Supported log types and default parsers

This document contains information about Chronicle SIEM integrations for data ingestion. It summarizes the devices, and the associated ingestion label (log_type) field in the Ingestion API and data_type in a Forwarder configuration), that Chronicle SIEM supports.

Supported log types with a default parser

Parsers normalize raw log data into structured Unified Data Model format. This section lists supported devices, and the associated ingestion label (log_type field in the Ingestion API and data_type in a Forwarder configuration), that also have a prebuilt default parser. The default parser is supported by Chronicle as long as the device's raw logs are received in the required format.

For a list of supported log types without a default parser, see Supported log types without a default parser.

The Format column indicates the high-level structure of the raw log, as:

  • CSV: Comma Separated Values
  • JSON: JavaScript Object Notation
  • SYSLOG: syslog formatted message
  • KV: key-value pair
  • XML: Extensible Markup Language
  • SYSLOG + KV: syslog header with key-value body
  • SYSLOG + JSON: syslog header with JSON body
  • SYSLOG + XML: syslog header with XML body
  • LEEF: Log Event Extended Format
  • CEF: Common Event Format

These changes are applied to newly ingested logs. Parser changes are not applied retroactively to previously ingested logs.

Vendor / Product Category Ingestion label Format Latest Update
Microsoft Azure Resource Log Aggregator AZURE_RESOURCE_LOGS JSON 2023-10-04
View Change
Akamai DNS DNS AKAMAI_DNS CSV 2021-06-28
Auth0 Authentication log AUTH_ZERO JSON 2023-06-19
View Change
Barracuda Web Filter Webfilter BARRACUDA_WEBFILTER SYSLOG 2023-07-20
View Change
Microsoft IIS Web Server IIS SYSLOG + KV, JSON 2023-10-27
View Change
Guardicore Centra Deception Software GUARDICORE_CENTRA JSON 2023-09-08
View Change
Cloud NAT Google Cloud Specific N/A JSON 2023-04-06
View Change
Juniper IPS IDS/IPS JUNIPER_IPS SYSLOG + KV 2022-05-26
View Change
Unifi AP Switches and Routers UNIFI_AP SYSLOG + KV, SYSLOG + JSON 2022-05-24
View Change
Office 365 Message Trace OFFICE_365 Specific OFFICE_365_MESSAGETRACE JSON 2023-05-10
View Change
Digital Guardian DLP DLP DIGITALGUARDIAN_DLP JSON 2023-06-02
View Change
Imperva WAF IMPERVA_WAF SYSLOG+KV, JSON 2023-09-26
View Change
Linux Auditing System (AuditD) OS AUDITD SYSLOG 2023-09-06
View Change
IBM Guardium Database DLP GUARDIUM CSV, CEF 2022-10-06
View Change
Proofpoint Tap Alerts Email Server PROOFPOINT_MAIL JSON 2023-06-26
View Change
Barracuda Email Email Server BARRACUDA_EMAIL JSON 2023-01-19
View Change
AWS Key Management Service AWS Specific AWS_KMS JSON 2022-05-27
View Change
ServiceNow CMDB Policy Management SERVICENOW_CMDB JSON 2023-05-31
View Change
Mongo Database DATABASE MONGO_DB JSON 2023-05-26
View Change
WordPress Configuration Management WORDPRESS_CMS JSON 2023-05-25
View Change
macOS Endpoint Security AV and endpoint logs MACOS_ENDPOINT_SECURITY SYSLOG + KV 2023-07-17
View Change
ExtraHop RevealX Firewall IDS/IPS EXTRAHOP JSON, SYSLOG 2023-10-27
View Change
Cisco Umbrella Cloud Firewall Firewall UMBRELLA_FIREWALL CSV 2022-09-02
View Change
Workday SaaS Application WORKDAY JSON 2022-09-15
View Change
Sentinelone Alerts Endpoint Security SENTINELONE_ALERT JSON 2023-08-18
View Change
Cisco VCS Expressway Telephone software CISCO_VCS SYSLOG 2023-06-12
View Change
Microsoft Powershell Misc. Windows-specific POWERSHELL SYSLOG + JSON 2023-09-14
View Change
Armis Vulnerabilities VULNERABILITIES ARMIS_VULNERABILITIES JSON 2023-02-07
View Change
AppOmni SAAS Security Application APPOMNI JSON 2023-08-23
View Change
CyberArk Endpoint Privilege Manager (EPM) EPM CYBERARK_EPM JSON 2023-08-22
View Change
McAfee DLP DLP MCAFEE_DLP CSV 2022-04-13
View Change
Onfido Authentication ONFIDO SYSLOG + JSON 2023-03-10
View Change
Zscaler Web Proxy ZSCALER_WEBPROXY SYSLOG + KV, CSV 2023-11-15
View Change
Red Canary EDR REDCANARY_EDR JSON 2022-09-15
View Change
WatchGuard Syslog and KV WATCHGUARD JSON 2023-09-28
View Change
D3 Banking BANKING D3_BANKING JSON 2022-03-23
View Change
Gitlab SAAS GITLAB JSON 2023-10-20
View Change
Comodo AV / Endpoint COMODO_AV SYSLOG + KV (CEF) 2021-04-09
McAfee Unified Cloud Edge SaaS Application MCAFEE_UCE JSON 2021-07-20
SiteMinder Web Access Management SSO CA_SSO_WEB JSON 2022-08-08
View Change
SailPoint IAM Identity and Access Management SAILPOINT_IAM JSON 2022-07-08
View Change
Tanium Integrity Monitor Tanium Specific TANIUM_INTEGRITY_MONITOR JSON 2022-10-12
View Change
AWS CloudWatch Cloud service monitoring AWS_CLOUDWATCH JSON, GROK 2023-09-02
View Change
TCPWave DDI Secure ddi TCPWAVE_DDI SYSLOG + JSON 2022-09-27
View Change
Google Cloud Identity Context Identity and Access Management CLOUD_IDENTITY_CONTEXT JSON 2023-07-25
View Change
Ping Federate Authentication PING_FEDERATE CSV 2023-04-24
View Change
Zscaler Internet Access Audit Logs Security Service Edge (SSE) ZSCALER_INTERNET_ACCESS CSV 2023-10-26
View Change
Infoblox DHCP, DNS INFOBLOX SYSLOG 2023-11-07
View Change
Tanium Audit SCAN NETWORK TANIUM_AUDIT JSON 2023-09-26
View Change
Microsoft SQL Server Database MICROSOFT_SQL SYSLOG + KV, JSON 2023-10-09
View Change
Tanium Threat Response Tanium Specific TANIUM_THREAT_RESPONSE JSON 2023-07-28
View Change
Automation Anywhere Automation Tools AUTOMATION_ANYWHERE SYSLOG + KV 2021-04-28
NetApp ONTAP Rest api NETAPP_ONTAP SYSLOG 2023-04-03
View Change
Deep Instinct EDR EDR DEEP_INSTINCT_EDR SYSLOG + KV 2022-11-18
View Change
Hitachi Cloud Platform Hitachi Cloud Platform HITACHI_CLOUD_PLATFORM SYSLOG 2023-05-30
View Change
Preempt Auth Identity and Access Management PREEMPT_AUTH SYSLOG + JSON 2021-06-16
BeyondTrust Secure Remote Access Remote Access Tools BEYONDTRUST_REMOTE_ACCESS SYSLOG + KV 2022-09-30
View Change
VMware Tanzu Kubernetes Grid IDS/IPS VMWARE_TANZU JSON + SYSLOG+JSON 2023-09-08
View Change
Fidelis Network NDR FIDELIS_NETWORK SYSLOG + KV, JSON 2023-09-04
View Change
Strong Swan VPN VPN STRONGSWAN_VPN JSON 2023-05-25
View Change
Imperva Database Cloud Application and Edge Security IMPERVA_DB SYSLOG 2023-07-17
View Change
Microsoft AD FS LDAP ADFS JSON 2023-08-18
View Change
RSA NetWitness PLATFORM CONFIGURATION RSA_NETWITNESS SYSLOG 2022-10-18
View Change
Cylance Protect Alerts CYLANCE_PROTECT SYSLOG + KV 2022-09-06
View Change
Windows Applocker Application Locker WINDOWS_APPLOCKER SYSLOG + KV + JSON + XML 2023-10-17
View Change
Cloudflare Audit SaaS Application CLOUDFLARE_AUDIT JSON 2023-07-09
View Change
CrowdStrike Falcon EDR CS_EDR JSON 2023-10-11
View Change
Stormshield Firewall FIREWALL STORMSHIELD_FIREWALL SYSLOG + KV 2023-06-29
View Change
Fortinet FortiEDR EDR FORTINET_FORTIEDR SYSLOG + KV 2023-08-07
View Change
AMD Pensando DSS Firewall Firewall AMD_DSS_FIREWALL SYSLOG + CSV 2023-05-08
View Change
File Scanning Framework File scanning FILE_SCANNING_FRAMEWORK JSON 2021-09-27
Crowdstrike IOC IOC CROWDSTRIKE_IOC JSON 2023-08-23
View Change
Microsoft ATA IDS/IPS MICROSOFT_ATA SYSLOG + KV 2021-07-13
Darktrace NDR DARKTRACE SYSLOG + KV (CEF) 2023-09-26
View Change
Cloud SQL Google Cloud Specific GCP_CLOUDSQL JSON 2023-11-01
View Change
Cloud Run Google Cloud Specific GCP_RUN JSON 2023-04-13
View Change
Island Browser logs Web Browser ISLAND_BROWSER JSON 2023-09-04
View Change
Cloud Functions Context Google Cloud Specific GCP_CLOUD_FUNCTIONS_CONTEXT JSON 2023-07-26
View Change
Layer7 SiteMinder SSO SITEMINDER_SSO KV+JSON 2022-08-30
View Change
Tenable Active Directory Security Tenable Active Directory Security TENABLE_ADS SYSLOG 2023-11-06
View Change
Infoblox DNS DNS INFOBLOX_DNS SYSLOG, CEF 2023-10-17
View Change
MISP Threat Intelligence Cybersecurity MISP_IOC JSON, CSV 2023-09-26
View Change
Unix system OS NIX_SYSTEM SYSLOG , JSON 2023-11-10
View Change
ForgeRock OpenDJ LDAP OPENDJ SYSLOG + KV 2020-10-01
Emerging Threats Pro IOC ET_PRO_IOC CSV 2022-11-28
View Change
FireEye Alerts FIREEYE_ALERT SYSLOG + JSON, JSON 2023-11-09
View Change
CloudM Identity and Access Management CLOUDM JSON 2022-06-09
View Change
Fortinet Web Application Firewall WEB FORTINET_FORTIWEB KV 2023-05-18
View Change
AWS GuardDuty IDS/IPS GUARDDUTY JSON 2023-08-18
View Change
Aruba Airwave Wireless ARUBA_AIRWAVE XML 2021-03-16
VanDyke SFTP Data Transfer VANDYKE_SFTP JSON, SYSLOG 2022-03-25
View Change
Ping Identity Authentication PING JSON, SYSLOG + KV 2023-04-06
View Change
VMware ESXi Hypervisor VMWARE_ESX SYSLOG 2023-10-10
View Change
Ansible AWX Automation and DevOps Tools ANSIBLE_AWX JSON 2022-11-09
View Change
Duo Entity context data Identity and Access Management DUO_CONTEXT JSON 2022-03-14
Vectra Detect NDR VECTRA_DETECT SYSLOG + JSON + CEF 2023-10-12
View Change
RH-ISAC IOC RH_ISAC_IOC JSON 2022-03-22
View Change
Office 365 SaaS Application OFFICE_365 JSON 2023-11-01
View Change
F5 BIGIP Access Policy Manager Access Policy Manager F5_BIGIP_APM SYSLOG 2023-06-06
View Change
MySQL Database MYSQL SYSLOG 2021-04-12
Qualys Continuous Monitoring Monitoring QUALYS_CONTINUOUS_MONITORING JSON 2022-08-30
View Change
Compute Context Google Cloud Specific N/A JSON 2022-07-29
View Change
Honeyd Deception Software HONEYD SYSLOG 2021-04-05
Qualys Virtual Scanner Vulnerability Scanner QUALYS_VIRTUAL_SCANNER JSON 2023-08-21
View Change
FireEye HX EDR FIREEYE_HX JSON 2023-05-08
View Change
Azure AD Directory Audit Audit AZURE_AD_AUDIT JSON 2023-10-16
View Change
Oracle DATABASE ORACLE_DB SYSLOG + KV 2023-10-25
View Change
OpenSSH Logging and Troubleshooting OPENSSH SYSLOG 2023-10-05
View Change
Workspace Alerts Google Cloud Specific WORKSPACE_ALERTS JSON 2023-11-01
View Change
Delinea PAM Access Management DELINEA_PAM SYSLOG + CSV 2022-11-10
