Supported log types and default parsers
This document contains information about Chronicle SIEM integrations for data ingestion.
It summarizes the devices, and the associated ingestion label (log_type) field in the
Ingestion API and data_type in a Forwarder configuration), that Chronicle SIEM supports.
Supported log types with a default parser
Parsers normalize raw log data into structured Unified Data Model format. This
section lists supported devices, and the associated ingestion label (log_type field in the
Ingestion API and data_type in a Forwarder configuration), that also have a prebuilt default parser.
The default parser is supported by Chronicle as long as the device's
raw logs are received in the required format.
For a list of supported log types without a default parser, see Supported log types without a default parser.
The Format column indicates the high-level structure of the raw log, as:
- CSV: Comma Separated Values
- JSON: JavaScript Object Notation
- SYSLOG: syslog formatted message
- KV: key-value pair
- XML: Extensible Markup Language
- SYSLOG + KV: syslog header with key-value body
- SYSLOG + JSON: syslog header with JSON body
- SYSLOG + XML: syslog header with XML body
- LEEF: Log Event Extended Format
- CEF: Common Event Format
These changes are applied to newly ingested logs. Parser changes are not applied retroactively to previously ingested logs.
| Vendor / Product | Category | Ingestion label | Format | Latest Update |
|---|---|---|---|---|
| Microsoft Azure Resource | Log Aggregator | AZURE_RESOURCE_LOGS |
JSON | 2023-10-04 View Change |
| Akamai DNS | DNS | AKAMAI_DNS |
CSV | 2021-06-28 |
| Auth0 | Authentication log | AUTH_ZERO |
JSON | 2023-06-19 View Change |
| Barracuda Web Filter | Webfilter | BARRACUDA_WEBFILTER |
SYSLOG | 2023-07-20 View Change |
| Microsoft IIS | Web Server | IIS |
SYSLOG + KV, JSON | 2023-10-27 View Change |
| Guardicore Centra | Deception Software | GUARDICORE_CENTRA |
JSON | 2023-09-08 View Change |
| Cloud NAT | Google Cloud Specific | N/A |
JSON | 2023-04-06 View Change |
| Juniper IPS | IDS/IPS | JUNIPER_IPS |
SYSLOG + KV | 2022-05-26 View Change |
| Unifi AP | Switches and Routers | UNIFI_AP |
SYSLOG + KV, SYSLOG + JSON | 2022-05-24 View Change |
| Office 365 Message Trace | OFFICE_365 Specific | OFFICE_365_MESSAGETRACE |
JSON | 2023-05-10 View Change |
| Digital Guardian DLP | DLP | DIGITALGUARDIAN_DLP |
JSON | 2023-06-02 View Change |
| Imperva | WAF | IMPERVA_WAF |
SYSLOG+KV, JSON | 2023-09-26 View Change |
| Linux Auditing System (AuditD) | OS | AUDITD |
SYSLOG | 2023-09-06 View Change |
| IBM Guardium | Database DLP | GUARDIUM |
CSV, CEF | 2022-10-06 View Change |
| Proofpoint Tap Alerts | Email Server | PROOFPOINT_MAIL |
JSON | 2023-06-26 View Change |
| Barracuda Email | Email Server | BARRACUDA_EMAIL |
JSON | 2023-01-19 View Change |
| AWS Key Management Service | AWS Specific | AWS_KMS |
JSON | 2022-05-27 View Change |
| ServiceNow CMDB | Policy Management | SERVICENOW_CMDB |
JSON | 2023-05-31 View Change |
| Mongo Database | DATABASE | MONGO_DB |
JSON | 2023-05-26 View Change |
| WordPress | Configuration Management | WORDPRESS_CMS |
JSON | 2023-05-25 View Change |
| macOS Endpoint Security | AV and endpoint logs | MACOS_ENDPOINT_SECURITY |
SYSLOG + KV | 2023-07-17 View Change |
| ExtraHop RevealX | Firewall IDS/IPS | EXTRAHOP |
JSON, SYSLOG | 2023-10-27 View Change |
| Cisco Umbrella Cloud Firewall | Firewall | UMBRELLA_FIREWALL |
CSV | 2022-09-02 View Change |
| Workday | SaaS Application | WORKDAY |
JSON | 2022-09-15 View Change |
| Sentinelone Alerts | Endpoint Security | SENTINELONE_ALERT |
JSON | 2023-08-18 View Change |
| Cisco VCS Expressway | Telephone software | CISCO_VCS |
SYSLOG | 2023-06-12 View Change |
| Microsoft Powershell | Misc. Windows-specific | POWERSHELL |
SYSLOG + JSON | 2023-09-14 View Change |
| Armis Vulnerabilities | VULNERABILITIES | ARMIS_VULNERABILITIES |
JSON | 2023-02-07 View Change |
| AppOmni | SAAS Security Application | APPOMNI |
JSON | 2023-08-23 View Change |
| CyberArk Endpoint Privilege Manager (EPM) | EPM | CYBERARK_EPM |
JSON | 2023-08-22 View Change |
| McAfee DLP | DLP | MCAFEE_DLP |
CSV | 2022-04-13 View Change |
| Onfido | Authentication | ONFIDO |
SYSLOG + JSON | 2023-03-10 View Change |
| Zscaler | Web Proxy | ZSCALER_WEBPROXY |
SYSLOG + KV, CSV | 2023-11-15 View Change |
| Red Canary | EDR | REDCANARY_EDR |
JSON | 2022-09-15 View Change |
| WatchGuard | Syslog and KV | WATCHGUARD |
JSON | 2023-09-28 View Change |
| D3 Banking | BANKING | D3_BANKING |
JSON | 2022-03-23 View Change |
| Gitlab | SAAS | GITLAB |
JSON | 2023-10-20 View Change |
| Comodo | AV / Endpoint | COMODO_AV |
SYSLOG + KV (CEF) | 2021-04-09 |
| McAfee Unified Cloud Edge | SaaS Application | MCAFEE_UCE |
JSON | 2021-07-20 |
| SiteMinder Web Access Management | SSO | CA_SSO_WEB |
JSON | 2022-08-08 View Change |
| SailPoint IAM | Identity and Access Management | SAILPOINT_IAM |
JSON | 2022-07-08 View Change |
| Tanium Integrity Monitor | Tanium Specific | TANIUM_INTEGRITY_MONITOR |
JSON | 2022-10-12 View Change |
| AWS CloudWatch | Cloud service monitoring | AWS_CLOUDWATCH |
JSON, GROK | 2023-09-02 View Change |
| TCPWave DDI | Secure ddi | TCPWAVE_DDI |
SYSLOG + JSON | 2022-09-27 View Change |
| Google Cloud Identity Context | Identity and Access Management | CLOUD_IDENTITY_CONTEXT |
JSON | 2023-07-25 View Change |
| Ping Federate | Authentication | PING_FEDERATE |
CSV | 2023-04-24 View Change |
| Zscaler Internet Access Audit Logs | Security Service Edge (SSE) | ZSCALER_INTERNET_ACCESS |
CSV | 2023-10-26 View Change |
| Infoblox | DHCP, DNS | INFOBLOX |
SYSLOG | 2023-11-07 View Change |
| Tanium Audit | SCAN NETWORK | TANIUM_AUDIT |
JSON | 2023-09-26 View Change |
| Microsoft SQL Server | Database | MICROSOFT_SQL |
SYSLOG + KV, JSON | 2023-10-09 View Change |
| Tanium Threat Response | Tanium Specific | TANIUM_THREAT_RESPONSE |
JSON | 2023-07-28 View Change |
| Automation Anywhere | Automation Tools | AUTOMATION_ANYWHERE |
SYSLOG + KV | 2021-04-28 |
| NetApp ONTAP | Rest api | NETAPP_ONTAP |
SYSLOG | 2023-04-03 View Change |
| Deep Instinct EDR | EDR | DEEP_INSTINCT_EDR |
SYSLOG + KV | 2022-11-18 View Change |
| Hitachi Cloud Platform | Hitachi Cloud Platform | HITACHI_CLOUD_PLATFORM |
SYSLOG | 2023-05-30 View Change |
| Preempt Auth | Identity and Access Management | PREEMPT_AUTH |
SYSLOG + JSON | 2021-06-16 |
| BeyondTrust Secure Remote Access | Remote Access Tools | BEYONDTRUST_REMOTE_ACCESS |
SYSLOG + KV | 2022-09-30 View Change |
| VMware Tanzu Kubernetes Grid | IDS/IPS | VMWARE_TANZU |
JSON + SYSLOG+JSON | 2023-09-08 View Change |
| Fidelis Network | NDR | FIDELIS_NETWORK |
SYSLOG + KV, JSON | 2023-09-04 View Change |
| Strong Swan VPN | VPN | STRONGSWAN_VPN |
JSON | 2023-05-25 View Change |
| Imperva Database | Cloud Application and Edge Security | IMPERVA_DB |
SYSLOG | 2023-07-17 View Change |
| Microsoft AD FS | LDAP | ADFS |
JSON | 2023-08-18 View Change |
| RSA NetWitness | PLATFORM CONFIGURATION | RSA_NETWITNESS |
SYSLOG | 2022-10-18 View Change |
| Cylance Protect | Alerts | CYLANCE_PROTECT |
SYSLOG + KV | 2022-09-06 View Change |
| Windows Applocker | Application Locker | WINDOWS_APPLOCKER |
SYSLOG + KV + JSON + XML | 2023-10-17 View Change |
| Cloudflare Audit | SaaS Application | CLOUDFLARE_AUDIT |
JSON | 2023-07-09 View Change |
| CrowdStrike Falcon | EDR | CS_EDR |
JSON | 2023-10-11 View Change |
| Stormshield Firewall | FIREWALL | STORMSHIELD_FIREWALL |
SYSLOG + KV | 2023-06-29 View Change |
| Fortinet FortiEDR | EDR | FORTINET_FORTIEDR |
SYSLOG + KV | 2023-08-07 View Change |
| AMD Pensando DSS Firewall | Firewall | AMD_DSS_FIREWALL |
SYSLOG + CSV | 2023-05-08 View Change |
| File Scanning Framework | File scanning | FILE_SCANNING_FRAMEWORK |
JSON | 2021-09-27 |
| Crowdstrike IOC | IOC | CROWDSTRIKE_IOC |
JSON | 2023-08-23 View Change |
| Microsoft ATA | IDS/IPS | MICROSOFT_ATA |
SYSLOG + KV | 2021-07-13 |
| Darktrace | NDR | DARKTRACE |
SYSLOG + KV (CEF) | 2023-09-26 View Change |
| Cloud SQL | Google Cloud Specific | GCP_CLOUDSQL |
JSON | 2023-11-01 View Change |
| Cloud Run | Google Cloud Specific | GCP_RUN |
JSON | 2023-04-13 View Change |
| Island Browser logs | Web Browser | ISLAND_BROWSER |
JSON | 2023-09-04 View Change |
| Cloud Functions Context | Google Cloud Specific | GCP_CLOUD_FUNCTIONS_CONTEXT |
JSON | 2023-07-26 View Change |
| Layer7 SiteMinder | SSO | SITEMINDER_SSO |
KV+JSON | 2022-08-30 View Change |
| Tenable Active Directory Security | Tenable Active Directory Security | TENABLE_ADS |
SYSLOG | 2023-11-06 View Change |
| Infoblox DNS | DNS | INFOBLOX_DNS |
SYSLOG, CEF | 2023-10-17 View Change |
| MISP Threat Intelligence | Cybersecurity | MISP_IOC |
JSON, CSV | 2023-09-26 View Change |
| Unix system | OS | NIX_SYSTEM |
SYSLOG , JSON | 2023-11-10 View Change |
| ForgeRock OpenDJ | LDAP | OPENDJ |
SYSLOG + KV | 2020-10-01 |
| Emerging Threats Pro | IOC | ET_PRO_IOC |
CSV | 2022-11-28 View Change |
| FireEye | Alerts | FIREEYE_ALERT |
SYSLOG + JSON, JSON | 2023-11-09 View Change |
| CloudM | Identity and Access Management | CLOUDM |
JSON | 2022-06-09 View Change |
| Fortinet Web Application Firewall | WEB | FORTINET_FORTIWEB |
KV | 2023-05-18 View Change |
| AWS GuardDuty | IDS/IPS | GUARDDUTY |
JSON | 2023-08-18 View Change |
| Aruba Airwave | Wireless | ARUBA_AIRWAVE |
XML | 2021-03-16 |
| VanDyke SFTP | Data Transfer | VANDYKE_SFTP |
JSON, SYSLOG | 2022-03-25 View Change |
| Ping Identity | Authentication | PING |
JSON, SYSLOG + KV | 2023-04-06 View Change |
| VMware ESXi | Hypervisor | VMWARE_ESX |
SYSLOG | 2023-10-10 View Change |
| Ansible AWX | Automation and DevOps Tools | ANSIBLE_AWX |
JSON | 2022-11-09 View Change |
| Duo Entity context data | Identity and Access Management | DUO_CONTEXT |
JSON | 2022-03-14 |
| Vectra Detect | NDR | VECTRA_DETECT |
SYSLOG + JSON + CEF | 2023-10-12 View Change |
| RH-ISAC | IOC | RH_ISAC_IOC |
JSON | 2022-03-22 View Change |
| Office 365 | SaaS Application | OFFICE_365 |
JSON | 2023-11-01 View Change |
| F5 BIGIP Access Policy Manager | Access Policy Manager | F5_BIGIP_APM |
SYSLOG | 2023-06-06 View Change |
| MySQL | Database | MYSQL |
SYSLOG | 2021-04-12 |
| Qualys Continuous Monitoring | Monitoring | QUALYS_CONTINUOUS_MONITORING |
JSON | 2022-08-30 View Change |
| Compute Context | Google Cloud Specific | N/A |
JSON | 2022-07-29 View Change |
| Honeyd | Deception Software | HONEYD |
SYSLOG | 2021-04-05 |
| Qualys Virtual Scanner | Vulnerability Scanner | QUALYS_VIRTUAL_SCANNER |
JSON | 2023-08-21 View Change |
| FireEye HX | EDR | FIREEYE_HX |
JSON | 2023-05-08 View Change |
| Azure AD Directory Audit | Audit | AZURE_AD_AUDIT |
JSON | 2023-10-16 View Change |
| Oracle | DATABASE | ORACLE_DB |
SYSLOG + KV | 2023-10-25 View Change |
| OpenSSH | Logging and Troubleshooting | OPENSSH |
SYSLOG | 2023-10-05 View Change |
| Workspace Alerts | Google Cloud Specific | WORKSPACE_ALERTS |
JSON | 2023-11-01 View Change |
| Delinea PAM | Access Management | DELINEA_PAM |
SYSLOG + CSV | 2022-11-10 View Change |
| Netscout OCI | Alert log | NETSCOUT_OCI |
SYSLOG + KV | 2023-09-04 View Change |
| Microsoft Defender for Identity | EDR | MICROSOFT_DEFENDER_IDENTITY |
