Supported default parsers

Parsers normalize raw log data into structured Unified Data Model format. This section lists devices, and ingestion labels, that have a default parser. A default parser is considered supported by Chronicle as long as the device's raw logs are received in the required format.

For a list of supported ingestion labels, see Supported data sets

The Format column indicates the high-level structure of the raw log, as:

  • CSV: Comma Separated Values
  • JSON: JavaScript Object Notation
  • SYSLOG: syslog formatted message
  • KV: key-value pair
  • XML: Extensible Markup Language
  • SYSLOG + KV: syslog header with key-value body
  • SYSLOG + JSON: syslog header with key-value body
  • SYSLOG + XML: syslog header with XML body
  • LEEF: Log Event Extended Format
  • CEF: Common Event Format
Vendor / Product Category Ingestion Label Format Latest Update
Thales Luna Hardware Security Module THALES_LUNA_HSM specific THALES_LUNA_HSM JSON 2022-02-14
Azure AD Organizational Context LDAP AZURE_AD_CONTEXT JSON 2022-05-16
View Change
Brocade ServerIron ADX Load Balancer BROCADE_SERVERIRON SYSLOG 2022-01-13
Stealthbits Audit File system monitoring STEALTHBITS_AUDIT JSON 2021-11-09
Cisco Meraki Wireless CISCO_MERAKI SYSLOG, JSON 2022-06-15
View Change
Microsoft CASB CASB MICROSOFT_CASB SYSLOG + KV (CEF) 2021-10-20
Archer Integrated Risk Management Risk Management Solution ARCHER_IRM SYSLOG 2022-05-04
View Change
Microsoft IIS Web Server IIS SYSLOG + KV 2022-03-30
View Change
Mobileiron ENDPOINT MANAGEMENT MOBILEIRON JSON 2022-04-25
View Change
Preempt Alert Identity and Access Management PREEMPT SYSLOG + KV (CEF) 2022-06-22
View Change
Active Countermeasures Alert AI_HUNTER SYSLOG 2020-12-08
VanDyke SFTP Data Transfer VANDYKE_SFTP JSON,SYSLOG 2022-03-25
View Change
Microsoft AD FS LDAP ADFS JSON 2022-05-18
View Change
Custom Security Data Analytics Log Aggregation CUSTOM_SECURITY_DATA_ANALYTICS JSON 2021-04-14
Tanium Patch Tanium Specific TANIUM_PATCH JSON 2022-02-08
Microsoft Azure NSG Flow Network Flow AZURE_NSG_FLOW JSON 2022-04-18
View Change
Palo Alto Prisma Cloud SECURITY PLATFORM PAN_PRISMA_CLOUD JSON 2021-12-31
Strong Swan VPN VPN STRONGSWAN_VPN JSON 2021-06-04
Duo User Context Identity and Access Management DUO_USER_CONTEXT JSON 2021-04-12
Apache Hadoop open-source software HADOOP SYSLOG + KV 2022-05-25
View Change
FireEye Alerts FIREEYE_ALERT SYSLOG + JSON 2022-03-15
Imperva SecureSphere Management Data Security / Insider Threat IMPERVA_SECURESPHERE SYSLOG + KV (CEF) 2021-09-06
Static IP DHCP ASSET_STATIC_IP CSV 2020-04-30
Big Switch BigCloudFabric Switches, Routers BIGSWITCH_BCF SYSLOG 2021-04-20
Emerging Threats Pro IOC ET_PRO_IOC CSV 2021-12-09
File Scanning Framework File scanning FILE_SCANNING_FRAMEWORK JSON 2021-09-27
Mongo Database DATABASE MONGO_DB JSON 2022-03-07
AlphaSOC Alert ASOC_ALERT JSON 2021-06-21
FileZilla File transer FILEZILLA_FTP SYSLOG 2022-03-23
View Change
AWS Cloudtrail Cloud Log Aggregator AWS_CLOUDTRAIL JSON 2022-06-06
View Change
Carbon Black App Control Security log CB_APP_CONTROL CEF,JSON 2022-06-22
View Change
IBM Tivoli Monitoring IBM_TIVOLI JSON,SYSLOG 2022-01-10
Palo Alto Networks Traps EDR PAN_EDR JSON 2020-03-17