View Change
Netscout OCI Alert log NETSCOUT_OCI SYSLOG + KV 2023-09-04
View Change
Microsoft Defender for Identity EDR MICROSOFT_DEFENDER_IDENTITY JSON 2022-07-27
View Change
VPC Flow Logs Google Cloud Specific GCP_VPC_FLOW JSON 2023-05-23
View Change
Accellion DLP ACCELLION SYSLOG 2022-09-30
View Change
Oracle Cloud Infrastructure Audit Logs Oracle Cloud Infrastructure OCI_AUDIT JSON 2023-09-29
View Change
Juniper Software Defined Wide Area Network SYSLOG JUNIPER_SDWAN SYSLOG 2023-07-10
View Change
Net Suite WAF NET_SUITE kv 2023-08-02
View Change
Cloudflare WAF Cloud Log CLOUDFLARE_WAF JSON 2023-08-30
View Change
Lenel Onguard Badge Management Access Control System LENEL_ONGUARD JSON 2022-10-31
View Change
AWS Macie AWS-specific logs AWS_MACIE JSON 2022-08-08
View Change
Linux Sysmon DNS LINUX_SYSMON XML 2023-11-09
View Change
AWS EMR AWS Specific AWS_EMR SYSLOG, SYSLOG+JSON, JSON 2023-10-30
View Change
Windows DNS DNS WINDOWS_DNS JSON, XML, SYSLOG + KV 2023-10-18
View Change
Bitdefender AV / Endpoint BITDEFENDER CSV 2023-05-02
View Change
VyOS Open Source Router DHCP VYOS SYSLOG 2022-10-12
View Change
Kaspersky AV AV / Endpoint KASPERSKY_AV KV + CEF 2023-10-13
View Change
Nutanix Prism Firewall NUTANIX_PRISM JSON 2023-01-23
View Change
Aruba EdgeConnect SD-WAN Network Security ARUBA_EDGECONNECT_SDWAN SYSLOG + CSV 2023-05-03
View Change
Abnormal Security Email Server ABNORMAL_SECURITY JSON , SYSLOG 2023-11-06
View Change
ProofPoint Secure Email Relay Email server PROOFPOINT_SER JSON 2023-08-29
View Change
McAfee MVISION CASB CLOUD SECURITY MCAFEE_MVISION_CASB KV 2023-06-22
View Change
GCP_KUBERNETES_CONTEXT Computer Inventory GCP_KUBERNETES_CONTEXT JSON 2023-11-01
View Change
Ionix SECURITY IONIX JSON 2023-09-28
View Change
Stealthbits Defend Security System for Active Directory and File Systems. STEALTHBITS_DEFEND SYSLOG + KV (LEEF, CEF) 2022-11-17
View Change
Shrubbery TACACS+ NETWORK MANAGEMENT SHRUBBERY_TACACS SYSLOG + KV 2022-11-08
View Change
Bluecat DDI DDI (DNS, DHCP, IPAM) BLUECAT_DDI SYSLOG 2022-11-08
View Change
Blue Coat Proxy Web Proxy BLUECOAT_WEBPROXY SYSLOG + JSON, SYSLOG + KV 2023-10-01
View Change
Kemp Load Balancer Load Balancer, Traffic Shaper, ADC KEMP_LOADBALANCER SYSLOG + KV 2023-05-31
View Change
Tanium Insight Tanium Specific TANIUM_INSIGHT SYSLOG + KV 2021-03-10
HAProxy Load balancing HAPROXY SYSLOG 2023-09-25
View Change
LimaCharlie EDR LIMACHARLIE_EDR JSON 2023-08-07
VMware Workspace ONE Logging and Troubleshooting VMWARE_WORKSPACE_ONE SYSLOG 2023-08-04
View Change
Cloud Identity Device Users Google Cloud Specific GCP_CLOUDIDENTITY_DEVICEUSERS JSON 2022-10-01
View Change
Azure AD Organizational Context LDAP AZURE_AD_CONTEXT JSON 2023-10-25
View Change
COVID-19 Cyber Threat Coalition IOC COVID_CTC_IOC Value Entry 2020-06-02
Atlassian Jira Ticketing Application ATLASSIAN_JIRA SYSLOG, JSON 2023-11-10
View Change
Forcepoint Proxy Web Proxy FORCEPOINT_WEBPROXY SYSLOG + KV (CEF), LEEF 2023-06-12
View Change
Sophos Capsule8 Container Security SOPHOS_CAPSULE8 JSON 2021-12-22
Varonis Data Security / Insider Threat VARONIS SYSLOG + KV (CEF), LEEF 2022-10-08
View Change
STIX Threat Intelligence Cybersecurity Threats STIX SYSLOG + KV (CEF) 2023-11-08
View Change
Corelight NDR CORELIGHT JSON 2023-10-04
View Change
CloudGenix SD-WAN Switches, Routers CLOUDGENIX_SDWAN SYSLOG + KV 2022-09-08
View Change
Cloudian hyperstore Storage Solutions CLOUDIAN_HYPERSTORE SYSLOG 2021-05-05
Open LDAP LDAP OPENLDAP SYSLOG 2023-07-18
View Change
Absolute Mobile Device Management Mobile Device Management ABSOLUTE SYSLOG + KV (CEF) 2023-07-07
View Change
Saviynt Enterprise Identity Cloud Endpoints SAVIYNT_EIP JSON, JSON+KV 2023-06-05
View Change
Tanium Patch Tanium Specific TANIUM_PATCH JSON 2022-02-08
TrendMicro Web Proxy Web Proxy TRENDMICRO_WEBPROXY SYSLOG + KV 2023-08-02
View Change
Palo Alto Networks Firewall Firewall PAN_FIREWALL CSV + CEF + LEEF 2023-09-20
View Change
Passive DNS DNS PASSIVE_DNS JSON 2021-05-19
Proofpoint Web Browser Isolation ATTACK PROTECTION ISOLATION PROOFPOINT_WEB_BROWSER_ISOLATION JSON 2023-05-25
View Change
Stealthbits PAM Privileged Access Management Solution STEALTHBITS_PAM CEF + KV 2023-11-07
View Change
Preempt Alert Identity and Access Management PREEMPT SYSLOG + KV (CEF) 2022-06-22
View Change
Cloud Identity Devices Google Cloud Specific GCP_CLOUDIDENTITY_DEVICES JSON 2022-04-13
View Change
Google Cloud IAM Analysis Google Cloud Resources Contexts N/A JSON 2023-02-27
View Change
Cisco Umbrella IP Web Proxy UMBRELLA_IP SYSLOG 2022-08-22
View Change
AWS RDS Database AWS_RDS SYSLOG 2023-04-24
View Change
Cisco PIX Firewall Firewall CISCO_PIX_FIREWALL SYSLOG 2023-05-23
View Change
Cisco Stealthwatch Log Aggregator CISCO_STEALTHWATCH JSON 2023-06-19
View Change
Azure Cosmos DB Database AZURE_COSMOS_DB JSON 2023-02-22
View Change
Elastic Packet Beats Log Aggregator ELASTIC_PACKETBEATS SYSLOG + JSON 2022-05-09
View Change
IAM Context Google Cloud Specific N/A JSON 2023-07-26
View Change
Snort IDS/IPS SNORT_IDS SYSLOG + JSON 2022-09-22
View Change
Imperva FlexProtect Cloud App & Network Security IMPERVA_FLEXPROTECT CEF + KV 2023-08-28
View Change
Kong API Gateway Microservice management KONG_GATEWAY SYSLOG + JSON 2022-09-23
View Change
Custom Security Data Analytics Log Aggregation CUSTOM_SECURITY_DATA_ANALYTICS JSON 2022-07-08
View Change
ISC DHCP DHCP ISC_DHCP JSON + SYSLOG + KV 2022-02-08
OSSEC IDS/IPS OSSEC SYSLOG 2023-06-14
View Change
RSA Identity and Access Management RSA_AUTH_MANAGER CSV 2022-08-09
View Change
Cisco CloudLock CASB CISCO_CLOUDLOCK_CASB JSON 2021-10-04
Sierra Wireless IOT Devices SIERRA_WIRELESS SYSLOG 2023-06-30
View Change
Microsoft Sentinel Microsoft Sentinel MICROSOFT_SENTINEL JSON 2023-11-03
View Change
SentinelOne EDR EDR SENTINEL_EDR SYSLOG + JSON 2023-11-09
View Change
McAfee Web Gateway Web Proxy MCAFEE_WEBPROXY SYSLOG + KV (CEF), JSON 2023-06-17
View Change
AWS Config AWS Specific AWS_CONFIG JSON 2022-05-27
View Change
OpenVPN Network OPEN_VPN SYSLOG + KV 2022-04-28
View Change
Check Point Firewall CHECKPOINT_FIREWALL SYSLOG + KV, JSON 2023-10-11
View Change
Trend Micro AV AV / Endpoint TRENDMICRO_AV SYSLOG + KV, CEF 2023-05-21
View Change
Windows Sysmon DNS WINDOWS_SYSMON JSON, XML 2023-10-27
View Change
GMV Checker ATM Security ATM Audit GMV_CHECKER SYSLOG 2022-04-20
View Change
Dataminr Alerts DATAMINR_ALERT 2023-08-23
View Change
CrowdStrike Falcon Stream Alerts CS_STREAM KV (LEEF) 2022-07-18
View Change
Citrix Storefront Remote Access Tools CITRIX_STOREFRONT JSON 2022-07-22
View Change
Pivotal PaaS Application PIVOTAL SYSLOG + KV 2022-08-17
View Change
Azure Firewall Azure Firewall Application Rule AZURE_FIREWALL JSON 2023-06-01
View Change
Cisco Umbrella DNS DNS UMBRELLA_DNS CSV, JSON 2023-11-07
View Change
Cloud Load Balancing Google Cloud Specific GCP_LOADBALANCING JSON 2023-11-01
View Change
Signal Sciences WAF WAF SIGNAL_SCIENCES_WAF JSON 2023-09-16
View Change
Peplink Firewall Firewall PEPLINK_FW SYSLOG + KV 2023-08-17
View Change
Dope Security SWG Secure Access Service Edge DOPE_SWG CSV 2023-05-18
View Change
Windows Defender AV AV / Endpoint WINDOWS_DEFENDER_AV JSON, XML 2023-09-04
View Change
McAfee IPS IDS/IPS MCAFEE_IPS SYSLOG 2021-04-15
Digital Shadows Indicators IOC DIGITAL_SHADOWS_IOC JSON 2022-04-23
GCP_NETWORK_CONNECTIVITY Computer Inventory GCP_NETWORK_CONNECTIVITY_CONTEXT JSON 2023-06-13
View Change
Atlassian Confluence Knowledge base ATLASSIAN_CONFLUENCE SYSLOG, JSON 2023-11-14
View Change
Forescout NAC NAC FORESCOUT_NAC SYSLOG, CEF 2023-05-31
View Change
Dell OpenManage Systems Management Application DELL_OPENMANAGE SYSLOG + KV 2022-07-27
View Change
Windows Hyper-V Virtualization Software WINDOWS_HYPERV JSON 2023-10-09
View Change
Thales Vormetric Encryption VORMETRIC SYSLOG 2021-12-17
Sophos Intercept EDR EDR logs SOPHOS_EDR JSON 2022-12-27
View Change
Fortinet FortiNAC NAC FORTINET_FORTINAC SYSLOG 2022-07-08
View Change
EPIC Systems Discovery and Monitoring EPIC LEEF + KV 2022-10-31
View Change
Thales MFA Authentication THALES_MFA SYSLOG + KV (CEF) 2022-07-13
View Change
Shibboleth IDP Identity and Access Management SHIBBOLETH_IDP SYSLOG 2021-04-19
Ipswitch MOVEit Transfer Switches IPSWITCH_MOVEIT_TRANSFER SYSLOG + CSV 2023-08-18
View Change
CoSoSys Protector Endpoint Detection ENDPOINT_PROTECTOR_DLP SYSLOG + KV 2023-04-17
View Change
Fortinet FortiAnalyzer Fortinet FortiAnalyzer FORTINET_FORTIANALYZER JSON 2023-07-19
View Change
CircleCI Automation and DevOps Tools CIRCLECI CSV + JSON 2023-03-09
View Change
ESET AV ESET_AV ESET_AV SYSLOG + JSON 2023-01-10
View Change
Openpath AV / Endpoint OPENPATH SYSLOG 2023-11-08
View Change
Sourcefire IDS/IPS SOURCEFIRE_IDS JSON, CEF 2023-07-06
View Change
Aruba Wireless ARUBA_WIRELESS SYSLOG 2023-05-25
View Change
Duo Auth Authentication DUO_AUTH JSON 2023-10-23
View Change
Kubernetes Audit K8s cluster audit logs KUBERNETES_AUDIT JSON 2023-08-21
View Change
Apple MacOS AV / Endpoint MACOS SYSLOG 2022-05-04
View Change
Custom DNS DNS CUSTOM_DNS JSON 2022-08-05
View Change
McAfee Enterprise Security Manager Log Aggregator MCAFEE_ESM SYSLOG + JSON 2022-02-25
Barracuda WAF Firewall BARRACUDA_WAF JSON, SYSLOG + KV 2023-07-19
View Change
NetApp SAN Rest api NETAPP_SAN SYSLOG 2023-04-25
View Change
Mobileiron ENDPOINT MANAGEMENT MOBILEIRON JSON 2023-02-02
View Change
1Password Identity and Access Management ONEPASSWORD JSON 2023-06-07
View Change
Archer Integrated Risk Management Risk Management Solution ARCHER_IRM SYSLOG 2022-05-04
View Change
Kubernetes Node Kubernetes Container KUBERNETES_NODE JSON 2023-08-16
View Change
Pulse Secure VPN PULSE_SECURE_VPN SYSLOG 2023-11-07
View Change
Sophos DHCP DHCP SOPHOS_DHCP SYSLOG + KV 2022-02-10
