Supported default parsers

Parsers normalize raw log data into structured Unified Data Model format. This section lists devices, and ingestion labels, that have a default parser. A default parser is considered supported by Chronicle as long as the device's raw logs are received in the required format.

For a list of supported ingestion labels, see Supported data sets

The Format column indicates the high-level structure of the raw log, as:

  • CSV: Comma Separated Values
  • JSON: JavaScript Object Notation
  • SYSLOG: syslog formatted message
  • KV: key-value pair
  • XML: Extensible Markup Language
  • SYSLOG + KV: syslog header with key-value body
  • SYSLOG + JSON: syslog header with key-value body
  • SYSLOG + XML: syslog header with XML body
  • LEEF: Log Event Extended Format
  • CEF: Common Event Format
Vendor / Product Category Ingestion Label Format Latest Update
Linux DHCP DHCP LINUX_DHCP SYSLOG 2022-02-07
McAfee Unified Cloud Edge SaaS Application MCAFEE_UCE JSON 2021-07-20
GMAIL Logs GCP Specific GMAIL_LOGS JSON 2022-01-06
Thales Vormetric Encryption VORMETRIC SYSLOG 2021-12-17
Trend Micro AV AV / Endpoint TRENDMICRO_AV SYSLOG + KV, CEF 2022-05-30
View Change
Cisco Umbrella Cloud Firewall Firewall UMBRELLA_FIREWALL CSV 2021-03-15
Stealthbits Audit File system monitoring STEALTHBITS_AUDIT JSON 2021-11-09
Cisco Internetwork Operating System Network Infrastructure CISCO_IOS SYSLOG 2021-12-03
F5 BIGIP LTM Load Balancer, Traffic Shaper, ADC F5_BIGIP_LTM SYSLOG 2022-06-21
View Change
Infoblox DNS DNS INFOBLOX_DNS SYSLOG, CEF 2022-07-15
View Change
Thinkst Canary Deception Software THINKST_CANARY JSON 2021-06-14
File Scanning Framework File scanning FILE_SCANNING_FRAMEWORK JSON 2021-09-27
Oracle DATABASE ORACLE_DB SYSLOG + KV 2022-08-01
View Change
Microsoft Graph API Alerts Gateway to data and intelligence MICROSOFT_GRAPH_ALERT JSON 2022-06-07
View Change
Microsoft Defender for Identity EDR MICROSOFT_DEFENDER_IDENTITY JSON 2022-07-27
View Change
NIMBLE OS OS NIMBLE_OS SYSLOG 2022-07-21
View Change
Thales MFA Authentication THALES_MFA SYSLOG + KV (CEF) 2022-07-13
View Change
BIND DNS BIND_DNS SYSLOG 2022-04-22
View Change
Squid Web Proxy Web Proxy SQUID_WEBPROXY SYSLOG 2021-02-16
GCP Cloud Run GCP Specific GCP_RUN JSON 2022-07-13
View Change
Symantec Endpoint Protection AV / Endpoint SEP SYSLOG 2022-07-26
View Change
Imperva WAF IMPERVA_WAF SYSLOG + KV + JSON 2022-06-28
View Change
EfficientIP DDI Network EFFICIENTIP_DDI SYSLOG + KV 2022-01-24
Tanium Stream Tanium Specific TANIUM_TH JSON 2022-06-01
View Change
Okta Access Gateway OKTA specific OKTA_ACCESS_GATEWAY JSON 2022-01-24
Varonis Data Security / Insider Threat VARONIS SYSLOG + KV (CEF) 2021-04-22
Emerging Threats Pro IOC ET_PRO_IOC CSV 2021-12-09
Apache Tomcat Web server TOMCAT JSON 2022-04-20
View Change
McAfee Enterprise Security Manager Log Aggregator MCAFEE_ESM SYSLOG + JSON 2022-02-25
VMware Tanzu Kubernetes Grid IDS/IPS VMWARE_TANZU JSON 2022-04-27
View Change
AWS GuardDuty IDS/IPS GUARDDUTY JSON 2022-07-20
View Change
Microsoft Powershell Misc. Windows-specific POWERSHELL SYSLOG + JSON 2022-04-21
Bluecat DDI DDI (DNS, DHCP, IPAM) BLUECAT_DDI SYSLOG 2022-05-05
View Change
Active Countermeasures Alert AI_HUNTER SYSLOG 2020-12-08
Tanium Threat Response Tanium Specific TANIUM_THREAT_RESPONSE JSON 2021-06-30
Cato Networks NDR CATO_NETWORKS JSON 2020-07-14
Azure Firewall Azure Firewall Application Rule AZURE_FIREWALL JSON 2022-04-29
View Change
