Supported log types and default parsers

This document contains information about Google Security Operations SIEM integrations for data ingestion. It summarizes the devices, and the associated ingestion label (log_type) field in the Ingestion API and data_type in a Forwarder configuration), that Google Security Operations SIEM supports.

Supported log types with a default parser

Parsers normalize raw log data into structured Unified Data Model format. This section lists supported devices, and the associated ingestion label (log_type field in the Ingestion API and data_type in a Forwarder configuration), that also have a prebuilt default parser. The default parser is supported by Google Security Operations as long as the device's raw logs are received in the required format.

For a list of supported log types without a default parser, see Supported log types without a default parser.

The Format column indicates the high-level structure of the raw log, as:

  • CSV: Comma Separated Values
  • JSON: JavaScript Object Notation
  • SYSLOG: syslog formatted message
  • KV: key-value pair
  • XML: Extensible Markup Language
  • SYSLOG + KV: syslog header with key-value body
  • SYSLOG + JSON: syslog header with JSON body
  • SYSLOG + XML: syslog header with XML body
  • LEEF: Log Event Extended Format
  • CEF: Common Event Format

These changes are applied to newly ingested logs. Parser changes are not applied retroactively to previously ingested logs.

Vendor / Product Category Ingestion label Format Latest Update
Thinkst Canary Deception Software THINKST_CANARY JSON 2024-07-17
View Change
Saviynt Enterprise Identity Cloud Endpoints SAVIYNT_EIP JSON, JSON+KV 2023-06-05
View Change
Snare System Diagnostic Logs Security SNARE_SOLUTIONS SYSLOG + KV 2024-07-31
View Change
Splunk Platform Security log SPLUNK JSON 2024-05-01
View Change
Arcsight CEF Security log ARCSIGHT_CEF CEF Syslog 2024-07-30
View Change
Cisco Web Services Manager CISCO_WSM CISCO_WSM SYSLOG 2023-10-05
View Change
Cisco ISE Identity and Access Management CISCO_ISE SYSLOG 2024-09-18
View Change
Azure DevOps Audit Automation and DevOps Tools AZURE_DEVOPS JSON 2024-01-19
View Change
Netskope Web Proxy Web Proxy NETSKOPE_WEBPROXY SYSLOG, SYSLOG+JSON, JSON 2024-06-21
View Change
Fortinet Web Application Firewall WEB FORTINET_FORTIWEB KV 2024-09-30
View Change
HP Aruba (ClearPass) Identity and Access Management CLEARPASS SYSLOG + KV 2024-09-12
View Change
Trend Micro Deep Security AV / Endpoint TRENDMICRO_DEEP_SECURITY LEEF + CEF 2024-10-09
View Change
Nyansa Events IoT NYANSA_EVENTS SYSLOG + KV 2023-03-01
View Change
BMC AMI Defender Mainframe BMC_AMI_DEFENDER SYSLOG 2024-05-27
View Change
BMC Client Management Security BMC_CLIENT_MANAGEMENT SYSLOG 2024-10-11
View Change
Cloudflare Audit SaaS Application CLOUDFLARE_AUDIT JSON 2023-11-27
View Change
Netscout Arbor Sightline Monitoring ARBOR_SIGHTLINE SYSLOG + JSON 2024-04-22
