Supported log types and default parsers

This document contains information about Chronicle SIEM integrations for data ingestion. It summarizes the devices, and the associated ingestion label (log_type) field in the Ingestion API and data_type in a Forwarder configuration), that Chronicle SIEM supports.

Supported log types with a default parser

Parsers normalize raw log data into structured Unified Data Model format. This section lists supported devices, and the associated ingestion label (log_type field in the Ingestion API and data_type in a Forwarder configuration), that also have a prebuilt default parser. The default parser is supported by Chronicle as long as the device's raw logs are received in the required format.

For a list of supported log types without a default parser, see Supported log types without a default parser.

The Format column indicates the high-level structure of the raw log, as:

  • CSV: Comma Separated Values
  • JSON: JavaScript Object Notation
  • SYSLOG: syslog formatted message
  • KV: key-value pair
  • XML: Extensible Markup Language
  • SYSLOG + KV: syslog header with key-value body
  • SYSLOG + JSON: syslog header with JSON body
  • SYSLOG + XML: syslog header with XML body
  • LEEF: Log Event Extended Format
  • CEF: Common Event Format

These changes are applied to newly ingested logs. Parser changes are not applied retroactively to previously ingested logs.

Vendor / Product Category Ingestion label Format Latest Update
RH-ISAC IOC RH_ISAC_IOC JSON 2024-03-07
View Change
AWS Identity and Access Management (IAM) AWS Specific AWS_IAM JSON 2023-12-14
View Change
McAfee ePolicy Orchestrator Policy Management MCAFEE_EPO SYSLOG + XML, CSV, KV 2023-10-15
View Change
Suricata IDS IDS/IPS SURICATA_IDS JSON 2023-11-23
View Change
Tanium Comply Tanium Specific TANIUM_COMPLY JSON 2022-08-18
View Change
Juniper Junos Network Device JUNIPER_JUNOS SYSLOG + KV 2023-10-25
View Change
Static IP DHCP ASSET_STATIC_IP CSV 2023-06-16
View Change
CA LDAP Web server CA_LDAP JSON 2022-08-19
View Change
Stealthbits Defend Security System for Active Directory and File Systems. STEALTHBITS_DEFEND SYSLOG + KV (LEEF, CEF) 2022-11-17
View Change
Unifi AP Switches and Routers UNIFI_AP SYSLOG + KV, SYSLOG + JSON 2022-05-24
View Change
Azure SQL Database AZURE_SQL JSON 2022-02-08
Jamf Protect Telemetry Endpoint Security JAMF_TELEMETRY JSON 2023-11-29
View Change
Nokia Router Switches and Routers NOKIA_ROUTER SYSLOG + KV 2023-11-27
View Change
Nutanix Prism Firewall NUTANIX_PRISM JSON, SYSLOG 2024-02-21
View Change
Cylance Protect Alerts CYLANCE_PROTECT SYSLOG + KV 2022-09-06
View Change
Check Point Sandblast EDR CHECKPOINT_EDR SYSLOG + KV 2022-09-07
View Change
Desynova Contido Switches DESYNOVA_CONTIDO SYSLOG + JSON 2023-09-19
View Change
Recorded Future IOC RECORDED_FUTURE_IOC JSON 2021-11-17
Azion Firewall AZION JSON 2023-09-30
View Change
McAfee IPS IDS/IPS MCAFEE_IPS SYSLOG 2021-04-15
Evision FircoSoft Infrastructure EVISION_FIRCOSOFT SYSLOG 2023-11-22
View Change
Open Cybersecurity Schema Framework (OCSF) Schema OCSF JSON 2023-10-30
View Change
Snort IDS/IPS SNORT_IDS SYSLOG + JSON 2022-09-22
View Change
F5 Advanced Firewall Management Firewall F5_AFM SYSLOG + CSV 2023-09-11
View Change
Windows Event Endpoint WINEVTLOG JSON + KV + XML 2024-03-13
View Change
Zeek TSV Format Specific BRO_TSV SYSLOG + TSV 2022-01-31
FortiGate Firewall FORTINET_FIREWALL JSON, SYSLOG + KV 2024-03-07
View Change
Windows Defender AV AV / Endpoint WINDOWS_DEFENDER_AV JSON, XML 2024-01-30
View Change
Fortinet DHCP FORTINET_DHCP KV 2022-11-21
View Change
Net Suite WAF NET_SUITE kv 2023-08-02
View Change
Corelight NDR CORELIGHT JSON 2024-02-26
View Change
Alcatel Switch Privileged Account Activity ALCATEL_SWITCH SYSLOG 2024-03-11
View Change
AWS Elastic Load Balancer AWS Specific AWS_ELB SYSLOG 2022-05-27
View Change
Check Point Harmony Remote Access Tools CHECKPOINT_HARMONY SYSLOG+KV 2023-11-10
View Change
Cisco DHCP DHCP CISCO_DHCP SYSLOG + CSV 2022-02-07
Microsoft Defender For Cloud Automation and DevOps Tools MICROSOFT_DEFENDER_CLOUD_ALERTS JSON 2024-02-15
EPIC Systems Discovery and Monitoring EPIC LEEF + KV 2022-10-31
View Change
Qualys Scan Vulnerability scanner QUALYS_SCAN JSON 2023-04-21
View Change
Netskope Web Proxy Web Proxy NETSKOPE_WEBPROXY SYSLOG, SYSLOG+JSON, JSON 2024-02-26
View Change
Cloud Run Google Cloud Specific GCP_RUN JSON 2024-01-22
View Change
Absolute Mobile Device Management Mobile Device Management ABSOLUTE SYSLOG + KV (CEF) 2023-07-07
View Change
SiteMinder Web Access Management SSO CA_SSO_WEB JSON 2022-08-08
View Change
XAMS by Xiting Log Aggregator XITING_XAMS SYSLOG 2024-03-13
View Change
McAfee Unified Cloud Edge SaaS Application MCAFEE_UCE JSON 2021-07-20
Mobile Endpoint Security Mobile Endpoint Security LOOKOUT_MOBILE_ENDPOINT_SECURITY CEF 2024-03-07
View Change
Carbon Black App Control Security log CB_APP_CONTROL CEF, JSON 2022-07-01
View Change
Akamai Cloud Monitor Load Balancer, Traffic Shaper, ADC AKAMAI_CLOUD_MONITOR JSON 2023-09-16
View Change
Recordia Telephone software RECORDIA JSON 2024-01-30
View Change
Thales MFA Authentication THALES_MFA SYSLOG + KV (CEF) 2022-07-13
View Change
Okta User Context Identity and Access Management OKTA_USER_CONTEXT JSON 2023-08-16
View Change
Cisco NX-OS OS CISCO_NX_OS SYSLOG 2023-08-11
View Change
Kaspersky AV AV / Endpoint KASPERSKY_AV KV + CEF 2023-10-13
View Change
Workday Audit Logs Audit And Compliance WORKDAY_AUDIT CSV 2023-12-08
View Change
Imperva Advanced Bot Protection Bot Protection IMPERVA_ABP JSON 2023-07-21
View Change
Ping Federate Authentication PING_FEDERATE CSV 2023-04-24
View Change
Kolide Endpoint Security Security KOLIDE JSON 2023-10-25
View Change
Barracuda Web Filter Webfilter BARRACUDA_WEBFILTER SYSLOG 2023-07-20
View Change
Illumio Core Policy Management ILLUMIO_CORE JSON, SYSLOG and SYSLOG+JSON. 2024-02-21
View Change
Solaris system OS SOLARIS_SYSTEM SYSLOG 2024-02-13
View Change
AlphaSOC Alert ASOC_ALERT JSON 2021-06-21
GMAIL Logs Google Cloud Specific GMAIL_LOGS JSON 2023-12-22
View Change
Windows Network Policy Server Authentication WINDOWS_NET_POLICY_SERVER SYSLOG, JSON, SYSLOG + XML 2022-11-21
View Change
Cisco Meraki Wireless CISCO_MERAKI SYSLOG, JSON 2024-02-06
View Change
Oracle Cloud Infrastructure Audit Logs Oracle Cloud Infrastructure OCI_AUDIT JSON 2023-09-29
View Change
Neo4j Database management system NEO4J JSON 2023-12-07
View Change
VMware vCenter Server VMWARE_VCENTER SYSLOG + JSON 2023-11-13
View Change
Cisco Umbrella IP Web Proxy UMBRELLA_IP SYSLOG 2022-08-22
View Change
TCPWave DDI Secure ddi TCPWAVE_DDI SYSLOG + JSON 2022-09-27
View Change
Accellion DLP ACCELLION SYSLOG 2022-09-30
View Change
tenable.io Vulnerability Scanner TENABLE_IO JSON 2023-01-02
View Change
Sophos AV AV / Endpoint SOPHOS_AV CSV, JSON 2022-07-27
View Change
Bitwarden Events Password Manager BITWARDEN_EVENTS JSON 2023-11-09
View Change
Azure WAF Log Aggregator AZURE_WAF JSON 2023-07-14
View Change
Citrix Storefront Remote Access Tools CITRIX_STOREFRONT JSON 2022-07-22
View Change
IBM Security QRadar SIEM Security Log IBM_QRADAR SYSLOG 2023-05-18
View Change
Symantec CloudSOC CASB CASB SYMANTEC_CASB SYSLOG + JSON 2024-02-19
View Change
Microsoft AD LDAP WINDOWS_AD JSON 2024-01-31
View Change
CloudM Identity and Access Management CLOUDM JSON 2022-06-09
View Change
Fluentd Logs Log Aggregator FLUENTD SYSLOG + JSON 2023-11-29
View Change
Cisco CTS Telephone Software CISCO_CTS SYSLOG + KV 2021-05-20
Sentinelone Alerts Endpoint Security SENTINELONE_ALERT JSON 2024-03-12
View Change
VanDyke SFTP Data Transfer VANDYKE_SFTP JSON, SYSLOG 2022-03-25
View Change
Dell EMC Data Domain Storage system DELL_EMC_DATA_DOMAIN SYSLOG + KV 2022-07-08
View Change
Workspace Groups Google Cloud Specific WORKSPACE_GROUPS JSON 2023-11-29
View Change
Juniper IPS IDS/IPS JUNIPER_IPS SYSLOG + KV 2022-05-26
View Change
Cisco IronPort Gateway Security CISCO_IRONPORT SYSLOG + CSV 2024-02-07
View Change
Cisco Switch Switches, Routers CISCO_SWITCH SYSLOG 2023-12-08
View Change
Office 365 SaaS Application OFFICE_365 JSON 2024-03-13
View Change
CommVault Commcell Alert System COMMVAULT_COMMCELL KV , SYSLOG 2024-01-24
View Change
AWS Session Manager AWS Specific AWS_SESSION_MANAGER SYSLOG 2023-06-14
View Change
BloxOne Threat Defense DNS BLOXONE SYSLOG + JSON 2024-01-18
View Change
McAfee MVISION CASB CLOUD SECURITY MCAFEE_MVISION_CASB KV 2023-06-22
View Change
Airlock Digital Application Allowlisting Application Whitelisting AIRLOCK_DIGITAL SYSLOG 2023-02-22
View Change
Ntopng NDR NTOPNG SYSLOG + JSON 2024-02-01
View Change
SecureLink Remote Access Tools SECURELINK SYSLOG 2023-09-13
View Change
Cisco Vision Dynamic Signage Director Content and Delivery Management CISCO_STADIUMVISION SYSLOG, SYSLOG+KV 2023-05-12
View Change
Tenable Active Directory Security Tenable Active Directory Security TENABLE_ADS SYSLOG 2023-11-06
View Change
ESET EDR ESET_EDR SYSLOG + JSON 2022-05-10
View Change
VPC Flow Logs Google Cloud Specific GCP_VPC_FLOW JSON 2023-05-23
View Change
OpenCanary Data Security OPENCANARY SYSLOG + JSON 2024-03-11
View Change
Workspace Activities Google Cloud Specific WORKSPACE_ACTIVITY JSON 2024-03-06
View Change
Apache Hadoop open-source software HADOOP SYSLOG + KV 2023-06-05
View Change
RSA Identity and Access Management RSA_AUTH_MANAGER CSV 2022-08-09
View Change
DMP Physical Security DMP_ENTRE SYSLOG 2020-09-23
Slack Audit Productivity SLACK_AUDIT JSON 2023-10-27
View Change
Custom DNS DNS CUSTOM_DNS JSON 2022-08-05
View Change
Infoblox DHCP DHCP INFOBLOX_DHCP SYSLOG 2024-01-10
View Change
Sophos Firewall (Next Gen) Firewall SOPHOS_FIREWALL KV 2023-11-20
View Change
IBM Informix DATABASE INFORMIX JSON + SYSLOG 2022-02-18
Shibboleth IDP Identity and Access Management SHIBBOLETH_IDP SYSLOG, JSON 2024-03-11
View Change
McAfee Skyhigh CASB CASB MCAFEE_SKYHIGH_CASB SYSLOG + KV 2023-06-17
View Change
Proofpoint Email Filter Email Server PROOFPOINT_MAIL_FILTER KV 2022-10-03
View Change
Digital Guardian EDR EDR DIGITALGUARDIAN_EDR KV 2022-12-07
View Change
FireEye Alerts FIREEYE_ALERT SYSLOG + JSON, JSON 2024-02-26
View Change
Microsoft SQL Server Database MICROSOFT_SQL SYSLOG + KV, JSON 2023-12-20
View Change
Palo Alto Cortex XDR Events Monitoring and Threat Detection PAN_CORTEX_XDR_EVENTS JSON 2023-12-15
View Change
Cisco Firepower NGFW Firewall CISCO_FIREPOWER_FIREWALL SYSLOG + KV, SYSLOG + JSON, JSON 2024-01-04
View Change
F5 VPN VPN F5_VPN SYSLOG 2022-07-22
View Change
PostFix Mail Email Server POSTFIX_MAIL SYSLOG 2022-10-06
View Change
Zix Email Encryption Email Server ZIX_EMAIL_ENCRYPTION SYSLOG 2022-11-05
View Change
Palo Alto Prisma Access Cloud Security PAN_CASB JSON 2022-11-25
View Change
Unbound DNS DNS UNBOUND_DNS SYSLOG 2020-06-09
Avanan Email Security Email Server AVANAN_EMAIL JSON 2022-07-12
View Change
CSV Custom IOC IOC CSV_CUSTOM_IOC CSV 2024-02-15
View Change
Oracle Cloud Infrastructure VCN Flow Logs Oracle Cloud Infrastructure OCI_FLOW JSON 2023-04-29
View Change