Windows DNS DNS WINDOWS_DNS JSON, XML, SYSLOG + KV 2022-07-08
View Change
CloudGenix SD-WAN Switches, Routers CLOUDGENIX_SDWAN SYSLOG + KV 2020-11-20
Static IP DHCP ASSET_STATIC_IP CSV 2020-04-30
Pulse Secure VPN PULSE_SECURE_VPN SYSLOG 2022-07-01
View Change
GMV Checker ATM Security ATM Audit GMV_CHECKER SYSLOG 2022-04-20
View Change
Recorded Future IOC RECORDED_FUTURE_IOC JSON 2021-11-17
SecureLink Remote Access Tools SECURELINK SYSLOG 2022-07-13
View Change
Radware Web Application Firewall Firewall RADWARE_FIREWALL SYSLOG 2021-09-08
Dell EMC Isilon NAS Storage DELL_EMC_NAS SYSLOG 2021-10-12
Azure Cosmos DB Database AZURE_COSMOS_DB JSON 2022-04-13
View Change
Strong Swan VPN VPN STRONGSWAN_VPN JSON 2021-06-04
Akamai WAF WAF AKAMAI_WAF SYSLOG 2022-06-14
View Change
Netskope Web Proxy Web Proxy NETSKOPE_WEBPROXY SYSLOG 2022-04-06
View Change
VMware AirWatch Wireless AIRWATCH SYSLOG + KV 2022-06-29
View Change
Dell OpenManage Systems Management Application DELL_OPENMANAGE Syslog + KV 2022-07-27
View Change
Windows Network Policy Server Authentication WINDOWS_NET_POLICY_SERVER SYSLOG, JSON, SYSLOG + XML 2022-02-18
Microsoft Azure Resource Log Aggregator AZURE_RESOURCE_LOGS JSON 2022-07-18
View Change
GCP Cloud Identity Device Users GCP Specific GCP_CLOUDIDENTITY_DEVICEUSERS JSON 2022-04-21
View Change
Custom Security Data Analytics Log Aggregation CUSTOM_SECURITY_DATA_ANALYTICS JSON 2022-07-08
View Change
Sophos DHCP DHCP SOPHOS_DHCP SYSLOG + KV 2022-02-10
Ping Identity Authentication PING JSON, SYSLOG + KV 2022-07-21
View Change
Snare System Diagnostic Logs Security SNARE_SOLUTIONS SYSLOG + KV 2022-07-29
View Change
Windows DHCP DHCP WINDOWS_DHCP JSON, SYSLOG, CSV 2022-05-23
View Change
Check Point Firewall CHECKPOINT_FIREWALL SYSLOG + KV , JSON 2022-06-30
View Change
Rubrik Backup software RUBRIK SYSLOG 2022-07-01
View Change
VMware ESXi Hypervisor VMWARE_ESX SYSLOG 2022-07-26
View Change
Cisco Meraki Wireless CISCO_MERAKI SYSLOG, JSON 2022-07-04
View Change
ZScaler VPN VPN ZSCALER_VPN SYSLOG + CSV 2022-01-13
Symantec VIP Gateway Email Server SYMANTEC_VIP SYSLOG 2022-03-02
Cisco CloudLock CASB CISCO_CLOUDLOCK_CASB JSON 2021-10-04
AWS Route 53 DNS AWS Specific AWS_ROUTE_53 SYSLOG 2022-07-22
View Change
Microsoft ATA IDS/IPS MICROSOFT_ATA SYSLOG + KV 2021-07-13
Ubiquiti UniFi Switch Switch UBIQUITI_SWITCH SYSLOG 2022-02-07
tenable.io Vunerability Scanner TENABLE_IO JSON 2022-03-07
ManageEngine ADAudit Plus Active Directory Audit ADAUDIT_PLUS SYSLOG + KV (CEF) 2021-10-07
IBM DataPower Gateway API Gateway IBM_DATAPOWER Message 2022-06-30
View Change
Check Point Sandblast EDR CHECKPOINT_EDR SYSLOG + KV 2020-11-23
Symantec Web Security Service Web Proxy SYMANTEC_WSS JSON 2021-07-01
VanDyke SFTP Data Transfer VANDYKE_SFTP JSON,SYSLOG 2022-03-25
View Change
McAfee ePolicy Orchestrator Policy Management MCAFEE_EPO SYSLOG + XML, CSV 2022-07-27
View Change
Forcepoint NGFW Network FORCEPOINT_FIREWALL JSON 2022-06-27
View Change
Sophos Firewall (Next Gen) Firewall SOPHOS_FIREWALL KV 2022-01-11
Thales Luna Hardware Security Module THALES_LUNA_HSM specific THALES_LUNA_HSM JSON/GROK 2022-07-08
View Change
Quest Active Directory Authentication log QUEST_AD CEF Syslog 2022-01-31
Workspace Groups GCP Specific WORKSPACE_GROUPS JSON 2021-09-22
OneLogin SSO ONELOGIN_SSO JSON 2022-05-18
View Change
Absolute Mobile Device Management Mobile Device Management ABSOLUTE SYSLOG + KV (CEF) 2021-06-15
Kubernetes Node logs Cloud security KUBERNETES_NODE JSON 2021-11-03