ForgeRock OpenAM Identity and Access Management OPENAM CSV, SYSLOG + KV 2022-04-29
View Change
Forcepoint NGFW Network FORCEPOINT_FIREWALL JSON 2021-08-27
Tanium Comply Tanium Specific TANIUM_COMPLY JSON 2021-08-04
Fortinet FortiNAC NAC FORTINET_FORTINAC SYSLOG 2021-12-16
Tanium Threat Response Tanium Specific TANIUM_THREAT_RESPONSE JSON 2021-06-30
BIND DNS BIND_DNS SYSLOG 2022-04-22
View Change
Thycotic Identity and Access Management THYCOTIC SYSLOG + KV (CEF) 2020-08-22
GCP Load Balancing Load Balancer GCP_LOADBALANCING JSON 2022-01-11
ZScaler NGFW Firewall ZSCALER_FIREWALL SYSLOG + KV (CEF), CSV 2022-04-29
View Change
ZScaler VPN VPN ZSCALER_VPN SYSLOG + CSV 2022-01-13
Suricata EVE IPS IDS SURICATA_EVE JSON 2021-09-14
Thales Vormetric Encryption VORMETRIC SYSLOG 2021-12-17
Nucleus Unified Vulnerability Management Nucleus Specific NUCLEUS_VULNERABILITY JSON 2021-06-30
Radware Web Application Firewall Firewall RADWARE_FIREWALL SYSLOG 2021-09-08
VMware Tanzu Kubernetes Grid IDS/IPS VMWARE_TANZU JSON 2022-04-27
View Change
Tripwire DLP TRIPWIRE_FIM SYSLOG 2022-06-14
View Change
Aruba IPS IPS ARUBA_IPS JSON 2022-06-16
View Change
Cybereason EDR EDR CYBEREASON_EDR JSON 2021-06-29
Qualys VM Vulnerability Scanner QUALYS_VM KV 2020-08-16
EfficientIP DDI Network EFFICIENTIP_DDI SYSLOG + KV 2022-01-24
IBM DataPower Gateway API Gateway IBM_DATAPOWER Message 2022-06-10
View Change
CA Access Control Access Management CA_ACCESS_CONTROL JSON+SYSLOG, SYSLOG 2022-04-13
View Change
IBM Informix DATABASE INFORMIX JSON + SYSLOG 2022-02-18
Apache Cassandra Web server CASSANDRA JSON 2022-04-13
View Change
McAfee Web Protection SaaS Application MCAFEE_WEB_PROTECTION JSON 2020-11-02
GCP Apigee GCP Specific GCP_APIGEE JSON 2021-11-02
AWS Config AWS Specific AWS_CONFIG JSON 2022-05-27
View Change
Cisco CTS Telephone Software CISCO_CTS SYSLOG + KV 2021-05-20
Workspace Activities GCP Specific WORKSPACE_ACTIVITY JSON 2022-05-16
View Change
Forescout NAC NAC FORESCOUT_NAC SYSLOG 2022-06-17
Tanium Stream Tanium Specific TANIUM_TH JSON 2022-06-01
View Change
Red Hat Directory Server LDAP Identity and Access Management REDHAT_DIRECTORY_SERVER JSON + SYSLOG + KV 2022-04-11
View Change
Cisco WLC/WCS Wireless CISCO_WIRELESS SYSLOG 2021-02-16
IBM z/OS OS IBM_ZOS LEEF 2022-06-03
View Change
VMware AirWatch Wireless AIRWATCH SYSLOG + KV 2022-06-20
View Change
Red Canary EDR REDCANARY_EDR JSON 2021-01-12
SentinelOne Deep Visibility EDR SENTINEL_DV JSON 2021-01-25
Palo Alto Cortex XDR NDR CORTEX_XDR JSON 2022-01-23
F5 BIGIP LTM Load Balancer, Traffic Shaper, ADC F5_BIGIP_LTM SYSLOG 2022-06-03
View Change
GCP Compute GCP Specific GCP_COMPUTE JSON 2022-06-16
View Change
AWS CloudFront CDN AWS_CLOUDFRONT SYSLOG 2022-05-27
View Change
SentinelOne EDR EDR SENTINEL_EDR SYSLOG + JSON 2022-06-13
View Change
Squid Web Proxy Web Proxy SQUID_WEBPROXY SYSLOG 2021-02-16
Forcepoint Proxy Web Proxy FORCEPOINT_WEBPROXY SYSLOG + KV (CEF), LEEF 2022-05-16
View Change
Cisco ASA Firewall CISCO_ASA_FIREWALL JSON, SYSLOG 2022-02-27
Quest Active Directory Authentication log QUEST_AD CEF Syslog 2022-01-31
COVID-19 Cyber Threat Coalition IOC COVID_CTC_IOC Value Entry 2020-06-02
F5 DNS DNS F5_DNS SYSLOG 2021-06-17
Sophos Capsule8 Container Security SOPHOS_CAPSULE8 JSON 2021-12-22
