Collection |
Implementation Guide | Source Package |
NFR NIDS |
|
3.x, 4.x, 5.x |
nfrnids |
Syslog |
IDS |
Log Collection |
Implementation Guide |
Nginx
|
|
1,22 |
nginx |
Logstash |
Web Logs |
Log Collection |
Implementation Guide |
Nominum Vantio (part of Akamai) |
|
5.2 |
nominumvantiope |
Syslog |
Application Servers |
Log Collection |
Implementation Guide Source Package |
Novell eDirectory |
|
8.8 for Windows and Linux |
edirectory |
SNMP |
Router |
Log Collection |
Implementation Guide |
Nozomi Networks |
Alert Events |
N/A |
nozomi |
Syslog |
Cloud |
Log Collection |
Implementation Guide |
NXLog |
|
Enterprise Edition |
cef |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Proofpoint ObserveIT User Activity Monitoring |
|
7.1.0 |
cef |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Okta Workforce Identity Cloud |
|
N/A |
okta |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
OpenText Documentum
(formerly EMC Documentum)
|
|
6.5, 6.7, 7.0, 7.1 |
emcdocumentum |
ODBC |
Database |
Log Collection |
Implementation Guide |
OPSWAT MetaAccess Cloud |
admin, device, webhook, device_report |
3.2 |
opswat |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
OPSWAT MetaDefender |
|
3.10 |
|
REST |
Endpoint |
Log Collection |
Implementation Guide |
Oracle Access Manager |
|
10.1.4.0.3,11g R2 |
oracleam |
File,ODBC (for v11g R2) |
Access Control |
Log Collection |
Implementation Guide |
Oracle Audit Vault |
|
10.3, 12.x, 20.3 |
oracleav |
ODBC & Logstash |
Database |
Log Collection |
Implementation Guide |
Oracle Database |
|
8i, 9i, 10g, 11g, 11.2g, 12c (Mixed mode auditing and Unified auditing on Windows), 18c (Unified auditing on Unix and Windows), 19c (Unified auditing on Unix and Windows). |
oracle |
Syslog, ODBC, File, Logstash |
Database |
Log Collection |
Implementation Guide |
Oracle Database (JDBC) |
Database Audit Logs |
Oracle 11.xg, Oracle 12c, 18c, 19c (Unified auditing on Unix and Windows) |
|
Logstash |
Database |
Log collection |
Implementation guide |
Oracle Database Vault |
|
10g R2 |
oracledv |
ODBC |
Access Control |
Log Collection |
Implementation Guide |
Oracle Directory Server / Sun ONE |
|
11.1.1.7.1 |
sunoneldap |
File |
Access Control |
Log Collection |
Implementation Guide |
Oracle Identity Manager |
|
9.1 |
oracleim |
ODBC |
Access Control |
Log Collection |
Implementation Guide |
Oracle Internet Directory |
|
10.x |
oracleid |
ODBC |
Access Control |
Log Collection |
Implementation Guide |
Oracle iPlanet Web Server |
|
6.1, 7.0 |
oracleiplanetweb |
File |
Web Logs |
Log Collection |
Implementation Guide |
Oracle MySQL Enterprise |
|
5.x |
mysql |
SNMP |
Database |
Log Collection |
Implementation Guide |
Oracle Solaris (formerly Sun Solaris) |
|
8, 9, 10, 11.x |
solaris |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Oracle Solaris Basic Security Model (BSM) |
|
8, 9, 10, 11 |
solarisbsm |
Syslog, File |
UNIX |
Log Collection |
Implementation Guide |
Oracle WebLogic Server |
|
10.0, 10.3, 10.3.2, 10.3.5, 10.3.6, 12.x |
oracleweblogic |
File |
Application Servers |
Log Collection |
Implementation Guide |
Palo Alto Enterprise Firewall |
|
PAN OS versions 3.0, 4.0.7, 5.0, 6.0, 6.1, 6.1.x, 7.0, 7.1, 8.x, 9.x, 10.x |