View Change
Zscaler Web Proxy ZSCALER_WEBPROXY SYSLOG + KV, CSV 2024-10-1
View Change
Cloud IoT Google Cloud Specific GCP_CLOUDIOT JSON 2022-06-06
View Change
Tanium Comply Tanium Specific TANIUM_COMPLY JSON 2022-08-18
View Change
GCP_APP_ENGINE Cloud Computing GCP_APP_ENGINE JSON and KV 2024-08-01
View Change
Tanium Audit SCAN NETWORK TANIUM_AUDIT JSON 2024-05-16
View Change
Remediant SecureONE Privileged Account Activity REMEDIANT_SECUREONE SYSLOG + JSON 2023-12-08
View Change
SOTI MobiControl Mobile Device Management SOTI_MOBICONTROL SYSLOG 2023-09-08
View Change
Zscaler CASB CASB ZSCALER_CASB JSON 2024-06-04
View Change
Sophos DHCP DHCP SOPHOS_DHCP SYSLOG + KV 2022-02-10
Nucleus Unified Vulnerability Management Nucleus Specific NUCLEUS_VULNERABILITY JSON 2021-06-30
F5 BIGIP Access Policy Manager Access Policy Manager F5_BIGIP_APM SYSLOG 2024-09-11
View Change
Mobile Endpoint Security Mobile Endpoint Security LOOKOUT_MOBILE_ENDPOINT_SECURITY CEF 2024-09-17
View Change
Claroty Continuous Threat Detection IoT CLAROTY_CTD KV 2024-10-07
View Change
McAfee Skyhigh CASB CASB MCAFEE_SKYHIGH_CASB SYSLOG + KV 2023-06-17
View Change
Armis Alerts ALERTS ARMIS_ALERTS JSON 2023-02-07
View Change
Symantec DLP DLP SYMANTEC_DLP SYSLOG + KV (CEF), XML, CEF 2024-09-05
View Change
Sonicwall Secure Mobile Access Authentication SONICWALL_SMA SYSLOG + KV 2024-03-28
View Change
CyberArk Privilege Account Management CYBERARK KV (CEF) 2024-06-14
View Change
Windows Defender ATP AV / Endpoint WINDOWS_DEFENDER_ATP SYSLOG + JSON, XML, JSON 2024-10-15
View Change
DNSFilter Data Transfer DNSFILTER CSV 2023-10-27
View Change
Qualys Scan Vulnerability scanner QUALYS_SCAN JSON 2023-04-21
View Change
BeyondTrust Privilege Account Activity BOMGAR SYSLOG 2024-01-12
View Change
F5 BIGIP LTM Load Balancer, Traffic Shaper, ADC F5_BIGIP_LTM SYSLOG, KV 2024-10-09
View Change
Armis Activities ACTIVITIES ARMIS_ACTIVITIES JSON 2023-02-07
View Change
Netscope Client CASB NETSKOPE_CLIENT JSON 2024-10-16
View Change
Check Point Firewall CHECKPOINT_FIREWALL SYSLOG + KV, JSON 2024-09-18
View Change
Nucleus Asset Metadata Nucleus Specific NUCLEUS_ASSET JSON 2021-08-05
Brocade Switch Switches BROCADE_SWITCH SYSLOG, CSV 2024-04-15
View Change
VeridiumID by Veridium Authentication Software VERIDIUM_ID Syslog + KV 2024-06-19
View Change
Cloud Run Google Cloud Specific GCP_RUN JSON 2024-01-22
View Change
Microsoft Azure Resource Log Aggregator AZURE_RESOURCE_LOGS JSON 2024-10-17
View Change
Halcyon Anti Ransomware AV and endpoint logs HALCYON JSON 2024-10-17
View Change
Microsoft Netlogon Authentication MICROSOFT_NETLOGON SYSLOG 2024-10-17
View Change
Velo Firewall FIREWALL VELO_FIREWALL SYSLOG + KV 2024-10-10
View Change
IBM Safenet IT infrastructure IBM_SAFENET SYSLOG 2023-05-24
View Change
Proofpoint Email Filter Email Server PROOFPOINT_MAIL_FILTER KV 2024-09-19
View Change