Windows DNS DNS WINDOWS_DNS JSON, XML, SYSLOG + KV 2022-05-11
View Change
CloudGenix SD-WAN Switches, Routers CLOUDGENIX_SDWAN SYSLOG + KV 2020-11-20
Duo Entity context data Identity and Access Management DUO_CONTEXT JSON 2022-03-14
Unbound DNS DNS UNBOUND_DNS SYSLOG 2020-06-09
Cloud Passage SaaS Application CLOUD_PASSAGE JSON 2021-08-02
ServiceNow Security SaaS Application SERVICENOW_SECURITY JSON 2021-05-24
TrendMicro Web Proxy Web Proxy TRENDMICRO_WEBPROXY SYSLOG + KV 2021-03-05
Avanan Email Security Email Server AVANAN_EMAIL JSON 2020-09-15
Bluecat Edge DNS Resolver DNS BLUECAT_EDGE JSON,KV,SYSLOG 2022-01-18
Atlassian Jira Ticketing Application ATLASSIAN_JIRA SYSLOG 2022-05-31
View Change
Microsoft Azure Resource Log Aggregator AZURE_RESOURCE_LOGS JSON 2022-05-31
View Change
D3 Banking BANKING D3_BANKING JSON 2022-03-23
View Change
Fireeye ETP Email Server FIREEYE_ETP JSON 2021-06-11
Palo Alto Networks Firewall Firewall PAN_FIREWALL SYSLOG + LEEF 2022-03-28
View Change
Layer7 SiteMinder SSO SITEMINDER_SSO KV+JSON 2022-04-19
View Change
Proofpoint Email Filter Email Server PROOFPOINT_MAIL_FILTER KV 2021-11-15
Cisco Application Control Engine Load Balancer, Traffic Shaper, ADC CISCO_ACE SYSLOG 2021-01-13
Okta Access Gateway OKTA specific OKTA_ACCESS_GATEWAY JSON 2022-01-24
Juniper Firewall JUNIPER_FIREWALL SYSLOG + KV 2021-12-21
Cisco ACS Authentication CISCO_ACS SYSLOG + KV 2022-06-14
View Change
GMAIL Logs GCP Specific GMAIL_LOGS JSON 2022-01-06
Stealthbits Defend Security System for Active Directory and File Systems. STEALTHBITS_DEFEND SYSLOG + KV (LEEF) 2022-01-17
Unifi AP Switches and Routers UNIFI_AP SYSLOG + KV, SYSLOG + JSON 2022-05-24
View Change
Signal Sciences WAF WAF SIGNAL_SCIENCES_WAF JSON 2022-03-03
Apache Tomcat Web server TOMCAT JSON 2022-04-20
View Change
Cloudflare SaaS Application CLOUDFLARE JSON 2022-05-23
View Change
Azure Cosmos DB Database AZURE_COSMOS_DB JSON 2022-04-13
View Change
Corelight NDR CORELIGHT JSON 2022-04-23
View Change
Tanium Audit SCAN NETWORK TANIUM_AUDIT JSON 2022-06-08
View Change
Zscaler Web Proxy ZSCALER_WEBPROXY SYSLOG + KV, CSV 2022-06-20
View Change
GMV Checker ATM Security ATM Audit GMV_CHECKER SYSLOG 2022-04-20
View Change
Citrix Netscaler Load Balancer, Traffic Shaper, ADC CITRIX_NETSCALER SYSLOG + KV 2022-06-09
View Change
Workspace Mobile Devices GCP Specific WORKSPACE_MOBILE JSON 2021-07-28
Juniper Junos Network Device JUNIPER_JUNOS SYSLOG + KV 2022-05-02
View Change
Blue Coat Proxy Web Proxy BLUECOAT_WEBPROXY SYSLOG + JSON, SYSLOG + KV 2022-05-25
View Change
Fortinet DHCP FORTINET_DHCP KV 2021-04-28
IBM Guardium Database DLP GUARDIUM CSV, CEF 2022-05-17
View Change
TeamViewer Remote Support TEAMVIEWER JSON 2021-11-24
Thales MFA Authentication THALES_MFA SYSLOG + KV (CEF) 2020-07-13
Digital Shadows SearchLight Threat Intelligence DIGITAL_SHADOWS_SEARCHLIGHT JSON 2022-05-02
Cato Networks NDR CATO_NETWORKS JSON 2020-07-14
Microsoft Azure Activity Misc Windows Specific AZURE_ACTIVITY JSON 2022-05-19
View Change
Zeek JSON Format Specific BRO_JSON SYSLOG + JSON 2021-11-01
ExtraHop DNS DNS EXTRAHOP_DNS JSON 2021-12-13
AWS Elastic Load Balancer AWS Specific AWS_ELB SYSLOG 2022-05-27
View Change
Falco IDS IDS/IPS FALCO_IDS JSON 2021-07-29
LimaCharlie EDR LIMACHARLIE_EDR JSON 2021-10-18