paloaltonetworks, cef |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
Palo Alto Enterprise Firewall |
|
|
|
|
|
SSL Decrypt |
Implementation Guide |
Palo Alto Panorama Management Server |
|
4.1.0, 5.1.4, 7.1, 8.x |
paloaltonetworks |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
Palo Alto Prisma Access |
Common, Endpoint, Network Logs |
2.1 Schema |
paloaltonetworks |
Syslog |
Cloud |
Log Collection |
Implementation Guide |
Palo Alto Prisma Cloud
|
|
21.x |
prismacloud_audit |
Syslog |
Cloud |
Log Collection |
Implementation Guide |
PAS Global ICS |
|
5.5 |
pasics |
File |
ICS |
Log Collection |
Implementation Guide Source Package |
Picus |
|
APIv1.0 |
|
|
|
|
Implementation Guide |
Splunk Phantom RSA NetWitness Logs & Network App |
|
|
|
|
|
Orchestration & Automation |
Implementation Guide |
Splunk Phantom RSA Security Analytics App |
|
|
|
|
|
Orchestration & Automation |
Implementation Guide |
Pivotal HD |
|
|
|
|
|
Other |
Implementation Guide |
PostgreSQL |
|
8.4,9.x,15.x |
postgresql |
Syslog |
Database |
Log Collection |
Implementation Guide |
Progress WhatsUp Gold |
|
14.2 |
whatsupgold |
ODBC |
Configuration Management |
Log Collection |
Implementation Guide |
Preempt Security Behavioral Firewall |
|
2.2 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Proofpoint Email Security |
|
6.3, 7.2, 7.5, 8.x |
proofpoint |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Proofpoint Targeted Attack Protection |
|
API v1.0 |
proofpoint |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Pulse Connect Secure (formerly Juniper SSL VPN) |
|
5.4, 5.5, 6.0, 6.2 R2, 6.5 R2, 7.0 R2, 7.1 R5, 7.2 R1, 8.0, 8.0 R7.1, 8.x, and 9.x |
junipervpn |
Syslog |
VPN |
Log Collection |
Implementation Guide |
Qualys Vulnerability Management |
|
API V2.0 |
cef |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Radiator Radius Server |
|
4.x |
radiator |
File |
Access Control |
Log Collection |
Implementation Guide |
Radiflow iSID |
|
N/A |
cef |
Syslog |
ICS |
Log Collection |
Implementation Guide |
Radware AppWall |
|
5.6 |
radwarepe |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide Source Package |
Radware DDoS |
Alerts |
API v1.0 |
radware_ddos |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Radware DefensePro |
|
5.01.02, 6.05, 8.x |
radwaredp |
Syslog, SNMP |
IPS |
Log Collection |
Implementation Guide |
Rapid7 NeXpose |
|
4.8, 5.0, 5.2, 5.10, 6.x |
nexpose |
File |
Vulnerability |
Log Collection |
Implementation Guide | Source Implementation |
Raz-Lee iSecurity for IBM iSeries |
|
11.4 |
cef |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Recorded Future Cyber Threat Intelligence |
|
|
|
|
|
Threat Intel |
Implementation Guide | Integration Guide |
Riverbed Cascade Profiler (formerly known as mazu Profiler) |
|
5.5.2, 6.0, 7.0, 9.5.1 |
mazuprofiler |
SNMP |
IPS |
Log Collection |
Implementation Guide |
Riverbed Steelhead |
|
7.0.2, 9.x |
riverbedsteelhead |
Syslog, SNMP |
Router |
Log Collection |
Implementation Guide |
RSA Access Manager |
|
6.0, 6.2 on Solaris, Windows, and Linux |
rsaaccessmgr |
File |
Access Control |
Log Collection |
Implementation Guide |
RSA Adaptive Authentication (Hosted) |
|
8.8, 8.9, 9.0, 9.1 |
rsaaah |
File |
Access Control |
Log Collection |