Radware Web Application Firewall Firewall RADWARE_FIREWALL SYSLOG 2021-09-08
ExtraHop DNS DNS EXTRAHOP_DNS JSON 2021-12-13
VMware vCenter Server VMWARE_VCENTER SYSLOG + JSON 2023-11-13
View Change
Microsoft Intune Mobile Device Management AZURE_MDM_INTUNE JSON 2022-08-17
View Change
Fortinet DHCP FORTINET_DHCP KV 2022-11-21
View Change
Akamai WAF WAF AKAMAI_WAF SYSLOG 2023-10-27
View Change
Palo Alto Networks Traps EDR PAN_EDR CSV + KV 2022-08-22
View Change
Cloud Intrusion Detection System Google Cloud Specific GCP_IDS JSON 2023-09-26
View Change
pfSense FIREWALL PFSENSE SYSLOG 2023-05-05
View Change
Fluentd Logs Log Aggregator FLUENTD SYSLOG + JSON 2023-06-14
View Change
Rapid7 Insight Vulnerability Scanner RAPID7_INSIGHT SYSLOG, JSON 2023-05-05
View Change
Cato Networks NDR CATO_NETWORKS JSON 2023-05-19
View Change
Akeyless Vault Platform Akeyless Vault Platform AKEYLESS_VAULT KV + JSON 2023-09-16
View Change
IBM DB2 Database DB2_DB LEEF 2023-10-30
View Change
Ribbon Analytics Platform Telephone Software RIBBON_ANALYTICS_PLATFORM SYSLOG 2022-09-09
View Change
Windows DHCP DHCP WINDOWS_DHCP JSON, SYSLOG, CSV 2022-05-23
View Change
Nokia VitalQIP DDI (DNS, DHCP, IPAM) VITALQIP SYSLOG 2022-03-01
Palo Alto Cortex XDR Alerts NDR CORTEX_XDR JSON 2023-11-10
View Change
Cloud Passage SaaS Application CLOUD_PASSAGE JSON 2022-06-30
View Change
Kubernetes Auth Proxy Kubernetes Specific KUBERNETES_AUTH_PROXY JSON 2022-09-08
View Change
Cisco DHCP DHCP CISCO_DHCP SYSLOG + CSV 2022-02-07
Centrify SSO CENTRIFY_SSO JSON 2022-08-10
View Change
Pulse Secure Virtual Traffic Manager Traffic Shapers PULSE_SECURE_VTM SYSLOG 2023-11-03
View Change
Silverfort Authentication Platform Identity and Access Management SILVERFORT CEF SYSLOG 2023-10-11
View Change
Thinkst Canary Deception Software THINKST_CANARY JSON 2023-09-15
View Change
Check Point Sandblast EDR CHECKPOINT_EDR SYSLOG + KV 2022-09-07
View Change
Proofpoint On Demand Email Server PROOFPOINT_ON_DEMAND JSON 2023-11-13
View Change
Hashicorp Vault Privileged Account Activity HASHICORP JSON, SYSLOG, SYSLOG+JSON, SYSLOG+KV 2023-10-26
View Change
Palo Alto Prisma Cloud SECURITY PLATFORM PAN_PRISMA_CLOUD JSON 2022-08-09
View Change
Microsoft Azure Activity Misc Windows Specific AZURE_ACTIVITY JSON 2023-10-09
View Change
SOTI MobiControl Mobile Device Management SOTI_MOBICONTROL SYSLOG 2023-09-08
View Change
Arista Switch Switches ARISTA_SWITCH JSON+SYSLOG 2022-08-03
View Change
Microsoft Defender for Endpoint EDR MICROSOFT_DEFENDER_ENDPOINT JSON 2023-10-12
View Change
Samba SMBD Privileged Account Activity SMBD Syslog 2023-03-09
View Change
Cisco Firepower NGFW Firewall CISCO_FIREPOWER_FIREWALL SYSLOG + KV, JSON 2023-09-12
View Change
ManageEngine ADAudit Plus Active Directory Audit ADAUDIT_PLUS SYSLOG + KV (CEF) 2023-10-17
View Change
Lacework Cloud Security Cloud Security LACEWORK JSON 2023-11-09
View Change
Snoopy Logger Log Aggregator SNOOPY_LOGGER SYSLOG 2022-08-10
View Change
InterSystems Cache Database INTERSYSTEMS_CACHE SYSLOG + KV 2022-10-19
View Change
Cisco Router Switches, Routers CISCO_ROUTER SYSLOG 2023-11-10
View Change
Infoblox DHCP DHCP INFOBLOX_DHCP SYSLOG 2023-04-26
View Change
Big Switch BigCloudFabric Switches, Routers BIGSWITCH_BCF SYSLOG 2021-04-20
Okta Access Gateway OKTA specific OKTA_ACCESS_GATEWAY SYSLOG + KV 2023-02-20
View Change
Red Hat OpenShift Kubernetes Container REDHAT_OPENSHIFT SYSLOG 2022-08-17
View Change
Vectra Stream NDR VECTRA_STREAM SYSLOG + KV 2023-10-15
View Change
Active Countermeasures Alert AI_HUNTER SYSLOG 2020-12-08
FortiMail Email Security Email Security FORTINET_FORTIMAIL KV 2023-09-06
View Change
Yubico OTP Audit event YUBICO_OTP SYSLOG, JSON, CSV 2023-02-20
View Change
Workspace Mobile Devices Google Cloud Specific WORKSPACE_MOBILE JSON 2023-04-12
View Change
ForgeRock OpenAM Identity and Access Management OPENAM CSV, SYSLOG + KV 2023-05-19
View Change
ESET Threat Intelligence IOC ESET_IOC JSON 2023-10-05
View Change
Barracuda Firewall Firewall BARRACUDA_FIREWALL SYSLOG 2022-07-08
View Change
IBM AS/400 Application System IBM_AS400 SYSLOG + KV 2022-04-13
View Change
Dell Switch Switches, Routers DELL_SWITCH SYSLOG 2023-11-02
View Change
Forcepoint DLP Forcepoint DLP FORCEPOINT_DLP CEF 2022-11-07
View Change
Nucleus Unified Vulnerability Management Nucleus Specific NUCLEUS_VULNERABILITY JSON 2021-06-30
ThreatConnect IOC THREATCONNECT_IOC JSON 2022-01-13
Squid Web Proxy Web Proxy SQUID_WEBPROXY SYSLOG 2022-10-30
View Change
Avanan Email Security Email Server AVANAN_EMAIL JSON 2022-07-12
View Change
Cisco Prime Network Management and Optimization CISCO_PRIME SYSLOG 2021-05-21
BigQuery Google Cloud Resources Contexts N/A JSON 2022-03-03
IBM Tivoli Monitoring IBM_TIVOLI JSON, SYSLOG 2023-06-12
View Change
McAfee ePolicy Orchestrator Policy Management MCAFEE_EPO SYSLOG + XML, CSV, KV 2023-10-15
View Change
Zeek TSV Format Specific BRO_TSV SYSLOG + TSV 2022-01-31
Cisco Firewall Services Module Firewall CISCO_FWSM SYSLOG 2023-05-05
View Change
Seqrite Endpoint Security (EPS) AV and endpoint logs SEQRITE_ENDPOINT LEEF 2023-03-24
View Change
Symantec Endpoint Protection AV / Endpoint SEP SYSLOG 2023-11-08
View Change
Proofpoint Threat Response Email Server PROOFPOINT_TRAP SYSLOG 2023-05-26
View Change
Chrome Management Browser N/A JSON 2023-09-06
View Change
Cisco ACS Authentication CISCO_ACS SYSLOG + KV 2023-09-26
View Change
Thycotic Identity and Access Management THYCOTIC SYSLOG + KV (CEF) 2023-09-22
View Change
BloxOne Threat Defense DNS BLOXONE SYSLOG + JSON 2023-03-07
View Change
HP Procurve Switch Switches HP_PROCURVE SYSLOG 2023-09-24
View Change
PostFix Mail Email Server POSTFIX_MAIL SYSLOG 2022-10-06
View Change
BeyondTrust Privilege Account Activity BOMGAR SYSLOG 2022-10-13
View Change
Apache Tomcat Web server TOMCAT JSON 2022-04-20
View Change
Cisco WLC/WCS Wireless CISCO_WIRELESS SYSLOG 2023-02-09
View Change
Cloud Audit Logs Google Cloud Specific N/A JSON 2023-11-09
View Change
Imperva Advanced Bot Protection Bot Protection IMPERVA_ABP JSON 2023-07-21
View Change
Snare System Diagnostic Logs Security SNARE_SOLUTIONS SYSLOG + KV 2022-07-29
View Change
SAP Netweaver Database SAP_NETWEAVER JSON 2023-05-03
View Change
Sophos Central AV / Endpoint SOPHOS_CENTRAL JSON 2022-12-27
View Change
Azion Firewall AZION JSON 2023-09-30
View Change
Windows Network Policy Server Authentication WINDOWS_NET_POLICY_SERVER SYSLOG, JSON, SYSLOG + XML 2022-11-21
View Change
Apache Hadoop open-source software HADOOP SYSLOG + KV 2023-06-05
View Change
Symantec Web Security Service Web Proxy SYMANTEC_WSS JSON 2023-06-19
View Change
IBM Informix DATABASE INFORMIX JSON + SYSLOG 2022-02-18
BeyondTrust Privileged Identity Privilege Account Activity BEYONDTRUST_PI SYSLOG 2022-10-24
View Change
HP Aruba(Clearpass) Identity and Access Management CLEARPASS SYSLOG + KV 2022-08-18
View Change
Carbon Black App Control Security log CB_APP_CONTROL CEF, JSON 2022-07-01
View Change
Men and Mice DNS DNS MENANDMICE_DNS SYSLOG 2021-11-12
Arcsight CEF Security log ARCSIGHT_CEF CEF Syslog 2023-04-27
View Change
AWS Route 53 DNS AWS Specific AWS_ROUTE_53 JSON + SYSLOG 2023-05-08
View Change
Juniper MX Router Routers and Switches JUNIPER_MX SYSLOG + KV 2022-01-24
Tanium Stream Tanium Specific TANIUM_TH JSON 2023-09-20
View Change
CA LDAP Web server CA_LDAP JSON 2022-08-19
View Change
Atlassian Bitbucket Atlassian Bitbucket ATLASSIAN_BITBUCKET JSON 2023-06-12
View Change
Medigate IoT IoT MEDIGATE_IOT SYSLOG + JSON 2023-11-08
View Change
AWS VPC Flow AWS Specific AWS_VPC_FLOW SYSLOG 2023-04-06
View Change
PAN Autofocus IOC PAN_IOC JSON 2021-08-09
Apache Security APACHE SYSLOG + JSON 2023-07-31
View Change
Armis Activities ACTIVITIES ARMIS_ACTIVITIES JSON 2023-02-07
View Change
Neosec Security NEOSEC JSON 2023-07-31
View Change
Zscaler Private Access Security Service Edge ZSCALER_ZPA SYSLOG + JSON, JSON 2023-02-22
View Change
Jamf Protect Alerts Endpoint Security JAMF_PROTECT JSON 2023-11-22
View Change
Nasuni File Services Platform Data Transfer NASUNI_FILE_SERVICES SYSLOG + JSON 2022-08-21
View Change
Oracle Cloud Infrastructure Oracle Cloud Infrastructure ORACLE_CLOUD_AUDIT JSON 2023-10-30
View Change
Sendmail Email Server SENDMAIL SYSLOG + KV 2023-09-20
View Change
Workspace Privileges Google Cloud Specific WORKSPACE_PRIVILEGES JSON 2023-04-12
View Change
IBM Safenet IT infrastructure IBM_SAFENET SYSLOG 2023-05-24
View Change
Okera Dynamic Access Platform Data Security OKERA_DAP JSON 2023-01-29
View Change
Rubrik Backup software RUBRIK SYSLOG 2022-12-01
View Change
Fastly WAF WAF FASTLY_WAF JSON 2022-06-06
View Change
Sophos UTM Unified Threat Management SOPHOS_UTM KV 2022-06-30
View Change
Imperva CEF CEF IMPERVA_CEF SYSLOG + KV 2023-03-07
View Change
CSV Custom IOC IOC CSV_CUSTOM_IOC CSV 2023-09-11
View Change
Duo Telephony Logs Identity and Access Management DUO_TELEPHONY JSON 2023-08-24
View Change
Netfilter IPtables Firewall NETFILTER_IPTABLES SYSLOG + KV 2023-10-12
View Change
Cisco ASA firewall CISCO_ASA_FIREWALL SYSLOG 2023-09-06
View Change
Jamf Protect Telemetry Endpoint Security JAMF_TELEMETRY JSON 2023-09-06
View Change
Palo Alto Prisma Access Cloud Security PAN_CASB JSON 2022-11-25
View Change
Cisco Internetwork Operating System Network Infrastructure CISCO_IOS SYSLOG 2023-10-04
View Change
Symantec Web Isolation Secure Access Service Edge SYMANTEC_WEB_ISOLATION JSON 2022-07-08
View Change
Symantec VIP Gateway Email Server SYMANTEC_VIP SYSLOG 2023-03-03
View Change
Menlo Security Web Proxy MENLO_SECURITY JSON 2023-08-03
View Change
IBM Websphere Application Server Web server IBM_WEBSPHERE_APP_SERVER JSON, SYSLOG 2022-01-20
Cofense Email Server COFENSE_TRIAGE SYSLOG + KV (CEF) 2023-04-19
