Supported log types and default parsers
This document contains information about Google Security Operations SIEM integrations for data ingestion.
It summarizes the devices, and the associated ingestion label (log_type
) field in the
Ingestion API and data_type
in a Forwarder configuration), that Google Security Operations SIEM supports.
Supported log types with a default parser
Parsers normalize raw log data into structured Unified Data Model format. This
section lists supported devices, and the associated ingestion label (log_type
field in the
Ingestion API and data_type
in a Forwarder configuration), that also have a prebuilt default parser.
The default parser is supported by Google Security Operations as long as the device's
raw logs are received in the required format.
For a list of supported log types without a default parser, see Supported log types without a default parser.
The Format column indicates the high-level structure of the raw log, as:
- CSV: Comma Separated Values
- JSON: JavaScript Object Notation
- SYSLOG: syslog formatted message
- KV: key-value pair
- XML: Extensible Markup Language
- SYSLOG + KV: syslog header with key-value body
- SYSLOG + JSON: syslog header with JSON body
- SYSLOG + XML: syslog header with XML body
- LEEF: Log Event Extended Format
- CEF: Common Event Format
These changes are applied to newly ingested logs. Parser changes are not applied retroactively to previously ingested logs.
Vendor / Product | Category | Ingestion label | Format | Latest Update |
---|---|---|---|---|
Microsoft IIS | Web Server | IIS |
SYSLOG + KV, JSON | 2024-02-18 View Change |
MISP Threat Intelligence | Cybersecurity | MISP_IOC |
JSON, CSV | 2023-09-26 View Change |
Open Cybersecurity Schema Framework (OCSF) | Schema | OCSF |
JSON | 2023-10-30 View Change |
Sourcefire | IDS/IPS | SOURCEFIRE_IDS |
JSON, CEF | 2024-03-07 View Change |
Centripetal Networks IOC | IOC | CENTRIPETAL_IOC |
SYSLOG + KV | 2022-01-06 |
Crowdstrike IOC | IOC | CROWDSTRIKE_IOC |
JSON | 2023-08-23 View Change |
Talon | Security | TALON |
JSON | 2023-12-21 |
HCL BigFix | Network Management and Optimization | HCL_BIGFIX |
JSON | 2023-12-08 View Change |
Comodo | AV / Endpoint | COMODO_AV |
SYSLOG + KV (CEF) | 2021-04-09 |
OneLogin | SSO | ONELOGIN_SSO |
JSON | 2023-04-28 View Change |
Extreme Wireless | Network Management and Optimization software | EXTREME_WIRELESS |
SYSLOG | 2024-02-28 View Change |
Security Command Center Posture Violation | Google Cloud Specific | GCP_SECURITYCENTER_POSTURE_VIOLATION |
JSON | 2024-03-20 View Change |
Infoblox DHCP | DHCP | INFOBLOX_DHCP |
SYSLOG | 2024-01-10 View Change |
Fortinet FortiEDR | EDR | FORTINET_FORTIEDR |
SYSLOG + KV | 2023-08-07 View Change |
NIMBLE OS | OS | NIMBLE_OS |
SYSLOG | 2022-07-21 View Change |
Preempt Alert | Identity and Access Management | PREEMPT |
SYSLOG + KV (CEF) | 2022-06-22 View Change |
Seqrite Endpoint Security (EPS) | AV and endpoint logs | SEQRITE_ENDPOINT |
LEEF | 2023-03-24 View Change |
Tanium Threat Response | Tanium Specific | TANIUM_THREAT_RESPONSE |
JSON | 2023-07-28 View Change |
VMware vRealize Suite (VMware Aria) | Cloud | VMWARE_VREALIZE |
SYSLOG | 2023-06-20 View Change |
Akamai Cloud Monitor | Load Balancer, Traffic Shaper, ADC | AKAMAI_CLOUD_MONITOR |
JSON | 2023-09-16 View Change |
Dell ECS Enterprise Object Storage | ECS | DELL_ECS |
SYSLOG | 2024-03-18 View Change |
Compute Engine | Google Cloud Specific | GCP_COMPUTE |
JSON | 2023-02-24 View Change |
Azure Firewall | Azure Firewall Application Rule | AZURE_FIREWALL |
JSON | 2024-02-07 View Change |
AWS RDS | Database | AWS_RDS |
SYSLOG | 2023-04-24 View Change |
Microsoft Graph Activity Logs | AUDIT | MICROSOFT_GRAPH_ACTIVITY_LOGS |
JSON | 2024-03-01 View Change |
Cisco VCS Expressway | Telephone software | CISCO_VCS |
SYSLOG | 2023-06-12 View Change |
OpenVPN | Network | OPEN_VPN |
SYSLOG + KV + JSON | 2023-11-27 View Change |
IBM Tivoli | Monitoring | IBM_TIVOLI |
JSON, SYSLOG | 2024-03-15 View Change |
BeyondTrust Endpoint Privilege Management | Privileged Account Activity | BEYONDTRUST_ENDPOINT |
JSON | 2024-03-20 View Change |
ProofPoint Secure Email Relay | Email server | PROOFPOINT_SER |
JSON | 2023-08-29 View Change |
Saiwall VPN | VPN | SAIWALL_VPN |
KV | 2023-10-29 View Change |
Akamai WAF | WAF | AKAMAI_WAF |
SYSLOG | 2024-03-01 View Change |
AWS Security Hub | IDS/IPS | AWS_SECURITY_HUB |
JSON | 2023-06-20 View Change |
Ping Identity | Authentication | PING |
JSON, SYSLOG + KV | 2023-12-07 View Change |
FireEye | Alerts | FIREEYE_ALERT |
SYSLOG + JSON, JSON | 2024-02-26 View Change |
Centrify | SSO | CENTRIFY_SSO |
JSON | 2022-08-10 View Change |
Cisco NX-OS | OS | CISCO_NX_OS |
SYSLOG | 2023-08-11 View Change |
Quest Change Auditor for EMC | Alert | QUEST_CHANGE_AUDITOR_EMC |
JSON | 2024-01-13 View Change |
Trend Micro | SMS, UNITY_ONE | TIPPING_POINT |
SYSLOG | 2024-04-02 View Change |
Workspace Groups | Google Cloud Specific | WORKSPACE_GROUPS |
JSON | 2024-04-24 View Change |
Windows Event | Endpoint | WINEVTLOG |
JSON + KV + XML | 2024-05-01 View Change |
1Password | Identity and Access Management | ONEPASSWORD |
JSON | 2023-06-07 View Change |
Azure SQL | Database | AZURE_SQL |
JSON | 2022-02-08 |
Cisco Umbrella Audit | Firewall and Security Management | CISCO_UMBRELLA_AUDIT |
CSV | 2024-01-10 View Change |
Custom Application Access Logs | Security | CUSTOM_APPLICATION_ACCESS |
JSON | 2024-03-11 View Change |
Oracle Cloud Infrastructure VCN Flow Logs | Oracle Cloud Infrastructure | OCI_FLOW |
JSON | 2023-04-29 View Change |
Openpath | AV / Endpoint | OPENPATH |
SYSLOG | 2023-11-08 View Change |
Cisco Router | Switches, Routers | CISCO_ROUTER |
SYSLOG | 2023-11-10 View Change |
Proofpoint Email Filter | Email Server | PROOFPOINT_MAIL_FILTER |
KV | 2022-10-03 View Change |
Active Countermeasures | Alert | AI_HUNTER |
SYSLOG | 2020-12-08 |
HPE BladeSystem C7000 | BladeSystem C7000 | HPE_BLADESYSTEM_C7000 |
SYSLOG | 2024-04-08 View Change |
ExtraHop DNS | DNS | EXTRAHOP_DNS |
JSON | 2021-12-13 |
Splunk Platform | Security log | SPLUNK |
JSON | 2024-05-01 View Change |
Mimecast | Email Server | MIMECAST_MAIL |
KV | 2023-03-31 View Change |
Cisco Umbrella Web Proxy | Web Proxy | UMBRELLA_WEBPROXY |
CSV | 2023-10-17 View Change |
Jamf Protect Telemetry | Endpoint Security | JAMF_TELEMETRY |
JSON | 2024-05-01 View Change |
Accellion | DLP | ACCELLION |
SYSLOG | 2022-09-30 View Change |
Carbon Black App Control | Security log | CB_APP_CONTROL |
CEF, JSON | 2022-07-01 View Change |
AWS GuardDuty | IDS/IPS | GUARDDUTY |
JSON | 2024-03-11 View Change |
Symantec DLP | DLP | SYMANTEC_DLP |
SYSLOG + KV (CEF), XML | 2024-04-26 View Change |
Azion | Firewall | AZION |
JSON | 2023-09-30 View Change |
Desynova Contido | Switches | DESYNOVA_CONTIDO |
SYSLOG + JSON | 2023-09-19 View Change |
Onfido | Authentication | ONFIDO |
SYSLOG + JSON | 2023-03-10 View Change |
IBM Security QRadar SIEM | Security Log | IBM_QRADAR |
SYSLOG | 2023-05-18 View Change |
Imperva CEF | CEF | IMPERVA_CEF |
SYSLOG + KV | 2023-03-07 View Change |
Sophos AV | AV / Endpoint | SOPHOS_AV |
CSV, JSON | 2022-07-27 View Change |
Cisco ISE | Identity and Access Management | CISCO_ISE |
SYSLOG | 2024-04-18 View Change |
VPC Flow Logs | Google Cloud Specific | GCP_VPC_FLOW |
JSON | 2024-03-15 View Change |
Menlo Security | Web Proxy | MENLO_SECURITY |
JSON | 2023-08-03 View Change |
TrendMicro Web Proxy | Web Proxy | TRENDMICRO_WEBPROXY |
SYSLOG + KV | 2024-03-26 View Change |
Cisco Vision Dynamic Signage Director | Content and Delivery Management | CISCO_STADIUMVISION |
SYSLOG, SYSLOG+KV | 2023-05-12 View Change |
Custom Security Data Analytics | Log Aggregation | CUSTOM_SECURITY_DATA_ANALYTICS |
JSON | 2022-07-08 View Change |
Palo Alto Cortex XDR Alerts | NDR | CORTEX_XDR |
JSON, SYSLOG + KV | 2024-04-17 View Change |
Nutanix Prism | Firewall | NUTANIX_PRISM |
JSON, SYSLOG | 2024-02-21 View Change |
Avanan Email Security | Email Server | AVANAN_EMAIL |
JSON | 2022-07-12 View Change |
Layer7 SiteMinder | SSO | SITEMINDER_SSO |
KV+JSON | 2022-08-30 View Change |
F5 BIGIP LTM | Load Balancer, Traffic Shaper, ADC | F5_BIGIP_LTM |
SYSLOG | 2024-03-23 View Change |
tenable.io | Vulnerability Scanner | TENABLE_IO |
JSON | 2023-01-02 View Change |
Rubrik | Backup software | RUBRIK |
SYSLOG | 2022-12-01 View Change |
BeyondTrust Secure Remote Access | Remote Access Tools | BEYONDTRUST_REMOTE_ACCESS |
SYSLOG + KV | 2022-09-30 View Change |
Jenkins | Automation and DevOps | JENKINS |
JSON, SYSLOG | 2023-11-27 View Change |
Microsoft Defender for Identity | EDR | MICROSOFT_DEFENDER_IDENTITY |
JSON | 2024-04-15 View Change |
Pivotal | PaaS Application | PIVOTAL |
SYSLOG + KV | 2022-08-17 View Change |
Department of Homeland Security | Threat detection | DHS_IOC |
XML | 2023-07-31 View Change |
ESET AV | ESET_AV | ESET_AV |
SYSLOG + JSON | 2024-03-14 View Change |
GCP_KUBERNETES_CONTEXT | Computer Inventory | GCP_KUBERNETES_CONTEXT |
JSON | 2023-11-01 View Change |
Microsoft System Center Endpoint Protection | Malware Detection | MICROSOFT_SCEP |
KV | 2024-03-12 View Change |
Azure VPN | VPN | AZURE_VPN |
JSON | 2023-03-07 View Change |
Infoblox | DHCP, DNS | INFOBLOX |
SYSLOG | 2024-04-29 View Change |
AWS EC2 Instances | AWS Specific | AWS_EC2_INSTANCES |
JSON | 2024-01-31 View Change |
Azure App Service | SAAS | AZURE_APP_SERVICE |
JSON | 2024-02-20 View Change |
IBM DB2 | Database | DB2_DB |
LEEF | 2024-02-26 View Change |
SentinelOne EDR | EDR | SENTINEL_EDR |
SYSLOG + JSON | 2024-03-22 View Change |
Nucleus Asset Metadata | Nucleus Specific | NUCLEUS_ASSET |
JSON | 2021-08-05 |
Kolide Endpoint Security | Security | KOLIDE |
JSON | 2023-10-25 View Change |
Workday Audit Logs | Audit And Compliance | WORKDAY_AUDIT |
CSV | 2023-12-08 View Change |
BeyondTrust Privileged Identity | Privilege Account Activity | BEYONDTRUST_PI |
SYSLOG | 2022-10-24 View Change |
IAM Context | Google Cloud Specific | N/A |
JSON | 2024-03-13 View Change |
Symantec VIP Gateway | Email Server | SYMANTEC_VIP |
SYSLOG | 2023-03-03 View Change |
Tenable Security Center | Vulnerability Scanner | TENABLE_SC |
SYSLOG | 2021-05-18 |
YAMAHA ROUTER RTX1200 | Switches AND Routers | YAMAHA_ROUTER |
SYSLOG | 2024-04-19 View Change |
Zscaler CASB | CASB | ZSCALER_CASB |
JSON | 2024-03-27 View Change |
IBM Security Identity Manager | Security | IBM_SIM |
JSON + KV | 2024-03-11 View Change |
Tanium Patch | Tanium Specific | TANIUM_PATCH |
JSON | 2022-02-08 |
Forseti Open Source | Google Cloud Specific | FORSETI |
JSON | 2021-12-23 |
JumpCloud Directory Insights | CLOUD | JUMPCLOUD_DIRECTORY_INSIGHTS |
JSON | 2024-01-10 View Change |
Oracle Unified Directory | ORACLE OUD | ORACLE_OUD |
SYSLOG | 2023-09-11 View Change |
VMware Horizon | VDI | VMWARE_HORIZON |
SYSLOG | 2022-08-15 View Change |
Zeek JSON | DNS | BRO_JSON |
JSON | 2024-05-01 View Change |
Windows Applocker | Application Locker | WINDOWS_APPLOCKER |
SYSLOG + KV + JSON + XML | 2023-10-17 View Change |
Stormshield Firewall | FIREWALL | STORMSHIELD_FIREWALL |
SYSLOG + KV | 2023-06-29 View Change |
Azure AD | LDAP | AZURE_AD |
JSON | 2024-04-30 View Change |
Citrix Storefront | Remote Access Tools | CITRIX_STOREFRONT |
JSON | 2022-07-22 View Change |
Forcepoint Proxy | Web Proxy | FORCEPOINT_WEBPROXY |
SYSLOG + KV (CEF), LEEF | 2023-06-12 View Change |
Broadcom SSL Visibility Appliance | SSL Visibility | BROADCOM_SSL_VA |
SYSLOG | 2022-09-26 View Change |
Forcepoint CASB | CASB | FORCEPOINT_CASB |
SYSLOG + CEF | 2022-08-23 View Change |
IBM Informix | DATABASE | INFORMIX |
JSON + SYSLOG | 2022-02-18 |
Splunk Attack Analyzer | CLOUD SECURITY | SPLUNK_ATTACK_ANALYZER |
JSON | 2024-03-12 View Change |
Custom DNS | DNS | CUSTOM_DNS |
JSON | 2022-08-05 View Change |
Atlassian Bitbucket | Atlassian Bitbucket | ATLASSIAN_BITBUCKET |
JSON | 2023-06-12 View Change |
Riverbed Steelhead | Network Management and Optimization | STEELHEAD |
JSON , SYSLOG | 2024-04-12 View Change |
Cisco UCM | Communication Manager | CISCO_UCM |
SYSLOG + KV | 2022-08-18 View Change |
Cisco Umbrella DNS | DNS | UMBRELLA_DNS |
CSV, JSON | 2024-03-05 View Change |
Apache | Security | APACHE |
SYSLOG + JSON | 2024-01-25 View Change |
F5 ASM | WAF | F5_ASM |
SYSLOG, CSV | 2024-04-19 View Change |
Archer Integrated Risk Management | Risk Management Solution | ARCHER_IRM |
SYSLOG | 2022-05-04 View Change |
Chronicle SOAR Audit | SOAR | CHRONICLE_SOAR_AUDIT |
JSON | 2023-10-12 View Change |
Slack Audit | Productivity | SLACK_AUDIT |
JSON | 2023-10-27 View Change |
Stealthbits Audit | File system monitoring | STEALTHBITS_AUDIT |
JSON | 2021-11-09 |
Okera Dynamic Access Platform | Data Security | OKERA_DAP |
JSON | 2023-01-29 View Change |
AWS Network Firewall | Firewall | AWS_NETWORK_FIREWALL |
JSON | 2023-05-05 View Change |
Microsoft Azure NSG Flow | Network Flow | AZURE_NSG_FLOW |
JSON | 2022-04-18 View Change |
Digital Guardian DLP | DLP | DIGITALGUARDIAN_DLP |
JSON | 2023-06-02 View Change |
FireEye PX | Firewall | FIREEYE_PX |
JSON | 2024-01-05 View Change |
Sysdig | Security | SYSDIG |
JSON | 2024-01-05 View Change |
