Supported log types and default parsers
This document contains information about Chronicle SIEM integrations for data ingestion.
It summarizes the devices, and the associated ingestion label (log_type) field in the
Ingestion API and data_type in a Forwarder configuration), that Chronicle SIEM supports.
Supported log types with a default parser
Parsers normalize raw log data into structured Unified Data Model format. This
section lists supported devices, and the associated ingestion label (log_type field in the
Ingestion API and data_type in a Forwarder configuration), that also have a prebuilt default parser.
The default parser is supported by Chronicle as long as the device's
raw logs are received in the required format.
For a list of supported log types without a default parser, see Supported log types without a default parser.
The Format column indicates the high-level structure of the raw log, as:
- CSV: Comma Separated Values
- JSON: JavaScript Object Notation
- SYSLOG: syslog formatted message
- KV: key-value pair
- XML: Extensible Markup Language
- SYSLOG + KV: syslog header with key-value body
- SYSLOG + JSON: syslog header with JSON body
- SYSLOG + XML: syslog header with XML body
- LEEF: Log Event Extended Format
- CEF: Common Event Format
These changes are applied to newly ingested logs. Parser changes are not applied retroactively to previously ingested logs.
| Vendor / Product | Category | Ingestion label | Format | Latest Update |
|---|---|---|---|---|
| Microsoft AD FS | LDAP | ADFS |
JSON | 2023-08-18 View Change |
| AWS Macie | AWS-specific logs | AWS_MACIE |
JSON | 2022-08-08 View Change |
| F5 VPN | VPN | F5_VPN |
SYSLOG | 2022-07-22 View Change |
| Cisco AMP | AV / Endpoint | CISCO_AMP |
JSON | 2021-12-12 |
| Azure Firewall | Azure Firewall Application Rule | AZURE_FIREWALL |
JSON | 2023-06-01 View Change |
| TeamViewer | Remote Support | TEAMVIEWER |
JSON | 2022-08-02 View Change |
| GitHub | SaaS Application | GITHUB |
JSON | 2023-10-25 View Change |
| Duo Administrator Logs | Authentication | DUO_ADMIN |
JSON | 2023-03-10 View Change |
| Palo Alto Networks Traps | EDR | PAN_EDR |
CSV + KV | 2022-08-22 View Change |
| Cloudflare Audit | SaaS Application | CLOUDFLARE_AUDIT |
JSON | 2023-07-09 View Change |
| Fastly WAF | WAF | FASTLY_WAF |
JSON | 2022-06-06 View Change |
| Digital Guardian EDR | EDR | DIGITALGUARDIAN_EDR |
KV | 2022-12-07 View Change |
| Qualys VM | Vulnerability Scanner | QUALYS_VM |
KV + JSON | 2023-10-27 View Change |
| Squid Web Proxy | Web Proxy | SQUID_WEBPROXY |
SYSLOG | 2022-10-30 View Change |
| Aruba IPS | IPS | ARUBA_IPS |
JSON | 2022-06-16 View Change |
| SOTI MobiControl | Mobile Device Management | SOTI_MOBICONTROL |
SYSLOG | 2023-09-08 View Change |
| IAM Context | Google Cloud Specific | N/A |
JSON | 2023-07-26 View Change |
| Dell EMC Data Domain | Storage system | DELL_EMC_DATA_DOMAIN |
SYSLOG + KV | 2022-07-08 View Change |
| File Scanning Framework | File scanning | FILE_SCANNING_FRAMEWORK |
JSON | 2021-09-27 |
| Akamai DNS | DNS | AKAMAI_DNS |
CSV | 2021-06-28 |
| CA ACF2 | Mainframe | CA_ACF2 |
LEEF | 2022-05-24 View Change |
| BigQuery | Google Cloud Resources Contexts | N/A |
JSON | 2022-03-03 |
| Dope Security SWG | Secure Access Service Edge | DOPE_SWG |
CSV | 2023-05-18 View Change |
| F5 BIGIP LTM | Load Balancer, Traffic Shaper, ADC | F5_BIGIP_LTM |
SYSLOG | 2023-08-28 View Change |
| Splunk Platform | Security log | SPLUNK |
JSON | 2023-11-29 View Change |
| Atlassian Jira | Ticketing Application | ATLASSIAN_JIRA |
SYSLOG, JSON | 2023-11-10 View Change |
| Palo Alto Prisma Cloud Alert payload | Cloud Security | PAN_PRISMA_CA |
JSON | 2023-08-17 View Change |
| ZScaler VPN | VPN | ZSCALER_VPN |
SYSLOG + CSV | 2023-06-08 View Change |
| Oracle Cloud Infrastructure | Oracle Cloud Infrastructure | ORACLE_CLOUD_AUDIT |
JSON | 2023-10-30 View Change |
| Rapid7 | Vulnerability Scanner | RAPID7_NEXPOSE |
JSON | 2022-09-27 View Change |
| Duo Entity context data | Identity and Access Management | DUO_CONTEXT |
JSON | 2022-03-14 |
| Apigee | Google Cloud Specific | GCP_APIGEE_X |
JSON | 2023-08-09 View Change |
| BIND | DNS | BIND_DNS |
SYSLOG | 2023-09-19 View Change |
| Broadcom SSL Visibility Appliance | SSL Visibility | BROADCOM_SSL_VA |
SYSLOG | 2022-09-26 View Change |
| Armis Alerts | ALERTS | ARMIS_ALERTS |
JSON | 2023-02-07 View Change |
| Salesforce | SaaS Application | SALESFORCE |
KV (LEEF), CSV | 2023-02-24 View Change |
| Medigate IoT | IoT | MEDIGATE_IOT |
SYSLOG + JSON | 2023-11-08 View Change |
| Yubico OTP | Audit event | YUBICO_OTP |
SYSLOG, JSON, CSV | 2023-02-20 View Change |
| Forcepoint NGFW | Network | FORCEPOINT_FIREWALL |
JSON | 2023-02-16 View Change |
| Avatier Password Management | SaaS Application | AVATIER |
SYSLOG + KV | 2021-08-05 |
| Office 365 | SaaS Application | OFFICE_365 |
JSON | 2023-11-29 View Change |
| PostFix Mail | Email Server | POSTFIX_MAIL |
SYSLOG | 2022-10-06 View Change |
| Proofpoint Email Filter | Email Server | PROOFPOINT_MAIL_FILTER |
KV | 2022-10-03 View Change |
| Attivo Networks | NETWORK | ATTIVO |
SYSLOG + KV (CEF) | 2023-08-14 View Change |
| CircleCI | Automation and DevOps Tools | CIRCLECI |
CSV + JSON | 2023-03-09 View Change |
| AWS Session Manager | AWS Specific | AWS_SESSION_MANAGER |
SYSLOG | 2023-06-14 View Change |
| Suricata IDS | IDS/IPS | SURICATA_IDS |
JSON | 2023-11-23 View Change |
| Radware Web Application Firewall | Firewall | RADWARE_FIREWALL |
SYSLOG | 2023-11-23 View Change |
| Island Browser logs | Web Browser | ISLAND_BROWSER |
JSON | 2023-09-04 View Change |
| GMAIL Logs | Google Cloud Specific | GMAIL_LOGS |
JSON | 2023-08-21 View Change |
| AWS CloudFront | CDN | AWS_CLOUDFRONT |
SYSLOG | 2022-05-27 View Change |
| Forcepoint Proxy | Web Proxy | FORCEPOINT_WEBPROXY |
SYSLOG + KV (CEF), LEEF | 2023-06-12 View Change |
| Windows Network Policy Server | Authentication | WINDOWS_NET_POLICY_SERVER |
SYSLOG, JSON, SYSLOG + XML | 2022-11-21 View Change |
| Cisco UCS | OS logs | CISCO_UCS |
SYSLOG | 2022-07-04 View Change |
| Ping Federate | Authentication | PING_FEDERATE |
CSV | 2023-04-24 View Change |
| Avanan Email Security | Email Server | AVANAN_EMAIL |
JSON | 2022-07-12 View Change |
| AWS Key Management Service | AWS Specific | AWS_KMS |
JSON | 2022-05-27 View Change |
| Anomali | IOC | ANOMALI_IOC |
JSON, CEF | 2022-03-14 |
| BeyondTrust Privileged Identity | Privilege Account Activity | BEYONDTRUST_PI |
SYSLOG | 2022-10-24 View Change |
| Forseti Open Source | Google Cloud Specific | FORSETI |
JSON | 2021-12-23 |
| FireEye | Alerts | FIREEYE_ALERT |
SYSLOG + JSON, JSON | 2023-11-09 View Change |
| Windows DNS | DNS | WINDOWS_DNS |
JSON, XML, SYSLOG + KV | 2023-11-29 View Change |
| HAProxy | Load balancing | HAPROXY |
SYSLOG | 2023-09-25 View Change |
| Kisi Access Management | Physical Security | KISI |
JSON | 2023-06-14 View Change |
| Silverfort Authentication Platform | Identity and Access Management | SILVERFORT |
CEF SYSLOG | 2023-10-11 View Change |
| Atlassian Confluence | Knowledge base | ATLASSIAN_CONFLUENCE |
SYSLOG, JSON | 2023-11-14 View Change |
| VMware Workspace ONE | Logging and Troubleshooting | VMWARE_WORKSPACE_ONE |
SYSLOG | 2023-08-04 View Change |
| Centrify | SSO | CENTRIFY_SSO |
JSON | 2022-08-10 View Change |
| Red Canary | EDR | REDCANARY_EDR |
JSON | 2022-09-15 View Change |
| IBM Informix | DATABASE | INFORMIX |
JSON + SYSLOG | 2022-02-18 |
| Passive DNS | DNS | PASSIVE_DNS |
JSON | 2021-05-19 |
| Azure SQL | Database | AZURE_SQL |
JSON | 2022-02-08 |
| IBM Websphere Application Server | Web server | IBM_WEBSPHERE_APP_SERVER |
JSON, SYSLOG | 2022-01-20 |
| Archer Integrated Risk Management | Risk Management Solution | ARCHER_IRM |
SYSLOG | 2022-05-04 View Change |
| Netscout Arbor Sightline | Monitoring | ARBOR_SIGHTLINE |
SYSLOG + JSON | 2022-12-16 View Change |
| Custom Security Data Analytics | Log Aggregation | CUSTOM_SECURITY_DATA_ANALYTICS |
JSON | 2022-07-08 View Change |
| Palo Alto Prisma Access | Cloud Security | PAN_CASB |
JSON | 2022-11-25 View Change |
| Ping Identity | Authentication | PING |
JSON, SYSLOG + KV | 2023-04-06 View Change |
| Cisco ISE | Identity and Access Management | CISCO_ISE |
SYSLOG | 2023-11-20 View Change |
| Cloud Run | Google Cloud Specific | GCP_RUN |
JSON | 2023-04-13 View Change |
| Atlassian Bitbucket | Atlassian Bitbucket | ATLASSIAN_BITBUCKET |
JSON | 2023-06-12 View Change |
| TCPWave DDI | Secure ddi | TCPWAVE_DDI |
SYSLOG + JSON | 2022-09-27 View Change |
| Elastic Audit Beats | ALERTING | ELASTIC_AUDITBEAT |
JSON | 2023-09-04 View Change |
| Armis Devices | DEVICES | ARMIS_DEVICES |
JSON | 2023-03-02 View Change |
| Guardicore Centra | Deception Software | GUARDICORE_CENTRA |
JSON | 2023-09-08 View Change |
| Active Countermeasures | Alert | AI_HUNTER |
SYSLOG | 2020-12-08 |
| Netfilter IPtables | Firewall | NETFILTER_IPTABLES |
SYSLOG + KV | 2023-10-12 View Change |
| Microsoft Defender For Cloud | Automation and DevOps Tools | MICROSOFT_DEFENDER_CLOUD_ALERTS |
JSON | 2023-08-14 |
| Tanium Stream | Tanium Specific | TANIUM_TH |
JSON | 2023-09-20 View Change |
| Dell OpenManage | Systems Management Application | DELL_OPENMANAGE |
SYSLOG + KV | 2022-07-27 View Change |
| Red Hat OpenShift | Kubernetes Container | REDHAT_OPENSHIFT |
SYSLOG | 2022-08-17 View Change |
| Akamai WAF | WAF | AKAMAI_WAF |
SYSLOG | 2023-10-27 View Change |
| Cloud Identity Devices | Google Cloud Specific | GCP_CLOUDIDENTITY_DEVICES |
JSON | 2022-04-13 View Change |
| ISC DHCP | DHCP | ISC_DHCP |
JSON + SYSLOG + KV | 2022-02-08 |
| Rubrik | Backup software | RUBRIK |
SYSLOG | 2022-12-01 View Change |
| FortiGate | Firewall | FORTINET_FIREWALL |
JSON, SYSLOG + KV | 2023-11-21 View Change |
| Firewall Rule Logging | Google Cloud Specific | N/A |
JSON | 2023-11-01 View Change |
| Cofense | Email Server | COFENSE_TRIAGE |
SYSLOG + KV (CEF) | 2023-04-19 View Change |
| Trustwave webmarshal | Proxy Server | WEBMARSHAL |
SYSLOG + CSV | 2023-05-04 View Change |
| Kubernetes Audit | K8s cluster audit logs | KUBERNETES_AUDIT |
JSON | 2023-08-21 View Change |
| Symantec Web Isolation | Secure Access Service Edge | SYMANTEC_WEB_ISOLATION |
JSON | 2022-07-08 View Change |
| Delinea PAM | Access Management | DELINEA_PAM |
SYSLOG + CSV | 2022-11-10 View Change |
| BeyondTrust | Privilege Account Activity | BOMGAR |
SYSLOG | 2022-11-24 View Change |
| Comodo | AV / Endpoint | COMODO_AV |
SYSLOG + KV (CEF) | 2021-04-09 |
| Netskope Web Proxy | Web Proxy | NETSKOPE_WEBPROXY |
SYSLOG, SYSLOG+JSON, JSON | 2023-10-09 View Change |
| Apache Tomcat | Web server | TOMCAT |
JSON | 2022-04-20 View Change |
| VyOS Open Source Router | DHCP | VYOS |
SYSLOG | 2022-10-12 View Change |
| Shibboleth IDP | Identity and Access Management | SHIBBOLETH_IDP |
SYSLOG | 2021-04-19 |
| Fortinet FortiEDR | EDR | FORTINET_FORTIEDR |
SYSLOG + KV | 2023-08-07 View Change |
| AWS Cloudtrail | Cloud Log Aggregator | AWS_CLOUDTRAIL |
JSON | 2023-11-21 View Change |
| McAfee ePolicy Orchestrator | Policy Management | MCAFEE_EPO |
SYSLOG + XML, CSV, KV | 2023-10-15 View Change |
| Tanium Insight | Tanium Specific | TANIUM_INSIGHT |
SYSLOG + KV | 2021-03-10 |
| Infoblox DNS | DNS | INFOBLOX_DNS |
SYSLOG, CEF | 2023-10-17 View Change |
| Google Cloud IAM Analysis | Google Cloud Resources Contexts | N/A |
JSON | 2023-02-27 View Change |
| D3 Banking | BANKING | D3_BANKING |