Office 365 SaaS Application OFFICE_365 JSON 2022-06-20
View Change
CSV Custom IOC IOC CSV_CUSTOM_IOC CSV 2022-05-20
View Change
Men and Mice DNS DNS MENANDMICE_DNS SYSLOG 2021-11-12
Darktrace NDR DARKTRACE SYSLOG + KV (CEF) 2022-04-22
View Change
Kemp Load Balancer Load Balancer, Traffic Shaper, ADC KEMP_LOADBALANCER SYSLOG 2021-04-04
AlgoSec Security Management Policy Management ALGOSEC SYSLOG + KV (CEF) 2021-05-13
Zeek TSV Format Specific BRO_TSV SYSLOG + TSV 2022-01-31
Workspace Users GCP Specific WORKSPACE_USERS JSON 2022-03-28
View Change
Pulse Secure VPN PULSE_SECURE_VPN SYSLOG 2022-04-13
View Change
Nokia VitalQIP DDI (DNS, DHCP, IPAM) VITALQIP SYSLOG 2022-03-01
Dell OpenManage Systems Management Application DELL_OPENMANAGE Syslog 2022-03-03
Mimecast Email Server MIMECAST_MAIL KV 2022-03-07
Nucleus Asset Metadata Nucleus Specific NUCLEUS_ASSET JSON 2021-08-05
GCP VPC Flow GCP Specific GCP_VPC_FLOW JSON 2022-03-09
Kyriba Treasury Management SaaS Application KYRIBA CSV 2021-02-24
CrowdStrike Falcon EDR CS_EDR JSON 2022-06-20
View Change
Aruba Airwave Wireless ARUBA_AIRWAVE XML 2021-03-16
Infoblox DHCP, DNS INFOBLOX SYSLOG 2022-04-08
View Change
Microsoft Powershell Misc. Windows-specific POWERSHELL SYSLOG + JSON 2022-04-21
Varonis Data Security / Insider Threat VARONIS SYSLOG + KV (CEF) 2021-04-22
Cisco FireSIGHT Management Center SaaS Application CISCO_FIRESIGHT KV 2021-12-10
Fastly WAF WAF FASTLY_WAF JSON 2022-06-06
View Change
CyberArk Privilege Account Management CYBERARK KV (CEF) 2021-12-31
Honeyd Deception Software HONEYD SYSLOG 2021-04-05
JAMF Protect ENDPOINT SECURITY JAMF_PROTECT JSON 2022-06-13
View Change
VMware Horizon VDI VMWARE_HORIZON SYSLOG 2022-02-15
ThreatConnect IOC THREATCONNECT_IOC JSON 2022-01-13
Medigate IoT IoT MEDIGATE_IOT SYSLOG + JSON 2021-07-22
Unix system OS NIX_SYSTEM SYSLOG 2022-06-13
View Change
Cofense Email Server COFENSE_TRIAGE SYSLOG + KV (CEF) 2021-04-07
HCL BigFix Network Management and Optimization HCL_BIGFIX JSON 2022-06-07
View Change
OneLogin SSO ONELOGIN_SSO JSON 2022-05-18
View Change
Cisco ISE Identity and Access Management CISCO_ISE SYSLOG 2022-06-17
View Change
HP Procurve Switch Switches HP_PROCURVE SYSLOG 2021-09-27
Preempt Auth Identity and Access Management PREEMPT_AUTH SYSLOG + JSON 2021-06-16
Windows Network Policy Server Authentication WINDOWS_NET_POLICY_SERVER SYSLOG, JSON, SYSLOG + XML 2022-02-18
Aqua Security IaaS Applications AQUA_SECURITY JSON 2022-02-03
BeyondTrust Privilege Account Activity BOMGAR SYSLOG 2022-02-18
Cylance Protect Alerts CYLANCE_PROTECT SYSLOG + KV 2020-07-06
Symantec EDR EDR SYMANTEC_EDR JSON 2022-03-31
View Change
Elastic Windows Event Log Beats Log Aggregator ELASTIC_WINLOGBEAT SYSLOG + JSON 2022-05-26
View Change
Ipswitch SFTP Data Transfer IPSWITCH_SFTP SYSLOG, JSON 2022-03-15
CIS Albert Alerts Alerts CIS_ALBERT_ALERT SYSLOG 2022-05-20
View Change
F5 Shape Security log F5_SHAPE JSON 2022-02-21
ZScaler DNS DNS ZSCALER_DNS SYSLOG + KV 2020-12-03
Azure AD LDAP AZURE_AD JSON 2022-04-20
View Change
Carbon Black EDR CB_EDR JSON 2022-01-24
Cisco CloudLock CASB CISCO_CLOUDLOCK_CASB JSON 2021-10-04
Snort IDS/IPS SNORT_IDS SYSLOG + JSON 2021-12-23
Akamai Cloud Monitor Load Balancer, Traffic Shaper, ADC AKAMAI_CLOUD_MONITOR JSON 2021-07-20