Windows Firewall Firewall WINDOWS_FIREWALL Space Separated Value 2021-08-26
Apache Cassandra Web server CASSANDRA JSON 2022-04-13
View Change
F5 VPN VPN F5_VPN SYSLOG 2022-07-22
View Change
Duo Entity context data Identity and Access Management DUO_CONTEXT JSON 2022-03-14
Carbon Black App Control Security log CB_APP_CONTROL CEF,JSON 2022-07-01
View Change
Workday SaaS Application WORKDAY JSON 2022-05-11
View Change
Fortinet FortiNAC NAC FORTINET_FORTINAC SYSLOG 2022-07-08
View Change
TeamViewer Remote Support TEAMVIEWER JSON 2022-08-02
View Change
IBM Informix DATABASE INFORMIX JSON + SYSLOG 2022-02-18
Duo Auth Authentication DUO_AUTH JSON 2022-03-21
PAN Autofocus IOC PAN_IOC JSON 2021-08-09
Workspace Mobile Devices GCP Specific WORKSPACE_MOBILE JSON 2021-07-28
AWS Key Management Service AWS Specific AWS_KMS JSON 2022-05-27
View Change
OpenVPN Network OPEN_VPN SYSLOG + KV 2022-04-28
View Change
Thales Digital Identity and Security Digital Identity & Security THALES_DIS SYSLOG 2022-03-17
FortiGate Firewall FORTINET_FIREWALL JSON, SYSLOG + KV 2022-07-21
View Change
Preempt Auth Identity and Access Management PREEMPT_AUTH SYSLOG + JSON 2021-06-16
Bluecat Edge DNS Resolver DNS BLUECAT_EDGE JSON,KV,SYSLOG 2022-01-18
CrowdStrike Falcon Stream Alerts CS_STREAM KV (LEEF) 2022-07-18
View Change
Microsoft Azure Activity Misc Windows Specific AZURE_ACTIVITY JSON 2022-06-20
View Change
Fortinet FortiEDR EDR FORTINET_FORTIEDR SYSLOG + KV 2022-01-24
Cisco Firepower NGFW Firewall CISCO_FIREPOWER_FIREWALL SYSLOG 2022-07-07
View Change
Medigate IoT IoT MEDIGATE_IOT SYSLOG + JSON 2022-07-08
View Change
Nucleus Asset Metadata Nucleus Specific NUCLEUS_ASSET JSON 2021-08-05
Honeyd Deception Software HONEYD SYSLOG 2021-04-05
McAfee MVISION CASB CLOUD SECURITY MCAFEE_MVISION_CASB KV 2022-07-04
View Change
Palo Alto Networks Firewall Firewall PAN_FIREWALL SYSLOG + LEEF 2022-03-28
View Change
Workspace ChromeOS Devices GCP Specific WORKSPACE_CHROMEOS JSON 2021-11-30
Tanium Insight Tanium Specific TANIUM_INSIGHT SYSLOG + KV 2021-03-10
Elastic Audit Beats ALERTING ELASTIC_AUDITBEAT JSON 2022-07-08
View Change
Cisco VPN VPN CISCO_VPN SYSLOG 2020-12-07
JAMF CMDB Computer Inventory JAMF JSON 2021-12-03
Aruba Airwave Wireless ARUBA_AIRWAVE XML 2021-03-16
Centrify SSO CENTRIFY_SSO JSON 2022-07-13
View Change
AWS CloudWatch Cloud service monitoring AWS_CLOUDWATCH JSON, GROK 2022-05-27
View Change
ZScaler DNS DNS ZSCALER_DNS SYSLOG + KV 2020-12-03
Signal Sciences WAF WAF SIGNAL_SCIENCES_WAF JSON 2022-03-03
Aqua Security IaaS Applications AQUA_SECURITY JSON 2022-02-03
Suricata EVE IPS IDS SURICATA_EVE JSON 2022-07-25
View Change
Proofpoint Email Filter Email Server PROOFPOINT_MAIL_FILTER KV 2021-11-15
ForgeRock OpenAM Identity and Access Management OPENAM CSV, SYSLOG + KV 2022-04-29
View Change
Symantec Event export SEP SYMANTEC_EVENT_EXPORT JSON 2021-09-28
Azure SQL Database AZURE_SQL JSON 2022-02-08
Nucleus Unified Vulnerability Management Nucleus Specific NUCLEUS_VULNERABILITY JSON 2021-06-30
MySQL Database MYSQL SYSLOG 2021-04-12
ESET Threat Intelligence IOC ESET_IOC JSON 2022-05-31
View Change
pfSense FIREWALL PFSENSE SYSLOG 2022-06-30
View Change
Okta Identity and Access Management OKTA JSON 2022-07-08
View Change
Cloudflare SaaS Application CLOUDFLARE JSON 2022-05-23
View Change
Windows Applocker Application Locker WINDOWS_APPLOCKER SYSLOG + KV 2022-02-07
TrendMicro Web Proxy Web Proxy TRENDMICRO_WEBPROXY SYSLOG + KV 2021-03-05