Microsoft Azure Activity | Misc Windows Specific | AZURE_ACTIVITY |
JSON | 2024-04-26 View Change |
Cisco Internetwork Operating System | Network Infrastructure | CISCO_IOS |
SYSLOG | 2024-04-02 View Change |
Snare System Diagnostic Logs | Security | SNARE_SOLUTIONS |
SYSLOG + KV | 2024-04-17 View Change |
Automation Anywhere | Automation Tools | AUTOMATION_ANYWHERE |
SYSLOG + KV | 2021-04-28 |
Azure Cosmos DB | Database | AZURE_COSMOS_DB |
JSON | 2023-02-22 View Change |
Cisco DNA Center Platform | Network Management and Optimization | CISCO_DNAC |
SYSLOG+JSON | 2023-12-29 View Change |
Cisco Application Centric Infrastructure | CISCO ACI | CISCO_ACI |
JSON, SYSLOG | 2022-09-26 View Change |
Deep Instinct EDR | EDR | DEEP_INSTINCT_EDR |
LEEF | 2023-12-27 View Change |
Duo User Context | Identity and Access Management | DUO_USER_CONTEXT |
JSON | 2021-04-12 |
Akeyless Vault Platform | Akeyless Vault Platform | AKEYLESS_VAULT |
KV + JSON | 2023-09-16 View Change |
AWS CloudFront | CDN | AWS_CLOUDFRONT |
SYSLOG | 2022-05-27 View Change |
Sophos Capsule8 | Container Security | SOPHOS_CAPSULE8 |
JSON | 2021-12-22 |
Solarwinds Kiwi Syslog Server | Security Log | SOLARWINDS_KSS |
SYSLOG + KV | 2022-11-16 View Change |
HPE ILO | Server Management | HPE_ILO |
SYSLOG | 2023-11-27 View Change |
Cisco ASA | firewall | CISCO_ASA_FIREWALL |
SYSLOG | 2024-04-24 View Change |
ManageEngine ADAudit Plus | Active Directory Audit | ADAUDIT_PLUS |
SYSLOG + KV (CEF) | 2024-01-19 View Change |
ISC DHCP | DHCP | ISC_DHCP |
JSON + SYSLOG + KV | 2024-01-29 View Change |
CloudM | Identity and Access Management | CLOUDM |
JSON | 2022-06-09 View Change |
Kubernetes Auth Proxy | Kubernetes Specific | KUBERNETES_AUTH_PROXY |
JSON | 2022-09-08 View Change |
Honeyd | Deception Software | HONEYD |
SYSLOG | 2021-04-05 |
AWS Aurora | AWS | AWS_AURORA |
JSON | 2024-01-12 View Change |
Quest File Access Audit | Alert | QUEST_FILE_AUDIT |
JSON | 2024-01-13 View Change |
Symantec Event export | SEP | SYMANTEC_EVENT_EXPORT |
JSON, SYSLOG | 2023-11-07 View Change |
Wazuh | Log Aggregator | WAZUH |
SYSLOG + JSON | 2024-03-04 View Change |
Ping Federate | Authentication | PING_FEDERATE |
CSV | 2023-04-24 View Change |
Thales MFA | Authentication | THALES_MFA |
SYSLOG + KV (CEF) | 2022-07-13 View Change |
Qualys Scan | Vulnerability scanner | QUALYS_SCAN |
JSON | 2023-04-21 View Change |
Imperva FlexProtect | Cloud App & Network Security | IMPERVA_FLEXPROTECT |
CEF + KV | 2023-08-28 View Change |
Passive DNS | DNS | PASSIVE_DNS |
JSON | 2021-05-19 |
PostFix Mail | Email Server | POSTFIX_MAIL |
SYSLOG | 2022-10-06 View Change |
Trellix HX Event Streamer | Cybersecurity | TRELLIX_HX_ES |
SYSLOG + KV | 2024-03-31 View Change |
GCP_APP_ENGINE | Cloud Computing | GCP_APP_ENGINE |
JSON and KV | 2024-03-05 View Change |
Cloud IoT | Google Cloud Specific | GCP_CLOUDIOT |
JSON | 2022-06-06 View Change |
FortiMail Email Security | Email Security | FORTINET_FORTIMAIL |
KV | 2023-09-06 View Change |
Peplink Firewall | Firewall | PEPLINK_FW |
SYSLOG + KV | 2023-08-17 View Change |
Fortinet FortiNAC | NAC | FORTINET_FORTINAC |
SYSLOG | 2022-07-08 View Change |
Zscaler Private Access | Security Service Edge | ZSCALER_ZPA |
SYSLOG + JSON, JSON | 2024-02-12 View Change |
Fluentd Logs | Log Aggregator | FLUENTD |
SYSLOG + JSON | 2023-11-29 View Change |
Microsoft Exchange | Email Server | EXCHANGE_MAIL |
SYSLOG | 2024-03-22 View Change |
AWS EC2 Hosts | AWS Specific | AWS_EC2_HOSTS |
JSON | 2024-01-31 View Change |
IBM Websphere Application Server | Web server | IBM_WEBSPHERE_APP_SERVER |
JSON, SYSLOG | 2022-01-20 |
AWS Macie | AWS-specific logs | AWS_MACIE |
JSON | 2022-08-08 View Change |
Cofense | Email Server | COFENSE_TRIAGE |
SYSLOG + KV (CEF) | 2024-03-04 View Change |
SiteMinder Web Access Management | SSO | CA_SSO_WEB |
JSON | 2022-08-08 View Change |
Bluecat Edge DNS Resolver | DNS | BLUECAT_EDGE |
JSON, KV, SYSLOG | 2022-01-18 |
Apigee | Google Cloud Specific | GCP_APIGEE |
JSON | 2021-11-02 |
Cisco DHCP | DHCP | CISCO_DHCP |
SYSLOG + CSV | 2022-02-07 |
EfficientIP DDI | Network | EFFICIENTIP_DDI |
SYSLOG + KV | 2022-01-24 |
Nucleus Unified Vulnerability Management | Nucleus Specific | NUCLEUS_VULNERABILITY |
JSON | 2021-06-30 |
Yubico OTP | Audit event | YUBICO_OTP |
SYSLOG, JSON, CSV | 2023-02-20 View Change |
Semperis DSP | LDAP | SEMPERIS_DSP |
SYSLOG | 2021-04-29 |
Microsoft IAS Server | Endpoint Security | MICROSOFT_IAS |
CSV + KV | 2024-04-25 |
F5 BIGIP Access Policy Manager | Access Policy Manager | F5_BIGIP_APM |
SYSLOG | 2023-06-06 View Change |
AWS Identity and Access Management (IAM) | AWS Specific | AWS_IAM |
JSON | 2023-12-14 View Change |
IBM Mainframe Storage | Monitoring | IBM_MAINFRAME_STORAGE |
2024-03-13 View Change |
|
Opnsense | Firewall and Routing Platform | OPNSENSE |
Syslog, Syslog + CSV | 2023-11-22 View Change |
Armis Activities | ACTIVITIES | ARMIS_ACTIVITIES |
JSON | 2023-02-07 View Change |
BigQuery | Google Cloud Resources Contexts | N/A |
JSON | 2024-04-24 View Change |
Palo Alto Prisma Cloud | SECURITY PLATFORM | PAN_PRISMA_CLOUD |
JSON | 2024-03-28 View Change |
Veritas NetBackup | Backup software | VERITAS_NETBACKUP |
SYSLOG | 2024-01-18 View Change |
Trend Micro Apex one | Endpoint Security | TRENDMICRO_APEX_ONE |
SYSLOG + KV | 2023-12-18 View Change |
Duo Telephony Logs | Identity and Access Management | DUO_TELEPHONY |
JSON | 2023-08-24 View Change |
BeyondTrust | Privilege Account Activity | BOMGAR |
SYSLOG | 2024-01-12 View Change |
Cloudflare | SaaS Application | CLOUDFLARE |
JSON | 2024-02-19 View Change |
Sophos UTM | Unified Threat Management | SOPHOS_UTM |
KV | 2022-06-30 View Change |
D3 Banking | BANKING | D3_BANKING |
JSON | 2022-03-23 View Change |
Falco IDS | IDS/IPS | FALCO_IDS |
JSON | 2024-03-06 View Change |
Netskope Web Proxy | Web Proxy | NETSKOPE_WEBPROXY |
SYSLOG, SYSLOG+JSON, JSON | 2024-04-22 View Change |
Aqua Security | IaaS Applications | AQUA_SECURITY |
JSON | 2022-02-03 |
Kubernetes Audit | K8s cluster audit logs | KUBERNETES_AUDIT |
JSON | 2023-08-21 View Change |
Saviynt Enterprise Identity Cloud | Endpoints | SAVIYNT_EIP |
JSON, JSON+KV | 2023-06-05 View Change |
Cisco Prime | Network Management and Optimization | CISCO_PRIME |
SYSLOG | 2024-01-26 View Change |
Resource Manager Context | Google Cloud Specific | GCP_RESOURCE_MANAGER_CONTEXT |
JSON | 2023-07-26 View Change |
Recorded Future | IOC | RECORDED_FUTURE_IOC |
JSON | 2021-11-17 |
Imperva Database | Cloud Application and Edge Security | IMPERVA_DB |
SYSLOG, SYSLOG+JSON | 2024-01-21 View Change |
Stealthbits Defend | Security System for Active Directory and File Systems. | STEALTHBITS_DEFEND |
SYSLOG + KV (LEEF, CEF) | 2022-11-17 View Change |
VMware NSX | Network and Security Virtualization | VMWARE_NSX |
KV | 2023-11-15 View Change |
Red Hat OpenShift | Kubernetes Container | REDHAT_OPENSHIFT |
SYSLOG | 2022-08-17 View Change |
TCPWave DDI | Secure ddi | TCPWAVE_DDI |
SYSLOG + JSON | 2022-09-27 View Change |
Citrix Monitor | Monitoring of DaaS | CITRIX_MONITOR |
JSON | 2022-12-06 View Change |
Tenable Active Directory Security | Tenable Active Directory Security | TENABLE_ADS |
SYSLOG | 2023-11-06 View Change |
Skybox Firewall Assurance | Firewall | SKYBOX_FIREWALL_ASSURANCE |
SYSLOG + KV | 2023-09-07 View Change |
Sonicwall Secure Mobile Access | Authentication | SONICWALL_SMA |
SYSLOG + KV | 2024-03-28 View Change |
Trustwave webmarshal | Proxy Server | WEBMARSHAL |
SYSLOG + CSV | 2023-05-04 View Change |
Microsoft CASB | CASB | MICROSOFT_CASB |
SYSLOG + KV (CEF) | 2023-11-27 View Change |
Datadog | NDR | DATADOG |
JSON | 2023-07-21 View Change |
AWS EMR | AWS Specific | AWS_EMR |
SYSLOG, SYSLOG+JSON, JSON | 2023-12-19 View Change |
Cisco CloudLock | CASB | CISCO_CLOUDLOCK_CASB |
JSON | 2021-10-04 |
BIND | DNS | BIND_DNS |
SYSLOG | 2024-02-24 View Change |
NetIQ eDirectory | Identity management deployments | NETIQ_EDIRECTORY |
Syslog, CEF | 2023-04-08 View Change |
Microsoft PowerShell | Misc. Windows-specific | POWERSHELL |
SYSLOG + JSON | 2023-12-05 View Change |
Pulse Secure | VPN | PULSE_SECURE_VPN |
SYSLOG | 2024-04-16 View Change |
Onapsis | SAP | ONAPSIS |
JSON , SYSLOG , KV | 2023-12-08 View Change |
Thales Vormetric | Encryption | VORMETRIC |
SYSLOG | 2021-12-17 |
OSSEC | IDS/IPS | OSSEC |
SYSLOG | 2024-04-24 View Change |
CA ACF2 | Mainframe | CA_ACF2 |
LEEF | 2022-05-24 View Change |
Tanium Discover | Tanium Specific | TANIUM_DISCOVER |
JSON | 2022-11-24 View Change |
Linux Auditing System (AuditD) | OS | AUDITD |
SYSLOG | 2024-04-08 View Change |
Tanium Asset | Tanium Specific | TANIUM_ASSET |
JSON, SYSLOG + KV | 2024-02-27 View Change |
Netscout OCI | Alert log | NETSCOUT_OCI |
SYSLOG + KV | 2024-02-21 View Change |
Windows DNS | DNS | WINDOWS_DNS |
JSON, XML, SYSLOG + KV | 2024-04-17 View Change |
ADVA Fiber Service Platform | Switches and Routers | ADVA_FSP |
SYSLOG+KV | 2023-12-18 View Change |
Bitdefender | AV / Endpoint | BITDEFENDER |
CSV | 2023-05-02 View Change |
Vectra Stream | NDR | VECTRA_STREAM |
SYSLOG + KV | 2024-02-26 View Change |
Microsoft Defender for Endpoint | EDR | MICROSOFT_DEFENDER_ENDPOINT |
JSON | 2024-05-02 View Change |
IBM DS8000 Storage | Audit Logs | IBM_DS8000 |
Syslog | 2024-03-30 View Change |
Men and Mice DNS | DNS | MENANDMICE_DNS |
SYSLOG | 2021-11-12 |
Aruba | Wireless | ARUBA_WIRELESS |
SYSLOG | 2024-04-18 View Change |
Salesforce | SaaS Application | SALESFORCE |
KV (LEEF), CSV | 2024-03-06 View Change |
Cloud Passage | SaaS Application | CLOUD_PASSAGE |
JSON | 2022-06-30 View Change |
McAfee Skyhigh CASB | CASB | MCAFEE_SKYHIGH_CASB |
SYSLOG + KV | 2023-06-17 View Change |
Rapid7 | Vulnerability Scanner | RAPID7_NEXPOSE |
JSON | 2022-09-27 View Change |
Extreme Networks Switch | Security | EXTREME_SWITCH |
SYSLOG | 2023-12-19 View Change |
Preempt Auth | Identity and Access Management | PREEMPT_AUTH |
SYSLOG + JSON | 2021-06-16 |
Okta | Identity and Access Management | OKTA |
JSON | 2024-03-05 View Change |
SonicWall | Firewall | SONIC_FIREWALL |
SYSLOG + KV | 2024-04-18 View Change |
Absolute Mobile Device Management | Mobile Device Management | ABSOLUTE |
SYSLOG + KV (CEF) | 2023-07-07 View Change |
Juniper Software Defined Wide Area Network | SYSLOG | JUNIPER_SDWAN |
SYSLOG | 2023-07-10 View Change |
Solaris system | OS | SOLARIS_SYSTEM |
SYSLOG | 2024-04-05 View Change |
McAfee Web Gateway | Web Proxy | MCAFEE_WEBPROXY |
SYSLOG + KV (CEF), JSON | 2023-06-17 View Change |
Symantec EDR | EDR | SYMANTEC_EDR |
JSON | 2022-03-31 View Change |
GCP_NETWORK_CONNECTIVITY | Computer Inventory | GCP_NETWORK_CONNECTIVITY_CONTEXT |
JSON | 2023-06-13 View Change |
Imperva Advanced Bot Protection | Bot Protection | IMPERVA_ABP |
JSON | 2024-03-23 View Change |
Opengear Remote Management | Secure Remote Access | OPENGEAR |
SYSLOG | 2024-04-05 View Change |
Cisco Firewall Services Module | Firewall | CISCO_FWSM |
SYSLOG | 2023-05-05 View Change |
CommVault Commcell | Alert System | COMMVAULT_COMMCELL |
KV , SYSLOG | 2024-01-24 View Change |
PerimeterX Bot Protection | Security | PERIMETERX_BOT_PROTECTION |
JSON | 2024-03-27 View Change |
Abnormal Security | Email Server | ABNORMAL_SECURITY |
JSON , SYSLOG | 2023-11-06 View Change |
Cloud Intrusion Detection System | Google Cloud Specific | GCP_IDS |
JSON | 2024-05-01 View Change |
AWS Control Tower | Identity and Access Management | AWS_CONTROL_TOWER |
JSON | 2024-03-17 View Change |
Trend Micro AV | AV / Endpoint | TRENDMICRO_AV |
SYSLOG + KV, CEF | 2023-05-21 View Change |
Barracuda WAF | Firewall | BARRACUDA_WAF |
JSON, SYSLOG + KV | 2023-07-19 View Change |
Okta Access Gateway | OKTA specific | OKTA_ACCESS_GATEWAY |
SYSLOG + KV | 2023-02-20 View Change |
ZScaler VPN | VPN | ZSCALER_VPN |
SYSLOG + CSV | 2023-06-08 View Change |
DMP | Physical Security | DMP_ENTRE |
SYSLOG | 2020-09-23 |
Airlock Digital Application Allowlisting | Application Whitelisting | AIRLOCK_DIGITAL |
SYSLOG | 2023-02-22 View Change |
ForgeRock Identity Cloud | Cloud Security | FORGEROCK_IDENTITY_CLOUD |
JSON | 2024-03-11 View Change |
RSA SecurID Access Identity Router | SECURITY | RSA_SECURID |
SYSLOG + CSV | 2024-04-23 View Change |
AWS S3 Server Access | AWS Specific | AWS_S3_SERVER_ACCESS |
SYSLOG | 2023-07-19 View Change |
AlgoSec Security Management | Policy Management | ALGOSEC |
SYSLOG + KV (CEF) | 2022-11-27 View Change |
Cato Networks | NDR | CATO_NETWORKS |
JSON | 2024-01-26 View Change |
IBM AS/400 | Application System | IBM_AS400 |
SYSLOG + KV, SYSLOG + JSON | 2024-04-16 View Change |
Hashicorp Vault | Privileged Account Activity | HASHICORP |
JSON, SYSLOG, SYSLOG+JSON, SYSLOG+KV | 2023-10-26 View Change |
Qualys Asset Context | Vulnerability Scanner | QUALYS_ASSET_CONTEXT |
JSON | 2023-08-01 View Change |
SpyCloud | AV / Endpoint | SPYCLOUD |
SYSLOG + JSON | 2023-11-08 View Change |
Workspace Activities | Google Cloud Specific | WORKSPACE_ACTIVITY |
JSON | 2024-04-24 View Change |
Signal Sciences WAF | WAF | SIGNAL_SCIENCES_WAF |
JSON | 2023-11-22 View Change |
Fortinet FortiClient | Security | FORTINET_FORTICLIENT |
KV | 2023-12-29 View Change |
Arista Switch | Switches | ARISTA_SWITCH |