IBM CICS Service Bus IBM_CICS LEEF 2021-10-27
Tanium Asset Tanium Specific TANIUM_ASSET JSON 2021-06-14
Cisco NX-OS OS CISCO_NX_OS SYSLOG 2022-02-21
Linux DHCP DHCP LINUX_DHCP SYSLOG 2022-02-07
Recorded Future IOC RECORDED_FUTURE_IOC JSON 2021-11-17
Oracle DATABASE ORACLE_DB SYSLOG + KV 2022-01-11
Sophos AV AV / Endpoint SOPHOS_AV CSV, JSON 2022-01-26
Windows DHCP DHCP WINDOWS_DHCP JSON, SYSLOG, CSV 2022-04-13
View Change
Tanium Insight Tanium Specific TANIUM_INSIGHT SYSLOG + KV 2021-03-10
Azure AD Directory Audit Audit AZURE_AD_AUDIT JSON 2022-06-20
View Change
CrowdStrike Falcon Stream Alerts CS_STREAM KV (LEEF) 2021-09-23
ESET Threat Intelligence IOC ESET_IOC JSON 2022-05-31
View Change
Infoblox DHCP DHCP INFOBLOX_DHCP SYSLOG 2022-04-13
View Change
Proofpoint On Demand Email Server PROOFPOINT_ON_DEMAND JSON 2022-05-20
View Change
Crowdstrike IOC IOC CROWDSTRIKE_IOC JSON 2021-08-17
IBM DB2 Database DB2_DB LEEF 2022-05-04
View Change
Imperva WAF IMPERVA_WAF SYSLOG + KV + JSON 2022-06-20
View Change
Suricata IDS IDS/IPS SURICATA_IDS JSON 2022-06-13
View Change
Ubiquiti UniFi Switch Switch UBIQUITI_SWITCH SYSLOG 2022-02-07
Windows Event (XML) AV / Endpoint WINEVTLOG_XML SYSLOG + XML 2022-01-25
Salesforce SaaS Application SALESFORCE KV (LEEF), CSV 2022-04-18
View Change
Windows Event Endpoint WINEVTLOG JSON + KV 2022-06-07
View Change
GitHub SaaS Application GITHUB JSON 2021-07-26
Symantec Event export SEP SYMANTEC_EVENT_EXPORT JSON 2021-09-28
JAMF CMDB Computer Inventory JAMF JSON 2021-12-03
Forseti Open Source GCP Specific FORSETI JSON 2021-12-23
McAfee Unified Cloud Edge SaaS Application MCAFEE_UCE JSON 2021-07-20
Apache Web Server APACHE SYSLOG 2022-05-12
View Change
Sophos Firewall (Next Gen) Firewall SOPHOS_FIREWALL KV 2022-01-11
PAN Autofocus IOC PAN_IOC JSON 2021-08-09
Bluecat DDI DDI (DNS, DHCP, IPAM) BLUECAT_DDI SYSLOG 2022-05-05
View Change
SecureLink Remote Access Tools SECURELINK SYSLOG 2020-07-13
Windows Firewall Firewall WINDOWS_FIREWALL Space Separated Value 2021-08-26
Cisco AMP AV / Endpoint CISCO_AMP JSON 2021-12-12
F5 ASM WAF F5_ASM SYSLOG 2022-05-17
View Change
Ordr IoT IoT ORDR_IOT SYSLOG + JSON 2022-04-13
View Change
SailPoint IAM Identity and Access Management SAILPOINT_IAM JSON 2021-08-25
FortiGate Firewall FORTINET_FIREWALL JSON, SYSLOG + KV 2022-06-20
View Change
Okta Identity and Access Management OKTA JSON 2022-06-15
View Change
Workspace Groups GCP Specific WORKSPACE_GROUPS JSON 2021-09-22
Cisco Router Switches, Routers CISCO_ROUTER SYSLOG 2022-02-28
Symantec DLP DLP SYMANTEC_DLP SYSLOG + KV (CEF), XML 2022-01-13
AWS VPC Flow AWS Specific AWS_VPC_FLOW SYSLOG 2022-05-30
View Change
Cisco VPN VPN CISCO_VPN SYSLOG 2020-12-07
Cisco DHCP DHCP CISCO_DHCP CSV + Syslog 2022-02-07
Comodo AV / Endpoint COMODO_AV SYSLOG + KV (CEF) 2021-04-09
HP Aruba(Clearpass) Identity and Access Management CLEARPASS SYSLOG + KV 2022-01-03
Dell EMC Isilon NAS Storage DELL_EMC_NAS SYSLOG 2021-10-12
HPE ILO Server Management HPE_ILO SYSLOG 2022-03-14
Linux Sysmon DNS LINUX_SYSMON XML 2022-05-10
View Change
Aruba Wireless ARUBA_WIRELESS SYSLOG 2022-03-30
View Change
Juniper MX Router Routers and Switches JUNIPER_MX SYSLOG + KV 2022-01-24