Implementation Guide |
RSA Adaptive Authentication (OnPrem) |
|
6.0.2.1 |
rsaaaop |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
RSA Archer Suite |
|
5.1, 5.5.1, 6.x |
rsaarcher |
ODBC |
Application Servers |
Log Collection |
Implementation Guide |
RSA Certificate Manager |
|
6.8 |
rsacm |
File |
Access Control |
Log Collection |
Implementation Guide | Source Package |
RSA Data Loss Prevention Suite |
|
7.0.0, 8.0, 8.0 SP1, 8.5, 8.8, 9.x |
rsadlp |
Syslog |
DLP |
Log Collection |
Implementation Guide |
RSA Data Protection Manager (formerly RSA Key Manager) |
|
2.1.3, 2.5, 2.7, 3.1 |
rsakeymanager |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
RSA Federated Identity Manager |
|
4.1 |
rsafim |
File |
Access Control |
Log Collection |
Implementation Guide |
RSA Identity Governance & Lifecycle |
|
6.5.1, 6.9 |
rsaaveksa |
ODBC |
Access Control |
Log Collection |
Implementation Guide |
RSA NetWitness Endpoint (formerly ECAT) |
|
3.4, 4.x |
rsaecat |
Syslog |
Antivirus |
Log Collection |
Implementation Guide |
RSA NetWitness Platform (formerly RSA NetWitness Suite) |
|
10.5, 10.6 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
RSA NetWitness Platform Malware Analysis |
|
1.0.5.0 |
netwitnessspectrum, cef |
Syslog |
Antivirus |
Log Collection |
Implementation Guide |
RSA SecurID Access Authentication Mgr |
|
8.x |
rsaacesrv |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
RSA SecurID Access Identity Router (formerly Via Access) |
|
All latest versions |
rsaviaaccess |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
RSA SecurID Access Cloud Authentication Service |
|
All latest versions |
cef (v11.4.x), rsasecuridaccess (v11.5 and beyond) |
Plugin |
Access Control |
Log Collection |
Implementation Guide |
RSA Web Threat Detection (formerly Silver Tail System Forensics and Mitigator) |
|
Forensics 1.x, 2.x, and 3.x
Mitigator 1.x, 2.x and 3.x
Web Threat Detection 4.6, 5.0, 5.0.2
|
silvertailforensics |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
SafeBreach |
|
N/A |
N/A |
N/A |
N/A |
Log Collection |
Implementation Guide |
Safend Protector |
|
3.x |
safendprotector |
Syslog |
Configuration Management |
Log Collection |
Implementation Guide |
SafeNet Hardware Security Module |
|
6.2.0, 8.x |
safenethsm |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Safestone DetectIT |
|
14.3 |
detectit |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Salesforce |
|
API v1.0 |
cef |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
SAP ERP Central Component |
|
4.6 through 7.x |
sap |
File |
Application Servers |
Log Collection |
Implementation Guide | Source Package |
Secdo Platform |
|
|
|
|
|
Other |
Implementation Guide |
SECUDE Halocore |
|
Halocore v3.8/ BI Launchpad 4.1 minimum SP2 |
cef |
Syslog |
Document |
Log Collection |
Implementation Guide |
SECUDE Security Intelligence |
|
1 |
secudesi |
File |
Analysis |
Log Collection |
Implementation Guide |
Securaa |
|
APIv1.0 |
|
|
|
|
Implementation Guide |
Securonix SNYPR |
|
6.0 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Sendmail |
|
Sendmail : 8.x
Solaris: 8, 9, 10, 11.x
Red Hat Enterprise Linux : 3.x, 4.x, 5.x, 6.0, 7.0
|
rhlinux, solaris |
Syslog |
UNIX |
Log Collection |
Implementation Guide |