View Change
F5 Shape Security log F5_SHAPE JSON 2022-02-21
Juniper Junos Network Device JUNIPER_JUNOS SYSLOG + KV 2023-10-25
View Change
Tenable Security Center Vulnerability Scanner TENABLE_SC SYSLOG 2021-05-18
Oracle Unified Directory ORACLE OUD ORACLE_OUD SYSLOG 2023-09-11
View Change
Juniper Mist Network Management and Optimization software JUNIPER_MIST JSON 2023-02-24
View Change
Aruba IPS IPS ARUBA_IPS JSON 2022-06-16
View Change
SpyCloud AV / Endpoint SPYCLOUD SYSLOG + JSON 2023-11-08
View Change
AWS CloudFront CDN AWS_CLOUDFRONT SYSLOG 2022-05-27
View Change
Apigee Google Cloud Specific GCP_APIGEE JSON 2021-11-02
Okta User Context Identity and Access Management OKTA_USER_CONTEXT JSON 2023-08-16
View Change
ManageEngine AD360 Identity and Access Management MANAGE_ENGINE_AD360 SYSLOG + KV 2022-09-16
View Change
Chronicle SOAR Audit SOAR CHRONICLE_SOAR_AUDIT JSON 2023-10-12
View Change
Bitwarden Events Password Manager BITWARDEN_EVENTS JSON 2023-11-09
View Change
AWS Aurora AWS AWS_AURORA JSON 2023-11-02
View Change
SentinelOne Deep Visibility EDR SENTINEL_DV JSON 2023-09-06
View Change
Cisco Switch Switches, Routers CISCO_SWITCH SYSLOG 2023-11-05
View Change
Sophos Firewall (Next Gen) Firewall SOPHOS_FIREWALL KV 2023-11-10
View Change
AlgoSec Security Management Policy Management ALGOSEC SYSLOG + KV (CEF) 2022-11-27
View Change
Netscout NETWORK ARBOR_EDGE_DEFENSE SYSLOG + KV 2023-02-21
View Change
McAfee Skyhigh CASB CASB MCAFEE_SKYHIGH_CASB SYSLOG + KV 2023-06-17
View Change
AWS Control Tower Identity and Access Management AWS_CONTROL_TOWER JSON 2023-01-04
View Change
Cisco VPN VPN CISCO_VPN SYSLOG 2022-08-19
View Change
Teleport Access Plane Remote Access TELEPORT_ACCESS_PLANE SYSLOG 2023-05-09
View Change
AWS WAF AWS Specific AWS_WAF JSON 2023-09-11
View Change
CrowdStrike Detection Monitoring EDR CS_DETECTS JSON 2023-07-21
View Change
DMP Physical Security DMP_ENTRE SYSLOG 2020-09-23
Illumio Core Policy Management ILLUMIO_CORE JSON 2023-03-14
View Change
Suricata IDS IDS/IPS SURICATA_IDS JSON 2023-08-24
View Change
GitHub SaaS Application GITHUB JSON 2023-10-25
View Change
Workspace ChromeOS Devices Google Cloud Specific WORKSPACE_CHROMEOS JSON 2023-11-01
View Change
AWS Cloudtrail Cloud Log Aggregator AWS_CLOUDTRAIL JSON 2023-11-11
View Change
Armis Devices DEVICES ARMIS_DEVICES JSON 2023-03-02
View Change
Fortinet FortiClient Security FORTINET_FORTICLIENT KV 2023-10-27
View Change
FireEye HX Audit Audits FIREEYE_HX_AUDIT XML 2022-11-04
View Change
Versa Firewall FIREWALL VERSA_FIREWALL SYSLOG + KV 2023-07-03
View Change
Workspace Activities Google Cloud Specific WORKSPACE_ACTIVITY JSON 2023-11-01
View Change
Tanium Reveal Tanium Specific TANIUM_REVEAL JSON 2021-11-15
FileZilla File tranfser FILEZILLA_FTP SYSLOG 2022-03-23
View Change
IBM CICS Service Bus IBM_CICS LEEF 2021-10-27
VMware NSX Network and Security Virtualization VMWARE_NSX KV 2023-10-13
View Change
ZScaler VPN VPN ZSCALER_VPN SYSLOG + CSV 2023-06-08
View Change
F5 DNS DNS F5_DNS SYSLOG 2021-06-17
IBM Security Verify SaaS SaaS Application IBM_SECURITY_VERIFY_SAAS JSON 2023-10-27
View Change
Azure AD LDAP AZURE_AD JSON 2023-07-12
View Change
ESET EDR ESET_EDR SYSLOG + JSON 2022-05-10
View Change
Cisco Web Services Manager CISCO_WSM CISCO_WSM SYSLOG 2023-10-05
View Change
Airlock Digital Application Allowlisting Application Whitelisting AIRLOCK_DIGITAL SYSLOG 2023-02-22
View Change
Windows Firewall Firewall WINDOWS_FIREWALL Space Separated Value 2021-08-26
OneLogin SSO ONELOGIN_SSO JSON 2023-04-28
View Change
Palo Alto Panorama Firewall PAN_PANORAMA CSV 2023-08-07
View Change
Cisco TACACS+ Authentication CISCO_TACACS SYSLOG + KV 2022-08-09
View Change
Proofpoint Observeit Email Server OBSERVEIT JSON, KV 2023-11-03
View Change
FortiGate Firewall FORTINET_FIREWALL JSON, SYSLOG + KV 2023-07-10
View Change
iBoss Proxy Webproxy IBOSS_WEBPROXY SYSLOG + JSON 2023-08-22
View Change
Cisco Application Centric Infrastructure CISCO ACI CISCO_ACI JSON, SYSLOG 2022-09-26
View Change
Linux DHCP DHCP LINUX_DHCP SYSLOG 2022-09-05
View Change
ManageEngine Reporter Plus SaaS Application MANAGE_ENGINE_REPORTER_PLUS JSON 2022-08-29
View Change
Cisco Email Security Email Server CISCO_EMAIL_SECURITY SYSLOG + KV, JSON 2023-10-05
View Change
Citrix Monitor Monitoring of DaaS CITRIX_MONITOR JSON 2022-12-06
View Change
Qualys Asset Context Vulnerability Scanner QUALYS_ASSET_CONTEXT JSON 2023-08-01
View Change
Salesforce SaaS Application SALESFORCE KV (LEEF), CSV 2023-02-24
View Change
Thales Luna Hardware Security Module THALES_LUNA_HSM specific THALES_LUNA_HSM JSON/SYSLOG 2022-12-02
View Change
Semperis DSP LDAP SEMPERIS_DSP SYSLOG 2021-04-29
Zeek JSON DNS BRO_JSON JSON 2023-10-04
View Change
Saiwall VPN VPN SAIWALL_VPN KV 2023-10-29
View Change
Digital Shadows SearchLight Threat Intelligence DIGITAL_SHADOWS_SEARCHLIGHT JSON 2022-05-02
VMware Horizon VDI VMWARE_HORIZON SYSLOG 2022-08-15
View Change
Cisco Wireless IPS Cisco Wips CISCO_WIPS SYSLOG + KV 2022-11-03
View Change
Static IP DHCP ASSET_STATIC_IP CSV 2023-06-16
View Change
Fireeye ETP Email Server FIREEYE_ETP JSON 2021-06-11
SecureLink Remote Access Tools SECURELINK SYSLOG 2023-09-13
View Change
AWS Elastic Load Balancer AWS Specific AWS_ELB SYSLOG 2022-05-27
View Change
HPE ILO Server Management HPE_ILO SYSLOG 2022-03-14
Trend Micro Deep Security AV / Endpoint TRENDMICRO_DEEP_SECURITY LEEF 2022-09-01
View Change
BIND DNS BIND_DNS SYSLOG 2023-09-19
View Change
Cisco UCM Communication Manager CISCO_UCM SYSLOG + KV 2022-08-18
View Change
CIS Albert Alerts Alerts CIS_ALBERT_ALERT SYSLOG 2022-10-10
View Change
Solarwinds Kiwi Syslog Server Security Log SOLARWINDS_KSS SYSLOG + KV 2022-11-16
View Change
Dell EMC Isilon NAS Storage DELL_EMC_NAS SYSLOG 2023-07-21
View Change
EfficientIP DDI Network EFFICIENTIP_DDI SYSLOG + KV 2022-01-24
Digital Guardian EDR EDR DIGITALGUARDIAN_EDR KV 2022-12-07
View Change
Workspace Users Google Cloud Specific WORKSPACE_USERS JSON 2023-09-06
View Change
Netskope Web Proxy Web Proxy NETSKOPE_WEBPROXY SYSLOG, SYSLOG+JSON, JSON 2023-10-09
View Change
F5 Advanced Firewall Management Firewall F5_AFM SYSLOG + CSV 2023-09-11
View Change
F5 BIGIP LTM Load Balancer, Traffic Shaper, ADC F5_BIGIP_LTM SYSLOG 2023-08-28
View Change
HCNET Account Adapter Plus DHCP HCNET_ACCOUNT_ADAPTER SYSLOG 2022-09-15
View Change
Cloudflare SaaS Application CLOUDFLARE JSON 2023-10-09
View Change
Cisco Meraki Wireless CISCO_MERAKI SYSLOG, JSON 2023-10-09
View Change
Centripetal Networks IOC IOC CENTRIPETAL_IOC SYSLOG + KV 2022-01-06
Resource Manager Context Google Cloud Specific GCP_RESOURCE_MANAGER_CONTEXT JSON 2023-07-26
View Change
Uptycs EDR Endpoint detection and response UPTYCS_EDR JSON 2022-07-08
View Change
Anomali IOC ANOMALI_IOC JSON, CEF 2022-03-14
Broadcom SSL Visibility Appliance SSL Visibility BROADCOM_SSL_VA SYSLOG 2022-09-26
View Change
Azure DevOps Audit Automation and DevOps Tools AZURE_DEVOPS JSON 2022-06-28
View Change
Kisi Access Management Physical Security KISI JSON 2023-06-14
View Change
Trustwave webmarshal Proxy Server WEBMARSHAL SYSLOG + CSV 2023-05-04
View Change
Symantec EDR EDR SYMANTEC_EDR JSON 2022-03-31
View Change
AIX system OS AIX_SYSTEM SYSLOG 2023-06-21
View Change
Citrix Netscaler Load Balancer, Traffic Shaper, ADC CITRIX_NETSCALER SYSLOG + KV 2023-07-21
View Change
Suricata EVE IPS IDS SURICATA_EVE JSON 2022-08-17
View Change
VMware vRealize Suite Cloud VMWARE_VREALIZE SYSLOG 2023-06-20
View Change
Digi modems Switches and Routers DIGI_MODEMS SYSLOG 2023-06-26
View Change
McAfee Web Protection SaaS Application MCAFEE_WEB_PROTECTION JSON 2022-09-22
View Change
Elastic Search Log Aggregator ELASTIC_SEARCH JSON 2023-11-02
View Change
Area1 Security Email server AREA1 JSON 2023-04-06
View Change
Recorded Future IOC RECORDED_FUTURE_IOC JSON 2021-11-17
Tanium Comply Tanium Specific TANIUM_COMPLY JSON 2022-08-18
View Change
Proofpoint Email Filter Email Server PROOFPOINT_MAIL_FILTER KV 2022-10-03
View Change
Cisco CTS Telephone Software CISCO_CTS SYSLOG + KV 2021-05-20
Qualys VM Vulnerability Scanner QUALYS_VM KV + JSON 2023-10-27
View Change
Desynova Contido Switches DESYNOVA_CONTIDO SYSLOG + JSON 2023-09-19
View Change
Kea DHCP DHCP KEA_DHCP SYSLOG 2022-03-22
View Change
Ruckus Networks Wireless RUCKUS_WIRELESS SYSLOG + KV 2023-01-06
View Change
Cisco FireSIGHT Management Center SaaS Application CISCO_FIRESIGHT KV 2023-09-21
View Change
Microsoft Exchange Email Server EXCHANGE_MAIL SYSLOG 2023-10-20
View Change
Cloud DNS Google Cloud Specific N/A JSON 2023-05-12
View Change
GMAIL Logs Google Cloud Specific GMAIL_LOGS JSON 2023-08-21
View Change
ClamAV AV / Endpoint CLAM_AV JSON 2022-02-07
Cisco ISE Identity and Access Management CISCO_ISE SYSLOG 2023-09-29
View Change
Cisco UCS OS logs CISCO_UCS SYSLOG 2022-07-04
View Change
Box Collaboration BOX JSON 2022-09-16
View Change
Cloud IoT Google Cloud Specific GCP_CLOUDIOT JSON 2022-06-06
View Change
Zscaler CASB CASB ZSCALER_CASB JSON 2023-09-30
View Change
Avatier Password Management SaaS Application AVATIER SYSLOG + KV 2021-08-05
NGINX Server Management NGINX JSON + SYSLOG 2022-09-10
View Change
Trend Micro Vision One AV and endpoint logs TRENDMICRO_VISION_ONE SYSLOG + KV, CEF 2023-03-24
View Change
AWS S3 Server Access AWS Specific AWS_S3_SERVER_ACCESS SYSLOG 2023-07-19
View Change
Red Hat Directory Server LDAP Identity and Access Management REDHAT_DIRECTORY_SERVER JSON + SYSLOG + KV 2022-04-11
View Change
Apigee Google Cloud Specific GCP_APIGEE_X JSON 2023-08-09
View Change
Dell EMC Data Domain Storage system DELL_EMC_DATA_DOMAIN SYSLOG + KV 2022-07-08
View Change
Tanium Asset Tanium Specific TANIUM_ASSET JSON, SYSLOG + KV 2022-09-26
View Change