BeyondTrust Secure Remote Access Remote Access Tools BEYONDTRUST_REMOTE_ACCESS SYSLOG + KV 2022-07-14
View Change
Linux Auditing System (AuditD) OS AUDITD SYSLOG 2022-07-28
View Change
Crowdstrike IOC IOC CROWDSTRIKE_IOC JSON 2021-08-17
Microsoft SQL Server Database MICROSOFT_SQL SYSLOG + KV, JSON 2022-07-01
View Change
Proofpoint Observeit Email Server OBSERVEIT JSON, KV 2022-01-17
Juniper MX Router Routers and Switches JUNIPER_MX SYSLOG + KV 2022-01-24
OpenSSH Logging and Troubleshooting OPENSSH SYSLOG 2022-05-18
View Change
CSV Custom IOC IOC CSV_CUSTOM_IOC CSV 2022-05-20
View Change
Sophos AV AV / Endpoint SOPHOS_AV CSV, JSON 2022-07-27
View Change
Duo User Context Identity and Access Management DUO_USER_CONTEXT JSON 2021-04-12
Microsoft Azure NSG Flow Network Flow AZURE_NSG_FLOW JSON 2022-04-18
View Change
Cisco Email Security Email Server CISCO_EMAIL_SECURITY SYSLOG + KV 2022-06-09
View Change
Cisco Umbrella Web Proxy Web Proxy UMBRELLA_WEBPROXY CSV 2022-03-29
AWS Config AWS Specific AWS_CONFIG JSON 2022-05-27
View Change
Google Chrome Browser Cloud Management (CBCM) Alerts N/A JSON 2022-07-19
View Change
Cisco CTS Telephone Software CISCO_CTS SYSLOG + KV 2021-05-20
Passive DNS DNS PASSIVE_DNS JSON 2021-05-19
WatchGuard Syslog and KV WATCHGUARD JSON 2022-06-17
View Change
OSSEC IDS/IPS OSSEC SYSLOG 2022-03-02
AWS Elastic Load Balancer AWS Specific AWS_ELB SYSLOG 2022-05-27
View Change
Imperva SecureSphere Management Data Security / Insider Threat IMPERVA_SECURESPHERE SYSLOG + KV (CEF) 2022-07-24
View Change
NXLog Manager Log Aggregator NXLOG_MANAGER SYSLOG 2022-01-13
Ipswitch MOVEit Transfer Switches IPSWITCH_MOVEIT_TRANSFER SYSLOG 2022-06-22
View Change
CA Access Control Access Management CA_ACCESS_CONTROL JSON+SYSLOG, SYSLOG 2022-06-29
View Change
ExtraHop RevealX Firewall IDS/IPS EXTRAHOP JSON,SYSLOG 2022-06-30
View Change
Cisco Application Control Engine Load Balancer, Traffic Shaper, ADC CISCO_ACE SYSLOG 2021-01-13
Sophos UTM Unified Threat Management SOPHOS_UTM KV 2022-06-30
View Change
Workspace Alerts WORKSPACE_ALERTS JSON 2022-06-09
View Change
Apache Web Server APACHE SYSLOG 2022-05-12
View Change
Cisco ISE Identity and Access Management CISCO_ISE SYSLOG 2022-07-11
View Change
GCP Load Balancing Load Balancer GCP_LOADBALANCING JSON 2022-01-11
Tanium Audit SCAN NETWORK TANIUM_AUDIT JSON 2022-06-08
View Change
Windows Event Endpoint WINEVTLOG JSON + KV 2022-08-01
View Change
GCP Cloud IOT GCP Specific GCP_CLOUDIOT JSON 2022-06-06
View Change
Nasuni File Services Platform Data Transfer NASUNI_FILE_SERVICES SYSLOG + JSON 2022-07-07
View Change
GCP Apigee GCP Specific GCP_APIGEE JSON 2021-11-02
Cisco ACS Authentication CISCO_ACS SYSLOG + KV 2022-06-14
View Change
Cisco TACACS+ Authentication CISCO_TACACS SYSLOG + KV 2022-03-22
View Change
ClamAV AV / Endpoint CLAM_AV JSON 2022-02-07
Kaspersky AV AV / Endpoint KASPERSKY_AV KV + CEF 2022-05-17
View Change
Cisco Switch Switches, Routers CISCO_SWITCH SYSLOG 2022-07-21
View Change
Ordr IoT IoT ORDR_IOT SYSLOG + JSON 2022-04-13
View Change
McAfee Web Protection SaaS Application MCAFEE_WEB_PROTECTION JSON 2020-11-02
Citrix Storefront Remote Access Tools CITRIX_STOREFRONT JSON 2022-07-22
View Change
Nokia VitalQIP DDI (DNS, DHCP, IPAM) VITALQIP SYSLOG 2022-03-01
Palo Alto Prisma Cloud SECURITY PLATFORM PAN_PRISMA_CLOUD JSON 2021-12-31
Unbound DNS DNS UNBOUND_DNS SYSLOG 2020-06-09
IBM Tivoli Monitoring IBM_TIVOLI JSON,SYSLOG 2022-01-10
Cloud Passage SaaS Application CLOUD_PASSAGE JSON 2022-06-30