Elastic Audit Beats ALERTING ELASTIC_AUDITBEAT JSON 2024-07-31
View Change
Forcepoint Proxy Web Proxy FORCEPOINT_WEBPROXY SYSLOG + KV (CEF), LEEF, CSV 2024-07-10
View Change
Veeam Backup software VEEAM SYSLOG 2024-09-23
View Change
Verba Recording System Recording System VERBA_REC CSV 2024-05-24
View Change
Microsoft ATA IDS/IPS MICROSOFT_ATA SYSLOG + KV 2024-01-29
View Change
Illumio Core Policy Management ILLUMIO_CORE JSON, SYSLOG, SYSLOG+JSON and SYSLOG+CEF. 2024-04-18
View Change
Kolide Endpoint Security Security KOLIDE JSON 2023-10-25
View Change
Slack Audit Productivity SLACK_AUDIT JSON 2023-10-27
View Change
Tanium Insight Tanium Specific TANIUM_INSIGHT SYSLOG + KV 2021-03-10
Azure Firewall Azure Firewall Application Rule AZURE_FIREWALL JSON 2024-09-04
View Change
PAN Autofocus IOC PAN_IOC JSON 2021-08-09
AWS Macie AWS-specific logs AWS_MACIE JSON 2022-08-08
View Change
ThreatConnect IOC THREATCONNECT_IOC JSON 2022-01-13
Voltage Email Server VOLTAGE SYSLOG 2024-07-02
View Change
IBM Security QRadar SIEM Security Log IBM_QRADAR SYSLOG 2024-06-18
View Change
OpenSSH Logging and Troubleshooting OPENSSH SYSLOG 2024-01-23
View Change
Avatier Password Management SaaS Application AVATIER SYSLOG + KV 2021-08-05
Symantec Endpoint Protection AV / Endpoint SEP SYSLOG, KV 2024-10-08
View Change
Medigate IoT IoT MEDIGATE_IOT SYSLOG + JSON 2024-04-03
View Change
Tanium Integrity Monitor Tanium Specific TANIUM_INTEGRITY_MONITOR JSON 2022-10-12
View Change
Microsoft Defender For Cloud Automation and DevOps Tools MICROSOFT_DEFENDER_CLOUD_ALERTS JSON 2024-09-11
GCP_NETWORK_CONNECTIVITY Computer Inventory GCP_NETWORK_CONNECTIVITY_CONTEXT JSON 2023-06-13
View Change
Noname API Security Security NONAME_API_SECURITY JSON 2024-06-08
View Change
Sendmail Email Server SENDMAIL SYSLOG + KV 2023-09-20
View Change
Delinea PAM Access Management DELINEA_PAM SYSLOG + CSV 2022-11-10
View Change
Akeyless Vault Platform Akeyless Vault Platform AKEYLESS_VAULT KV + JSON 2023-09-16
View Change
Kubernetes Audit Azure Log Aggregator KUBERNETES_AUDIT_AZURE JSON 2024-01-11
View Change
Trustwave webmarshal Proxy Server WEBMARSHAL SYSLOG + CSV 2023-05-04
View Change
Deep Instinct EDR EDR DEEP_INSTINCT_EDR LEEF 2023-12-27
View Change
Azure Storage Audit Storage AZURE_STORAGE_AUDIT JSON 2024-07-31
View Change
Sysdig Security SYSDIG JSON 2024-10-01
View Change
VMware ESXi Hypervisor VMWARE_ESX SYSLOG, JSON 2024-07-01
View Change
Teleport Access Plane Remote Access TELEPORT_ACCESS_PLANE SYSLOG 2023-11-17
View Change
Symantec VIP Authentication Hub VPN SYMANTEC_VIP_AUTHHUB JSON 2024-06-04
View Change
Island Browser logs Web Browser ISLAND_BROWSER JSON 2024-05-20
View Change
IBM Cloud Activity Tracker Security Log IBM_CLOUD_ACTIVITY_TRACKER JSON 2024-09-12
View Change
Pulse Secure Virtual Traffic Manager Traffic Shapers PULSE_SECURE_VTM SYSLOG 2023-11-03
View Change
Forcepoint DLP Forcepoint DLP FORCEPOINT_DLP CEF 2024-08-05