JSON | 2022-07-27 View Change |
| VPC Flow Logs | Google Cloud Specific | GCP_VPC_FLOW |
JSON | 2023-05-23 View Change |
| Accellion | DLP | ACCELLION |
SYSLOG | 2022-09-30 View Change |
| Oracle Cloud Infrastructure Audit Logs | Oracle Cloud Infrastructure | OCI_AUDIT |
JSON | 2023-09-29 View Change |
| Juniper Software Defined Wide Area Network | SYSLOG | JUNIPER_SDWAN |
SYSLOG | 2023-07-10 View Change |
| Net Suite | WAF | NET_SUITE |
kv | 2023-08-02 View Change |
| Cloudflare WAF | Cloud Log | CLOUDFLARE_WAF |
JSON | 2023-08-30 View Change |
| Lenel Onguard Badge Management | Access Control System | LENEL_ONGUARD |
JSON | 2022-10-31 View Change |
| AWS Macie | AWS-specific logs | AWS_MACIE |
JSON | 2022-08-08 View Change |
| Linux Sysmon | DNS | LINUX_SYSMON |
XML | 2023-11-09 View Change |
| AWS EMR | AWS Specific | AWS_EMR |
SYSLOG, SYSLOG+JSON, JSON | 2023-10-30 View Change |
| Windows DNS | DNS | WINDOWS_DNS |
JSON, XML, SYSLOG + KV | 2023-10-18 View Change |
| Bitdefender | AV / Endpoint | BITDEFENDER |
CSV | 2023-05-02 View Change |
| VyOS Open Source Router | DHCP | VYOS |
SYSLOG | 2022-10-12 View Change |
| Kaspersky AV | AV / Endpoint | KASPERSKY_AV |
KV + CEF | 2023-10-13 View Change |
| Nutanix Prism | Firewall | NUTANIX_PRISM |
JSON | 2023-01-23 View Change |
| Aruba EdgeConnect SD-WAN | Network Security | ARUBA_EDGECONNECT_SDWAN |
SYSLOG + CSV | 2023-05-03 View Change |
| Abnormal Security | Email Server | ABNORMAL_SECURITY |
JSON , SYSLOG | 2023-11-06 View Change |
| ProofPoint Secure Email Relay | Email server | PROOFPOINT_SER |
JSON | 2023-08-29 View Change |
| McAfee MVISION CASB | CLOUD SECURITY | MCAFEE_MVISION_CASB |
KV | 2023-06-22 View Change |
| GCP_KUBERNETES_CONTEXT | Computer Inventory | GCP_KUBERNETES_CONTEXT |
JSON | 2023-11-01 View Change |
| Ionix | SECURITY | IONIX |
JSON | 2023-09-28 View Change |
| Stealthbits Defend | Security System for Active Directory and File Systems. | STEALTHBITS_DEFEND |
SYSLOG + KV (LEEF, CEF) | 2022-11-17 View Change |
| Shrubbery TACACS+ | NETWORK MANAGEMENT | SHRUBBERY_TACACS |
SYSLOG + KV | 2022-11-08 View Change |
| Bluecat DDI | DDI (DNS, DHCP, IPAM) | BLUECAT_DDI |
SYSLOG | 2022-11-08 View Change |
| Blue Coat Proxy | Web Proxy | BLUECOAT_WEBPROXY |
SYSLOG + JSON, SYSLOG + KV | 2023-10-01 View Change |
| Kemp Load Balancer | Load Balancer, Traffic Shaper, ADC | KEMP_LOADBALANCER |
SYSLOG + KV | 2023-05-31 View Change |
| Tanium Insight | Tanium Specific | TANIUM_INSIGHT |
SYSLOG + KV | 2021-03-10 |
| HAProxy | Load balancing | HAPROXY |
SYSLOG | 2023-09-25 View Change |
| LimaCharlie | EDR | LIMACHARLIE_EDR |
JSON | 2023-08-07 |
| VMware Workspace ONE | Logging and Troubleshooting | VMWARE_WORKSPACE_ONE |
SYSLOG | 2023-08-04 View Change |
| Cloud Identity Device Users | Google Cloud Specific | GCP_CLOUDIDENTITY_DEVICEUSERS |
JSON | 2022-10-01 View Change |
| Azure AD Organizational Context | LDAP | AZURE_AD_CONTEXT |
JSON | 2023-10-25 View Change |
| COVID-19 Cyber Threat Coalition | IOC | COVID_CTC_IOC |
Value Entry | 2020-06-02 |
| Atlassian Jira | Ticketing Application | ATLASSIAN_JIRA |
SYSLOG, JSON | 2023-11-10 View Change |
| Forcepoint Proxy | Web Proxy | FORCEPOINT_WEBPROXY |
SYSLOG + KV (CEF), LEEF | 2023-06-12 View Change |
| Sophos Capsule8 | Container Security | SOPHOS_CAPSULE8 |
JSON | 2021-12-22 |
| Varonis | Data Security / Insider Threat | VARONIS |
SYSLOG + KV (CEF), LEEF | 2022-10-08 View Change |
| STIX Threat Intelligence | Cybersecurity Threats | STIX |
SYSLOG + KV (CEF) | 2023-11-08 View Change |
| Corelight | NDR | CORELIGHT |
JSON | 2023-10-04 View Change |
| CloudGenix SD-WAN | Switches, Routers | CLOUDGENIX_SDWAN |
SYSLOG + KV | 2022-09-08 View Change |
| Cloudian hyperstore | Storage Solutions | CLOUDIAN_HYPERSTORE |
SYSLOG | 2021-05-05 |
| Open LDAP | LDAP | OPENLDAP |
SYSLOG | 2023-07-18 View Change |
| Absolute Mobile Device Management | Mobile Device Management | ABSOLUTE |
SYSLOG + KV (CEF) | 2023-07-07 View Change |
| Saviynt Enterprise Identity Cloud | Endpoints | SAVIYNT_EIP |
JSON, JSON+KV | 2023-06-05 View Change |
| Tanium Patch | Tanium Specific | TANIUM_PATCH |
JSON | 2022-02-08 |
| TrendMicro Web Proxy | Web Proxy | TRENDMICRO_WEBPROXY |
SYSLOG + KV | 2023-08-02 View Change |
| Palo Alto Networks Firewall | Firewall | PAN_FIREWALL |
CSV + CEF + LEEF | 2023-09-20 View Change |
| Passive DNS | DNS | PASSIVE_DNS |
JSON | 2021-05-19 |
| Proofpoint Web Browser Isolation | ATTACK PROTECTION ISOLATION | PROOFPOINT_WEB_BROWSER_ISOLATION |
JSON | 2023-05-25 View Change |
| Stealthbits PAM | Privileged Access Management Solution | STEALTHBITS_PAM |
CEF + KV | 2023-11-07 View Change |
| Preempt Alert | Identity and Access Management | PREEMPT |
SYSLOG + KV (CEF) | 2022-06-22 View Change |
| Cloud Identity Devices | Google Cloud Specific | GCP_CLOUDIDENTITY_DEVICES |
JSON | 2022-04-13 View Change |
| Google Cloud IAM Analysis | Google Cloud Resources Contexts | N/A |
JSON | 2023-02-27 View Change |
| Cisco Umbrella IP | Web Proxy | UMBRELLA_IP |
SYSLOG | 2022-08-22 View Change |
| AWS RDS | Database | AWS_RDS |
SYSLOG | 2023-04-24 View Change |
| Cisco PIX Firewall | Firewall | CISCO_PIX_FIREWALL |
SYSLOG | 2023-05-23 View Change |
| Cisco Stealthwatch | Log Aggregator | CISCO_STEALTHWATCH |
JSON | 2023-06-19 View Change |
| Azure Cosmos DB | Database | AZURE_COSMOS_DB |
JSON | 2023-02-22 View Change |
| Elastic Packet Beats | Log Aggregator | ELASTIC_PACKETBEATS |
SYSLOG + JSON | 2022-05-09 View Change |
| IAM Context | Google Cloud Specific | N/A |
JSON | 2023-07-26 View Change |
| Snort | IDS/IPS | SNORT_IDS |
SYSLOG + JSON | 2022-09-22 View Change |
| Imperva FlexProtect | Cloud App & Network Security | IMPERVA_FLEXPROTECT |
CEF + KV | 2023-08-28 View Change |
| Kong API Gateway | Microservice management | KONG_GATEWAY |
SYSLOG + JSON | 2022-09-23 View Change |
| Custom Security Data Analytics | Log Aggregation | CUSTOM_SECURITY_DATA_ANALYTICS |
JSON | 2022-07-08 View Change |
| ISC DHCP | DHCP | ISC_DHCP |
JSON + SYSLOG + KV | 2022-02-08 |
| OSSEC | IDS/IPS | OSSEC |
SYSLOG | 2023-06-14 View Change |
| RSA | Identity and Access Management | RSA_AUTH_MANAGER |
CSV | 2022-08-09 View Change |
| Cisco CloudLock | CASB | CISCO_CLOUDLOCK_CASB |
JSON | 2021-10-04 |
| Sierra Wireless | IOT Devices | SIERRA_WIRELESS |
SYSLOG | 2023-06-30 View Change |
| Microsoft Sentinel | Microsoft Sentinel | MICROSOFT_SENTINEL |
JSON | 2023-11-03 View Change |
| SentinelOne EDR | EDR | SENTINEL_EDR |
SYSLOG + JSON | 2023-11-09 View Change |
| McAfee Web Gateway | Web Proxy | MCAFEE_WEBPROXY |
SYSLOG + KV (CEF), JSON | 2023-06-17 View Change |
| AWS Config | AWS Specific | AWS_CONFIG |
JSON | 2022-05-27 View Change |
| OpenVPN | Network | OPEN_VPN |
SYSLOG + KV | 2022-04-28 View Change |
| Check Point | Firewall | CHECKPOINT_FIREWALL |
SYSLOG + KV, JSON | 2023-10-11 View Change |
| Trend Micro AV | AV / Endpoint | TRENDMICRO_AV |
SYSLOG + KV, CEF | 2023-05-21 View Change |
| Windows Sysmon | DNS | WINDOWS_SYSMON |
JSON, XML | 2023-10-27 View Change |
| GMV Checker ATM Security | ATM Audit | GMV_CHECKER |
SYSLOG | 2022-04-20 View Change |
| Dataminr Alerts | DATAMINR_ALERT |
2023-08-23 View Change |
||
| CrowdStrike Falcon Stream | Alerts | CS_STREAM |
KV (LEEF) | 2022-07-18 View Change |
| Citrix Storefront | Remote Access Tools | CITRIX_STOREFRONT |
JSON | 2022-07-22 View Change |
| Pivotal | PaaS Application | PIVOTAL |
SYSLOG + KV | 2022-08-17 View Change |
| Azure Firewall | Azure Firewall Application Rule | AZURE_FIREWALL |
JSON | 2023-06-01 View Change |
| Cisco Umbrella DNS | DNS | UMBRELLA_DNS |
CSV, JSON | 2023-11-07 View Change |
| Cloud Load Balancing | Google Cloud Specific | GCP_LOADBALANCING |
JSON | 2023-11-01 View Change |
| Signal Sciences WAF | WAF | SIGNAL_SCIENCES_WAF |
JSON | 2023-09-16 View Change |
| Peplink Firewall | Firewall | PEPLINK_FW |
SYSLOG + KV | 2023-08-17 View Change |
| Dope Security SWG | Secure Access Service Edge | DOPE_SWG |
CSV | 2023-05-18 View Change |
| Windows Defender AV | AV / Endpoint | WINDOWS_DEFENDER_AV |
JSON, XML | 2023-09-04 View Change |
| McAfee IPS | IDS/IPS | MCAFEE_IPS |
SYSLOG | 2021-04-15 |
| Digital Shadows Indicators | IOC | DIGITAL_SHADOWS_IOC |
JSON | 2022-04-23 |
| GCP_NETWORK_CONNECTIVITY | Computer Inventory | GCP_NETWORK_CONNECTIVITY_CONTEXT |
JSON | 2023-06-13 View Change |
| Atlassian Confluence | Knowledge base | ATLASSIAN_CONFLUENCE |
SYSLOG, JSON | 2023-11-14 View Change |
| Forescout NAC | NAC | FORESCOUT_NAC |
SYSLOG, CEF | 2023-05-31 View Change |
| Dell OpenManage | Systems Management Application | DELL_OPENMANAGE |
SYSLOG + KV | 2022-07-27 View Change |
| Windows Hyper-V | Virtualization Software | WINDOWS_HYPERV |
JSON | 2023-10-09 View Change |
| Thales Vormetric | Encryption | VORMETRIC |
SYSLOG | 2021-12-17 |
| Sophos Intercept EDR | EDR logs | SOPHOS_EDR |
JSON | 2022-12-27 View Change |
| Fortinet FortiNAC | NAC | FORTINET_FORTINAC |
SYSLOG | 2022-07-08 View Change |
| EPIC Systems | Discovery and Monitoring | EPIC |
LEEF + KV | 2022-10-31 View Change |
| Thales MFA | Authentication | THALES_MFA |
SYSLOG + KV (CEF) | 2022-07-13 View Change |
| Shibboleth IDP | Identity and Access Management | SHIBBOLETH_IDP |
SYSLOG | 2021-04-19 |
| Ipswitch MOVEit Transfer | Switches | IPSWITCH_MOVEIT_TRANSFER |
SYSLOG + CSV | 2023-08-18 View Change |
| CoSoSys Protector | Endpoint Detection | ENDPOINT_PROTECTOR_DLP |
SYSLOG + KV | 2023-04-17 View Change |
| Fortinet FortiAnalyzer | Fortinet FortiAnalyzer | FORTINET_FORTIANALYZER |
JSON | 2023-07-19 View Change |
| CircleCI | Automation and DevOps Tools | CIRCLECI |
CSV + JSON | 2023-03-09 View Change |
| ESET AV | ESET_AV | ESET_AV |
SYSLOG + JSON | 2023-01-10 View Change |
| Openpath | AV / Endpoint | OPENPATH |
SYSLOG | 2023-11-08 View Change |
| Sourcefire | IDS/IPS | SOURCEFIRE_IDS |
JSON, CEF | 2023-07-06 View Change |
| Aruba | Wireless | ARUBA_WIRELESS |
SYSLOG | 2023-05-25 View Change |
| Duo Auth | Authentication | DUO_AUTH |
JSON | 2023-10-23 View Change |
| Kubernetes Audit | K8s cluster audit logs | KUBERNETES_AUDIT |
JSON | 2023-08-21 View Change |
| Apple MacOS | AV / Endpoint | MACOS |
SYSLOG | 2022-05-04 View Change |
| Custom DNS | DNS | CUSTOM_DNS |
JSON | 2022-08-05 View Change |
| McAfee Enterprise Security Manager | Log Aggregator | MCAFEE_ESM |
SYSLOG + JSON | 2022-02-25 |
| Barracuda WAF | Firewall | BARRACUDA_WAF |
JSON, SYSLOG + KV | 2023-07-19 View Change |
| NetApp SAN | Rest api | NETAPP_SAN |
SYSLOG | 2023-04-25 View Change |
| Mobileiron | ENDPOINT MANAGEMENT | MOBILEIRON |
JSON | 2023-02-02 View Change |
| 1Password | Identity and Access Management | ONEPASSWORD |
JSON | 2023-06-07 View Change |
| Archer Integrated Risk Management | Risk Management Solution | ARCHER_IRM |
SYSLOG | 2022-05-04 View Change |
| Kubernetes Node | Kubernetes Container | KUBERNETES_NODE |
JSON | 2023-08-16 View Change |
| Pulse Secure | VPN | PULSE_SECURE_VPN |
SYSLOG | 2023-11-07 View Change |
| Sophos DHCP | DHCP | SOPHOS_DHCP |
SYSLOG + KV | 2022-02-10 |
| Radware Web Application Firewall | Firewall | RADWARE_FIREWALL |
SYSLOG | 2021-09-08 |
| ExtraHop DNS | DNS | EXTRAHOP_DNS |