JSON+SYSLOG | 2024-03-17 View Change |
Cisco CTS | Telephone Software | CISCO_CTS |
SYSLOG + KV | 2021-05-20 |
McAfee Web Protection | SaaS Application | MCAFEE_WEB_PROTECTION |
JSON | 2022-09-22 View Change |
Microsoft ATA | IDS/IPS | MICROSOFT_ATA |
SYSLOG + KV | 2024-01-29 View Change |
CommVault | Alert System | COMMVAULT |
KV , SYSLOG | 2023-11-10 View Change |
Kong API Gateway | Microservice management | KONG_GATEWAY |
SYSLOG + JSON | 2022-09-23 View Change |
Qualys VM | Vulnerability Scanner | QUALYS_VM |
KV + JSON | 2023-10-27 View Change |
Windows Defender ATP | AV / Endpoint | WINDOWS_DEFENDER_ATP |
SYSLOG + JSON, XML, JSON | 2024-04-02 View Change |
SailPoint IAM | Identity and Access Management | SAILPOINT_IAM |
JSON | 2024-02-21 View Change |
Uptycs EDR | Endpoint detection and response | UPTYCS_EDR |
JSON | 2022-07-08 View Change |
A10 Load Balancer | LOAD BALANCER | A10_LOAD_BALANCER |
SYSLOG | 2024-01-28 View Change |
AWS Elastic Load Balancer | AWS Specific | AWS_ELB |
SYSLOG | 2024-03-22 View Change |
Ionix | SECURITY | IONIX |
JSON | 2023-09-28 View Change |
Ruckus Networks | Wireless | RUCKUS_WIRELESS |
SYSLOG + KV | 2023-01-06 View Change |
Mattermost | Alerts | MATTERMOST |
JSON , SYSLOG | 2023-12-15 View Change |
Unbound DNS | DNS | UNBOUND_DNS |
SYSLOG | 2020-06-09 |
Linux Sysmon | DNS | LINUX_SYSMON |
XML | 2024-01-25 View Change |
AppOmni | SAAS Security Application | APPOMNI |
JSON | 2023-08-23 View Change |
Cisco Application Control Engine | Load Balancer, Traffic Shaper, ADC | CISCO_ACE |
SYSLOG | 2022-09-15 View Change |
Zscaler | Web Proxy | ZSCALER_WEBPROXY |
SYSLOG + KV, CSV | 2024-04-18 View Change |
Cisco Firepower NGFW | Firewall | CISCO_FIREPOWER_FIREWALL |
SYSLOG + KV, SYSLOG + JSON, JSON | 2024-04-12 View Change |
Security Command Center Toxic Combination | Google Cloud Specific | GCP_SECURITYCENTER_TOXIC_COMBINATION |
JSON | 2024-03-20 View Change |
Atlassian Jira | Ticketing Application | ATLASSIAN_JIRA |
SYSLOG, JSON | 2023-12-12 View Change |
Red Canary | EDR | REDCANARY_EDR |
JSON | 2022-09-15 View Change |
Windows Local Administrator Password Solution | Local Administrator Password Solution | MICROSOFT_LAPS |
JSON | 2024-03-07 View Change |
Guardicore Centra | Deception Software | GUARDICORE_CENTRA |
JSON | 2024-04-19 View Change |
macOS Endpoint Security | AV and endpoint logs | MACOS_ENDPOINT_SECURITY |
SYSLOG + KV | 2023-07-17 View Change |
SentinelOne Deep Visibility | EDR | SENTINEL_DV |
JSON | 2023-09-06 View Change |
VMware Workspace ONE | Logging and Troubleshooting | VMWARE_WORKSPACE_ONE |
SYSLOG | 2023-08-04 View Change |
Security Command Center Threat | Google Cloud Specific | N/A |
JSON | 2024-04-24 View Change |
Cloudian hyperstore | Storage Solutions | CLOUDIAN_HYPERSTORE |
SYSLOG | 2021-05-05 |
Cloudflare Audit | SaaS Application | CLOUDFLARE_AUDIT |
JSON | 2023-11-27 View Change |
Fidelis Network | NDR | FIDELIS_NETWORK |
SYSLOG + KV, JSON | 2023-09-04 View Change |
Avaya Aura Experience Portal | Avaya Aura Experience Portal | AVAYA_AURA |
SYSLOG | 2022-12-30 View Change |
FireEye HX | EDR | FIREEYE_HX |
JSON | 2024-04-04 View Change |
Teleport Access Plane | Remote Access | TELEPORT_ACCESS_PLANE |
SYSLOG | 2023-11-17 View Change |
DNSFilter | Data Transfer | DNSFILTER |
CSV | 2023-10-27 View Change |
Netfilter IPtables | Firewall | NETFILTER_IPTABLES |
SYSLOG + KV | 2023-10-12 View Change |
Micro Focus iManager | Network Management and Optimization | MICROFOCUS_IMANAGER |
SYSLOG | 2024-02-12 View Change |
COVID-19 Cyber Threat Coalition | IOC | COVID_CTC_IOC |
Value Entry | 2020-06-02 |
FortiGate | Firewall | FORTINET_FIREWALL |
JSON, SYSLOG + KV | 2024-04-19 View Change |
Bitwarden Events | Password Manager | BITWARDEN_EVENTS |
JSON | 2023-11-09 View Change |
Workspace Mobile Devices | Google Cloud Specific | WORKSPACE_MOBILE |
JSON | 2024-04-24 View Change |
Radware Web Application Firewall | Firewall | RADWARE_FIREWALL |
SYSLOG | 2023-12-08 View Change |
Carbon Black | EDR | CB_EDR |
JSON | 2024-01-19 View Change |
Kubernetes Node | Kubernetes Container | KUBERNETES_NODE |
JSON | 2024-05-01 View Change |
Auth0 | Authentication log | AUTH_ZERO |
JSON | 2024-03-07 View Change |
Barracuda Email | Email Server | BARRACUDA_EMAIL |
JSON | 2024-01-08 View Change |
Kea DHCP | DHCP | KEA_DHCP |
SYSLOG | 2022-03-22 View Change |
Cisco FireSIGHT Management Center | SaaS Application | CISCO_FIRESIGHT |
KV | 2024-04-29 View Change |
ServiceNow CMDB | Policy Management | SERVICENOW_CMDB |
JSON | 2024-01-23 View Change |
Digi modems | Switches and Routers | DIGI_MODEMS |
SYSLOG | 2023-06-26 View Change |
Cisco Umbrella Cloud Firewall | Firewall | UMBRELLA_FIREWALL |
CSV | 2022-09-02 View Change |
Forcepoint NGFW | Network | FORCEPOINT_FIREWALL |
JSON | 2023-02-16 View Change |
Cloud SQL Context | Google Cloud Specific | GCP_SQL_CONTEXT |
JSON | 2023-07-26 View Change |
Cisco Secure Workload | AV and Endpoint | CISCO_SECURE_WORKLOAD |
JSON | 2024-02-12 View Change |
Firewall Rule Logging | Google Cloud Specific | N/A |
JSON | 2024-05-01 View Change |
Palo Alto Cortex XDR Events | Monitoring and Threat Detection | PAN_CORTEX_XDR_EVENTS |
JSON | 2023-12-15 View Change |
Microsoft AD | LDAP | WINDOWS_AD |
JSON | 2024-03-27 View Change |
McAfee MVISION CASB | CLOUD SECURITY | MCAFEE_MVISION_CASB |
KV | 2023-06-22 View Change |
Tetragon Ebpf Audit Logs | OS | TETRAGON_EBPF_AUDIT_LOGS |
JSON | 2024-03-15 View Change |
Azure Key Vault logging | Audit | AZURE_KEYVAULT_AUDIT |
JSON | 2024-02-27 View Change |
FireEye HX Audit | Audits | FIREEYE_HX_AUDIT |
XML | 2022-11-04 View Change |
IBM-i Operating System | I Operating System | IBM_I |
Syslog CEF | 2024-03-18 View Change |
Azure AD Organizational Context | LDAP | AZURE_AD_CONTEXT |
JSON | 2024-05-02 View Change |
ThreatLocker Platform | THREATLOCKER | THREATLOCKER |
JSON | 2023-06-18 View Change |
RSA | Identity and Access Management | RSA_AUTH_MANAGER |
CSV | 2024-03-13 View Change |
Symantec Endpoint Protection | AV / Endpoint | SEP |
SYSLOG | 2023-11-28 View Change |
AIX system | OS | AIX_SYSTEM |
SYSLOG | 2024-04-30 View Change |
Apigee | Google Cloud Specific | GCP_APIGEE_X |
JSON | 2023-08-09 View Change |
Jamf Protect Alerts | Endpoint Security | JAMF_PROTECT |
JSON | 2024-05-01 View Change |
Workspace Alerts | Google Cloud Specific | WORKSPACE_ALERTS |
JSON | 2024-04-24 View Change |
ZScaler NGFW | Firewall | ZSCALER_FIREWALL |
SYSLOG + KV (CEF), CSV | 2024-04-08 View Change |
EPIC Systems | Discovery and Monitoring | EPIC |
LEEF + KV | 2022-10-31 View Change |
Mandiant Custom IOC | IOC | MANDIANT_CUSTOM_IOC |
JSON | 2023-12-19 View Change |
Cisco Stealthwatch | Log Aggregator | CISCO_STEALTHWATCH |
JSON | 2023-06-19 View Change |
Symantec Web Isolation | Secure Access Service Edge | SYMANTEC_WEB_ISOLATION |
JSON | 2022-07-08 View Change |
VMware vCenter | Server | VMWARE_VCENTER |
SYSLOG + JSON | 2023-11-13 View Change |
AWS Config | AWS Specific | AWS_CONFIG |
JSON | 2024-02-22 View Change |
Tenable OT | Vulnerability Scanners | TENABLE_OT |
SYSLOG+CEF | 2024-04-29 View Change |
Sophos Firewall (Next Gen) | Firewall | SOPHOS_FIREWALL |
KV | 2023-11-20 View Change |
Ipswitch MOVEit Transfer | Switches | IPSWITCH_MOVEIT_TRANSFER |
SYSLOG + CSV | 2024-04-22 View Change |
ESET | EDR | ESET_EDR |
SYSLOG + JSON | 2024-04-08 View Change |
Shibboleth IDP | Identity and Access Management | SHIBBOLETH_IDP |
SYSLOG, JSON | 2024-03-11 View Change |
Forgerock OpenIdM | DATA SECURITY | FORGEROCK_OPENIDM |
JSON | 2024-04-03 View Change |
Cloud Identity Devices | Google Cloud Specific | GCP_CLOUDIDENTITY_DEVICES |
JSON | 2022-04-13 View Change |
wiz.io | Identity and Access Management | WIZ_IO |
JSON | 2024-03-04 View Change |
Workspace Privileges | Google Cloud Specific | WORKSPACE_PRIVILEGES |
JSON | 2024-04-24 View Change |
Windows Defender AV | AV / Endpoint | WINDOWS_DEFENDER_AV |
JSON, XML | 2024-01-30 View Change |
CrowdStrike Falcon Stream | Alerts | CS_STREAM |
KV (LEEF) | 2022-07-18 View Change |
Barracuda Firewall | Firewall | BARRACUDA_FIREWALL |
SYSLOG | 2024-04-12 View Change |
Sap Business Technology Platform | SaaS Applications | SAP_BTP |
JSON | 2024-02-22 View Change |
Sophos Central | AV / Endpoint | SOPHOS_CENTRAL |
JSON | 2022-12-27 View Change |
Acalvio | Deception Software | ACALVIO |
SYSLOG + KV | 2020-10-13 |
Ribbon Analytics Platform | Telephone Software | RIBBON_ANALYTICS_PLATFORM |
SYSLOG | 2022-09-09 View Change |
ZScaler DNS | DNS | ZSCALER_DNS |
SYSLOG + KV, JSON | 2023-10-17 View Change |
Infoblox RPZ | RPZ | INFOBLOX_RPZ |
SYSLOG | 2024-02-13 View Change |
Check Point Harmony | Remote Access Tools | CHECKPOINT_HARMONY |
SYSLOG+KV | 2023-11-10 View Change |
Zscaler DLP | Data Loss Prevention | ZSCALER_DLP |
JSON, CSV | 2024-03-11 View Change |
Duo Entity context data | Identity and Access Management | DUO_CONTEXT |
JSON | 2022-03-14 |
AMD Pensando DSS Firewall | Firewall | AMD_DSS_FIREWALL |
SYSLOG + CSV | 2023-05-08 View Change |
Workday | SaaS Application | WORKDAY |
JSON | 2022-09-15 View Change |
CENSYS | NDR | CENSYS |
SYSLOG + KV | 2024-02-03 View Change |
CA Access Control | Access Management | CA_ACCESS_CONTROL |
JSON+SYSLOG, SYSLOG | 2023-07-25 View Change |
HCNET Account Adapter Plus | DHCP | HCNET_ACCOUNT_ADAPTER |
SYSLOG | 2022-09-15 View Change |
SentinelOne Singularity Cloud Funnel | EVENTS | SENTINELONE_CF |
JSON | 2024-04-24 View Change |
Brocade ServerIron ADX | Load Balancer | BROCADE_SERVERIRON |
SYSLOG | 2022-01-13 |
Area1 Security | Email server | AREA1 |
JSON | 2023-04-06 View Change |
ExtraHop RevealX | Firewall IDS/IPS | EXTRAHOP |
JSON, SYSLOG | 2023-10-27 View Change |
Check Point | Firewall | CHECKPOINT_FIREWALL |
SYSLOG + KV, JSON | 2024-04-19 View Change |
Cloud Audit Logs | Google Cloud Specific | N/A |
JSON | 2024-04-24 View Change |
Windows Hyper-V | Virtualization Software | WINDOWS_HYPERV |
JSON | 2023-10-09 View Change |
McAfee Unified Cloud Edge | SaaS Application | MCAFEE_UCE |
JSON | 2021-07-20 |
Ubiquiti UniFi Switch | Switch | UBIQUITI_SWITCH |
SYSLOG | 2023-11-21 View Change |
HP Procurve Switch | Switches | HP_PROCURVE |
SYSLOG | 2024-03-04 View Change |
PAN Autofocus | IOC | PAN_IOC |
JSON | 2021-08-09 |
Google Cloud Identity Context | Identity and Access Management | CLOUD_IDENTITY_CONTEXT |
JSON | 2023-07-25 View Change |
Okta User Context | Identity and Access Management | OKTA_USER_CONTEXT |
JSON | 2023-08-16 View Change |
Palo Alto Networks Firewall | Firewall | PAN_FIREWALL |
CSV + CEF + LEEF | 2024-04-17 View Change |
CIS Albert Alerts | Alerts | CIS_ALBERT_ALERT |
SYSLOG | 2022-10-10 View Change |
Forescout NAC | NAC | FORESCOUT_NAC |
SYSLOG, CEF | 2024-04-22 View Change |
Fortinet Web Application Firewall | WEB | FORTINET_FORTIWEB |
KV | 2024-01-09 View Change |
Cybereason EDR | EDR | CYBEREASON_EDR |
JSON | 2024-01-25 View Change |
Trustwave SEC MailMarshal | Email server | MAILMARSHAL |
SYSLOG | 2023-04-06 View Change |
Proofpoint Tap Alerts | Email Server | PROOFPOINT_MAIL |
JSON | 2024-04-03 View Change |
Netskope | Cloud Security | NETSKOPE_ALERT |
JSON | 2024-02-19 View Change |
Proofpoint On Demand | Email Server | PROOFPOINT_ON_DEMAND |
JSON | 2023-11-13 View Change |
Varonis | Data Security / Insider Threat | VARONIS |
SYSLOG + KV (CEF), LEEF | 2022-10-08 View Change |
Unix system | OS | NIX_SYSTEM |
SYSLOG , JSON | 2024-04-10 View Change |
Azure Application Gateway | GATEWAY | AZURE_GATEWAY |
JSON | 2024-04-19 View Change |
Proofpoint Web Browser Isolation | ATTACK PROTECTION ISOLATION | PROOFPOINT_WEB_BROWSER_ISOLATION |
JSON | 2023-05-25 View Change |
McAfee Enterprise Security Manager | Log Aggregator | MCAFEE_ESM |
SYSLOG + JSON | 2024-03-21 |
Cloud NAT | Google Cloud Specific | N/A |
JSON | 2024-05-01 View Change |
CA LDAP | Web server | CA_LDAP |
JSON | 2022-08-19 View Change |
Cybergatekeeper NAC | Security | CYBERGATEKEEPER_NAC |
SYSLOG + KV | 2024-04-23 View Change |
Chrome Management | Browser | N/A |
JSON | 2024-03-13 View Change |
SAP SAST Suite | Security | SAP_SAST |
SYSLOG | 2023-12-28 View Change |
F5 DNS | DNS | F5_DNS |
SYSLOG | 2021-06-17 |
Microsoft SQL Server | Database | MICROSOFT_SQL |
SYSLOG + KV, JSON | 2024-04-01 View Change |
Corelight | NDR | CORELIGHT |
JSON | 2024-05-01 View Change |
Tanium Stream | Tanium Specific | TANIUM_TH |
JSON | 2023-12-18 View Change |
Elastic Windows Event Log Beats | Log Aggregator | ELASTIC_WINLOGBEAT |
SYSLOG + JSON | 2024-01-17 View Change |
Cisco AMP | AV / Endpoint | CISCO_AMP |
JSON | 2024-02-23 View Change |
Cylance Protect | Alerts | CYLANCE_PROTECT |
SYSLOG + KV | 2022-09-06 View Change |
AWS Cloudtrail | Cloud Log Aggregator | AWS_CLOUDTRAIL |
JSON | 2024-04-30 View Change |
Citrix Netscaler | Load Balancer, Traffic Shaper, ADC | CITRIX_NETSCALER |
SYSLOG + KV | 2024-04-29 View Change |
AWS Route 53 DNS | AWS Specific | AWS_ROUTE_53 |
JSON + SYSLOG | 2023-12-20 View Change |
Swift Alliance Messaging Hub | Finance | SWIFT_AMH |
JSON | 2024-03-14 View Change |
Attivo Networks | NETWORK | ATTIVO |
SYSLOG + KV (CEF) | 2024-04-19 View Change |