Palo Alto Prisma Cloud Alert payload Cloud Security PAN_PRISMA_CA JSON 2023-12-10
View Change
Broadcom SSL Visibility Appliance SSL Visibility BROADCOM_SSL_VA SYSLOG 2022-09-26
View Change
Wazuh Log Aggregator WAZUH SYSLOG + JSON 2024-03-04
View Change
CIS Albert Alerts Alerts CIS_ALBERT_ALERT SYSLOG 2022-10-10
View Change
Splunk Platform Security log SPLUNK JSON 2023-11-29
View Change
BigQuery Google Cloud Resources Contexts N/A JSON 2022-03-03
Cloud Load Balancing Google Cloud Specific GCP_LOADBALANCING JSON 2024-02-14
View Change
Attivo Networks NETWORK ATTIVO SYSLOG + KV (CEF) 2023-08-14
View Change
RSA NetWitness PLATFORM CONFIGURATION RSA_NETWITNESS SYSLOG 2022-10-18
View Change
Quest Active Directory Authentication log QUEST_AD CEF SYSLOG + JSON 2024-02-09
View Change
AIX system OS AIX_SYSTEM SYSLOG 2023-06-21
View Change
Aruba IPS IPS ARUBA_IPS JSON 2022-06-16
View Change
Sysdig Security SYSDIG JSON 2024-01-05
View Change
CA ACF2 Mainframe CA_ACF2 LEEF 2022-05-24
View Change
Tanium Asset Tanium Specific TANIUM_ASSET JSON, SYSLOG + KV 2024-02-27
View Change
Ribbon Analytics Platform Telephone Software RIBBON_ANALYTICS_PLATFORM SYSLOG 2022-09-09
View Change
Cisco PIX Firewall Firewall CISCO_PIX_FIREWALL SYSLOG 2023-05-23
View Change
BIND DNS BIND_DNS SYSLOG 2024-02-24
View Change
Azure Key Vault logging Audit AZURE_KEYVAULT_AUDIT JSON 2024-02-27
View Change
Azure AD Organizational Context LDAP AZURE_AD_CONTEXT JSON 2024-01-12
View Change
Chrome Management Browser N/A JSON 2024-03-13
View Change
Microsoft Defender for Endpoint EDR MICROSOFT_DEFENDER_ENDPOINT JSON 2024-03-07
View Change
Cloud Functions Context Google Cloud Specific GCP_CLOUD_FUNCTIONS_CONTEXT JSON 2023-07-26
View Change
AWS Network Firewall Firewall AWS_NETWORK_FIREWALL JSON 2023-05-05
View Change
Digital Shadows SearchLight Threat Intelligence DIGITAL_SHADOWS_SEARCHLIGHT JSON 2022-05-02
Sophos Intercept EDR EDR logs SOPHOS_EDR JSON 2022-12-27
View Change
FireEye ETP Email Server FIREEYE_ETP JSON 2024-03-07
View Change
Rapid7 Insight Vulnerability Scanner RAPID7_INSIGHT SYSLOG, JSON 2023-05-05
View Change
Menlo Security Web Proxy MENLO_SECURITY JSON 2023-08-03
View Change
Saiwall VPN VPN SAIWALL_VPN KV 2023-10-29
View Change
Cloud DNS Google Cloud Specific N/A JSON 2023-05-12
View Change
Cloud SQL Context Google Cloud Specific GCP_SQL_CONTEXT JSON 2023-07-26
View Change
CloudGenix SD-WAN Switches, Routers CLOUDGENIX_SDWAN SYSLOG + KV 2022-09-08
View Change
Workday SaaS Application WORKDAY JSON 2022-09-15
View Change
Microsoft Azure Resource Log Aggregator AZURE_RESOURCE_LOGS JSON 2024-03-13
View Change
AWS CloudFront CDN AWS_CLOUDFRONT SYSLOG 2022-05-27
View Change
Oracle Unified Directory ORACLE OUD ORACLE_OUD SYSLOG 2023-09-11
View Change
Cisco UCS OS logs CISCO_UCS SYSLOG 2022-07-04
View Change
Azure AD LDAP AZURE_AD JSON 2024-02-26
View Change
Stealthbits Audit File system monitoring STEALTHBITS_AUDIT JSON 2021-11-09
Proofpoint Threat Response Email Server PROOFPOINT_TRAP SYSLOG 2023-05-26
View Change
Cloud Passage SaaS Application CLOUD_PASSAGE JSON 2022-06-30
View Change
Salesforce SaaS Application SALESFORCE KV (LEEF), CSV 2024-03-06
View Change
F5 Shape Security log F5_SHAPE JSON 2022-02-21
Custom Application Access Logs Security CUSTOM_APPLICATION_ACCESS JSON 2024-03-11
View Change
CrowdStrike Falcon EDR CS_EDR JSON 2024-02-21
View Change
SAP Netweaver Database SAP_NETWEAVER JSON 2023-05-03
View Change
ESET AV ESET_AV ESET_AV SYSLOG + JSON 2023-01-10
View Change
Citrix Netscaler Load Balancer, Traffic Shaper, ADC CITRIX_NETSCALER SYSLOG + KV 2024-02-23
View Change
Resource Manager Context Google Cloud Specific GCP_RESOURCE_MANAGER_CONTEXT JSON 2023-07-26
View Change
IAM Context Google Cloud Specific N/A JSON 2024-03-13
View Change
Aruba EdgeConnect SD-WAN Network Security ARUBA_EDGECONNECT_SDWAN SYSLOG + CSV 2023-05-03
View Change
Red Hat OpenShift Kubernetes Container REDHAT_OPENSHIFT SYSLOG 2022-08-17
View Change
Cisco Web Services Manager CISCO_WSM CISCO_WSM SYSLOG 2023-10-05
View Change
Armis Activities ACTIVITIES ARMIS_ACTIVITIES JSON 2023-02-07
View Change
Symantec Web Security Service Web Proxy SYMANTEC_WSS JSON 2024-01-23
View Change
Cisco Application Centric Infrastructure CISCO ACI CISCO_ACI JSON, SYSLOG 2022-09-26
View Change
CENSYS NDR CENSYS SYSLOG + KV 2024-02-03
View Change
Microsoft Graph API Alerts Gateway to data and intelligence MICROSOFT_GRAPH_ALERT JSON 2024-02-23
View Change
Thales Luna Hardware Security Module THALES_LUNA_HSM specific THALES_LUNA_HSM JSON/SYSLOG 2022-12-02
View Change
AWS VPC Flow AWS Specific AWS_VPC_FLOW SYSLOG 2023-04-06
View Change
Okera Dynamic Access Platform Data Security OKERA_DAP JSON 2023-01-29
View Change
Forcepoint NGFW Network FORCEPOINT_FIREWALL JSON 2023-02-16
View Change
Cisco Stealthwatch Log Aggregator CISCO_STEALTHWATCH JSON 2023-06-19
View Change
Kiteworks Network KITEWORKS SYSLOG, CSV 2023-11-10
View Change
Apache Security APACHE SYSLOG + JSON 2024-01-25
View Change
WordPress Configuration Management WORDPRESS_CMS JSON 2023-05-25
View Change
Microsoft Azure Activity Misc Windows Specific AZURE_ACTIVITY JSON 2024-03-13
View Change
ClamAV AV / Endpoint CLAM_AV JSON 2022-02-07
Arcsight CEF Security log ARCSIGHT_CEF CEF Syslog 2024-02-18
View Change
reCAPTCHA Enterprise Access Management GCP_RECAPTCHA_ENTERPRISE JSON 2024-02-12
View Change
Proofpoint Tap Alerts Email Server PROOFPOINT_MAIL JSON 2023-06-26
View Change
Linux DHCP DHCP LINUX_DHCP SYSLOG 2023-11-10
View Change
Onapsis SAP ONAPSIS JSON , SYSLOG , KV 2023-12-08
View Change
Tanium Stream Tanium Specific TANIUM_TH JSON 2023-12-18
View Change
Datto File Protection DATTO_FILE_PROTECTION DATTO_FILE_PROTECTION SYSLOG 2022-08-22
View Change
Ipswitch SFTP Data Transfer IPSWITCH_SFTP SYSLOG, JSON 2022-09-05
View Change
Clearswift Information Security CLEARSWIFT SYSLOG 2023-11-22
View Change
IBM DataPower Gateway API Gateway IBM_DATAPOWER JSON, SYSLOG 2023-11-09
View Change
JumpCloud Directory Insights CLOUD JUMPCLOUD_DIRECTORY_INSIGHTS JSON 2024-01-10
View Change
Cloud Identity Devices Google Cloud Specific GCP_CLOUDIDENTITY_DEVICES JSON 2022-04-13
View Change
Palo Alto Cortex XDR Alerts NDR CORTEX_XDR JSON, SYSLOG + KV 2024-03-11
View Change
Peplink Firewall Firewall PEPLINK_FW SYSLOG + KV 2023-08-17
View Change
ZScaler NGFW Firewall ZSCALER_FIREWALL SYSLOG + KV (CEF), CSV 2023-09-12
View Change
NetApp SAN Rest api NETAPP_SAN SYSLOG 2023-04-25
View Change
Microsoft System Center Endpoint Protection Malware Detection MICROSOFT_SCEP KV 2024-03-12
View Change
Tanium Integrity Monitor Tanium Specific TANIUM_INTEGRITY_MONITOR JSON 2022-10-12
View Change
Proofpoint On Demand Email Server PROOFPOINT_ON_DEMAND JSON 2023-11-13
View Change
BeyondTrust Privilege Account Activity BOMGAR SYSLOG 2024-01-12
View Change
Imperva Database Cloud Application and Edge Security IMPERVA_DB SYSLOG, SYSLOG+JSON 2024-01-21
View Change
Netskope CASB CASB NETSKOPE_CASB JSON 2024-02-12
View Change
Tenable Security Center Vulnerability Scanner TENABLE_SC SYSLOG 2021-05-18
Brocade ServerIron ADX Load Balancer BROCADE_SERVERIRON SYSLOG 2022-01-13
Microsoft Exchange Email Server EXCHANGE_MAIL SYSLOG 2024-03-01
View Change
McAfee Web Protection SaaS Application MCAFEE_WEB_PROTECTION JSON 2022-09-22
View Change
Thales Vormetric Encryption VORMETRIC SYSLOG 2021-12-17
Squid Web Proxy Web Proxy SQUID_WEBPROXY SYSLOG 2022-10-30
View Change
AlgoSec Security Management Policy Management ALGOSEC SYSLOG + KV (CEF) 2022-11-27
View Change
IBM Security Access Manager WAF IBM_SAM SYSLOG 2024-03-08
View Change
Automation Anywhere Automation Tools AUTOMATION_ANYWHERE SYSLOG + KV 2021-04-28
Cloud Identity Device Users Google Cloud Specific GCP_CLOUDIDENTITY_DEVICEUSERS JSON 2022-10-01
View Change
Yubico OTP Audit event YUBICO_OTP SYSLOG, JSON, CSV 2023-02-20
View Change
Cisco Firewall Services Module Firewall CISCO_FWSM SYSLOG 2023-05-05
View Change
Riverbed Steelhead Network Management and Optimization STEELHEAD JSON , SYSLOG 2024-01-12
View Change
Cisco TACACS+ Authentication CISCO_TACACS SYSLOG + KV 2022-08-09
View Change
Dell EMC Isilon NAS Storage DELL_EMC_NAS SYSLOG 2023-07-21
View Change
Armis Vulnerabilities VULNERABILITIES ARMIS_VULNERABILITIES JSON 2023-02-07
View Change
OpenVPN Network OPEN_VPN SYSLOG + KV + JSON 2023-11-27
View Change
Barracuda WAF Firewall BARRACUDA_WAF JSON, SYSLOG + KV 2023-07-19
View Change
Cisco Wireless IPS Cisco Wips CISCO_WIPS SYSLOG + KV 2023-11-17
View Change
AWS EC2 Hosts AWS Specific AWS_EC2_HOSTS JSON 2024-01-31
View Change
Proofpoint Observeit Email Server OBSERVEIT JSON, KV 2023-12-15
View Change
Fortinet Web Application Firewall WEB FORTINET_FORTIWEB KV 2024-01-09
View Change
Cloudflare WAF Cloud Log CLOUDFLARE_WAF JSON 2023-08-30
View Change
Medigate IoT IoT MEDIGATE_IOT SYSLOG + JSON 2023-12-08
View Change
Dataminr Alerts SAAS Security Application DATAMINR_ALERT JSON 2024-02-14
View Change
Microsoft Azure NSG Flow Network Flow AZURE_NSG_FLOW JSON 2022-04-18
View Change
Seqrite Endpoint Security (EPS) AV and endpoint logs SEQRITE_ENDPOINT LEEF 2023-03-24
View Change
Duo Telephony Logs Identity and Access Management DUO_TELEPHONY JSON 2023-08-24
View Change
VeridiumID by Veridium Authentication Software VERIDIUM_ID Syslog + KV 2024-03-07
View Change
STIX Threat Intelligence Cybersecurity Threats STIX SYSLOG + KV (CEF) 2024-03-06
View Change
Teleport Access Plane Remote Access TELEPORT_ACCESS_PLANE SYSLOG 2023-11-17
View Change
Saviynt Enterprise Identity Cloud Endpoints SAVIYNT_EIP JSON, JSON+KV 2023-06-05
View Change
VMware Tanzu Kubernetes Grid IDS/IPS VMWARE_TANZU JSON + SYSLOG+JSON 2023-09-08
View Change
Palo Alto Prisma Cloud SECURITY PLATFORM PAN_PRISMA_CLOUD JSON 2024-02-21
View Change
Pulse Secure Virtual Traffic Manager Traffic Shapers PULSE_SECURE_VTM SYSLOG 2023-11-03
View Change
Aruba Airwave Wireless ARUBA_AIRWAVE XML 2023-12-06
View Change
Crowdstrike IOC IOC CROWDSTRIKE_IOC JSON 2023-08-23
View Change
AWS RDS Database AWS_RDS SYSLOG 2023-04-24
View Change
Oracle Cloud Infrastructure Oracle Cloud Infrastructure ORACLE_CLOUD_AUDIT JSON 2023-10-30
View Change
Open LDAP LDAP OPENLDAP SYSLOG 2023-07-18
View Change
Solarwinds Kiwi Syslog Server Security Log SOLARWINDS_KSS SYSLOG + KV 2022-11-16
View Change
File Scanning Framework File scanning FILE_SCANNING_FRAMEWORK JSON 2021-09-27
Splunk Attack Analyzer CLOUD SECURITY SPLUNK_ATTACK_ANALYZER JSON 2024-03-12
View Change
CommVault Alert System COMMVAULT KV , SYSLOG 2023-11-10
View Change
Synology DATA STORAGE SYNOLOGY SYSLOG 2024-01-16
View Change
GCP_NETWORK_CONNECTIVITY Computer Inventory GCP_NETWORK_CONNECTIVITY_CONTEXT JSON 2023-06-13
View Change
Vectra Stream NDR VECTRA_STREAM SYSLOG + KV 2024-02-26
View Change
CoSoSys Protector Endpoint Detection ENDPOINT_PROTECTOR_DLP SYSLOG + KV 2023-04-17
View Change
Workspace Privileges Google Cloud Specific WORKSPACE_PRIVILEGES JSON 2023-11-29
View Change
Windows DNS DNS WINDOWS_DNS JSON, XML, SYSLOG + KV 2024-03-13
View Change
Network Policy Server Network Policy Server MICROSOFT_NPS JSON 2024-03-12