JSON | 2021-12-13 |
| VMware vCenter | Server | VMWARE_VCENTER |
SYSLOG + JSON | 2023-11-13 View Change |
| Microsoft Intune | Mobile Device Management | AZURE_MDM_INTUNE |
JSON | 2022-08-17 View Change |
| Fortinet | DHCP | FORTINET_DHCP |
KV | 2022-11-21 View Change |
| Akamai WAF | WAF | AKAMAI_WAF |
SYSLOG | 2023-10-27 View Change |
| Palo Alto Networks Traps | EDR | PAN_EDR |
CSV + KV | 2022-08-22 View Change |
| Cloud Intrusion Detection System | Google Cloud Specific | GCP_IDS |
JSON | 2023-09-26 View Change |
| pfSense | FIREWALL | PFSENSE |
SYSLOG | 2023-05-05 View Change |
| Fluentd Logs | Log Aggregator | FLUENTD |
SYSLOG + JSON | 2023-06-14 View Change |
| Rapid7 Insight | Vulnerability Scanner | RAPID7_INSIGHT |
SYSLOG, JSON | 2023-05-05 View Change |
| Cato Networks | NDR | CATO_NETWORKS |
JSON | 2023-05-19 View Change |
| Akeyless Vault Platform | Akeyless Vault Platform | AKEYLESS_VAULT |
KV + JSON | 2023-09-16 View Change |
| IBM DB2 | Database | DB2_DB |
LEEF | 2023-10-30 View Change |
| Ribbon Analytics Platform | Telephone Software | RIBBON_ANALYTICS_PLATFORM |
SYSLOG | 2022-09-09 View Change |
| Windows DHCP | DHCP | WINDOWS_DHCP |
JSON, SYSLOG, CSV | 2022-05-23 View Change |
| Nokia VitalQIP | DDI (DNS, DHCP, IPAM) | VITALQIP |
SYSLOG | 2022-03-01 |
| Palo Alto Cortex XDR Alerts | NDR | CORTEX_XDR |
JSON | 2023-11-10 View Change |
| Cloud Passage | SaaS Application | CLOUD_PASSAGE |
JSON | 2022-06-30 View Change |
| Kubernetes Auth Proxy | Kubernetes Specific | KUBERNETES_AUTH_PROXY |
JSON | 2022-09-08 View Change |
| Cisco DHCP | DHCP | CISCO_DHCP |
SYSLOG + CSV | 2022-02-07 |
| Centrify | SSO | CENTRIFY_SSO |
JSON | 2022-08-10 View Change |
| Pulse Secure Virtual Traffic Manager | Traffic Shapers | PULSE_SECURE_VTM |
SYSLOG | 2023-11-03 View Change |
| Silverfort Authentication Platform | Identity and Access Management | SILVERFORT |
CEF SYSLOG | 2023-10-11 View Change |
| Thinkst Canary | Deception Software | THINKST_CANARY |
JSON | 2023-09-15 View Change |
| Check Point Sandblast | EDR | CHECKPOINT_EDR |
SYSLOG + KV | 2022-09-07 View Change |
| Proofpoint On Demand | Email Server | PROOFPOINT_ON_DEMAND |
JSON | 2023-11-13 View Change |
| Hashicorp Vault | Privileged Account Activity | HASHICORP |
JSON, SYSLOG, SYSLOG+JSON, SYSLOG+KV | 2023-10-26 View Change |
| Palo Alto Prisma Cloud | SECURITY PLATFORM | PAN_PRISMA_CLOUD |
JSON | 2022-08-09 View Change |
| Microsoft Azure Activity | Misc Windows Specific | AZURE_ACTIVITY |
JSON | 2023-10-09 View Change |
| SOTI MobiControl | Mobile Device Management | SOTI_MOBICONTROL |
SYSLOG | 2023-09-08 View Change |
| Arista Switch | Switches | ARISTA_SWITCH |
JSON+SYSLOG | 2022-08-03 View Change |
| Microsoft Defender for Endpoint | EDR | MICROSOFT_DEFENDER_ENDPOINT |
JSON | 2023-10-12 View Change |
| Samba SMBD | Privileged Account Activity | SMBD |
Syslog | 2023-03-09 View Change |
| Cisco Firepower NGFW | Firewall | CISCO_FIREPOWER_FIREWALL |
SYSLOG + KV, JSON | 2023-09-12 View Change |
| ManageEngine ADAudit Plus | Active Directory Audit | ADAUDIT_PLUS |
SYSLOG + KV (CEF) | 2023-10-17 View Change |
| Lacework Cloud Security | Cloud Security | LACEWORK |
JSON | 2023-11-09 View Change |
| Snoopy Logger | Log Aggregator | SNOOPY_LOGGER |
SYSLOG | 2022-08-10 View Change |
| InterSystems Cache | Database | INTERSYSTEMS_CACHE |
SYSLOG + KV | 2022-10-19 View Change |
| Cisco Router | Switches, Routers | CISCO_ROUTER |
SYSLOG | 2023-11-10 View Change |
| Infoblox DHCP | DHCP | INFOBLOX_DHCP |
SYSLOG | 2023-04-26 View Change |
| Big Switch BigCloudFabric | Switches, Routers | BIGSWITCH_BCF |
SYSLOG | 2021-04-20 |
| Okta Access Gateway | OKTA specific | OKTA_ACCESS_GATEWAY |
SYSLOG + KV | 2023-02-20 View Change |
| Red Hat OpenShift | Kubernetes Container | REDHAT_OPENSHIFT |
SYSLOG | 2022-08-17 View Change |
| Vectra Stream | NDR | VECTRA_STREAM |
SYSLOG + KV | 2023-10-15 View Change |
| Active Countermeasures | Alert | AI_HUNTER |
SYSLOG | 2020-12-08 |
| FortiMail Email Security | Email Security | FORTINET_FORTIMAIL |
KV | 2023-09-06 View Change |
| Yubico OTP | Audit event | YUBICO_OTP |
SYSLOG, JSON, CSV | 2023-02-20 View Change |
| Workspace Mobile Devices | Google Cloud Specific | WORKSPACE_MOBILE |
JSON | 2023-04-12 View Change |
| ForgeRock OpenAM | Identity and Access Management | OPENAM |
CSV, SYSLOG + KV | 2023-05-19 View Change |
| ESET Threat Intelligence | IOC | ESET_IOC |
JSON | 2023-10-05 View Change |
| Barracuda Firewall | Firewall | BARRACUDA_FIREWALL |
SYSLOG | 2022-07-08 View Change |
| IBM AS/400 | Application System | IBM_AS400 |
SYSLOG + KV | 2022-04-13 View Change |
| Dell Switch | Switches, Routers | DELL_SWITCH |
SYSLOG | 2023-11-02 View Change |
| Forcepoint DLP | Forcepoint DLP | FORCEPOINT_DLP |
CEF | 2022-11-07 View Change |
| Nucleus Unified Vulnerability Management | Nucleus Specific | NUCLEUS_VULNERABILITY |
JSON | 2021-06-30 |
| ThreatConnect | IOC | THREATCONNECT_IOC |
JSON | 2022-01-13 |
| Squid Web Proxy | Web Proxy | SQUID_WEBPROXY |
SYSLOG | 2022-10-30 View Change |
| Avanan Email Security | Email Server | AVANAN_EMAIL |
JSON | 2022-07-12 View Change |
| Cisco Prime | Network Management and Optimization | CISCO_PRIME |
SYSLOG | 2021-05-21 |
| BigQuery | Google Cloud Resources Contexts | N/A |
JSON | 2022-03-03 |
| IBM Tivoli | Monitoring | IBM_TIVOLI |
JSON, SYSLOG | 2023-06-12 View Change |
| McAfee ePolicy Orchestrator | Policy Management | MCAFEE_EPO |
SYSLOG + XML, CSV, KV | 2023-10-15 View Change |
| Zeek TSV | Format Specific | BRO_TSV |
SYSLOG + TSV | 2022-01-31 |
| Cisco Firewall Services Module | Firewall | CISCO_FWSM |
SYSLOG | 2023-05-05 View Change |
| Seqrite Endpoint Security (EPS) | AV and endpoint logs | SEQRITE_ENDPOINT |
LEEF | 2023-03-24 View Change |
| Symantec Endpoint Protection | AV / Endpoint | SEP |
SYSLOG | 2023-11-08 View Change |
| Proofpoint Threat Response | Email Server | PROOFPOINT_TRAP |
SYSLOG | 2023-05-26 View Change |
| Chrome Management | Browser | N/A |
JSON | 2023-09-06 View Change |
| Cisco ACS | Authentication | CISCO_ACS |
SYSLOG + KV | 2023-09-26 View Change |
| Thycotic | Identity and Access Management | THYCOTIC |
SYSLOG + KV (CEF) | 2023-09-22 View Change |
| BloxOne Threat Defense | DNS | BLOXONE |
SYSLOG + JSON | 2023-03-07 View Change |
| HP Procurve Switch | Switches | HP_PROCURVE |
SYSLOG | 2023-09-24 View Change |
| PostFix Mail | Email Server | POSTFIX_MAIL |
SYSLOG | 2022-10-06 View Change |
| BeyondTrust | Privilege Account Activity | BOMGAR |
SYSLOG | 2022-10-13 View Change |
| Apache Tomcat | Web server | TOMCAT |
JSON | 2022-04-20 View Change |
| Cisco WLC/WCS | Wireless | CISCO_WIRELESS |
SYSLOG | 2023-02-09 View Change |
| Cloud Audit Logs | Google Cloud Specific | N/A |
JSON | 2023-11-09 View Change |
| Imperva Advanced Bot Protection | Bot Protection | IMPERVA_ABP |
JSON | 2023-07-21 View Change |
| Snare System Diagnostic Logs | Security | SNARE_SOLUTIONS |
SYSLOG + KV | 2022-07-29 View Change |
| SAP Netweaver | Database | SAP_NETWEAVER |
JSON | 2023-05-03 View Change |
| Sophos Central | AV / Endpoint | SOPHOS_CENTRAL |
JSON | 2022-12-27 View Change |
| Azion | Firewall | AZION |
JSON | 2023-09-30 View Change |
| Windows Network Policy Server | Authentication | WINDOWS_NET_POLICY_SERVER |
SYSLOG, JSON, SYSLOG + XML | 2022-11-21 View Change |
| Apache Hadoop | open-source software | HADOOP |
SYSLOG + KV | 2023-06-05 View Change |
| Symantec Web Security Service | Web Proxy | SYMANTEC_WSS |
JSON | 2023-06-19 View Change |
| IBM Informix | DATABASE | INFORMIX |
JSON + SYSLOG | 2022-02-18 |
| BeyondTrust Privileged Identity | Privilege Account Activity | BEYONDTRUST_PI |
SYSLOG | 2022-10-24 View Change |
| HP Aruba(Clearpass) | Identity and Access Management | CLEARPASS |
SYSLOG + KV | 2022-08-18 View Change |
| Carbon Black App Control | Security log | CB_APP_CONTROL |
CEF, JSON | 2022-07-01 View Change |
| Men and Mice DNS | DNS | MENANDMICE_DNS |
SYSLOG | 2021-11-12 |
| Arcsight CEF | Security log | ARCSIGHT_CEF |
CEF Syslog | 2023-04-27 View Change |
| AWS Route 53 DNS | AWS Specific | AWS_ROUTE_53 |
JSON + SYSLOG | 2023-05-08 View Change |
| Juniper MX Router | Routers and Switches | JUNIPER_MX |
SYSLOG + KV | 2022-01-24 |
| Tanium Stream | Tanium Specific | TANIUM_TH |
JSON | 2023-09-20 View Change |
| CA LDAP | Web server | CA_LDAP |
JSON | 2022-08-19 View Change |
| Atlassian Bitbucket | Atlassian Bitbucket | ATLASSIAN_BITBUCKET |
JSON | 2023-06-12 View Change |
| Medigate IoT | IoT | MEDIGATE_IOT |
SYSLOG + JSON | 2023-11-08 View Change |
| AWS VPC Flow | AWS Specific | AWS_VPC_FLOW |
SYSLOG | 2023-04-06 View Change |
| PAN Autofocus | IOC | PAN_IOC |
JSON | 2021-08-09 |
| Apache | Security | APACHE |
SYSLOG + JSON | 2023-07-31 View Change |
| Armis Activities | ACTIVITIES | ARMIS_ACTIVITIES |
JSON | 2023-02-07 View Change |
| Neosec | Security | NEOSEC |
JSON | 2023-07-31 View Change |
| Zscaler Private Access | Security Service Edge | ZSCALER_ZPA |
SYSLOG + JSON, JSON | 2023-02-22 View Change |
| Jamf Protect Alerts | Endpoint Security | JAMF_PROTECT |
JSON | 2023-11-22 View Change |
| Nasuni File Services Platform | Data Transfer | NASUNI_FILE_SERVICES |
SYSLOG + JSON | 2022-08-21 View Change |
| Oracle Cloud Infrastructure | Oracle Cloud Infrastructure | ORACLE_CLOUD_AUDIT |
JSON | 2023-10-30 View Change |
| Sendmail | Email Server | SENDMAIL |
SYSLOG + KV | 2023-09-20 View Change |
| Workspace Privileges | Google Cloud Specific | WORKSPACE_PRIVILEGES |
JSON | 2023-04-12 View Change |
| IBM Safenet | IT infrastructure | IBM_SAFENET |
SYSLOG | 2023-05-24 View Change |
| Okera Dynamic Access Platform | Data Security | OKERA_DAP |
JSON | 2023-01-29 View Change |
| Rubrik | Backup software | RUBRIK |
SYSLOG | 2022-12-01 View Change |
| Fastly WAF | WAF | FASTLY_WAF |
JSON | 2022-06-06 View Change |
| Sophos UTM | Unified Threat Management | SOPHOS_UTM |
KV | 2022-06-30 View Change |
| Imperva CEF | CEF | IMPERVA_CEF |
SYSLOG + KV | 2023-03-07 View Change |
| CSV Custom IOC | IOC | CSV_CUSTOM_IOC |
CSV | 2023-09-11 View Change |
| Duo Telephony Logs | Identity and Access Management | DUO_TELEPHONY |
JSON | 2023-08-24 View Change |
| Netfilter IPtables | Firewall | NETFILTER_IPTABLES |
SYSLOG + KV | 2023-10-12 View Change |
| Cisco ASA | firewall | CISCO_ASA_FIREWALL |
SYSLOG | 2023-09-06 View Change |
| Jamf Protect Telemetry | Endpoint Security | JAMF_TELEMETRY |
JSON | 2023-09-06 View Change |
| Palo Alto Prisma Access | Cloud Security | PAN_CASB |
JSON | 2022-11-25 View Change |
| Cisco Internetwork Operating System | Network Infrastructure | CISCO_IOS |
SYSLOG | 2023-10-04 View Change |
| Symantec Web Isolation | Secure Access Service Edge | SYMANTEC_WEB_ISOLATION |
JSON | 2022-07-08 View Change |
| Symantec VIP Gateway | Email Server | SYMANTEC_VIP |
SYSLOG | 2023-03-03 View Change |
| Menlo Security | Web Proxy | MENLO_SECURITY |
JSON | 2023-08-03 View Change |
| IBM Websphere Application Server | Web server | IBM_WEBSPHERE_APP_SERVER |
JSON, SYSLOG | 2022-01-20 |
| Cofense | Email Server | COFENSE_TRIAGE |
SYSLOG + KV (CEF) | 2023-04-19 View Change |
| F5 Shape | Security log | F5_SHAPE |
JSON | 2022-02-21 |