Cisco Umbrella Web Proxy Web Proxy UMBRELLA_WEBPROXY CSV 2023-10-17
View Change
OSQuery EDR OSQUERY_EDR SYSLOG + JSON 2023-06-14
View Change
Cybereason EDR EDR CYBEREASON_EDR JSON 2023-02-23
View Change
Unbound DNS DNS UNBOUND_DNS SYSLOG 2020-06-09
Forseti Open Source Google Cloud Specific FORSETI JSON 2021-12-23
Akamai Enterprise Application Access Enterprise Application Access AKAMAI_EAA JSON 2023-11-14
View Change
Evision FircoSoft Infrastructure EVISION_FIRCOSOFT SYSLOG 2023-10-30
View Change
Cloud Data Loss Prevention Google Cloud Specific N/A JSON 2022-12-19
View Change
Tanium Discover Tanium Specific TANIUM_DISCOVER JSON 2022-11-24
View Change
NXLog Manager Log Aggregator NXLOG_MANAGER SYSLOG 2022-01-13
ThreatLocker Platform THREATLOCKER THREATLOCKER JSON 2023-06-18
View Change
SonicWall Firewall SONIC_FIREWALL SYSLOG + KV 2023-05-26
View Change
Open Cybersecurity Schema Framework (OCSF) Schema OCSF JSON 2023-10-30
View Change
Qualys Scan Vulnerability scanner QUALYS_SCAN JSON 2023-04-21
View Change
IBM Security Access Manager WAF IBM_SAM SYSLOG 2023-09-12
View Change
IBM DataPower Gateway API Gateway IBM_DATAPOWER JSON, SYSLOG 2023-11-09
View Change
Zimperium Mobile Device Management ZIMPERIUM SYSLOG + JSON 2023-08-18
View Change
Cisco AMP AV / Endpoint CISCO_AMP JSON 2021-12-12
Ordr IoT IoT ORDR_IOT SYSLOG + JSON 2022-08-19
View Change
ZScaler NGFW Firewall ZSCALER_FIREWALL SYSLOG + KV (CEF), CSV 2023-09-12
View Change
Nyansa Events IoT NYANSA_EVENTS SYSLOG + KV 2023-03-01
View Change
Duo Administrator Logs Authentication DUO_ADMIN JSON 2023-03-10
View Change
Zoom Operation Logs Operation-Specific ZOOM_OPERATION_LOGS SYSLOG 2022-11-04
View Change
Check Point Harmony Remote Access Tools CHECKPOINT_HARMONY SYSLOG+KV 2023-11-10
View Change
Datto File Protection DATTO_FILE_PROTECTION DATTO_FILE_PROTECTION SYSLOG 2022-08-22
View Change
Trustwave SEC MailMarshal Email server MAILMARSHAL SYSLOG 2023-04-06
View Change
Bluecat Edge DNS Resolver DNS BLUECAT_EDGE JSON, KV, SYSLOG 2022-01-18
Cloud SQL Context Google Cloud Specific GCP_SQL_CONTEXT JSON 2023-07-26
View Change
Firewall Rule Logging Google Cloud Specific N/A JSON 2023-11-01
View Change
Snyk Group level audit Logs Vulnerability Scanners SNYK_SDLC JSON 2023-04-25
View Change
Tripwire DLP TRIPWIRE_FIM SYSLOG 2023-06-21
View Change
VMware AirWatch Wireless AIRWATCH SYSLOG + KV 2023-09-05
View Change
Workspace Groups Google Cloud Specific WORKSPACE_GROUPS JSON 2023-04-12
View Change
Imperva SecureSphere Management Data Security / Insider Threat IMPERVA_SECURESPHERE SYSLOG + KV (CEF) 2023-04-26
View Change
Carbon Black EDR CB_EDR JSON 2023-10-26
View Change
Microsoft Graph API Alerts Gateway to data and intelligence MICROSOFT_GRAPH_ALERT JSON 2023-09-15
View Change
ServiceNow Security SaaS Application SERVICENOW_SECURITY JSON 2021-05-24
Skybox Firewall Assurance Firewall SKYBOX_FIREWALL_ASSURANCE SYSLOG + KV 2023-09-07
View Change
Symantec DLP DLP SYMANTEC_DLP SYSLOG + KV (CEF), XML 2023-09-02
View Change
Forcepoint NGFW Network FORCEPOINT_FIREWALL JSON 2023-02-16
View Change
CyberArk Privilege Account Management CYBERARK KV (CEF) 2022-10-10
View Change
Apache Cassandra Web server CASSANDRA JSON 2022-04-13
View Change
Brocade ServerIron ADX Load Balancer BROCADE_SERVERIRON SYSLOG 2022-01-13
Windows Event Endpoint WINEVTLOG JSON + KV + XML 2023-11-01
View Change
Ipswitch SFTP Data Transfer IPSWITCH_SFTP SYSLOG, JSON 2022-09-05
View Change
Kolide Endpoint Security Security KOLIDE JSON 2023-10-25
View Change
Thales Digital Identity and Security Digital Identity & Security THALES_DIS SYSLOG 2022-03-17
DNSFilter Data Transfer DNSFILTER CSV 2023-10-27
View Change
Sophos AV AV / Endpoint SOPHOS_AV CSV, JSON 2022-07-27
View Change
AWS Session Manager AWS Specific AWS_SESSION_MANAGER SYSLOG 2023-06-14
View Change
Palo Alto Prisma Cloud Alert payload Cloud Security PAN_PRISMA_CA JSON 2023-08-17
View Change
Windows Defender ATP AV / Endpoint WINDOWS_DEFENDER_ATP SYSLOG + JSON, XML, JSON 2023-10-12
View Change
Kubernetes Audit Azure Log Aggregator KUBERNETES_AUDIT_AZURE JSON 2023-06-20
View Change
Riverbed Steelhead Network Management and Optimization STEELHEAD JSON 2022-08-08
View Change
Falco IDS IDS/IPS FALCO_IDS JSON 2023-05-23
View Change
ZScaler DNS DNS ZSCALER_DNS SYSLOG + KV, JSON 2023-10-17
View Change
Windows Event (XML) AV / Endpoint WINEVTLOG_XML SYSLOG + XML, KV 2023-11-10
View Change
tenable.io Vulnerability Scanner TENABLE_IO JSON 2023-01-02
View Change
Quest Active Directory Authentication log QUEST_AD CEF SYSLOG 2022-01-31
F5 VPN VPN F5_VPN SYSLOG 2022-07-22
View Change
DigitalArts i-Filter Web Proxy DIGITALARTS_IFILTER SYSLOG 2023-04-17
View Change
Splunk Platform Security log SPLUNK JSON 2023-05-17
View Change
Microsoft Azure NSG Flow Network Flow AZURE_NSG_FLOW JSON 2022-04-18
View Change
Microsoft AD LDAP WINDOWS_AD JSON 2023-08-09
View Change
Microsoft Defender For Cloud Automation and DevOps Tools MICROSOFT_DEFENDER_CLOUD_ALERTS JSON 2023-08-14
Armis Alerts ALERTS ARMIS_ALERTS JSON 2023-02-07
View Change
Azure WAF Log Aggregator AZURE_WAF JSON 2023-07-14
View Change
Wazuh Log Aggregator WAZUH SYSLOG + JSON 2023-07-17
View Change
FireEye NX NDR FIREEYE_NX JSON 2022-05-18
View Change
Datadog NDR DATADOG JSON 2023-07-21
View Change
Stealthbits Audit File system monitoring STEALTHBITS_AUDIT JSON 2021-11-09
AlphaSOC Alert ASOC_ALERT JSON 2021-06-21
Compute Engine Google Cloud Specific GCP_COMPUTE JSON 2023-02-24
View Change
JAMF CMDB Computer Inventory JAMF JSON 2023-04-27
View Change
Attivo Networks NETWORK ATTIVO SYSLOG + KV (CEF) 2023-08-14
View Change
Oracle Cloud Infrastructure VCN Flow Logs Oracle Cloud Infrastructure OCI_FLOW JSON 2023-04-29
View Change
Forcepoint CASB CASB FORCEPOINT_CASB SYSLOG + CEF 2022-08-23
View Change
IBM Security Verify Endpoint Security IBM_SECURITY_VERIFY SYSLOG 2023-01-25
View Change
Netskope Cloud Security NETSKOPE_ALERT JSON 2023-11-10
View Change
Juniper Firewall JUNIPER_FIREWALL SYSLOG + KV 2023-11-02
View Change
Duo User Context Identity and Access Management DUO_USER_CONTEXT JSON 2021-04-12
Aqua Security IaaS Applications AQUA_SECURITY JSON 2022-02-03
Symantec Event export SEP SYMANTEC_EVENT_EXPORT JSON, SYSLOG 2023-11-07
View Change
Sysdig Security SYSDIG JSON 2022-10-07
View Change
Elastic Windows Event Log Beats Log Aggregator ELASTIC_WINLOGBEAT SYSLOG + JSON 2023-11-12
View Change
IBM z/OS OS IBM_ZOS LEEF 2023-07-25
View Change
Palo Alto Cortex XDR Events Monitoring and Threat Detection PAN_CORTEX_XDR_EVENTS JSON 2023-02-01
View Change
Kyriba Treasury Management SaaS Application KYRIBA CSV 2021-02-24
F5 ASM WAF F5_ASM SYSLOG 2023-11-08
View Change
SecureAuth SSO SECUREAUTH_SSO SYSLOG, XML 2023-07-09
View Change
Avaya Aura Experience Portal Avaya Aura Experience Portal AVAYA_AURA SYSLOG 2022-12-30
View Change
Azure VPN VPN AZURE_VPN JSON 2023-03-07
View Change
Nucleus Asset Metadata Nucleus Specific NUCLEUS_ASSET JSON 2021-08-05
Microsoft CASB CASB MICROSOFT_CASB SYSLOG + KV (CEF) 2023-06-28
View Change
NIMBLE OS OS NIMBLE_OS SYSLOG 2022-07-21
View Change
Rapid7 Vulnerability Scanner RAPID7_NEXPOSE JSON 2022-09-27
View Change
Ubiquiti UniFi Switch Switch UBIQUITI_SWITCH SYSLOG 2022-08-26
View Change
Zix Email Encryption Email Server ZIX_EMAIL_ENCRYPTION SYSLOG 2022-11-05
View Change
Azure SQL Database AZURE_SQL JSON 2022-02-08
Cambium Networks Switches and Routers Log Type CAMBIUM_NETWORKS SYSLOG 2023-07-27
View Change
Symantec CloudSOC CASB CASB SYMANTEC_CASB SYSLOG + JSON 2021-12-17
AWS Network Firewall Firewall AWS_NETWORK_FIREWALL JSON 2023-05-05
View Change
Okta Identity and Access Management OKTA JSON 2023-06-28
View Change
Cisco NX-OS OS CISCO_NX_OS SYSLOG 2023-08-11
View Change
Security Command Center Threat Google Cloud Specific N/A JSON 2023-08-23
View Change
Akamai Cloud Monitor Load Balancer, Traffic Shaper, ADC AKAMAI_CLOUD_MONITOR JSON 2023-09-16
View Change
CA Access Control Access Management CA_ACCESS_CONTROL JSON+SYSLOG, SYSLOG 2023-07-25
View Change
BMC Helix Discovery bmc helix discovery BMC_HELIX_DISCOVERY SYSLOG 2022-08-29
View Change
Cisco Umbrella Audit Firewall and Security Management CISCO_UMBRELLA_AUDIT CSV 2023-02-28
View Change
Acalvio Deception Software ACALVIO SYSLOG + KV 2020-10-13
AWS Security Hub IDS/IPS AWS_SECURITY_HUB JSON 2023-06-20
View Change
Cloud Storage Context Google Cloud Specific N/A JSON 2023-04-13
View Change
JumpCloud Directory Insights CLOUD JUMPCLOUD_DIRECTORY_INSIGHTS JSON 2023-10-31
View Change
TeamViewer Remote Support TEAMVIEWER JSON 2022-08-02
View Change
Netscout Arbor Sightline Monitoring ARBOR_SIGHTLINE SYSLOG + JSON 2022-12-16
View Change
Department of Homeland Security Threat detection DHS_IOC XML 2023-07-31
View Change
IBM Security QRadar SIEM Security Log IBM_QRADAR SYSLOG 2023-05-18
View Change
Elastic Audit Beats ALERTING ELASTIC_AUDITBEAT JSON 2023-09-04
View Change
Slack Audit Productivity SLACK_AUDIT JSON 2023-10-27
View Change
CA ACF2 Mainframe CA_ACF2 LEEF 2022-05-24
View Change
Cisco Vision Dynamic Signage Director Content and Delivery Management CISCO_STADIUMVISION SYSLOG, SYSLOG+KV 2023-05-12
View Change
HCL BigFix Network Management and Optimization HCL_BIGFIX JSON 2022-08-30
View Change
Cisco Application Control Engine Load Balancer, Traffic Shaper, ADC CISCO_ACE SYSLOG 2022-09-15
View Change
Mimecast Email Server MIMECAST_MAIL KV 2023-03-31
View Change

Supported log types without a default parser

Chronicle SIEM does not provide a default parser for these log types. You can ingest raw logs from these devices using the Chronicle SIEM Ingestion API or the Chronicle SIEM forwarder. Chronicle SIEM will not normalize the data to structured Unified Data Model format.