View Change
Azure AD Directory Audit Audit AZURE_AD_AUDIT JSON 2022-06-20
View Change
Centripetal Networks IOC IOC CENTRIPETAL_IOC SYSLOG + KV 2022-01-06
Forseti Open Source GCP Specific FORSETI JSON 2021-12-23
Box Collaboration BOX JSON 2022-07-29
View Change
Proofpoint Tap Alerts Email Server PROOFPOINT_MAIL JSON 2022-07-13
View Change
F5 Shape Security log F5_SHAPE JSON 2022-02-21
Unifi AP Switches and Routers UNIFI_AP SYSLOG + KV, SYSLOG + JSON 2022-05-24
View Change
Tripwire DLP TRIPWIRE_FIM SYSLOG 2022-06-14
View Change
Apache Hadoop open-source software HADOOP SYSLOG + KV 2022-05-25
View Change
FireEye HX EDR FIREEYE_HX JSON 2022-02-03
Tenable Security Center Vulnerability Scanner TENABLE_SC SYSLOG 2021-05-18
FireEye NX NDR FIREEYE_NX JSON 2022-05-18
View Change
Sophos Capsule8 Container Security SOPHOS_CAPSULE8 JSON 2021-12-22
Stealthbits Defend Security System for Active Directory and File Systems. STEALTHBITS_DEFEND SYSLOG + KV (LEEF) 2022-01-17
Tanium Asset Tanium Specific TANIUM_ASSET JSON 2021-06-14
Microsoft Exchange Email Server EXCHANGE_MAIL SYSLOG 2022-06-14
View Change
Juniper IPS IDS/IPS JUNIPER_IPS SYSLOG + KV 2022-05-26
View Change
Brocade ServerIron ADX Load Balancer BROCADE_SERVERIRON SYSLOG 2022-01-13
Automation Anywhere Automation Tools AUTOMATION_ANYWHERE SYSLOG + KV 2021-04-28
Tanium Patch Tanium Specific TANIUM_PATCH JSON 2022-02-08
Workspace Activities GCP Specific WORKSPACE_ACTIVITY JSON 2022-07-22
View Change
AWS CloudFront CDN AWS_CLOUDFRONT SYSLOG 2022-05-27
View Change
Azure DevOps Audit Automation and DevOps Tools AZURE_DEVOPS JSON 2022-06-28
View Change
Microsoft Intune Mobile Device Management AZURE_MDM_INTUNE JSON 2021-04-15
Workspace Privileges GCP Specific WORKSPACE_PRIVILEGES JSON 2021-08-22
Digital Guardian EDR DIGITALGUARDIAN_EDR KV 2022-06-28
View Change
Avatier Password Management SaaS Application AVATIER SYSLOG + KV 2021-08-05
F5 ASM WAF F5_ASM SYSLOG 2022-05-17
View Change
Corelight NDR CORELIGHT JSON 2022-04-23
View Change
RSA Identity and Access Management RSA_AUTH_MANAGER CSV 2022-06-13
View Change
Kubernetes audit logs K8s cluster audit logs KUBERNETES_AUDIT JSON 2022-07-14
View Change
Symantec CloudSOC CASB CASB SYMANTEC_CASB SYSLOG+JSON 2021-12-17
McAfee Web Gateway Web Proxy MCAFEE_WEBPROXY SYSLOG + KV (CEF), JSON 2022-01-18
ServiceNow Security SaaS Application SERVICENOW_SECURITY JSON 2021-05-24
ESET EDR ESET_EDR SYSLOG + JSON 2022-05-10
View Change
McAfee IPS IDS/IPS MCAFEE_IPS SYSLOG 2021-04-15
Rapid7 Insight Vunerability Scanner RAPID7_INSIGHT JSON 2021-12-20
Barracuda Email Email Server BARRACUDA_EMAIL JSON 2022-05-19
View Change
CA ACF2 Mainframe CA_ACF2 LEEF 2022-05-24
View Change
Microsoft IIS Web Server IIS SYSLOG + KV 2022-03-30
View Change
Vectra Stream NDR VECTRA_STREAM SYSLOG + KV 2022-07-22
View Change
Kyriba Treasury Management SaaS Application KYRIBA CSV 2021-02-24
Cisco Umbrella DNS DNS UMBRELLA_DNS CSV,JSON 2022-05-17
View Change
Blue Coat Proxy Web Proxy BLUECOAT_WEBPROXY SYSLOG + JSON, SYSLOG + KV 2022-05-25
View Change
Symantec EDR EDR SYMANTEC_EDR JSON 2022-03-31
View Change
F5 DNS DNS F5_DNS SYSLOG 2021-06-17
Thycotic Identity and Access Management THYCOTIC SYSLOG + KV (CEF) 2020-08-22
Layer7 SiteMinder SSO SITEMINDER_SSO KV+JSON 2022-04-19
View Change
Netskope Cloud Security NETSKOPE_ALERT JSON 2022-07-23
View Change
Juniper Firewall JUNIPER_FIREWALL SYSLOG + KV 2021-12-21
Suricata IDS IDS/IPS SURICATA_IDS JSON 2022-07-07
View Change