| Juniper Junos | Network Device | JUNIPER_JUNOS |
SYSLOG + KV | 2023-10-25 View Change |
| Tenable Security Center | Vulnerability Scanner | TENABLE_SC |
SYSLOG | 2021-05-18 |
| Oracle Unified Directory | ORACLE OUD | ORACLE_OUD |
SYSLOG | 2023-09-11 View Change |
| Juniper Mist | Network Management and Optimization software | JUNIPER_MIST |
JSON | 2023-02-24 View Change |
| Aruba IPS | IPS | ARUBA_IPS |
JSON | 2022-06-16 View Change |
| SpyCloud | AV / Endpoint | SPYCLOUD |
SYSLOG + JSON | 2023-11-08 View Change |
| AWS CloudFront | CDN | AWS_CLOUDFRONT |
SYSLOG | 2022-05-27 View Change |
| Apigee | Google Cloud Specific | GCP_APIGEE |
JSON | 2021-11-02 |
| Okta User Context | Identity and Access Management | OKTA_USER_CONTEXT |
JSON | 2023-08-16 View Change |
| ManageEngine AD360 | Identity and Access Management | MANAGE_ENGINE_AD360 |
SYSLOG + KV | 2022-09-16 View Change |
| Chronicle SOAR Audit | SOAR | CHRONICLE_SOAR_AUDIT |
JSON | 2023-10-12 View Change |
| Bitwarden Events | Password Manager | BITWARDEN_EVENTS |
JSON | 2023-11-09 View Change |
| AWS Aurora | AWS | AWS_AURORA |
JSON | 2023-11-02 View Change |
| SentinelOne Deep Visibility | EDR | SENTINEL_DV |
JSON | 2023-09-06 View Change |
| Cisco Switch | Switches, Routers | CISCO_SWITCH |
SYSLOG | 2023-11-05 View Change |
| Sophos Firewall (Next Gen) | Firewall | SOPHOS_FIREWALL |
KV | 2023-11-10 View Change |
| AlgoSec Security Management | Policy Management | ALGOSEC |
SYSLOG + KV (CEF) | 2022-11-27 View Change |
| Netscout | NETWORK | ARBOR_EDGE_DEFENSE |
SYSLOG + KV | 2023-02-21 View Change |
| McAfee Skyhigh CASB | CASB | MCAFEE_SKYHIGH_CASB |
SYSLOG + KV | 2023-06-17 View Change |
| AWS Control Tower | Identity and Access Management | AWS_CONTROL_TOWER |
JSON | 2023-01-04 View Change |
| Cisco VPN | VPN | CISCO_VPN |
SYSLOG | 2022-08-19 View Change |
| Teleport Access Plane | Remote Access | TELEPORT_ACCESS_PLANE |
SYSLOG | 2023-05-09 View Change |
| AWS WAF | AWS Specific | AWS_WAF |
JSON | 2023-09-11 View Change |
| CrowdStrike Detection Monitoring | EDR | CS_DETECTS |
JSON | 2023-07-21 View Change |
| DMP | Physical Security | DMP_ENTRE |
SYSLOG | 2020-09-23 |
| Illumio Core | Policy Management | ILLUMIO_CORE |
JSON | 2023-03-14 View Change |
| Suricata IDS | IDS/IPS | SURICATA_IDS |
JSON | 2023-08-24 View Change |
| GitHub | SaaS Application | GITHUB |
JSON | 2023-10-25 View Change |
| Workspace ChromeOS Devices | Google Cloud Specific | WORKSPACE_CHROMEOS |
JSON | 2023-11-01 View Change |
| AWS Cloudtrail | Cloud Log Aggregator | AWS_CLOUDTRAIL |
JSON | 2023-11-11 View Change |
| Armis Devices | DEVICES | ARMIS_DEVICES |
JSON | 2023-03-02 View Change |
| Fortinet FortiClient | Security | FORTINET_FORTICLIENT |
KV | 2023-10-27 View Change |
| FireEye HX Audit | Audits | FIREEYE_HX_AUDIT |
XML | 2022-11-04 View Change |
| Versa Firewall | FIREWALL | VERSA_FIREWALL |
SYSLOG + KV | 2023-07-03 View Change |
| Workspace Activities | Google Cloud Specific | WORKSPACE_ACTIVITY |
JSON | 2023-11-01 View Change |
| Tanium Reveal | Tanium Specific | TANIUM_REVEAL |
JSON | 2021-11-15 |
| FileZilla | File tranfser | FILEZILLA_FTP |
SYSLOG | 2022-03-23 View Change |
| IBM CICS | Service Bus | IBM_CICS |
LEEF | 2021-10-27 |
| VMware NSX | Network and Security Virtualization | VMWARE_NSX |
KV | 2023-10-13 View Change |
| ZScaler VPN | VPN | ZSCALER_VPN |
SYSLOG + CSV | 2023-06-08 View Change |
| F5 DNS | DNS | F5_DNS |
SYSLOG | 2021-06-17 |
| IBM Security Verify SaaS | SaaS Application | IBM_SECURITY_VERIFY_SAAS |
JSON | 2023-10-27 View Change |
| Azure AD | LDAP | AZURE_AD |
JSON | 2023-07-12 View Change |
| ESET | EDR | ESET_EDR |
SYSLOG + JSON | 2022-05-10 View Change |
| Cisco Web Services Manager | CISCO_WSM | CISCO_WSM |
SYSLOG | 2023-10-05 View Change |
| Airlock Digital Application Allowlisting | Application Whitelisting | AIRLOCK_DIGITAL |
SYSLOG | 2023-02-22 View Change |
| Windows Firewall | Firewall | WINDOWS_FIREWALL |
Space Separated Value | 2021-08-26 |
| OneLogin | SSO | ONELOGIN_SSO |
JSON | 2023-04-28 View Change |
| Palo Alto Panorama | Firewall | PAN_PANORAMA |
CSV | 2023-08-07 View Change |
| Cisco TACACS+ | Authentication | CISCO_TACACS |
SYSLOG + KV | 2022-08-09 View Change |
| Proofpoint Observeit | Email Server | OBSERVEIT |
JSON, KV | 2023-11-03 View Change |
| FortiGate | Firewall | FORTINET_FIREWALL |
JSON, SYSLOG + KV | 2023-07-10 View Change |
| iBoss Proxy | Webproxy | IBOSS_WEBPROXY |
SYSLOG + JSON | 2023-08-22 View Change |
| Cisco Application Centric Infrastructure | CISCO ACI | CISCO_ACI |
JSON, SYSLOG | 2022-09-26 View Change |
| Linux DHCP | DHCP | LINUX_DHCP |
SYSLOG | 2022-09-05 View Change |
| ManageEngine Reporter Plus | SaaS Application | MANAGE_ENGINE_REPORTER_PLUS |
JSON | 2022-08-29 View Change |
| Cisco Email Security | Email Server | CISCO_EMAIL_SECURITY |
SYSLOG + KV, JSON | 2023-10-05 View Change |
| Citrix Monitor | Monitoring of DaaS | CITRIX_MONITOR |
JSON | 2022-12-06 View Change |
| Qualys Asset Context | Vulnerability Scanner | QUALYS_ASSET_CONTEXT |
JSON | 2023-08-01 View Change |
| Salesforce | SaaS Application | SALESFORCE |
KV (LEEF), CSV | 2023-02-24 View Change |
| Thales Luna Hardware Security Module | THALES_LUNA_HSM specific | THALES_LUNA_HSM |
JSON/SYSLOG | 2022-12-02 View Change |
| Semperis DSP | LDAP | SEMPERIS_DSP |
SYSLOG | 2021-04-29 |
| Zeek JSON | DNS | BRO_JSON |
JSON | 2023-10-04 View Change |
| Saiwall VPN | VPN | SAIWALL_VPN |
KV | 2023-10-29 View Change |
| Digital Shadows SearchLight | Threat Intelligence | DIGITAL_SHADOWS_SEARCHLIGHT |
JSON | 2022-05-02 |
| VMware Horizon | VDI | VMWARE_HORIZON |
SYSLOG | 2022-08-15 View Change |
| Cisco Wireless IPS | Cisco Wips | CISCO_WIPS |
SYSLOG + KV | 2022-11-03 View Change |
| Static IP | DHCP | ASSET_STATIC_IP |
CSV | 2023-06-16 View Change |
| Fireeye ETP | Email Server | FIREEYE_ETP |
JSON | 2021-06-11 |
| SecureLink | Remote Access Tools | SECURELINK |
SYSLOG | 2023-09-13 View Change |
| AWS Elastic Load Balancer | AWS Specific | AWS_ELB |
SYSLOG | 2022-05-27 View Change |
| HPE ILO | Server Management | HPE_ILO |
SYSLOG | 2022-03-14 |
| Trend Micro Deep Security | AV / Endpoint | TRENDMICRO_DEEP_SECURITY |
LEEF | 2022-09-01 View Change |
| BIND | DNS | BIND_DNS |
SYSLOG | 2023-09-19 View Change |
| Cisco UCM | Communication Manager | CISCO_UCM |
SYSLOG + KV | 2022-08-18 View Change |
| CIS Albert Alerts | Alerts | CIS_ALBERT_ALERT |
SYSLOG | 2022-10-10 View Change |
| Solarwinds Kiwi Syslog Server | Security Log | SOLARWINDS_KSS |
SYSLOG + KV | 2022-11-16 View Change |
| Dell EMC Isilon NAS | Storage | DELL_EMC_NAS |
SYSLOG | 2023-07-21 View Change |
| EfficientIP DDI | Network | EFFICIENTIP_DDI |
SYSLOG + KV | 2022-01-24 |
| Digital Guardian EDR | EDR | DIGITALGUARDIAN_EDR |
KV | 2022-12-07 View Change |
| Workspace Users | Google Cloud Specific | WORKSPACE_USERS |
JSON | 2023-09-06 View Change |
| Netskope Web Proxy | Web Proxy | NETSKOPE_WEBPROXY |
SYSLOG, SYSLOG+JSON, JSON | 2023-10-09 View Change |
| F5 Advanced Firewall Management | Firewall | F5_AFM |
SYSLOG + CSV | 2023-09-11 View Change |
| F5 BIGIP LTM | Load Balancer, Traffic Shaper, ADC | F5_BIGIP_LTM |
SYSLOG | 2023-08-28 View Change |
| HCNET Account Adapter Plus | DHCP | HCNET_ACCOUNT_ADAPTER |
SYSLOG | 2022-09-15 View Change |
| Cloudflare | SaaS Application | CLOUDFLARE |
JSON | 2023-10-09 View Change |
| Cisco Meraki | Wireless | CISCO_MERAKI |
SYSLOG, JSON | 2023-10-09 View Change |
| Centripetal Networks IOC | IOC | CENTRIPETAL_IOC |
SYSLOG + KV | 2022-01-06 |
| Resource Manager Context | Google Cloud Specific | GCP_RESOURCE_MANAGER_CONTEXT |
JSON | 2023-07-26 View Change |
| Uptycs EDR | Endpoint detection and response | UPTYCS_EDR |
JSON | 2022-07-08 View Change |
| Anomali | IOC | ANOMALI_IOC |
JSON, CEF | 2022-03-14 |
| Broadcom SSL Visibility Appliance | SSL Visibility | BROADCOM_SSL_VA |
SYSLOG | 2022-09-26 View Change |
| Azure DevOps Audit | Automation and DevOps Tools | AZURE_DEVOPS |
JSON | 2022-06-28 View Change |
| Kisi Access Management | Physical Security | KISI |
JSON | 2023-06-14 View Change |
| Trustwave webmarshal | Proxy Server | WEBMARSHAL |
SYSLOG + CSV | 2023-05-04 View Change |
| Symantec EDR | EDR | SYMANTEC_EDR |
JSON | 2022-03-31 View Change |
| AIX system | OS | AIX_SYSTEM |
SYSLOG | 2023-06-21 View Change |
| Citrix Netscaler | Load Balancer, Traffic Shaper, ADC | CITRIX_NETSCALER |
SYSLOG + KV | 2023-07-21 View Change |
| Suricata EVE | IPS IDS | SURICATA_EVE |
JSON | 2022-08-17 View Change |
| VMware vRealize Suite | Cloud | VMWARE_VREALIZE |
SYSLOG | 2023-06-20 View Change |
| Digi modems | Switches and Routers | DIGI_MODEMS |
SYSLOG | 2023-06-26 View Change |
| McAfee Web Protection | SaaS Application | MCAFEE_WEB_PROTECTION |
JSON | 2022-09-22 View Change |
| Elastic Search | Log Aggregator | ELASTIC_SEARCH |
JSON | 2023-11-02 View Change |
| Area1 Security | Email server | AREA1 |
JSON | 2023-04-06 View Change |
| Recorded Future | IOC | RECORDED_FUTURE_IOC |
JSON | 2021-11-17 |
| Tanium Comply | Tanium Specific | TANIUM_COMPLY |
JSON | 2022-08-18 View Change |
| Proofpoint Email Filter | Email Server | PROOFPOINT_MAIL_FILTER |
KV | 2022-10-03 View Change |
| Cisco CTS | Telephone Software | CISCO_CTS |
SYSLOG + KV | 2021-05-20 |
| Qualys VM | Vulnerability Scanner | QUALYS_VM |
KV + JSON | 2023-10-27 View Change |
| Desynova Contido | Switches | DESYNOVA_CONTIDO |
SYSLOG + JSON | 2023-09-19 View Change |
| Kea DHCP | DHCP | KEA_DHCP |
SYSLOG | 2022-03-22 View Change |
| Ruckus Networks | Wireless | RUCKUS_WIRELESS |
SYSLOG + KV | 2023-01-06 View Change |
| Cisco FireSIGHT Management Center | SaaS Application | CISCO_FIRESIGHT |
KV | 2023-09-21 View Change |
| Microsoft Exchange | Email Server | EXCHANGE_MAIL |
SYSLOG | 2023-10-20 View Change |
| Cloud DNS | Google Cloud Specific | N/A |
JSON | 2023-05-12 View Change |
| GMAIL Logs | Google Cloud Specific | GMAIL_LOGS |
JSON | 2023-08-21 View Change |
| ClamAV | AV / Endpoint | CLAM_AV |
JSON | 2022-02-07 |
| Cisco ISE | Identity and Access Management | CISCO_ISE |
SYSLOG | 2023-09-29 View Change |
| Cisco UCS | OS logs | CISCO_UCS |
SYSLOG | 2022-07-04 View Change |
| Box | Collaboration | BOX |
JSON | 2022-09-16 View Change |
| Cloud IoT | Google Cloud Specific | GCP_CLOUDIOT |
JSON | 2022-06-06 View Change |
| Zscaler CASB | CASB | ZSCALER_CASB |
JSON | 2023-09-30 View Change |
| Avatier Password Management | SaaS Application | AVATIER |
SYSLOG + KV | 2021-08-05 |
| NGINX | Server Management | NGINX |
JSON + SYSLOG | 2022-09-10 View Change |
| Trend Micro Vision One | AV and endpoint logs | TRENDMICRO_VISION_ONE |
SYSLOG + KV, CEF | 2023-03-24 View Change |
| AWS S3 Server Access | AWS Specific | AWS_S3_SERVER_ACCESS |
SYSLOG | 2023-07-19 View Change |
| Red Hat Directory Server LDAP | Identity and Access Management | REDHAT_DIRECTORY_SERVER |
JSON + SYSLOG + KV | 2022-04-11 View Change |
| Apigee | Google Cloud Specific | GCP_APIGEE_X |
JSON | 2023-08-09 View Change |
| Dell EMC Data Domain | Storage system | DELL_EMC_DATA_DOMAIN |
SYSLOG + KV | 2022-07-08 View Change |
| Tanium Asset | Tanium Specific | TANIUM_ASSET |
JSON, SYSLOG + KV | 2022-09-26 View Change |