Google Cloud IAM Analysis | Google Cloud Resources Contexts | N/A |
JSON | 2023-02-27 View Change |
DigitalArts i-Filter | Web Proxy | DIGITALARTS_IFILTER |
SYSLOG | 2023-04-17 View Change |
Azure AD Directory Audit | Audit | AZURE_AD_AUDIT |
JSON | 2024-03-18 View Change |
Network Policy Server | Network Policy Server | MICROSOFT_NPS |
JSON | 2024-03-12 View Change |
Cloud Data Loss Prevention | Google Cloud Specific | N/A |
JSON | 2022-12-19 View Change |
AWS EC2 VPCs | AWS Specific | AWS_EC2_VPCS |
JSON | 2024-01-31 |
AWS CloudWatch | Cloud service monitoring | AWS_CLOUDWATCH |
JSON, GROK | 2024-02-12 View Change |
Armis Devices | DEVICES | ARMIS_DEVICES |
JSON | 2023-03-02 View Change |
Open LDAP | LDAP | OPENLDAP |
SYSLOG | 2023-07-18 View Change |
Nyansa Events | IoT | NYANSA_EVENTS |
SYSLOG + KV | 2023-03-01 View Change |
BMC Helix Discovery | bmc helix discovery | BMC_HELIX_DISCOVERY |
SYSLOG | 2022-08-29 View Change |
VMware Tanzu Kubernetes Grid | IDS/IPS | VMWARE_TANZU |
JSON + SYSLOG+JSON | 2023-09-08 View Change |
Microsoft CyberX | IoT | CYBERX |
SYSLOG+KV | 2023-12-06 View Change |
RH-ISAC | IOC | RH_ISAC_IOC |
JSON | 2024-03-07 View Change |
XAMS by Xiting | Log Aggregator | XITING_XAMS |
SYSLOG | 2024-03-13 View Change |
Silverfort Authentication Platform | Identity and Access Management | SILVERFORT |
CEF SYSLOG | 2023-11-29 View Change |
Thales Luna Hardware Security Module | THALES_LUNA_HSM specific | THALES_LUNA_HSM |
JSON/SYSLOG | 2022-12-02 View Change |
CoSoSys Protector | Endpoint Detection | ENDPOINT_PROTECTOR_DLP |
SYSLOG + KV | 2023-04-17 View Change |
F5 Shape | Security log | F5_SHAPE |
JSON | 2022-02-21 |
CircleCI | Automation and DevOps Tools | CIRCLECI |
CSV + JSON | 2023-03-09 View Change |
GMAIL Logs | Google Cloud Specific | GMAIL_LOGS |
JSON | 2024-03-19 View Change |
Cloud Storage Context | Google Cloud Specific | N/A |
JSON | 2023-04-13 View Change |
Armis Alerts | ALERTS | ARMIS_ALERTS |
JSON | 2023-02-07 View Change |
Azure DevOps Audit | Automation and DevOps Tools | AZURE_DEVOPS |
JSON | 2024-01-19 View Change |
Cloud SQL | Google Cloud Specific | GCP_CLOUDSQL |
JSON | 2023-11-29 View Change |
Cloudflare WAF | Cloud Log | CLOUDFLARE_WAF |
JSON | 2023-08-30 View Change |
Snort | IDS/IPS | SNORT_IDS |
SYSLOG + JSON | 2022-09-22 View Change |
NGINX | Server Management | NGINX |
JSON + SYSLOG | 2022-09-10 View Change |
Cisco PIX Firewall | Firewall | CISCO_PIX_FIREWALL |
SYSLOG | 2023-05-23 View Change |
FireEye ETP | Email Server | FIREEYE_ETP |
JSON | 2024-03-07 View Change |
Digital Shadows SearchLight | Threat Intelligence | DIGITAL_SHADOWS_SEARCHLIGHT |
JSON | 2022-05-02 |
Elastic Packet Beats | Log Aggregator | ELASTIC_PACKETBEATS |
SYSLOG + JSON | 2024-03-23 View Change |
File Scanning Framework | File scanning | FILE_SCANNING_FRAMEWORK |
JSON | 2021-09-27 |
Blue Coat Proxy | Web Proxy | BLUECOAT_WEBPROXY |
SYSLOG + JSON, SYSLOG + KV | 2024-04-25 View Change |
Lenel Onguard Badge Management | Access Control System | LENEL_ONGUARD |
JSON | 2022-10-31 View Change |
FireEye NX | NDR | FIREEYE_NX |
JSON | 2022-05-18 View Change |
Versa Firewall | FIREWALL | VERSA_FIREWALL |
SYSLOG + KV | 2023-07-03 View Change |
Qualys Continuous Monitoring | Monitoring | QUALYS_CONTINUOUS_MONITORING |
JSON | 2022-08-30 View Change |
Elastic Audit Beats | ALERTING | ELASTIC_AUDITBEAT |
JSON | 2023-09-04 View Change |
IBM Security Access Manager | WAF | IBM_SAM |
SYSLOG | 2024-03-08 View Change |
Sentinelone Alerts | Endpoint Security | SENTINELONE_ALERT |
JSON | 2024-04-19 View Change |
pfSense | FIREWALL | PFSENSE |
SYSLOG | 2023-05-05 View Change |
SecureLink | Remote Access Tools | SECURELINK |
SYSLOG | 2023-09-13 View Change |
Apache Tomcat | Web server | TOMCAT |
JSON | 2022-04-20 View Change |
Illumio Core | Policy Management | ILLUMIO_CORE |
JSON, SYSLOG, SYSLOG+JSON and SYSLOG+CEF. | 2024-04-18 View Change |
KerioControl Firewall | Threat Management Firewall | KERIOCONTROL |
SYSLOG | 2024-02-28 View Change |
ForgeRock OpenAM | Identity and Access Management | OPENAM |
CSV, SYSLOG + KV | 2024-02-09 View Change |
Pulse Secure Virtual Traffic Manager | Traffic Shapers | PULSE_SECURE_VTM |
SYSLOG | 2023-11-03 View Change |
Sierra Wireless | IOT Devices | SIERRA_WIRELESS |
SYSLOG | 2023-11-23 View Change |
Infoblox DNS | DNS | INFOBLOX_DNS |
SYSLOG, CEF | 2023-10-17 View Change |
Juniper IPS | IDS/IPS | JUNIPER_IPS |
SYSLOG + KV | 2022-05-26 View Change |
Hitachi Cloud Platform | Hitachi Cloud Platform | HITACHI_CLOUD_PLATFORM |
SYSLOG | 2023-05-30 View Change |
Imperva SecureSphere Management | Data Security / Insider Threat | IMPERVA_SECURESPHERE |
SYSLOG + KV (CEF) | 2024-04-01 View Change |
Awake NDR | NDR | AWAKE_NDR |
JSON | 2024-01-11 View Change |
iBoss Proxy | Webproxy | IBOSS_WEBPROXY |
SYSLOG + JSON | 2023-08-22 View Change |
Kubernetes Audit Azure | Log Aggregator | KUBERNETES_AUDIT_AZURE |
JSON | 2024-01-11 View Change |
Squid Web Proxy | Web Proxy | SQUID_WEBPROXY |
SYSLOG | 2024-04-03 View Change |
CyberArk Endpoint Privilege Manager (EPM) | EPM | CYBERARK_EPM |
JSON | 2023-08-22 View Change |
Akamai Enterprise Application Access | Enterprise Application Access | AKAMAI_EAA |
JSON | 2023-11-14 View Change |
Dell EMC Isilon NAS | Storage | DELL_EMC_NAS |
SYSLOG | 2023-07-21 View Change |
Compute Context | Google Cloud Specific | N/A |
JSON | 2024-01-27 View Change |
GCP_SWP | CLOUD | GCP_SWP |
JSON | 2024-04-15 View Change |
Palo Alto Panorama | Firewall | PAN_PANORAMA |
CSV | 2024-01-25 View Change |
IBM DataPower Gateway | API Gateway | IBM_DATAPOWER |
JSON, SYSLOG | 2023-11-09 View Change |
HYPR MFA | Security SSO | HYPR_MFA |
CSV | 2024-04-26 View Change |
Alcatel Switch | Privileged Account Activity | ALCATEL_SWITCH |
SYSLOG | 2024-03-11 View Change |
Sangfor Next Generation Firewall | Firewall | SANGFOR_NGAF |
SYSLOG + KV | 2024-01-31 View Change |
Fortinet | DHCP | FORTINET_DHCP |
KV | 2022-11-21 View Change |
Forcepoint DLP | Forcepoint DLP | FORCEPOINT_DLP |
CEF | 2024-03-25 View Change |
Cloud DNS | Google Cloud Specific | N/A |
JSON | 2023-05-12 View Change |
Remediant SecureONE | Privileged Account Activity | REMEDIANT_SECUREONE |
SYSLOG + JSON | 2023-12-08 View Change |
Evision FircoSoft | Infrastructure | EVISION_FIRCOSOFT |
SYSLOG | 2023-11-22 View Change |
Windows Network Policy Server | Authentication | WINDOWS_NET_POLICY_SERVER |
SYSLOG, JSON, SYSLOG + XML | 2024-03-27 View Change |
IBM Guardium | Database DLP | GUARDIUM |
CSV, CEF | 2024-04-01 View Change |
Palo Alto Networks Traps | EDR | PAN_EDR |
CSV + KV | 2022-08-22 View Change |
ThreatConnect | IOC | THREATCONNECT_IOC |
JSON | 2022-01-13 |
Duo Auth | Authentication | DUO_AUTH |
JSON | 2023-10-23 View Change |
Check Point Sandblast | EDR | CHECKPOINT_EDR |
SYSLOG + KV | 2022-09-07 View Change |
Office 365 Message Trace | OFFICE_365 Specific | OFFICE_365_MESSAGETRACE |
JSON | 2024-04-18 View Change |
ManageEngine AD360 | Identity and Access Management | MANAGE_ENGINE_AD360 |
SYSLOG + KV | 2022-09-16 View Change |
Claroty Enterprise Management Console | Cyber Security | CLAROTY_EMC |
SYSLOG+KV | 2024-04-30 View Change |
Aruba Switch | Network Infrastructure | ARUBA_SWITCH |
SYSLOG | 2024-04-18 View Change |
Imperva | WAF | IMPERVA_WAF |
SYSLOG+KV, JSON | 2024-04-02 View Change |
IBM Tape Storages | Monitoring | IBM_LTO |
Syslog | 2024-05-02 View Change |
Static IP | DHCP | ASSET_STATIC_IP |
CSV | 2023-06-16 View Change |
McAfee DLP | DLP | MCAFEE_DLP |
CSV | 2022-04-13 View Change |
AWS WAF | AWS Specific | AWS_WAF |
JSON | 2024-03-14 View Change |
Aruba IPS | IPS | ARUBA_IPS |
JSON | 2022-06-16 View Change |
Delinea PAM | Access Management | DELINEA_PAM |
SYSLOG + CSV | 2022-11-10 View Change |
Neosec | Security | NEOSEC |
JSON | 2023-07-31 View Change |
Cisco WLC/WCS | Wireless | CISCO_WIRELESS |
SYSLOG | 2024-03-18 View Change |
Juniper Junos | Network Device | JUNIPER_JUNOS |
SYSLOG + KV | 2024-05-02 View Change |
Workspace Users | Google Cloud Specific | WORKSPACE_USERS |
JSON | 2024-03-27 View Change |
Rapid7 Insight | Vulnerability Scanner | RAPID7_INSIGHT |
SYSLOG, JSON | 2023-05-05 View Change |
CyberArk | Privilege Account Management | CYBERARK |
KV (CEF) | 2024-04-30 View Change |
NetApp ONTAP | Rest api | NETAPP_ONTAP |
SYSLOG | 2023-04-03 View Change |
ServiceNow Security | SaaS Application | SERVICENOW_SECURITY |
JSON | 2021-05-24 |
Apache Cassandra | Web server | CASSANDRA |
JSON | 2022-04-13 View Change |
Cisco Email Security | Email Server | CISCO_EMAIL_SECURITY |
SYSLOG + KV, JSON | 2023-10-05 View Change |
OpenSSH | Logging and Troubleshooting | OPENSSH |
SYSLOG | 2024-01-23 View Change |
GMV Checker ATM Security | ATM Audit | GMV_CHECKER |
SYSLOG | 2024-03-13 View Change |
WordPress | Configuration Management | WORDPRESS_CMS |
JSON | 2023-05-25 View Change |
Zimperium | Mobile Device Management | ZIMPERIUM |
SYSLOG + JSON | 2024-04-16 View Change |
RSA NetWitness | PLATFORM CONFIGURATION | RSA_NETWITNESS |
SYSLOG | 2022-10-18 View Change |
Ansible AWX | Automation and DevOps Tools | ANSIBLE_AWX |
JSON | 2022-11-09 View Change |
NGFW Enterprise | Google Cloud Specific | GCP_NGFW_ENTERPRISE |
JSON | 2024-04-16 View Change |
ManageEngine Reporter Plus | SaaS Application | MANAGE_ENGINE_REPORTER_PLUS |
JSON | 2022-08-29 View Change |
IBM Security Verify | Endpoint Security | IBM_SECURITY_VERIFY |
SYSLOG | 2023-01-25 View Change |
F5 VPN | VPN | F5_VPN |
SYSLOG | 2024-03-05 View Change |
Suricata EVE | IPS IDS | SURICATA_EVE |
JSON | 2024-04-17 View Change |
Snoopy Logger | Log Aggregator | SNOOPY_LOGGER |
SYSLOG | 2022-08-10 View Change |
Digital Guardian EDR | EDR | DIGITALGUARDIAN_EDR |
KV | 2022-12-07 View Change |
Microsoft Azure Resource | Log Aggregator | AZURE_RESOURCE_LOGS |
JSON | 2024-03-13 View Change |
Cisco Meraki | Wireless | CISCO_MERAKI |
SYSLOG, JSON | 2024-03-19 View Change |
Mobileiron | ENDPOINT MANAGEMENT | MOBILEIRON |
JSON | 2023-02-02 View Change |
Aruba EdgeConnect SD-WAN | Network Security | ARUBA_EDGECONNECT_SDWAN |
SYSLOG + CSV | 2023-05-03 View Change |
Dataminr Alerts | SAAS Security Application | DATAMINR_ALERT |
JSON | 2024-02-14 View Change |
Akamai DNS | DNS | AKAMAI_DNS |
CSV | 2021-06-28 |
AWS Key Management Service | AWS Specific | AWS_KMS |
JSON | 2022-05-27 View Change |
Quest Active Directory | Authentication log | QUEST_AD |
CEF SYSLOG + JSON | 2024-02-09 View Change |
Datto File Protection | DATTO_FILE_PROTECTION | DATTO_FILE_PROTECTION |
SYSLOG | 2022-08-22 View Change |
Cloud Load Balancing | Google Cloud Specific | GCP_LOADBALANCING |
JSON | 2024-02-14 View Change |
BloxOne Threat Defense | DNS | BLOXONE |
SYSLOG + JSON | 2024-01-18 View Change |
Clearswift | Information Security | CLEARSWIFT |
SYSLOG | 2023-11-22 View Change |
Mobile Endpoint Security | Mobile Endpoint Security | LOOKOUT_MOBILE_ENDPOINT_SECURITY |
CEF | 2024-03-07 View Change |
Proofpoint Sendmail Sentrion | Email server | PROOFPOINT_SENDMAIL_SENTRION |
SYSLOG | 2024-03-07 View Change |
WindChill | Lifecycle Management Software | WINDCHILL |
SYSLOG | 2024-02-09 View Change |
AWS Session Manager | AWS Specific | AWS_SESSION_MANAGER |
SYSLOG | 2023-06-14 View Change |
AlphaSOC | Alert | ASOC_ALERT |
JSON | 2021-06-21 |
Recordia | Telephone software | RECORDIA |
JSON | 2024-01-30 View Change |
ClamAV | AV / Endpoint | CLAM_AV |
JSON | 2022-02-07 |
Net Suite | WAF | NET_SUITE |
kv | 2023-08-02 View Change |
SAP Webdispatcher | Software WebSwitch | SAP_WEBDISP |
SYSLOG | 2024-03-15 View Change |
Cisco Umbrella IP | Web Proxy | UMBRELLA_IP |
SYSLOG | 2022-08-22 View Change |
InterSystems Cache | Database | INTERSYSTEMS_CACHE |
SYSLOG + KV | 2022-10-19 View Change |
Qualys Virtual Scanner | Vulnerability Scanner | QUALYS_VIRTUAL_SCANNER |
JSON | 2023-08-21 View Change |
Tanium Audit | SCAN NETWORK | TANIUM_AUDIT |
JSON | 2023-09-26 View Change |
Cambium Networks | Switches and Routers Log Type | CAMBIUM_NETWORKS |
SYSLOG | 2023-07-27 View Change |
Arcsight CEF | Security log | ARCSIGHT_CEF |
CEF Syslog | 2024-04-03 View Change |
Trend Micro Cloud one | Cloud Security | TRENDMICRO_CLOUDONE |
SYSLOG, JSON | 2024-04-29 View Change |
Red Hat Directory Server LDAP | Identity and Access Management | REDHAT_DIRECTORY_SERVER |
JSON + SYSLOG + KV | 2022-04-11 View Change |
IBM CICS | Service Bus | IBM_CICS |
LEEF | 2021-10-27 |
Vsftpd | FTP Server | VSFTPD |
GROK | 2023-11-20 View Change |
Oracle Cloud Infrastructure Audit Logs | Oracle Cloud Infrastructure | OCI_AUDIT |
JSON | 2023-09-29 View Change |
FireEye NX Audit | AUDIT | FIREEYE_NX_AUDIT |
Syslog | 2024-05-01 View Change |
NetApp SAN | Rest api | NETAPP_SAN |
SYSLOG | 2023-04-25 View Change |
Windows DHCP | DHCP | WINDOWS_DHCP |
JSON, SYSLOG, CSV | 2023-11-29 View Change |
Fastly WAF | WAF | FASTLY_WAF |
JSON | 2022-06-06 View Change |
Kiteworks | Network | KITEWORKS |
SYSLOG, CSV | 2023-11-10 View Change |
Stealthbits PAM | Privileged Access Management Solution | STEALTHBITS_PAM |
CEF + KV | 2023-11-07 View Change |
Sophos Intercept EDR | EDR logs | SOPHOS_EDR |
JSON | 2022-12-27 View Change |
Elastic Search | Log Aggregator | ELASTIC_SEARCH |