Fidelis Network NDR FIDELIS_NETWORK SYSLOG + KV 2021-03-22
Symantec Web Isolation Secure Access Service Edge SYMANTEC_WEB_ISOLATION JSON 2022-07-08
View Change
Palo Alto Cortex XDR NDR CORTEX_XDR JSON 2022-01-23
Qualys VM Vulnerability Scanner QUALYS_VM KV + JSON 2022-07-20
View Change
Zeek TSV Format Specific BRO_TSV SYSLOG + TSV 2022-01-31
Department of Homeland Security Threat detection DHS_IOC xml 2022-07-14
View Change
Tanium Reveal Tanium Specific TANIUM_REVEAL JSON 2021-11-15
COVID-19 Cyber Threat Coalition IOC COVID_CTC_IOC Value Entry 2020-06-02
VMware Horizon VDI VMWARE_HORIZON SYSLOG 2022-02-15
Windows Defender ATP AV / Endpoint WINDOWS_DEFENDER_ATP SYSLOG + JSON, XML, JSON 2022-07-29
View Change
GCP Cloud Identity Devices GCP Specific GCP_CLOUDIDENTITY_DEVICES JSON 2022-04-13
View Change
Kea DHCP DHCP KEA_DHCP SYSLOG 2022-03-22
View Change
Acalvio Deception Software ACALVIO SYSLOG + KV 2020-10-13
Microsoft AD FS LDAP ADFS JSON 2022-07-08
View Change
FileZilla File transer FILEZILLA_FTP SYSLOG 2022-03-23
View Change
Rapid7 Vunerability Scanner RAPID7_NEXPOSE JSON 2021-07-29
Cisco Router Switches, Routers CISCO_ROUTER SYSLOG 2022-07-01
View Change
Apple MacOS AV / Endpoint MACOS SYSLOG 2022-05-04
View Change
Cisco Umbrella IP Web Proxy UMBRELLA_IP SYSLOG 2021-04-26
GCP IDS IDS GCP_IDS JSON 2021-09-14
Windows Sysmon DNS WINDOWS_SYSMON JSON, XML 2022-04-09
View Change
Cisco DHCP DHCP CISCO_DHCP CSV + Syslog 2022-02-07
ISC DHCP DHCP ISC_DHCP JSON + SYSLOG + KV 2022-02-08
Uptycs EDR Endpoint detection and response UPTYCS_EDR JSON 2022-07-08
View Change
SailPoint IAM Identity and Access Management SAILPOINT_IAM JSON 2022-07-08
View Change
Forcepoint Proxy Web Proxy FORCEPOINT_WEBPROXY SYSLOG + KV (CEF), LEEF 2022-05-16
View Change
D3 Banking BANKING D3_BANKING JSON 2022-03-23
View Change
Barracuda Firewall Firewall BARRACUDA_FIREWALL SYSLOG 2022-07-08
View Change
ZScaler NGFW Firewall ZSCALER_FIREWALL SYSLOG + KV (CEF), CSV 2022-04-29
View Change
CyberArk Privilege Account Management CYBERARK KV (CEF) 2021-12-31
Vectra Detect NDR VECTRA_DETECT SYSLOG + JSON 2021-01-14
IBM Guardium Database DLP GUARDIUM CSV, CEF 2022-07-08
View Change
Netfilter IPtables Firewall NETFILTER_IPTABLES SYSLOG + KV 2022-06-21
View Change
Digital Shadows SearchLight Threat Intelligence DIGITAL_SHADOWS_SEARCHLIGHT JSON 2022-05-02
Aruba IPS IPS ARUBA_IPS JSON 2022-06-16
View Change
Red Hat Directory Server LDAP Identity and Access Management REDHAT_DIRECTORY_SERVER JSON + SYSLOG + KV 2022-04-11
View Change
Zscaler Web Proxy ZSCALER_WEBPROXY SYSLOG + KV, CSV 2022-06-20
View Change
RH-ISAC IOC RH_ISAC_IOC JSON 2022-03-22
View Change
AWS Cloudtrail Cloud Log Aggregator AWS_CLOUDTRAIL JSON 2022-07-27
View Change
GCP Compute GCP Specific GCP_COMPUTE JSON 2022-06-16
View Change
Atlassian Confluence Knowledge base ATLASSIAN_CONFLUENCE SYSLOG 2022-02-01
Carbon Black EDR CB_EDR JSON 2022-07-10
View Change
IBM z/OS OS IBM_ZOS LEEF 2022-06-03
View Change
Sourcefire IDS/IPS SOURCEFIRE_IDS JSON 2022-06-09
View Change
Cisco ASA Firewall CISCO_ASA_FIREWALL JSON, SYSLOG 2022-02-27
AlgoSec Security Management Policy Management ALGOSEC SYSLOG + KV (CEF) 2021-05-13
Comodo AV / Endpoint COMODO_AV SYSLOG + KV (CEF) 2021-04-09
PostFix Mail Email Server POSTFIX_MAIL SYSLOG 2022-07-18
View Change
Salesforce SaaS Application SALESFORCE KV (LEEF), CSV 2022-07-04
View Change
Cloudian hyperstore Storage Solutions CLOUDIAN_HYPERSTORE SYSLOG 2021-05-05
Cybereason EDR EDR CYBEREASON_EDR JSON 2021-06-29