| Cisco Umbrella Web Proxy | Web Proxy | UMBRELLA_WEBPROXY |
CSV | 2023-10-17 View Change |
| OSQuery | EDR | OSQUERY_EDR |
SYSLOG + JSON | 2023-06-14 View Change |
| Cybereason EDR | EDR | CYBEREASON_EDR |
JSON | 2023-02-23 View Change |
| Unbound DNS | DNS | UNBOUND_DNS |
SYSLOG | 2020-06-09 |
| Forseti Open Source | Google Cloud Specific | FORSETI |
JSON | 2021-12-23 |
| Akamai Enterprise Application Access | Enterprise Application Access | AKAMAI_EAA |
JSON | 2023-11-14 View Change |
| Evision FircoSoft | Infrastructure | EVISION_FIRCOSOFT |
SYSLOG | 2023-10-30 View Change |
| Cloud Data Loss Prevention | Google Cloud Specific | N/A |
JSON | 2022-12-19 View Change |
| Tanium Discover | Tanium Specific | TANIUM_DISCOVER |
JSON | 2022-11-24 View Change |
| NXLog Manager | Log Aggregator | NXLOG_MANAGER |
SYSLOG | 2022-01-13 |
| ThreatLocker Platform | THREATLOCKER | THREATLOCKER |
JSON | 2023-06-18 View Change |
| SonicWall | Firewall | SONIC_FIREWALL |
SYSLOG + KV | 2023-05-26 View Change |
| Open Cybersecurity Schema Framework (OCSF) | Schema | OCSF |
JSON | 2023-10-30 View Change |
| Qualys Scan | Vulnerability scanner | QUALYS_SCAN |
JSON | 2023-04-21 View Change |
| IBM Security Access Manager | WAF | IBM_SAM |
SYSLOG | 2023-09-12 View Change |
| IBM DataPower Gateway | API Gateway | IBM_DATAPOWER |
JSON, SYSLOG | 2023-11-09 View Change |
| Zimperium | Mobile Device Management | ZIMPERIUM |
SYSLOG + JSON | 2023-08-18 View Change |
| Cisco AMP | AV / Endpoint | CISCO_AMP |
JSON | 2021-12-12 |
| Ordr IoT | IoT | ORDR_IOT |
SYSLOG + JSON | 2022-08-19 View Change |
| ZScaler NGFW | Firewall | ZSCALER_FIREWALL |
SYSLOG + KV (CEF), CSV | 2023-09-12 View Change |
| Nyansa Events | IoT | NYANSA_EVENTS |
SYSLOG + KV | 2023-03-01 View Change |
| Duo Administrator Logs | Authentication | DUO_ADMIN |
JSON | 2023-03-10 View Change |
| Zoom Operation Logs | Operation-Specific | ZOOM_OPERATION_LOGS |
SYSLOG | 2022-11-04 View Change |
| Check Point Harmony | Remote Access Tools | CHECKPOINT_HARMONY |
SYSLOG+KV | 2023-11-10 View Change |
| Datto File Protection | DATTO_FILE_PROTECTION | DATTO_FILE_PROTECTION |
SYSLOG | 2022-08-22 View Change |
| Trustwave SEC MailMarshal | Email server | MAILMARSHAL |
SYSLOG | 2023-04-06 View Change |
| Bluecat Edge DNS Resolver | DNS | BLUECAT_EDGE |
JSON, KV, SYSLOG | 2022-01-18 |
| Cloud SQL Context | Google Cloud Specific | GCP_SQL_CONTEXT |
JSON | 2023-07-26 View Change |
| Firewall Rule Logging | Google Cloud Specific | N/A |
JSON | 2023-11-01 View Change |
| Snyk Group level audit Logs | Vulnerability Scanners | SNYK_SDLC |
JSON | 2023-04-25 View Change |
| Tripwire | DLP | TRIPWIRE_FIM |
SYSLOG | 2023-06-21 View Change |
| VMware AirWatch | Wireless | AIRWATCH |
SYSLOG + KV | 2023-09-05 View Change |
| Workspace Groups | Google Cloud Specific | WORKSPACE_GROUPS |
JSON | 2023-04-12 View Change |
| Imperva SecureSphere Management | Data Security / Insider Threat | IMPERVA_SECURESPHERE |
SYSLOG + KV (CEF) | 2023-04-26 View Change |
| Carbon Black | EDR | CB_EDR |
JSON | 2023-10-26 View Change |
| Microsoft Graph API Alerts | Gateway to data and intelligence | MICROSOFT_GRAPH_ALERT |
JSON | 2023-09-15 View Change |
| ServiceNow Security | SaaS Application | SERVICENOW_SECURITY |
JSON | 2021-05-24 |
| Skybox Firewall Assurance | Firewall | SKYBOX_FIREWALL_ASSURANCE |
SYSLOG + KV | 2023-09-07 View Change |
| Symantec DLP | DLP | SYMANTEC_DLP |
SYSLOG + KV (CEF), XML | 2023-09-02 View Change |
| Forcepoint NGFW | Network | FORCEPOINT_FIREWALL |
JSON | 2023-02-16 View Change |
| CyberArk | Privilege Account Management | CYBERARK |
KV (CEF) | 2022-10-10 View Change |
| Apache Cassandra | Web server | CASSANDRA |
JSON | 2022-04-13 View Change |
| Brocade ServerIron ADX | Load Balancer | BROCADE_SERVERIRON |
SYSLOG | 2022-01-13 |
| Windows Event | Endpoint | WINEVTLOG |
JSON + KV + XML | 2023-11-01 View Change |
| Ipswitch SFTP | Data Transfer | IPSWITCH_SFTP |
SYSLOG, JSON | 2022-09-05 View Change |
| Kolide Endpoint Security | Security | KOLIDE |
JSON | 2023-10-25 View Change |
| Thales Digital Identity and Security | Digital Identity & Security | THALES_DIS |
SYSLOG | 2022-03-17 |
| DNSFilter | Data Transfer | DNSFILTER |
CSV | 2023-10-27 View Change |
| Sophos AV | AV / Endpoint | SOPHOS_AV |
CSV, JSON | 2022-07-27 View Change |
| AWS Session Manager | AWS Specific | AWS_SESSION_MANAGER |
SYSLOG | 2023-06-14 View Change |
| Palo Alto Prisma Cloud Alert payload | Cloud Security | PAN_PRISMA_CA |
JSON | 2023-08-17 View Change |
| Windows Defender ATP | AV / Endpoint | WINDOWS_DEFENDER_ATP |
SYSLOG + JSON, XML, JSON | 2023-10-12 View Change |
| Kubernetes Audit Azure | Log Aggregator | KUBERNETES_AUDIT_AZURE |
JSON | 2023-06-20 View Change |
| Riverbed Steelhead | Network Management and Optimization | STEELHEAD |
JSON | 2022-08-08 View Change |
| Falco IDS | IDS/IPS | FALCO_IDS |
JSON | 2023-05-23 View Change |
| ZScaler DNS | DNS | ZSCALER_DNS |
SYSLOG + KV, JSON | 2023-10-17 View Change |
| Windows Event (XML) | AV / Endpoint | WINEVTLOG_XML |
SYSLOG + XML, KV | 2023-11-10 View Change |
| tenable.io | Vulnerability Scanner | TENABLE_IO |
JSON | 2023-01-02 View Change |
| Quest Active Directory | Authentication log | QUEST_AD |
CEF SYSLOG | 2022-01-31 |
| F5 VPN | VPN | F5_VPN |
SYSLOG | 2022-07-22 View Change |
| DigitalArts i-Filter | Web Proxy | DIGITALARTS_IFILTER |
SYSLOG | 2023-04-17 View Change |
| Splunk Platform | Security log | SPLUNK |
JSON | 2023-05-17 View Change |
| Microsoft Azure NSG Flow | Network Flow | AZURE_NSG_FLOW |
JSON | 2022-04-18 View Change |
| Microsoft AD | LDAP | WINDOWS_AD |
JSON | 2023-08-09 View Change |
| Microsoft Defender For Cloud | Automation and DevOps Tools | MICROSOFT_DEFENDER_CLOUD_ALERTS |
JSON | 2023-08-14 |
| Armis Alerts | ALERTS | ARMIS_ALERTS |
JSON | 2023-02-07 View Change |
| Azure WAF | Log Aggregator | AZURE_WAF |
JSON | 2023-07-14 View Change |
| Wazuh | Log Aggregator | WAZUH |
SYSLOG + JSON | 2023-07-17 View Change |
| FireEye NX | NDR | FIREEYE_NX |
JSON | 2022-05-18 View Change |
| Datadog | NDR | DATADOG |
JSON | 2023-07-21 View Change |
| Stealthbits Audit | File system monitoring | STEALTHBITS_AUDIT |
JSON | 2021-11-09 |
| AlphaSOC | Alert | ASOC_ALERT |
JSON | 2021-06-21 |
| Compute Engine | Google Cloud Specific | GCP_COMPUTE |
JSON | 2023-02-24 View Change |
| JAMF CMDB | Computer Inventory | JAMF |
JSON | 2023-04-27 View Change |
| Attivo Networks | NETWORK | ATTIVO |
SYSLOG + KV (CEF) | 2023-08-14 View Change |
| Oracle Cloud Infrastructure VCN Flow Logs | Oracle Cloud Infrastructure | OCI_FLOW |
JSON | 2023-04-29 View Change |
| Forcepoint CASB | CASB | FORCEPOINT_CASB |
SYSLOG + CEF | 2022-08-23 View Change |
| IBM Security Verify | Endpoint Security | IBM_SECURITY_VERIFY |
SYSLOG | 2023-01-25 View Change |
| Netskope | Cloud Security | NETSKOPE_ALERT |
JSON | 2023-11-10 View Change |
| Juniper | Firewall | JUNIPER_FIREWALL |
SYSLOG + KV | 2023-11-02 View Change |
| Duo User Context | Identity and Access Management | DUO_USER_CONTEXT |
JSON | 2021-04-12 |
| Aqua Security | IaaS Applications | AQUA_SECURITY |
JSON | 2022-02-03 |
| Symantec Event export | SEP | SYMANTEC_EVENT_EXPORT |
JSON, SYSLOG | 2023-11-07 View Change |
| Sysdig | Security | SYSDIG |
JSON | 2022-10-07 View Change |
| Elastic Windows Event Log Beats | Log Aggregator | ELASTIC_WINLOGBEAT |
SYSLOG + JSON | 2023-11-12 View Change |
| IBM z/OS | OS | IBM_ZOS |
LEEF | 2023-07-25 View Change |
| Palo Alto Cortex XDR Events | Monitoring and Threat Detection | PAN_CORTEX_XDR_EVENTS |
JSON | 2023-02-01 View Change |
| Kyriba Treasury Management | SaaS Application | KYRIBA |
CSV | 2021-02-24 |
| F5 ASM | WAF | F5_ASM |
SYSLOG | 2023-11-08 View Change |
| SecureAuth | SSO | SECUREAUTH_SSO |
SYSLOG, XML | 2023-07-09 View Change |
| Avaya Aura Experience Portal | Avaya Aura Experience Portal | AVAYA_AURA |
SYSLOG | 2022-12-30 View Change |
| Azure VPN | VPN | AZURE_VPN |
JSON | 2023-03-07 View Change |
| Nucleus Asset Metadata | Nucleus Specific | NUCLEUS_ASSET |
JSON | 2021-08-05 |
| Microsoft CASB | CASB | MICROSOFT_CASB |
SYSLOG + KV (CEF) | 2023-06-28 View Change |
| NIMBLE OS | OS | NIMBLE_OS |
SYSLOG | 2022-07-21 View Change |
| Rapid7 | Vulnerability Scanner | RAPID7_NEXPOSE |
JSON | 2022-09-27 View Change |
| Ubiquiti UniFi Switch | Switch | UBIQUITI_SWITCH |
SYSLOG | 2022-08-26 View Change |
| Zix Email Encryption | Email Server | ZIX_EMAIL_ENCRYPTION |
SYSLOG | 2022-11-05 View Change |
| Azure SQL | Database | AZURE_SQL |
JSON | 2022-02-08 |
| Cambium Networks | Switches and Routers Log Type | CAMBIUM_NETWORKS |
SYSLOG | 2023-07-27 View Change |
| Symantec CloudSOC CASB | CASB | SYMANTEC_CASB |
SYSLOG + JSON | 2021-12-17 |
| AWS Network Firewall | Firewall | AWS_NETWORK_FIREWALL |
JSON | 2023-05-05 View Change |
| Okta | Identity and Access Management | OKTA |
JSON | 2023-06-28 View Change |
| Cisco NX-OS | OS | CISCO_NX_OS |
SYSLOG | 2023-08-11 View Change |
| Security Command Center Threat | Google Cloud Specific | N/A |
JSON | 2023-08-23 View Change |
| Akamai Cloud Monitor | Load Balancer, Traffic Shaper, ADC | AKAMAI_CLOUD_MONITOR |
JSON | 2023-09-16 View Change |
| CA Access Control | Access Management | CA_ACCESS_CONTROL |
JSON+SYSLOG, SYSLOG | 2023-07-25 View Change |
| BMC Helix Discovery | bmc helix discovery | BMC_HELIX_DISCOVERY |
SYSLOG | 2022-08-29 View Change |
| Cisco Umbrella Audit | Firewall and Security Management | CISCO_UMBRELLA_AUDIT |
CSV | 2023-02-28 View Change |
| Acalvio | Deception Software | ACALVIO |
SYSLOG + KV | 2020-10-13 |
| AWS Security Hub | IDS/IPS | AWS_SECURITY_HUB |
JSON | 2023-06-20 View Change |
| Cloud Storage Context | Google Cloud Specific | N/A |
JSON | 2023-04-13 View Change |
| JumpCloud Directory Insights | CLOUD | JUMPCLOUD_DIRECTORY_INSIGHTS |
JSON | 2023-10-31 View Change |
| TeamViewer | Remote Support | TEAMVIEWER |
JSON | 2022-08-02 View Change |
| Netscout Arbor Sightline | Monitoring | ARBOR_SIGHTLINE |
SYSLOG + JSON | 2022-12-16 View Change |
| Department of Homeland Security | Threat detection | DHS_IOC |
XML | 2023-07-31 View Change |
| IBM Security QRadar SIEM | Security Log | IBM_QRADAR |
SYSLOG | 2023-05-18 View Change |
| Elastic Audit Beats | ALERTING | ELASTIC_AUDITBEAT |
JSON | 2023-09-04 View Change |
| Slack Audit | Productivity | SLACK_AUDIT |
JSON | 2023-10-27 View Change |
| CA ACF2 | Mainframe | CA_ACF2 |
LEEF | 2022-05-24 View Change |
| Cisco Vision Dynamic Signage Director | Content and Delivery Management | CISCO_STADIUMVISION |
SYSLOG, SYSLOG+KV | 2023-05-12 View Change |
| HCL BigFix | Network Management and Optimization | HCL_BIGFIX |
JSON | 2022-08-30 View Change |
| Cisco Application Control Engine | Load Balancer, Traffic Shaper, ADC | CISCO_ACE |
SYSLOG | 2022-09-15 View Change |
| Mimecast | Email Server | MIMECAST_MAIL |
KV | 2023-03-31 View Change |
Supported log types without a default parser
Chronicle SIEM does not provide a default parser for these log types. You can ingest raw logs from these devices using the Chronicle SIEM Ingestion API or the Chronicle SIEM forwarder. Chronicle SIEM will not normalize the data to structured Unified Data Model format.