JSON | 2022-03-23 View Change |
| Opnsense | Firewall and Routing Platform | OPNSENSE |
Syslog, Syslog + CSV | 2023-11-22 View Change |
| Qualys Virtual Scanner | Vulnerability Scanner | QUALYS_VIRTUAL_SCANNER |
JSON | 2023-08-21 View Change |
| Cisco Umbrella IP | Web Proxy | UMBRELLA_IP |
SYSLOG | 2022-08-22 View Change |
| BloxOne Threat Defense | DNS | BLOXONE |
SYSLOG + JSON | 2023-03-07 View Change |
| Windows Sysmon | DNS | WINDOWS_SYSMON |
JSON, XML | 2023-11-29 View Change |
| Saviynt Enterprise Identity Cloud | Endpoints | SAVIYNT_EIP |
JSON, JSON+KV | 2023-06-05 View Change |
| ServiceNow Security | SaaS Application | SERVICENOW_SECURITY |
JSON | 2021-05-24 |
| CyberArk | Privilege Account Management | CYBERARK |
KV (CEF) | 2022-10-10 View Change |
| Security Command Center Threat | Google Cloud Specific | N/A |
JSON | 2023-11-29 View Change |
| Zscaler CASB | CASB | ZSCALER_CASB |
JSON | 2023-09-30 View Change |
| Fireeye ETP | Email Server | FIREEYE_ETP |
JSON | 2021-06-11 |
| Trend Micro Vision One | AV and endpoint logs | TRENDMICRO_VISION_ONE |
SYSLOG + KV, CEF | 2023-03-24 View Change |
| CoSoSys Protector | Endpoint Detection | ENDPOINT_PROTECTOR_DLP |
SYSLOG + KV | 2023-04-17 View Change |
| Corelight | NDR | CORELIGHT |
JSON | 2023-11-29 View Change |
| Cybereason EDR | EDR | CYBEREASON_EDR |
JSON | 2023-02-23 View Change |
| Big Switch BigCloudFabric | Switches, Routers | BIGSWITCH_BCF |
SYSLOG | 2021-04-20 |
| Snare System Diagnostic Logs | Security | SNARE_SOLUTIONS |
SYSLOG + KV | 2022-07-29 View Change |
| Sysdig | Security | SYSDIG |
JSON | 2022-10-07 View Change |
| Compute Context | Google Cloud Specific | N/A |
JSON | 2022-07-29 View Change |
| Nucleus Asset Metadata | Nucleus Specific | NUCLEUS_ASSET |
JSON | 2021-08-05 |
| Saiwall VPN | VPN | SAIWALL_VPN |
KV | 2023-10-29 View Change |
| CrowdStrike Detection Monitoring | EDR | CS_DETECTS |
JSON | 2023-07-21 View Change |
| Windows Applocker | Application Locker | WINDOWS_APPLOCKER |
SYSLOG + KV + JSON + XML | 2023-10-17 View Change |
| F5 Shape | Security log | F5_SHAPE |
JSON | 2022-02-21 |
| AWS RDS | Database | AWS_RDS |
SYSLOG | 2023-04-24 View Change |
| Azure WAF | Log Aggregator | AZURE_WAF |
JSON | 2023-07-14 View Change |
| Cloud SQL | Google Cloud Specific | GCP_CLOUDSQL |
JSON | 2023-11-29 View Change |
| Digital Shadows Indicators | IOC | DIGITAL_SHADOWS_IOC |
JSON | 2022-04-23 |
| Sophos DHCP | DHCP | SOPHOS_DHCP |
SYSLOG + KV | 2022-02-10 |
| Forcepoint CASB | CASB | FORCEPOINT_CASB |
SYSLOG + CEF | 2022-08-23 View Change |
| Arista Switch | Switches | ARISTA_SWITCH |
JSON+SYSLOG | 2022-08-03 View Change |
| Cloud NAT | Google Cloud Specific | N/A |
JSON | 2023-04-06 View Change |
| Sophos Intercept EDR | EDR logs | SOPHOS_EDR |
JSON | 2022-12-27 View Change |
| Zscaler Internet Access Audit Logs | Security Service Edge (SSE) | ZSCALER_INTERNET_ACCESS |
CSV | 2023-10-26 View Change |
| Ionix | SECURITY | IONIX |
JSON | 2023-09-28 View Change |
| Ubiquiti UniFi Switch | Switch | UBIQUITI_SWITCH |
SYSLOG | 2023-11-21 View Change |
| Linux Auditing System (AuditD) | OS | AUDITD |
SYSLOG | 2023-11-27 View Change |
| Cisco Firewall Services Module | Firewall | CISCO_FWSM |
SYSLOG | 2023-05-05 View Change |
| AWS VPC Flow | AWS Specific | AWS_VPC_FLOW |
SYSLOG | 2023-04-06 View Change |
| F5 DNS | DNS | F5_DNS |
SYSLOG | 2021-06-17 |
| Kea DHCP | DHCP | KEA_DHCP |
SYSLOG | 2022-03-22 View Change |
| CrowdStrike Falcon Stream | Alerts | CS_STREAM |
KV (LEEF) | 2022-07-18 View Change |
| RSA NetWitness | PLATFORM CONFIGURATION | RSA_NETWITNESS |
SYSLOG | 2022-10-18 View Change |
| Proofpoint On Demand | Email Server | PROOFPOINT_ON_DEMAND |
JSON | 2023-11-13 View Change |
| Cisco Stealthwatch | Log Aggregator | CISCO_STEALTHWATCH |
JSON | 2023-06-19 View Change |
| WatchGuard | Syslog and KV | WATCHGUARD |
JSON | 2023-11-27 View Change |
| OSSEC | IDS/IPS | OSSEC |
SYSLOG | 2023-11-29 View Change |
| Box | Collaboration | BOX |
JSON | 2022-09-16 View Change |
| Compute Engine | Google Cloud Specific | GCP_COMPUTE |
JSON | 2023-02-24 View Change |
| McAfee MVISION CASB | CLOUD SECURITY | MCAFEE_MVISION_CASB |
KV | 2023-06-22 View Change |
| Onfido | Authentication | ONFIDO |
SYSLOG + JSON | 2023-03-10 View Change |
| OpenSSH | Logging and Troubleshooting | OPENSSH |
SYSLOG | 2023-10-05 View Change |
| PAN Autofocus | IOC | PAN_IOC |
JSON | 2021-08-09 |
| Strong Swan VPN | VPN | STRONGSWAN_VPN |
JSON | 2023-05-25 View Change |
| Azure VPN | VPN | AZURE_VPN |
JSON | 2023-03-07 View Change |
| Recorded Future | IOC | RECORDED_FUTURE_IOC |
JSON | 2021-11-17 |
| Department of Homeland Security | Threat detection | DHS_IOC |
XML | 2023-07-31 View Change |
| Nucleus Unified Vulnerability Management | Nucleus Specific | NUCLEUS_VULNERABILITY |
JSON | 2021-06-30 |
| McAfee Enterprise Security Manager | Log Aggregator | MCAFEE_ESM |
SYSLOG + JSON | 2022-02-25 |
| Duo Auth | Authentication | DUO_AUTH |
JSON | 2023-10-23 View Change |
| AWS CloudWatch | Cloud service monitoring | AWS_CLOUDWATCH |
JSON, GROK | 2023-09-02 View Change |
| Windows Defender ATP | AV / Endpoint | WINDOWS_DEFENDER_ATP |
SYSLOG + JSON, XML, JSON | 2023-11-25 View Change |
| Bitwarden Events | Password Manager | BITWARDEN_EVENTS |
JSON | 2023-11-09 View Change |
| Dell Switch | Switches, Routers | DELL_SWITCH |
SYSLOG | 2023-11-02 View Change |
| Pulse Secure Virtual Traffic Manager | Traffic Shapers | PULSE_SECURE_VTM |
SYSLOG | 2023-11-03 View Change |
| IBM DataPower Gateway | API Gateway | IBM_DATAPOWER |
JSON, SYSLOG | 2023-11-09 View Change |
| VPC Flow Logs | Google Cloud Specific | GCP_VPC_FLOW |
JSON | 2023-05-23 View Change |
| Zscaler Private Access | Security Service Edge | ZSCALER_ZPA |
SYSLOG + JSON, JSON | 2023-02-22 View Change |
| Chrome Management | Browser | N/A |
JSON | 2023-11-29 View Change |
| Cloudflare WAF | Cloud Log | CLOUDFLARE_WAF |
JSON | 2023-08-30 View Change |
| Netscout | NETWORK | ARBOR_EDGE_DEFENSE |
SYSLOG + KV | 2023-02-21 View Change |
| Cisco Umbrella DNS | DNS | UMBRELLA_DNS |
CSV, JSON | 2023-11-07 View Change |
| Red Hat Directory Server LDAP | Identity and Access Management | REDHAT_DIRECTORY_SERVER |
JSON + SYSLOG + KV | 2022-04-11 View Change |
| Workspace Alerts | Google Cloud Specific | WORKSPACE_ALERTS |
JSON | 2023-11-29 View Change |
| SonicWall | Firewall | SONIC_FIREWALL |
SYSLOG + KV | 2023-05-26 View Change |
| Fluentd Logs | Log Aggregator | FLUENTD |
SYSLOG + JSON | 2023-11-29 View Change |
| Thinkst Canary | Deception Software | THINKST_CANARY |
JSON | 2023-09-15 View Change |
| Microsoft Intune | Mobile Device Management | AZURE_MDM_INTUNE |
JSON | 2022-08-17 View Change |
| IBM z/OS | OS | IBM_ZOS |
LEEF | 2023-07-25 View Change |
| Evision FircoSoft | Infrastructure | EVISION_FIRCOSOFT |
SYSLOG | 2023-11-22 View Change |
| Menlo Security | Web Proxy | MENLO_SECURITY |
JSON | 2023-08-03 View Change |
| Microsoft Defender for Identity | EDR | MICROSOFT_DEFENDER_IDENTITY |
JSON | 2022-07-27 View Change |
| SentinelOne EDR | EDR | SENTINEL_EDR |
SYSLOG + JSON | 2023-11-09 View Change |
| Suricata EVE | IPS IDS | SURICATA_EVE |
JSON | 2022-08-17 View Change |
| Workspace Groups | Google Cloud Specific | WORKSPACE_GROUPS |
JSON | 2023-11-29 View Change |
| Cloud Identity Device Users | Google Cloud Specific | GCP_CLOUDIDENTITY_DEVICEUSERS |
JSON | 2022-10-01 View Change |
| Tanium Asset | Tanium Specific | TANIUM_ASSET |
JSON, SYSLOG + KV | 2022-09-26 View Change |
| Varonis | Data Security / Insider Threat | VARONIS |
SYSLOG + KV (CEF), LEEF | 2022-10-08 View Change |
| JAMF CMDB | Computer Inventory | JAMF |
JSON | 2023-04-27 View Change |
| Workspace Activities | Google Cloud Specific | WORKSPACE_ACTIVITY |
JSON | 2023-11-29 View Change |
| Imperva Database | Cloud Application and Edge Security | IMPERVA_DB |
SYSLOG | 2023-07-17 View Change |
| Clearswift | Information Security | CLEARSWIFT |
SYSLOG | 2023-11-22 View Change |
| Sourcefire | IDS/IPS | SOURCEFIRE_IDS |
JSON, CEF | 2023-07-06 View Change |
| Chronicle SOAR Audit | SOAR | CHRONICLE_SOAR_AUDIT |
JSON | 2023-10-12 View Change |
| Pivotal | PaaS Application | PIVOTAL |
SYSLOG + KV | 2022-08-17 View Change |
| Tanium Threat Response | Tanium Specific | TANIUM_THREAT_RESPONSE |
JSON | 2023-07-28 View Change |
| OpenVPN | Network | OPEN_VPN |
SYSLOG + KV + JSON | 2023-11-27 View Change |
| OneLogin | SSO | ONELOGIN_SSO |
JSON | 2023-04-28 View Change |
| Cloud DNS | Google Cloud Specific | N/A |
JSON | 2023-05-12 View Change |
| Cisco WLC/WCS | Wireless | CISCO_WIRELESS |
SYSLOG | 2023-02-09 View Change |
| AWS Config | AWS Specific | AWS_CONFIG |
JSON | 2022-05-27 View Change |
| Cylance Protect | Alerts | CYLANCE_PROTECT |
SYSLOG + KV | 2022-09-06 View Change |
| Akamai Cloud Monitor | Load Balancer, Traffic Shaper, ADC | AKAMAI_CLOUD_MONITOR |
JSON | 2023-09-16 View Change |
| Desynova Contido | Switches | DESYNOVA_CONTIDO |
SYSLOG + JSON | 2023-09-19 View Change |
| Custom DNS | DNS | CUSTOM_DNS |
JSON | 2022-08-05 View Change |
| IBM Security Verify SaaS | SaaS Application | IBM_SECURITY_VERIFY_SAAS |
JSON | 2023-10-27 View Change |
| Hashicorp Vault | Privileged Account Activity | HASHICORP |
JSON, SYSLOG, SYSLOG+JSON, SYSLOG+KV | 2023-10-26 View Change |
| Versa Firewall | FIREWALL | VERSA_FIREWALL |
SYSLOG + KV | 2023-07-03 View Change |
| Ipswitch SFTP | Data Transfer | IPSWITCH_SFTP |
SYSLOG, JSON | 2022-09-05 View Change |
| Honeyd | Deception Software | HONEYD |
SYSLOG | 2021-04-05 |
| Workday | SaaS Application | WORKDAY |
JSON | 2022-09-15 View Change |
| ExtraHop RevealX | Firewall IDS/IPS | EXTRAHOP |
JSON, SYSLOG | 2023-10-27 View Change |
| Cisco Switch | Switches, Routers | CISCO_SWITCH |
SYSLOG | 2023-11-05 View Change |
| Arcsight CEF | Security log | ARCSIGHT_CEF |
CEF Syslog | 2023-04-27 View Change |
| ZScaler DNS | DNS | ZSCALER_DNS |
SYSLOG + KV, JSON | 2023-10-17 View Change |
| AIX system | OS | AIX_SYSTEM |
SYSLOG | 2023-06-21 View Change |
| Cisco Internetwork Operating System | Network Infrastructure | CISCO_IOS |
SYSLOG | 2023-10-04 View Change |
| Oracle | DATABASE | ORACLE_DB |
SYSLOG + KV | 2023-10-25 View Change |
| Men and Mice DNS | DNS | MENANDMICE_DNS |
SYSLOG | 2021-11-12 |
| Microsoft AD | LDAP | WINDOWS_AD |
JSON | 2023-08-09 View Change |
| Azion | Firewall | AZION |
JSON | 2023-09-30 View Change |
| WordPress | Configuration Management | WORDPRESS_CMS |
JSON | 2023-05-25 View Change |
| Solarwinds Kiwi Syslog Server | Security Log | SOLARWINDS_KSS |
SYSLOG + KV | 2022-11-16 View Change |
| Juniper MX Router | Routers and Switches | JUNIPER_MX |
SYSLOG + KV | 2023-11-26 View Change |
| LimaCharlie | EDR | LIMACHARLIE_EDR |
JSON | 2023-08-07 |
| ExtraHop DNS | DNS | EXTRAHOP_DNS |
JSON | 2021-12-13 |
| Open Cybersecurity Schema Framework (OCSF) | Schema | OCSF |
JSON | 2023-10-30 View Change |
| Azure DevOps Audit | Automation and DevOps Tools | AZURE_DEVOPS |
JSON | 2023-11-23 View Change |
| Workspace Users | Google Cloud Specific | WORKSPACE_USERS |
JSON | 2023-11-29 View Change |
| Cisco UCM | Communication Manager | CISCO_UCM |
SYSLOG + KV | 2022-08-18 View Change |
| Digital Shadows SearchLight | Threat Intelligence | DIGITAL_SHADOWS_SEARCHLIGHT |
JSON | 2022-05-02 |
| FireEye NX | NDR | FIREEYE_NX |
JSON | 2022-05-18 View Change |
| CyberArk Endpoint Privilege Manager (EPM) | EPM | CYBERARK_EPM |