You can create a custom parser to normalize these logs. You can also search raw logs.

Vendor / Product Ingestion label
A10 Load Balancer A10_LOAD_BALANCER
Accops Hysecure VPN ACCOPS_HYSECURE_VPN
Acquia Cloud Platform ACQUIA_CLOUD_PLATFORM
Acronis Backup ACRONIS
Microsoft ActiveSync ACTIVE_SYNC
ManageEngine ADManager Plus ADMANAGER_PLUS
Admin by request PAM ADMIN_BY_REQUEST
Adobe Commerce ADOBE_COMMERCE
Adobe Experience Manager ADOBE_EXPERIENCE_MANAGER
ManageEngine ADSelfService Plus ADSELFSERVICE_PLUS
ADTRAN NetVanta router ADTRAN_NETVANTA
ADVA Fiber Service Platform ADVA_FSP
Agari Phishing Defense AGARI_PHISHING_DEFENSE
Advanced Intrusion Detection Environment AIDE
Extreme Networks AirDefense AIRDEFENSE
Akamai Prolexic AKAMAI_DDOS
Akamai DHCP AKAMAI_DHCP
Akamai Enterprise Threat Protector AKAMAI_ETP
Akamai SIEM Connector AKAMAI_SIEM_CONNECTOR
AlertLogic Notifications ALERTLOGIC_NOTIFICATIONS
AlienVault Open Threat Exchange ALIENVAULT_OTX
Allot NetEnforcer ALLOT_NETENFORCER
Alveo Risk Data Management ALVEO_RDM
Analyst1 IOC ANALYST1_IOC
Apache Kafka Audit APACHE_KAFKA_AUDIT
Apache SpamAssassin APACHE_SPAMASSASSIN
APC Automatic Transfer Switch APC_ATS
APC Netbotz APC_NETBOTZ
APC Power Distribution Unit APC_PDU
APC Smart-UPS APC_SMART_UPS
APC StruxureWare Portal APC_STRUXUREWARE
Apiiro Cloud Application Security Platform APIIRO
Appgate Software-defined Perimeter APPGATE_SDP
Appian Cloud APPIAN_CLOUD
AppViewX APPVIEWX
Aptos Enterprise Order Management APTOS_EOM
Argo CD ARGO_CD
Argo Workflows ARGO_WORKFLOWS
Arista NDR ARISTA_NDR
Arkime Packet Capture ARKIME_PCAP
Armis ARMIS
Armorblox Email Security ARMORBLOX_ESC
Armor Anywhere ARMOR_ANYWHERE
Array Networks SSL VPN ARRAYNETWORKS_VPN
Array Networks WAF ARRAY_NETWORKS_WAF
Aruba Orchestrator ARUBA_ORCHESTRATOR
Arxan Threat Analytics ARXAN_THREAT_ANALYTICS
Asana ASANA
AssetNote ASSETNOTE
Atlassian Cloud Admin Audit ATLASSIAN_AUDIT
Atlassian Jira Confluence Json ATLASSIAN_CONFLUENCE_JSON
Atlassian Jira Json ATLASSIAN_JIRA_JSON
AT&T Netbond ATT_NETBOND
Authentic8 Silo AUTHENTIC8_SILO
Authx Identity Management AUTHX
Authx User Context AUTHX_USER_CONTEXT
Automox AUTOMOX_EPM
Avast Business AVAST_HUB
Avaya Session Border Controller AVAYA_BORDER
Avaya Interactive Voice Response AVAYA_IVR
Avaya VSP Switch AVAYA_VSP
Avaya Wireless AVAYA_WIRELESS
Aviatrix Cloud Network Platform AVIATRIX
Awake NDR AWAKE_NDR
AWS Dynamo DB AWS_DYNAMO_DB
Amazon ElastiCache AWS_ELASTI_CACHE
Amazon FSx for Windows File Server AWS_FSX
AWS Identity and Access Management (IAM) AWS_IAM
AWS Inspector AWS_INSPECTOR
AWS Inspector2 AWS_INSPECTOR2
AWS NGINX AWS_NGINX
AWS Redshift AWS_REDSHIFT
AWS Simple Email Service AWS_SES
AWS Shield AWS_SHIELD
AWS VPN AWS_VPN
Axis Atmos AXIS_ATMOS
Axis Security Audit AXIS_OS
Axonius Cybersecurity Asset Management AXONIUS
Microsoft Azure AZURE
Azure AD Provisioning AZURE_AD_PROVISIONING
Azure AD Sign-In AZURE_AD_SIGNIN
Azure API Management AZURE_API_MANAGEMENT
Azure App Service AZURE_APP_SERVICE
Azure ATP AZURE_ATP
Azure Bastion AZURE_BASTION
Azure DNS logs AZURE_DNS
Azure Application Gateway AZURE_GATEWAY
Azure Key Vault logging AZURE_KEYVAULT_AUDIT
Microsoft Intune Context AZURE_MDM_INTUNE_CONTEXT
Azure Security Center AZURE_SECURITY_CENTER
Azure Storage Audit AZURE_STORAGE_AUDIT
Backbox BACKBOX
OneIdentity Balabit BALABIT
BambooHR BAMBOO_HR
Barracuda CloudGen Access BARRACUDA_CLOUDGEN_ACCESS
Barracuda Impersonation Protection BARRACUDA_IMPERSONATION
Barracuda Content Shield BARRACUDA_SHIELD
Bettercloud BETTERCLOUD
BeyondTrust BeyondInsight BEYONDTRUST_BEYONDINSIGHT
BeyondTrust Cloud Privilege Broker BEYONDTRUST_CPB
BeyondTrust Endpoint Privilege Management BEYONDTRUST_ENDPOINT
BeyondTrust Management console BEYONDTRUST_MC
Beyond Identity BEYOND_IDENTITY
Bitvise SSHd BITVISE_SSHD
Bluecat Address Manager BLUECAT_AM
Blue Prism BLUE_PRISM
BMC AMI Defender BMC_AMI_DEFENDER
BMC Client Management BMC_CLIENT_MANAGEMENT
BMC Control-M BMC_CONTROL_M
Bricata NDR BRICATA_NDR
Britive Audit API BRITIVE_AUDIT_API
BRIVO BRIVO
CA Privileged Access Manager BROADCOM_CA_PAM
Broadcom Compliance Event Manager BROADCOM_CEM
Broadcom Support Portal Audit Logs BROADCOM_SUPPORT_PORTAL
Brocade Fabric OS BROCADE_FOS
Brocade SANnav Management Portal BROCADE_SANNAV
Brocade Switch BROCADE_SWITCH
Zeek DHCP BRO_DHCP
Zeek HTTP BRO_HTTP
BT IPControl BT_IPCONTROL
Burpsuite Application Security testing tool BURPSUITE
Cameyo Bring Your Own Cloud CAMEYO_BYO_CLOUD
Canary Audit Trail CANARY_AUDIT_TRAIL
CATO SD-WAN CATO_SDWAN
Censornet CASB CENSORNET_CASB
CENSYS CENSYS
Cequence Bot Defense CEQUENCE_BOT_DEFENSE
Cerberus FTP Server CERBERUS_FTP
Check Point CloudGuard CHECKPOINT_CLOUDGUARD
Check Point Email CHECKPOINT_EMAIL
Checkpoint SmartDefense CHECKPOINT_SMARTDEFENSE
Cilium CILIUM
Cisco Aironet CISCO_AIRONET
Cisco APIC CISCO_APIC
Cisco Call Manager CISCO_CALL_MANAGER
Cisco DNA Center Platform CISCO_DNAC
Cisco DNS CISCO_DNS
Cisco Meraki Camera CISCO_MERAKI_CAMERA
Cisco vManage SD-WAN CISCO_SDWAN
Cisco Secure Malware Analytics CISCO_SECURE_MALWARE_ANALYTICS
Cisco Secure Workload CISCO_SECURE_WORKLOAD
Cisco Content Security Management Appliance CISCO_SMA
Cisco SNMP Trapd CISCO_SNMP
Cisco Unity Connection CISCO_UNITY_CONNECTION
Cisco WSA CISCO_WSA
CiscoXDR CISCO_XDR
Citrix Analytics CITRIX_ANALYTICS
Citrix Netscaler Web Logs CITRIX_NETSCALER_WEB_LOGS
Citrix SD-WAN CITRIX_SDWAN
Citrix Session Metadata CITRIX_SESSION_METADATA
Citrix Virtual Desktop Infrastructure CITRIX_VDI
Citrix WAF CITRIX_WAF
Citrix Web Gateway CITRIX_WEB_GATEWAY
Citrix Workspace CITRIX_WORKSPACE
Citrix XenCenter CITRIX_XENCENTER
Claroty Continuous Threat Detection CLAROTY_CTD
Claroty Enterprise Management Console CLAROTY_EMC
Clearsense Healthcare Analytics CLEARSENSE
Clearswift CLEARSWIFT
Click Studios Passwordstate CLICK_STUDIOS_PASSWORDSTATE
CloudBolt CLOUDBOLT
Cloudflare Bot Management CLOUDFLARE_BOT_MANAGEMENT
Cloud Passage (CSM) CLOUDPASSAGE_CSM
Cloud Passage (FIM) CLOUDPASSAGE_FIM
Cloud Passage (LIDS) CLOUDPASSAGE_LIDS
Cloud Passage (SVM) CLOUDPASSAGE_SVM
cmd.com CMD
Cockroach DB COCKROACH_DB
Code42 CrashPlan CODE42
Code42 Incydr CODE42_INCYDR
Code Worldwide CODE_WORLDWIDE
Cofense Vision COFENSE_VISION
Cohesity COHESITY
Cohesity Smartfiles COHESITY_SMARTFILES
CommVault COMMVAULT
CommVault Commcell COMMVAULT_COMMCELL
Commvault Metallic COMMVAULT_METALLIC
Confluent Audit CONFLUENT_AUDIT
ConnectWise Automate CONNECTWISE_AUTOMATE
ConnectWise Control CONNECTWISE_CONTROL
Cradlepoint NetCloud CRADLEPOINT_NETCLOUD
Cribl AppScope CRIBL_APPSCOPE
Cribl Cloud CRIBL_CLOUD
Cribl Edge CRIBL_EDGE
Cribl Search CRIBL_SEARCH
Cribl Stream CRIBL_STREAM
ProLion CryptoSpike CRYPTOSPIKE
CSG Custom Rules Engine CSG_CUSTOMENGINE
CSG Singleview CSG_SINGLEVIEW
CSV Custom CMDB CSV_CUSTOM_CMDB
CrowdStrike Falcon CEF CS_CEF_EDR
CTERA Drive CTERA_DRIVE
Culture AI CULTURE_AI
Customer Alerts CUSTOMER_ALERT
Custom Application Access Logs CUSTOM_APPLICATION_ACCESS
Custom Host Forensics CUSTOM_HOST_FORENSICS
CyberArk Privileged Access Manager (PAM) CYBERARK_PAM
Cyberark Privilege Cloud CYBERARK_PRIVILEGE_CLOUD
CyberArk Identity Single Sign-On CYBERARK_SSO
Connectsecure CYBERCNS
Cyberhaven Data Detection and Response CYBERHAVEN_DDR
Cyberhaven CYBERHAVEN_EVENTS
Cyberint CYBERINT
Microsoft CyberX CYBERX
Cycode Platform CYCODE
Insider threat detection and response CYDERES_INSIDER
Cylance CYLANCE
Cylera IOT CYLERA_IOT
Cynet 360 AutoXDR CYNET_360_AUTOXDR
Cyolo Zero Trust CYOLO_ZTNA
D3 Security D3_SECURITY
Databricks DATABRICKS
DataLocker SafeConsole DATALOCKER_SAFECONSOLE
Datasunrise Dam DATASUNRISE_DAM
Datawatch DATAWATCH
DealCloud DEAL_CLOUD
Deepfence Network Monitoring DEEPFENCE
Delinea Privilege Manager DELINEA_PRIVILEGE_MANAGER
Delinea Secret Server DELINEA_SECRET_SERVER
Delinea Server Suite DELINEA_SERVER_SUITE
Dell Cyber Recovery Manager DELL_CRM
Dell CyberSense DELL_CYBERSENSE
Dell EMC Avamar DELL_EMC_AVAMAR
Dell EMC Cloudlink DELL_EMC_CLOUDLINK
Dell EMC PowerStore DELL_EMC_POWERSTORE
Dell EMC Unity DELL_EMC_UNITY
Dell SonicWALL WAF DELL_WAF
Design Profit Central Server DESIGN_PROFIT_CENTRAL_SERVER
Device 42 DEVICE_42
Devolutions Remote Desktop Manager DEVOLUTIONS_RDM
Divvy Cloud DIVVY_CLOUD
Docker DOCKER