You can create a custom parser to normalize these logs. You can also search raw logs.
| Vendor / Product | Ingestion label |
|---|---|
| A10 Load Balancer | A10_LOAD_BALANCER |
| Accops Hysecure VPN | ACCOPS_HYSECURE_VPN |
| Acquia Cloud Platform | ACQUIA_CLOUD_PLATFORM |
| Acronis Backup | ACRONIS |
| Microsoft ActiveSync | ACTIVE_SYNC |
| ManageEngine ADManager Plus | ADMANAGER_PLUS |
| Admin by request PAM | ADMIN_BY_REQUEST |
| Adobe Commerce | ADOBE_COMMERCE |
| Adobe Experience Manager | ADOBE_EXPERIENCE_MANAGER |
| ManageEngine ADSelfService Plus | ADSELFSERVICE_PLUS |
| ADTRAN NetVanta router | ADTRAN_NETVANTA |
| ADVA Fiber Service Platform | ADVA_FSP |
| Agari Phishing Defense | AGARI_PHISHING_DEFENSE |
| Advanced Intrusion Detection Environment | AIDE |
| Extreme Networks AirDefense | AIRDEFENSE |
| Akamai Prolexic | AKAMAI_DDOS |
| Akamai DHCP | AKAMAI_DHCP |
| Akamai Enterprise Threat Protector | AKAMAI_ETP |
| Akamai SIEM Connector | AKAMAI_SIEM_CONNECTOR |
| AlertLogic Notifications | ALERTLOGIC_NOTIFICATIONS |
| AlienVault Open Threat Exchange | ALIENVAULT_OTX |
| Allot NetEnforcer | ALLOT_NETENFORCER |
| Alveo Risk Data Management | ALVEO_RDM |
| Analyst1 IOC | ANALYST1_IOC |
| Apache Kafka Audit | APACHE_KAFKA_AUDIT |
| Apache SpamAssassin | APACHE_SPAMASSASSIN |
| APC Automatic Transfer Switch | APC_ATS |
| APC Netbotz | APC_NETBOTZ |
| APC Power Distribution Unit | APC_PDU |
| APC Smart-UPS | APC_SMART_UPS |
| APC StruxureWare Portal | APC_STRUXUREWARE |
| Apiiro Cloud Application Security Platform | APIIRO |
| Appgate Software-defined Perimeter | APPGATE_SDP |
| Appian Cloud | APPIAN_CLOUD |
| AppViewX | APPVIEWX |
| Aptos Enterprise Order Management | APTOS_EOM |
| Argo CD | ARGO_CD |
| Argo Workflows | ARGO_WORKFLOWS |
| Arista NDR | ARISTA_NDR |
| Arkime Packet Capture | ARKIME_PCAP |
| Armis | ARMIS |
| Armorblox Email Security | ARMORBLOX_ESC |
| Armor Anywhere | ARMOR_ANYWHERE |
| Array Networks SSL VPN | ARRAYNETWORKS_VPN |
| Array Networks WAF | ARRAY_NETWORKS_WAF |
| Aruba Orchestrator | ARUBA_ORCHESTRATOR |
| Arxan Threat Analytics | ARXAN_THREAT_ANALYTICS |
| Asana | ASANA |
| AssetNote | ASSETNOTE |
| Atlassian Cloud Admin Audit | ATLASSIAN_AUDIT |
| Atlassian Jira Confluence Json | ATLASSIAN_CONFLUENCE_JSON |
| Atlassian Jira Json | ATLASSIAN_JIRA_JSON |
| AT&T Netbond | ATT_NETBOND |
| Authentic8 Silo | AUTHENTIC8_SILO |
| Authx Identity Management | AUTHX |
| Authx User Context | AUTHX_USER_CONTEXT |
| Automox | AUTOMOX_EPM |
| Avast Business | AVAST_HUB |
| Avaya Session Border Controller | AVAYA_BORDER |
| Avaya Interactive Voice Response | AVAYA_IVR |
| Avaya VSP Switch | AVAYA_VSP |
| Avaya Wireless | AVAYA_WIRELESS |
| Aviatrix Cloud Network Platform | AVIATRIX |
| Awake NDR | AWAKE_NDR |
| AWS Dynamo DB | AWS_DYNAMO_DB |
| Amazon ElastiCache | AWS_ELASTI_CACHE |
| Amazon FSx for Windows File Server | AWS_FSX |
| AWS Identity and Access Management (IAM) | AWS_IAM |
| AWS Inspector | AWS_INSPECTOR |
| AWS Inspector2 | AWS_INSPECTOR2 |
| AWS NGINX | AWS_NGINX |
| AWS Redshift | AWS_REDSHIFT |
| AWS Simple Email Service | AWS_SES |
| AWS Shield | AWS_SHIELD |
| AWS VPN | AWS_VPN |
| Axis Atmos | AXIS_ATMOS |
| Axis Security Audit | AXIS_OS |
| Axonius Cybersecurity Asset Management | AXONIUS |
| Microsoft Azure | AZURE |
| Azure AD Provisioning | AZURE_AD_PROVISIONING |
| Azure AD Sign-In | AZURE_AD_SIGNIN |
| Azure API Management | AZURE_API_MANAGEMENT |
| Azure App Service | AZURE_APP_SERVICE |
| Azure ATP | AZURE_ATP |
| Azure Bastion | AZURE_BASTION |
| Azure DNS logs | AZURE_DNS |
| Azure Application Gateway | AZURE_GATEWAY |
| Azure Key Vault logging | AZURE_KEYVAULT_AUDIT |
| Microsoft Intune Context | AZURE_MDM_INTUNE_CONTEXT |
| Azure Security Center | AZURE_SECURITY_CENTER |
| Azure Storage Audit | AZURE_STORAGE_AUDIT |
| Backbox | BACKBOX |
| OneIdentity Balabit | BALABIT |
| BambooHR | BAMBOO_HR |
| Barracuda CloudGen Access | BARRACUDA_CLOUDGEN_ACCESS |
| Barracuda Impersonation Protection | BARRACUDA_IMPERSONATION |
| Barracuda Content Shield | BARRACUDA_SHIELD |
| Bettercloud | BETTERCLOUD |
| BeyondTrust BeyondInsight | BEYONDTRUST_BEYONDINSIGHT |
| BeyondTrust Cloud Privilege Broker | BEYONDTRUST_CPB |
| BeyondTrust Endpoint Privilege Management | BEYONDTRUST_ENDPOINT |
| BeyondTrust Management console | BEYONDTRUST_MC |
| Beyond Identity | BEYOND_IDENTITY |
| Bitvise SSHd | BITVISE_SSHD |
| Bluecat Address Manager | BLUECAT_AM |
| Blue Prism | BLUE_PRISM |
| BMC AMI Defender | BMC_AMI_DEFENDER |
| BMC Client Management | BMC_CLIENT_MANAGEMENT |
| BMC Control-M | BMC_CONTROL_M |
| Bricata NDR | BRICATA_NDR |
| Britive Audit API | BRITIVE_AUDIT_API |
| BRIVO | BRIVO |
| CA Privileged Access Manager | BROADCOM_CA_PAM |
| Broadcom Compliance Event Manager | BROADCOM_CEM |
| Broadcom Support Portal Audit Logs | BROADCOM_SUPPORT_PORTAL |
| Brocade Fabric OS | BROCADE_FOS |
| Brocade SANnav Management Portal | BROCADE_SANNAV |
| Brocade Switch | BROCADE_SWITCH |
| Zeek DHCP | BRO_DHCP |
| Zeek HTTP | BRO_HTTP |
| BT IPControl | BT_IPCONTROL |
| Burpsuite Application Security testing tool | BURPSUITE |
| Cameyo Bring Your Own Cloud | CAMEYO_BYO_CLOUD |
| Canary Audit Trail | CANARY_AUDIT_TRAIL |
| CATO SD-WAN | CATO_SDWAN |
| Censornet CASB | CENSORNET_CASB |
| CENSYS | CENSYS |
| Cequence Bot Defense | CEQUENCE_BOT_DEFENSE |
| Cerberus FTP Server | CERBERUS_FTP |
| Check Point CloudGuard | CHECKPOINT_CLOUDGUARD |
| Check Point Email | CHECKPOINT_EMAIL |
| Checkpoint SmartDefense | CHECKPOINT_SMARTDEFENSE |
| Cilium | CILIUM |
| Cisco Aironet | CISCO_AIRONET |
| Cisco APIC | CISCO_APIC |
| Cisco Call Manager | CISCO_CALL_MANAGER |
| Cisco DNA Center Platform | CISCO_DNAC |
| Cisco DNS | CISCO_DNS |
| Cisco Meraki Camera | CISCO_MERAKI_CAMERA |
| Cisco vManage SD-WAN | CISCO_SDWAN |
| Cisco Secure Malware Analytics | CISCO_SECURE_MALWARE_ANALYTICS |
| Cisco Secure Workload | CISCO_SECURE_WORKLOAD |
| Cisco Content Security Management Appliance | CISCO_SMA |
| Cisco SNMP Trapd | CISCO_SNMP |
| Cisco Unity Connection | CISCO_UNITY_CONNECTION |
| Cisco WSA | CISCO_WSA |
| CiscoXDR | CISCO_XDR |
| Citrix Analytics | CITRIX_ANALYTICS |
| Citrix Netscaler Web Logs | CITRIX_NETSCALER_WEB_LOGS |
| Citrix SD-WAN | CITRIX_SDWAN |
| Citrix Session Metadata | CITRIX_SESSION_METADATA |
| Citrix Virtual Desktop Infrastructure | CITRIX_VDI |
| Citrix WAF | CITRIX_WAF |
| Citrix Web Gateway | CITRIX_WEB_GATEWAY |
| Citrix Workspace | CITRIX_WORKSPACE |
| Citrix XenCenter | CITRIX_XENCENTER |
| Claroty Continuous Threat Detection | CLAROTY_CTD |
| Claroty Enterprise Management Console | CLAROTY_EMC |
| Clearsense Healthcare Analytics | CLEARSENSE |
| Clearswift | CLEARSWIFT |
| Click Studios Passwordstate | CLICK_STUDIOS_PASSWORDSTATE |
| CloudBolt | CLOUDBOLT |
| Cloudflare Bot Management | CLOUDFLARE_BOT_MANAGEMENT |
| Cloud Passage (CSM) | CLOUDPASSAGE_CSM |
| Cloud Passage (FIM) | CLOUDPASSAGE_FIM |
| Cloud Passage (LIDS) | CLOUDPASSAGE_LIDS |
| Cloud Passage (SVM) | CLOUDPASSAGE_SVM |
| cmd.com | CMD |
| Cockroach DB | COCKROACH_DB |
| Code42 CrashPlan | CODE42 |
| Code42 Incydr | CODE42_INCYDR |
| Code Worldwide | CODE_WORLDWIDE |
| Cofense Vision | COFENSE_VISION |
| Cohesity | COHESITY |
| Cohesity Smartfiles | COHESITY_SMARTFILES |
| CommVault | COMMVAULT |
| CommVault Commcell | COMMVAULT_COMMCELL |
| Commvault Metallic | COMMVAULT_METALLIC |
| Confluent Audit | CONFLUENT_AUDIT |
| ConnectWise Automate | CONNECTWISE_AUTOMATE |
| ConnectWise Control | CONNECTWISE_CONTROL |
| Cradlepoint NetCloud | CRADLEPOINT_NETCLOUD |
| Cribl AppScope | CRIBL_APPSCOPE |
| Cribl Cloud | CRIBL_CLOUD |
| Cribl Edge | CRIBL_EDGE |
| Cribl Search | CRIBL_SEARCH |
| Cribl Stream | CRIBL_STREAM |
| ProLion CryptoSpike | CRYPTOSPIKE |
| CSG Custom Rules Engine | CSG_CUSTOMENGINE |
| CSG Singleview | CSG_SINGLEVIEW |
| CSV Custom CMDB | CSV_CUSTOM_CMDB |
| CrowdStrike Falcon CEF | CS_CEF_EDR |
| CTERA Drive | CTERA_DRIVE |
| Culture AI | CULTURE_AI |
| Customer Alerts | CUSTOMER_ALERT |
| Custom Application Access Logs | CUSTOM_APPLICATION_ACCESS |
| Custom Host Forensics | CUSTOM_HOST_FORENSICS |
| CyberArk Privileged Access Manager (PAM) | CYBERARK_PAM |
| Cyberark Privilege Cloud | CYBERARK_PRIVILEGE_CLOUD |
| CyberArk Identity Single Sign-On | CYBERARK_SSO |
| Connectsecure | CYBERCNS |
| Cyberhaven Data Detection and Response | CYBERHAVEN_DDR |
| Cyberhaven | CYBERHAVEN_EVENTS |
| Cyberint | CYBERINT |
| Microsoft CyberX | CYBERX |
| Cycode Platform | CYCODE |
| Insider threat detection and response | CYDERES_INSIDER |
| Cylance | CYLANCE |
| Cylera IOT | CYLERA_IOT |
| Cynet 360 AutoXDR | CYNET_360_AUTOXDR |
| Cyolo Zero Trust | CYOLO_ZTNA |
| D3 Security | D3_SECURITY |
| Databricks | DATABRICKS |
| DataLocker SafeConsole | DATALOCKER_SAFECONSOLE |
| Datasunrise Dam | DATASUNRISE_DAM |
| Datawatch | DATAWATCH |
| DealCloud | DEAL_CLOUD |
| Deepfence Network Monitoring | DEEPFENCE |
| Delinea Privilege Manager | DELINEA_PRIVILEGE_MANAGER |
| Delinea Secret Server | DELINEA_SECRET_SERVER |
| Delinea Server Suite | DELINEA_SERVER_SUITE |
| Dell Cyber Recovery Manager | DELL_CRM |
| Dell CyberSense | DELL_CYBERSENSE |
| Dell EMC Avamar | DELL_EMC_AVAMAR |
| Dell EMC Cloudlink | DELL_EMC_CLOUDLINK |
| Dell EMC PowerStore | DELL_EMC_POWERSTORE |
| Dell EMC Unity | DELL_EMC_UNITY |
| Dell SonicWALL WAF | DELL_WAF |
| Design Profit Central Server | DESIGN_PROFIT_CENTRAL_SERVER |
| Device 42 | DEVICE_42 |
| Devolutions Remote Desktop Manager | DEVOLUTIONS_RDM |
| Divvy Cloud | DIVVY_CLOUD |
| Docker | DOCKER |
| DomainTools Threat Intelligence | DOMAINTOOLS_THREATINTEL |