Symantec Endpoint Protection AV / Endpoint SEP SYSLOG 2022-05-11
View Change
EPIC Systems Discovery and Monitoring EPIC LEEF + KV 2022-06-09
View Change
ExtraHop RevealX Firewall IDS/IPS EXTRAHOP JSON,SYSLOG 2022-05-18
View Change
Rubrik Backup software RUBRIK SYSLOG 2022-02-02
Slack Audit Productivity SLACK_AUDIT JSON 2022-04-07
View Change
McAfee Web Gateway Web Proxy MCAFEE_WEBPROXY SYSLOG + KV (CEF), JSON 2022-01-18
Sophos DHCP DHCP SOPHOS_DHCP SYSLOG + KV 2022-02-10
NIMBLE OS OS NIMBLE_OS SYSLOG 2020-10-05
Microsoft AD LDAP WINDOWS_AD JSON 2022-03-21
ManageEngine ADAudit Plus Active Directory Audit ADAUDIT_PLUS SYSLOG + KV (CEF) 2021-10-07
Duo Auth Authentication DUO_AUTH JSON 2022-03-21
GCP Cloud Identity Devices GCP Specific GCP_CLOUDIDENTITY_DEVICES JSON 2022-04-13
View Change
Netfilter IPtables Firewall NETFILTER_IPTABLES SYSLOG + KV 2022-03-11
FireEye HX EDR FIREEYE_HX JSON 2022-02-03
Workspace Alerts WORKSPACE_ALERTS JSON 2022-06-09
View Change
Symantec Web Isolation Secure Access Service Edge SYMANTEC_WEB_ISOLATION JSON 2022-06-20
View Change
Cisco Umbrella Cloud Firewall Firewall UMBRELLA_FIREWALL CSV 2021-03-15
Wazuh Log Aggregator WAZUH SYSLOG + JSON 2022-01-21
Windows Defender AV AV / Endpoint WINDOWS_DEFENDER_AV JSON, XML 2022-01-10
VMware vRealize Suite Cloud VMWARE_VREALIZE SYSLOG 2022-04-27
View Change
Box Collaboration BOX JSON 2021-02-16
Avatier Password Management SaaS Application AVATIER SYSLOG + KV 2021-08-05
Absolute Mobile Device Management Mobile Device Management ABSOLUTE SYSLOG + KV (CEF) 2021-06-15
Centripetal Networks IOC IOC CENTRIPETAL_IOC SYSLOG + KV 2022-01-06
MySQL Database MYSQL SYSLOG 2021-04-12
Cloudian hyperstore Storage Solutions CLOUDIAN_HYPERSTORE SYSLOG 2021-05-05
Rapid7 Vunerability Scanner RAPID7_NEXPOSE JSON 2021-07-29
Check Point Firewall CHECKPOINT_FIREWALL SYSLOG + KV , JSON 2022-06-17
View Change
Trend Micro AV AV / Endpoint TRENDMICRO_AV SYSLOG + KV 2022-05-30
View Change
Tanium Reveal Tanium Specific TANIUM_REVEAL JSON 2021-11-15
VMware vCenter Server VMWARE_VCENTER SYSLOG + JSON 2022-05-06
View Change
DMP Physcial Security DMP_ENTRE SYSLOG 2020-09-23
AWS CloudWatch Cloud service monitoring AWS_CLOUDWATCH JSON, GROK 2022-05-27
View Change
Linux Auditing System (AuditD) OS AUDITD SYSLOG 2022-06-17
View Change
Cisco Prime Network Management and Optimization CISCO_PRIME SYSLOG 2021-05-21
Digital Shadows Indicators IOC DIGITAL_SHADOWS_IOC JSON 2022-04-23
Kaspersky AV AV / Endpoint KASPERSKY_AV KV + CEF 2022-05-17
View Change
Cisco Umbrella IP Web Proxy UMBRELLA_IP SYSLOG 2021-04-26
Kea DHCP DHCP KEA_DHCP SYSLOG 2022-03-22
View Change
Uptycs EDR Endpoint detection and response UPTYCS_EDR JSON 2021-11-23
VMware ESXi Hypervisor VMWARE_ESX SYSLOG 2022-06-13
View Change
Elastic Audit Beats ALERTING ELASTIC_AUDITBEAT JSON 2022-05-31
View Change
VMware NSX Network and Security Virtualization VMWARE_NSX KV 2022-06-10
View Change
AWS Key Management Service AWS Specific AWS_KMS JSON 2022-05-27
View Change
Windows Sysmon DNS WINDOWS_SYSMON JSON, XML 2022-04-09
View Change
Tenable Security Center Vulnerability Scanner TENABLE_SC SYSLOG 2021-05-18
Thinkst Canary Deception Software THINKST_CANARY JSON 2021-06-14
Passive DNS DNS PASSIVE_DNS JSON 2021-05-19
Dell EMC Data Domain Storage system DELL_EMC_DATA_DOMAIN SYSLOG + KV 2022-04-27