View Change
SentinelOne Deep Visibility EDR SENTINEL_DV JSON 2023-09-06
View Change
Imperva Advanced Bot Protection Bot Protection IMPERVA_ABP JSON 2024-10-10
View Change
Radware Alteon Load Balancer RADWARE_ALTEON SYSLOG 2024-06-21
View Change
LastPass Password Management Identity and Access Management LASTPASS JSON 2024-03-22
View Change
Zeek TSV Format Specific BRO_TSV SYSLOG + TSV 2024-05-17
View Change
Carbon Black EDR CB_EDR JSON 2024-07-02
View Change
Kubernetes Auth Proxy Kubernetes Specific KUBERNETES_AUTH_PROXY JSON 2022-09-08
View Change
Dope Security SWG Secure Access Service Edge DOPE_SWG CSV 2023-05-18
View Change
VMware NSX Network and Security Virtualization VMWARE_NSX KV 2024-09-25
View Change
F5 Advanced Firewall Management Firewall F5_AFM SYSLOG + CSV 2024-04-05
View Change
AWS EC2 VPCs AWS Specific AWS_EC2_VPCS JSON 2024-01-31
Cisco ASA firewall CISCO_ASA_FIREWALL SYSLOG 2024-10-09
View Change
Azure AD Organizational Context LDAP AZURE_AD_CONTEXT JSON 2024-05-02
View Change
NetDocuments Solutions Threat Management Firewall NETDOCUMENTS Cloud-Based Document Management System 2024-05-06
View Change
Darktrace NDR DARKTRACE SYSLOG + KV (CEF), SYSLOG + JSON 2024-10-08
View Change
RSA NetWitness PLATFORM CONFIGURATION RSA_NETWITNESS SYSLOG 2022-10-18
View Change
INTEL471 Watcher Alerts Data Security INTEL471_WATCHER_ALERTS JSON 2024-10-17
View Change
Trend Micro Vision One AV and endpoint logs TRENDMICRO_VISION_ONE SYSLOG + KV, CEF, JSON 2024-10-10
View Change
Duo Auth Authentication DUO_AUTH JSON 2024-07-24
View Change
Microsoft Graph Activity Logs AUDIT MICROSOFT_GRAPH_ACTIVITY_LOGS JSON 2024-10-08
View Change
VMware Workspace ONE Logging and Troubleshooting VMWARE_WORKSPACE_ONE SYSLOG 2023-08-04
View Change
WatchGuard Syslog and KV WATCHGUARD JSON 2024-09-24
View Change
Zscaler Tunnel N/A ZSCALER_TUNNEL JSON, CSV 2024-10-17
View Change
NetApp ONTAP Rest api NETAPP_ONTAP SYSLOG 2024-08-29
View Change
Nokia VitalQIP DDI (DNS, DHCP, IPAM) VITALQIP SYSLOG 2022-03-01
Akamai Enterprise Application Access Enterprise Application Access AKAMAI_EAA JSON 2023-11-14
View Change
Active Countermeasures Alert AI_HUNTER SYSLOG 2020-12-08
Windows Local Administrator Password Solution Local Administrator Password Solution MICROSOFT_LAPS JSON 2024-10-10
View Change
IBM Security Identity Manager Security IBM_SIM JSON + KV 2024-03-11
View Change
Workspace Activities Google Cloud Specific WORKSPACE_ACTIVITY JSON 2024-10-18
View Change
Rubrik Polaris Data Security RUBRIK_POLARIS JSON 2024-05-27
View Change
Thales Luna Hardware Security Module THALES_LUNA_HSM specific THALES_LUNA_HSM JSON/SYSLOG 2022-12-02
View Change
1Password Identity and Access Management ONEPASSWORD JSON 2024-07-08
View Change
FortiMail Email Security Email Security FORTINET_FORTIMAIL KV 2023-09-06
View Change
Nasuni File Services Platform Data Transfer NASUNI_FILE_SERVICES SYSLOG + JSON 2022-08-21