Tanium Comply Tanium Specific TANIUM_COMPLY JSON 2021-08-04
HCL BigFix Network Management and Optimization HCL_BIGFIX JSON 2022-07-08
View Change
Aruba Wireless ARUBA_WIRELESS SYSLOG 2022-03-30
View Change
GCP Cloud SQL GCP Specific GCP_CLOUDSQL JSON 2022-07-26
View Change
Cisco Stealthwatch Log Aggregator CISCO_STEALTHWATCH JSON 2022-07-06
View Change
Elastic Windows Event Log Beats Log Aggregator ELASTIC_WINLOGBEAT SYSLOG + JSON 2022-05-26
View Change
Darktrace NDR DARKTRACE SYSLOG + KV (CEF) 2022-04-22
View Change
Mobileiron ENDPOINT MANAGEMENT MOBILEIRON JSON 2022-04-25
View Change
VMware vCenter Server VMWARE_VCENTER SYSLOG + JSON 2022-05-06
View Change
Microsoft AD LDAP WINDOWS_AD JSON 2022-03-21
HPE ILO Server Management HPE_ILO SYSLOG 2022-03-14
AWS VPC Flow AWS Specific AWS_VPC_FLOW SYSLOG 2022-07-07
View Change
Cylance Protect Alerts CYLANCE_PROTECT SYSLOG + KV 2020-07-06
Unix system OS NIX_SYSTEM SYSLOG 2022-06-28
View Change
Akamai DNS DNS AKAMAI_DNS CSV 2021-06-28
Wazuh Log Aggregator WAZUH SYSLOG + JSON 2022-01-21
Cisco FireSIGHT Management Center SaaS Application CISCO_FIRESIGHT KV 2021-12-10
Fastly WAF WAF FASTLY_WAF JSON 2022-06-06
View Change
DMP Physcial Security DMP_ENTRE SYSLOG 2020-09-23
Cofense Email Server COFENSE_TRIAGE SYSLOG + KV (CEF) 2021-04-07
ForgeRock OpenDJ LDAP OPENDJ SYSLOG + KV 2020-10-01
Infoblox DHCP, DNS INFOBLOX SYSLOG 2022-07-10
View Change
Proofpoint On Demand Email Server PROOFPOINT_ON_DEMAND JSON 2022-07-14
View Change
EPIC Systems Discovery and Monitoring EPIC LEEF + KV 2022-06-09
View Change
CrowdStrike Falcon EDR CS_EDR JSON 2022-07-29
View Change
Cisco AMP AV / Endpoint CISCO_AMP JSON 2021-12-12
Archer Integrated Risk Management Risk Management Solution ARCHER_IRM SYSLOG 2022-05-04
View Change
ThreatConnect IOC THREATCONNECT_IOC JSON 2022-01-13
AWS Security Hub IDS/IPS AWS_SECURITY_HUB JSON 2022-07-01
View Change
GCP VPC Flow GCP Specific GCP_VPC_FLOW JSON 2022-07-22
View Change
Windows Defender AV AV / Endpoint WINDOWS_DEFENDER_AV JSON, XML 2022-01-10
Azure AD LDAP AZURE_AD JSON 2022-05-29
View Change
Semperis DSP LDAP SEMPERIS_DSP SYSLOG 2021-04-29
Anomali IOC ANOMALI_IOC JSON, CEF 2022-03-14
JAMF Protect ENDPOINT SECURITY JAMF_PROTECT JSON 2022-06-13
View Change
Linux Sysmon DNS LINUX_SYSMON XML 2022-07-12
View Change
Forescout NAC NAC FORESCOUT_NAC SYSLOG 2022-06-17
Microsoft Defender for Endpoint EDR MICROSOFT_DEFENDER_ENDPOINT JSON 2022-06-02
View Change
VMware vRealize Suite Cloud VMWARE_VREALIZE SYSLOG 2022-07-06
View Change
Akamai Cloud Monitor Load Balancer, Traffic Shaper, ADC AKAMAI_CLOUD_MONITOR JSON 2021-07-20
Cisco WLC/WCS Wireless CISCO_WIRELESS SYSLOG 2021-02-16
Atlassian Jira Ticketing Application ATLASSIAN_JIRA SYSLOG 2022-05-31
View Change
LimaCharlie EDR LIMACHARLIE_EDR JSON 2021-10-18
Falco IDS IDS/IPS FALCO_IDS JSON 2022-08-01
View Change
Red Canary EDR REDCANARY_EDR JSON 2021-01-12
FireEye Alerts FIREEYE_ALERT SYSLOG + JSON 2022-03-15
Zeek JSON Format Specific BRO_JSON SYSLOG + JSON 2021-11-01
Dell EMC Data Domain Storage system DELL_EMC_DATA_DOMAIN SYSLOG + KV 2022-07-08
View Change
Shibboleth IDP Identity and Access Management SHIBBOLETH_IDP SYSLOG 2021-04-19
Okta User Context Identity and Access Management OKTA_USER_CONTEXT JSON 2022-05-19
View Change
Avanan Email Security Email Server AVANAN_EMAIL JSON 2022-07-12
View Change
Cisco UCS OS logs CISCO_UCS SYSLOG 2022-07-04
View Change
BeyondTrust Privilege Account Activity BOMGAR SYSLOG 2022-02-18