JSON | 2023-08-22 View Change |
| Zscaler | Web Proxy | ZSCALER_WEBPROXY |
SYSLOG + KV, CSV | 2023-11-20 View Change |
| Linux Sysmon | DNS | LINUX_SYSMON |
XML | 2023-11-09 View Change |
| Fidelis Network | NDR | FIDELIS_NETWORK |
SYSLOG + KV, JSON | 2023-09-04 View Change |
| iBoss Proxy | Webproxy | IBOSS_WEBPROXY |
SYSLOG + JSON | 2023-08-22 View Change |
| Microsoft Azure Activity | Misc Windows Specific | AZURE_ACTIVITY |
JSON | 2023-10-09 View Change |
| Preempt Alert | Identity and Access Management | PREEMPT |
SYSLOG + KV (CEF) | 2022-06-22 View Change |
| ManageEngine AD360 | Identity and Access Management | MANAGE_ENGINE_AD360 |
SYSLOG + KV | 2022-09-16 View Change |
| Fortinet FortiAnalyzer | Fortinet FortiAnalyzer | FORTINET_FORTIANALYZER |
JSON | 2023-07-19 View Change |
| Zix Email Encryption | Email Server | ZIX_EMAIL_ENCRYPTION |
SYSLOG | 2022-11-05 View Change |
| Unbound DNS | DNS | UNBOUND_DNS |
SYSLOG | 2020-06-09 |
| Brocade ServerIron ADX | Load Balancer | BROCADE_SERVERIRON |
SYSLOG | 2022-01-13 |
| Cloud Data Loss Prevention | Google Cloud Specific | N/A |
JSON | 2022-12-19 View Change |
| Zeek TSV | Format Specific | BRO_TSV |
SYSLOG + TSV | 2022-01-31 |
| Accellion | DLP | ACCELLION |
SYSLOG | 2022-09-30 View Change |
| Mobileiron | ENDPOINT MANAGEMENT | MOBILEIRON |
JSON | 2023-02-02 View Change |
| BeyondTrust Secure Remote Access | Remote Access Tools | BEYONDTRUST_REMOTE_ACCESS |
SYSLOG + KV | 2022-09-30 View Change |
| DMP | Physical Security | DMP_ENTRE |
SYSLOG | 2020-09-23 |
| Acalvio | Deception Software | ACALVIO |
SYSLOG + KV | 2020-10-13 |
| GCP_KUBERNETES_CONTEXT | Computer Inventory | GCP_KUBERNETES_CONTEXT |
JSON | 2023-11-01 View Change |
| Citrix Storefront | Remote Access Tools | CITRIX_STOREFRONT |
JSON | 2022-07-22 View Change |
| Stealthbits PAM | Privileged Access Management Solution | STEALTHBITS_PAM |
CEF + KV | 2023-11-07 View Change |
| Juniper IPS | IDS/IPS | JUNIPER_IPS |
SYSLOG + KV | 2022-05-26 View Change |
| Open LDAP | LDAP | OPENLDAP |
SYSLOG | 2023-07-18 View Change |
| IBM WebSEAL | Web server | IBM_WEBSEAL |
JSON, SYSLOG | 2023-11-17 View Change |
| Infoblox DHCP | DHCP | INFOBLOX_DHCP |
SYSLOG | 2023-04-26 View Change |
| Vectra Detect | NDR | VECTRA_DETECT |
SYSLOG + JSON + CEF | 2023-10-12 View Change |
| Qualys Continuous Monitoring | Monitoring | QUALYS_CONTINUOUS_MONITORING |
JSON | 2022-08-30 View Change |
| TrendMicro Web Proxy | Web Proxy | TRENDMICRO_WEBPROXY |
SYSLOG + KV | 2023-08-02 View Change |
| Automation Anywhere | Automation Tools | AUTOMATION_ANYWHERE |
SYSLOG + KV | 2021-04-28 |
| Juniper | Firewall | JUNIPER_FIREWALL |
SYSLOG + KV | 2023-11-02 View Change |
| Aqua Security | IaaS Applications | AQUA_SECURITY |
JSON | 2022-02-03 |
| Stormshield Firewall | FIREWALL | STORMSHIELD_FIREWALL |
SYSLOG + KV | 2023-06-29 View Change |
| Seqrite Endpoint Security (EPS) | AV and endpoint logs | SEQRITE_ENDPOINT |
LEEF | 2023-03-24 View Change |
| Palo Alto Cortex XDR Alerts | NDR | CORTEX_XDR |
JSON | 2023-11-10 View Change |
| pfSense | FIREWALL | PFSENSE |
SYSLOG | 2023-05-05 View Change |
| Tripwire | DLP | TRIPWIRE_FIM |
SYSLOG | 2023-06-21 View Change |
| ClamAV | AV / Endpoint | CLAM_AV |
JSON | 2022-02-07 |
| Quest Active Directory | Authentication log | QUEST_AD |
CEF SYSLOG | 2022-01-31 |
| Zoom Operation Logs | Operation-Specific | ZOOM_OPERATION_LOGS |
SYSLOG | 2022-11-04 View Change |
| Imperva | WAF | IMPERVA_WAF |
SYSLOG+KV, JSON | 2023-10-16 View Change |
| Carbon Black | EDR | CB_EDR |
JSON | 2023-10-26 View Change |
| Elastic Packet Beats | Log Aggregator | ELASTIC_PACKETBEATS |
SYSLOG + JSON | 2022-05-09 View Change |
| Palo Alto Networks Firewall | Firewall | PAN_FIREWALL |
CSV + CEF + LEEF | 2023-11-29 View Change |
| Symantec Endpoint Protection | AV / Endpoint | SEP |
SYSLOG | 2023-11-28 View Change |
| RH-ISAC | IOC | RH_ISAC_IOC |
JSON | 2023-11-21 View Change |
| Avaya Aura Experience Portal | Avaya Aura Experience Portal | AVAYA_AURA |
SYSLOG | 2022-12-30 View Change |
| HP Procurve Switch | Switches | HP_PROCURVE |
SYSLOG | 2023-09-24 View Change |
| Snort | IDS/IPS | SNORT_IDS |
SYSLOG + JSON | 2022-09-22 View Change |
| Dataminr Alerts | DATAMINR_ALERT |
2023-08-23 View Change |
||
| Cisco DHCP | DHCP | CISCO_DHCP |
SYSLOG + CSV | 2022-02-07 |
| NXLog Manager | Log Aggregator | NXLOG_MANAGER |
SYSLOG | 2022-01-13 |
| Barracuda Firewall | Firewall | BARRACUDA_FIREWALL |
SYSLOG | 2022-07-08 View Change |
| Elastic Windows Event Log Beats | Log Aggregator | ELASTIC_WINLOGBEAT |
SYSLOG + JSON | 2023-11-28 View Change |
| Tanium Discover | Tanium Specific | TANIUM_DISCOVER |
JSON | 2022-11-24 View Change |
| F5 Advanced Firewall Management | Firewall | F5_AFM |
SYSLOG + CSV | 2023-09-11 View Change |
| IBM Security Verify | Endpoint Security | IBM_SECURITY_VERIFY |
SYSLOG | 2023-01-25 View Change |
| Samba SMBD | Privileged Account Activity | SMBD |
Syslog | 2023-03-09 View Change |
| Fortinet FortiNAC | NAC | FORTINET_FORTINAC |
SYSLOG | 2022-07-08 View Change |
| Symantec VIP Gateway | Email Server | SYMANTEC_VIP |
SYSLOG | 2023-03-03 View Change |
| Azure AD Directory Audit | Audit | AZURE_AD_AUDIT |
JSON | 2023-11-23 View Change |
| Sophos UTM | Unified Threat Management | SOPHOS_UTM |
KV | 2022-06-30 View Change |
| SentinelOne Deep Visibility | EDR | SENTINEL_DV |
JSON | 2023-09-06 View Change |
| Kubernetes Auth Proxy | Kubernetes Specific | KUBERNETES_AUTH_PROXY |
JSON | 2022-09-08 View Change |
| DigitalArts i-Filter | Web Proxy | DIGITALARTS_IFILTER |
SYSLOG | 2023-04-17 View Change |
| Ansible AWX | Automation and DevOps Tools | ANSIBLE_AWX |
JSON | 2022-11-09 View Change |
| Emerging Threats Pro | IOC | ET_PRO_IOC |
CSV | 2022-11-28 View Change |
| Gitlab | SAAS | GITLAB |
JSON | 2023-10-20 View Change |
| ForgeRock OpenAM | Identity and Access Management | OPENAM |
CSV, SYSLOG + KV | 2023-05-19 View Change |
| Proofpoint Observeit | Email Server | OBSERVEIT |
JSON, KV | 2023-11-03 View Change |
| Pulse Secure | VPN | PULSE_SECURE_VPN |
SYSLOG | 2023-11-07 View Change |
| McAfee DLP | DLP | MCAFEE_DLP |
CSV | 2022-04-13 View Change |
| Barracuda WAF | Firewall | BARRACUDA_WAF |
JSON, SYSLOG + KV | 2023-07-19 View Change |
| Cisco Web Services Manager | CISCO_WSM | CISCO_WSM |
SYSLOG | 2023-10-05 View Change |
| CloudM | Identity and Access Management | CLOUDM |
JSON | 2022-06-09 View Change |
| Aruba Airwave | Wireless | ARUBA_AIRWAVE |
XML | 2021-03-16 |
| CrowdStrike Falcon | EDR | CS_EDR |
JSON | 2023-11-23 View Change |
| Cisco Prime | Network Management and Optimization | CISCO_PRIME |
SYSLOG | 2021-05-21 |
| JumpCloud Directory Insights | CLOUD | JUMPCLOUD_DIRECTORY_INSIGHTS |
JSON | 2023-11-21 View Change |
| Qualys Asset Context | Vulnerability Scanner | QUALYS_ASSET_CONTEXT |
JSON | 2023-08-01 View Change |
| Vectra Stream | NDR | VECTRA_STREAM |
SYSLOG + KV | 2023-10-15 View Change |
| Proofpoint Threat Response | Email Server | PROOFPOINT_TRAP |
SYSLOG | 2023-05-26 View Change |
| Imperva Advanced Bot Protection | Bot Protection | IMPERVA_ABP |
JSON | 2023-07-21 View Change |
| Illumio Core | Policy Management | ILLUMIO_CORE |
JSON | 2023-03-14 View Change |
| Microsoft Sentinel | Microsoft Sentinel | MICROSOFT_SENTINEL |
JSON | 2023-11-03 View Change |
| Cisco Meraki | Wireless | CISCO_MERAKI |
SYSLOG, JSON | 2023-10-09 View Change |
| CSV Custom IOC | IOC | CSV_CUSTOM_IOC |
CSV | 2023-09-11 View Change |
| Azure AD | LDAP | AZURE_AD |
JSON | 2023-11-20 View Change |
| Cisco Umbrella Cloud Firewall | Firewall | UMBRELLA_FIREWALL |
CSV | 2022-09-02 View Change |
| Layer7 SiteMinder | SSO | SITEMINDER_SSO |
KV+JSON | 2022-08-30 View Change |
| Mongo Database | DATABASE | MONGO_DB |
JSON | 2023-05-26 View Change |
| Netscout OCI | Alert log | NETSCOUT_OCI |
SYSLOG + KV | 2023-09-04 View Change |
| ForgeRock OpenDJ | LDAP | OPENDJ |
SYSLOG + KV | 2020-10-01 |
| AMD Pensando DSS Firewall | Firewall | AMD_DSS_FIREWALL |
SYSLOG + CSV | 2023-05-08 View Change |
| AWS Security Hub | IDS/IPS | AWS_SECURITY_HUB |
JSON | 2023-06-20 View Change |
| Cisco Umbrella Audit | Firewall and Security Management | CISCO_UMBRELLA_AUDIT |
CSV | 2023-02-28 View Change |
| Nokia VitalQIP | DDI (DNS, DHCP, IPAM) | VITALQIP |
SYSLOG | 2022-03-01 |
| Cloud Passage | SaaS Application | CLOUD_PASSAGE |
JSON | 2022-06-30 View Change |
| Cisco PIX Firewall | Firewall | CISCO_PIX_FIREWALL |
SYSLOG | 2023-05-23 View Change |
| EfficientIP DDI | Network | EFFICIENTIP_DDI |
SYSLOG + KV | 2022-01-24 |
| Semperis DSP | LDAP | SEMPERIS_DSP |
SYSLOG | 2021-04-29 |
| Nyansa Events | IoT | NYANSA_EVENTS |
SYSLOG + KV | 2023-03-01 View Change |
| Kubernetes Node | Kubernetes Container | KUBERNETES_NODE |
JSON | 2023-11-29 View Change |
| Okera Dynamic Access Platform | Data Security | OKERA_DAP |
JSON | 2023-01-29 View Change |
| Cloud Intrusion Detection System | Google Cloud Specific | GCP_IDS |
JSON | 2023-09-26 View Change |
| Lenel Onguard Badge Management | Access Control System | LENEL_ONGUARD |
JSON | 2022-10-31 View Change |
| Tanium Audit | SCAN NETWORK | TANIUM_AUDIT |
JSON | 2023-09-26 View Change |
| Cloud Load Balancing | Google Cloud Specific | GCP_LOADBALANCING |
JSON | 2023-11-29 View Change |
| Hitachi Cloud Platform | Hitachi Cloud Platform | HITACHI_CLOUD_PLATFORM |
SYSLOG | 2023-05-30 View Change |
| Trend Micro AV | AV / Endpoint | TRENDMICRO_AV |
SYSLOG + KV, CEF | 2023-05-21 View Change |
| Uptycs EDR | Endpoint detection and response | UPTYCS_EDR |
JSON | 2022-07-08 View Change |
| Sendmail | Email Server | SENDMAIL |
SYSLOG + KV | 2023-09-20 View Change |
| Openpath | AV / Endpoint | OPENPATH |
SYSLOG | 2023-11-08 View Change |
| Palo Alto Panorama | Firewall | PAN_PANORAMA |
CSV | 2023-08-07 View Change |
| ESET AV | ESET_AV | ESET_AV |
SYSLOG + JSON | 2023-01-10 View Change |
| Cisco CTS | Telephone Software | CISCO_CTS |
SYSLOG + KV | 2021-05-20 |
| VMware vRealize Suite | Cloud | VMWARE_VREALIZE |
SYSLOG | 2023-06-20 View Change |
| AWS Aurora | AWS | AWS_AURORA |
JSON | 2023-11-02 View Change |
| Stealthbits Audit | File system monitoring | STEALTHBITS_AUDIT |
JSON | 2021-11-09 |
| Okta Access Gateway | OKTA specific | OKTA_ACCESS_GATEWAY |
SYSLOG + KV | 2023-02-20 View Change |
| ThreatConnect | IOC | THREATCONNECT_IOC |
JSON | 2022-01-13 |
| AWS EMR | AWS Specific | AWS_EMR |
SYSLOG, SYSLOG+JSON, JSON | 2023-10-30 View Change |
| VMware AirWatch | Wireless | AIRWATCH |
SYSLOG + KV | 2023-09-05 View Change |
| Bitdefender | AV / Endpoint | BITDEFENDER |
CSV | 2023-05-02 View Change |
| Cyberark Privilege Cloud | Identity & Access Management | CYBERARK_PRIVILEGE_CLOUD |
SYSLOG + KV | 2023-11-24 View Change |
| VMware Horizon | VDI | VMWARE_HORIZON |
SYSLOG | 2022-08-15 View Change |
| Wazuh | Log Aggregator | WAZUH |
SYSLOG + JSON | 2023-07-17 View Change |
| AWS Route 53 DNS | AWS Specific | AWS_ROUTE_53 |
JSON + SYSLOG | 2023-05-08 View Change |
| Nokia Router | Switches and Routers | NOKIA_ROUTER |
SYSLOG + KV | 2023-11-27 View Change |
| Akamai Enterprise Application Access | Enterprise Application Access | AKAMAI_EAA |
JSON | 2023-11-14 View Change |
| Jenkins | Automation and DevOps | JENKINS |
JSON, SYSLOG | 2023-11-27 View Change |
| Blue Coat Proxy | Web Proxy | BLUECOAT_WEBPROXY |
SYSLOG + JSON, SYSLOG + KV | 2023-11-27 View Change |
| Digi modems | Switches and Routers | DIGI_MODEMS |