View Change
DNSFilter Data Transfer DNSFILTER CSV 2023-10-27
View Change
AWS Key Management Service AWS Specific AWS_KMS JSON 2022-05-27
View Change
Sourcefire IDS/IPS SOURCEFIRE_IDS JSON, CEF 2024-03-07
View Change
Netfilter IPtables Firewall NETFILTER_IPTABLES SYSLOG + KV 2023-10-12
View Change
Cisco Umbrella Cloud Firewall Firewall UMBRELLA_FIREWALL CSV 2022-09-02
View Change
AMD Pensando DSS Firewall Firewall AMD_DSS_FIREWALL SYSLOG + CSV 2023-05-08
View Change
Cisco Umbrella Audit Firewall and Security Management CISCO_UMBRELLA_AUDIT CSV 2024-01-10
View Change
Sophos Capsule8 Container Security SOPHOS_CAPSULE8 JSON 2021-12-22
VMware ESXi Hypervisor VMWARE_ESX SYSLOG 2024-02-07
View Change
Vectra Detect NDR VECTRA_DETECT SYSLOG + JSON + CEF 2024-03-04
View Change
ADVA Fiber Service Platform Switches and Routers ADVA_FSP SYSLOG+KV 2023-12-18
View Change
Google Cloud IAM Analysis Google Cloud Resources Contexts N/A JSON 2023-02-27
View Change
VMware Workspace ONE Logging and Troubleshooting VMWARE_WORKSPACE_ONE SYSLOG 2023-08-04
View Change
Armis Devices DEVICES ARMIS_DEVICES JSON 2023-03-02
View Change
ProofPoint Secure Email Relay Email server PROOFPOINT_SER JSON 2023-08-29
View Change
Nasuni File Services Platform Data Transfer NASUNI_FILE_SERVICES SYSLOG + JSON 2022-08-21
View Change
Cisco Router Switches, Routers CISCO_ROUTER SYSLOG 2023-11-10
View Change
Security Command Center Threat Google Cloud Specific N/A JSON 2024-02-28
View Change
Men and Mice DNS DNS MENANDMICE_DNS SYSLOG 2021-11-12
Qualys Asset Context Vulnerability Scanner QUALYS_ASSET_CONTEXT JSON 2023-08-01
View Change
Watchguard EDR EDR WATCHGUARD_EDR JSON 2024-02-05
View Change
1Password Identity and Access Management ONEPASSWORD JSON 2023-06-07
View Change
Active Countermeasures Alert AI_HUNTER SYSLOG 2020-12-08
SentinelOne EDR EDR SENTINEL_EDR SYSLOG + JSON 2023-11-09
View Change
Skybox Firewall Assurance Firewall SKYBOX_FIREWALL_ASSURANCE SYSLOG + KV 2023-09-07
View Change
CrowdStrike Falcon Stream Alerts CS_STREAM KV (LEEF) 2022-07-18
View Change
AWS EC2 VPCs AWS Specific AWS_EC2_VPCS JSON 2024-01-31
AWS GuardDuty IDS/IPS GUARDDUTY JSON 2024-03-11
View Change
Microsoft ATA IDS/IPS MICROSOFT_ATA SYSLOG + KV 2024-01-29
View Change
Symantec Event export SEP SYMANTEC_EVENT_EXPORT JSON, SYSLOG 2023-11-07
View Change
Proofpoint Sendmail Sentrion Email server PROOFPOINT_SENDMAIL_SENTRION SYSLOG 2024-03-07
View Change
Oracle DATABASE ORACLE_DB SYSLOG + KV 2023-10-25
View Change
Bluecat DDI DDI (DNS, DHCP, IPAM) BLUECAT_DDI SYSLOG 2022-11-08
View Change
FireEye PX Firewall FIREEYE_PX JSON 2024-01-05
View Change
Zscaler Tunnel N/A ZSCALER_TUNNEL JSON 2024-01-01
View Change
Cisco Umbrella Web Proxy Web Proxy UMBRELLA_WEBPROXY CSV 2023-10-17
View Change
Juniper MX Router Routers and Switches JUNIPER_MX SYSLOG + KV 2023-11-26
View Change
ForgeRock Identity Cloud Cloud Security FORGEROCK_IDENTITY_CLOUD JSON 2024-03-11
View Change
Carbon Black EDR CB_EDR JSON 2024-01-19
View Change
Cloudflare SaaS Application CLOUDFLARE JSON 2024-02-19
View Change
EfficientIP DDI Network EFFICIENTIP_DDI SYSLOG + KV 2022-01-24
Nucleus Asset Metadata Nucleus Specific NUCLEUS_ASSET JSON 2021-08-05
Forcepoint CASB CASB FORCEPOINT_CASB SYSLOG + CEF 2022-08-23
View Change
Opnsense Firewall and Routing Platform OPNSENSE Syslog, Syslog + CSV 2023-11-22
View Change
Anomali IOC ANOMALI_IOC JSON, CEF 2024-02-09
View Change
Zscaler CASB CASB ZSCALER_CASB JSON 2024-03-05
View Change
Shrubbery TACACS+ NETWORK MANAGEMENT SHRUBBERY_TACACS SYSLOG + KV 2022-11-08
View Change
IBM CICS Service Bus IBM_CICS LEEF 2021-10-27
IBM DB2 Database DB2_DB LEEF 2024-02-26
View Change
Microsoft CASB CASB MICROSOFT_CASB SYSLOG + KV (CEF) 2023-11-27
View Change
BMC Helix Discovery bmc helix discovery BMC_HELIX_DISCOVERY SYSLOG 2022-08-29
View Change
Dell OpenManage Systems Management Application DELL_OPENMANAGE SYSLOG + KV 2022-07-27
View Change
Atlassian Confluence Knowledge base ATLASSIAN_CONFLUENCE SYSLOG, JSON 2023-11-14
View Change
Netskope Cloud Security NETSKOPE_ALERT JSON 2024-02-19
View Change
Apache Cassandra Web server CASSANDRA JSON 2022-04-13
View Change
AWS Aurora AWS AWS_AURORA JSON 2024-01-12
View Change
Awake NDR NDR AWAKE_NDR JSON 2024-01-11
View Change
Cisco AMP AV / Endpoint CISCO_AMP JSON 2024-02-23
View Change
BeyondTrust Secure Remote Access Remote Access Tools BEYONDTRUST_REMOTE_ACCESS SYSLOG + KV 2022-09-30
View Change
Armis Alerts ALERTS ARMIS_ALERTS JSON 2023-02-07
View Change
F5 BIGIP LTM Load Balancer, Traffic Shaper, ADC F5_BIGIP_LTM SYSLOG 2024-02-23
View Change
Brocade Switch Switches BROCADE_SWITCH SYSLOG 2023-12-01
View Change
Fastly WAF WAF FASTLY_WAF JSON 2022-06-06
View Change
D3 Banking BANKING D3_BANKING JSON 2022-03-23
View Change
Firewall Rule Logging Google Cloud Specific N/A JSON 2023-11-01
View Change
NXLog Manager Log Aggregator NXLOG_MANAGER SYSLOG 2022-01-13
CrowdStrike Detection Monitoring EDR CS_DETECTS JSON 2024-01-31
View Change
Elastic Windows Event Log Beats Log Aggregator ELASTIC_WINLOGBEAT SYSLOG + JSON 2024-01-17
View Change
Archer Integrated Risk Management Risk Management Solution ARCHER_IRM SYSLOG 2022-05-04
View Change
Sierra Wireless IOT Devices SIERRA_WIRELESS SYSLOG 2023-11-23
View Change
Rubrik Backup software RUBRIK SYSLOG 2022-12-01
View Change
FireEye NX NDR FIREEYE_NX JSON 2022-05-18
View Change
IBM Websphere Application Server Web server IBM_WEBSPHERE_APP_SERVER JSON, SYSLOG 2022-01-20
ESET Threat Intelligence IOC ESET_IOC JSON 2023-10-05
View Change
Cyberark Privilege Cloud Identity & Access Management CYBERARK_PRIVILEGE_CLOUD SYSLOG + KV 2023-11-24
View Change
Dell Switch Switches, Routers DELL_SWITCH SYSLOG 2024-01-04
View Change
AWS Macie AWS-specific logs AWS_MACIE JSON 2022-08-08
View Change
Windows Defender ATP AV / Endpoint WINDOWS_DEFENDER_ATP SYSLOG + JSON, XML, JSON 2024-03-05
View Change
CircleCI Automation and DevOps Tools CIRCLECI CSV + JSON 2023-03-09
View Change
ThreatLocker Platform THREATLOCKER THREATLOCKER JSON 2023-06-18
View Change
Forseti Open Source Google Cloud Specific FORSETI JSON 2021-12-23
MySQL Database MYSQL SYSLOG 2021-04-12
IBM z/OS OS IBM_ZOS LEEF 2023-07-25
View Change
Versa Firewall FIREWALL VERSA_FIREWALL SYSLOG + KV 2023-07-03
View Change
Sophos Central AV / Endpoint SOPHOS_CENTRAL JSON 2022-12-27
View Change
Symantec EDR EDR SYMANTEC_EDR JSON 2022-03-31
View Change
ForgeRock OpenAM Identity and Access Management OPENAM CSV, SYSLOG + KV 2024-02-09
View Change
Qualys Continuous Monitoring Monitoring QUALYS_CONTINUOUS_MONITORING JSON 2022-08-30
View Change
DigitalArts i-Filter Web Proxy DIGITALARTS_IFILTER SYSLOG 2023-04-17
View Change
Windows DHCP DHCP WINDOWS_DHCP JSON, SYSLOG, CSV 2023-11-29
View Change
Snare System Diagnostic Logs Security SNARE_SOLUTIONS SYSLOG + KV 2024-01-24
View Change
AWS EMR AWS Specific AWS_EMR SYSLOG, SYSLOG+JSON, JSON 2023-12-19
View Change
ZScaler VPN VPN ZSCALER_VPN SYSLOG + CSV 2023-06-08
View Change
Zscaler Web Proxy ZSCALER_WEBPROXY SYSLOG + KV, CSV 2024-02-09
View Change
Trend Micro Apex one Endpoint Security TRENDMICRO_APEX_ONE SYSLOG + KV 2023-12-18
View Change
ISC DHCP DHCP ISC_DHCP JSON + SYSLOG + KV 2024-01-29
View Change
Cisco CloudLock CASB CISCO_CLOUDLOCK_CASB JSON 2021-10-04
FileZilla File tranfser FILEZILLA_FTP SYSLOG 2022-03-23
View Change
GitHub SaaS Application GITHUB JSON 2023-12-18
View Change
Fortinet FortiClient Security FORTINET_FORTICLIENT KV 2023-12-29
View Change
Barracuda Firewall Firewall BARRACUDA_FIREWALL SYSLOG 2022-07-08
View Change
Workspace Mobile Devices Google Cloud Specific WORKSPACE_MOBILE JSON 2023-11-29
View Change
Uptycs EDR Endpoint detection and response UPTYCS_EDR JSON 2022-07-08
View Change
Cisco Secure Workload AV and Endpoint CISCO_SECURE_WORKLOAD JSON 2024-02-12
View Change
Azure VPN VPN AZURE_VPN JSON 2023-03-07
View Change
CA Access Control Access Management CA_ACCESS_CONTROL JSON+SYSLOG, SYSLOG 2023-07-25
View Change
IBM Mainframe Storage Monitoring IBM_MAINFRAME_STORAGE 2024-03-13
View Change
Mattermost Alerts MATTERMOST JSON , SYSLOG 2023-12-15
View Change
AWS CloudWatch Cloud service monitoring AWS_CLOUDWATCH JSON, GROK 2024-02-12
View Change
Centripetal Networks IOC IOC CENTRIPETAL_IOC SYSLOG + KV 2022-01-06
Apigee Google Cloud Specific GCP_APIGEE_X JSON 2023-08-09
View Change
Barracuda Email Email Server BARRACUDA_EMAIL JSON 2024-01-08
View Change
iBoss Proxy Webproxy IBOSS_WEBPROXY SYSLOG + JSON 2023-08-22
View Change
Akamai WAF WAF AKAMAI_WAF SYSLOG 2024-03-01
View Change
Passive DNS DNS PASSIVE_DNS JSON 2021-05-19
Microsoft Sentinel Microsoft Sentinel MICROSOFT_SENTINEL JSON 2023-11-03
View Change
Palo Alto Networks Firewall Firewall PAN_FIREWALL CSV + CEF + LEEF 2024-03-13
View Change
Cisco ACS Authentication CISCO_ACS SYSLOG + KV 2023-09-26
View Change
Tanium Insight Tanium Specific TANIUM_INSIGHT SYSLOG + KV 2021-03-10
Zeek JSON DNS BRO_JSON JSON 2024-01-31
View Change
Stealthbits PAM Privileged Access Management Solution STEALTHBITS_PAM CEF + KV 2023-11-07
View Change
Elastic Audit Beats ALERTING ELASTIC_AUDITBEAT JSON 2023-09-04
View Change
Unix system OS NIX_SYSTEM SYSLOG , JSON 2024-02-08
View Change
Okta Identity and Access Management OKTA JSON 2024-03-05
View Change
PAN Autofocus IOC PAN_IOC JSON 2021-08-09
Mobileiron ENDPOINT MANAGEMENT MOBILEIRON JSON 2023-02-02
View Change
ManageEngine ADAudit Plus Active Directory Audit ADAUDIT_PLUS SYSLOG + KV (CEF) 2024-01-19
View Change
Emerging Threats Pro IOC ET_PRO_IOC CSV 2022-11-28
View Change
Kubernetes Audit K8s cluster audit logs KUBERNETES_AUDIT JSON 2023-08-21
View Change
Akamai Enterprise Application Access Enterprise Application Access AKAMAI_EAA JSON 2023-11-14
View Change
Windows Applocker Application Locker WINDOWS_APPLOCKER SYSLOG + KV + JSON + XML 2023-10-17
View Change
Ubiquiti UniFi Switch Switch UBIQUITI_SWITCH SYSLOG 2023-11-21
View Change
WindChill Lifecycle Management Software WINDCHILL SYSLOG 2024-02-09
View Change
Arista Switch Switches ARISTA_SWITCH JSON+SYSLOG 2022-08-03
View Change
Tanium Patch Tanium Specific TANIUM_PATCH JSON 2022-02-08
Kubernetes Audit Azure Log Aggregator KUBERNETES_AUDIT_AZURE JSON 2024-01-11
View Change
Cloudflare Audit SaaS Application CLOUDFLARE_AUDIT JSON 2023-11-27
View Change
Azure AD Directory Audit Audit AZURE_AD_AUDIT JSON 2024-03-12
View Change
NetApp ONTAP Rest api NETAPP_ONTAP SYSLOG 2023-04-03
View Change
HPE ILO Server Management HPE_ILO SYSLOG 2023-11-27
View Change
F5 ASM WAF F5_ASM SYSLOG 2024-02-27
View Change
VMware Horizon VDI VMWARE_HORIZON SYSLOG 2022-08-15
View Change
Forcepoint DLP Forcepoint DLP FORCEPOINT_DLP CEF 2022-11-07
View Change
Department of Homeland Security Threat detection DHS_IOC XML 2023-07-31
View Change
Cloud Storage Context Google Cloud Specific N/A JSON 2023-04-13
View Change
Juniper Mist Network Management and Optimization software JUNIPER_MIST JSON 2023-02-24
View Change
McAfee DLP DLP MCAFEE_DLP CSV 2022-04-13
View Change
Atlassian Jira Ticketing Application ATLASSIAN_JIRA SYSLOG, JSON 2023-12-12
View Change