GitHub SaaS Application GITHUB JSON 2022-07-07
View Change
AWS S3 Server Access AWS Specific AWS_S3_SERVER_ACCESS SYSLOG 2022-07-21
View Change
Citrix Netscaler Load Balancer, Traffic Shaper, ADC CITRIX_NETSCALER SYSLOG + KV 2022-06-09
View Change
Slack Audit Productivity SLACK_AUDIT JSON 2022-04-07
View Change
SonicWall Firewall SONIC_FIREWALL SYSLOG + KV 2022-06-24
View Change
Tanium Discover Tanium Specific TANIUM_DISCOVER JSON 2021-08-10
Imperva Database Cloud Application and Edge Security IMPERVA_DB SYSLOG 2021-12-13
SentinelOne Deep Visibility EDR SENTINEL_DV JSON 2021-01-25
Infoblox DHCP DHCP INFOBLOX_DHCP SYSLOG 2022-07-06
View Change
McAfee DLP DLP MCAFEE_DLP CSV 2022-04-13
View Change
Nutanix Prism Firewall NUTANIX_PRISM JSON 2022-02-14
IBM AS/400 Application System IBM_AS400 SYSLOG + KV 2022-04-13
View Change
Preempt Alert Identity and Access Management PREEMPT SYSLOG + KV (CEF) 2022-06-22
View Change
Men and Mice DNS DNS MENANDMICE_DNS SYSLOG 2021-11-12
IBM DB2 Database DB2_DB LEEF 2022-05-04
View Change
HP Aruba(Clearpass) Identity and Access Management CLEARPASS SYSLOG + KV 2022-07-08
View Change
ServiceNow CMDB Policy Management SERVICENOW_CMDB JSON 2022-07-08
View Change
Big Switch BigCloudFabric Switches, Routers BIGSWITCH_BCF SYSLOG 2021-04-20
Fireeye ETP Email Server FIREEYE_ETP JSON 2021-06-11
Snort IDS/IPS SNORT_IDS SYSLOG + JSON 2021-12-23
HP Procurve Switch Switches HP_PROCURVE SYSLOG 2021-09-27
Sendmail Email Server SENDMAIL SYSLOG + KV 2022-05-06
View Change
IBM CICS Service Bus IBM_CICS LEEF 2021-10-27
Windows Event (XML) AV / Endpoint WINEVTLOG_XML SYSLOG + XML 2022-01-25
Microsoft CASB CASB MICROSOFT_CASB SYSLOG + KV (CEF) 2021-10-20
SentinelOne EDR EDR SENTINEL_EDR SYSLOG + JSON 2022-07-21
View Change
Cisco NX-OS OS CISCO_NX_OS SYSLOG 2022-02-21
SecureAuth SSO SECUREAUTH_SSO SYSLOG, XML 2022-04-25
View Change
Workspace Users GCP Specific WORKSPACE_USERS JSON 2022-03-28
View Change
Office 365 SaaS Application OFFICE_365 JSON 2022-08-03
View Change
VMware NSX Network and Security Virtualization VMWARE_NSX KV 2022-06-10
View Change
ExtraHop DNS DNS EXTRAHOP_DNS JSON 2021-12-13
Ipswitch SFTP Data Transfer IPSWITCH_SFTP SYSLOG, JSON 2022-03-15
Mongo Database DATABASE MONGO_DB JSON 2022-06-28
View Change
Fortinet DHCP FORTINET_DHCP KV 2021-04-28
AlphaSOC Alert ASOC_ALERT JSON 2021-06-21
Bitdefender AV / Endpoint BITDEFENDER CSV 2022-06-23
View Change
AWS WAF AWS Specific AWS_WAF JSON, SYSLOG, CSV 2022-07-22
View Change
Elastic Packet Beats Log Aggregator ELASTIC_PACKETBEATS SYSLOG + JSON 2022-05-09
View Change
Azure AD Organizational Context LDAP AZURE_AD_CONTEXT JSON 2022-05-16
View Change
Symantec DLP DLP SYMANTEC_DLP SYSLOG + KV (CEF), XML 2022-01-13
IBM Websphere Application Server Web server IBM_WEBSPHERE_APP_SERVER JSON,SYSLOG 2022-01-20
CloudM Identity and Access Management CLOUDM JSON 2022-06-09
View Change
Kemp Load Balancer Load Balancer, Traffic Shaper, ADC KEMP_LOADBALANCER SYSLOG 2021-04-04
Mimecast Email Server MIMECAST_MAIL KV 2022-03-07
Palo Alto Networks Traps EDR PAN_EDR JSON 2020-03-17
Silverfort Authentication Platform Identity and Access Management SILVERFORT CEF Syslog 2022-01-18
Digital Shadows Indicators IOC DIGITAL_SHADOWS_IOC JSON 2022-04-23
Juniper Junos Network Device JUNIPER_JUNOS SYSLOG + KV 2022-05-02
View Change
Cisco Prime Network Management and Optimization CISCO_PRIME SYSLOG 2021-05-21
CIS Albert Alerts Alerts CIS_ALBERT_ALERT SYSLOG 2022-05-20
View Change