View Change
AWS S3 Server Access AWS Specific AWS_S3_SERVER_ACCESS SYSLOG 2023-07-19
View Change
AWS CloudWatch Cloud service monitoring AWS_CLOUDWATCH JSON, GROK 2024-08-29
View Change
AWS Route 53 DNS AWS Specific AWS_ROUTE_53 JSON + SYSLOG 2024-10-17
View Change
Uptycs EDR Endpoint detection and response UPTYCS_EDR JSON 2022-07-08
View Change
ESET AV ESET_AV ESET_AV SYSLOG + JSON 2024-06-25
View Change
Azure AD LDAP AZURE_AD JSON 2024-10-07
View Change
Snowflake Database SNOWFLAKE JSON 2024-08-12
View Change
Centrify SSO CENTRIFY_SSO JSON 2022-08-10
View Change
ZeroFox Platform Database ZEROFOX_PLATFORM JSON 2024-08-30
View Change
ManageEngine ADAudit Plus Active Directory Audit ADAUDIT_PLUS SYSLOG + KV (CEF) 2024-05-20
View Change
WindChill Lifecycle Management Software WINDCHILL SYSLOG 2024-02-09
View Change
Opengear Remote Management Secure Remote Access OPENGEAR SYSLOG 2024-09-13
View Change
Palo Alto Networks Traps EDR PAN_EDR CSV + KV 2022-08-22
View Change
Cybergatekeeper NAC Security CYBERGATEKEEPER_NAC SYSLOG + KV 2024-04-23
View Change
Layer7 SiteMinder SSO SITEMINDER_SSO KV+JSON, SYSLOG, JSON 2024-08-15
View Change
EfficientIP DDI Network EFFICIENTIP_DDI SYSLOG + KV 2024-08-21
View Change
Stealthbits Audit File system monitoring STEALTHBITS_AUDIT JSON 2021-11-09
CircleCI Automation and DevOps Tools CIRCLECI CSV + JSON 2023-03-09
View Change
Kisi Access Management Physical Security KISI JSON 2023-06-14
View Change
Cloud Functions Context Google Cloud Specific GCP_CLOUD_FUNCTIONS_CONTEXT JSON 2023-07-26
View Change
Cloud Passage SaaS Application CLOUD_PASSAGE JSON 2022-06-30
View Change
Imperva Database Cloud Application and Edge Security IMPERVA_DB SYSLOG, SYSLOG+JSON 2024-04-09
View Change
Preempt Auth Identity and Access Management PREEMPT_AUTH SYSLOG + JSON 2021-06-16
Cisco ACS Authentication CISCO_ACS SYSLOG + KV 2023-09-26
View Change
Qualys Continuous Monitoring Monitoring QUALYS_CONTINUOUS_MONITORING JSON 2022-08-30
View Change
Rippling Activity Logs ACTIVITY_LOGS RIPPLING_ACTIVITYLOGS JSON 2024-08-01
View Change
F5 VPN VPN F5_VPN SYSLOG 2024-05-20
View Change
IBM CICS Service Bus IBM_CICS LEEF 2021-10-27
NetApp SAN Rest api NETAPP_SAN SYSLOG 2023-04-25
View Change
Onapsis SAP ONAPSIS JSON , SYSLOG , KV 2023-12-08
View Change
Zywall Network infrastructure ZYWALL KV 2024-08-29
View Change
Cisco Prime Network Management and Optimization CISCO_PRIME SYSLOG 2024-01-26
View Change
Sangfor Next Generation Firewall Firewall SANGFOR_NGAF SYSLOG + KV 2024-01-31
View Change
Area1 Security Email server AREA1 JSON 2024-09-23
View Change
Cisco FireSIGHT Management Center SaaS Application CISCO_FIRESIGHT KV 2024-06-25
View Change
Attivo Networks NETWORK ATTIVO SYSLOG + KV (CEF) 2024-04-19
View Change
CrowdStrike Detection Monitoring EDR CS_DETECTS JSON 2024-10-11
View Change
JAMF CMDB Computer Inventory JAMF JSON 2024-05-28