SYSLOG | 2023-06-26 View Change |
| Cisco FireSIGHT Management Center | SaaS Application | CISCO_FIRESIGHT |
KV | 2023-09-21 View Change |
| ManageEngine ADAudit Plus | Active Directory Audit | ADAUDIT_PLUS |
SYSLOG + KV (CEF) | 2023-10-17 View Change |
| Datadog | NDR | DATADOG |
JSON | 2023-07-21 View Change |
| Oracle Cloud Infrastructure VCN Flow Logs | Oracle Cloud Infrastructure | OCI_FLOW |
JSON | 2023-04-29 View Change |
| Palo Alto Prisma Cloud | SECURITY PLATFORM | PAN_PRISMA_CLOUD |
JSON | 2022-08-09 View Change |
| CA LDAP | Web server | CA_LDAP |
JSON | 2022-08-19 View Change |
| Qualys Scan | Vulnerability scanner | QUALYS_SCAN |
JSON | 2023-04-21 View Change |
| Microsoft Exchange | Email Server | EXCHANGE_MAIL |
SYSLOG | 2023-11-20 View Change |
| Trustwave SEC MailMarshal | Email server | MAILMARSHAL |
SYSLOG | 2023-04-06 View Change |
| SecureLink | Remote Access Tools | SECURELINK |
SYSLOG | 2023-09-13 View Change |
| Trend Micro Deep Security | AV / Endpoint | TRENDMICRO_DEEP_SECURITY |
LEEF | 2022-09-01 View Change |
| ProofPoint Secure Email Relay | Email server | PROOFPOINT_SER |
JSON | 2023-08-29 View Change |
| Bluecat Edge DNS Resolver | DNS | BLUECAT_EDGE |
JSON, KV, SYSLOG | 2022-01-18 |
| Kiteworks | Network | KITEWORKS |
SYSLOG, CSV | 2023-11-10 View Change |
| Microsoft Powershell | Misc. Windows-specific | POWERSHELL |
SYSLOG + JSON | 2023-09-14 View Change |
| Apache Cassandra | Web server | CASSANDRA |
JSON | 2022-04-13 View Change |
| CommVault | Alert System | COMMVAULT |
KV , SYSLOG | 2023-11-10 View Change |
| Imperva SecureSphere Management | Data Security / Insider Threat | IMPERVA_SECURESPHERE |
SYSLOG + KV (CEF) | 2023-04-26 View Change |
| Infoblox | DHCP, DNS | INFOBLOX |
SYSLOG | 2023-11-07 View Change |
| FireEye HX Audit | Audits | FIREEYE_HX_AUDIT |
XML | 2022-11-04 View Change |
| HPE ILO | Server Management | HPE_ILO |
SYSLOG | 2023-11-27 View Change |
| Linux DHCP | DHCP | LINUX_DHCP |
SYSLOG | 2023-11-10 View Change |
| McAfee Skyhigh CASB | CASB | MCAFEE_SKYHIGH_CASB |
SYSLOG + KV | 2023-06-17 View Change |
| Thycotic | Identity and Access Management | THYCOTIC |
SYSLOG + KV (CEF) | 2023-09-22 View Change |
| IBM CICS | Service Bus | IBM_CICS |
LEEF | 2021-10-27 |
| McAfee Unified Cloud Edge | SaaS Application | MCAFEE_UCE |
JSON | 2021-07-20 |
| Barracuda Email | Email Server | BARRACUDA_EMAIL |
JSON | 2023-01-19 View Change |
| IBM AS/400 | Application System | IBM_AS400 |
SYSLOG + KV | 2022-04-13 View Change |
| Cisco VCS Expressway | Telephone software | CISCO_VCS |
SYSLOG | 2023-06-12 View Change |
| Mandiant Custom IOC | IOC | MANDIANT_CUSTOM_IOC |
JSON | 2023-11-17 View Change |
| Ordr IoT | IoT | ORDR_IOT |
SYSLOG + JSON | 2022-08-19 View Change |
| Skybox Firewall Assurance | Firewall | SKYBOX_FIREWALL_ASSURANCE |
SYSLOG + KV | 2023-09-07 View Change |
| Snyk Group level audit Logs | Vulnerability Scanners | SNYK_SDLC |
JSON | 2023-04-25 View Change |
| macOS Endpoint Security | AV and endpoint logs | MACOS_ENDPOINT_SECURITY |
SYSLOG + KV | 2023-07-17 View Change |
| Microsoft Azure NSG Flow | Network Flow | AZURE_NSG_FLOW |
JSON | 2022-04-18 View Change |
| ManageEngine Reporter Plus | SaaS Application | MANAGE_ENGINE_REPORTER_PLUS |
JSON | 2022-08-29 View Change |
| Tanium Patch | Tanium Specific | TANIUM_PATCH |
JSON | 2022-02-08 |
| Ruckus Networks | Wireless | RUCKUS_WIRELESS |
SYSLOG + KV | 2023-01-06 View Change |
| Office 365 Message Trace | OFFICE_365 Specific | OFFICE_365_MESSAGETRACE |
JSON | 2023-05-10 View Change |
| Okta | Identity and Access Management | OKTA |
JSON | 2023-06-28 View Change |
| Sophos Central | AV / Endpoint | SOPHOS_CENTRAL |
JSON | 2022-12-27 View Change |
| Apigee | Google Cloud Specific | GCP_APIGEE |
JSON | 2021-11-02 |
| Ipswitch MOVEit Transfer | Switches | IPSWITCH_MOVEIT_TRANSFER |
SYSLOG + CSV | 2023-08-18 View Change |
| Microsoft Azure Resource | Log Aggregator | AZURE_RESOURCE_LOGS |
JSON | 2023-10-04 View Change |
| Duo User Context | Identity and Access Management | DUO_USER_CONTEXT |
JSON | 2021-04-12 |
| Centripetal Networks IOC | IOC | CENTRIPETAL_IOC |
SYSLOG + KV | 2022-01-06 |
| Oracle Unified Directory | ORACLE OUD | ORACLE_OUD |
SYSLOG | 2023-09-11 View Change |
| Windows DHCP | DHCP | WINDOWS_DHCP |
JSON, SYSLOG, CSV | 2023-11-29 View Change |
| SiteMinder Web Access Management | SSO | CA_SSO_WEB |
JSON | 2022-08-08 View Change |
| Deep Instinct EDR | EDR | DEEP_INSTINCT_EDR |
SYSLOG + KV | 2022-11-18 View Change |
| HCL BigFix | Network Management and Optimization | HCL_BIGFIX |
JSON | 2022-08-30 View Change |
| Check Point | Firewall | CHECKPOINT_FIREWALL |
SYSLOG + KV, JSON | 2023-10-11 View Change |
| Lacework Cloud Security | Cloud Security | LACEWORK |
JSON | 2023-11-09 View Change |
| Symantec DLP | DLP | SYMANTEC_DLP |
SYSLOG + KV (CEF), XML | 2023-09-02 View Change |
| Armis Activities | ACTIVITIES | ARMIS_ACTIVITIES |
JSON | 2023-02-07 View Change |
| Tenable Active Directory Security | Tenable Active Directory Security | TENABLE_ADS |
SYSLOG | 2023-11-06 View Change |
| Workspace Mobile Devices | Google Cloud Specific | WORKSPACE_MOBILE |
JSON | 2023-11-29 View Change |
| IBM Safenet | IT infrastructure | IBM_SAFENET |
SYSLOG | 2023-05-24 View Change |
| Microsoft ATA | IDS/IPS | MICROSOFT_ATA |
SYSLOG + KV | 2021-07-13 |
| ESET Threat Intelligence | IOC | ESET_IOC |
JSON | 2023-10-05 View Change |
| NGINX | Server Management | NGINX |
JSON + SYSLOG | 2022-09-10 View Change |
| Thales Vormetric | Encryption | VORMETRIC |
SYSLOG | 2021-12-17 |
| Windows Defender AV | AV / Endpoint | WINDOWS_DEFENDER_AV |
JSON, XML | 2023-09-04 View Change |
| Rapid7 Insight | Vulnerability Scanner | RAPID7_INSIGHT |
SYSLOG, JSON | 2023-05-05 View Change |
| Forescout NAC | NAC | FORESCOUT_NAC |
SYSLOG, CEF | 2023-05-31 View Change |
| Fortinet | DHCP | FORTINET_DHCP |
KV | 2022-11-21 View Change |
| Armis Vulnerabilities | VULNERABILITIES | ARMIS_VULNERABILITIES |
JSON | 2023-02-07 View Change |
| HCNET Account Adapter Plus | DHCP | HCNET_ACCOUNT_ADAPTER |
SYSLOG | 2022-09-15 View Change |
| tenable.io | Vulnerability Scanner | TENABLE_IO |
JSON | 2023-01-02 View Change |
| AWS Elastic Load Balancer | AWS Specific | AWS_ELB |
SYSLOG | 2022-05-27 View Change |
| Azure Cosmos DB | Database | AZURE_COSMOS_DB |
JSON | 2023-02-22 View Change |
| Peplink Firewall | Firewall | PEPLINK_FW |
SYSLOG + KV | 2023-08-17 View Change |
| Microsoft CASB | CASB | MICROSOFT_CASB |
SYSLOG + KV (CEF) | 2023-11-27 View Change |
| NetApp SAN | Rest api | NETAPP_SAN |
SYSLOG | 2023-04-25 View Change |
| Auth0 | Authentication log | AUTH_ZERO |
JSON | 2023-06-19 View Change |
| Cloudflare | SaaS Application | CLOUDFLARE |
JSON | 2023-11-22 View Change |
| 1Password | Identity and Access Management | ONEPASSWORD |
JSON | 2023-06-07 View Change |
| Crowdstrike IOC | IOC | CROWDSTRIKE_IOC |
JSON | 2023-08-23 View Change |
| Aruba | Wireless | ARUBA_WIRELESS |
SYSLOG | 2023-05-25 View Change |
| MySQL | Database | MYSQL |
SYSLOG | 2021-04-12 |
| Ntopng | NTOPNG |
2023-11-16 View Change |
||
| VMware NSX | Network and Security Virtualization | VMWARE_NSX |
KV | 2023-11-15 View Change |
| Okta User Context | Identity and Access Management | OKTA_USER_CONTEXT |
JSON | 2023-08-16 View Change |
| SAP Netweaver | Database | SAP_NETWEAVER |
JSON | 2023-05-03 View Change |
| Fortinet Web Application Firewall | WEB | FORTINET_FORTIWEB |
KV | 2023-05-18 View Change |
| Riverbed Steelhead | Network Management and Optimization | STEELHEAD |
JSON | 2022-08-08 View Change |
| GMV Checker ATM Security | ATM Audit | GMV_CHECKER |
SYSLOG | 2022-04-20 View Change |
| CloudGenix SD-WAN | Switches, Routers | CLOUDGENIX_SDWAN |
SYSLOG + KV | 2022-09-08 View Change |
| AppOmni | SAAS Security Application | APPOMNI |
JSON | 2023-08-23 View Change |
| NIMBLE OS | OS | NIMBLE_OS |
SYSLOG | 2022-07-21 View Change |
| RSA | Identity and Access Management | RSA_AUTH_MANAGER |
CSV | 2022-08-09 View Change |
| IBM Guardium | Database DLP | GUARDIUM |
CSV, CEF | 2022-10-06 View Change |
| Unifi AP | Switches and Routers | UNIFI_AP |
SYSLOG + KV, SYSLOG + JSON | 2022-05-24 View Change |
| Windows Hyper-V | Virtualization Software | WINDOWS_HYPERV |
JSON | 2023-10-09 View Change |
| SailPoint IAM | Identity and Access Management | SAILPOINT_IAM |
JSON | 2022-07-08 View Change |
| Kubernetes Audit Azure | Log Aggregator | KUBERNETES_AUDIT_AZURE |
JSON | 2023-06-20 View Change |
| OSQuery | EDR | OSQUERY_EDR |
SYSLOG + JSON | 2023-11-29 View Change |
| Snoopy Logger | Log Aggregator | SNOOPY_LOGGER |
SYSLOG | 2022-08-10 View Change |
| Neosec | Security | NEOSEC |
JSON | 2023-07-31 View Change |
| Nutanix Prism | Firewall | NUTANIX_PRISM |
JSON | 2023-01-23 View Change |
| Thales Digital Identity and Security | Digital Identity & Security | THALES_DIS |
SYSLOG | 2022-03-17 |
| Static IP | DHCP | ASSET_STATIC_IP |
CSV | 2023-06-16 View Change |
| Airlock Digital Application Allowlisting | Application Whitelisting | AIRLOCK_DIGITAL |
SYSLOG | 2023-02-22 View Change |
| Nasuni File Services Platform | Data Transfer | NASUNI_FILE_SERVICES |
SYSLOG + JSON | 2022-08-21 View Change |
| Cisco NX-OS | OS | CISCO_NX_OS |
SYSLOG | 2023-08-11 View Change |
| Apache | Security | APACHE |
SYSLOG + JSON | 2023-07-31 View Change |
| AWS WAF | AWS Specific | AWS_WAF |
JSON | 2023-09-11 View Change |
| Juniper Mist | Network Management and Optimization software | JUNIPER_MIST |
JSON | 2023-02-24 View Change |
| Imperva CEF | CEF | IMPERVA_CEF |
SYSLOG + KV | 2023-03-07 View Change |
| Sophos Capsule8 | Container Security | SOPHOS_CAPSULE8 |
JSON | 2021-12-22 |
| FileZilla | File tranfser | FILEZILLA_FTP |
SYSLOG | 2022-03-23 View Change |
| Cambium Networks | Switches and Routers Log Type | CAMBIUM_NETWORKS |
SYSLOG | 2023-07-27 View Change |
| Cisco CloudLock | CASB | CISCO_CLOUDLOCK_CASB |
JSON | 2021-10-04 |
| F5 ASM | WAF | F5_ASM |
SYSLOG | 2023-11-08 View Change |
| ZScaler NGFW | Firewall | ZSCALER_FIREWALL |
SYSLOG + KV (CEF), CSV | 2023-09-12 View Change |
| Cloud Audit Logs | Google Cloud Specific | N/A |
JSON | 2023-11-29 View Change |
| CA Access Control | Access Management | CA_ACCESS_CONTROL |
JSON+SYSLOG, SYSLOG | 2023-07-25 View Change |
| Google Cloud Identity Context | Identity and Access Management | CLOUD_IDENTITY_CONTEXT |
JSON | 2023-07-25 View Change |
| Juniper Junos | Network Device | JUNIPER_JUNOS |
SYSLOG + KV | 2023-10-25 View Change |
| MISP Threat Intelligence | Cybersecurity | MISP_IOC |
JSON, CSV | 2023-09-26 View Change |
| Palo Alto Cortex XDR Events | Monitoring and Threat Detection | PAN_CORTEX_XDR_EVENTS |
JSON | 2023-02-01 View Change |
| Aruba EdgeConnect SD-WAN | Network Security | ARUBA_EDGECONNECT_SDWAN |
SYSLOG + CSV | 2023-05-03 View Change |
| Tanium Integrity Monitor | Tanium Specific | TANIUM_INTEGRITY_MONITOR |
JSON | 2022-10-12 View Change |
| Windows Event | Endpoint | WINEVTLOG |
JSON + KV + XML | 2023-11-29 View Change |
| GCP_NETWORK_CONNECTIVITY | Computer Inventory | GCP_NETWORK_CONNECTIVITY_CONTEXT |
JSON | 2023-06-13 View Change |
| IBM Security Access Manager | WAF | IBM_SAM |
SYSLOG | 2023-09-12 View Change |
| Zeek JSON | DNS | BRO_JSON |
JSON | 2023-11-29 View Change |
| AWS GuardDuty | IDS/IPS | GUARDDUTY |
JSON | 2023-08-18 View Change |
| Kyriba Treasury Management | SaaS Application | KYRIBA |
CSV | 2021-02-24 |