| DOMO Business Cloud | DOMO |
| Dragos | DRAGOS |
| Draytek Firewall | DRAYTEK |
| Dremio Data Lakehouse | DREMIO_DATA_LAKEHOUSE |
| Dropbox | DROPBOX |
| Drupal Logging | DRUPAL |
| Druva Backup | DRUVA_BACKUP |
| DSP Toolkit audit | DSP_AUDIT |
| Duo Access Gateway | DUO_CASB |
| Duo Network Gateway | DUO_NETWORK_GATEWAY |
| Dynatrace | DYNATRACE |
| CWT SatoTravel | E2_SOLUTIONS |
| Eaton UPS | EATON_UPS |
| eCAR | ECAR |
| eCAR Bro | ECAR_BRO |
| Edgio CDN | EDGIO_CDN |
| Edgio Rate Limiting | EDGIO_RL |
| Edgio WAF | EDGIO_WAF |
| Efax | EFAX |
| Egnyte | EGNYTE |
| EclecticIQ EDR | EIQ_EDR |
| Elastic File Beats | ELASTIC_FILEBEAT |
| Elastic Metric Beats | ELASTIC_METRICBEAT |
| Emerson Smart Firewall | EMERSON_FIREWALL |
| Endgame | ENDGAME_EDR |
| Ensono Cloud Mainframe Solution | ENSONO |
| Entrust nShield HSM | ENTRUST_HSM |
| Entrust NTP Server | ENTRUST_NTP_SERVER |
| Entrust Secrets Vault | ENTRUST_SECRETS_VAULT |
| Erlang Shell Logs | ERLANG_SHELL |
| Ermes Web Protection | ERMES |
| Ermetic | ERMETIC |
| E-Share platform | ESHARE_PLATFORM |
| Estar | ESTAR |
| ETQ Reliance | ETQ_RELIANCE |
| Exabeam Fusion XDR | EXABEAM_FUSION_XDR |
| ExtraHop DHCP | EXTRAHOP_DHCP |
| ExtremeWare Operating System (OS) | EXTREMEWARE_NETWORKS |
| xtreme Networks ExtremeControl NAC Solution | EXTREME_CONTROL |
| Extreme Management Center | EXTREME_MANAGEMENT |
| Extreme Networks Switch | EXTREME_SWITCH |
| EzProxy | EZPROXY |
| F5 Bot | F5_BOT |
| F5 IP Intelligence | F5_IP_INTELLIGENCE |
| F5 Silverline | F5_SILVERLINE |
| Fail2Ban Scan | FAIL2BAN |
| Farsight DNSDB | FARSIGHT_DNSDB |
| Feenics Access Control | FEENICS_ACCESS_CONTROL |
| Fidelis Endpoint | FIDELIS_ENDPOINT |
| FileMage SFTP | FILEMAGE_SFTP |
| Firebase | FIREBASE |
| Fireeye eMPS | FIREEYE_EMPS |
| FireEye Helix | FIREEYE_HELIX |
| FireMon Firewall | FIREMON_FIREWALL |
| Fivetran | FIVETRAN |
| Flashpoint IOC | FLASHPOINT_IOC |
| Fleet DM | FLEET_DM |
| Forcepoint Email Security | FORCEPOINT_EMAILSECURITY |
| Forcepoint Insider Threat | FORCEPOINT_FIT |
| Forcepoint V Series | FORCEPOINT_VSERIES |
| Fortanix Data Security Manager | FORTANIX_DSM |
| Fortinet Wireless Access Point | FORTINET_AP |
| Fortinet FortiAuthenticator | FORTINET_FORTIAUTHENTICATOR |
| Fortinet FortiSandbox | FORTINET_SANDBOX |
| Fortinet Switch | FORTINET_SWITCH |
| Fortinet Proxy | FORTINET_WEBPROXY |
| Foundry Fastiron | FOUNDRY_FASTIRON |
| Fox-IT | FOX_IT_STIX |
| FreeIPA | FREEIPA |
| FreeRADIUS | FREERADIUS |
| Digital Defense Frontline VM | FRONTLINE_VM |
| Futurex HSM | FUTUREX_HSM |
| GCP Artifact Registry | GCP_ARTIFACT_REGISTRY |
| GCP Google Kubernetes Container Security | GCP_KUBERNETES_CONTAINER_SECURITY |
| reCAPTCHA Enterprise | GCP_RECAPTCHA_ENTERPRISE |
| GCP Threat Detection | GCP_THREAT_DETECTION |
| Gigamon | GIGAMON |
| Gigya CIAM | GIGYA_CIAM |
| GitGuardian Enterprise | GITGUARDIAN_ENTERPRISE |
| Github Events | GITHUB_EVENTS |
| Glean | GLEAN |
| Globalscape SFTP | GLOBALSCAPE_SFTP |
| GlusterFS | GLUSTER_FS |
| GMV Checker User Context | GMV_CHECKER_CONTEXT |
| GoAnywhere MFT | GOANYWHERE_MFT |
| GoDaddy DNS | GODADDY_DNS |
| GoldiLock | GOLDILOCK |
| GrayhatWarfare | GRAYHATWARFARE |
| Graylog Operations | GRAYLOG |
| GreatHorn Email Security | GREATHORN |
| GreyNoise | GREYNOISE |
| GTB Technologies DLP | GTB_DLP |
| H3C Comware Platform Switch | H3C_SWITCH |
| HaProxy LoadBalancer | HAPROXY_LOADBALANCER |
| Harbor | HARBOR |
| Hirschmann Switch | HIRSCHMANN_SWITCH |
| Hitachi PAM | HITACHI_ID_PAM |
| Hornet Email Security | HORNET_SECURITY |
| Hewlett Packard Enterprise SAN | HPE_SAN |
| HP Printer logs | HP_PRINTER |
| HP Wolf Pro Security | HP_WOLF |
| Huawei NAC | HUAWEI_NAC |
| HubSpot Activity Logs | HUBSPOT_ACTIVITY |
| HubSpot CRM Platform | HUBSPOT_CRM |
| HubSpot Authentication Logs | HUBSPOT_LOGIN |
| HYPR MFA | HYPR_MFA |
| 3Com 8800 Series Switch | IBM_3COM |
| IBM Cleversafe Object Storage | IBM_CLEVERSAFE |
| IBM KNS | IBM_KNS |
| IBM Tape Storages | IBM_LTO |
| IBM MaaS360 | IBM_MAAS360 |
| IBM Mainframe Storage | IBM_MAINFRAME_STORAGE |
| IBM MQ File Transfer | IBM_MQ_FILE_TRANSFER |
| IBM Security Identity Manager | IBM_SIM |
| IBM Security QRadar SOAR | IBM_SOAR |
| IBM Spectrum Protect | IBM_SPECTRUM_PROTECT |
| IBM Switch | IBM_SWITCH |
| IBM Tririga | IBM_TRIRIGA |
| IBM WebSEAL | IBM_WEBSEAL |
| IBM WinCollect | IBM_WINCOLLECT |
| IBM zSecure Alert | IBM_ZSECURE_ALERT |
| Idecsi | IDECSI |
| Dell iDRAC | IDRAC |
| iManage Cloud Platform | IMANAGE_CLOUD |
| Imperva Sonar | IMPERVA_SONAR |
| Imprivata Confirm ID | IMPRIVATA_CONFIRM_ID |
| Imprivata Identity Governance | IMPRIVATA_IDG |
| Imprivata OneSign | IMPRIVATA_ONESIGN |
| Infinidat | INFINIDAT |
| Infoblox Loadbalancer | INFOBLOX_LOADBALANCER |
| Infoblox NetMRI | INFOBLOX_NETMRI |
| Infoblox RPZ | INFOBLOX_RPZ |
| INKY Secure Email | INKY |
| inWebo MFA | INWEBO_MFA |
| Ipswitch MOVEit Automation | IPSWITCH_MOVEIT_AUTOMATION |
| Ironscales | IRONSCALES |
| Ivanti Application Control | IVANTI_APP_CONTROL |
| Ivanti Device Control | IVANTI_DEVICE_CONTROL |
| ISM Xtraction | IVANTI_XTRACTION |
| Jamf Compliance Reporter | JAMF_COMPLIANCE_REPORTER |
| Jamf Protect Network Traffic | JAMF_NETWORK_TRAFFIC |
| JAMF Pro | JAMF_PRO |
| Jamf pro context | JAMF_PRO_CONTEXT |
| Jamf Pro MDM | JAMF_PRO_MDM |
| Jamf Protect Threat Events | JAMF_THREAT_EVENTS |
| IBM JDE | JDE |
| Jenkins | JENKINS |
| Journald | JOURNALD |
| JumpCloud Directory as a Service | JUMPCLOUD_DAAS |
| Juniper Secure Connect VPN | JUNIPER_VPN |
| Jupiter One | JUPITER_ONE |
| KACE Service Desk | KACE_SERVICE_DESK |
| KACE Systems Management Appliance | KACE_SMA |
| Kamailio | KAMAILIO |
| Kandji | KANDJI |
| Kaseya IT Management | KASEYA |
| Kaspersky Endpoint | KASPERSKY_ENDPOINT |
| Keeper Enterprise Security | KEEPER |
| Keycloak | KEYCLOAK |
| Keysight Packet Brokers | KEYSIGHT |
| Kibana audit logs | KIBANA |
| Kion | KION |
| Kiteworks | KITEWORKS |
| KnowBe4 PhishER | KNOWBE4_PHISHER |
| Kustomer CRM | KUSTOMER_CRM |
| Lansweeper Asset Management | LANSWEEPER |
| LastPass Password Management | LASTPASS |
| LOAD_BALANCER_ADC | LB_ADC |
| Lepide | LEPIDE |
| Lexmark Printer logs | LEXMARK_PRINTER |
| Liaison NuBridges Platform | LIAISON_NUBRIDGES |
| Libraesva Email Security | LIBRAESVA_EMAIL |
| Lira | LIRA |
| Logic Monitor | LOGICMONITOR |
| LogonBox | LOGONBOX |
| LookingGlass Aenoik IDPS | LOOKINGGLASS_IPS |
| Looking Glass | LOOKING_GLASS_IOC |
| LSI Badge Management System | LSI_BMS |
| Lumen DDoS Hyper | LUMEN_DDOS_HYPER |
| Lumos | LUMOS |
| Lenovo XClarity Orchestrator | LXC_ORCHESTRATOR |
| MailScanner | MAILSCANNER |
| Malwarebytes | MALWAREBYTES_EDR |
| Mambu | MAMBU |
| Manage Engine Endpoint | MANAGEENGINE_ENDPOINT |
| ManageEngine Remote Access Plus | MANAGEENGINE_RAP |
| ManageEngine Password Manager Pro | MANAGE_ENGINE_PASSWORD_MANAGER |
| Mandiant Attack Surface Management Entity | MANDIANT_ASM_ENTITY |
| Mandiant Attack Surface Management Discovered Issue | MANDIANT_ASM_ISSUE |
| Mandiant Attack Surface Management Technology | MANDIANT_ASM_TECHNOLOGY |
| Mandiant Custom IOC | MANDIANT_CUSTOM_IOC |
| Mango Apps | MANGOAPPS |
| Maria Database | MARIA_DB |
| Material Security | MATERIAL_SECURITY |
| Matrix Frontier Badge Management | MATRIX_FRONTIER |
| Mattermost | MATTERMOST |
| McAfee Application Control | MCAFEE_APP_CONTROL |
| McAfee Advanced Threat Defense | MCAFEE_ATD |
| McAfee MVISION EDR | MCAFEE_EDR |
| McAfee Solid Core | MCAFEE_SOLID_CORE |
| Medigate CMDB | MEDIGATE_CMDB |
| Micro Focus iManager | MICROFOCUS_IMANAGER |
| MicroSemi NTP | MICROSEMI_NTP |
| Microsoft Dynamics 365 User Activity | MICROSOFT_DYNAMICS_365 |
| Microsoft Defender External Attack Surface Management | MICROSOFT_EASM |
| Microsoft IAS Server | MICROSOFT_IAS |
| Microsoft Identity Protection | MICROSOFT_IDENTITY_PROTECTION |
| Microsoft Netlogon | MICROSOFT_NETLOGON |
| Microsoft Azure AD Risk Detections | MICROSOFT_RISK_DETECTIONS |
| Microsoft System Center Endpoint Protection | MICROSOFT_SCEP |
| Microsoft Security Actions | MICROSOFT_SECURITY_ACTIONS |
| Microsoft Security Advisories Alerts | MICROSOFT_SECURITY_ALERTS |
| Microsoft SSTP VPN | MICROSOFT_SSTP |
| Microsoft Threat Indicators | MICROSOFT_THREAT_INDICATORS |
| Mikrotik Router | MIKROTIK_ROUTER |
| Mimecast Attachment Logs | MIMECAST_ATTACHMENT_LOGS |
| Mimecast Audit Logs | MIMECAST_AUDIT_LOGS |
| Mimecast DLP Logs | MIMECAST_DLP_LOGS |
| Mimecast impersonation Logs | MIMECAST_IMPERSONATION_LOGS |
| Mimecast URL Logs | MIMECAST_URL_LOGS |
| Mimecast Web Security | MIMECAST_WEBPROXY |
| Minerva AV | MINERVA_AV |
| Mirth OnPrem Appliances NextGen | MIRTH_NEXTGEN |
| Mitel Communications Director | MITEL_MCD |
| Mode Analytics | MODE_ANALYTICS |
| Monday | MONDAY |
| Mulesoft | MULESOFT |
| MultiPay | MULTIPAY |
| Nagios Infrastructure Monitoring | NAGIOS |
| NCC Scout Suite | NCC_SCOUTSUITE |
| NCR Digital Insight FSG | NCR_DIGITAL_INSIGHT_FSG |
| NCR Digital Insight Global Logging | NCR_DIGITAL_INSIGHT_GL |
| Neo4j | NEO4J |
| Nessus | NESSUS |
| NetDisco | NETDISCO |
| Netenrich Entity Behaviour | NETENRICH_ENTITY_BEHAVIOR |
| Netgear Switch | NETGEAR_SWITCH |
| NetIQ Access Manager | NETIQ_ACCESS_MANAGER |
| NetIQ eDirectory | NETIQ_EDIRECTORY |
| Netmotion | NETMOTION |
| Netskope CASB | NETSKOPE_CASB |
| Netscope Client | NETSKOPE_CLIENT |
| Netsurion ProtectWise | NETSURION_PROTECTWISE |
| Neustar SiteProtect | NEUSTAR_SITEPROTECT |
| New Relic Platform | NEW_RELIC |
| Nextcloud Hub | NEXTCLOUD_HUB |
| Ne Silent Log | NE_SILENT_LOG |
| Ninja One | NINJAONE |
| NIST National Vulnerability Database | NIST_NVD |