Senrio Insight |
|
1.0 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Sentryo ICS CyberVision (part of Cisco Systems) |
|
2.0.3 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
ServiceNow ITSM |
|
|
|
|
|
Other |
Implementation Guide |
Siemplify ThreatNexus |
|
2.5 |
|
|
|
Orchestration & Automation |
Implementation Guide |
Silver Peak WAN |
|
5.1.1.0 |
silverpeakwan |
Syslog |
Router |
Log Collection |
Implementation Guide |
SkyFormation |
|
2.2.4 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
SkyHigh Networks Enterprise Connector |
|
3.3.3 |
cef |
Syslog |
Analysis |
Log Collection |
Implementation Guide |
Slack |
|
|
|
|
|
Other |
Implementation Guide |
Solarwinds IPAM |
|
4.x |
solarwindsipam |
Syslog |
Configuration Management |
Log Collection |
Implementation Guide |
Soltra Edge |
|
|
|
|
|
Threat Intel |
Implementation Guide |
SonicWALL Firewall |
|
SonicOS 5.8 and SonicOS Enhanced 6.x |
sonicwall |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
SonicWall E-Class SRA / Aventail SSL VPN |
|
8.8, 9.0, 10.x |
aventail |
Syslog, File |
VPN |
Log Collection |
Implementation Guide |
SonicWALL Email Security |
|
7.2 |
sonicwallemail |
Syslog |
VPN |
Log Collection |
Implementation Guide |
SonicWALL Global Management System |
|
6 |
sonicwallgms |
ODBC |
Configuration Management |
Log Collection |
Implementation Guide |
Sophos Enterprise Console |
|
3.0, 4.5, 4.7, 5.x |
sophos |
ODBC,SNMP |
Antivirus |
Log Collection |
Implementation Guide |
Sophos UTM (formerly Astaro SG) |
|
9.x, 17.x |
astarosg |
Syslog |
Firewall |
Log Collection |
Implementation Guide | Solution Data Sheet |
Splunk |
|
|
|
|
|
Other |
Implementation Guide |
Squid |
|
2.5.9, 2.7, 3.x |
squid |
File |
Web Logs |
Log Collection |
Implementation Guide |
SSH Communications Security CryptoAuditor |
|
|
|
|
|
SSL Decrypt |
Implementation Guide |
STEALTHbits StealthINTERCEPT |
|
3.3 |
stealthinterceptpe |
Syslog |
Access Control |
Log Collection |
Implementation Guide Source Package |
Stonesoft StoneGate Management Center (part of Forcepoint LLC.) |
|
5.3 |
stonesoftsgpe |
Syslog |
Firewall |
Log Collection |
Implementation Guide Source Package |
Swimlane |
|
|
|
|
|
Orchestration & Automation |
Implementation Guide |
Sybase ASE |
Audit Logs |
15.x |
sybasease |
ODBC |
Database |
Log Collection |
Implementation Guide |
Symantec Brightmail (part of Broadcom Inc.) |
|
9.5.3 |
symantecbrightmail |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Symantec Critical Systems Protection (part of Broadcom Inc.) |
|
5.2.4, 5.2.8, 5.2.9 |
symanteccsp |
ODBC, SNMP |
IPS |
Log Collection |
Implementation Guide |
Symantec Data Center Security |
All Events : CSPEVENT_VW |
6.9 |
symantecdcs |
ODBC |
Security.IDS |
Log Collection |
Implementation Guide |
Symantec Data Center Security |
All Events : CSPEVENT_VW |
6.9 |
symantecdcs |
JDBC/Logstash |
Security IDS |
Log Collection |
Implementation Guide |
Symantec DeepSight Intelligence (part of Broadcom Inc.) |
|
|
|
|
|
Threat Intel |
Implementation Guide |
Symantec DLP (part of Broadcom Inc.) |
|
10.5.1, 11, 12.x, 14.x, 15.x |
symantecdlp |
Syslog |
DLP |
Log Collection |
Implementation Guide |
Symantec Endpoint Protection (part of Broadcom Inc.) |
|