| Apple MacOS | AV / Endpoint | MACOS |
SYSLOG | 2022-05-04 View Change |
| ESET | EDR | ESET_EDR |
SYSLOG + JSON | 2022-05-10 View Change |
| Cloudian hyperstore | Storage Solutions | CLOUDIAN_HYPERSTORE |
SYSLOG | 2021-05-05 |
| Kemp Load Balancer | Load Balancer, Traffic Shaper, ADC | KEMP_LOADBALANCER |
SYSLOG + KV | 2023-05-31 View Change |
| McAfee IPS | IDS/IPS | MCAFEE_IPS |
SYSLOG | 2021-04-15 |
| Kong API Gateway | Microservice management | KONG_GATEWAY |
SYSLOG + JSON | 2022-09-23 View Change |
| Proofpoint Tap Alerts | Email Server | PROOFPOINT_MAIL |
JSON | 2023-06-26 View Change |
| Cisco Wireless IPS | Cisco Wips | CISCO_WIPS |
SYSLOG + KV | 2023-11-17 View Change |
| Citrix Monitor | Monitoring of DaaS | CITRIX_MONITOR |
JSON | 2022-12-06 View Change |
| Elastic Search | Log Aggregator | ELASTIC_SEARCH |
JSON | 2023-11-02 View Change |
| Symantec CloudSOC CASB | CASB | SYMANTEC_CASB |
SYSLOG + JSON | 2021-12-17 |
| Sophos Firewall (Next Gen) | Firewall | SOPHOS_FIREWALL |
KV | 2023-11-20 View Change |
| Fortinet FortiClient | Security | FORTINET_FORTICLIENT |
KV | 2023-10-27 View Change |
| Slack Audit | Productivity | SLACK_AUDIT |
JSON | 2023-10-27 View Change |
| IBM DB2 | Database | DB2_DB |
LEEF | 2023-10-30 View Change |
| EPIC Systems | Discovery and Monitoring | EPIC |
LEEF + KV | 2022-10-31 View Change |
| Jamf Protect Alerts | Endpoint Security | JAMF_PROTECT |
JSON | 2023-11-22 View Change |
| Cato Networks | NDR | CATO_NETWORKS |
JSON | 2023-05-19 View Change |
| Cloud SQL Context | Google Cloud Specific | GCP_SQL_CONTEXT |
JSON | 2023-07-26 View Change |
| Preempt Auth | Identity and Access Management | PREEMPT_AUTH |
SYSLOG + JSON | 2021-06-16 |
| Duo Telephony Logs | Identity and Access Management | DUO_TELEPHONY |
JSON | 2023-08-24 View Change |
| Teleport Access Plane | Remote Access | TELEPORT_ACCESS_PLANE |
SYSLOG | 2023-11-17 View Change |
| Cisco Firepower NGFW | Firewall | CISCO_FIREPOWER_FIREWALL |
SYSLOG + KV, JSON | 2023-09-12 View Change |
| McAfee Web Protection | SaaS Application | MCAFEE_WEB_PROTECTION |
JSON | 2022-09-22 View Change |
| NetApp ONTAP | Rest api | NETAPP_ONTAP |
SYSLOG | 2023-04-03 View Change |
| AlgoSec Security Management | Policy Management | ALGOSEC |
SYSLOG + KV (CEF) | 2022-11-27 View Change |
| Cisco TACACS+ | Authentication | CISCO_TACACS |
SYSLOG + KV | 2022-08-09 View Change |
| BMC Helix Discovery | bmc helix discovery | BMC_HELIX_DISCOVERY |
SYSLOG | 2022-08-29 View Change |
| Net Suite | WAF | NET_SUITE |
kv | 2023-08-02 View Change |
| Cloud Storage Context | Google Cloud Specific | N/A |
JSON | 2023-04-13 View Change |
| Microsoft Graph API Alerts | Gateway to data and intelligence | MICROSOFT_GRAPH_ALERT |
JSON | 2023-11-27 View Change |
| Proofpoint Web Browser Isolation | ATTACK PROTECTION ISOLATION | PROOFPOINT_WEB_BROWSER_ISOLATION |
JSON | 2023-05-25 View Change |
| Forcepoint DLP | Forcepoint DLP | FORCEPOINT_DLP |
CEF | 2022-11-07 View Change |
| Azure Application Gateway | GATEWAY | AZURE_GATEWAY |
JSON | 2023-11-16 View Change |
| Cisco Application Control Engine | Load Balancer, Traffic Shaper, ADC | CISCO_ACE |
SYSLOG | 2022-09-15 View Change |
| F5 BIGIP Access Policy Manager | Access Policy Manager | F5_BIGIP_APM |
SYSLOG | 2023-06-06 View Change |
| Oracle Cloud Infrastructure Audit Logs | Oracle Cloud Infrastructure | OCI_AUDIT |
JSON | 2023-09-29 View Change |
| Symantec EDR | EDR | SYMANTEC_EDR |
JSON | 2022-03-31 View Change |
| AWS Control Tower | Identity and Access Management | AWS_CONTROL_TOWER |
JSON | 2023-01-04 View Change |
| FireEye HX | EDR | FIREEYE_HX |
JSON | 2023-05-08 View Change |
| Microsoft Defender for Endpoint | EDR | MICROSOFT_DEFENDER_ENDPOINT |
JSON | 2023-10-12 View Change |
| Windows Firewall | Firewall | WINDOWS_FIREWALL |
Space Separated Value | 2021-08-26 |
| Cisco Umbrella Web Proxy | Web Proxy | UMBRELLA_WEBPROXY |
CSV | 2023-10-17 View Change |
| Thales Luna Hardware Security Module | THALES_LUNA_HSM specific | THALES_LUNA_HSM |
JSON/SYSLOG | 2022-12-02 View Change |
| Signal Sciences WAF | WAF | SIGNAL_SCIENCES_WAF |
JSON | 2023-11-22 View Change |
| AlphaSOC | Alert | ASOC_ALERT |
JSON | 2021-06-21 |
| Check Point Sandblast | EDR | CHECKPOINT_EDR |
SYSLOG + KV | 2022-09-07 View Change |
| FortiMail Email Security | Email Security | FORTINET_FORTIMAIL |
KV | 2023-09-06 View Change |
| Apache Hadoop | open-source software | HADOOP |
SYSLOG + KV | 2023-06-05 View Change |
| Datto File Protection | DATTO_FILE_PROTECTION | DATTO_FILE_PROTECTION |
SYSLOG | 2022-08-22 View Change |
| Check Point Harmony | Remote Access Tools | CHECKPOINT_HARMONY |
SYSLOG+KV | 2023-11-10 View Change |
| Cisco Email Security | Email Server | CISCO_EMAIL_SECURITY |
SYSLOG + KV, JSON | 2023-10-05 View Change |
| Citrix Netscaler | Load Balancer, Traffic Shaper, ADC | CITRIX_NETSCALER |
SYSLOG + KV | 2023-11-26 View Change |
| Barracuda Web Filter | Webfilter | BARRACUDA_WEBFILTER |
SYSLOG | 2023-07-20 View Change |
| COVID-19 Cyber Threat Coalition | IOC | COVID_CTC_IOC |
Value Entry | 2020-06-02 |
| Azure AD Organizational Context | LDAP | AZURE_AD_CONTEXT |
JSON | 2023-11-24 View Change |
| Cisco ACS | Authentication | CISCO_ACS |
SYSLOG + KV | 2023-09-26 View Change |
| Ribbon Analytics Platform | Telephone Software | RIBBON_ANALYTICS_PLATFORM |
SYSLOG | 2022-09-09 View Change |
| Cisco Vision Dynamic Signage Director | Content and Delivery Management | CISCO_STADIUMVISION |
SYSLOG, SYSLOG+KV | 2023-05-12 View Change |
| HP Aruba(Clearpass) | Identity and Access Management | CLEARPASS |
SYSLOG + KV | 2022-08-18 View Change |
| ServiceNow CMDB | Policy Management | SERVICENOW_CMDB |
JSON | 2023-05-31 View Change |
| VMware ESXi | Hypervisor | VMWARE_ESX |
SYSLOG | 2023-10-10 View Change |
| Cisco ASA | firewall | CISCO_ASA_FIREWALL |
SYSLOG | 2023-11-29 View Change |
| Absolute Mobile Device Management | Mobile Device Management | ABSOLUTE |
SYSLOG + KV (CEF) | 2023-07-07 View Change |
| Thales MFA | Authentication | THALES_MFA |
SYSLOG + KV (CEF) | 2022-07-13 View Change |
| Digital Guardian DLP | DLP | DIGITALGUARDIAN_DLP |
JSON | 2023-06-02 View Change |
| DNSFilter | Data Transfer | DNSFILTER |
CSV | 2023-10-27 View Change |
| IBM Security QRadar SIEM | Security Log | IBM_QRADAR |
SYSLOG | 2023-05-18 View Change |
| Vsftpd | FTP Server | VSFTPD |
GROK | 2023-11-20 View Change |
| Cloud IoT | Google Cloud Specific | GCP_CLOUDIOT |
JSON | 2022-06-06 View Change |
| Stealthbits Defend | Security System for Active Directory and File Systems. | STEALTHBITS_DEFEND |
SYSLOG + KV (LEEF, CEF) | 2022-11-17 View Change |
| Kolide Endpoint Security | Security | KOLIDE |
JSON | 2023-10-25 View Change |
| STIX Threat Intelligence | Cybersecurity Threats | STIX |
SYSLOG + KV (CEF) | 2023-11-08 View Change |
| AWS S3 Server Access | AWS Specific | AWS_S3_SERVER_ACCESS |
SYSLOG | 2023-07-19 View Change |
| Workspace ChromeOS Devices | Google Cloud Specific | WORKSPACE_CHROMEOS |
JSON | 2023-11-29 View Change |
| SpyCloud | AV / Endpoint | SPYCLOUD |
SYSLOG + JSON | 2023-11-08 View Change |
| Bluecat DDI | DDI (DNS, DHCP, IPAM) | BLUECAT_DDI |
SYSLOG | 2022-11-08 View Change |
| Sentinelone Alerts | Endpoint Security | SENTINELONE_ALERT |
JSON | 2023-08-18 View Change |
| Windows Event (XML) | AV / Endpoint | WINEVTLOG_XML |
SYSLOG + XML, KV | 2023-11-20 View Change |
| Cisco Router | Switches, Routers | CISCO_ROUTER |
SYSLOG | 2023-11-10 View Change |
| Cisco VPN | VPN | CISCO_VPN |
SYSLOG | 2022-08-19 View Change |
| AWS Network Firewall | Firewall | AWS_NETWORK_FIREWALL |
JSON | 2023-05-05 View Change |
| Falco IDS | IDS/IPS | FALCO_IDS |
JSON | 2023-05-23 View Change |
| Symantec Event export | SEP | SYMANTEC_EVENT_EXPORT |
JSON, SYSLOG | 2023-11-07 View Change |
| Tanium Reveal | Tanium Specific | TANIUM_REVEAL |
JSON | 2021-11-15 |
| SecureAuth | SSO | SECUREAUTH_SSO |
SYSLOG, XML | 2023-07-09 View Change |
| Imperva FlexProtect | Cloud App & Network Security | IMPERVA_FLEXPROTECT |
CEF + KV | 2023-08-28 View Change |
| Shrubbery TACACS+ | NETWORK MANAGEMENT | SHRUBBERY_TACACS |
SYSLOG + KV | 2022-11-08 View Change |
| McAfee Web Gateway | Web Proxy | MCAFEE_WEBPROXY |
SYSLOG + KV (CEF), JSON | 2023-06-17 View Change |
| Area1 Security | Email server | AREA1 |
JSON | 2023-04-06 View Change |
| Dell EMC Isilon NAS | Storage | DELL_EMC_NAS |
SYSLOG | 2023-07-21 View Change |
| Sophos AV | AV / Endpoint | SOPHOS_AV |
CSV, JSON | 2022-07-27 View Change |
| InterSystems Cache | Database | INTERSYSTEMS_CACHE |
SYSLOG + KV | 2022-10-19 View Change |
| Mimecast | Email Server | MIMECAST_MAIL |
KV | 2023-03-31 View Change |
| Microsoft IIS | Web Server | IIS |
SYSLOG + KV, JSON | 2023-10-27 View Change |
| Tenable Security Center | Vulnerability Scanner | TENABLE_SC |
SYSLOG | 2021-05-18 |
| Cisco Application Centric Infrastructure | CISCO ACI | CISCO_ACI |
JSON, SYSLOG | 2022-09-26 View Change |
| Carbon Black App Control | Security log | CB_APP_CONTROL |
CEF, JSON | 2022-07-01 View Change |
| Akeyless Vault Platform | Akeyless Vault Platform | AKEYLESS_VAULT |
KV + JSON | 2023-09-16 View Change |
| Resource Manager Context | Google Cloud Specific | GCP_RESOURCE_MANAGER_CONTEXT |
JSON | 2023-07-26 View Change |
| Unix system | OS | NIX_SYSTEM |
SYSLOG , JSON | 2023-11-10 View Change |
| Sierra Wireless | IOT Devices | SIERRA_WIRELESS |
SYSLOG | 2023-11-23 View Change |
| Juniper Software Defined Wide Area Network | SYSLOG | JUNIPER_SDWAN |
SYSLOG | 2023-07-10 View Change |
| Symantec Web Security Service | Web Proxy | SYMANTEC_WSS |
JSON | 2023-06-19 View Change |
| Tanium Comply | Tanium Specific | TANIUM_COMPLY |
JSON | 2022-08-18 View Change |
| VanDyke SFTP | Data Transfer | VANDYKE_SFTP |
JSON, SYSLOG | 2022-03-25 View Change |
| IBM Tivoli | Monitoring | IBM_TIVOLI |
JSON, SYSLOG | 2023-06-12 View Change |
| Abnormal Security | Email Server | ABNORMAL_SECURITY |
JSON , SYSLOG | 2023-11-06 View Change |
| VMware Tanzu Kubernetes Grid | IDS/IPS | VMWARE_TANZU |
JSON + SYSLOG+JSON | 2023-09-08 View Change |
| Cloud Functions Context | Google Cloud Specific | GCP_CLOUD_FUNCTIONS_CONTEXT |
JSON | 2023-07-26 View Change |
| Netskope | Cloud Security | NETSKOPE_ALERT |
JSON | 2023-11-10 View Change |
| ThreatLocker Platform | THREATLOCKER | THREATLOCKER |
JSON | 2023-06-18 View Change |
| Darktrace | NDR | DARKTRACE |
SYSLOG + KV (CEF), SYSLOG + JSON | 2023-11-20 View Change |
| Workspace Privileges | Google Cloud Specific | WORKSPACE_PRIVILEGES |
JSON | 2023-11-29 View Change |
| VMware vCenter | Server | VMWARE_VCENTER |
SYSLOG + JSON | 2023-11-13 View Change |
| Kaspersky AV | AV / Endpoint | KASPERSKY_AV |
KV + CEF | 2023-10-13 View Change |
| CIS Albert Alerts | Alerts | CIS_ALBERT_ALERT |
SYSLOG | 2022-10-10 View Change |
| Jamf Protect Telemetry | Endpoint Security | JAMF_TELEMETRY |
JSON | 2023-11-29 View Change |
| Zimperium | Mobile Device Management | ZIMPERIUM |
SYSLOG + JSON | 2023-08-18 View Change |
| Microsoft SQL Server | Database | MICROSOFT_SQL |
SYSLOG + KV, JSON | 2023-10-09 View Change |
Supported log types without a default parser
Chronicle SIEM does not provide a default parser for these log types. You can ingest raw logs from these devices using the Chronicle SIEM Ingestion API or the Chronicle SIEM forwarder. Chronicle SIEM will not normalize the data to structured Unified Data Model format.