JSON | 2023-11-02 View Change |
Ordr IoT | IoT | ORDR_IOT |
SYSLOG + JSON | 2024-03-05 View Change |
Aruba Airwave | Wireless | ARUBA_AIRWAVE |
XML | 2023-12-06 View Change |
Dell EMC Data Domain | Storage system | DELL_EMC_DATA_DOMAIN |
SYSLOG + KV | 2022-07-08 View Change |
Synology | DATA STORAGE | SYNOLOGY |
SYSLOG | 2024-01-16 View Change |
Fortinet FortiAnalyzer | Fortinet FortiAnalyzer | FORTINET_FORTIANALYZER |
JSON | 2024-04-25 View Change |
Palo Alto Prisma Cloud Alert payload | Cloud Security | PAN_PRISMA_CA |
JSON | 2023-12-10 View Change |
Zscaler Tunnel | N/A | ZSCALER_TUNNEL |
JSON | 2024-01-01 View Change |
Cloud Functions Context | Google Cloud Specific | GCP_CLOUD_FUNCTIONS_CONTEXT |
JSON | 2023-07-26 View Change |
Windows Sysmon | DNS | WINDOWS_SYSMON |
JSON, XML | 2024-05-01 View Change |
Cyberark Privilege Cloud | Identity & Access Management | CYBERARK_PRIVILEGE_CLOUD |
SYSLOG + KV | 2024-03-17 View Change |
Oracle | DATABASE | ORACLE_DB |
SYSLOG + KV | 2024-04-03 View Change |
Kyriba Treasury Management | SaaS Application | KYRIBA |
CSV | 2021-02-24 |
SAP SuccessFactors | Audit Log | SAP_SUCCESSFACTORS |
CSV | 2024-04-22 View Change |
Fortra Powertech SIEM Agent | STATUS_UPDATE | FORTRA_POWERTECH_SIEM_AGENT |
SYSLOG, CEF | 2024-04-30 View Change |
DomainTools Threat Intelligence | Threat intelligence | DOMAINTOOLS_THREATINTEL |
JSON | 2023-12-13 View Change |
ForgeRock OpenDJ | LDAP | OPENDJ |
SYSLOG + KV | 2020-10-01 |
Strong Swan VPN | VPN | STRONGSWAN_VPN |
JSON | 2023-05-25 View Change |
Zoom Operation Logs | Operation-Specific | ZOOM_OPERATION_LOGS |
SYSLOG | 2022-11-04 View Change |
CloudGenix SD-WAN | Switches, Routers | CLOUDGENIX_SDWAN |
SYSLOG + KV | 2022-09-08 View Change |
Sophos DHCP | DHCP | SOPHOS_DHCP |
SYSLOG + KV | 2022-02-10 |
Zscaler Internet Access Audit Logs | Security Service Edge (SSE) | ZSCALER_INTERNET_ACCESS |
CSV, SYSLOG, JSON | 2024-03-08 View Change |
McAfee IPS | IDS/IPS | MCAFEE_IPS |
SYSLOG | 2021-04-15 |
Zeek TSV | Format Specific | BRO_TSV |
SYSLOG + TSV | 2022-01-31 |
Emerging Threats Pro | IOC | ET_PRO_IOC |
CSV | 2022-11-28 View Change |
Azure Storage Audit | Storage | AZURE_STORAGE_AUDIT |
JSON | 2024-04-08 View Change |
Armis Vulnerabilities | VULNERABILITIES | ARMIS_VULNERABILITIES |
JSON | 2023-02-07 View Change |
Kemp Load Balancer | Load Balancer, Traffic Shaper, ADC | KEMP_LOADBALANCER |
SYSLOG + KV | 2023-05-31 View Change |
Tanium Integrity Monitor | Tanium Specific | TANIUM_INTEGRITY_MONITOR |
JSON | 2022-10-12 View Change |
ION Spectrum | Automation | ION_SPECTRUM |
CSV | 2024-04-24 View Change |
LogonBox | Authentication | LOGONBOX |
SYSLOG + KV | 2024-02-05 View Change |
Tanium Insight | Tanium Specific | TANIUM_INSIGHT |
SYSLOG + KV | 2021-03-10 |
Unifi AP | Switches and Routers | UNIFI_AP |
SYSLOG + KV, SYSLOG + JSON | 2024-03-22 View Change |
Cisco VPN | VPN | CISCO_VPN |
SYSLOG | 2024-03-25 View Change |
Tanium Reveal | Tanium Specific | TANIUM_REVEAL |
JSON | 2021-11-15 |
VMware AirWatch | Wireless | AIRWATCH |
SYSLOG + KV | 2023-09-05 View Change |
Duo Administrator Logs | Authentication | DUO_ADMIN |
JSON | 2023-03-10 View Change |
JAMF CMDB | Computer Inventory | JAMF |
JSON | 2024-02-23 View Change |
Island Browser logs | Web Browser | ISLAND_BROWSER |
JSON | 2023-09-04 View Change |
LimaCharlie | EDR | LIMACHARLIE_EDR |
JSON | 2023-08-07 |
Box | Collaboration | BOX |
JSON | 2024-03-11 View Change |
Shrubbery TACACS+ | NETWORK MANAGEMENT | SHRUBBERY_TACACS |
SYSLOG + KV | 2022-11-08 View Change |
Thycotic | Identity and Access Management | THYCOTIC |
SYSLOG + KV (CEF) | 2023-09-22 View Change |
Dope Security SWG | Secure Access Service Edge | DOPE_SWG |
CSV | 2023-05-18 View Change |
Suricata IDS | IDS/IPS | SURICATA_IDS |
JSON | 2024-04-08 View Change |
Big Switch BigCloudFabric | Switches, Routers | BIGSWITCH_BCF |
SYSLOG | 2021-04-20 |
Nokia Router | Switches and Routers | NOKIA_ROUTER |
SYSLOG + KV | 2023-11-27 View Change |
Palo Alto Prisma Access | Cloud Security | PAN_CASB |
JSON | 2022-11-25 View Change |
VanDyke SFTP | Data Transfer | VANDYKE_SFTP |
JSON, SYSLOG | 2022-03-25 View Change |
Windows Firewall | Firewall | WINDOWS_FIREWALL |
Space Separated Value | 2021-08-26 |
Microsoft Intune | Mobile Device Management | AZURE_MDM_INTUNE |
JSON | 2024-04-10 View Change |
Digital Shadows Indicators | IOC | DIGITAL_SHADOWS_IOC |
JSON | 2022-04-23 |
SAP SM20 | Security Audit Log | SAP_SM20 |
JSON | 2024-04-16 View Change |
Azure WAF | Log Aggregator | AZURE_WAF |
JSON | 2024-04-07 View Change |
Thinkst Canary | Deception Software | THINKST_CANARY |
JSON | 2024-03-05 View Change |
TrendMicro Apex Central | Endpoint | TRENDMICRO_APEX_CENTRAL |
CEF | 2024-04-24 View Change |
SEPPmail Secure Email | email encryption and signature solutions | SEPPMAIL |
SYSLOG + KV | 2024-02-11 View Change |
SOTI MobiControl | Mobile Device Management | SOTI_MOBICONTROL |
SYSLOG | 2023-09-08 View Change |
IBM Security Verify SaaS | SaaS Application | IBM_SECURITY_VERIFY_SAAS |
JSON | 2023-10-27 View Change |
Nasuni File Services Platform | Data Transfer | NASUNI_FILE_SERVICES |
SYSLOG + JSON | 2022-08-21 View Change |
Phishlabs | Digital Risk Protection | PHISHLABS |
JSON | 2024-03-22 View Change |
Oracle Cloud Infrastructure | Oracle Cloud Infrastructure | ORACLE_CLOUD_AUDIT |
JSON | 2023-10-30 View Change |
Microsoft Graph API Alerts | Gateway to data and intelligence | MICROSOFT_GRAPH_ALERT |
JSON | 2024-04-17 View Change |
Neo4j | Database management system | NEO4J |
JSON | 2023-12-07 View Change |
Trend Micro Deep Security | AV / Endpoint | TRENDMICRO_DEEP_SECURITY |
LEEF + CEF | 2024-04-17 View Change |
SecureAuth | SSO | SECUREAUTH_SSO |
SYSLOG, XML | 2023-07-09 View Change |
HP Aruba (ClearPass) | Identity and Access Management | CLEARPASS |
SYSLOG + KV | 2024-01-11 View Change |
Proofpoint Threat Response | Email Server | PROOFPOINT_TRAP |
SYSLOG | 2023-05-26 View Change |
Windows Event (XML) | AV / Endpoint | WINEVTLOG_XML |
SYSLOG + XML, KV | 2024-04-23 View Change |
VMware ESXi | Hypervisor | VMWARE_ESX |
SYSLOG | 2024-02-07 View Change |
Linux DHCP | DHCP | LINUX_DHCP |
SYSLOG | 2023-11-10 View Change |
Watchguard EDR | EDR | WATCHGUARD_EDR |
JSON | 2024-02-05 View Change |
Ipswitch SFTP | Data Transfer | IPSWITCH_SFTP |
SYSLOG, JSON | 2022-09-05 View Change |
Symantec Web Security Service | Web Proxy | SYMANTEC_WSS |
JSON | 2024-01-23 View Change |
Zix Email Encryption | Email Server | ZIX_EMAIL_ENCRYPTION |
SYSLOG | 2022-11-05 View Change |
Netscout Arbor Sightline | Monitoring | ARBOR_SIGHTLINE |
SYSLOG + JSON | 2024-04-22 View Change |
Ntopng | NDR | NTOPNG |
SYSLOG + JSON | 2024-02-01 View Change |
VeridiumID by Veridium | Authentication Software | VERIDIUM_ID |
Syslog + KV | 2024-04-16 View Change |
Dell OpenManage | Systems Management Application | DELL_OPENMANAGE |
SYSLOG + KV | 2022-07-27 View Change |
Symantec CloudSOC CASB | CASB | SYMANTEC_CASB |
SYSLOG + JSON | 2024-03-19 View Change |
Cisco ACS | Authentication | CISCO_ACS |
SYSLOG + KV | 2023-09-26 View Change |
Lacework Cloud Security | Cloud Security | LACEWORK |
JSON | 2023-11-09 View Change |
Microsoft Sentinel | Microsoft Sentinel | MICROSOFT_SENTINEL |
JSON | 2023-11-03 View Change |
Cisco UCS | OS logs | CISCO_UCS |
SYSLOG | 2022-07-04 View Change |
Netskope CASB | CASB | NETSKOPE_CASB |
JSON | 2024-02-12 View Change |
Cloud Identity Device Users | Google Cloud Specific | GCP_CLOUDIDENTITY_DEVICEUSERS |
JSON | 2022-10-01 View Change |
Microsoft AD FS | LDAP | ADFS |
JSON | 2023-08-18 View Change |
Cisco TACACS+ | Authentication | CISCO_TACACS |
SYSLOG + KV | 2022-08-09 View Change |
Cisco Web Services Manager | CISCO_WSM | CISCO_WSM |
SYSLOG | 2023-10-05 View Change |
Proofpoint Observeit | Email Server | OBSERVEIT |
JSON, KV | 2023-12-15 View Change |
SAP Netweaver | Database | SAP_NETWEAVER |
JSON | 2023-05-03 View Change |
ESET Threat Intelligence | IOC | ESET_IOC |
JSON | 2023-10-05 View Change |
Bluecat DDI | DDI (DNS, DHCP, IPAM) | BLUECAT_DDI |
SYSLOG | 2022-11-08 View Change |
Cloud Run | Google Cloud Specific | GCP_RUN |
JSON | 2024-01-22 View Change |
Kaspersky AV | AV / Endpoint | KASPERSKY_AV |
KV + CEF | 2023-10-13 View Change |
Thales Digital Identity and Security | Digital Identity & Security | THALES_DIS |
SYSLOG | 2022-03-17 |
Snyk Group level audit Logs | Vulnerability Scanners | SNYK_SDLC |
JSON | 2023-04-25 View Change |
McAfee ePolicy Orchestrator | Policy Management | MCAFEE_EPO |
SYSLOG + XML, CSV, KV | 2023-10-15 View Change |
Microsoft Defender For Cloud | Automation and DevOps Tools | MICROSOFT_DEFENDER_CLOUD_ALERTS |
JSON | 2024-02-15 |
CSV Custom IOC | IOC | CSV_CUSTOM_IOC |
CSV | 2024-02-15 View Change |
Sendmail | Email Server | SENDMAIL |
SYSLOG + KV | 2023-09-20 View Change |
VyOS Open Source Router | DHCP | VYOS |
SYSLOG | 2022-10-12 View Change |
GitHub | SaaS Application | GITHUB |
JSON | 2023-12-18 View Change |
F5 Advanced Firewall Management | Firewall | F5_AFM |
SYSLOG + CSV | 2024-04-05 View Change |
OpenCanary | Data Security | OPENCANARY |
SYSLOG + JSON | 2024-03-11 View Change |
Mongo Database | DATABASE | MONGO_DB |
JSON | 2024-04-01 View Change |
Netscout | NETWORK | ARBOR_EDGE_DEFENSE |
SYSLOG + KV | 2023-02-21 View Change |
Anomali | IOC | ANOMALI_IOC |
JSON, CEF | 2024-02-09 View Change |
Dell Switch | Switches, Routers | DELL_SWITCH |
SYSLOG | 2024-04-04 View Change |
Apple macOS | AV / Endpoint | MACOS |
SYSLOG | 2022-05-04 View Change |
CrowdStrike Falcon | EDR | CS_EDR |
JSON | 2024-04-17 View Change |
Avatier Password Management | SaaS Application | AVATIER |
SYSLOG + KV | 2021-08-05 |
Juniper MX Router | Routers and Switches | JUNIPER_MX |
SYSLOG + KV | 2024-04-15 View Change |
Office 365 | SaaS Application | OFFICE_365 |
JSON | 2024-04-24 View Change |
Brocade Switch | Switches | BROCADE_SWITCH |
SYSLOG, CSV | 2024-04-15 View Change |
IBM Safenet | IT infrastructure | IBM_SAFENET |
SYSLOG | 2023-05-24 View Change |
Cisco Wireless IPS | Cisco Wips | CISCO_WIPS |
SYSLOG + KV | 2023-11-17 View Change |
HAProxy | Load balancing | HAPROXY |
SYSLOG | 2023-09-25 View Change |
NXLog Manager | Log Aggregator | NXLOG_MANAGER |
SYSLOG | 2022-01-13 |
Tanium Comply | Tanium Specific | TANIUM_COMPLY |
JSON | 2022-08-18 View Change |
IBM z/OS | OS | IBM_ZOS |
LEEF | 2023-07-25 View Change |
Kisi Access Management | Physical Security | KISI |
JSON | 2023-06-14 View Change |
Workspace ChromeOS Devices | Google Cloud Specific | WORKSPACE_CHROMEOS |
JSON | 2024-04-24 View Change |
Juniper Mist | Network Management and Optimization software | JUNIPER_MIST |
JSON | 2023-02-24 View Change |
Darktrace | NDR | DARKTRACE |
SYSLOG + KV (CEF), SYSLOG + JSON | 2024-04-05 View Change |
Atlassian Confluence | Knowledge base | ATLASSIAN_CONFLUENCE |
SYSLOG, JSON | 2023-11-14 View Change |
LastPass Password Management | Identity and Access Management | LASTPASS |
JSON | 2024-03-22 View Change |
Cisco IronPort | Gateway Security | CISCO_IRONPORT |
SYSLOG + CSV | 2024-02-07 View Change |
Apache Hadoop | open-source software | HADOOP |
SYSLOG + KV | 2023-06-05 View Change |
OSQuery | EDR | OSQUERY_EDR |
SYSLOG + JSON | 2024-05-01 View Change |
AWS VPC Flow | AWS Specific | AWS_VPC_FLOW |
SYSLOG | 2023-04-06 View Change |
IBM WebSEAL | Web server | IBM_WEBSEAL |
JSON, SYSLOG | 2024-01-22 View Change |
MySQL | Database | MYSQL |
SYSLOG | 2021-04-12 |
Cisco Switch | Switches, Routers | CISCO_SWITCH |
SYSLOG | 2023-12-08 View Change |
Gitlab | SAAS | GITLAB |
JSON | 2024-04-08 View Change |
Medigate IoT | IoT | MEDIGATE_IOT |
SYSLOG + JSON | 2024-04-03 View Change |
FileZilla | File tranfser | FILEZILLA_FTP |
SYSLOG | 2022-03-23 View Change |
Tripwire | DLP | TRIPWIRE_FIM |
SYSLOG | 2023-06-21 View Change |
Vectra Detect | NDR | VECTRA_DETECT |
SYSLOG + JSON + CEF | 2024-04-18 View Change |
TeamViewer | Remote Support | TEAMVIEWER |
JSON | 2022-08-02 View Change |
Nokia VitalQIP | DDI (DNS, DHCP, IPAM) | VITALQIP |
SYSLOG | 2022-03-01 |
Samba SMBD | Privileged Account Activity | SMBD |
Syslog | 2023-03-09 View Change |
Juniper | Firewall | JUNIPER_FIREWALL |
SYSLOG + KV + JSON | 2024-01-22 View Change |
STIX Threat Intelligence | Cybersecurity Threats | STIX |
SYSLOG + KV (CEF) | 2024-03-06 View Change |
Trend Micro Vision One | AV and endpoint logs | TRENDMICRO_VISION_ONE |
SYSLOG + KV, CEF | 2023-03-24 View Change |
CrowdStrike Detection Monitoring | EDR | CS_DETECTS |
JSON | 2024-04-02 View Change |
WatchGuard | Syslog and KV | WATCHGUARD |
JSON | 2023-12-03 View Change |
reCAPTCHA Enterprise | Access Management | GCP_RECAPTCHA_ENTERPRISE |
JSON | 2024-02-12 View Change |
Barracuda Web Filter | Webfilter | BARRACUDA_WEBFILTER |
SYSLOG | 2023-07-20 View Change |
Supported log types without a default parser
Google Security Operations SIEM does not provide a default parser for these log types. You can ingest raw logs from these devices using the Google Security Operations SIEM Ingestion API or the Google Security Operations SIEM forwarder. Google Security Operations SIEM will not normalize the data to structured Unified Data Model format.