9.0, 10.0, 10.1, 10.2, 11, 11.0.5, 11.0.6, 12, 14, 15 (Syslog only) |
symantecav |
Sylog, ODBC, SNMP |
Antivirus |
Log Collection |
Implementation Guide |
Symantec Endpoint Security Events
|
|
14.3.x |
symantec_endpointsecurity |
Plugin |
Host.Cloud |
Log Collection |
Implementation Guide |
Symantec Endpoint Security Incidents |
|
14.3.x |
symantec_endpointsecurity |
Plugin |
Host.Cloud |
Log Collection |
Implementation Guide |
Symantec Web Security Services (part of Broadcom Inc.) |
|
API v1.0 |
symantec_wss |
Plugin |
Host.Cloud |
Log Collection |
Implementation Guide |
Symantec Zero Trust Network Access (ZTNA)
|
|
v2 |
symantecztna |
Plugin |
Host.Cloud |
Log Collection |
Implementation Guide |
Syncurity IR Flow |
|
|
|
|
|
Orchestration & Automation |
Implementation Guide |
Tenable Nessus |
|
NessusClient 1.0.2 Nessus 3.0.6, 4.0.1, 4.2, 4.4, 5.0, 7.x, 8.x |
nessusvs |
File |
Vulnerability |
Log Collection |
Implementation Guide
Source Package
|
ThreatConnect Threat Intelligence Platform |
|
|
|
|
|
Threat Intel |
Implementation Guide |
ThreatQuotient Threat Intelligence Platform |
|
|
|
|
|
Threat Intel |
Implementation Guide |
Trend Micro Deep Security |
|
7.0, 7.5, 8.0, 9.x,10.x, 11.x, 12.x, 20.0.x |
trendmicrods, cef |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Trend Micro Deep Security Agent |
|
7.0, 7.5, 9.x, 10.x |
trendmicrodsa |
Syslog |
Application Firewall |
Log Collection |
Implementation Guide |
Trend Micro Deep Discovery Analyser |
|
6.x |
cef |
Syslog |
Advanced Threat Detection |
Log Collection |
Implementation Guide |
Trend Micro InterScan Messaging Security Suite |
|
7.1, 9.1 |
trendmicroimss |
File, SNMP (for 7.1)Syslog (for 9.1) |
Application Firewall |
Log Collection |
Implementation Guide |
Trend Micro InterScan Web Security |
|
3.1, 5.6, 6.x |
trendmicroiwss |
File,ODBC (3.1 only), Syslog (5.6, 6.x) |
Web Logs |
Log Collection |
Implementation Guide |
Trend Micro OfficeScan / Control Manager |
|
7.0, 8.0, 10.0, 10.5, 10.6, 11.x |
trendmicro |
Syslog, SNMP |
Antivirus |
Log Collection |
Implementation Guide |
Trend Micro OSSEC |
|
2.5.1, 2.6 |
trendmicroossec |
Syslog |
Intrusion |
Log Collection |
Implementation Guide |
Trend Micro TippingPoint (formerly HP TippingPoint) |
|
2.x, 3 . x, 4.x, 5.x |
tippingpoint |
Syslog |
IDS |
Log Collection |
Implementation Guide |
Trend Micro ScanMail |
|
ScanMail 8.0 Service Pack 1, 10.2, 14.x |
trendmicroscanmail, cef |
SNMP |
Application Firewall |
Log Collection |
Implementation Guide |
Trend Micro Server Protect |
|
5.8 |
trendmicrosp |
SNMP |
Antivirus |
Log Collection |
Implementation Guide |
Tripwire Enterprise |
|
5.4, 5.5, 7.x, 8.x |
tripwire |
Syslog,File |
Configuration Management |
Log Collection |
Implementation Guide |
Tufin SecureTrack |
|
12.2, 20.1 |
tufinsecuretrack |
Syslog |
Configuration Management |
Log Collection |
Implementation Guide |
UnboundID Identity Data Store |
|
4.5.1.1 |
unboundidids |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
Universal REST API |
o365 message trace, proofpoint SIEM, sailpointiiq |
API v1.0 |
o365_trace, proofpoint, sailpointiiq |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
Varonis DatAdvantage |
|
5.5, 5.9, (6.x for Syslog only) |
varonisprobe |