Island Browser logs Web Browser ISLAND_BROWSER JSON 2023-09-04
View Change
Palo Alto Networks Traps EDR PAN_EDR CSV + KV 2022-08-22
View Change
SecureAuth SSO SECUREAUTH_SSO SYSLOG, XML 2023-07-09
View Change
Linux Auditing System (AuditD) OS AUDITD SYSLOG 2023-11-27
View Change
SOTI MobiControl Mobile Device Management SOTI_MOBICONTROL SYSLOG 2023-09-08
View Change
Cisco Application Control Engine Load Balancer, Traffic Shaper, ADC CISCO_ACE SYSLOG 2022-09-15
View Change
Windows Local Administrator Password Solution Local Administrator Password Solution MICROSOFT_LAPS JSON 2024-03-07
View Change
Office 365 Message Trace OFFICE_365 Specific OFFICE_365_MESSAGETRACE JSON 2023-05-10
View Change
Pulse Secure VPN PULSE_SECURE_VPN SYSLOG 2024-02-26
View Change
Trend Micro Vision One AV and endpoint logs TRENDMICRO_VISION_ONE SYSLOG + KV, CEF 2023-03-24
View Change
Symantec Endpoint Protection AV / Endpoint SEP SYSLOG 2023-11-28
View Change
IBM Tivoli Monitoring IBM_TIVOLI JSON, SYSLOG 2023-06-12
View Change
Cloud Intrusion Detection System Google Cloud Specific GCP_IDS JSON 2023-12-13
View Change
Juniper Software Defined Wide Area Network SYSLOG JUNIPER_SDWAN SYSLOG 2023-07-10
View Change
Cloudian hyperstore Storage Solutions CLOUDIAN_HYPERSTORE SYSLOG 2021-05-05
Nokia VitalQIP DDI (DNS, DHCP, IPAM) VITALQIP SYSLOG 2022-03-01
Talon Security TALON JSON 2023-12-21
Workspace Alerts Google Cloud Specific WORKSPACE_ALERTS JSON 2023-11-29
View Change
Elastic Packet Beats Log Aggregator ELASTIC_PACKETBEATS SYSLOG + JSON 2022-05-09
View Change
WatchGuard Syslog and KV WATCHGUARD JSON 2023-12-03
View Change
Zscaler Private Access Security Service Edge ZSCALER_ZPA SYSLOG + JSON, JSON 2024-02-12
View Change
IBM Safenet IT infrastructure IBM_SAFENET SYSLOG 2023-05-24
View Change
Comodo AV / Endpoint COMODO_AV SYSLOG + KV (CEF) 2021-04-09
ManageEngine Reporter Plus SaaS Application MANAGE_ENGINE_REPORTER_PLUS JSON 2022-08-29
View Change
Preempt Alert Identity and Access Management PREEMPT SYSLOG + KV (CEF) 2022-06-22
View Change
Infoblox RPZ RPZ INFOBLOX_RPZ SYSLOG 2024-02-13
View Change
Mongo Database DATABASE MONGO_DB JSON 2024-02-23
View Change
Bitdefender AV / Endpoint BITDEFENDER CSV 2023-05-02
View Change
Kubernetes Auth Proxy Kubernetes Specific KUBERNETES_AUTH_PROXY JSON 2022-09-08
View Change
MISP Threat Intelligence Cybersecurity MISP_IOC JSON, CSV 2023-09-26
View Change
Sangfor Next Generation Firewall Firewall SANGFOR_NGAF SYSLOG + KV 2024-01-31
View Change
SentinelOne Deep Visibility EDR SENTINEL_DV JSON 2023-09-06
View Change
Thycotic Identity and Access Management THYCOTIC SYSLOG + KV (CEF) 2023-09-22
View Change
Sophos DHCP DHCP SOPHOS_DHCP SYSLOG + KV 2022-02-10
Apigee Google Cloud Specific GCP_APIGEE JSON 2021-11-02
Fortinet FortiNAC NAC FORTINET_FORTINAC SYSLOG 2022-07-08
View Change
Tanium Discover Tanium Specific TANIUM_DISCOVER JSON 2022-11-24
View Change
Kyriba Treasury Management SaaS Application KYRIBA CSV 2021-02-24
Forcepoint Proxy Web Proxy FORCEPOINT_WEBPROXY SYSLOG + KV (CEF), LEEF 2023-06-12
View Change
Ansible AWX Automation and DevOps Tools ANSIBLE_AWX JSON 2022-11-09
View Change
Extreme Networks Switch Security EXTREME_SWITCH SYSLOG 2023-12-19
View Change
Infoblox DNS DNS INFOBLOX_DNS SYSLOG, CEF 2023-10-17
View Change
pfSense FIREWALL PFSENSE SYSLOG 2023-05-05
View Change
Qualys Virtual Scanner Vulnerability Scanner QUALYS_VIRTUAL_SCANNER JSON 2023-08-21
View Change
Onfido Authentication ONFIDO SYSLOG + JSON 2023-03-10
View Change
Atlassian Bitbucket Atlassian Bitbucket ATLASSIAN_BITBUCKET JSON 2023-06-12
View Change
Samba SMBD Privileged Account Activity SMBD Syslog 2023-03-09
View Change
Ipswitch MOVEit Transfer Switches IPSWITCH_MOVEIT_TRANSFER SYSLOG + CSV 2023-08-18
View Change
TrendMicro Web Proxy Web Proxy TRENDMICRO_WEBPROXY SYSLOG + KV 2023-08-02
View Change
Duo Entity context data Identity and Access Management DUO_CONTEXT JSON 2022-03-14
VMware vRealize Suite (VMware Aria) Cloud VMWARE_VREALIZE SYSLOG 2023-06-20
View Change
Microsoft CyberX IoT CYBERX SYSLOG+KV 2023-12-06
View Change
ServiceNow CMDB Policy Management SERVICENOW_CMDB JSON 2024-01-23
View Change
VyOS Open Source Router DHCP VYOS SYSLOG 2022-10-12
View Change
CyberArk Privilege Account Management CYBERARK KV (CEF) 2022-10-10
View Change
Duo Auth Authentication DUO_AUTH JSON 2023-10-23
View Change
Azure Cosmos DB Database AZURE_COSMOS_DB JSON 2023-02-22
View Change
Duo Administrator Logs Authentication DUO_ADMIN JSON 2023-03-10
View Change
COVID-19 Cyber Threat Coalition IOC COVID_CTC_IOC Value Entry 2020-06-02
McAfee Enterprise Security Manager Log Aggregator MCAFEE_ESM SYSLOG + JSON 2022-02-25
Zscaler Internet Access Audit Logs Security Service Edge (SSE) ZSCALER_INTERNET_ACCESS CSV, SYSLOG, JSON 2024-03-08
View Change
HP Procurve Switch Switches HP_PROCURVE SYSLOG 2024-03-04
View Change
OpenSSH Logging and Troubleshooting OPENSSH SYSLOG 2024-01-23
View Change
Stormshield Firewall FIREWALL STORMSHIELD_FIREWALL SYSLOG + KV 2023-06-29
View Change
AppOmni SAAS Security Application APPOMNI JSON 2023-08-23
View Change
SonicWall Firewall SONIC_FIREWALL SYSLOG + KV 2023-05-26
View Change
Cisco UCM Communication Manager CISCO_UCM SYSLOG + KV 2022-08-18
View Change
Digi modems Switches and Routers DIGI_MODEMS SYSLOG 2023-06-26
View Change
AWS EC2 Instances AWS Specific AWS_EC2_INSTANCES JSON 2024-01-31
View Change
Darktrace NDR DARKTRACE SYSLOG + KV (CEF), SYSLOG + JSON 2023-12-20
View Change
Workspace ChromeOS Devices Google Cloud Specific WORKSPACE_CHROMEOS JSON 2023-11-29
View Change
AWS WAF AWS Specific AWS_WAF JSON 2023-12-29
View Change
AWS Security Hub IDS/IPS AWS_SECURITY_HUB JSON 2023-06-20
View Change
McAfee Web Gateway Web Proxy MCAFEE_WEBPROXY SYSLOG + KV (CEF), JSON 2023-06-17
View Change
ManageEngine AD360 Identity and Access Management MANAGE_ENGINE_AD360 SYSLOG + KV 2022-09-16
View Change
Ruckus Networks Wireless RUCKUS_WIRELESS SYSLOG + KV 2023-01-06
View Change
ForgeRock OpenDJ LDAP OPENDJ SYSLOG + KV 2020-10-01
Centrify SSO CENTRIFY_SSO JSON 2022-08-10
View Change
Cisco Prime Network Management and Optimization CISCO_PRIME SYSLOG 2024-01-26
View Change
HAProxy Load balancing HAPROXY SYSLOG 2023-09-25
View Change
Cisco VPN VPN CISCO_VPN SYSLOG 2024-02-23
View Change
Trend Micro Deep Security AV / Endpoint TRENDMICRO_DEEP_SECURITY LEEF 2024-03-04
View Change
Apple macOS AV / Endpoint MACOS SYSLOG 2022-05-04
View Change
Symantec DLP DLP SYMANTEC_DLP SYSLOG + KV (CEF), XML 2024-03-10
View Change
Micro Focus iManager Network Management and Optimization MICROFOCUS_IMANAGER SYSLOG 2024-02-12
View Change
Imperva WAF IMPERVA_WAF SYSLOG+KV, JSON 2024-02-26
View Change
AWS Cloudtrail Cloud Log Aggregator AWS_CLOUDTRAIL JSON 2024-03-04
View Change
Jenkins Automation and DevOps JENKINS JSON, SYSLOG 2023-11-27
View Change
Veritas NetBackup Backup software VERITAS_NETBACKUP SYSLOG 2024-01-18
View Change
InterSystems Cache Database INTERSYSTEMS_CACHE SYSLOG + KV 2022-10-19
View Change
Cybereason EDR EDR CYBEREASON_EDR JSON 2024-01-25
View Change
Silverfort Authentication Platform Identity and Access Management SILVERFORT CEF SYSLOG 2023-11-29
View Change
Netscout NETWORK ARBOR_EDGE_DEFENSE SYSLOG + KV 2023-02-21
View Change
Qualys VM Vulnerability Scanner QUALYS_VM KV + JSON 2023-10-27
View Change
Cisco DNA Center Platform Network Management and Optimization CISCO_DNAC SYSLOG+JSON 2023-12-29
View Change
Aqua Security IaaS Applications AQUA_SECURITY JSON 2022-02-03
OSSEC IDS/IPS OSSEC SYSLOG 2024-02-14
View Change
Quest File Access Audit Alert QUEST_FILE_AUDIT JSON 2024-01-13
View Change
Zimperium Mobile Device Management ZIMPERIUM SYSLOG + JSON 2023-08-18
View Change
IBM WebSEAL Web server IBM_WEBSEAL JSON, SYSLOG 2024-01-22
View Change
Lacework Cloud Security Cloud Security LACEWORK JSON 2023-11-09
View Change
Trend Micro AV AV / Endpoint TRENDMICRO_AV SYSLOG + KV, CEF 2023-05-21
View Change
Box Collaboration BOX JSON 2024-03-11
View Change
macOS Endpoint Security AV and endpoint logs MACOS_ENDPOINT_SECURITY SYSLOG + KV 2023-07-17
View Change
Suricata EVE IPS IDS SURICATA_EVE JSON 2022-08-17
View Change
Check Point Firewall CHECKPOINT_FIREWALL SYSLOG + KV, JSON 2024-02-07
View Change
NIMBLE OS OS NIMBLE_OS SYSLOG 2022-07-21
View Change
OneLogin SSO ONELOGIN_SSO JSON 2023-04-28
View Change
Ping Identity Authentication PING JSON, SYSLOG + KV 2023-12-07
View Change
Tanium Reveal Tanium Specific TANIUM_REVEAL JSON 2021-11-15
Snoopy Logger Log Aggregator SNOOPY_LOGGER SYSLOG 2022-08-10
View Change
Neosec Security NEOSEC JSON 2023-07-31
View Change
Cisco VCS Expressway Telephone software CISCO_VCS SYSLOG 2023-06-12
View Change
SEPPmail Secure Email email encryption and signature solutions SEPPMAIL SYSLOG + KV 2024-02-11
View Change
Symantec Web Isolation Secure Access Service Edge SYMANTEC_WEB_ISOLATION JSON 2022-07-08
View Change
Zscaler DLP Data Loss Prevention ZSCALER_DLP JSON, CSV 2024-03-11
View Change
Imperva FlexProtect Cloud App & Network Security IMPERVA_FLEXPROTECT CEF + KV 2023-08-28
View Change
Microsoft Intune Mobile Device Management AZURE_MDM_INTUNE JSON 2022-08-17
View Change
Jamf Protect Alerts Endpoint Security JAMF_PROTECT JSON 2024-01-03
View Change
Custom Security Data Analytics Log Aggregation CUSTOM_SECURITY_DATA_ANALYTICS JSON 2022-07-08
View Change
Microsoft Defender for Identity EDR MICROSOFT_DEFENDER_IDENTITY JSON 2022-07-27
View Change
Red Hat Directory Server LDAP Identity and Access Management REDHAT_DIRECTORY_SERVER JSON + SYSLOG + KV 2022-04-11
View Change
Cisco Umbrella DNS DNS UMBRELLA_DNS CSV, JSON 2024-03-05
View Change
Zoom Operation Logs Operation-Specific ZOOM_OPERATION_LOGS SYSLOG 2022-11-04
View Change
GMV Checker ATM Security ATM Audit GMV_CHECKER SYSLOG 2022-04-20
View Change
GCP_APP_ENGINE Cloud Computing GCP_APP_ENGINE JSON and KV 2024-03-05
View Change
Trustwave SEC MailMarshal Email server MAILMARSHAL SYSLOG 2023-04-06
View Change
KerioControl Firewall Threat Management Firewall KERIOCONTROL SYSLOG 2024-02-28
View Change
Okta Access Gateway OKTA specific OKTA_ACCESS_GATEWAY SYSLOG + KV 2023-02-20
View Change
Compute Engine Google Cloud Specific GCP_COMPUTE JSON 2023-02-24
View Change
Honeyd Deception Software HONEYD SYSLOG 2021-04-05
LogonBox Authentication LOGONBOX SYSLOG + KV 2024-02-05
View Change
Auth0 Authentication log AUTH_ZERO JSON 2024-03-07
View Change
Acalvio Deception Software ACALVIO SYSLOG + KV 2020-10-13
VMware AirWatch Wireless AIRWATCH SYSLOG + KV 2023-09-05
View Change
NGINX Server Management NGINX JSON + SYSLOG 2022-09-10
View Change
Aruba Wireless ARUBA_WIRELESS SYSLOG 2023-05-25
View Change
Bluecat Edge DNS Resolver DNS BLUECAT_EDGE JSON, KV, SYSLOG 2022-01-18
AWS Config AWS Specific AWS_CONFIG JSON 2024-02-22
View Change
Cambium Networks Switches and Routers Log Type CAMBIUM_NETWORKS SYSLOG 2023-07-27
View Change
Elastic Search Log Aggregator ELASTIC_SEARCH JSON 2023-11-02
View Change
Windows Firewall Firewall WINDOWS_FIREWALL Space Separated Value 2021-08-26
Kemp Load Balancer Load Balancer, Traffic Shaper, ADC KEMP_LOADBALANCER SYSLOG + KV 2023-05-31