You can create a custom parser to normalize these logs. You can also search raw logs.
| Vendor / Product | Ingestion label |
|---|---|
| A10 Load Balancer | A10_LOAD_BALANCER |
| Accops Hysecure VPN | ACCOPS_HYSECURE_VPN |
| Acquia Cloud Platform | ACQUIA_CLOUD_PLATFORM |
| Acronis Backup | ACRONIS |
| Microsoft ActiveSync | ACTIVE_SYNC |
| ManageEngine ADManager Plus | ADMANAGER_PLUS |
| Admin by request PAM | ADMIN_BY_REQUEST |
| Adobe Commerce | ADOBE_COMMERCE |
| Adobe Experience Manager | ADOBE_EXPERIENCE_MANAGER |
| ManageEngine ADSelfService Plus | ADSELFSERVICE_PLUS |
| ADTRAN NetVanta router | ADTRAN_NETVANTA |
| ADVA Fiber Service Platform | ADVA_FSP |
| Agari Phishing Defense | AGARI_PHISHING_DEFENSE |
| Advanced Intrusion Detection Environment | AIDE |
| Extreme Networks AirDefense | AIRDEFENSE |
| Akamai Prolexic | AKAMAI_DDOS |
| Akamai DHCP | AKAMAI_DHCP |
| Akamai Enterprise Threat Protector | AKAMAI_ETP |
| Akamai SIEM Connector | AKAMAI_SIEM_CONNECTOR |
| AlertLogic Notifications | ALERTLOGIC_NOTIFICATIONS |
| AlienVault Open Threat Exchange | ALIENVAULT_OTX |
| Allot NetEnforcer | ALLOT_NETENFORCER |
| Alveo Risk Data Management | ALVEO_RDM |
| Analyst1 IOC | ANALYST1_IOC |
| Apache Kafka Audit | APACHE_KAFKA_AUDIT |
| Apache SpamAssassin | APACHE_SPAMASSASSIN |
| APC Automatic Transfer Switch | APC_ATS |
| APC Netbotz | APC_NETBOTZ |
| APC Power Distribution Unit | APC_PDU |
| APC Smart-UPS | APC_SMART_UPS |
| APC StruxureWare Portal | APC_STRUXUREWARE |
| Apiiro Cloud Application Security Platform | APIIRO |
| Appgate Software-defined Perimeter | APPGATE_SDP |
| Appian Cloud | APPIAN_CLOUD |
| AppViewX | APPVIEWX |
| Aptos Enterprise Order Management | APTOS_EOM |
| Argo CD | ARGO_CD |
| Argo Workflows | ARGO_WORKFLOWS |
| Arista NDR | ARISTA_NDR |
| Arkime Packet Capture | ARKIME_PCAP |
| Armis | ARMIS |
| Armorblox Email Security | ARMORBLOX_ESC |
| Armor Anywhere | ARMOR_ANYWHERE |
| Array Networks SSL VPN | ARRAYNETWORKS_VPN |
| Array Networks WAF | ARRAY_NETWORKS_WAF |
| Aruba Orchestrator | ARUBA_ORCHESTRATOR |
| Arxan Threat Analytics | ARXAN_THREAT_ANALYTICS |
| Asana | ASANA |
| AssetNote | ASSETNOTE |
| Atlassian Cloud Admin Audit | ATLASSIAN_AUDIT |
| Atlassian Jira Confluence Json | ATLASSIAN_CONFLUENCE_JSON |
| Atlassian Jira Json | ATLASSIAN_JIRA_JSON |
| AT&T Netbond | ATT_NETBOND |
| Authentic8 Silo | AUTHENTIC8_SILO |
| Authx Identity Management | AUTHX |
| Authx User Context | AUTHX_USER_CONTEXT |
| Automox | AUTOMOX_EPM |
| Avast Business | AVAST_HUB |
| Avaya Session Border Controller | AVAYA_BORDER |
| Avaya Interactive Voice Response | AVAYA_IVR |
| Avaya VSP Switch | AVAYA_VSP |
| Avaya Wireless | AVAYA_WIRELESS |
| Aviatrix Cloud Network Platform | AVIATRIX |
| Awake NDR | AWAKE_NDR |
| AWS Dynamo DB | AWS_DYNAMO_DB |
| Amazon ElastiCache | AWS_ELASTI_CACHE |
| Amazon FSx for Windows File Server | AWS_FSX |
| AWS Identity and Access Management (IAM) | AWS_IAM |
| AWS Inspector | AWS_INSPECTOR |
| AWS Inspector2 | AWS_INSPECTOR2 |
| AWS NGINX | AWS_NGINX |
| AWS Redshift | AWS_REDSHIFT |
| AWS Simple Email Service | AWS_SES |
| AWS Shield | AWS_SHIELD |
| AWS VPN | AWS_VPN |
| Axis Atmos | AXIS_ATMOS |
| Axis Security Audit | AXIS_OS |
| Axonius Cybersecurity Asset Management | AXONIUS |
| Microsoft Azure | AZURE |
| Azure AD Provisioning | AZURE_AD_PROVISIONING |
| Azure AD Sign-In | AZURE_AD_SIGNIN |
| Azure API Management | AZURE_API_MANAGEMENT |
| Azure App Service | AZURE_APP_SERVICE |
| Azure ATP | AZURE_ATP |
| Azure Bastion | AZURE_BASTION |
| Azure DNS logs | AZURE_DNS |
| Azure Key Vault logging | AZURE_KEYVAULT_AUDIT |
| Microsoft Intune Context | AZURE_MDM_INTUNE_CONTEXT |
| Azure Security Center | AZURE_SECURITY_CENTER |
| Azure Storage Audit | AZURE_STORAGE_AUDIT |
| Backbox | BACKBOX |
| OneIdentity Balabit | BALABIT |
| BambooHR | BAMBOO_HR |
| Barracuda CloudGen Access | BARRACUDA_CLOUDGEN_ACCESS |
| Barracuda Impersonation Protection | BARRACUDA_IMPERSONATION |
| Barracuda Content Shield | BARRACUDA_SHIELD |
| Bettercloud | BETTERCLOUD |
| BeyondTrust BeyondInsight | BEYONDTRUST_BEYONDINSIGHT |
| BeyondTrust Cloud Privilege Broker | BEYONDTRUST_CPB |
| BeyondTrust Endpoint Privilege Management | BEYONDTRUST_ENDPOINT |
| BeyondTrust Management console | BEYONDTRUST_MC |
| Beyond Identity | BEYOND_IDENTITY |
| Bitvise SSHd | BITVISE_SSHD |
| Bluecat Address Manager | BLUECAT_AM |
| Blue Prism | BLUE_PRISM |
| BMC AMI Defender | BMC_AMI_DEFENDER |
| BMC Client Management | BMC_CLIENT_MANAGEMENT |
| BMC Control-M | BMC_CONTROL_M |
| Bricata NDR | BRICATA_NDR |
| Britive Audit API | BRITIVE_AUDIT_API |
| BRIVO | BRIVO |
| CA Privileged Access Manager | BROADCOM_CA_PAM |
| Broadcom Compliance Event Manager | BROADCOM_CEM |
| Broadcom Support Portal Audit Logs | BROADCOM_SUPPORT_PORTAL |
| Brocade Fabric OS | BROCADE_FOS |
| Brocade SANnav Management Portal | BROCADE_SANNAV |
| Brocade Switch | BROCADE_SWITCH |
| Zeek DHCP | BRO_DHCP |
| Zeek HTTP | BRO_HTTP |
| BT IPControl | BT_IPCONTROL |
| Burpsuite Application Security testing tool | BURPSUITE |
| Cameyo Bring Your Own Cloud | CAMEYO_BYO_CLOUD |
| Canary Audit Trail | CANARY_AUDIT_TRAIL |
| CATO SD-WAN | CATO_SDWAN |
| Censornet CASB | CENSORNET_CASB |
| CENSYS | CENSYS |
| Cequence Bot Defense | CEQUENCE_BOT_DEFENSE |
| Cerberus FTP Server | CERBERUS_FTP |
| Check Point CloudGuard | CHECKPOINT_CLOUDGUARD |
| Check Point Email | CHECKPOINT_EMAIL |
| Checkpoint SmartDefense | CHECKPOINT_SMARTDEFENSE |
| Cilium | CILIUM |
| Cisco Aironet | CISCO_AIRONET |
| Cisco APIC | CISCO_APIC |
| Cisco Call Manager | CISCO_CALL_MANAGER |
| Cisco DNA Center Platform | CISCO_DNAC |
| Cisco DNS | CISCO_DNS |
| Cisco Meraki Camera | CISCO_MERAKI_CAMERA |
| Cisco vManage SD-WAN | CISCO_SDWAN |
| Cisco Secure Malware Analytics | CISCO_SECURE_MALWARE_ANALYTICS |
| Cisco Secure Workload | CISCO_SECURE_WORKLOAD |
| Cisco Content Security Management Appliance | CISCO_SMA |
| Cisco SNMP Trapd | CISCO_SNMP |
| Cisco Unity Connection | CISCO_UNITY_CONNECTION |
| Cisco WSA | CISCO_WSA |
| CiscoXDR | CISCO_XDR |
| Citrix Analytics | CITRIX_ANALYTICS |
| Citrix Netscaler Web Logs | CITRIX_NETSCALER_WEB_LOGS |
| Citrix SD-WAN | CITRIX_SDWAN |
| Citrix Session Metadata | CITRIX_SESSION_METADATA |
| Citrix Virtual Desktop Infrastructure | CITRIX_VDI |
| Citrix WAF | CITRIX_WAF |
| Citrix Web Gateway | CITRIX_WEB_GATEWAY |
| Citrix Workspace | CITRIX_WORKSPACE |
| Citrix XenCenter | CITRIX_XENCENTER |
| Claroty Continuous Threat Detection | CLAROTY_CTD |
| Claroty Enterprise Management Console | CLAROTY_EMC |
| Clearsense Healthcare Analytics | CLEARSENSE |
| Click Studios Passwordstate | CLICK_STUDIOS_PASSWORDSTATE |
| CloudBolt | CLOUDBOLT |
| Cloudflare Bot Management | CLOUDFLARE_BOT_MANAGEMENT |
| Cloud Passage (CSM) | CLOUDPASSAGE_CSM |
| Cloud Passage (FIM) | CLOUDPASSAGE_FIM |
| Cloud Passage (LIDS) | CLOUDPASSAGE_LIDS |
| Cloud Passage (SVM) | CLOUDPASSAGE_SVM |
| cmd.com | CMD |
| Cockroach DB | COCKROACH_DB |
| Code42 CrashPlan | CODE42 |
| Code42 Incydr | CODE42_INCYDR |
| Code Worldwide | CODE_WORLDWIDE |
| Cofense Vision | COFENSE_VISION |
| Cohesity | COHESITY |
| Cohesity Smartfiles | COHESITY_SMARTFILES |
| CommVault Commcell | COMMVAULT_COMMCELL |
| Commvault Metallic | COMMVAULT_METALLIC |
| Confluent Audit | CONFLUENT_AUDIT |
| ConnectWise Automate | CONNECTWISE_AUTOMATE |
| ConnectWise Control | CONNECTWISE_CONTROL |
| Cradlepoint NetCloud | CRADLEPOINT_NETCLOUD |
| Cribl AppScope | CRIBL_APPSCOPE |
| Cribl Cloud | CRIBL_CLOUD |
| Cribl Edge | CRIBL_EDGE |
| Cribl Search | CRIBL_SEARCH |
| Cribl Stream | CRIBL_STREAM |
| ProLion CryptoSpike | CRYPTOSPIKE |
| CSG Custom Rules Engine | CSG_CUSTOMENGINE |
| CSG Singleview | CSG_SINGLEVIEW |
| CSV Custom CMDB | CSV_CUSTOM_CMDB |
| CrowdStrike Falcon CEF | CS_CEF_EDR |
| CTERA Drive | CTERA_DRIVE |
| Culture AI | CULTURE_AI |
| Customer Alerts | CUSTOMER_ALERT |
| Custom Application Access Logs | CUSTOM_APPLICATION_ACCESS |
| Custom Host Forensics | CUSTOM_HOST_FORENSICS |
| CyberArk Privileged Access Manager (PAM) | CYBERARK_PAM |
| CyberArk Identity Single Sign-On | CYBERARK_SSO |
| Connectsecure | CYBERCNS |
| Cyberhaven Data Detection and Response | CYBERHAVEN_DDR |
| Cyberhaven | CYBERHAVEN_EVENTS |
| Cyberint | CYBERINT |
| Microsoft CyberX | CYBERX |
| Cycode Platform | CYCODE |
| Insider threat detection and response | CYDERES_INSIDER |
| Cylance | CYLANCE |
| Cylera IOT | CYLERA_IOT |
| Cynet 360 AutoXDR | CYNET_360_AUTOXDR |
| Cyolo Zero Trust | CYOLO_ZTNA |
| D3 Security | D3_SECURITY |
| Databricks | DATABRICKS |
| DataLocker SafeConsole | DATALOCKER_SAFECONSOLE |
| Datasunrise Dam | DATASUNRISE_DAM |
| Datawatch | DATAWATCH |
| DealCloud | DEAL_CLOUD |
| Deepfence Network Monitoring | DEEPFENCE |
| Delinea Privilege Manager | DELINEA_PRIVILEGE_MANAGER |
| Delinea Secret Server | DELINEA_SECRET_SERVER |
| Delinea Server Suite | DELINEA_SERVER_SUITE |
| Dell Cyber Recovery Manager | DELL_CRM |
| Dell CyberSense | DELL_CYBERSENSE |
| Dell EMC Avamar | DELL_EMC_AVAMAR |
| Dell EMC Cloudlink | DELL_EMC_CLOUDLINK |
| Dell EMC PowerStore | DELL_EMC_POWERSTORE |
| Dell EMC Unity | DELL_EMC_UNITY |
| Dell SonicWALL WAF | DELL_WAF |
| Design Profit Central Server | DESIGN_PROFIT_CENTRAL_SERVER |
| Device 42 | DEVICE_42 |
| Devolutions Remote Desktop Manager | DEVOLUTIONS_RDM |
| Divvy Cloud | DIVVY_CLOUD |
| Docker | DOCKER |
| DomainTools Threat Intelligence | DOMAINTOOLS_THREATINTEL |
| DOMO Business Cloud | DOMO |
| Dragos | DRAGOS |