| NNT File Integrity monitoring | NNT_FIM |
| Nokia Router | NOKIA_ROUTER |
| Noname API Security | NONAME_API_SECURITY |
| NordLayer VPN | NORD_LAYER |
| Nortel Contivity VPN Switch | NORTEL_SWITCH |
| Ntopng | NTOPNG |
| Nucleus Vulnerability Scan Delta | NUCLEUS_VULNERABILITY_DELTA |
| Nutanix Frame | NUTANIX_FRAME |
| Obsidian | OBSIDIAN |
| Okta RADIUS | OKTA_RADIUS |
| Onapsis | ONAPSIS |
| OnBase CMS | ONBASE_CMS |
| One Identity Active Role Service | ONEIDENTITY_ARS |
| One Identity Change Auditor | ONEIDENTITY_CHANGE_AUDITOR |
| One Identity Defender | ONEIDENTITY_DEFENDER |
| One Identity TPAM | ONEIDENTITY_TPAM |
| OneLogin User Context | ONELOGIN_USER_CONTEXT |
| 1Password Audit Events | ONEPASSWORD_AUDIT_EVENTS |
| Opengear Remote Management | OPENGEAR |
| Opentelemetry | OPENTELEMETRY |
| OpenText Fax2Mail | OPENTEXT_FAX2MAIL |
| Opnsense | OPNSENSE |
| Opswat Kiosk | OPSWAT_KIOSK |
| Opswat Metadefender | OPSWAT_METADEFENDER |
| Oracle HCM Human resources platform solution | ORACLE_HCM |
| Oracle SSO Audit Logging | ORACLE_SSO_AUDIT |
| Oracle WebLogic Server | ORACLE_WEBLOGIC |
| Orca Cloud Security Platform | ORCA |
| Oscar Claims | OSCAR_CLAIMS |
| Open Source Intelligence | OSINT_IOC |
| Osirium PAM | OSIRIUM_PAM |
| Outpost24 | OUTPOST24 |
| Packetlight Dwdm | PACKETLIGHT_DWDM |
| Packet Viper | PACKET_VIPER |
| PACOM Systems | PACOM_SYSTEMS |
| PagerDuty | PAGERDUTY |
| Pagerduty Audit | PAGERDUTY_AUDIT |
| Palo Alto DNS Security | PAN_DNS_SECURITY |
| Palo Alto Networks Global Protect | PAN_GLOBAL_PROTECT |
| Palo Alto Networks IoT Security | PAN_IOT |
| Palo Alto Networks XSOAR Audit | PAN_XSOAR |
| PaperCut Printing Management System | PAPER_CUT |
| Passwordstate | PASSWORDSTATE |
| Paxton Access Control Systems | PAXTON_ACS |
| SSL pcap | PCAP_SSL_CLIENT_HELLO |
| Pentera | PENTERA |
| Pentera ASV | PENTERA_ASV |
| Pentera Leef | PENTERA_LEEF |
| PeopleSoft | PEOPLESOFT |
| Peplink Loadbalancer | PEPLINK_LOADBALANCER |
| Peplink Router | PEPLINK_ROUTER |
| Peplink Switch | PEPLINK_SWITCH |
| PerimeterX Bot Protection | PERIMETERX_BOT_PROTECTION |
| Perimeter 81 | PERIMETER_81 |
| Domain Tools Phisheye | PHISHEYE_ALERT |
| Phishlabs | PHISHLABS |
| Pingsafe | PINGSAFE |
| Ping Access | PING_ACCESS |
| Ping One | PING_ONE |
| Ping SDK | PING_SDK |
| Plaso Super Timeline | PLASO |
| Plixer Scrutinizer | PLIXER_SCRUTINIZER |
| Pomerium | POMERIUM |
| Portnix Audit | PORTNOX_AUDIT |
| Portnix CEF | PORTNOX_CEF |
| PostgreSQL | POSTGRESQL |
| MS Powershell Transcript | POWERSHELL_TRANSCRIPT |
| Power DNS | POWER_DNS |
| Preveil Enterprise | PREVEIL_ENTERPRISE |
| ProofID | PROOFID |
| Proofpoint CASB | PROOFPOINT_CASB |
| Proofpoint Secure Share | PROOFPOINT_SECURE_SHARE |
| Proofpoint Security Awareness Training | PROOFPOINT_SECURITY_AWARENESS_TRAINING |
| Proofpoint Sendmail Sentrion | PROOFPOINT_SENDMAIL_SENTRION |
| Protegrity Defiance | PROTEGRITY_DEFIANCE |
| Honeywell Pro-Watch | PROWATCH |
| ProxMax | PROXMAX |
| PRTG Network Monitor | PRTG_NETWORKMONITOR |
| Puppet | PUPPET |
| Pure Storage | PURE_STORAGE |
| QLIK Audit | QLIK_AUDIT |
| QNAP Systems NAS | QNAP_NAS |
| Qualys User Activity | QUALYS_ACTIVITY |
| RSA RADIUS | RADIUS |
| Radware DDoS Protection | RADWARE_DDOS |
| RAD ETX | RAD_ETX |
| Rapid7 Security Onion | RAPID7_SECURITY_ONION |
| Raritan Dominion SX II | RARITAN_DOMINION |
| Recordia | RECORDIA |
| Red Canary Cloud Protection | REDCANARY_CLOUD_PROTECTION_RAW |
| Red Hat Identity Management | REDHAT_IM |
| Red Hat Keycloak | REDHAT_KEYCLOAK |
| RedHat Satellite Server | REDHAT_SATELLITE |
| RedHat StackRox | REDHAT_STACKROX |
| Remediant SecureONE | REMEDIANT_SECUREONE |
| Ribbon Session Border Controller | RIBBON_SBC |
| Ring Central | RING_CENTRAL |
| RiskIQ Digital Footprint | RISKIQ_DIGITAL_FOOTPRINT |
| RSA SecurID Access Identity Router | RSA_SECURID |
| Rubrik Polaris | RUBRIK_POLARIS |
| Rumble Network Discovery | RUMBLE_NETWORK_DISCOVERY |
| SafeConnect NAC | SAFECONNECT_NAC |
| Salesforce Context | SALESFORCE_CONTEXT |
| Sangfor Next Generation Firewall | SANGFOR_NGAF |
| SAP Cloud for Customer | SAP_C4C |
| SAP HANA | SAP_HANA |
| SAP Identity Management | SAP_IDM |
| SAP Insurance | SAP_INSURANCE |
| SAP SAST Suite | SAP_SAST |
| SAP SM20 | SAP_SM20 |
| SAP SuccessFactors | SAP_SUCCESSFACTORS |
| Microsoft System Center Configuration Manager | SCCM |
| Secberus Cloud Security Governance | SECBERUS |
| SecurityScorecard Platform | SECURITYSCORECARD |
| Semperis ADFR | SEMPERIS_ADFR |
| Sendgrid Api | SENDGRID |
| Senhasegura PAM | SENHASEGURA_PAM |
| SentinelOne Singularity Cloud Funnel | SENTINELONE_CF |
| ServiceNow Audit | SERVICENOW_AUDIT |
| ServiceNow Roles | SERVICENOW_ROLES |
| Sevco Security CMDB | SEVCO_CMDB |
| Microsoft SharePoint | SHAREPOINT |
| Sharepoint Unified Logging Service (ULS) | SHAREPOINT_ULS |
| shodan.io | SHODAN_IO |
| Siebel Monitoring | SIEBEL |
| Siemens SiPass | SIEMENS_SIPASS |
| Silver Peak Firewall | SILVERPEAK_FIREWALL |
| Single Store | SINGLE_STORE |
| SKYSEA Client View | SKYSEA |
| Smart Simple | SMART_SIMPLE |
| Snapattack | SNAPATTACK |
| Snipe-IT | SNIPE_IT |
| Snowflake | SNOWFLAKE |
| Socomec UPS | SOCOMEC_UPS |
| Software House Access Control | SOFTWARE_HOUSE_ACS |
| Solaris system | SOLARIS_SYSTEM |
| SolarWinds Serv-U | SOLARWINDS_SERV_U |
| SonarQube | SONARQUBE |
| Sophos Email Appliance | SOPHOS_EMAIL |
| Sophos URL filtering | SOPHOS_URL |
| Spamhaus | SPAMHAUS |
| Symantec Protection Engine | SPE |
| Splashtop Remote Access and Support software | SPLASHTOP |
| Splunk Attack Analyzer | SPLUNK_ATTACK_ANALYZER |
| Splunk DNS | SPLUNK_DNS |
| Splunk Phantom | SPLUNK_PHANTOM |
| Splunk Intel Management | SPLUNK_TRUSTAR |
| Stairwell Inception | STAIRWELL_INCEPTION |
| Stellar Cyber | STELLAR_CYBER |
| Stream Alert | STREAMALERT |
| StrongDM | STRONGDM |
| Sublime Security | SUBLIMESECURITY |
| Supermicro IPMI | SUPERMICRO_IPMI |
| Superna Eyeglass | SUPERNA_EYEGLASS |
| SureView Systems Activity | SUREVIEW_SYSTEMS |
| Swift Alliance Messaging Hub | SWIFT_AMH |
| Swimlane Platform | SWIMLANE |
| Symantec Messaging Gateway | SYMANTEC_MAIL |
| Symphony Summit AI | SYMPHONYAI |
| Synology | SYNOLOGY |
| Tableau | TABLEAU |
| Tailscale | TAILSCALE |
| Talon | TALON |
| Tanium Deploy | TANIUM_DEPLOY |
| Tanium Question | TANIUM_QUESTION |
| Tanium TanOS | TANIUM_TANOS |
| Tenable OT | TENABLE_OT |
| Tenable Web App Scanning | TENABLE_WAS |
| Teradici PCoIP | TERADICI_PCOIP |
| Terraform Enterprise Audit | TERRAFORM_ENTERPRISE |
| Tessian Cloud Email Security Platform | TESSIAN_PLATFORM |
| TGDetect | TGDETECT |
| ThreatQuotient | THREATQ_IOC |
| ThreatX WAF | THREATX_WAF |
| Thycotic devops secret vault | THYCOTIC_DEVOPS_SECRETVAULT |
| Trend Micro | TIPPING_POINT |
| Traceable API Security | TRACEABLE_PLATFORM |
| Traefik Labs | TRAEFIK |
| TrendMicro Apex Central | TRENDMICRO_APEX_CENTRAL |
| Trend Micro Apex one | TRENDMICRO_APEX_ONE |
| Trend Micro Cloud App Security | TRENDMICRO_CLOUDAPPSECURITY |
| Trend Micro Cloud one | TRENDMICRO_CLOUDONE |
| TrendMicro Deep Discovery Inspector | TRENDMICRO_DDI |
| TrendMicro EDR | TRENDMICRO_EDR |
| TrendMicro Webproxy DSM | TRENDMICRO_WEBPROXY_DSM |
| Tripp Lite | TRIPP_LITE |
| Twilio Audit | TWILIO_AUDIT |
| Twilio Authy | TWILIO_AUTHY |
| Twingate | TWINGATE |
| Tyk IO | TYK_IO |
| Ubiquiti UDM Firewall | UBIQUITI_FIREWALL |
| UDM | UDM |
| Uipath | UIPATH |
| UltraDNS | ULTRADNS |
| Ultra Electronics CyberFence | ULTRA_CYBERFENCE |
| Unifi Switch | UNIFI_SWITCH |
| Unit 21 | UNIT21 |
| UpGuard | UPGUARD |
| Vector Dev | VECTOR_DEV |
| Vectra Protect | VECTRA_PROTECT |
| Veeam | VEEAM |
| Velo Firewall | VELO_FIREWALL |
| Venafi | VENAFI |
| Veritas NetBackup | VERITAS_NETBACKUP |
| Verizon Network Detection and Response | VERIZON_NDR |
| Verkada | VERKADA |
| Virsec Event Logs | VIRSEC_EVENT |
| Virsec Attack and Threat Logs | VIRSEC_THREAT |
| Virtru Email Encryption | VIRTRU_EMAIL_ENCRYPTION |
| VirusTotal Threat Hunter | VIRUSTOTAL_THREAT_HUNTER |
| VMRay Analyzer | VMRAY_FLOG_XML |
| VMware Aria Logs | VMWARE_ARIA_LOGS |
| Vmware Avinetworks iWAF | VMWARE_AVINETWORKS_IWAF |
| VMware Avi Vantage Platform | VMWARE_AVI_VANTAGE |
| VMware Cloud Director | VMWARE_CD |
| VMware HCX | VMWARE_HCX |
| VMware NSX AVI | VMWARE_NSX_AVI |
| VMware SDDC | VMWARE_SDDC |
| VMware SDWN Events | VMWARE_SDWN_EVENTS |
| VMware Unified Access Gateway | VMWARE_UNIFIED_ACCESS_GATEWAY |
| VMware vShield | VMWARE_VSHIELD |
| Voltage | VOLTAGE |
| Vonage | VONAGE |
| Vsftpd | VSFTPD |
| VSFTPD Audit | VSFTPD_AUDIT |
| Wallix Bastion | WALLIX_BASTION |
| Wallix Endpoint Privilege Management | WALLIX_EPM |
| Wallix Privileged Access Management | WALLIX_PAM |
| Waterfall Data Security Manager | WATERFALL_DSM |
| WebEx | WEBEX_SAAS |
| White Cloud | WHITECLOUD_EDR |
| Windows Filtering Platform | WINDOWS_WFP |
| wiz.io | WIZ_IO |
| Wordpress Simple History | WORDPRESS_SIMPLE_HISTORY |
| Workato Audit Logs | WORKATO |
| Workday Audit Logs | WORKDAY_AUDIT |
| Workday User Activity | WORKDAY_USER_ACTIVITY |
| Workspot Control | WORKSPOT_CONTROL |
| WP Engine | WP_ENGINE |
| Western Telematic Inc Console Servers | WTI_CONSOLE_SERVERS |
| Ysoft Data Security Manager | YSOFT_DSM |
| Zabbix | ZABBIX |
| Zendesk CRM | ZENDESK_CRM |
| ZeroFox Platform | ZEROFOX_PLATFORM |
| Zoho Analytics Audits | ZOHO_AUDIT |
| ZScaler Deception | ZSCALER_DECEPTION |
| Zscaler Digital Experience | ZSCALER_DIGITAL_EXPERIENCE |
| Zscaler DLP | ZSCALER_DLP |
| Zscaler Client Connector | ZSCALER_ZCC |
| Zscaler ZDX | ZSCALER_ZDX |
| Zscaler Secure Private Access Audit Logs | ZSCALER_ZPA_AUDIT |
| Zuora App Logs | ZUORA_APP_LOGS |