You can create a custom parser to normalize these logs. You can also search raw logs.
Vendor / Product | Ingestion label |
---|---|
Accops Hysecure VPN | ACCOPS_HYSECURE_VPN |
Acquia Cloud Platform | ACQUIA_CLOUD_PLATFORM |
Acronis Backup | ACRONIS |
Microsoft ActiveSync | ACTIVE_SYNC |
Adaxes | ADAXES |
ManageEngine ADManager Plus | ADMANAGER_PLUS |
Admin by request PAM | ADMIN_BY_REQUEST |
Adobe Commerce | ADOBE_COMMERCE |
Adobe Experience Manager | ADOBE_EXPERIENCE_MANAGER |
ManageEngine ADSelfService Plus | ADSELFSERVICE_PLUS |
ADTRAN NetVanta router | ADTRAN_NETVANTA |
Agari Phishing Defense | AGARI_PHISHING_DEFENSE |
Advanced Intrusion Detection Environment | AIDE |
Extreme Networks AirDefense | AIRDEFENSE |
Air Table | AIR_TABLE |
Akamai Prolexic | AKAMAI_DDOS |
Akamai DHCP | AKAMAI_DHCP |
Akamai Enterprise Threat Protector | AKAMAI_ETP |
Akamai Guardicore | AKAMAI_GUARDICORE |
Akamai SIEM Connector | AKAMAI_SIEM_CONNECTOR |
AlertLogic Notifications | ALERTLOGIC_NOTIFICATIONS |
Alert Enterprise Guardian | ALERT_GUARDIAN |
AliCloud Anti DDos | ALICLOUD_ANTI_DDOS |
AliCloud WAF | ALICLOUD_WAF |
AlienVault Open Threat Exchange | ALIENVAULT_OTX |
Allot NetEnforcer | ALLOT_NETENFORCER |
Alveo Risk Data Management | ALVEO_RDM |
Amavis | AMAVIS |
Analyst1 IOC | ANALYST1_IOC |
Apache Kafka Audit | APACHE_KAFKA_AUDIT |
Apache SpamAssassin | APACHE_SPAMASSASSIN |
APC Automatic Transfer Switch | APC_ATS |
APC Netbotz | APC_NETBOTZ |
APC Power Distribution Unit | APC_PDU |
APC Smart-UPS | APC_SMART_UPS |
APC StruxureWare Portal | APC_STRUXUREWARE |
Apiiro Cloud Application Security Platform | APIIRO |
Appgate Software-defined Perimeter | APPGATE_SDP |
Appian Cloud | APPIAN_CLOUD |
AppViewX | APPVIEWX |
Aptos Enterprise Order Management | APTOS_EOM |
Argo CD | ARGO_CD |
Argo Workflows | ARGO_WORKFLOWS |
Arista Guardian For Network Identity | ARISTA_AGNI |
Arista CloudVision Portal | ARISTA_CVP |
Arista NDR | ARISTA_NDR |
Arkime Packet Capture | ARKIME_PCAP |
Armis | ARMIS |
Armorblox Email Security | ARMORBLOX_ESC |
Armor Anywhere | ARMOR_ANYWHERE |
Array Networks SSL VPN | ARRAYNETWORKS_VPN |
Array Networks WAF | ARRAY_NETWORKS_WAF |
HPE Aruba Networking Central | ARUBA_CENTRAL |
Aruba Orchestrator | ARUBA_ORCHESTRATOR |
Aruba Switches | ARUBA_SWT |
Arxan Threat Analytics | ARXAN_THREAT_ANALYTICS |
Asana | ASANA |
Ascertia | ASCERTIA |
Asimily | ASIMILY |
AssetNote | ASSETNOTE |
Atlassian Cloud Admin Audit | ATLASSIAN_AUDIT |
Atlassian Beacon | ATLASSIAN_BEACON |
Atlassian Jira Confluence Json | ATLASSIAN_CONFLUENCE_JSON |
Atlassian Jira Json | ATLASSIAN_JIRA_JSON |
AT&T Netbond | ATT_NETBOND |
Authentic8 Silo | AUTHENTIC8_SILO |
Authx Identity Management | AUTHX |
Authx User Context | AUTHX_USER_CONTEXT |
Automox | AUTOMOX_EPM |
Avast Business | AVAST_HUB |
Avaya Session Border Controller | AVAYA_BORDER |
Avaya Interactive Voice Response | AVAYA_IVR |
Avaya VSP Switch | AVAYA_VSP |
Avaya Wireless | AVAYA_WIRELESS |
Aviatrix Cloud Network Platform | AVIATRIX |
AWS Dynamo DB | AWS_DYNAMO_DB |
Amazon ElastiCache | AWS_ELASTI_CACHE |
Amazon FSx for Windows File Server | AWS_FSX |
AWS Inspector | AWS_INSPECTOR |
AWS Inspector2 | AWS_INSPECTOR2 |
AWS NGINX | AWS_NGINX |
AWS Redshift | AWS_REDSHIFT |
AWS Simple Email Service | AWS_SES |
AWS Shield | AWS_SHIELD |
AWS VPN | AWS_VPN |
Axis Atmos | AXIS_ATMOS |
Axis Security Audit | AXIS_OS |
Axonius Cybersecurity Asset Management | AXONIUS |
Microsoft Azure | AZURE |
Azure AD Password Protection | AZURE_AD_PASSWORD_PROTECTION |
Azure AD Provisioning | AZURE_AD_PROVISIONING |
Azure AD Sign-In | AZURE_AD_SIGNIN |
Azure API Management | AZURE_API_MANAGEMENT |
Azure ATP | AZURE_ATP |
Azure Bastion | AZURE_BASTION |
Azure DNS logs | AZURE_DNS |
Azure Front Door | AZURE_FRONT_DOOR |
Microsoft Intune Context | AZURE_MDM_INTUNE_CONTEXT |
Azure Security Center | AZURE_SECURITY_CENTER |
Babelforce | BABELFORCE |
Backbox | BACKBOX |
OneIdentity Balabit | BALABIT |
BambooHR | BAMBOO_HR |
Banner dd | BANNER_DD |
Barracuda CloudGen Access | BARRACUDA_CLOUDGEN_ACCESS |
Barracuda CloudGen Firewall | BARRACUDA_CLOUDGEN_FIREWALL |
Barracuda Impersonation Protection | BARRACUDA_IMPERSONATION |
Barracuda Content Shield | BARRACUDA_SHIELD |
Bettercloud | BETTERCLOUD |
BetterStack Uptime | BETTERSTACK_UPTIME |
BeyondTrust BeyondInsight | BEYONDTRUST_BEYONDINSIGHT |
BeyondTrust Cloud Privilege Broker | BEYONDTRUST_CPB |
BeyondTrust Management console | BEYONDTRUST_MC |
Beyond Identity | BEYOND_IDENTITY |
Bitvise SSHd | BITVISE_SSHD |
Blackberry Workspaces | BLACKBERRY_WORKSPACES |
BloodHound | BLOODHOUND |
Bluecat Address Manager | BLUECAT_AM |
Blue Prism | BLUE_PRISM |
BMC AMI Defender | BMC_AMI_DEFENDER |
BMC Client Management | BMC_CLIENT_MANAGEMENT |
BMC Control-M | BMC_CONTROL_M |
Core Privileged Access Manager (BoKS) | BOKS |
Bricata NDR | BRICATA_NDR |
Britive Audit API | BRITIVE_AUDIT_API |
BRIVO | BRIVO |
CA Privileged Access Manager | BROADCOM_CA_PAM |
Broadcom Compliance Event Manager | BROADCOM_CEM |
Broadcom Support Portal Audit Logs | BROADCOM_SUPPORT_PORTAL |
Brocade Fabric OS | BROCADE_FOS |
Brocade SANnav Management Portal | BROCADE_SANNAV |
Zeek DHCP | BRO_DHCP |
Zeek HTTP | BRO_HTTP |
BT IPControl | BT_IPCONTROL |
Burpsuite Application Security testing tool | BURPSUITE |
Cameyo Bring Your Own Cloud | CAMEYO_BYO_CLOUD |
Canary Audit Trail | CANARY_AUDIT_TRAIL |
CATO SD-WAN | CATO_SDWAN |
Censornet CASB | CENSORNET_CASB |
Cequence Bot Defense | CEQUENCE_BOT_DEFENSE |
Cerberus FTP Server | CERBERUS_FTP |
Check Point CloudGuard | CHECKPOINT_CLOUDGUARD |
Check Point Email | CHECKPOINT_EMAIL |
Checkpoint Gaia | CHECKPOINT_GAIA |
Checkpoint SmartDefense | CHECKPOINT_SMARTDEFENSE |
Cilium | CILIUM |
CipherTrust Manager | CIPHERTRUST_MANAGER |
Cisco Aironet | CISCO_AIRONET |
Cisco APIC | CISCO_APIC |
Cisco Call Manager | CISCO_CALL_MANAGER |
Cisco Cyber Vision | CISCO_CYBER_VISION |
Cisco DNS | CISCO_DNS |
Cisco EStreamer | CISCO_ESTREAMER |
Cisco Meraki Camera | CISCO_MERAKI_CAMERA |
Cisco vManage SD-WAN | CISCO_SDWAN |
Cisco Secure Access | CISCO_SECURE_ACCESS |
Cisco Secure Malware Analytics | CISCO_SECURE_MALWARE_ANALYTICS |
Cisco Content Security Management Appliance | CISCO_SMA |
Cisco SNMP Trapd | CISCO_SNMP |
Cisco Unity Connection | CISCO_UNITY_CONNECTION |
Cisco WSA | CISCO_WSA |
CiscoXDR | CISCO_XDR |
Citrix Analytics | CITRIX_ANALYTICS |
Citrix Netscaler Web Logs | CITRIX_NETSCALER_WEB_LOGS |
Citrix SD-WAN | CITRIX_SDWAN |
Citrix Session Metadata | CITRIX_SESSION_METADATA |
Citrix Virtual Desktop Infrastructure | CITRIX_VDI |
Citrix WAF | CITRIX_WAF |
Citrix Web Gateway | CITRIX_WEB_GATEWAY |
Citrix Workspace | CITRIX_WORKSPACE |
Citrix XenCenter | CITRIX_XENCENTER |
Claroty Continuous Threat Detection | CLAROTY_CTD |
Claroty Xdome | CLAROTY_XDOME |
Cleafy | CLEAFY |
Clear Bank Portal Audit | CLEARBANK_PORTAL |
Clearsense Healthcare Analytics | CLEARSENSE |
Click Studios Passwordstate | CLICK_STUDIOS_PASSWORDSTATE |
Cloudaware | CLOUDAWARE |
CloudBees | CLOUDBEES |
CloudBolt | CLOUDBOLT |
Cloudflare Bot Management | CLOUDFLARE_BOT_MANAGEMENT |
Cloud Passage (CSM) | CLOUDPASSAGE_CSM |
Cloud Passage (FIM) | CLOUDPASSAGE_FIM |
Cloud Passage (LIDS) | CLOUDPASSAGE_LIDS |
Cloud Passage (SVM) | CLOUDPASSAGE_SVM |
cmd.com | CMD |
Coalition Control API | COALITION |
Cockroach DB | COCKROACH_DB |
Code42 CrashPlan | CODE42 |
Code42 Incydr | CODE42_INCYDR |
Code Worldwide | CODE_WORLDWIDE |
Cofense Vision | COFENSE_VISION |
Cohesity | COHESITY |
Cohesity Helios | COHESITY_HELIOS |
Cohesity Smartfiles | COHESITY_SMARTFILES |
Comforte SecurDPS | COMFORTE_SECURDPS |
Commvault Metallic | COMMVAULT_METALLIC |
Confluent Audit | CONFLUENT_AUDIT |
ConnectWise Automate | CONNECTWISE_AUTOMATE |
ConnectWise Control | CONNECTWISE_CONTROL |
Control Plane | CONTROL_PLANE |
Corrata | CORRATA |
Cradlepoint NetCloud | CRADLEPOINT_NETCLOUD |
Cribl AppScope | CRIBL_APPSCOPE |
Cribl Cloud | CRIBL_CLOUD |
Cribl Edge | CRIBL_EDGE |
Cribl Search | CRIBL_SEARCH |
Cribl Stream | CRIBL_STREAM |
ProLion CryptoSpike | CRYPTOSPIKE |
CSG Custom Rules Engine | CSG_CUSTOMENGINE |
CSG Singleview | CSG_SINGLEVIEW |
CSV Custom CMDB | CSV_CUSTOM_CMDB |
CrowdStrike Falcon CEF | CS_CEF_EDR |
Crowdstrike Identity Protection Services | CS_IDP |
CTERA Drive | CTERA_DRIVE |
Cubist Audit | CUBIST_AUDIT |
Culture AI | CULTURE_AI |
Customer Alerts | CUSTOMER_ALERT |
Custom Host Forensics | CUSTOM_HOST_FORENSICS |
CyberArk Privileged Access Manager (PAM) | CYBERARK_PAM |
CyberArk Identity Single Sign-On | CYBERARK_SSO |
Connectsecure | CYBERCNS |
Cyberhaven Data Detection and Response | CYBERHAVEN_DDR |
Cyberhaven | CYBERHAVEN_EVENTS |
Cyberint | CYBERINT |
Cyber 2.0 IDS | CYBER_2_IDS |
Cycode Platform | CYCODE |
Insider threat detection and response | CYDERES_INSIDER |
Cyderes IOC | CYDERES_IOC |
Cylance | CYLANCE |
Cylera IOT | CYLERA_IOT |
Cymulate | CYMULATE |
Cynet 360 AutoXDR | CYNET_360_AUTOXDR |
Cyolo Zero Trust | CYOLO_ZTNA |
C Zentrix | C_ZENTRIX |
D3 Security | D3_SECURITY |
Databricks | DATABRICKS |
Dataiku DSS Logging | DATAIKU_DSS_LOGS |
DataLocker SafeConsole | DATALOCKER_SAFECONSOLE |
Datalust | DATALUST |
Datasunrise Dam | DATASUNRISE_DAM |
Datawatch | DATAWATCH |
DealCloud | DEAL_CLOUD |
Deepfence Network Monitoring | DEEPFENCE |
DefectDojo | DEFECTDOJO |
Delinea Privilege Manager | DELINEA_PRIVILEGE_MANAGER |
Delinea Secret Server | DELINEA_SECRET_SERVER |
Delinea Server Suite | DELINEA_SERVER_SUITE |
Dell Compellent | DELL_COMPELLENT |
Dell Cyber Recovery Manager | DELL_CRM |
Dell CyberSense | DELL_CYBERSENSE |
Dell EMC Avamar | DELL_EMC_AVAMAR |
Dell EMC Cloudlink | DELL_EMC_CLOUDLINK |
Dell EMC PowerStore | DELL_EMC_POWERSTORE |
Dell EMC Unity | DELL_EMC_UNITY |
Dell SonicWALL WAF | DELL_WAF |
Design Profit Central Server | DESIGN_PROFIT_CENTRAL_SERVER |
Device 42 | DEVICE_42 |
Devolutions Remote Desktop Manager | DEVOLUTIONS_RDM |
Divvy Cloud | DIVVY_CLOUD |
Dmarcian | DMARCIAN |
Docker | DOCKER |
DocuSign | DOCUSIGN |
DOMO Business Cloud | DOMO |
Dragos | DRAGOS |
Draytek Firewall | DRAYTEK |
Dremio Data Lakehouse | DREMIO_DATA_LAKEHOUSE |
Dropbox | DROPBOX |
Drupal Logging | DRUPAL |
Druva Backup | DRUVA_BACKUP |
DSP Toolkit audit | DSP_AUDIT |
Dtex Intercept | DTEX_INTERCEPT |
Duo Activity Logs | DUO_ACTIVITY |
Duo Access Gateway | DUO_CASB |
Duo Network Gateway | DUO_NETWORK_GATEWAY |
Duo Trust Monitor | DUO_TRUST_MONITOR |
Dynatrace | DYNATRACE |
E2 Guardian | E2_GUARDIAN |
CWT SatoTravel | E2_SOLUTIONS |
Eaton UPS | EATON_UPS |
eCAR | ECAR |
eCAR Bro | ECAR_BRO |
Edgecore Networks | EDGECORE_NETWORKS |
Edgio CDN | EDGIO_CDN |