View Change
Blue Coat Proxy Web Proxy BLUECOAT_WEBPROXY SYSLOG + JSON, SYSLOG + KV 2024-02-21
View Change
AWS Route 53 DNS AWS Specific AWS_ROUTE_53 JSON + SYSLOG 2023-12-20
View Change
Deep Instinct EDR EDR DEEP_INSTINCT_EDR LEEF 2023-12-27
View Change
Microsoft PowerShell Misc. Windows-specific POWERSHELL SYSLOG + JSON 2023-12-05
View Change
Cloud Audit Logs Google Cloud Specific N/A JSON 2024-03-06
View Change
SailPoint IAM Identity and Access Management SAILPOINT_IAM JSON 2024-02-21
View Change
Area1 Security Email server AREA1 JSON 2023-04-06
View Change
Cisco ASA firewall CISCO_ASA_FIREWALL SYSLOG 2023-12-15
View Change
Citrix Monitor Monitoring of DaaS CITRIX_MONITOR JSON 2022-12-06
View Change
SAP SM20 Security Audit Log SAP_SM20 JSON 2024-01-29
View Change
Kong API Gateway Microservice management KONG_GATEWAY SYSLOG + JSON 2022-09-23
View Change
Cybergatekeeper NAC Security CYBERGATEKEEPER_NAC SYSLOG + KV 2024-02-23
View Change
Fidelis Network NDR FIDELIS_NETWORK SYSLOG + KV, JSON 2023-09-04
View Change
AWS Control Tower Identity and Access Management AWS_CONTROL_TOWER JSON 2023-01-04
View Change
Fortinet FortiEDR EDR FORTINET_FORTIEDR SYSLOG + KV 2023-08-07
View Change
Ionix SECURITY IONIX JSON 2023-09-28
View Change
Cato Networks NDR CATO_NETWORKS JSON 2024-01-26
View Change
Cloud NAT Google Cloud Specific N/A JSON 2023-04-06
View Change
Ordr IoT IoT ORDR_IOT SYSLOG + JSON 2024-03-05
View Change
VMware NSX Network and Security Virtualization VMWARE_NSX KV 2023-11-15
View Change
HCNET Account Adapter Plus DHCP HCNET_ACCOUNT_ADAPTER SYSLOG 2022-09-15
View Change
Compute Context Google Cloud Specific N/A JSON 2024-01-27
View Change
IBM Guardium Database DLP GUARDIUM CSV, CEF 2023-12-15
View Change
wiz.io Identity and Access Management WIZ_IO JSON 2024-03-04
View Change
F5 DNS DNS F5_DNS SYSLOG 2021-06-17
SentinelOne Singularity Cloud Funnel EVENTS SENTINELONE_CF JSON 2024-01-17
View Change
Tripwire DLP TRIPWIRE_FIM SYSLOG 2023-06-21
View Change
Vsftpd FTP Server VSFTPD GROK 2023-11-20
View Change
Workspace Users Google Cloud Specific WORKSPACE_USERS JSON 2023-11-29
View Change
ZScaler DNS DNS ZSCALER_DNS SYSLOG + KV, JSON 2023-10-17
View Change
Azure App Service SAAS AZURE_APP_SERVICE JSON 2024-02-20
View Change
Guardicore Centra Deception Software GUARDICORE_CENTRA JSON 2023-09-08
View Change
Avatier Password Management SaaS Application AVATIER SYSLOG + KV 2021-08-05
Cloud IoT Google Cloud Specific GCP_CLOUDIOT JSON 2022-06-06
View Change
Phishlabs Digital Risk Protection PHISHLABS JSON 2024-02-19
View Change
Cisco ISE Identity and Access Management CISCO_ISE SYSLOG 2023-11-20
View Change
Netscout OCI Alert log NETSCOUT_OCI SYSLOG + KV 2024-02-21
View Change
Pivotal PaaS Application PIVOTAL SYSLOG + KV 2022-08-17
View Change
IBM Security Verify Endpoint Security IBM_SECURITY_VERIFY SYSLOG 2023-01-25
View Change
SAP SAST Suite Security SAP_SAST SYSLOG 2023-12-28
View Change
ExtraHop RevealX Firewall IDS/IPS EXTRAHOP JSON, SYSLOG 2023-10-27
View Change
Rapid7 Vulnerability Scanner RAPID7_NEXPOSE JSON 2022-09-27
View Change
Semperis DSP LDAP SEMPERIS_DSP SYSLOG 2021-04-29
Falco IDS IDS/IPS FALCO_IDS JSON 2024-03-06
View Change
BeyondTrust Privileged Identity Privilege Account Activity BEYONDTRUST_PI SYSLOG 2022-10-24
View Change
Cloud SQL Google Cloud Specific GCP_CLOUDSQL JSON 2023-11-29
View Change
ThreatConnect IOC THREATCONNECT_IOC JSON 2022-01-13
Chronicle SOAR Audit SOAR CHRONICLE_SOAR_AUDIT JSON 2023-10-12
View Change
Kea DHCP DHCP KEA_DHCP SYSLOG 2022-03-22
View Change
Preempt Auth Identity and Access Management PREEMPT_AUTH SYSLOG + JSON 2021-06-16
Tanium Audit SCAN NETWORK TANIUM_AUDIT JSON 2023-09-26
View Change
Sophos UTM Unified Threat Management SOPHOS_UTM KV 2022-06-30
View Change
Hashicorp Vault Privileged Account Activity HASHICORP JSON, SYSLOG, SYSLOG+JSON, SYSLOG+KV 2023-10-26
View Change
F5 BIGIP Access Policy Manager Access Policy Manager F5_BIGIP_APM SYSLOG 2023-06-06
View Change
Mimecast Email Server MIMECAST_MAIL KV 2023-03-31
View Change
DomainTools Threat Intelligence Threat intelligence DOMAINTOOLS_THREATINTEL JSON 2023-12-13
View Change
Windows Event (XML) AV / Endpoint WINEVTLOG_XML SYSLOG + XML, KV 2024-02-20
View Change
Nucleus Unified Vulnerability Management Nucleus Specific NUCLEUS_VULNERABILITY JSON 2021-06-30
PerimeterX Bot Protection Security PERIMETERX_BOT_PROTECTION JSON 2024-03-11
View Change
Thinkst Canary Deception Software THINKST_CANARY JSON 2024-03-05
View Change
Cofense Email Server COFENSE_TRIAGE SYSLOG + KV (CEF) 2024-03-04
View Change
ServiceNow Security SaaS Application SERVICENOW_SECURITY JSON 2021-05-24
TeamViewer Remote Support TEAMVIEWER JSON 2022-08-02
View Change
Azure Application Gateway GATEWAY AZURE_GATEWAY JSON 2023-12-22
View Change
Cisco Internetwork Operating System Network Infrastructure CISCO_IOS SYSLOG 2023-10-04
View Change
Avaya Aura Experience Portal Avaya Aura Experience Portal AVAYA_AURA SYSLOG 2022-12-30
View Change
Microsoft AD FS LDAP ADFS JSON 2023-08-18
View Change
Infoblox DHCP, DNS INFOBLOX SYSLOG 2024-02-23
View Change
Microsoft Graph Activity Logs AUDIT MICROSOFT_GRAPH_ACTIVITY_LOGS JSON 2024-03-01
View Change
Mandiant Custom IOC IOC MANDIANT_CUSTOM_IOC JSON 2023-12-19
View Change
Google Cloud Identity Context Identity and Access Management CLOUD_IDENTITY_CONTEXT JSON 2023-07-25
View Change
Sendmail Email Server SENDMAIL SYSLOG + KV 2023-09-20
View Change
Digital Shadows Indicators IOC DIGITAL_SHADOWS_IOC JSON 2022-04-23
GCP_KUBERNETES_CONTEXT Computer Inventory GCP_KUBERNETES_CONTEXT JSON 2023-11-01
View Change
Cisco WLC/WCS Wireless CISCO_WIRELESS SYSLOG 2024-01-10
View Change
HCL BigFix Network Management and Optimization HCL_BIGFIX JSON 2023-12-08
View Change
Imperva SecureSphere Management Data Security / Insider Threat IMPERVA_SECURESPHERE SYSLOG + KV (CEF) 2023-04-26
View Change
Radware Web Application Firewall Firewall RADWARE_FIREWALL SYSLOG 2023-12-08
View Change
Trustwave webmarshal Proxy Server WEBMARSHAL SYSLOG + CSV 2023-05-04
View Change
Cisco Email Security Email Server CISCO_EMAIL_SECURITY SYSLOG + KV, JSON 2023-10-05
View Change
Cloud Data Loss Prevention Google Cloud Specific N/A JSON 2022-12-19
View Change
Varonis Data Security / Insider Threat VARONIS SYSLOG + KV (CEF), LEEF 2022-10-08
View Change
A10 Load Balancer LOAD BALANCER A10_LOAD_BALANCER SYSLOG 2024-01-28
View Change
Fortinet FortiAnalyzer Fortinet FortiAnalyzer FORTINET_FORTIANALYZER JSON 2023-07-19
View Change
Big Switch BigCloudFabric Switches, Routers BIGSWITCH_BCF SYSLOG 2021-04-20
Cisco FireSIGHT Management Center SaaS Application CISCO_FIRESIGHT KV 2023-09-21
View Change
Lenel Onguard Badge Management Access Control System LENEL_ONGUARD JSON 2022-10-31
View Change
FireEye HX EDR FIREEYE_HX JSON 2024-01-04
View Change
Akeyless Vault Platform Akeyless Vault Platform AKEYLESS_VAULT KV + JSON 2023-09-16
View Change
Symantec VIP Gateway Email Server SYMANTEC_VIP SYSLOG 2023-03-03
View Change
FireEye HX Audit Audits FIREEYE_HX_AUDIT XML 2022-11-04
View Change
Tanium Threat Response Tanium Specific TANIUM_THREAT_RESPONSE JSON 2023-07-28
View Change
Strong Swan VPN VPN STRONGSWAN_VPN JSON 2023-05-25
View Change
CyberArk Endpoint Privilege Manager (EPM) EPM CYBERARK_EPM JSON 2023-08-22
View Change
Palo Alto Panorama Firewall PAN_PANORAMA CSV 2024-01-25
View Change
AWS S3 Server Access AWS Specific AWS_S3_SERVER_ACCESS SYSLOG 2023-07-19
View Change
Openpath AV / Endpoint OPENPATH SYSLOG 2023-11-08
View Change
Kubernetes Node Kubernetes Container KUBERNETES_NODE JSON 2024-01-03
View Change
LimaCharlie EDR LIMACHARLIE_EDR JSON 2023-08-07
Red Canary EDR REDCANARY_EDR JSON 2022-09-15
View Change
ExtraHop DNS DNS EXTRAHOP_DNS JSON 2021-12-13
Microsoft IIS Web Server IIS SYSLOG + KV, JSON 2024-02-18
View Change
Delinea PAM Access Management DELINEA_PAM SYSLOG + CSV 2022-11-10
View Change
Abnormal Security Email Server ABNORMAL_SECURITY JSON , SYSLOG 2023-11-06
View Change
Layer7 SiteMinder SSO SITEMINDER_SSO KV+JSON 2022-08-30
View Change
SpyCloud AV / Endpoint SPYCLOUD SYSLOG + JSON 2023-11-08
View Change
JAMF CMDB Computer Inventory JAMF JSON 2024-02-23
View Change
Extreme Wireless Network Management and Optimization software EXTREME_WIRELESS SYSLOG 2024-02-28
View Change
Netscout Arbor Sightline Monitoring ARBOR_SIGHTLINE SYSLOG + JSON 2022-12-16
View Change
Nyansa Events IoT NYANSA_EVENTS SYSLOG + KV 2023-03-01
View Change
OSQuery EDR OSQUERY_EDR SYSLOG + JSON 2023-11-29
View Change
Snyk Group level audit Logs Vulnerability Scanners SNYK_SDLC JSON 2023-04-25
View Change
Windows Sysmon DNS WINDOWS_SYSMON JSON, XML 2024-01-17
View Change
Proofpoint Web Browser Isolation ATTACK PROTECTION ISOLATION PROOFPOINT_WEB_BROWSER_ISOLATION JSON 2023-05-25
View Change
Thales Digital Identity and Security Digital Identity & Security THALES_DIS SYSLOG 2022-03-17
Windows Hyper-V Virtualization Software WINDOWS_HYPERV JSON 2023-10-09
View Change
Akamai DNS DNS AKAMAI_DNS CSV 2021-06-28
Datadog NDR DATADOG JSON 2023-07-21
View Change
Digital Guardian DLP DLP DIGITALGUARDIAN_DLP JSON 2023-06-02
View Change
Imperva CEF CEF IMPERVA_CEF SYSLOG + KV 2023-03-07
View Change
Linux Sysmon DNS LINUX_SYSMON XML 2024-01-25
View Change
FortiMail Email Security Email Security FORTINET_FORTIMAIL KV 2023-09-06
View Change
Forescout NAC NAC FORESCOUT_NAC SYSLOG, CEF 2024-02-05
View Change
Gitlab SAAS GITLAB JSON 2023-10-20
View Change
Hitachi Cloud Platform Hitachi Cloud Platform HITACHI_CLOUD_PLATFORM SYSLOG 2023-05-30
View Change
Remediant SecureONE Privileged Account Activity REMEDIANT_SECUREONE SYSLOG + JSON 2023-12-08
View Change
Quest Change Auditor for EMC Alert QUEST_CHANGE_AUDITOR_EMC JSON 2024-01-13
View Change
Dope Security SWG Secure Access Service Edge DOPE_SWG CSV 2023-05-18
View Change
Azure DevOps Audit Automation and DevOps Tools AZURE_DEVOPS JSON 2024-01-19
View Change
IBM AS/400 Application System IBM_AS400 SYSLOG + KV 2022-04-13
View Change
HP Aruba (ClearPass) Identity and Access Management CLEARPASS SYSLOG + KV 2024-01-11
View Change
Duo User Context Identity and Access Management DUO_USER_CONTEXT JSON 2021-04-12
Azure Firewall Azure Firewall Application Rule AZURE_FIREWALL JSON 2024-02-07
View Change
IBM Security Verify SaaS SaaS Application IBM_SECURITY_VERIFY_SAAS JSON 2023-10-27
View Change
Signal Sciences WAF WAF SIGNAL_SCIENCES_WAF JSON 2023-11-22
View Change
Kisi Access Management Physical Security KISI JSON 2023-06-14
View Change
Juniper Firewall JUNIPER_FIREWALL SYSLOG + KV + JSON 2024-01-22
View Change
Sap Business Technology Platform SaaS Applications SAP_BTP JSON 2024-02-22
View Change
Apache Tomcat Web server TOMCAT JSON 2022-04-20
View Change

Supported log types without a default parser

Chronicle SIEM does not provide a default parser for these log types. You can ingest raw logs from these devices using the Chronicle SIEM Ingestion API or the Chronicle SIEM forwarder. Chronicle SIEM will not normalize the data to structured Unified Data Model format.