View Change
Centrify SSO CENTRIFY_SSO JSON 2020-07-08
Citrix Storefront Remote Access Tools CITRIX_STOREFRONT JSON 2021-12-29
ESET EDR ESET_EDR SYSLOG + JSON 2022-05-10
View Change
IBM AS/400 Application System IBM_AS400 SYSLOG + KV 2022-04-13
View Change
Rapid7 Insight Vunerability Scanner RAPID7_INSIGHT JSON 2021-12-20
ServiceNow CMDB Policy Management SERVICENOW_CMDB JSON 2022-06-10
View Change
Microsoft SQL Server Database MICROSOFT_SQL SYSLOG + KV, JSON 2022-05-31
View Change
GCP Cloud IOT GCP Specific GCP_CLOUDIOT JSON 2022-06-06
View Change
Automation Anywhere Automation Tools AUTOMATION_ANYWHERE SYSLOG + KV 2021-04-28
AWS GuardDuty IDS/IPS GUARDDUTY JSON 2022-05-27
View Change
McAfee IPS IDS/IPS MCAFEE_IPS SYSLOG 2021-04-15
NXLog Manager Log Aggregator NXLOG_MANAGER SYSLOG 2022-01-13
McAfee DLP DLP MCAFEE_DLP CSV 2022-04-13
View Change
Sendmail Email Server SENDMAIL SYSLOG + KV 2022-05-06
View Change
Windows Applocker Application Locker WINDOWS_APPLOCKER SYSLOG + KV 2022-02-07
F5 VPN VPN F5_VPN SYSLOG 2020-10-08
Azure Firewall Azure Firewall Application Rule AZURE_FIREWALL JSON 2022-04-29
View Change
GCP IDS IDS GCP_IDS JSON 2021-09-14
CloudM Identity and Access Management CLOUDM JSON 2022-06-09
View Change
Okta User Context Identity and Access Management OKTA_USER_CONTEXT JSON 2022-05-19
View Change
Sourcefire IDS/IPS SOURCEFIRE_IDS JSON 2022-06-09
View Change
Silverfort Authentication Platform Identity and Access Management SILVERFORT CEF Syslog 2022-01-18
RSA Identity and Access Management RSA_AUTH_MANAGER CSV 2022-06-13
View Change
Microsoft Intune Mobile Device Management AZURE_MDM_INTUNE JSON 2021-04-15
RH-ISAC IOC RH_ISAC_IOC JSON 2022-03-22
View Change
WatchGuard Syslog and KV WATCHGUARD JSON 2022-06-17
View Change
Workday SaaS Application WORKDAY JSON 2022-05-11
View Change
Apple MacOS AV / Endpoint MACOS SYSLOG 2022-05-04
View Change
Proofpoint Observeit Email Server OBSERVEIT JSON, KV 2022-01-17
OpenSSH Logging and Troubleshooting OPENSSH SYSLOG 2022-05-18
View Change
Elastic Packet Beats Log Aggregator ELASTIC_PACKETBEATS SYSLOG + JSON 2022-05-09
View Change
tenable.io Vunerability Scanner TENABLE_IO JSON 2022-03-07
Netskope Cloud Security NETSKOPE_ALERT JSON 2022-06-17
View Change
Acalvio Deception Software ACALVIO SYSLOG + KV 2020-10-13
Cisco Umbrella Web Proxy Web Proxy UMBRELLA_WEBPROXY CSV 2022-03-29
Tanium Discover Tanium Specific TANIUM_DISCOVER JSON 2021-08-10
Vectra Detect NDR VECTRA_DETECT SYSLOG + JSON 2021-01-14
Workspace Privileges GCP Specific WORKSPACE_PRIVILEGES JSON 2021-08-22
McAfee ePolicy Orchestrator Policy Management MCAFEE_EPO SYSLOG + XML, CSV 2022-05-05
View Change
Barracuda Email Email Server BARRACUDA_EMAIL JSON 2022-05-19
View Change
Infoblox DNS DNS INFOBLOX_DNS SYSLOG 2022-06-02
View Change
Microsoft Defender for Identity EDR MICROSOFT_DEFENDER_IDENTITY JSON 2022-04-22
View Change
Shibboleth IDP Identity and Access Management SHIBBOLETH_IDP SYSLOG 2021-04-19
OpenVPN Network OPEN_VPN SYSLOG + KV 2022-04-28
View Change
Bitdefender AV / Endpoint BITDEFENDER CSV 2022-04-14
View Change
Proofpoint Tap Alerts Email Server PROOFPOINT_MAIL JSON 2022-05-25
View Change
Cisco Firepower NGFW Firewall CISCO_FIREPOWER_FIREWALL SYSLOG 2022-06-09