Edgio Rate Limiting | EDGIO_RL |
Edgio WAF | EDGIO_WAF |
Efax | EFAX |
Egnyte | EGNYTE |
Egress Defend | EGRESS_DEFEND |
Egress Prevent | EGRESS_PREVENT |
EclecticIQ EDR | EIQ_EDR |
Elastic File Beats | ELASTIC_FILEBEAT |
Elastic Metric Beats | ELASTIC_METRICBEAT |
Emerson Smart Firewall | EMERSON_FIREWALL |
Emsisoft AntiVirus | EMSISOFT_ANTIVIRUS |
Endgame | ENDGAME_EDR |
Ensono Cloud Mainframe Solution | ENSONO |
Entrust nShield HSM | ENTRUST_HSM |
Entrust NTP Server | ENTRUST_NTP_SERVER |
Entrust Secrets Vault | ENTRUST_SECRETS_VAULT |
Erlang Shell Logs | ERLANG_SHELL |
Ermes Web Protection | ERMES |
Ermetic | ERMETIC |
E-Share platform | ESHARE_PLATFORM |
Estar | ESTAR |
ETQ Reliance | ETQ_RELIANCE |
Evidos Firewall | EVIDOS_FIREWALL |
Exabeam Fusion XDR | EXABEAM_FUSION_XDR |
ExtraHop DHCP | EXTRAHOP_DHCP |
ExtremeWare Operating System (OS) | EXTREMEWARE_NETWORKS |
xtreme Networks ExtremeControl NAC Solution | EXTREME_CONTROL |
Extreme Management Center | EXTREME_MANAGEMENT |
EzProxy | EZPROXY |
F5 Bot | F5_BOT |
F5 Distributed Cloud Services | F5_DCS |
F5 IP Intelligence | F5_IP_INTELLIGENCE |
F5 Silverline | F5_SILVERLINE |
F5 System Logs | F5_SYSTEM_LOGS |
Fail2Ban Scan | FAIL2BAN |
Farsight DNSDB | FARSIGHT_DNSDB |
Fastly CDN | FASTLY_CDN |
Feenics Access Control | FEENICS_ACCESS_CONTROL |
Fidelis Endpoint | FIDELIS_ENDPOINT |
FileMage SFTP | FILEMAGE_SFTP |
Firebase | FIREBASE |
FireEye CMS | FIREEYE_CMS |
FireEye eMPS | FIREEYE_EMPS |
FireEye Helix | FIREEYE_HELIX |
FireMon Firewall | FIREMON_FIREWALL |
Fisglobal Quantum | FISGLOBAL_QUANTUM |
Fivetran | FIVETRAN |
Flashpoint IOC | FLASHPOINT_IOC |
Fleet DM | FLEET_DM |
Forcepoint Email Security | FORCEPOINT_EMAILSECURITY |
Forcepoint Insider Threat | FORCEPOINT_FIT |
Forcepoint Mail Relay | FORCEPOINT_MAIL_RELAY |
Forcepoint V Series | FORCEPOINT_VSERIES |
Fortanix Data Security Manager | FORTANIX_DSM |
Fortinet Wireless Access Point | FORTINET_AP |
Fortinet FortiAuthenticator | FORTINET_FORTIAUTHENTICATOR |
Fortinet FortiSandbox | FORTINET_SANDBOX |
Fortinet Switch | FORTINET_SWITCH |
Fortinet Proxy | FORTINET_WEBPROXY |
Foundry Fastiron | FOUNDRY_FASTIRON |
Fox-IT | FOX_IT_STIX |
FreeIPA | FREEIPA |
FreeRADIUS | FREERADIUS |
Digital Defense Frontline VM | FRONTLINE_VM |
FS-ISAC IOC | FS_ISAC_IOC |
Futurex HSM | FUTUREX_HSM |
Artifact Registry | GCP_ARTIFACT_REGISTRY |
Google Kubernetes Container Security | GCP_KUBERNETES_CONTAINER_SECURITY |
Threat Detection | GCP_THREAT_DETECTION |
Genetec Audit | GENETEC_AUDIT |
Gigamon | GIGAMON |
Gigya CIAM | GIGYA_CIAM |
GitGuardian Enterprise | GITGUARDIAN_ENTERPRISE |
GitHub Events | GITHUB_EVENTS |
Glean | GLEAN |
Globalscape SFTP | GLOBALSCAPE_SFTP |
GlusterFS | GLUSTER_FS |
GMV Checker User Context | GMV_CHECKER_CONTEXT |
GoAnywhere MFT | GOANYWHERE_MFT |
GoDaddy DNS | GODADDY_DNS |
GoldiLock | GOLDILOCK |
Google Ads | GOOGLE_ADS |
GrayhatWarfare | GRAYHATWARFARE |
Graylog Operations | GRAYLOG |
GreatHorn Email Security | GREATHORN |
GreyNoise | GREYNOISE |
GTB Technologies DLP | GTB_DLP |
Gurucul Risk Analytics | GURUCUL |
H3C Comware Platform Switch | H3C_SWITCH |
Halcyon Anti Ransomware | HALCYON |
Halo | HALO |
HaProxy LoadBalancer | HAPROXY_LOADBALANCER |
Harbor | HARBOR |
Harfanglab EDR | HARFANGLAB_EDR |
HiBob | HIBOB |
HaveIBeenPwned | HIBP |
Hirschmann Switch | HIRSCHMANN_SWITCH |
Hitachi PAM | HITACHI_ID_PAM |
Hornet Email Security | HORNET_SECURITY |
Hewlett Packard Enterprise SAN | HPE_SAN |
HPE Oneview | HP_ONEVIEW |
HP Poly | HP_POLY |
HP Printer logs | HP_PRINTER |
HP Wolf Pro Security | HP_WOLF |
Huawei CloudEngine | HUAWEI_CLOUDENGINE |
Huawei NAC | HUAWEI_NAC |
HubSpot Activity Logs | HUBSPOT_ACTIVITY |
HubSpot CRM Platform | HUBSPOT_CRM |
HubSpot Authentication Logs | HUBSPOT_LOGIN |
3Com 8800 Series Switch | IBM_3COM |
IBM Cleversafe Object Storage | IBM_CLEVERSAFE |
IBM KNS | IBM_KNS |
IBM MaaS360 | IBM_MAAS360 |
IBM MQ File Transfer | IBM_MQ_FILE_TRANSFER |
IBM Security QRadar SOAR | IBM_SOAR |
IBM Spectrum Protect | IBM_SPECTRUM_PROTECT |
IBM Switch | IBM_SWITCH |
IBM Tririga | IBM_TRIRIGA |
IBM WinCollect | IBM_WINCOLLECT |
IBM zSecure Alert | IBM_ZSECURE_ALERT |
Idecsi | IDECSI |
Dell iDRAC | IDRAC |
ImageNow | IMAGENOW |
iManage Cloud Platform | IMANAGE_CLOUD |
Imperva Audit Trail | IMPERVA_AUDIT_TRAIL |
Imperva Sonar | IMPERVA_SONAR |
Imprivata Confirm ID | IMPRIVATA_CONFIRM_ID |
Imprivata Identity Governance | IMPRIVATA_IDG |
Imprivata OneSign | IMPRIVATA_ONESIGN |
INFINICO NetWyvern Series Appliance | INFINICO_NETWYVERN |
Infinidat | INFINIDAT |
Infoblox Loadbalancer | INFOBLOX_LOADBALANCER |
Infoblox NetMRI | INFOBLOX_NETMRI |
INKY Secure Email | INKY |
Intruder.IO | INTRUDER_IO |
inWebo MFA | INWEBO_MFA |
Ipswitch MOVEit Automation | IPSWITCH_MOVEIT_AUTOMATION |
Ironscales | IRONSCALES |
Ivanti Application Control | IVANTI_APP_CONTROL |
Ivanti Connect Secure | IVANTI_CONNECT_SECURE |
Ivanti Device Control | IVANTI_DEVICE_CONTROL |
ISM Xtraction | IVANTI_XTRACTION |
Jamf Compliance Reporter | JAMF_COMPLIANCE_REPORTER |
Jamf Protect Network Traffic | JAMF_NETWORK_TRAFFIC |
JAMF Pro | JAMF_PRO |
Jamf pro context | JAMF_PRO_CONTEXT |
Jamf Pro MDM | JAMF_PRO_MDM |
Jamf Protect Threat Events | JAMF_THREAT_EVENTS |
IBM JDE | JDE |
Journald | JOURNALD |
JumpCloud Directory as a Service | JUMPCLOUD_DAAS |
JumpCloud Desktop | JUMPCLOUD_DESKTOP |
Juniper Secure Connect VPN | JUNIPER_VPN |
Jupiter One | JUPITER_ONE |
KACE Service Desk | KACE_SERVICE_DESK |
KACE Systems Management Appliance | KACE_SMA |
Kamailio | KAMAILIO |
Kandji | KANDJI |
Kaseya IT Management | KASEYA |
Kaspersky Endpoint | KASPERSKY_ENDPOINT |
Keepalived Routing software | KEEPALIVED |
Keeper Enterprise Security | KEEPER |
Keycloak | KEYCLOAK |
Keyfactor | KEYFACTOR |
Keysight Packet Brokers | KEYSIGHT |
Kibana audit logs | KIBANA |
Kion | KION |
KnowBe4 PhishER | KNOWBE4_PHISHER |
Kustomer CRM | KUSTOMER_CRM |
Kyverno | KYVERNO |
Lansweeper Asset Management | LANSWEEPER |
LaunchDarkly | LAUNCH_DARKLY |
LOAD_BALANCER_ADC | LB_ADC |
LeanIX Enterprise | LEANIX |
Leanix CMDB | LEANIX_CMDB |
Lepide | LEPIDE |
Lexmark Printer logs | LEXMARK_PRINTER |
Liaison NuBridges Platform | LIAISON_NUBRIDGES |
Libraesva Email Security | LIBRAESVA_EMAIL |
Lira | LIRA |
Logic Monitor | LOGICMONITOR |
Looker Audit | LOOKER_AUDIT |
LookingGlass Aenoik IDPS | LOOKINGGLASS_IPS |
Looking Glass | LOOKING_GLASS_IOC |
LSI Badge Management System | LSI_BMS |
Lucid | LUCID |
Lumen DDoS Hyper | LUMEN_DDOS_HYPER |
Lumeta Spectre | LUMETA |
Lumos | LUMOS |
Lenovo XClarity Orchestrator | LXC_ORCHESTRATOR |
MailScanner | MAILSCANNER |
Malwarebytes | MALWAREBYTES_EDR |
Mambu | MAMBU |
Manage Engine Endpoint | MANAGEENGINE_ENDPOINT |
ManageEngine Remote Access Plus | MANAGEENGINE_RAP |
ManageEngine Asset Explorer | MANAGE_ENGINE_ASSET_EXPLR |
ManageEngine Endpoint Central | MANAGE_ENGINE_ENDPT_CNTRL |
ManageEngine PAM360 | MANAGE_ENGINE_PAM360 |
ManageEngine Password Manager Pro | MANAGE_ENGINE_PASSWORD_MANAGER |
Mandiant Attack Surface Management Entity | MANDIANT_ASM_ENTITY |
Mandiant Attack Surface Management Discovered Issue | MANDIANT_ASM_ISSUE |
Mandiant Attack Surface Management Technology | MANDIANT_ASM_TECHNOLOGY |
Mandiant Digital Threat Monitoring | MANDIANT_DTM_ALERTS |
Mango Apps | MANGOAPPS |
Manhattan Warehouse Management System | MANHATTAN_WMS |
Maria Database | MARIA_DB |
Material Security | MATERIAL_SECURITY |
Matrix Frontier Badge Management | MATRIX_FRONTIER |
McAfee Application Control | MCAFEE_APP_CONTROL |
McAfee Advanced Threat Defense | MCAFEE_ATD |
McAfee MVISION EDR | MCAFEE_EDR |
McAfee Solid Core | MCAFEE_SOLID_CORE |
Medigate CMDB | MEDIGATE_CMDB |
Melissa | MELISSA |
Mend IO | MEND_IO |
Meta Marketing | META_MARKETING |
Miasma SecretScanner | MIASMA_SECRETSCANNER |
MicroSemi NTP | MICROSEMI_NTP |
Microsoft Ads | MICROSOFT_ADS |
Microsoft CASB Files & Entities | MICROSOFT_CASB_CONTEXT |
Microsoft Dynamics 365 User Activity | MICROSOFT_DYNAMICS_365 |
Microsoft Defender External Attack Surface Management | MICROSOFT_EASM |
Microsoft Identity Protection | MICROSOFT_IDENTITY_PROTECTION |
Microsoft Netlogon | MICROSOFT_NETLOGON |
Power BI Activity Log | MICROSOFT_POWERBI_ACTIVITY_LOG |
Microsoft Purview | MICROSOFT_PURVIEW |
Microsoft Azure AD Risk Detections | MICROSOFT_RISK_DETECTIONS |
Microsoft Security Actions | MICROSOFT_SECURITY_ACTIONS |
Microsoft Security Advisories Alerts | MICROSOFT_SECURITY_ALERTS |
Microsoft SSTP VPN | MICROSOFT_SSTP |
Microsoft Threat Indicators | MICROSOFT_THREAT_INDICATORS |
Mikrotik Router | MIKROTIK_ROUTER |
Mimecast Attachment Logs | MIMECAST_ATTACHMENT_LOGS |
Mimecast Audit Logs | MIMECAST_AUDIT_LOGS |
Mimecast DLP Logs | MIMECAST_DLP_LOGS |
Mimecast impersonation Logs | MIMECAST_IMPERSONATION_LOGS |
Mimecast URL Logs | MIMECAST_URL_LOGS |
Mimecast Web Security | MIMECAST_WEBPROXY |
Minerva AV | MINERVA_AV |
Mirth OnPrem Appliances NextGen | MIRTH_NEXTGEN |
Mitel Communications Director | MITEL_MCD |
Mode Analytics | MODE_ANALYTICS |
ModSecurity | MODSECURITY |
Monday | MONDAY |
Mongo Atlas Audit | MONGO_ATLAS_AUDIT |
Mosyle | MOSYLE |
Mulesoft | MULESOFT |
Multicom Switch | MULTICOM_SWITCH |
MultiPay | MULTIPAY |
Nagios Infrastructure Monitoring | NAGIOS |
NCC Scout Suite | NCC_SCOUTSUITE |
NCR Digital Insight FSG | NCR_DIGITAL_INSIGHT_FSG |
NCR Digital Insight Global Logging | NCR_DIGITAL_INSIGHT_GL |
Nessus | NESSUS |
Netapp Storagegrid | NETAPP_STORAGEGRID |
NetBrain | NETBRAIN |
NetDisco | NETDISCO |
NetDocuments Solutions | NETDOCUMENTS |
Netenrich Entity Behaviour | NETENRICH_ENTITY_BEHAVIOR |
Netenrich Entity Context | NETENRICH_ENTITY_CONTEXT |
Netgear Switch | NETGEAR_SWITCH |
NetIQ Access Manager | NETIQ_ACCESS_MANAGER |
Netmotion | NETMOTION |
Netscope Client | NETSKOPE_CLIENT |
Netsurion ProtectWise | NETSURION_PROTECTWISE |
Netwrix | NETWRIX |
Netwrix Activity Monitor | NETWRIX_ACTIVITY_MONITOR |
Netwrix Stealth Intercept | NETWRIX_STEALTH_INTERCEPT |
Netwrix Threat Manager | NETWRIX_THREAT_MANAGER |
Neustar SiteProtect | NEUSTAR_SITEPROTECT |
New Relic Platform | NEW_RELIC |
Nextcloud Hub | NEXTCLOUD_HUB |
Nextthink Finder | NEXTTHINK_FINDER |
Nexus Sonatype | NEXUS_SONATYPE |
Ne Silent Log | NE_SILENT_LOG |
Ninja One | NINJAONE |
NIST National Vulnerability Database | NIST_NVD |
NNT File Integrity monitoring | NNT_FIM |
Noname API Security | NONAME_API_SECURITY |
NordLayer VPN | NORD_LAYER |
Nortel Contivity VPN Switch | NORTEL_SWITCH |
Nozomi Networks Scada Guardian | NOZOMI_GUARDIAN |
Nucleus Vulnerability Scan Delta | NUCLEUS_VULNERABILITY_DELTA |
Nutanix Frame | NUTANIX_FRAME |
Nxlog Agent | NXLOG_AGENT |