View Change
Cohesity Backup Software COHESITY SYSLOG 2024-09-24
View Change
Recorded Future IOC RECORDED_FUTURE_IOC JSON 2021-11-17
FileZilla File tranfser FILEZILLA_FTP SYSLOG 2024-06-09
View Change
Microsoft Sentinel Microsoft Sentinel MICROSOFT_SENTINEL JSON 2023-11-03
View Change
Clearswift Information Security CLEARSWIFT SYSLOG 2023-11-22
View Change
Snoopy Logger Log Aggregator SNOOPY_LOGGER SYSLOG 2022-08-10
View Change
F5 DNS DNS F5_DNS SYSLOG 2021-06-17
File Scanning Framework File scanning FILE_SCANNING_FRAMEWORK JSON 2021-09-27
Hitachi Cloud Platform Hitachi Cloud Platform HITACHI_CLOUD_PLATFORM SYSLOG 2023-05-30
View Change
Imperva DRA Data Security IMPERVA_DRA SYSLOG,json 2024-09-26
View Change
Dell EMC Isilon NAS Storage DELL_EMC_NAS SYSLOG 2023-07-21
View Change
BloxOne Threat Defense DNS BLOXONE SYSLOG + JSON 2024-06-18
View Change
SAP SM20 Security Audit Log SAP_SM20 JSON 2024-04-16
View Change
Infoblox DHCP DHCP INFOBLOX_DHCP SYSLOG 2024-10-17
View Change
Vectra Detect NDR VECTRA_DETECT SYSLOG + JSON + CEF 2024-08-21
View Change
AIX system OS AIX_SYSTEM SYSLOG 2024-10-09
View Change
Fortinet FortiAuthenticator Security FORTINET_FORTIAUTHENTICATOR SYSLOG + KV, KV 2024-08-29
View Change
Kaspersky AV AV / Endpoint KASPERSKY_AV KV + CEF 2023-10-13
View Change
Check Point Harmony Remote Access Tools CHECKPOINT_HARMONY SYSLOG+KV 2023-11-10
View Change
McAfee Enterprise Security Manager Log Aggregator MCAFEE_ESM SYSLOG + JSON 2024-03-21
InterSystems Cache Database INTERSYSTEMS_CACHE SYSLOG + KV 2022-10-19
View Change
Snort IDS/IPS SNORT_IDS SYSLOG + JSON 2022-09-22
View Change
ServiceNow CMDB Policy Management SERVICENOW_CMDB JSON 2024-10-16
View Change
Barracuda WAF Firewall BARRACUDA_WAF JSON, SYSLOG + KV 2024-09-25
View Change
Cisco EStreamer Network Monitoring CISCO_ESTREAMER SYSLOG + KV 2024-06-21
View Change
Static IP DHCP ASSET_STATIC_IP CSV 2023-06-16
View Change
Zscaler Private Access Security Service Edge ZSCALER_ZPA SYSLOG + JSON, JSON 2024-10-01
View Change
Imperva SecureSphere Management Data Security / Insider Threat IMPERVA_SECURESPHERE SYSLOG + KV (CEF) 2024-04-01
View Change
Infoblox DNS DNS INFOBLOX_DNS SYSLOG, CEF 2024-09-24
View Change
Barracuda Web Filter Webfilter BARRACUDA_WEBFILTER SYSLOG 2023-07-20
View Change
Cato Networks NDR CATO_NETWORKS JSON 2024-01-26
View Change
Box Collaboration BOX JSON 2024-03-11
View Change
Checkpoint Audit AUDIT CHECKPOINT_AUDIT SYSLOG + KV (CEF) 2024-10-01
View Change
Symantec Event export SEP SYMANTEC_EVENT_EXPORT JSON, SYSLOG 2023-11-07
View Change
XAMS by Xiting Log Aggregator XITING_XAMS SYSLOG 2024-09-26
View Change
Oracle Cloud Infrastructure Audit Logs Oracle Cloud Infrastructure OCI_AUDIT JSON 2024-06-14
View Change
Sierra Wireless IOT Devices SIERRA_WIRELESS SYSLOG 2023-11-23
View Change
Ruckus Networks Wireless RUCKUS_WIRELESS SYSLOG + KV 2024-07-02
View Change