View Change
Fidelis Network NDR FIDELIS_NETWORK SYSLOG + KV 2021-03-22
Workspace ChromeOS Devices GCP Specific WORKSPACE_CHROMEOS JSON 2021-11-30
Imperva Database Cloud Application and Edge Security IMPERVA_DB SYSLOG 2021-12-13
Nutanix Prism Firewall NUTANIX_PRISM JSON 2022-02-14
SonicWall Firewall SONIC_FIREWALL SYSLOG + KV 2022-05-19
View Change
Windows Defender ATP AV / Endpoint WINDOWS_DEFENDER_ATP SYSLOG + JSON, XML 2020-08-22
pfSense FIREWALL PFSENSE SYSLOG 2022-04-11
View Change
PostFix Mail Email Server POSTFIX_MAIL SYSLOG 2020-09-18
Symantec VIP Gateway Email Server SYMANTEC_VIP SYSLOG 2022-03-02
Atlassian Confluence Knowledge base ATLASSIAN_CONFLUENCE SYSLOG 2022-02-01
Symantec CloudSOC CASB CASB SYMANTEC_CASB SYSLOG+JSON 2021-12-17
Google Chrome Browser Cloud Management (CBCM) Alerts N/A JSON 2021-10-06
Microsoft ATA IDS/IPS MICROSOFT_ATA SYSLOG + KV 2021-07-13
Digital Guardian EDR DIGITALGUARDIAN_EDR KV 2020-11-12
SecureAuth SSO SECUREAUTH_SSO SYSLOG, XML 2022-04-25
View Change
Semperis DSP LDAP SEMPERIS_DSP SYSLOG 2021-04-29
Microsoft Exchange Email Server EXCHANGE_MAIL SYSLOG 2022-06-14
View Change
Azure SQL Database AZURE_SQL JSON 2022-02-08
Cisco Email Security Email Server CISCO_EMAIL_SECURITY SYSLOG + KV 2022-06-09
View Change
Cisco TACACS+ Authentication CISCO_TACACS SYSLOG + KV 2022-03-22
View Change
GCP Cloud Identity Device Users GCP Specific GCP_CLOUDIDENTITY_DEVICEUSERS JSON 2022-04-21
View Change
Microsoft Defender for Endpoint EDR MICROSOFT_DEFENDER_ENDPOINT JSON 2022-06-02
View Change
Cisco Switch Switches, Routers CISCO_SWITCH SYSLOG 2021-10-13
Fortinet FortiEDR EDR FORTINET_FORTIEDR SYSLOG + KV 2022-01-24
Netskope Web Proxy Web Proxy NETSKOPE_WEBPROXY SYSLOG 2022-04-06
View Change
Microsoft Graph API Alerts Gateway to data and intelligence MICROSOFT_GRAPH_ALERT JSON 2022-06-07
View Change
Thales Digital Identity and Security Digital Identity & Security THALES_DIS SYSLOG 2022-03-17
Anomali IOC ANOMALI_IOC JSON, CEF 2022-03-14
Cisco Internetwork Operating System Network Infrastructure CISCO_IOS SYSLOG 2021-12-03
FireEye NX NDR FIREEYE_NX JSON 2022-05-18
View Change
Cisco Stealthwatch Log Aggregator CISCO_STEALTHWATCH JSON 2021-09-16
Sophos UTM Unified Threat Management SOPHOS_UTM KV 2022-04-13
View Change
Akamai WAF WAF AKAMAI_WAF SYSLOG 2022-06-14
View Change
IBM Websphere Application Server Web server IBM_WEBSPHERE_APP_SERVER JSON,SYSLOG 2022-01-20
OSSEC IDS/IPS OSSEC SYSLOG 2022-03-02
McAfee Enterprise Security Manager Log Aggregator MCAFEE_ESM SYSLOG + JSON 2022-02-25
CA ACF2 Mainframe CA_ACF2 LEEF 2022-05-24
View Change
ClamAV AV / Endpoint CLAM_AV JSON 2022-02-07
ForgeRock OpenDJ LDAP OPENDJ SYSLOG + KV 2020-10-01
ISC DHCP DHCP ISC_DHCP JSON + SYSLOG + KV 2022-02-08
Kubernetes Node logs Cloud security KUBERNETES_NODE JSON 2021-11-03
Juniper IPS IDS/IPS JUNIPER_IPS SYSLOG + KV 2022-05-26
View Change
Symantec Web Security Service Web Proxy SYMANTEC_WSS JSON 2021-07-01
Check Point Sandblast EDR CHECKPOINT_EDR SYSLOG + KV 2020-11-23
Akamai DNS DNS AKAMAI_DNS CSV 2021-06-28
Ping Identity Authentication PING JSON, SYSLOG + KV 2022-03-21
Vectra Stream NDR VECTRA_STREAM SYSLOG + KV 2022-03-03
Cisco Umbrella DNS DNS UMBRELLA_DNS CSV,JSON 2022-05-17
View Change