| Draytek Firewall | DRAYTEK |
| Dremio Data Lakehouse | DREMIO_DATA_LAKEHOUSE |
| Dropbox | DROPBOX |
| Drupal Logging | DRUPAL |
| Druva Backup | DRUVA_BACKUP |
| DSP Toolkit audit | DSP_AUDIT |
| Duo Access Gateway | DUO_CASB |
| Duo Network Gateway | DUO_NETWORK_GATEWAY |
| Dynatrace | DYNATRACE |
| CWT SatoTravel | E2_SOLUTIONS |
| Eaton UPS | EATON_UPS |
| eCAR | ECAR |
| eCAR Bro | ECAR_BRO |
| Edgio CDN | EDGIO_CDN |
| Edgio Rate Limiting | EDGIO_RL |
| Edgio WAF | EDGIO_WAF |
| Efax | EFAX |
| Egnyte | EGNYTE |
| EclecticIQ EDR | EIQ_EDR |
| Elastic File Beats | ELASTIC_FILEBEAT |
| Elastic Metric Beats | ELASTIC_METRICBEAT |
| Emerson Smart Firewall | EMERSON_FIREWALL |
| Endgame | ENDGAME_EDR |
| Ensono Cloud Mainframe Solution | ENSONO |
| Entrust nShield HSM | ENTRUST_HSM |
| Entrust NTP Server | ENTRUST_NTP_SERVER |
| Entrust Secrets Vault | ENTRUST_SECRETS_VAULT |
| Erlang Shell Logs | ERLANG_SHELL |
| Ermes Web Protection | ERMES |
| Ermetic | ERMETIC |
| E-Share platform | ESHARE_PLATFORM |
| Estar | ESTAR |
| ETQ Reliance | ETQ_RELIANCE |
| Exabeam Fusion XDR | EXABEAM_FUSION_XDR |
| ExtraHop DHCP | EXTRAHOP_DHCP |
| ExtremeWare Operating System (OS) | EXTREMEWARE_NETWORKS |
| xtreme Networks ExtremeControl NAC Solution | EXTREME_CONTROL |
| Extreme Management Center | EXTREME_MANAGEMENT |
| Extreme Networks Switch | EXTREME_SWITCH |
| EzProxy | EZPROXY |
| F5 Bot | F5_BOT |
| F5 IP Intelligence | F5_IP_INTELLIGENCE |
| F5 Silverline | F5_SILVERLINE |
| Fail2Ban Scan | FAIL2BAN |
| Farsight DNSDB | FARSIGHT_DNSDB |
| Feenics Access Control | FEENICS_ACCESS_CONTROL |
| Fidelis Endpoint | FIDELIS_ENDPOINT |
| FileMage SFTP | FILEMAGE_SFTP |
| Firebase | FIREBASE |
| Fireeye eMPS | FIREEYE_EMPS |
| FireEye Helix | FIREEYE_HELIX |
| FireMon Firewall | FIREMON_FIREWALL |
| Fivetran | FIVETRAN |
| Flashpoint IOC | FLASHPOINT_IOC |
| Fleet DM | FLEET_DM |
| Forcepoint Email Security | FORCEPOINT_EMAILSECURITY |
| Forcepoint Insider Threat | FORCEPOINT_FIT |
| Forcepoint V Series | FORCEPOINT_VSERIES |
| Fortanix Data Security Manager | FORTANIX_DSM |
| Fortinet Wireless Access Point | FORTINET_AP |
| Fortinet FortiAuthenticator | FORTINET_FORTIAUTHENTICATOR |
| Fortinet FortiSandbox | FORTINET_SANDBOX |
| Fortinet Switch | FORTINET_SWITCH |
| Fortinet Proxy | FORTINET_WEBPROXY |
| Foundry Fastiron | FOUNDRY_FASTIRON |
| Fox-IT | FOX_IT_STIX |
| FreeIPA | FREEIPA |
| FreeRADIUS | FREERADIUS |
| Digital Defense Frontline VM | FRONTLINE_VM |
| Futurex HSM | FUTUREX_HSM |
| GCP Artifact Registry | GCP_ARTIFACT_REGISTRY |
| GCP Google Kubernetes Container Security | GCP_KUBERNETES_CONTAINER_SECURITY |
| reCAPTCHA Enterprise | GCP_RECAPTCHA_ENTERPRISE |
| GCP Threat Detection | GCP_THREAT_DETECTION |
| Gigamon | GIGAMON |
| Gigya CIAM | GIGYA_CIAM |
| GitGuardian Enterprise | GITGUARDIAN_ENTERPRISE |
| Github Events | GITHUB_EVENTS |
| Glean | GLEAN |
| Globalscape SFTP | GLOBALSCAPE_SFTP |
| GlusterFS | GLUSTER_FS |
| GMV Checker User Context | GMV_CHECKER_CONTEXT |
| GoAnywhere MFT | GOANYWHERE_MFT |
| GoDaddy DNS | GODADDY_DNS |
| GoldiLock | GOLDILOCK |
| GrayhatWarfare | GRAYHATWARFARE |
| Graylog Operations | GRAYLOG |
| GreatHorn Email Security | GREATHORN |
| GreyNoise | GREYNOISE |
| GTB Technologies DLP | GTB_DLP |
| H3C Comware Platform Switch | H3C_SWITCH |
| HaProxy LoadBalancer | HAPROXY_LOADBALANCER |
| Harbor | HARBOR |
| Hirschmann Switch | HIRSCHMANN_SWITCH |
| Hitachi PAM | HITACHI_ID_PAM |
| Hornet Email Security | HORNET_SECURITY |
| Hewlett Packard Enterprise SAN | HPE_SAN |
| HP Printer logs | HP_PRINTER |
| HP Wolf Pro Security | HP_WOLF |
| Huawei NAC | HUAWEI_NAC |
| HubSpot Activity Logs | HUBSPOT_ACTIVITY |
| HubSpot CRM Platform | HUBSPOT_CRM |
| HubSpot Authentication Logs | HUBSPOT_LOGIN |
| HYPR MFA | HYPR_MFA |
| 3Com 8800 Series Switch | IBM_3COM |
| IBM Cleversafe Object Storage | IBM_CLEVERSAFE |
| IBM KNS | IBM_KNS |
| IBM Tape Storages | IBM_LTO |
| IBM MaaS360 | IBM_MAAS360 |
| IBM Mainframe Storage | IBM_MAINFRAME_STORAGE |
| IBM MQ File Transfer | IBM_MQ_FILE_TRANSFER |
| IBM Security Identity Manager | IBM_SIM |
| IBM Security QRadar SOAR | IBM_SOAR |
| IBM Spectrum Protect | IBM_SPECTRUM_PROTECT |
| IBM Switch | IBM_SWITCH |
| IBM Tririga | IBM_TRIRIGA |
| IBM WinCollect | IBM_WINCOLLECT |
| IBM zSecure Alert | IBM_ZSECURE_ALERT |
| Idecsi | IDECSI |
| Dell iDRAC | IDRAC |
| iManage Cloud Platform | IMANAGE_CLOUD |
| Imperva Sonar | IMPERVA_SONAR |
| Imprivata Confirm ID | IMPRIVATA_CONFIRM_ID |
| Imprivata Identity Governance | IMPRIVATA_IDG |
| Imprivata OneSign | IMPRIVATA_ONESIGN |
| Infinidat | INFINIDAT |
| Infoblox Loadbalancer | INFOBLOX_LOADBALANCER |
| Infoblox NetMRI | INFOBLOX_NETMRI |
| Infoblox RPZ | INFOBLOX_RPZ |
| INKY Secure Email | INKY |
| inWebo MFA | INWEBO_MFA |
| Ipswitch MOVEit Automation | IPSWITCH_MOVEIT_AUTOMATION |
| Ironscales | IRONSCALES |
| Ivanti Application Control | IVANTI_APP_CONTROL |
| Ivanti Device Control | IVANTI_DEVICE_CONTROL |
| ISM Xtraction | IVANTI_XTRACTION |
| Jamf Compliance Reporter | JAMF_COMPLIANCE_REPORTER |
| Jamf Protect Network Traffic | JAMF_NETWORK_TRAFFIC |
| JAMF Pro | JAMF_PRO |
| Jamf pro context | JAMF_PRO_CONTEXT |
| Jamf Pro MDM | JAMF_PRO_MDM |
| Jamf Protect Threat Events | JAMF_THREAT_EVENTS |
| IBM JDE | JDE |
| Journald | JOURNALD |
| JumpCloud Directory as a Service | JUMPCLOUD_DAAS |
| Juniper Secure Connect VPN | JUNIPER_VPN |
| Jupiter One | JUPITER_ONE |
| KACE Service Desk | KACE_SERVICE_DESK |
| KACE Systems Management Appliance | KACE_SMA |
| Kamailio | KAMAILIO |
| Kandji | KANDJI |
| Kaseya IT Management | KASEYA |
| Kaspersky Endpoint | KASPERSKY_ENDPOINT |
| Keeper Enterprise Security | KEEPER |
| Keycloak | KEYCLOAK |
| Keysight Packet Brokers | KEYSIGHT |
| Kibana audit logs | KIBANA |
| Kion | KION |
| KnowBe4 PhishER | KNOWBE4_PHISHER |
| Kustomer CRM | KUSTOMER_CRM |
| Lansweeper Asset Management | LANSWEEPER |
| LastPass Password Management | LASTPASS |
| LOAD_BALANCER_ADC | LB_ADC |
| Lepide | LEPIDE |
| Lexmark Printer logs | LEXMARK_PRINTER |
| Liaison NuBridges Platform | LIAISON_NUBRIDGES |
| Libraesva Email Security | LIBRAESVA_EMAIL |
| Lira | LIRA |
| Logic Monitor | LOGICMONITOR |
| LogonBox | LOGONBOX |
| LookingGlass Aenoik IDPS | LOOKINGGLASS_IPS |
| Looking Glass | LOOKING_GLASS_IOC |
| LSI Badge Management System | LSI_BMS |
| Lumen DDoS Hyper | LUMEN_DDOS_HYPER |
| Lumos | LUMOS |
| Lenovo XClarity Orchestrator | LXC_ORCHESTRATOR |
| MailScanner | MAILSCANNER |
| Malwarebytes | MALWAREBYTES_EDR |
| Mambu | MAMBU |
| Manage Engine Endpoint | MANAGEENGINE_ENDPOINT |
| ManageEngine Remote Access Plus | MANAGEENGINE_RAP |
| ManageEngine Password Manager Pro | MANAGE_ENGINE_PASSWORD_MANAGER |
| Mandiant Attack Surface Management Entity | MANDIANT_ASM_ENTITY |
| Mandiant Attack Surface Management Discovered Issue | MANDIANT_ASM_ISSUE |
| Mandiant Attack Surface Management Technology | MANDIANT_ASM_TECHNOLOGY |
| Mango Apps | MANGOAPPS |
| Maria Database | MARIA_DB |
| Material Security | MATERIAL_SECURITY |
| Matrix Frontier Badge Management | MATRIX_FRONTIER |
| Mattermost | MATTERMOST |
| McAfee Application Control | MCAFEE_APP_CONTROL |
| McAfee Advanced Threat Defense | MCAFEE_ATD |
| McAfee MVISION EDR | MCAFEE_EDR |
| McAfee Solid Core | MCAFEE_SOLID_CORE |
| Medigate CMDB | MEDIGATE_CMDB |
| Micro Focus iManager | MICROFOCUS_IMANAGER |
| MicroSemi NTP | MICROSEMI_NTP |
| Microsoft Dynamics 365 User Activity | MICROSOFT_DYNAMICS_365 |
| Microsoft Defender External Attack Surface Management | MICROSOFT_EASM |
| Microsoft IAS Server | MICROSOFT_IAS |
| Microsoft Identity Protection | MICROSOFT_IDENTITY_PROTECTION |
| Microsoft Netlogon | MICROSOFT_NETLOGON |
| Microsoft Azure AD Risk Detections | MICROSOFT_RISK_DETECTIONS |
| Microsoft System Center Endpoint Protection | MICROSOFT_SCEP |
| Microsoft Security Actions | MICROSOFT_SECURITY_ACTIONS |
| Microsoft Security Advisories Alerts | MICROSOFT_SECURITY_ALERTS |
| Microsoft SSTP VPN | MICROSOFT_SSTP |
| Microsoft Threat Indicators | MICROSOFT_THREAT_INDICATORS |
| Mikrotik Router | MIKROTIK_ROUTER |
| Mimecast Attachment Logs | MIMECAST_ATTACHMENT_LOGS |
| Mimecast Audit Logs | MIMECAST_AUDIT_LOGS |
| Mimecast DLP Logs | MIMECAST_DLP_LOGS |
| Mimecast impersonation Logs | MIMECAST_IMPERSONATION_LOGS |
| Mimecast URL Logs | MIMECAST_URL_LOGS |
| Mimecast Web Security | MIMECAST_WEBPROXY |
| Minerva AV | MINERVA_AV |
| Mirth OnPrem Appliances NextGen | MIRTH_NEXTGEN |
| Mitel Communications Director | MITEL_MCD |
| Mode Analytics | MODE_ANALYTICS |
| Monday | MONDAY |
| Mulesoft | MULESOFT |
| MultiPay | MULTIPAY |
| Nagios Infrastructure Monitoring | NAGIOS |
| NCC Scout Suite | NCC_SCOUTSUITE |
| NCR Digital Insight FSG | NCR_DIGITAL_INSIGHT_FSG |
| NCR Digital Insight Global Logging | NCR_DIGITAL_INSIGHT_GL |
| Neo4j | NEO4J |
| Nessus | NESSUS |
| NetDisco | NETDISCO |
| Netenrich Entity Behaviour | NETENRICH_ENTITY_BEHAVIOR |
| Netgear Switch | NETGEAR_SWITCH |
| NetIQ Access Manager | NETIQ_ACCESS_MANAGER |
| NetIQ eDirectory | NETIQ_EDIRECTORY |
| Netmotion | NETMOTION |
| Netskope CASB | NETSKOPE_CASB |
| Netscope Client | NETSKOPE_CLIENT |
| Netsurion ProtectWise | NETSURION_PROTECTWISE |
| Neustar SiteProtect | NEUSTAR_SITEPROTECT |
| New Relic Platform | NEW_RELIC |
| Nextcloud Hub | NEXTCLOUD_HUB |
| Ne Silent Log | NE_SILENT_LOG |
| Ninja One | NINJAONE |
| NIST National Vulnerability Database | NIST_NVD |
| NNT File Integrity monitoring | NNT_FIM |