FireEye NX Audit AUDIT FIREEYE_NX_AUDIT Syslog 2024-05-01
View Change
Shrubbery TACACS+ NETWORK MANAGEMENT SHRUBBERY_TACACS SYSLOG + KV 2022-11-08
View Change
Elastic Packet Beats Log Aggregator ELASTIC_PACKETBEATS SYSLOG + JSON , JSON 2024-08-20
View Change
Watchguard EDR EDR WATCHGUARD_EDR JSON 2024-02-05
View Change
FireEye HX EDR FIREEYE_HX JSON 2024-10-15
View Change
Chrome Management Browser N/A JSON 2024-10-11
View Change
FireEye Alerts FIREEYE_ALERT SYSLOG + JSON, JSON, KV 2024-10-16
View Change
Palo Alto Prisma Cloud Alert payload Cloud Security PAN_PRISMA_CA JSON 2024-10-17
View Change
Hashicorp Vault Privileged Account Activity HASHICORP JSON, SYSLOG, SYSLOG+JSON, SYSLOG+KV 2024-10-15
View Change
Red Canary EDR REDCANARY_EDR JSON 2022-09-15
View Change
NGINX Server Management NGINX JSON + SYSLOG 2022-09-10
View Change
Splunk Attack Analyzer CLOUD SECURITY SPLUNK_ATTACK_ANALYZER JSON 2024-08-05
View Change
Signal Sciences WAF WAF SIGNAL_SCIENCES_WAF JSON 2024-05-13
View Change
Rapid7 Vulnerability Scanner RAPID7_NEXPOSE JSON 2024-05-14
View Change
SiteMinder Web Access Management SSO CA_SSO_WEB JSON, SYSLOG 2024-06-25
View Change
Nutanix Prism Firewall NUTANIX_PRISM JSON, SYSLOG 2024-02-21
View Change
McAfee MVISION CASB CLOUD SECURITY MCAFEE_MVISION_CASB KV 2023-06-22
View Change
AWS Elastic Load Balancer AWS Specific AWS_ELB SYSLOG 2024-03-22
View Change
Infoblox DHCP, DNS INFOBLOX SYSLOG 2024-09-17
View Change
ZScaler Deception VPN ZSCALER_DECEPTION JSON 2024-07-01
View Change
Dell Switch Switches, Routers DELL_SWITCH SYSLOG 2024-10-09
View Change
BeyondTrust Endpoint Privilege Management Privileged Account Activity BEYONDTRUST_ENDPOINT JSON 2024-09-05
View Change
Cloudflare SaaS Application CLOUDFLARE JSON 2024-10-15
View Change
AWS EC2 Hosts AWS Specific AWS_EC2_HOSTS JSON 2024-01-31
View Change
IBM Tivoli Monitoring IBM_TIVOLI JSON, SYSLOG 2024-03-15
View Change
LimaCharlie EDR LIMACHARLIE_EDR JSON 2023-08-07
Forseti Open Source Google Cloud Specific FORSETI JSON 2021-12-23
Talon Security TALON JSON 2023-12-21
TrendMicro Apex Central Endpoint TRENDMICRO_APEX_CENTRAL CEF 2024-09-23
View Change
Okera Dynamic Access Platform Data Security OKERA_DAP JSON 2023-01-29
View Change
FireEye ETP Email Server FIREEYE_ETP JSON + SYSLOG 2024-08-14
View Change
FireEye PX Firewall FIREEYE_PX JSON 2024-01-05
View Change
EPIC Systems Discovery and Monitoring EPIC LEEF + KV 2024-07-01
View Change
Security Command Center Threat Google Cloud Specific N/A JSON 2024-10-08
View Change
Jamf Protect Telemetry Endpoint Security JAMF_TELEMETRY JSON 2024-05-01
View Change
Kiteworks Network KITEWORKS SYSLOG, CSV 2023-11-10
View Change
IBM DS8000 Storage Audit Logs IBM_DS8000 Syslog, CSV 2024-07-24
View Change
Tines Data Security TINES JSON 2024-10-01
View Change
IBM OpenPages Data Security IBM_OPENPAGES SYSLOG 2024-10-10
View Change
Microsoft AD FS LDAP ADFS JSON 2024-09-09
View Change