You can create a custom parser to normalize these logs. You can also search raw logs.

Vendor / Product Ingestion label
Accops Hysecure VPN ACCOPS_HYSECURE_VPN
Acquia Cloud Platform ACQUIA_CLOUD_PLATFORM
Acronis Backup ACRONIS
Microsoft ActiveSync ACTIVE_SYNC
ManageEngine ADManager Plus ADMANAGER_PLUS
Admin by request PAM ADMIN_BY_REQUEST
Adobe Commerce ADOBE_COMMERCE
Adobe Experience Manager ADOBE_EXPERIENCE_MANAGER
ManageEngine ADSelfService Plus ADSELFSERVICE_PLUS
ADTRAN NetVanta router ADTRAN_NETVANTA
Agari Phishing Defense AGARI_PHISHING_DEFENSE
Advanced Intrusion Detection Environment AIDE
Extreme Networks AirDefense AIRDEFENSE
Akamai Prolexic AKAMAI_DDOS
Akamai DHCP AKAMAI_DHCP
Akamai Enterprise Threat Protector AKAMAI_ETP
Akamai Guardicore AKAMAI_GUARDICORE
Akamai SIEM Connector AKAMAI_SIEM_CONNECTOR
AlertLogic Notifications ALERTLOGIC_NOTIFICATIONS
AliCloud Anti DDos ALICLOUD_ANTI_DDOS
AliCloud WAF ALICLOUD_WAF
AlienVault Open Threat Exchange ALIENVAULT_OTX
Allot NetEnforcer ALLOT_NETENFORCER
Alveo Risk Data Management ALVEO_RDM
Analyst1 IOC ANALYST1_IOC
Apache Kafka Audit APACHE_KAFKA_AUDIT
Apache SpamAssassin APACHE_SPAMASSASSIN
APC Automatic Transfer Switch APC_ATS
APC Netbotz APC_NETBOTZ
APC Power Distribution Unit APC_PDU
APC Smart-UPS APC_SMART_UPS
APC StruxureWare Portal APC_STRUXUREWARE
Apiiro Cloud Application Security Platform APIIRO
Appgate Software-defined Perimeter APPGATE_SDP
Appian Cloud APPIAN_CLOUD
AppViewX APPVIEWX
Aptos Enterprise Order Management APTOS_EOM
Argo CD ARGO_CD
Argo Workflows ARGO_WORKFLOWS
Arista Guardian For Network Identity ARISTA_AGNI
Arista CloudVision Portal ARISTA_CVP
Arista NDR ARISTA_NDR
Arkime Packet Capture ARKIME_PCAP
Armis ARMIS
Armorblox Email Security ARMORBLOX_ESC
Armor Anywhere ARMOR_ANYWHERE
Array Networks SSL VPN ARRAYNETWORKS_VPN
Array Networks WAF ARRAY_NETWORKS_WAF
HPE Aruba Networking Central ARUBA_CENTRAL
Aruba Orchestrator ARUBA_ORCHESTRATOR
Aruba Switch ARUBA_SWITCH
Arxan Threat Analytics ARXAN_THREAT_ANALYTICS
Asana ASANA
Ascertia ASCERTIA
Asimily ASIMILY
AssetNote ASSETNOTE
Atlassian Cloud Admin Audit ATLASSIAN_AUDIT
Atlassian Jira Confluence Json ATLASSIAN_CONFLUENCE_JSON
Atlassian Jira Json ATLASSIAN_JIRA_JSON
AT&T Netbond ATT_NETBOND
Authentic8 Silo AUTHENTIC8_SILO
Authx Identity Management AUTHX
Authx User Context AUTHX_USER_CONTEXT
Automox AUTOMOX_EPM
Avast Business AVAST_HUB
Avaya Session Border Controller AVAYA_BORDER
Avaya Interactive Voice Response AVAYA_IVR
Avaya VSP Switch AVAYA_VSP
Avaya Wireless AVAYA_WIRELESS
Aviatrix Cloud Network Platform AVIATRIX
AWS Dynamo DB AWS_DYNAMO_DB
Amazon ElastiCache AWS_ELASTI_CACHE
Amazon FSx for Windows File Server AWS_FSX
AWS Inspector AWS_INSPECTOR
AWS Inspector2 AWS_INSPECTOR2
AWS NGINX AWS_NGINX
AWS Redshift AWS_REDSHIFT
AWS Simple Email Service AWS_SES
AWS Shield AWS_SHIELD
AWS VPN AWS_VPN
Axis Atmos AXIS_ATMOS
Axis Security Audit AXIS_OS
Axonius Cybersecurity Asset Management AXONIUS
Microsoft Azure AZURE
Azure AD Password Protection AZURE_AD_PASSWORD_PROTECTION
Azure AD Provisioning AZURE_AD_PROVISIONING
Azure AD Sign-In AZURE_AD_SIGNIN
Azure API Management AZURE_API_MANAGEMENT
Azure ATP AZURE_ATP
Azure Bastion AZURE_BASTION
Azure DNS logs AZURE_DNS
Azure Front Door AZURE_FRONT_DOOR
Microsoft Intune Context AZURE_MDM_INTUNE_CONTEXT
Azure Security Center AZURE_SECURITY_CENTER
Azure Storage Audit AZURE_STORAGE_AUDIT
Babelforce BABELFORCE
Backbox BACKBOX
OneIdentity Balabit BALABIT
BambooHR BAMBOO_HR
Barracuda CloudGen Access BARRACUDA_CLOUDGEN_ACCESS
Barracuda CloudGen Firewall BARRACUDA_CLOUDGEN_FIREWALL
Barracuda Impersonation Protection BARRACUDA_IMPERSONATION
Barracuda Content Shield BARRACUDA_SHIELD
Bettercloud BETTERCLOUD
BeyondTrust BeyondInsight BEYONDTRUST_BEYONDINSIGHT
BeyondTrust Cloud Privilege Broker BEYONDTRUST_CPB
BeyondTrust Endpoint Privilege Management BEYONDTRUST_ENDPOINT
BeyondTrust Management console BEYONDTRUST_MC
Beyond Identity BEYOND_IDENTITY
Bitvise SSHd BITVISE_SSHD
Blackberry Workspaces BLACKBERRY_WORKSPACES
Bluecat Address Manager BLUECAT_AM
Blue Prism BLUE_PRISM
BMC AMI Defender BMC_AMI_DEFENDER
BMC Client Management BMC_CLIENT_MANAGEMENT
BMC Control-M BMC_CONTROL_M
Bricata NDR BRICATA_NDR
Britive Audit API BRITIVE_AUDIT_API
BRIVO BRIVO
CA Privileged Access Manager BROADCOM_CA_PAM
Broadcom Compliance Event Manager BROADCOM_CEM
Broadcom Support Portal Audit Logs BROADCOM_SUPPORT_PORTAL
Brocade Fabric OS BROCADE_FOS
Brocade SANnav Management Portal BROCADE_SANNAV
Zeek DHCP BRO_DHCP
Zeek HTTP BRO_HTTP
BT IPControl BT_IPCONTROL
Burpsuite Application Security testing tool BURPSUITE
Cameyo Bring Your Own Cloud CAMEYO_BYO_CLOUD
Canary Audit Trail CANARY_AUDIT_TRAIL
CATO SD-WAN CATO_SDWAN
Censornet CASB CENSORNET_CASB
Cequence Bot Defense CEQUENCE_BOT_DEFENSE
Cerberus FTP Server CERBERUS_FTP
Check Point CloudGuard CHECKPOINT_CLOUDGUARD
Check Point Email CHECKPOINT_EMAIL
Checkpoint Gaia CHECKPOINT_GAIA
Checkpoint SmartDefense CHECKPOINT_SMARTDEFENSE
Cilium CILIUM
CipherTrust Manager CIPHERTRUST_MANAGER
Cisco Aironet CISCO_AIRONET
Cisco APIC CISCO_APIC
Cisco Call Manager CISCO_CALL_MANAGER
Cisco Cyber Vision CISCO_CYBER_VISION
Cisco DNS CISCO_DNS
Cisco EStreamer CISCO_ESTREAMER
Cisco Meraki Camera CISCO_MERAKI_CAMERA
Cisco vManage SD-WAN CISCO_SDWAN
Cisco Secure Malware Analytics CISCO_SECURE_MALWARE_ANALYTICS
Cisco Content Security Management Appliance CISCO_SMA
Cisco SNMP Trapd CISCO_SNMP
Cisco Unity Connection CISCO_UNITY_CONNECTION
Cisco WSA CISCO_WSA
CiscoXDR CISCO_XDR
Citrix Analytics CITRIX_ANALYTICS
Citrix Netscaler Web Logs CITRIX_NETSCALER_WEB_LOGS
Citrix SD-WAN CITRIX_SDWAN
Citrix Session Metadata CITRIX_SESSION_METADATA
Citrix Virtual Desktop Infrastructure CITRIX_VDI
Citrix WAF CITRIX_WAF
Citrix Web Gateway CITRIX_WEB_GATEWAY
Citrix Workspace CITRIX_WORKSPACE
Citrix XenCenter CITRIX_XENCENTER
Claroty Continuous Threat Detection CLAROTY_CTD
Claroty Enterprise Management Console CLAROTY_EMC
Claroty Xdome CLAROTY_XDOME
Clearsense Healthcare Analytics CLEARSENSE
Click Studios Passwordstate CLICK_STUDIOS_PASSWORDSTATE
Cloudaware CLOUDAWARE
CloudBolt CLOUDBOLT
Cloudflare Bot Management CLOUDFLARE_BOT_MANAGEMENT
Cloud Passage (CSM) CLOUDPASSAGE_CSM
Cloud Passage (FIM) CLOUDPASSAGE_FIM
Cloud Passage (LIDS) CLOUDPASSAGE_LIDS
Cloud Passage (SVM) CLOUDPASSAGE_SVM
cmd.com CMD
Coalition Control API COALITION
Cockroach DB COCKROACH_DB
Code42 CrashPlan CODE42
Code42 Incydr CODE42_INCYDR
Code Worldwide CODE_WORLDWIDE
Cofense Vision COFENSE_VISION
Cohesity COHESITY
Cohesity Helios COHESITY_HELIOS
Cohesity Smartfiles COHESITY_SMARTFILES
Commvault Metallic COMMVAULT_METALLIC
Confluent Audit CONFLUENT_AUDIT
ConnectWise Automate CONNECTWISE_AUTOMATE
ConnectWise Control CONNECTWISE_CONTROL
Cradlepoint NetCloud CRADLEPOINT_NETCLOUD
Cribl AppScope CRIBL_APPSCOPE
Cribl Cloud CRIBL_CLOUD
Cribl Edge CRIBL_EDGE
Cribl Search CRIBL_SEARCH
Cribl Stream CRIBL_STREAM
ProLion CryptoSpike CRYPTOSPIKE
CSG Custom Rules Engine CSG_CUSTOMENGINE
CSG Singleview CSG_SINGLEVIEW
CSV Custom CMDB CSV_CUSTOM_CMDB
CrowdStrike Falcon CEF CS_CEF_EDR
Crowdstrike Identity Protection Services CS_IDP
CTERA Drive CTERA_DRIVE
Culture AI CULTURE_AI
Customer Alerts CUSTOMER_ALERT
Custom Host Forensics CUSTOM_HOST_FORENSICS
CyberArk Privileged Access Manager (PAM) CYBERARK_PAM
CyberArk Identity Single Sign-On CYBERARK_SSO
Connectsecure CYBERCNS
Cyberhaven Data Detection and Response CYBERHAVEN_DDR
Cyberhaven CYBERHAVEN_EVENTS
Cyberint CYBERINT
Cyber 2.0 IDS CYBER_2_IDS
Cycode Platform CYCODE
Insider threat detection and response CYDERES_INSIDER
Cyderes IOC CYDERES_IOC
Cylance CYLANCE
Cylera IOT CYLERA_IOT
Cymulate CYMULATE
Cynet 360 AutoXDR CYNET_360_AUTOXDR
Cyolo Zero Trust CYOLO_ZTNA
D3 Security D3_SECURITY
Databricks DATABRICKS
Dataiku DSS Logging DATAIKU_DSS_LOGS
DataLocker SafeConsole DATALOCKER_SAFECONSOLE
Datalust DATALUST
Datasunrise Dam DATASUNRISE_DAM
Datawatch DATAWATCH
DealCloud DEAL_CLOUD
Deepfence Network Monitoring DEEPFENCE
Delinea Privilege Manager DELINEA_PRIVILEGE_MANAGER
Delinea Secret Server DELINEA_SECRET_SERVER
Delinea Server Suite DELINEA_SERVER_SUITE
Dell Compellent DELL_COMPELLENT
Dell Cyber Recovery Manager DELL_CRM
Dell CyberSense DELL_CYBERSENSE
Dell ECS Enterprise Object Storage DELL_ECS
Dell EMC Avamar DELL_EMC_AVAMAR
Dell EMC Cloudlink DELL_EMC_CLOUDLINK
Dell EMC PowerStore DELL_EMC_POWERSTORE
Dell EMC Unity DELL_EMC_UNITY
Dell SonicWALL WAF DELL_WAF
Design Profit Central Server DESIGN_PROFIT_CENTRAL_SERVER
Device 42 DEVICE_42
Devolutions Remote Desktop Manager DEVOLUTIONS_RDM
Divvy Cloud DIVVY_CLOUD
Docker DOCKER
DOMO Business Cloud DOMO
Dragos DRAGOS
Draytek Firewall DRAYTEK
Dremio Data Lakehouse DREMIO_DATA_LAKEHOUSE
Dropbox DROPBOX
Drupal Logging DRUPAL
Druva Backup DRUVA_BACKUP
DSP Toolkit audit DSP_AUDIT
Dtex Intercept DTEX_INTERCEPT
Duo Access Gateway DUO_CASB
Duo Network Gateway DUO_NETWORK_GATEWAY