DomainTools Threat Intelligence DOMAINTOOLS_THREATINTEL
DOMO Business Cloud DOMO
Dragos DRAGOS
Draytek Firewall DRAYTEK
Dremio Data Lakehouse DREMIO_DATA_LAKEHOUSE
Dropbox DROPBOX
Drupal Logging DRUPAL
Druva Backup DRUVA_BACKUP
DSP Toolkit audit DSP_AUDIT
Duo Access Gateway DUO_CASB
Duo Network Gateway DUO_NETWORK_GATEWAY
Dynatrace DYNATRACE
CWT SatoTravel E2_SOLUTIONS
Eaton UPS EATON_UPS
eCAR ECAR
eCAR Bro ECAR_BRO
Edgio CDN EDGIO_CDN
Edgio Rate Limiting EDGIO_RL
Edgio WAF EDGIO_WAF
Efax EFAX
Egnyte EGNYTE
EclecticIQ EDR EIQ_EDR
Elastic File Beats ELASTIC_FILEBEAT
Elastic Metric Beats ELASTIC_METRICBEAT
Emerson Smart Firewall EMERSON_FIREWALL
Endgame ENDGAME_EDR
Ensono Cloud Mainframe Solution ENSONO
Entrust nShield HSM ENTRUST_HSM
Entrust NTP Server ENTRUST_NTP_SERVER
Entrust Secrets Vault ENTRUST_SECRETS_VAULT
Erlang Shell Logs ERLANG_SHELL
Ermes Web Protection ERMES
Ermetic ERMETIC
E-Share platform ESHARE_PLATFORM
Estar ESTAR
ETQ Reliance ETQ_RELIANCE
Exabeam Fusion XDR EXABEAM_FUSION_XDR
ExtraHop DHCP EXTRAHOP_DHCP
ExtremeWare Operating System (OS) EXTREMEWARE_NETWORKS
xtreme Networks ExtremeControl NAC Solution EXTREME_CONTROL
Extreme Management Center EXTREME_MANAGEMENT
Extreme Networks Switch EXTREME_SWITCH
EzProxy EZPROXY
F5 Bot F5_BOT
F5 IP Intelligence F5_IP_INTELLIGENCE
F5 Silverline F5_SILVERLINE
Fail2Ban Scan FAIL2BAN
Farsight DNSDB FARSIGHT_DNSDB
Feenics Access Control FEENICS_ACCESS_CONTROL
Fidelis Endpoint FIDELIS_ENDPOINT
FileMage SFTP FILEMAGE_SFTP
Firebase FIREBASE
Fireeye eMPS FIREEYE_EMPS
FireEye Helix FIREEYE_HELIX
FireMon Firewall FIREMON_FIREWALL
Fivetran FIVETRAN
Flashpoint IOC FLASHPOINT_IOC
Fleet DM FLEET_DM
Forcepoint Email Security FORCEPOINT_EMAILSECURITY
Forcepoint Insider Threat FORCEPOINT_FIT
Forcepoint V Series FORCEPOINT_VSERIES
Fortanix Data Security Manager FORTANIX_DSM
Fortinet Wireless Access Point FORTINET_AP
Fortinet FortiAuthenticator FORTINET_FORTIAUTHENTICATOR
Fortinet FortiSandbox FORTINET_SANDBOX
Fortinet Switch FORTINET_SWITCH
Fortinet Proxy FORTINET_WEBPROXY
Foundry Fastiron FOUNDRY_FASTIRON
Fox-IT FOX_IT_STIX
FreeIPA FREEIPA
FreeRADIUS FREERADIUS
Digital Defense Frontline VM FRONTLINE_VM
Futurex HSM FUTUREX_HSM
GCP Artifact Registry GCP_ARTIFACT_REGISTRY
GCP Google Kubernetes Container Security GCP_KUBERNETES_CONTAINER_SECURITY
reCAPTCHA Enterprise GCP_RECAPTCHA_ENTERPRISE
GCP Threat Detection GCP_THREAT_DETECTION
Gigamon GIGAMON
Gigya CIAM GIGYA_CIAM
GitGuardian Enterprise GITGUARDIAN_ENTERPRISE
Github Events GITHUB_EVENTS
Glean GLEAN
Globalscape SFTP GLOBALSCAPE_SFTP
GlusterFS GLUSTER_FS
GMV Checker User Context GMV_CHECKER_CONTEXT
GoAnywhere MFT GOANYWHERE_MFT
GoDaddy DNS GODADDY_DNS
GoldiLock GOLDILOCK
GrayhatWarfare GRAYHATWARFARE
Graylog Operations GRAYLOG
GreatHorn Email Security GREATHORN
GreyNoise GREYNOISE
GTB Technologies DLP GTB_DLP
H3C Comware Platform Switch H3C_SWITCH
HaProxy LoadBalancer HAPROXY_LOADBALANCER
Harbor HARBOR
Hirschmann Switch HIRSCHMANN_SWITCH
Hitachi PAM HITACHI_ID_PAM
Hornet Email Security HORNET_SECURITY
Hewlett Packard Enterprise SAN HPE_SAN
HP Printer logs HP_PRINTER
HP Wolf Pro Security HP_WOLF
Huawei NAC HUAWEI_NAC
HubSpot Activity Logs HUBSPOT_ACTIVITY
HubSpot CRM Platform HUBSPOT_CRM
HubSpot Authentication Logs HUBSPOT_LOGIN
HYPR MFA HYPR_MFA
3Com 8800 Series Switch IBM_3COM
IBM Cleversafe Object Storage IBM_CLEVERSAFE
IBM KNS IBM_KNS
IBM Tape Storages IBM_LTO
IBM MaaS360 IBM_MAAS360
IBM Mainframe Storage IBM_MAINFRAME_STORAGE
IBM MQ File Transfer IBM_MQ_FILE_TRANSFER
IBM Security Identity Manager IBM_SIM
IBM Security QRadar SOAR IBM_SOAR
IBM Spectrum Protect IBM_SPECTRUM_PROTECT
IBM Switch IBM_SWITCH
IBM Tririga IBM_TRIRIGA
IBM WebSEAL IBM_WEBSEAL
IBM WinCollect IBM_WINCOLLECT
IBM zSecure Alert IBM_ZSECURE_ALERT
Idecsi IDECSI
Dell iDRAC IDRAC
iManage Cloud Platform IMANAGE_CLOUD
Imperva Sonar IMPERVA_SONAR
Imprivata Confirm ID IMPRIVATA_CONFIRM_ID
Imprivata Identity Governance IMPRIVATA_IDG
Imprivata OneSign IMPRIVATA_ONESIGN
Infinidat INFINIDAT
Infoblox Loadbalancer INFOBLOX_LOADBALANCER
Infoblox NetMRI INFOBLOX_NETMRI
Infoblox RPZ INFOBLOX_RPZ
INKY Secure Email INKY
inWebo MFA INWEBO_MFA
Ipswitch MOVEit Automation IPSWITCH_MOVEIT_AUTOMATION
Ironscales IRONSCALES
Ivanti Application Control IVANTI_APP_CONTROL
Ivanti Device Control IVANTI_DEVICE_CONTROL
ISM Xtraction IVANTI_XTRACTION
Jamf Compliance Reporter JAMF_COMPLIANCE_REPORTER
Jamf Protect Network Traffic JAMF_NETWORK_TRAFFIC
JAMF Pro JAMF_PRO
Jamf pro context JAMF_PRO_CONTEXT
Jamf Pro MDM JAMF_PRO_MDM
Jamf Protect Threat Events JAMF_THREAT_EVENTS
IBM JDE JDE
Jenkins JENKINS
Journald JOURNALD
JumpCloud Directory as a Service JUMPCLOUD_DAAS
Juniper Secure Connect VPN JUNIPER_VPN
Jupiter One JUPITER_ONE
KACE Service Desk KACE_SERVICE_DESK
KACE Systems Management Appliance KACE_SMA
Kamailio KAMAILIO
Kandji KANDJI
Kaseya IT Management KASEYA
Kaspersky Endpoint KASPERSKY_ENDPOINT
Keeper Enterprise Security KEEPER
Keycloak KEYCLOAK
Keysight Packet Brokers KEYSIGHT
Kibana audit logs KIBANA
Kion KION
Kiteworks KITEWORKS
KnowBe4 PhishER KNOWBE4_PHISHER
Kustomer CRM KUSTOMER_CRM
Lansweeper Asset Management LANSWEEPER
LastPass Password Management LASTPASS
LOAD_BALANCER_ADC LB_ADC
Lepide LEPIDE
Lexmark Printer logs LEXMARK_PRINTER
Liaison NuBridges Platform LIAISON_NUBRIDGES
Libraesva Email Security LIBRAESVA_EMAIL
Lira LIRA
Logic Monitor LOGICMONITOR
LogonBox LOGONBOX
LookingGlass Aenoik IDPS LOOKINGGLASS_IPS
Looking Glass LOOKING_GLASS_IOC
LSI Badge Management System LSI_BMS
Lumen DDoS Hyper LUMEN_DDOS_HYPER
Lumos LUMOS
Lenovo XClarity Orchestrator LXC_ORCHESTRATOR
MailScanner MAILSCANNER
Malwarebytes MALWAREBYTES_EDR
Mambu MAMBU
Manage Engine Endpoint MANAGEENGINE_ENDPOINT
ManageEngine Remote Access Plus MANAGEENGINE_RAP
ManageEngine Password Manager Pro MANAGE_ENGINE_PASSWORD_MANAGER
Mandiant Attack Surface Management Entity MANDIANT_ASM_ENTITY
Mandiant Attack Surface Management Discovered Issue MANDIANT_ASM_ISSUE
Mandiant Attack Surface Management Technology MANDIANT_ASM_TECHNOLOGY
Mandiant Custom IOC MANDIANT_CUSTOM_IOC
Mango Apps MANGOAPPS
Maria Database MARIA_DB
Material Security MATERIAL_SECURITY
Matrix Frontier Badge Management MATRIX_FRONTIER
Mattermost MATTERMOST
McAfee Application Control MCAFEE_APP_CONTROL
McAfee Advanced Threat Defense MCAFEE_ATD
McAfee MVISION EDR MCAFEE_EDR
McAfee Solid Core MCAFEE_SOLID_CORE
Medigate CMDB MEDIGATE_CMDB
Micro Focus iManager MICROFOCUS_IMANAGER
MicroSemi NTP MICROSEMI_NTP
Microsoft Dynamics 365 User Activity MICROSOFT_DYNAMICS_365
Microsoft Defender External Attack Surface Management MICROSOFT_EASM
Microsoft IAS Server MICROSOFT_IAS
Microsoft Identity Protection MICROSOFT_IDENTITY_PROTECTION
Microsoft Netlogon MICROSOFT_NETLOGON
Microsoft Azure AD Risk Detections MICROSOFT_RISK_DETECTIONS
Microsoft System Center Endpoint Protection MICROSOFT_SCEP
Microsoft Security Actions MICROSOFT_SECURITY_ACTIONS
Microsoft Security Advisories Alerts MICROSOFT_SECURITY_ALERTS
Microsoft SSTP VPN MICROSOFT_SSTP
Microsoft Threat Indicators MICROSOFT_THREAT_INDICATORS
Mikrotik Router MIKROTIK_ROUTER
Mimecast Attachment Logs MIMECAST_ATTACHMENT_LOGS
Mimecast Audit Logs MIMECAST_AUDIT_LOGS
Mimecast DLP Logs MIMECAST_DLP_LOGS
Mimecast impersonation Logs MIMECAST_IMPERSONATION_LOGS
Mimecast URL Logs MIMECAST_URL_LOGS
Mimecast Web Security MIMECAST_WEBPROXY
Minerva AV MINERVA_AV
Mirth OnPrem Appliances NextGen MIRTH_NEXTGEN
Mitel Communications Director MITEL_MCD
Mode Analytics MODE_ANALYTICS
Monday MONDAY
Mulesoft MULESOFT
MultiPay MULTIPAY
Nagios Infrastructure Monitoring NAGIOS
NCC Scout Suite NCC_SCOUTSUITE
NCR Digital Insight FSG NCR_DIGITAL_INSIGHT_FSG
NCR Digital Insight Global Logging NCR_DIGITAL_INSIGHT_GL
Neo4j NEO4J
Nessus NESSUS
NetDisco NETDISCO
Netenrich Entity Behaviour NETENRICH_ENTITY_BEHAVIOR
Netgear Switch NETGEAR_SWITCH
NetIQ Access Manager NETIQ_ACCESS_MANAGER
NetIQ eDirectory NETIQ_EDIRECTORY
Netmotion NETMOTION
Netskope CASB NETSKOPE_CASB
Netscope Client NETSKOPE_CLIENT
Netsurion ProtectWise NETSURION_PROTECTWISE
Neustar SiteProtect NEUSTAR_SITEPROTECT
New Relic Platform NEW_RELIC
Nextcloud Hub NEXTCLOUD_HUB
Ne Silent Log NE_SILENT_LOG
Ninja One NINJAONE
NIST National Vulnerability Database NIST_NVD