ODBC for 5.5Syslog for 5.9 |
Access Control |
Log Collection |
Implementation Guide |
FireEye Mandiant Security Validation (formerly Verodin) |
|
|
|
|
|
Other |
Implementation Guide |
VMware Unified Access Gateway (UAG) |
|
2209 |
vmwareuag |
Syslog |
Access Control |
Log Collection |
Implementation Guide |
VMware AppDefense |
|
API v1.0 |
cef |
Plugin |
Cloud |
Log Collection |
Implementation Guide |
VMware Workspace ONE UEM |
|
1904 & above |
vmwareworkspaceone |
Syslog |
Configuration Management |
Log Collection |
Implementation Guide |
VMware ESX / ESXi |
|
ESX: 3.0.3, 3.5, 4.0, 4.1ESXi: 3.5, 4.0, 4.1, 5.0, 5.1, 5.5, 6.xEmbedded ESXi: 3.5, 4.0 |
vmware_esx_esxi |
Plugin |
Virtualization |
Log Collection |
Implementation Guide |
VMware NSX |
|
6.x |
vmware_nsx |
Syslog |
Virtualization |
Log Collection |
Implementation Guide |
VMware Orchestrator |
|
5.5 |
vmware_vco |
ODBC |
Virtualization |
Log Collection |
Implementation Guide |
VMware vCenter Server |
|
VirtualCenter Server: 2.0.2, 2.5vCenter Server: 4.1, 5.0, 5.1, 5.5, 6.x |
vmware_vc |
Plugin |
Virtualization |
Log Collection |
Implementation Guide |
VMware vCloud Director |
|
1 |
vmware_vcloud |
Syslog |
Configuration Management |
Log Collection |
Implementation Guide |
VMware View |
|
3.1, 4.0, 4.5, 4.6, 5.0, 5.1, 5.2, 5.3, 6.0, 7.x |
vmware_view |
File, ODBC, Syslog |
Virtualization |
Log Collection |
Implementation Guide |
VMware vRealize Automation |
|
6.0.1, 6.2 |
vmware_vcac |
ODBC |
Virtualization |
Log Collection |
Implementation Guide |
VMware vRealize Operations Manager |
|
5.8.2, 6.0 |
vmware_vcops |
SNMP, Syslog |
Virtualization |
Log Collection |
Implementation Guide |
VMware vShield and vShield Manager |
|
4.1, 5.0, 5.1.4 |
vmware_vshield |
Syslog |
Firewall |
Log Collection |
Implementation Guide |
VMware vSphere |
|
ESXi : 7.0 U2 and later
vCenter : 7.0 U2 and later
|
vmware_esx_esxi or vmware_vc |
Plugin |
Virtualization |
Log Collection |
Implementation Guide |
Voltage SecureData |
|
5.x, 6.x |
voltagesecuredata |
Syslog |
DLP |
Log Collection |
Implementation Guide |
Vorstack Automation and Collaboration Platform ACP |
|
5.1 |
|
|
|
Orchestration & Automation |
Implementation Guide |
VSS Monitoring |
|
2.3 |
vssmonitoring |
SNMP |
System |
Log Collection |
Implementation Guide |
WatchGuard EPDR |
|
8.x |
watchguard |
Syslog |
Endpoint |
Log Collection |
Implementation Guide |
X15 Enterprise |
|
|
|
|
|
Other |
Implementation Guide |
Zscaler NSS |
Web Logs |
4.1M |
zscalernss |
Syslog |
Web Logs |
Log Collection |
Implementation Guide
NetWitness recommends you to use ZScaler ZIA parser to collect Web Logs. Zscaler NSS will be discontinued and NetWitness deprecates the Zscaler NSS.
|
Zscaler Deception |
|
4.13.10 |
deception |
Syslog |
IPS |
Log Collection |
Implementation Guide |
Zscaler ZIA |
Web Logs, Tunnel Logs, Firewall Logs, DNS Logs, SAAS Security, SAAS Security Activity |
4.1M |
zscalerzia |
Syslog |
SASE |
Log Collection |
Implementation Guide |
Zscaler ZPA |
User Activity, User Status, App Connector Status, Private Service Edge Status, Browser Access, Audit Logs, App Connector Metrics, or Private Service Edge Metrics |
4.1M |
zscalerzpa |
Syslog |
VPN |
Log Collection |
Implementation Guide |