Duo Trust Monitor DUO_TRUST_MONITOR
Dynatrace DYNATRACE
CWT SatoTravel E2_SOLUTIONS
Eaton UPS EATON_UPS
eCAR ECAR
eCAR Bro ECAR_BRO
Edgecore Networks EDGECORE_NETWORKS
Edgio CDN EDGIO_CDN
Edgio Rate Limiting EDGIO_RL
Edgio WAF EDGIO_WAF
Efax EFAX
Egnyte EGNYTE
EclecticIQ EDR EIQ_EDR
Elastic File Beats ELASTIC_FILEBEAT
Elastic Metric Beats ELASTIC_METRICBEAT
Emerson Smart Firewall EMERSON_FIREWALL
Endgame ENDGAME_EDR
Ensono Cloud Mainframe Solution ENSONO
Entrust nShield HSM ENTRUST_HSM
Entrust NTP Server ENTRUST_NTP_SERVER
Entrust Secrets Vault ENTRUST_SECRETS_VAULT
Erlang Shell Logs ERLANG_SHELL
Ermes Web Protection ERMES
Ermetic ERMETIC
E-Share platform ESHARE_PLATFORM
Estar ESTAR
ETQ Reliance ETQ_RELIANCE
Evidos Firewall EVIDOS_FIREWALL
Exabeam Fusion XDR EXABEAM_FUSION_XDR
ExtraHop DHCP EXTRAHOP_DHCP
ExtremeWare Operating System (OS) EXTREMEWARE_NETWORKS
xtreme Networks ExtremeControl NAC Solution EXTREME_CONTROL
Extreme Management Center EXTREME_MANAGEMENT
EzProxy EZPROXY
F5 Bot F5_BOT
F5 Distributed Cloud Services F5_DCS
F5 IP Intelligence F5_IP_INTELLIGENCE
F5 Silverline F5_SILVERLINE
Fail2Ban Scan FAIL2BAN
Farsight DNSDB FARSIGHT_DNSDB
Feenics Access Control FEENICS_ACCESS_CONTROL
Fidelis Endpoint FIDELIS_ENDPOINT
FileMage SFTP FILEMAGE_SFTP
Firebase FIREBASE
FireEye eMPS FIREEYE_EMPS
FireEye Helix FIREEYE_HELIX
FireMon Firewall FIREMON_FIREWALL
Fisglobal Quantum FISGLOBAL_QUANTUM
Fivetran FIVETRAN
Flashpoint IOC FLASHPOINT_IOC
Fleet DM FLEET_DM
Forcepoint Email Security FORCEPOINT_EMAILSECURITY
Forcepoint Insider Threat FORCEPOINT_FIT
Forcepoint V Series FORCEPOINT_VSERIES
Forgerock OpenIdM FORGEROCK_OPENIDM
Fortanix Data Security Manager FORTANIX_DSM
Fortinet Wireless Access Point FORTINET_AP
Fortinet FortiAuthenticator FORTINET_FORTIAUTHENTICATOR
Fortinet FortiSandbox FORTINET_SANDBOX
Fortinet Switch FORTINET_SWITCH
Fortinet Proxy FORTINET_WEBPROXY
Foundry Fastiron FOUNDRY_FASTIRON
Fox-IT FOX_IT_STIX
FreeIPA FREEIPA
FreeRADIUS FREERADIUS
Digital Defense Frontline VM FRONTLINE_VM
FS-ISAC IOC FS_ISAC_IOC
Futurex HSM FUTUREX_HSM
GCP Artifact Registry GCP_ARTIFACT_REGISTRY
GCP Google Kubernetes Container Security GCP_KUBERNETES_CONTAINER_SECURITY
GCP NGFW Enterprise GCP_NGFW_ENTERPRISE
GCP Secure Web Proxy GCP_SWP
GCP Threat Detection GCP_THREAT_DETECTION
Genetec Audit GENETEC_AUDIT
Gigamon GIGAMON
Gigya CIAM GIGYA_CIAM
GitGuardian Enterprise GITGUARDIAN_ENTERPRISE
Github Events GITHUB_EVENTS
Glean GLEAN
Globalscape SFTP GLOBALSCAPE_SFTP
GlusterFS GLUSTER_FS
GMV Checker User Context GMV_CHECKER_CONTEXT
GoAnywhere MFT GOANYWHERE_MFT
GoDaddy DNS GODADDY_DNS
GoldiLock GOLDILOCK
GrayhatWarfare GRAYHATWARFARE
Graylog Operations GRAYLOG
GreatHorn Email Security GREATHORN
GreyNoise GREYNOISE
GTB Technologies DLP GTB_DLP
H3C Comware Platform Switch H3C_SWITCH
HaProxy LoadBalancer HAPROXY_LOADBALANCER
Harbor HARBOR
Harfanglab EDR HARFANGLAB_EDR
HiBob HIBOB
HaveIBeenPwned HIBP
Hirschmann Switch HIRSCHMANN_SWITCH
Hitachi PAM HITACHI_ID_PAM
Hornet Email Security HORNET_SECURITY
HPE BladeSystem C7000 HPE_BLADESYSTEM_C7000
Hewlett Packard Enterprise SAN HPE_SAN
HP OpenView HP_OPENVIEW
HP Printer logs HP_PRINTER
HP Wolf Pro Security HP_WOLF
Huawei NAC HUAWEI_NAC
HubSpot Activity Logs HUBSPOT_ACTIVITY
HubSpot CRM Platform HUBSPOT_CRM
HubSpot Authentication Logs HUBSPOT_LOGIN
HYPR MFA HYPR_MFA
3Com 8800 Series Switch IBM_3COM
IBM Cleversafe Object Storage IBM_CLEVERSAFE
IBM DS8000 Storage IBM_DS8000
IBM-i Operating System IBM_I
IBM KNS IBM_KNS
IBM Tape Storages IBM_LTO
IBM MaaS360 IBM_MAAS360
IBM MQ File Transfer IBM_MQ_FILE_TRANSFER
IBM Security Identity Manager IBM_SIM
IBM Security QRadar SOAR IBM_SOAR
IBM Spectrum Protect IBM_SPECTRUM_PROTECT
IBM Switch IBM_SWITCH
IBM Tririga IBM_TRIRIGA
IBM WinCollect IBM_WINCOLLECT
IBM zSecure Alert IBM_ZSECURE_ALERT
Idecsi IDECSI
Dell iDRAC IDRAC
ImageNow IMAGENOW
iManage Cloud Platform IMANAGE_CLOUD
Imperva Audit Trail IMPERVA_AUDIT_TRAIL
Imperva Sonar IMPERVA_SONAR
Imprivata Confirm ID IMPRIVATA_CONFIRM_ID
Imprivata Identity Governance IMPRIVATA_IDG
Imprivata OneSign IMPRIVATA_ONESIGN
INFINICO NetWyvern Series Appliance INFINICO_NETWYVERN
Infinidat INFINIDAT
Infoblox Loadbalancer INFOBLOX_LOADBALANCER
Infoblox NetMRI INFOBLOX_NETMRI
INKY Secure Email INKY
inWebo MFA INWEBO_MFA
Ipswitch MOVEit Automation IPSWITCH_MOVEIT_AUTOMATION
Ironscales IRONSCALES
Ivanti Application Control IVANTI_APP_CONTROL
Ivanti Device Control IVANTI_DEVICE_CONTROL
ISM Xtraction IVANTI_XTRACTION
Jamf Compliance Reporter JAMF_COMPLIANCE_REPORTER
Jamf Protect Network Traffic JAMF_NETWORK_TRAFFIC
JAMF Pro JAMF_PRO
Jamf pro context JAMF_PRO_CONTEXT
Jamf Pro MDM JAMF_PRO_MDM
Jamf Protect Threat Events JAMF_THREAT_EVENTS
IBM JDE JDE
Journald JOURNALD
JumpCloud Directory as a Service JUMPCLOUD_DAAS
JumpCloud Desktop JUMPCLOUD_DESKTOP
Juniper Secure Connect VPN JUNIPER_VPN
Jupiter One JUPITER_ONE
KACE Service Desk KACE_SERVICE_DESK
KACE Systems Management Appliance KACE_SMA
Kamailio KAMAILIO
Kandji KANDJI
Kaseya IT Management KASEYA
Kaspersky Endpoint KASPERSKY_ENDPOINT
Keepalived Routing software KEEPALIVED
Keeper Enterprise Security KEEPER
Keycloak KEYCLOAK
Keysight Packet Brokers KEYSIGHT
Kibana audit logs KIBANA
Kion KION
KnowBe4 PhishER KNOWBE4_PHISHER
Kustomer CRM KUSTOMER_CRM
Lansweeper Asset Management LANSWEEPER
LastPass Password Management LASTPASS
LOAD_BALANCER_ADC LB_ADC
Lepide LEPIDE
Lexmark Printer logs LEXMARK_PRINTER
Liaison NuBridges Platform LIAISON_NUBRIDGES
Libraesva Email Security LIBRAESVA_EMAIL
Lira LIRA
Logic Monitor LOGICMONITOR
Looker Audit LOOKER_AUDIT
LookingGlass Aenoik IDPS LOOKINGGLASS_IPS
Looking Glass LOOKING_GLASS_IOC
LSI Badge Management System LSI_BMS
Lumen DDoS Hyper LUMEN_DDOS_HYPER
Lumos LUMOS
Lenovo XClarity Orchestrator LXC_ORCHESTRATOR
MailScanner MAILSCANNER
Malwarebytes MALWAREBYTES_EDR
Mambu MAMBU
Manage Engine Endpoint MANAGEENGINE_ENDPOINT
ManageEngine Remote Access Plus MANAGEENGINE_RAP
ManageEngine PAM360 MANAGE_ENGINE_PAM360
ManageEngine Password Manager Pro MANAGE_ENGINE_PASSWORD_MANAGER
Mandiant Attack Surface Management Entity MANDIANT_ASM_ENTITY
Mandiant Attack Surface Management Discovered Issue MANDIANT_ASM_ISSUE
Mandiant Attack Surface Management Technology MANDIANT_ASM_TECHNOLOGY
Mango Apps MANGOAPPS
Maria Database MARIA_DB
Material Security MATERIAL_SECURITY
Matrix Frontier Badge Management MATRIX_FRONTIER
McAfee Application Control MCAFEE_APP_CONTROL
McAfee Advanced Threat Defense MCAFEE_ATD
McAfee MVISION EDR MCAFEE_EDR
McAfee Solid Core MCAFEE_SOLID_CORE
Medigate CMDB MEDIGATE_CMDB
Melissa MELISSA
MicroSemi NTP MICROSEMI_NTP
Microsoft CASB Files & Entities MICROSOFT_CASB_CONTEXT
Microsoft Dynamics 365 User Activity MICROSOFT_DYNAMICS_365
Microsoft Defender External Attack Surface Management MICROSOFT_EASM
Microsoft IAS Server MICROSOFT_IAS
Microsoft Identity Protection MICROSOFT_IDENTITY_PROTECTION
Microsoft Netlogon MICROSOFT_NETLOGON
Power BI Activity Log MICROSOFT_POWERBI_ACTIVITY_LOG
Microsoft Azure AD Risk Detections MICROSOFT_RISK_DETECTIONS
Microsoft Security Actions MICROSOFT_SECURITY_ACTIONS
Microsoft Security Advisories Alerts MICROSOFT_SECURITY_ALERTS
Microsoft SSTP VPN MICROSOFT_SSTP
Microsoft Threat Indicators MICROSOFT_THREAT_INDICATORS
Mikrotik Router MIKROTIK_ROUTER
Mimecast Attachment Logs MIMECAST_ATTACHMENT_LOGS
Mimecast Audit Logs MIMECAST_AUDIT_LOGS
Mimecast DLP Logs MIMECAST_DLP_LOGS
Mimecast impersonation Logs MIMECAST_IMPERSONATION_LOGS
Mimecast URL Logs MIMECAST_URL_LOGS
Mimecast Web Security MIMECAST_WEBPROXY
Minerva AV MINERVA_AV
Mirth OnPrem Appliances NextGen MIRTH_NEXTGEN
Mitel Communications Director MITEL_MCD
Mode Analytics MODE_ANALYTICS
Monday MONDAY
Mongo Atlas Audit MONGO_ATLAS_AUDIT
Mosyle MOSYLE
Mulesoft MULESOFT
Multicom Switch MULTICOM_SWITCH
MultiPay MULTIPAY
Nagios Infrastructure Monitoring NAGIOS
NCC Scout Suite NCC_SCOUTSUITE
NCR Digital Insight FSG NCR_DIGITAL_INSIGHT_FSG
NCR Digital Insight Global Logging NCR_DIGITAL_INSIGHT_GL
Nessus NESSUS
NetDisco NETDISCO
NetDocuments Solutions NETDOCUMENTS
Netenrich Entity Behaviour NETENRICH_ENTITY_BEHAVIOR
Netgear Switch NETGEAR_SWITCH
NetIQ Access Manager NETIQ_ACCESS_MANAGER
NetIQ eDirectory NETIQ_EDIRECTORY
Netmotion NETMOTION
Netscope Client NETSKOPE_CLIENT
Netsurion ProtectWise NETSURION_PROTECTWISE
Netwrix NETWRIX
Neustar SiteProtect NEUSTAR_SITEPROTECT
New Relic Platform NEW_RELIC
Nextcloud Hub NEXTCLOUD_HUB
Nextthink Finder NEXTTHINK_FINDER
Ne Silent Log NE_SILENT_LOG
Ninja One NINJAONE
NIST National Vulnerability Database NIST_NVD
NNT File Integrity monitoring NNT_FIM
Noname API Security NONAME_API_SECURITY
NordLayer VPN NORD_LAYER
Nortel Contivity VPN Switch NORTEL_SWITCH
Nozomi Networks Scada Guardian NOZOMI_GUARDIAN
Nucleus Vulnerability Scan Delta NUCLEUS_VULNERABILITY_DELTA
Nutanix Frame NUTANIX_FRAME
Nxlog Agent NXLOG_AGENT
Nxlog Fim NXLOG_FIM
Obsidian OBSIDIAN
Okta RADIUS OKTA_RADIUS