NNT File Integrity monitoring NNT_FIM
Nokia Router NOKIA_ROUTER
Noname API Security NONAME_API_SECURITY
NordLayer VPN NORD_LAYER
Nortel Contivity VPN Switch NORTEL_SWITCH
Ntopng NTOPNG
Nucleus Vulnerability Scan Delta NUCLEUS_VULNERABILITY_DELTA
Nutanix Frame NUTANIX_FRAME
Obsidian OBSIDIAN
Okta RADIUS OKTA_RADIUS
Onapsis ONAPSIS
OnBase CMS ONBASE_CMS
One Identity Active Role Service ONEIDENTITY_ARS
One Identity Change Auditor ONEIDENTITY_CHANGE_AUDITOR
One Identity Defender ONEIDENTITY_DEFENDER
One Identity TPAM ONEIDENTITY_TPAM
OneLogin User Context ONELOGIN_USER_CONTEXT
1Password Audit Events ONEPASSWORD_AUDIT_EVENTS
Opengear Remote Management OPENGEAR
Opentelemetry OPENTELEMETRY
OpenText Fax2Mail OPENTEXT_FAX2MAIL
Opnsense OPNSENSE
Opswat Kiosk OPSWAT_KIOSK
Opswat Metadefender OPSWAT_METADEFENDER
Oracle HCM Human resources platform solution ORACLE_HCM
Oracle SSO Audit Logging ORACLE_SSO_AUDIT
Oracle WebLogic Server ORACLE_WEBLOGIC
Orca Cloud Security Platform ORCA
Oscar Claims OSCAR_CLAIMS
Open Source Intelligence OSINT_IOC
Osirium PAM OSIRIUM_PAM
Outpost24 OUTPOST24
Packetlight Dwdm PACKETLIGHT_DWDM
Packet Viper PACKET_VIPER
PACOM Systems PACOM_SYSTEMS
PagerDuty PAGERDUTY
Pagerduty Audit PAGERDUTY_AUDIT
Palo Alto DNS Security PAN_DNS_SECURITY
Palo Alto Networks Global Protect PAN_GLOBAL_PROTECT
Palo Alto Networks IoT Security PAN_IOT
Palo Alto Networks XSOAR Audit PAN_XSOAR
PaperCut Printing Management System PAPER_CUT
Passwordstate PASSWORDSTATE
Paxton Access Control Systems PAXTON_ACS
SSL pcap PCAP_SSL_CLIENT_HELLO
Pentera PENTERA
Pentera ASV PENTERA_ASV
Pentera Leef PENTERA_LEEF
PeopleSoft PEOPLESOFT
Peplink Loadbalancer PEPLINK_LOADBALANCER
Peplink Router PEPLINK_ROUTER
Peplink Switch PEPLINK_SWITCH
PerimeterX Bot Protection PERIMETERX_BOT_PROTECTION
Perimeter 81 PERIMETER_81
Domain Tools Phisheye PHISHEYE_ALERT
Phishlabs PHISHLABS
Pingsafe PINGSAFE
Ping Access PING_ACCESS
Ping One PING_ONE
Ping SDK PING_SDK
Plaso Super Timeline PLASO
Plixer Scrutinizer PLIXER_SCRUTINIZER
Pomerium POMERIUM
Portnix Audit PORTNOX_AUDIT
Portnix CEF PORTNOX_CEF
PostgreSQL POSTGRESQL
MS Powershell Transcript POWERSHELL_TRANSCRIPT
Power DNS POWER_DNS
Preveil Enterprise PREVEIL_ENTERPRISE
ProofID PROOFID
Proofpoint CASB PROOFPOINT_CASB
Proofpoint Secure Share PROOFPOINT_SECURE_SHARE
Proofpoint Security Awareness Training PROOFPOINT_SECURITY_AWARENESS_TRAINING
Proofpoint Sendmail Sentrion PROOFPOINT_SENDMAIL_SENTRION
Protegrity Defiance PROTEGRITY_DEFIANCE
Honeywell Pro-Watch PROWATCH
ProxMax PROXMAX
PRTG Network Monitor PRTG_NETWORKMONITOR
Puppet PUPPET
Pure Storage PURE_STORAGE
QLIK Audit QLIK_AUDIT
QNAP Systems NAS QNAP_NAS
Qualys User Activity QUALYS_ACTIVITY
RSA RADIUS RADIUS
Radware DDoS Protection RADWARE_DDOS
RAD ETX RAD_ETX
Rapid7 Security Onion RAPID7_SECURITY_ONION
Raritan Dominion SX II RARITAN_DOMINION
Recordia RECORDIA
Red Canary Cloud Protection REDCANARY_CLOUD_PROTECTION_RAW
Red Hat Identity Management REDHAT_IM
Red Hat Keycloak REDHAT_KEYCLOAK
RedHat Satellite Server REDHAT_SATELLITE
RedHat StackRox REDHAT_STACKROX
Remediant SecureONE REMEDIANT_SECUREONE
Ribbon Session Border Controller RIBBON_SBC
Ring Central RING_CENTRAL
RiskIQ Digital Footprint RISKIQ_DIGITAL_FOOTPRINT
RSA SecurID Access Identity Router RSA_SECURID
Rubrik Polaris RUBRIK_POLARIS
Rumble Network Discovery RUMBLE_NETWORK_DISCOVERY
SafeConnect NAC SAFECONNECT_NAC
Salesforce Context SALESFORCE_CONTEXT
Sangfor Next Generation Firewall SANGFOR_NGAF
SAP Cloud for Customer SAP_C4C
SAP HANA SAP_HANA
SAP Identity Management SAP_IDM
SAP Insurance SAP_INSURANCE
SAP SAST Suite SAP_SAST
SAP SM20 SAP_SM20
SAP SuccessFactors SAP_SUCCESSFACTORS
Microsoft System Center Configuration Manager SCCM
Secberus Cloud Security Governance SECBERUS
SecurityScorecard Platform SECURITYSCORECARD
Semperis ADFR SEMPERIS_ADFR
Sendgrid Api SENDGRID
Senhasegura PAM SENHASEGURA_PAM
SentinelOne Singularity Cloud Funnel SENTINELONE_CF
ServiceNow Audit SERVICENOW_AUDIT
ServiceNow Roles SERVICENOW_ROLES
Sevco Security CMDB SEVCO_CMDB
Microsoft SharePoint SHAREPOINT
Sharepoint Unified Logging Service (ULS) SHAREPOINT_ULS
shodan.io SHODAN_IO
Siebel Monitoring SIEBEL
Siemens SiPass SIEMENS_SIPASS
Silver Peak Firewall SILVERPEAK_FIREWALL
Single Store SINGLE_STORE
SKYSEA Client View SKYSEA
Smart Simple SMART_SIMPLE
Snapattack SNAPATTACK
Snipe-IT SNIPE_IT
Snowflake SNOWFLAKE
Socomec UPS SOCOMEC_UPS
Software House Access Control SOFTWARE_HOUSE_ACS
Solaris system SOLARIS_SYSTEM
SolarWinds Serv-U SOLARWINDS_SERV_U
SonarQube SONARQUBE
Sophos Email Appliance SOPHOS_EMAIL
Sophos URL filtering SOPHOS_URL
Spamhaus SPAMHAUS
Symantec Protection Engine SPE
Splashtop Remote Access and Support software SPLASHTOP
Splunk Attack Analyzer SPLUNK_ATTACK_ANALYZER
Splunk DNS SPLUNK_DNS
Splunk Phantom SPLUNK_PHANTOM
Splunk Intel Management SPLUNK_TRUSTAR
Stairwell Inception STAIRWELL_INCEPTION
Stellar Cyber STELLAR_CYBER
Stream Alert STREAMALERT
StrongDM STRONGDM
Sublime Security SUBLIMESECURITY
Supermicro IPMI SUPERMICRO_IPMI
Superna Eyeglass SUPERNA_EYEGLASS
SureView Systems Activity SUREVIEW_SYSTEMS
Swift Alliance Messaging Hub SWIFT_AMH
Swimlane Platform SWIMLANE
Symantec Messaging Gateway SYMANTEC_MAIL
Symphony Summit AI SYMPHONYAI
Synology SYNOLOGY
Tableau TABLEAU
Tailscale TAILSCALE
Talon TALON
Tanium Deploy TANIUM_DEPLOY
Tanium Question TANIUM_QUESTION
Tanium TanOS TANIUM_TANOS
Tenable OT TENABLE_OT
Tenable Web App Scanning TENABLE_WAS
Teradici PCoIP TERADICI_PCOIP
Terraform Enterprise Audit TERRAFORM_ENTERPRISE
Tessian Cloud Email Security Platform TESSIAN_PLATFORM
TGDetect TGDETECT
ThreatQuotient THREATQ_IOC
ThreatX WAF THREATX_WAF
Thycotic devops secret vault THYCOTIC_DEVOPS_SECRETVAULT
Trend Micro TIPPING_POINT
Traceable API Security TRACEABLE_PLATFORM
Traefik Labs TRAEFIK
TrendMicro Apex Central TRENDMICRO_APEX_CENTRAL
Trend Micro Apex one TRENDMICRO_APEX_ONE
Trend Micro Cloud App Security TRENDMICRO_CLOUDAPPSECURITY
Trend Micro Cloud one TRENDMICRO_CLOUDONE
TrendMicro Deep Discovery Inspector TRENDMICRO_DDI
TrendMicro EDR TRENDMICRO_EDR
TrendMicro Webproxy DSM TRENDMICRO_WEBPROXY_DSM
Tripp Lite TRIPP_LITE
Twilio Audit TWILIO_AUDIT
Twilio Authy TWILIO_AUTHY
Twingate TWINGATE
Tyk IO TYK_IO
Ubiquiti UDM Firewall UBIQUITI_FIREWALL
UDM UDM
Uipath UIPATH
UltraDNS ULTRADNS
Ultra Electronics CyberFence ULTRA_CYBERFENCE
Unifi Switch UNIFI_SWITCH
Unit 21 UNIT21
UpGuard UPGUARD
Vector Dev VECTOR_DEV
Vectra Protect VECTRA_PROTECT
Veeam VEEAM
Velo Firewall VELO_FIREWALL
Venafi VENAFI
Veritas NetBackup VERITAS_NETBACKUP
Verizon Network Detection and Response VERIZON_NDR
Verkada VERKADA
Virsec Event Logs VIRSEC_EVENT
Virsec Attack and Threat Logs VIRSEC_THREAT
Virtru Email Encryption VIRTRU_EMAIL_ENCRYPTION
VirusTotal Threat Hunter VIRUSTOTAL_THREAT_HUNTER
VMRay Analyzer VMRAY_FLOG_XML
VMware Aria Logs VMWARE_ARIA_LOGS
Vmware Avinetworks iWAF VMWARE_AVINETWORKS_IWAF
VMware Avi Vantage Platform VMWARE_AVI_VANTAGE
VMware Cloud Director VMWARE_CD
VMware HCX VMWARE_HCX
VMware NSX AVI VMWARE_NSX_AVI
VMware SDDC VMWARE_SDDC
VMware SDWN Events VMWARE_SDWN_EVENTS
VMware Unified Access Gateway VMWARE_UNIFIED_ACCESS_GATEWAY
VMware vShield VMWARE_VSHIELD
Voltage VOLTAGE
Vonage VONAGE
Vsftpd VSFTPD
VSFTPD Audit VSFTPD_AUDIT
Wallix Bastion WALLIX_BASTION
Wallix Endpoint Privilege Management WALLIX_EPM
Wallix Privileged Access Management WALLIX_PAM
Waterfall Data Security Manager WATERFALL_DSM
WebEx WEBEX_SAAS
White Cloud WHITECLOUD_EDR
Windows Filtering Platform WINDOWS_WFP
wiz.io WIZ_IO
Wordpress Simple History WORDPRESS_SIMPLE_HISTORY
Workato Audit Logs WORKATO
Workday Audit Logs WORKDAY_AUDIT
Workday User Activity WORKDAY_USER_ACTIVITY
Workspot Control WORKSPOT_CONTROL
WP Engine WP_ENGINE
Western Telematic Inc Console Servers WTI_CONSOLE_SERVERS
Ysoft Data Security Manager YSOFT_DSM
Zabbix ZABBIX
Zendesk CRM ZENDESK_CRM
ZeroFox Platform ZEROFOX_PLATFORM
Zoho Analytics Audits ZOHO_AUDIT
ZScaler Deception ZSCALER_DECEPTION
Zscaler Digital Experience ZSCALER_DIGITAL_EXPERIENCE
Zscaler DLP ZSCALER_DLP
Zscaler Client Connector ZSCALER_ZCC
Zscaler ZDX ZSCALER_ZDX
Zscaler Secure Private Access Audit Logs ZSCALER_ZPA_AUDIT
Zuora App Logs ZUORA_APP_LOGS