| Noname API Security | NONAME_API_SECURITY |
| NordLayer VPN | NORD_LAYER |
| Nortel Contivity VPN Switch | NORTEL_SWITCH |
| Nucleus Vulnerability Scan Delta | NUCLEUS_VULNERABILITY_DELTA |
| Nutanix Frame | NUTANIX_FRAME |
| Obsidian | OBSIDIAN |
| Okta RADIUS | OKTA_RADIUS |
| Onapsis | ONAPSIS |
| OnBase CMS | ONBASE_CMS |
| One Identity Active Role Service | ONEIDENTITY_ARS |
| One Identity Change Auditor | ONEIDENTITY_CHANGE_AUDITOR |
| One Identity Defender | ONEIDENTITY_DEFENDER |
| One Identity TPAM | ONEIDENTITY_TPAM |
| OneLogin User Context | ONELOGIN_USER_CONTEXT |
| 1Password Audit Events | ONEPASSWORD_AUDIT_EVENTS |
| Opengear Remote Management | OPENGEAR |
| Opentelemetry | OPENTELEMETRY |
| OpenText Fax2Mail | OPENTEXT_FAX2MAIL |
| Opswat Kiosk | OPSWAT_KIOSK |
| Opswat Metadefender | OPSWAT_METADEFENDER |
| Oracle HCM Human resources platform solution | ORACLE_HCM |
| Oracle SSO Audit Logging | ORACLE_SSO_AUDIT |
| Oracle WebLogic Server | ORACLE_WEBLOGIC |
| Orca Cloud Security Platform | ORCA |
| Oscar Claims | OSCAR_CLAIMS |
| Open Source Intelligence | OSINT_IOC |
| Osirium PAM | OSIRIUM_PAM |
| Outpost24 | OUTPOST24 |
| Packetlight Dwdm | PACKETLIGHT_DWDM |
| Packet Viper | PACKET_VIPER |
| PACOM Systems | PACOM_SYSTEMS |
| PagerDuty | PAGERDUTY |
| Pagerduty Audit | PAGERDUTY_AUDIT |
| Palo Alto DNS Security | PAN_DNS_SECURITY |
| Palo Alto Networks Global Protect | PAN_GLOBAL_PROTECT |
| Palo Alto Networks IoT Security | PAN_IOT |
| Palo Alto Networks XSOAR Audit | PAN_XSOAR |
| PaperCut Printing Management System | PAPER_CUT |
| Passwordstate | PASSWORDSTATE |
| Paxton Access Control Systems | PAXTON_ACS |
| SSL pcap | PCAP_SSL_CLIENT_HELLO |
| Pentera | PENTERA |
| Pentera ASV | PENTERA_ASV |
| Pentera Leef | PENTERA_LEEF |
| PeopleSoft | PEOPLESOFT |
| Peplink Loadbalancer | PEPLINK_LOADBALANCER |
| Peplink Router | PEPLINK_ROUTER |
| Peplink Switch | PEPLINK_SWITCH |
| PerimeterX Bot Protection | PERIMETERX_BOT_PROTECTION |
| Perimeter 81 | PERIMETER_81 |
| Domain Tools Phisheye | PHISHEYE_ALERT |
| Phishlabs | PHISHLABS |
| Pingsafe | PINGSAFE |
| Ping Access | PING_ACCESS |
| Ping One | PING_ONE |
| Ping SDK | PING_SDK |
| Plaso Super Timeline | PLASO |
| Plixer Scrutinizer | PLIXER_SCRUTINIZER |
| Pomerium | POMERIUM |
| Portnix Audit | PORTNOX_AUDIT |
| Portnix CEF | PORTNOX_CEF |
| PostgreSQL | POSTGRESQL |
| MS Powershell Transcript | POWERSHELL_TRANSCRIPT |
| Power DNS | POWER_DNS |
| Preveil Enterprise | PREVEIL_ENTERPRISE |
| ProofID | PROOFID |
| Proofpoint CASB | PROOFPOINT_CASB |
| Proofpoint Secure Share | PROOFPOINT_SECURE_SHARE |
| Proofpoint Security Awareness Training | PROOFPOINT_SECURITY_AWARENESS_TRAINING |
| Proofpoint Sendmail Sentrion | PROOFPOINT_SENDMAIL_SENTRION |
| Protegrity Defiance | PROTEGRITY_DEFIANCE |
| Honeywell Pro-Watch | PROWATCH |
| ProxMax | PROXMAX |
| PRTG Network Monitor | PRTG_NETWORKMONITOR |
| Puppet | PUPPET |
| Pure Storage | PURE_STORAGE |
| QLIK Audit | QLIK_AUDIT |
| QNAP Systems NAS | QNAP_NAS |
| Qualys User Activity | QUALYS_ACTIVITY |
| RSA RADIUS | RADIUS |
| Radware DDoS Protection | RADWARE_DDOS |
| RAD ETX | RAD_ETX |
| Rapid7 Security Onion | RAPID7_SECURITY_ONION |
| Raritan Dominion SX II | RARITAN_DOMINION |
| Recordia | RECORDIA |
| Red Canary Cloud Protection | REDCANARY_CLOUD_PROTECTION_RAW |
| Red Hat Identity Management | REDHAT_IM |
| Red Hat Keycloak | REDHAT_KEYCLOAK |
| RedHat Satellite Server | REDHAT_SATELLITE |
| RedHat StackRox | REDHAT_STACKROX |
| Remediant SecureONE | REMEDIANT_SECUREONE |
| Ribbon Session Border Controller | RIBBON_SBC |
| Ring Central | RING_CENTRAL |
| RiskIQ Digital Footprint | RISKIQ_DIGITAL_FOOTPRINT |
| RSA SecurID Access Identity Router | RSA_SECURID |
| Rubrik Polaris | RUBRIK_POLARIS |
| Rumble Network Discovery | RUMBLE_NETWORK_DISCOVERY |
| SafeConnect NAC | SAFECONNECT_NAC |
| Salesforce Context | SALESFORCE_CONTEXT |
| Sangfor Next Generation Firewall | SANGFOR_NGAF |
| SAP Cloud for Customer | SAP_C4C |
| SAP HANA | SAP_HANA |
| SAP Identity Management | SAP_IDM |
| SAP Insurance | SAP_INSURANCE |
| SAP SAST Suite | SAP_SAST |
| SAP SM20 | SAP_SM20 |
| SAP SuccessFactors | SAP_SUCCESSFACTORS |
| Microsoft System Center Configuration Manager | SCCM |
| Secberus Cloud Security Governance | SECBERUS |
| SecurityScorecard Platform | SECURITYSCORECARD |
| Semperis ADFR | SEMPERIS_ADFR |
| Sendgrid Api | SENDGRID |
| Senhasegura PAM | SENHASEGURA_PAM |
| SentinelOne Singularity Cloud Funnel | SENTINELONE_CF |
| ServiceNow Audit | SERVICENOW_AUDIT |
| ServiceNow Roles | SERVICENOW_ROLES |
| Sevco Security CMDB | SEVCO_CMDB |
| Microsoft SharePoint | SHAREPOINT |
| Sharepoint Unified Logging Service (ULS) | SHAREPOINT_ULS |
| shodan.io | SHODAN_IO |
| Siebel Monitoring | SIEBEL |
| Siemens SiPass | SIEMENS_SIPASS |
| Silver Peak Firewall | SILVERPEAK_FIREWALL |
| Single Store | SINGLE_STORE |
| SKYSEA Client View | SKYSEA |
| Smart Simple | SMART_SIMPLE |
| Snapattack | SNAPATTACK |
| Snipe-IT | SNIPE_IT |
| Snowflake | SNOWFLAKE |
| Socomec UPS | SOCOMEC_UPS |
| Software House Access Control | SOFTWARE_HOUSE_ACS |
| Solaris system | SOLARIS_SYSTEM |
| SolarWinds Serv-U | SOLARWINDS_SERV_U |
| SonarQube | SONARQUBE |
| Sophos Email Appliance | SOPHOS_EMAIL |
| Sophos URL filtering | SOPHOS_URL |
| Spamhaus | SPAMHAUS |
| Symantec Protection Engine | SPE |
| Splashtop Remote Access and Support software | SPLASHTOP |
| Splunk Attack Analyzer | SPLUNK_ATTACK_ANALYZER |
| Splunk DNS | SPLUNK_DNS |
| Splunk Phantom | SPLUNK_PHANTOM |
| Splunk Intel Management | SPLUNK_TRUSTAR |
| Stairwell Inception | STAIRWELL_INCEPTION |
| Stellar Cyber | STELLAR_CYBER |
| Stream Alert | STREAMALERT |
| StrongDM | STRONGDM |
| Sublime Security | SUBLIMESECURITY |
| Supermicro IPMI | SUPERMICRO_IPMI |
| Superna Eyeglass | SUPERNA_EYEGLASS |
| SureView Systems Activity | SUREVIEW_SYSTEMS |
| Swift Alliance Messaging Hub | SWIFT_AMH |
| Swimlane Platform | SWIMLANE |
| Symantec Messaging Gateway | SYMANTEC_MAIL |
| Symphony Summit AI | SYMPHONYAI |
| Synology | SYNOLOGY |
| Tableau | TABLEAU |
| Tailscale | TAILSCALE |
| Talon | TALON |
| Tanium Deploy | TANIUM_DEPLOY |
| Tanium Question | TANIUM_QUESTION |
| Tanium TanOS | TANIUM_TANOS |
| Tenable OT | TENABLE_OT |
| Tenable Web App Scanning | TENABLE_WAS |
| Teradici PCoIP | TERADICI_PCOIP |
| Terraform Enterprise Audit | TERRAFORM_ENTERPRISE |
| Tessian Cloud Email Security Platform | TESSIAN_PLATFORM |
| TGDetect | TGDETECT |
| ThreatQuotient | THREATQ_IOC |
| ThreatX WAF | THREATX_WAF |
| Thycotic devops secret vault | THYCOTIC_DEVOPS_SECRETVAULT |
| Trend Micro | TIPPING_POINT |
| Traceable API Security | TRACEABLE_PLATFORM |
| Traefik Labs | TRAEFIK |
| TrendMicro Apex Central | TRENDMICRO_APEX_CENTRAL |
| Trend Micro Apex one | TRENDMICRO_APEX_ONE |
| Trend Micro Cloud App Security | TRENDMICRO_CLOUDAPPSECURITY |
| Trend Micro Cloud one | TRENDMICRO_CLOUDONE |
| TrendMicro Deep Discovery Inspector | TRENDMICRO_DDI |
| TrendMicro EDR | TRENDMICRO_EDR |
| TrendMicro Webproxy DSM | TRENDMICRO_WEBPROXY_DSM |
| Tripp Lite | TRIPP_LITE |
| Twilio Audit | TWILIO_AUDIT |
| Twilio Authy | TWILIO_AUTHY |
| Twingate | TWINGATE |
| Tyk IO | TYK_IO |
| Ubiquiti UDM Firewall | UBIQUITI_FIREWALL |
| UDM | UDM |
| Uipath | UIPATH |
| UltraDNS | ULTRADNS |
| Ultra Electronics CyberFence | ULTRA_CYBERFENCE |
| Unifi Switch | UNIFI_SWITCH |
| Unit 21 | UNIT21 |
| UpGuard | UPGUARD |
| Vector Dev | VECTOR_DEV |
| Vectra Protect | VECTRA_PROTECT |
| Veeam | VEEAM |
| Velo Firewall | VELO_FIREWALL |
| Venafi | VENAFI |
| Veritas NetBackup | VERITAS_NETBACKUP |
| Verizon Network Detection and Response | VERIZON_NDR |
| Verkada | VERKADA |
| Virsec Event Logs | VIRSEC_EVENT |
| Virsec Attack and Threat Logs | VIRSEC_THREAT |
| Virtru Email Encryption | VIRTRU_EMAIL_ENCRYPTION |
| VirusTotal Threat Hunter | VIRUSTOTAL_THREAT_HUNTER |
| VMRay Analyzer | VMRAY_FLOG_XML |
| VMware Aria Logs | VMWARE_ARIA_LOGS |
| Vmware Avinetworks iWAF | VMWARE_AVINETWORKS_IWAF |
| VMware Avi Vantage Platform | VMWARE_AVI_VANTAGE |
| VMware Cloud Director | VMWARE_CD |
| VMware HCX | VMWARE_HCX |
| VMware NSX AVI | VMWARE_NSX_AVI |
| VMware SDDC | VMWARE_SDDC |
| VMware SDWN Events | VMWARE_SDWN_EVENTS |
| VMware Unified Access Gateway | VMWARE_UNIFIED_ACCESS_GATEWAY |
| VMware vShield | VMWARE_VSHIELD |
| Voltage | VOLTAGE |
| Vonage | VONAGE |
| VSFTPD Audit | VSFTPD_AUDIT |
| Wallix Bastion | WALLIX_BASTION |
| Wallix Endpoint Privilege Management | WALLIX_EPM |
| Wallix Privileged Access Management | WALLIX_PAM |
| Waterfall Data Security Manager | WATERFALL_DSM |
| WebEx | WEBEX_SAAS |
| White Cloud | WHITECLOUD_EDR |
| Windows Filtering Platform | WINDOWS_WFP |
| wiz.io | WIZ_IO |
| Wordpress Simple History | WORDPRESS_SIMPLE_HISTORY |
| Workato Audit Logs | WORKATO |
| Workday Audit Logs | WORKDAY_AUDIT |
| Workday User Activity | WORKDAY_USER_ACTIVITY |
| Workspot Control | WORKSPOT_CONTROL |
| WP Engine | WP_ENGINE |
| Western Telematic Inc Console Servers | WTI_CONSOLE_SERVERS |
| Ysoft Data Security Manager | YSOFT_DSM |
| Zabbix | ZABBIX |
| Zendesk CRM | ZENDESK_CRM |
| ZeroFox Platform | ZEROFOX_PLATFORM |
| Zoho Analytics Audits | ZOHO_AUDIT |
| ZScaler Deception | ZSCALER_DECEPTION |
| Zscaler Digital Experience | ZSCALER_DIGITAL_EXPERIENCE |
| Zscaler DLP | ZSCALER_DLP |
| Zscaler Client Connector | ZSCALER_ZCC |
| Zscaler ZDX | ZSCALER_ZDX |
| Zscaler Secure Private Access Audit Logs | ZSCALER_ZPA_AUDIT |
| Zuora App Logs | ZUORA_APP_LOGS |