OnBase CMS ONBASE_CMS
One Identity Active Role Service ONEIDENTITY_ARS
One Identity Change Auditor ONEIDENTITY_CHANGE_AUDITOR
One Identity Defender ONEIDENTITY_DEFENDER
One Identity TPAM ONEIDENTITY_TPAM
OneLogin User Context ONELOGIN_USER_CONTEXT
1Password Audit Events ONEPASSWORD_AUDIT_EVENTS
Opengear Remote Management OPENGEAR
Opentelemetry OPENTELEMETRY
OpenText Fax2Mail OPENTEXT_FAX2MAIL
OpenVAS OPENVAS
Opswat Kiosk OPSWAT_KIOSK
Opswat Metadefender OPSWAT_METADEFENDER
Opus Codec OPUS
Oracle HCM Human resources platform solution ORACLE_HCM
Oracle NetSuite ORACLE_NETSUITE
Oracle SSO Audit Logging ORACLE_SSO_AUDIT
Oracle WebLogic Server ORACLE_WEBLOGIC
Orca Cloud Security Platform ORCA
Oscar Claims OSCAR_CLAIMS
Open Source Intelligence OSINT_IOC
Osirium PAM OSIRIUM_PAM
Outpost24 OUTPOST24
Packetlight Dwdm PACKETLIGHT_DWDM
Packet Viper PACKET_VIPER
PACOM Systems PACOM_SYSTEMS
PagerDuty PAGERDUTY
Pagerduty Audit PAGERDUTY_AUDIT
Palo Alto DNS Security PAN_DNS_SECURITY
Palo Alto Networks Global Protect PAN_GLOBAL_PROTECT
Palo Alto Networks IoT Security PAN_IOT
Palo Alto Cortex XDR Management Audit PAN_XDR_MGMT_AUDIT
Palo Alto Networks XSOAR Audit PAN_XSOAR
PaperCut Printing Management System PAPER_CUT
Passfort PASSFORT
Passwordstate PASSWORDSTATE
Paxton Access Control Systems PAXTON_ACS
SSL pcap PCAP_SSL_CLIENT_HELLO
Pega Automation PEGA
Pentera PENTERA
Pentera ASV PENTERA_ASV
Pentera Leef PENTERA_LEEF
PeopleSoft PEOPLESOFT
Peplink Loadbalancer PEPLINK_LOADBALANCER
Peplink Router PEPLINK_ROUTER
Peplink Switch PEPLINK_SWITCH
Perimeter 81 PERIMETER_81
Domain Tools Phisheye PHISHEYE_ALERT
Pingsafe PINGSAFE
Ping Access PING_ACCESS
PingIdentity Directory Server Logs PING_DIRECTORY
Ping One PING_ONE
Ping SDK PING_SDK
Plaso Super Timeline PLASO
Plixer Scrutinizer PLIXER_SCRUTINIZER
Pomerium POMERIUM
Portnix Audit PORTNOX_AUDIT
Portnix CEF PORTNOX_CEF
PostgreSQL POSTGRESQL
MS PowerShell Transcript POWERSHELL_TRANSCRIPT
Power DNS POWER_DNS
Preveil Enterprise PREVEIL_ENTERPRISE
Prisma SD-WAN PRISMA_SD_WAN
ProofID PROOFID
Proofpoint CASB PROOFPOINT_CASB
Proofpoint DLP PROOFPOINT_DLP
Proofpoint Secure Share PROOFPOINT_SECURE_SHARE
Proofpoint Security Awareness Training PROOFPOINT_SECURITY_AWARENESS_TRAINING
Protegrity Defiance PROTEGRITY_DEFIANCE
Honeywell Pro-Watch PROWATCH
ProxMax PROXMAX
PRTG Network Monitor PRTG_NETWORKMONITOR
Puppet PUPPET
Pure Storage PURE_STORAGE
QLIK Audit QLIK_AUDIT
QNAP Systems NAS QNAP_NAS
Qualys User Activity QUALYS_ACTIVITY
Qualys Knowledgebase QUALYS_KNOWLEDGEBASE
Quest CA Audit QUEST_CA_AUDIT
Rabbit MQ RABBITMQ
RadiFlow IDS RADIFLOW_IDS
RSA RADIUS RADIUS
Radware DDoS Protection RADWARE_DDOS
RAD ETX RAD_ETX
Rapid7 Security Onion RAPID7_SECURITY_ONION
Raritan Dominion SX II RARITAN_DOMINION
RealiteQ REALITEQ
Red Canary Cloud Protection REDCANARY_CLOUD_PROTECTION_RAW
Red Hat Identity Management REDHAT_IM
Redhat Jboss REDHAT_JBOSS
Red Hat Keycloak REDHAT_KEYCLOAK
RedHat Satellite Server REDHAT_SATELLITE
RedHat StackRox REDHAT_STACKROX
Redis REDIS
Ribbon Session Border Controller RIBBON_SBC
Ring Central RING_CENTRAL
RiskIQ Digital Footprint RISKIQ_DIGITAL_FOOTPRINT
RSA SecurID Access Identity Router RSA_SECURID
Rubrik Polaris RUBRIK_POLARIS
Rumble Network Discovery RUMBLE_NETWORK_DISCOVERY
SafeBreach SAFEBREACH
SafeConnect NAC SAFECONNECT_NAC
Salesforce Commerce Cloud SALESFORCE_COMMERCE_CLOUD
Salesforce Context SALESFORCE_CONTEXT
SAP Cloud for Customer SAP_C4C
SAP HANA SAP_HANA
SAP Identity Management SAP_IDM
SAP Insurance SAP_INSURANCE
SAP SuccessFactors SAP_SUCCESSFACTORS
SAP Webdispatcher SAP_WEBDISP
Scality Ring Audit SCALITY_RING_AUDIT
Microsoft System Center Configuration Manager SCCM
Secberus Cloud Security Governance SECBERUS
SecurityScorecard Platform SECURITYSCORECARD
Semperis ADFR SEMPERIS_ADFR
Sendgrid Api SENDGRID
Sendsafely SENDSAFELY
Senhasegura PAM SENHASEGURA_PAM
Sentrigo SENTRIGO
Serpico SERPICO
ServiceNow Audit SERVICENOW_AUDIT
ServiceNow Roles SERVICENOW_ROLES
Sevco Security CMDB SEVCO_CMDB
Microsoft SharePoint SHAREPOINT
Sharepoint Unified Logging Service (ULS) SHAREPOINT_ULS
shodan.io SHODAN_IO
Siebel Monitoring SIEBEL
Siemens SiPass SIEMENS_SIPASS
Silver Peak Firewall SILVERPEAK_FIREWALL
Single Store SINGLE_STORE
SKYSEA Client View SKYSEA
Smart Simple SMART_SIMPLE
Snapattack SNAPATTACK
Snipe-IT SNIPE_IT
Snowflake SNOWFLAKE
Socomec UPS SOCOMEC_UPS
Software House Access Control SOFTWARE_HOUSE_ACS
Software House Ccure9000 SOFTWARE_HOUSE_CCURE9000
Solace PubSub Cloud SOLACE_AUDIT
SolarWinds Serv-U SOLARWINDS_SERV_U
SonarQube SONARQUBE
Sonicwall Secure Mobile Access SONICWALL_SMA
Sonrai Enterprise Cloud Security Solution SONRAI
Sophos Email Appliance SOPHOS_EMAIL
Sophos URL filtering SOPHOS_URL
Spamhaus SPAMHAUS
Symantec Protection Engine SPE
SpecterX SPECTERX
Spirion SPIRION
Splashtop Remote Access and Support software SPLASHTOP
Splunk DNS SPLUNK_DNS
Splunk Phantom SPLUNK_PHANTOM
Splunk Intel Management SPLUNK_TRUSTAR
Spur data feeds SPUR_FEEDS
Stairwell Inception STAIRWELL_INCEPTION
Stellar Cyber STELLAR_CYBER
Stream Alert STREAMALERT
StrongDM STRONGDM
Sublime Security SUBLIMESECURITY
Supermicro IPMI SUPERMICRO_IPMI
Superna Eyeglass SUPERNA_EYEGLASS
SureView Systems Activity SUREVIEW_SYSTEMS
Swift SWIFT
Swift Alliance Messaging Hub SWIFT_AMH
Swimlane Platform SWIMLANE
Symantec Messaging Gateway SYMANTEC_MAIL
Symphony Summit AI SYMPHONYAI
Syxsense SYXSENSE
Tableau TABLEAU
Tailscale TAILSCALE
Tanium Deploy TANIUM_DEPLOY
Tanium Question TANIUM_QUESTION
Tanium TanOS TANIUM_TANOS
Technitium DNS TECHNITIUM_DNS
Tenable OT TENABLE_OT
Tenable Web App Scanning TENABLE_WAS
Tenemos Journey Manager System Event Publisher TENEMOS_MANAGER_SYSTEMEVENT
Teradici PCoIP TERADICI_PCOIP
Teramind TERAMIND
Terraform Enterprise Audit TERRAFORM_ENTERPRISE
Tessian Cloud Email Security Platform TESSIAN_PLATFORM
Tetragon Ebpf Audit Logs TETRAGON_EBPF_AUDIT_LOGS
TGDetect TGDETECT
ThreatQuotient THREATQ_IOC
ThreatX WAF THREATX_WAF
Thycotic devops secret vault THYCOTIC_DEVOPS_SECRETVAULT
Trend Micro TIPPING_POINT
Traceable API Security TRACEABLE_PLATFORM
Traefik Labs TRAEFIK
TrendMicro Apex Central TRENDMICRO_APEX_CENTRAL
Trend Micro Cloud App Security TRENDMICRO_CLOUDAPPSECURITY
Trend Micro Cloud one TRENDMICRO_CLOUDONE
TrendMicro Deep Discovery Inspector TRENDMICRO_DDI
Trend Micro EdgeIPS TRENDMICRO_EDGEIPS
TrendMicro EDR TRENDMICRO_EDR
Trend Micro Email Security Advanced TRENDMICRO_EMAIL_SECURITY
TXOne Stellar TRENDMICRO_STELLAR
TrendMicro Webproxy DSM TRENDMICRO_WEBPROXY_DSM
Tridium Niagara Framework TRIDIUM_NIAGARA_FRAMEWORK
Tripp Lite TRIPP_LITE
TrueFort Platform TRUEFORT
Twilio Audit TWILIO_AUDIT
Twilio Authy TWILIO_AUTHY
Twingate TWINGATE
Tyk IO TYK_IO
Ubiquiti Accesspoint UBIQUITI_ACCESSPOINT
Ubiquiti UDM Firewall UBIQUITI_FIREWALL
UDM UDM
Uipath UIPATH
UltraDNS ULTRADNS
Ultra Electronics CyberFence ULTRA_CYBERFENCE
Unifi Switch UNIFI_SWITCH
Unit 21 UNIT21
UpGuard UPGUARD
Vanguard Active Alerts VANGUARD
Vector Dev VECTOR_DEV
Vectra Protect VECTRA_PROTECT
Veeam VEEAM
Velo Firewall VELO_FIREWALL
Venafi VENAFI
Verizon Network Detection and Response VERIZON_NDR
Verkada VERKADA
ViaControl Server Application VIACONTROL
Virsec Event Logs VIRSEC_EVENT
Virsec Attack and Threat Logs VIRSEC_THREAT
Virtru Email Encryption VIRTRU_EMAIL_ENCRYPTION
VirusTotal Threat Hunter VIRUSTOTAL_THREAT_HUNTER
VMRay Analyzer VMRAY_FLOG_XML
VMware Aria Logs VMWARE_ARIA_LOGS
Vmware Avinetworks iWAF VMWARE_AVINETWORKS_IWAF
VMware Avi Vantage Platform VMWARE_AVI_VANTAGE
VMware Cloud Director VMWARE_CD
VMware HCX VMWARE_HCX
VMware NSX AVI VMWARE_NSX_AVI
VMware SDDC VMWARE_SDDC
VMware SDWN Events VMWARE_SDWN_EVENTS
VMware Unified Access Gateway VMWARE_UNIFIED_ACCESS_GATEWAY
VMware vShield VMWARE_VSHIELD
Voltage VOLTAGE
Vonage VONAGE
VSFTPD Audit VSFTPD_AUDIT
Wallarm Webhook Notifications WALLARM_NOTIFICATIONS
Wallix Bastion WALLIX_BASTION
Wallix Endpoint Privilege Management WALLIX_EPM
Wallix Privileged Access Management WALLIX_PAM
Waterfall Data Security Manager WATERFALL_DSM
WebEx WEBEX_SAAS
White Cloud WHITECLOUD_EDR
Windows Filtering Platform WINDOWS_WFP
Winscp WINSCP
WithSecure Cloud Protection WITHSECURE_CLOUD
WithSecure Elements Connector WITHSECURE_ELEMENTS
Wordpress Simple History WORDPRESS_SIMPLE_HISTORY
Workato Audit Logs WORKATO
Workday User Activity WORKDAY_USER_ACTIVITY
Workspot Control WORKSPOT_CONTROL
WP Engine WP_ENGINE
WS Ftp WS_FTP
Western Telematic Inc Console Servers WTI_CONSOLE_SERVERS
YAMAHA ROUTER RTX1200 YAMAHA_ROUTER
Ysoft Data Security Manager YSOFT_DSM
Zabbix ZABBIX
Zendesk CRM ZENDESK_CRM
ZeroFox Platform ZEROFOX_PLATFORM
Zoho Analytics Audits ZOHO_AUDIT
ZScaler Deception ZSCALER_DECEPTION
Zscaler Digital Experience ZSCALER_DIGITAL_EXPERIENCE
Zscaler NSS Feeds for Alerts ZSCALER_NSS_FEEDS
Zscaler Client Connector ZSCALER_ZCC
Zscaler ZDX ZSCALER_ZDX
Zscaler Secure Private Access Audit Logs ZSCALER_ZPA_AUDIT
Zuora App Logs ZUORA_APP_LOGS