Nxlog Fim | NXLOG_FIM |
Obsidian | OBSIDIAN |
Okta RADIUS | OKTA_RADIUS |
OnBase CMS | ONBASE_CMS |
One Identity Active Role Service | ONEIDENTITY_ARS |
One Identity Change Auditor | ONEIDENTITY_CHANGE_AUDITOR |
One Identity Defender | ONEIDENTITY_DEFENDER |
One Identity TPAM | ONEIDENTITY_TPAM |
OneLogin User Context | ONELOGIN_USER_CONTEXT |
1Password Audit Events | ONEPASSWORD_AUDIT_EVENTS |
Opentelemetry | OPENTELEMETRY |
OpenText Fax2Mail | OPENTEXT_FAX2MAIL |
OpenVAS | OPENVAS |
Opswat Kiosk | OPSWAT_KIOSK |
Opswat Metadefender | OPSWAT_METADEFENDER |
Opus Codec | OPUS |
Oracle Fusion | ORACLE_FUSION |
Oracle HCM Human resources platform solution | ORACLE_HCM |
Oracle NetSuite | ORACLE_NETSUITE |
Oracle SSO Audit Logging | ORACLE_SSO_AUDIT |
Oracle WebLogic Server | ORACLE_WEBLOGIC |
Orca Cloud Security Platform | ORCA |
Oscar Claims | OSCAR_CLAIMS |
Open Source Intelligence | OSINT_IOC |
Osirium PAM | OSIRIUM_PAM |
Outpost24 | OUTPOST24 |
Packetlight Dwdm | PACKETLIGHT_DWDM |
Packet Viper | PACKET_VIPER |
PACOM Systems | PACOM_SYSTEMS |
PAGELY | PAGELY |
PagerDuty | PAGERDUTY |
Pagerduty Audit | PAGERDUTY_AUDIT |
Palantir | PALANTIR |
Palo Alto DNS Security | PAN_DNS_SECURITY |
Palo Alto Networks Global Protect | PAN_GLOBAL_PROTECT |
Palo Alto Networks IoT Security | PAN_IOT |
Palo Alto Cortex XDR Management Audit | PAN_XDR_MGMT_AUDIT |
Palo Alto Networks XSOAR Audit | PAN_XSOAR |
PaperCut Printing Management System | PAPER_CUT |
Passfort | PASSFORT |
Passwordstate | PASSWORDSTATE |
Paxton Access Control Systems | PAXTON_ACS |
SSL pcap | PCAP_SSL_CLIENT_HELLO |
Pega Automation | PEGA |
Pentera | PENTERA |
Pentera ASV | PENTERA_ASV |
Pentera Leef | PENTERA_LEEF |
PeopleSoft | PEOPLESOFT |
Peplink Loadbalancer | PEPLINK_LOADBALANCER |
Peplink Router | PEPLINK_ROUTER |
Peplink Switch | PEPLINK_SWITCH |
Perimeter 81 | PERIMETER_81 |
Domain Tools Phisheye | PHISHEYE_ALERT |
Pingsafe | PINGSAFE |
Ping Access | PING_ACCESS |
PingIdentity Directory Server Logs | PING_DIRECTORY |
Ping One | PING_ONE |
Ping SDK | PING_SDK |
Plaso Super Timeline | PLASO |
Plixer Scrutinizer | PLIXER_SCRUTINIZER |
Pomerium | POMERIUM |
Portnix Audit | PORTNOX_AUDIT |
Portnix CEF | PORTNOX_CEF |
PostgreSQL | POSTGRESQL |
MS PowerShell Transcript | POWERSHELL_TRANSCRIPT |
Power DNS | POWER_DNS |
Preveil Enterprise | PREVEIL_ENTERPRISE |
Prisma SD-WAN | PRISMA_SD_WAN |
ProofID | PROOFID |
Proofpoint CASB | PROOFPOINT_CASB |
Proofpoint DLP | PROOFPOINT_DLP |
Proofpoint Meta | PROOFPOINT_META |
Proofpoint Secure Share | PROOFPOINT_SECURE_SHARE |
Proofpoint Security Awareness Training | PROOFPOINT_SECURITY_AWARENESS_TRAINING |
Protegrity Defiance | PROTEGRITY_DEFIANCE |
Honeywell Pro-Watch | PROWATCH |
ProxMax | PROXMAX |
PRTG Network Monitor | PRTG_NETWORKMONITOR |
Puppet | PUPPET |
Pure Storage | PURE_STORAGE |
QLIK Audit | QLIK_AUDIT |
QNAP Systems NAS | QNAP_NAS |
Qualys User Activity | QUALYS_ACTIVITY |
Qualys Knowledgebase | QUALYS_KNOWLEDGEBASE |
Quest CA Audit | QUEST_CA_AUDIT |
Qumulo FS | QUMULO_FS |
Rabbit MQ | RABBITMQ |
RadiFlow IDS | RADIFLOW_IDS |
RSA RADIUS | RADIUS |
Radware Alteon | RADWARE_ALTEON |
Radware DDoS Protection | RADWARE_DDOS |
RAD ETX | RAD_ETX |
Rapid7 Security Onion | RAPID7_SECURITY_ONION |
Raritan Dominion SX II | RARITAN_DOMINION |
RealiteQ | REALITEQ |
Red Canary Cloud Protection | REDCANARY_CLOUD_PROTECTION_RAW |
Red Hat Identity Management | REDHAT_IM |
Redhat Jboss | REDHAT_JBOSS |
Red Hat Keycloak | REDHAT_KEYCLOAK |
RedHat Satellite Server | REDHAT_SATELLITE |
RedHat StackRox | REDHAT_STACKROX |
Redis | REDIS |
Ribbon Session Border Controller | RIBBON_SBC |
Ring Central | RING_CENTRAL |
RiskIQ Digital Footprint | RISKIQ_DIGITAL_FOOTPRINT |
Rubrik Polaris | RUBRIK_POLARIS |
Rumble Network Discovery | RUMBLE_NETWORK_DISCOVERY |
SafeBreach | SAFEBREACH |
SafeConnect NAC | SAFECONNECT_NAC |
SailPoint IdentityIQ | SAILPOINT_IIQ |
Salesforce Commerce Cloud | SALESFORCE_COMMERCE_CLOUD |
Salesforce Context | SALESFORCE_CONTEXT |
SAP Cloud for Customer | SAP_C4C |
SAP HANA | SAP_HANA |
SAP Identity Management | SAP_IDM |
SAP Insurance | SAP_INSURANCE |
Scality Ring Audit | SCALITY_RING_AUDIT |
Microsoft System Center Configuration Manager | SCCM |
Secberus Cloud Security Governance | SECBERUS |
SecurityScorecard Platform | SECURITYSCORECARD |
Semperis ADFR | SEMPERIS_ADFR |
Sendgrid Api | SENDGRID |
Sendsafely | SENDSAFELY |
Senhasegura PAM | SENHASEGURA_PAM |
Sentinelone Activity | SENTINELONE_ACTIVITY |
Sentrigo | SENTRIGO |
Serpico | SERPICO |
ServiceNow Audit | SERVICENOW_AUDIT |
ServiceNow Roles | SERVICENOW_ROLES |
Sevco Security CMDB | SEVCO_CMDB |
Microsoft SharePoint | SHAREPOINT |
Sharepoint Unified Logging Service (ULS) | SHAREPOINT_ULS |
shodan.io | SHODAN_IO |
Siebel Monitoring | SIEBEL |
Siemens SiPass | SIEMENS_SIPASS |
Siga Level Zero OT Resilience | SIGA |
Silver Peak Firewall | SILVERPEAK_FIREWALL |
Single Store | SINGLE_STORE |
Site24x7 | SITE24X7 |
SKYSEA Client View | SKYSEA |
Smart Simple | SMART_SIMPLE |
Snapattack | SNAPATTACK |
Winevtlog Snare | SNARE_WINEVTLOG |
Snipe-IT | SNIPE_IT |
Snowflake | SNOWFLAKE |
Socomec UPS | SOCOMEC_UPS |
Software House Access Control | SOFTWARE_HOUSE_ACS |
Software House Ccure9000 | SOFTWARE_HOUSE_CCURE9000 |
Solace PubSub Cloud | SOLACE_AUDIT |
SolarWinds Serv-U | SOLARWINDS_SERV_U |
Solar System | SOLAR_SYSTEM |
SonarQube | SONARQUBE |
Sonrai Enterprise Cloud Security Solution | SONRAI |
Sophos Email Appliance | SOPHOS_EMAIL |
Sophos URL filtering | SOPHOS_URL |
Spamhaus | SPAMHAUS |
Symantec Protection Engine | SPE |
SpecterX | SPECTERX |
Spirion | SPIRION |
Splashtop Remote Access and Support software | SPLASHTOP |
Splunk DNS | SPLUNK_DNS |
Splunk Phantom | SPLUNK_PHANTOM |
Splunk Intel Management | SPLUNK_TRUSTAR |
Spur data feeds | SPUR_FEEDS |
Stairwell Inception | STAIRWELL_INCEPTION |
Stealthbits DLP | STEALTHBITS_DLP |
Stellar Cyber | STELLAR_CYBER |
Stream Alert | STREAMALERT |
StrongDM | STRONGDM |
Sublime Security | SUBLIMESECURITY |
Supermicro IPMI | SUPERMICRO_IPMI |
Superna Eyeglass | SUPERNA_EYEGLASS |
SureView Systems Activity | SUREVIEW_SYSTEMS |
Swift | SWIFT |
Swimlane Platform | SWIMLANE |
Symantec Messaging Gateway | SYMANTEC_MAIL |
Symantec VIP Authentication Hub | SYMANTEC_VIP_AUTHHUB |
Symphony Summit AI | SYMPHONYAI |
Syxsense | SYXSENSE |
Tableau | TABLEAU |
Tailscale | TAILSCALE |
Tanium Deploy | TANIUM_DEPLOY |
Tanium Question | TANIUM_QUESTION |
Tanium TanOS | TANIUM_TANOS |
Technitium DNS | TECHNITIUM_DNS |
Temenos Journey Manager System Event Publisher | TEMENOS_MANAGER_SYSTEMEVENT |
Tenable Web App Scanning | TENABLE_WAS |
Teradata Aster | TERADATA_ASTER |
Teradici PCoIP | TERADICI_PCOIP |
Teramind | TERAMIND |
Terraform Enterprise Audit | TERRAFORM_ENTERPRISE |
Tessian Cloud Email Security Platform | TESSIAN_PLATFORM |
TGDetect | TGDETECT |
ThreatQuotient | THREATQ_IOC |
ThreatX WAF | THREATX_WAF |
Thycotic devops secret vault | THYCOTIC_DEVOPS_SECRETVAULT |
Tiktok for Developers | TIKTOK |
Traceable API Security | TRACEABLE_PLATFORM |
Traefik Labs | TRAEFIK |
Transmit BindID | TRANSMIT_BINDID |
Trend Micro Cloud App Security | TRENDMICRO_CLOUDAPPSECURITY |
TrendMicro Deep Discovery Inspector | TRENDMICRO_DDI |
Trend Micro EdgeIPS | TRENDMICRO_EDGEIPS |
TrendMicro EDR | TRENDMICRO_EDR |
Trend Micro Email Security Advanced | TRENDMICRO_EMAIL_SECURITY |
TXOne Stellar | TRENDMICRO_STELLAR |
Trend Micro Vision One Audit | TRENDMICRO_VISION_ONE_AUDIT |
Trend Micro Vision One Observerd Attack Techniques | TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES |
Trend Micro Vision One Workbench | TRENDMICRO_VISION_ONE_WORKBENCH |
TrendMicro Webproxy DSM | TRENDMICRO_WEBPROXY_DSM |
Tridium Niagara Framework | TRIDIUM_NIAGARA_FRAMEWORK |
Tripp Lite | TRIPP_LITE |
TrueFort Platform | TRUEFORT |
TrueNAS | TRUENAS |
E-Motional Transparent Screen Lock TSL RFID | TSL_PRO |
Twilio Audit | TWILIO_AUDIT |
Twilio Authy | TWILIO_AUTHY |
Twingate | TWINGATE |
Tyk IO | TYK_IO |
Ubiquiti Accesspoint | UBIQUITI_ACCESSPOINT |
Ubiquiti UDM Firewall | UBIQUITI_FIREWALL |
UDM | UDM |
Uipath | UIPATH |
UltraDNS | ULTRADNS |
Ultra Electronics CyberFence | ULTRA_CYBERFENCE |
Unifi Switch | UNIFI_SWITCH |
Unit 21 | UNIT21 |
UpGuard | UPGUARD |
UPX AntiDDoS | UPX_ANTIDDOS |
Vanguard Active Alerts | VANGUARD |
Vector Dev | VECTOR_DEV |
Vectra Protect | VECTRA_PROTECT |
Veeam | VEEAM |
Velo Firewall | VELO_FIREWALL |
Venafi | VENAFI |
Verba Recording System | VERBA_REC |
Vercara | VERCARA |
Verizon Network Detection and Response | VERIZON_NDR |
Verkada | VERKADA |
Veza Access Control Platform | VEZA |
ViaControl Server Application | VIACONTROL |
Virsec Event Logs | VIRSEC_EVENT |
Virsec Attack and Threat Logs | VIRSEC_THREAT |
Virtru Email Encryption | VIRTRU_EMAIL_ENCRYPTION |
VirusTotal Threat Hunter | VIRUSTOTAL_THREAT_HUNTER |
VMRay Analyzer | VMRAY_FLOG_XML |
VMware Aria Logs | VMWARE_ARIA_LOGS |
Vmware Avinetworks iWAF | VMWARE_AVINETWORKS_IWAF |
VMware Avi Vantage Platform | VMWARE_AVI_VANTAGE |
VMware Cloud Director | VMWARE_CD |
VMware HCX | VMWARE_HCX |
VMware NSX AVI | VMWARE_NSX_AVI |
VMware SDDC | VMWARE_SDDC |
VMware SDWN Events | VMWARE_SDWN_EVENTS |
VMware Unified Access Gateway | VMWARE_UNIFIED_ACCESS_GATEWAY |
VMware vShield | VMWARE_VSHIELD |
Voltage | VOLTAGE |
Vonage | VONAGE |
VSFTPD Audit | VSFTPD_AUDIT |
Wallarm Webhook Notifications | WALLARM_NOTIFICATIONS |
Wallix Bastion | WALLIX_BASTION |
Wallix Endpoint Privilege Management | WALLIX_EPM |
Wallix Privileged Access Management | WALLIX_PAM |
Waterfall Data Security Manager | WATERFALL_DSM |
WebEx | WEBEX_SAAS |
Web Methods Api Gateway | WEBMETHODS_API_GATEWAY |
White Cloud | WHITECLOUD_EDR |
Windows Filtering Platform | WINDOWS_WFP |
Winscp | WINSCP |
WithSecure Cloud Protection | WITHSECURE_CLOUD |
WithSecure Elements Connector | WITHSECURE_ELEMENTS |
Wordpress Simple History | WORDPRESS_SIMPLE_HISTORY |
Workato Audit Logs | WORKATO |
Workday User Activity | WORKDAY_USER_ACTIVITY |
Workspot Control | WORKSPOT_CONTROL |
WP Engine | WP_ENGINE |
WS Ftp | WS_FTP |
Western Telematic Inc Console Servers | WTI_CONSOLE_SERVERS |
Ysoft Data Security Manager | YSOFT_DSM |
Zabbix | ZABBIX |
Zendesk CRM | ZENDESK_CRM |
ZeroFox Platform | ZEROFOX_PLATFORM |
Zoho Analytics Audits | ZOHO_AUDIT |
ZScaler Deception | ZSCALER_DECEPTION |
Zscaler Digital Experience | ZSCALER_DIGITAL_EXPERIENCE |
Zscaler NSS Feeds for Alerts | ZSCALER_NSS_FEEDS |
Zscaler Client Connector | ZSCALER_ZCC |
Zscaler ZDX | ZSCALER_ZDX |
Zscaler Secure Private Access Audit Logs | ZSCALER_ZPA_AUDIT |
Zuora App Logs | ZUORA_APP_LOGS |