Onfido Authentication ONFIDO SYSLOG + JSON 2023-03-10
View Change
Chronicle SOAR Audit SOAR CHRONICLE_SOAR_AUDIT JSON 2023-10-12
View Change
Brocade ServerIron ADX Load Balancer BROCADE_SERVERIRON SYSLOG 2022-01-13
Ribbon Analytics Platform Telephone Software RIBBON_ANALYTICS_PLATFORM SYSLOG 2022-09-09
View Change
Cequence Bot Defense Log Aggregator CEQUENCE_BOT_DEFENSE JSON 2024-07-05
View Change
Palo Alto Cortex XDR Events Monitoring and Threat Detection PAN_CORTEX_XDR_EVENTS JSON 2023-12-15
View Change
Apigee Google Cloud Specific GCP_APIGEE_X JSON 2024-10-16
View Change
SAP Netweaver Database SAP_NETWEAVER JSON 2023-05-03
View Change
Seqrite Endpoint Security (EPS) AV and endpoint logs SEQRITE_ENDPOINT LEEF 2023-03-24
View Change
Juniper Software Defined Wide Area Network SYSLOG JUNIPER_SDWAN SYSLOG 2023-07-10
View Change
Imperva FlexProtect Cloud App & Network Security IMPERVA_FLEXPROTECT CEF + KV 2023-08-28
View Change
Azure VPN VPN AZURE_VPN JSON 2024-10-11
View Change
IBM Guardium Database DLP GUARDIUM CSV, CEF, LEEF 2024-08-05
View Change
CSV Custom IOC IOC CSV_CUSTOM_IOC CSV 2024-02-15
View Change
Lucid Authentication log types. LUCID JSON 2024-06-19
View Change
McAfee Unified Cloud Edge SaaS Application MCAFEE_UCE JSON 2021-07-20
CommVault Commcell Alert System COMMVAULT_COMMCELL KV , SYSLOG 2024-01-24
View Change
Cisco Vision Dynamic Signage Director Content and Delivery Management CISCO_STADIUMVISION SYSLOG, SYSLOG+KV 2023-05-12
View Change
ZScaler NGFW Firewall ZSCALER_FIREWALL SYSLOG + KV (CEF), CSV 2024-04-08
View Change
Digital Shadows SearchLight Threat Intelligence DIGITAL_SHADOWS_SEARCHLIGHT JSON 2022-05-02
Shibboleth IDP Identity and Access Management SHIBBOLETH_IDP SYSLOG, JSON 2024-08-05
View Change
Cloud Intrusion Detection System Google Cloud Specific GCP_IDS JSON 2024-05-01
View Change
Juniper MX Router Routers and Switches JUNIPER_MX SYSLOG + KV 2024-07-02
View Change
Cisco DHCP DHCP CISCO_DHCP SYSLOG + CSV 2022-02-07
Peplink Firewall Firewall PEPLINK_FW SYSLOG + KV 2023-08-17
View Change
OpenVPN Network OPEN_VPN SYSLOG + KV + JSON 2023-11-27
View Change
Pulse Secure VPN PULSE_SECURE_VPN SYSLOG 2024-09-24
View Change
ION Spectrum Automation ION_SPECTRUM CSV 2024-06-11
View Change
Cisco PIX Firewall Firewall CISCO_PIX_FIREWALL SYSLOG 2023-05-23
View Change
Proofpoint Tap Alerts Email Server PROOFPOINT_MAIL JSON + SYSLOG 2024-08-14
View Change
Duo Telephony Logs Identity and Access Management DUO_TELEPHONY JSON 2023-08-24
View Change
Kong API Gateway Microservice management KONG_GATEWAY SYSLOG + JSON 2022-09-23
View Change
Thales MFA Authentication THALES_MFA SYSLOG + KV (CEF) 2022-07-13
View Change
Tanium Reveal Tanium Specific TANIUM_REVEAL JSON 2021-11-15
NetIQ eDirectory Identity management deployments NETIQ_EDIRECTORY Syslog, CEF 2023-04-08
View Change
AWS GuardDuty IDS/IPS GUARDDUTY JSON 2024-10-17
View Change
iBoss Proxy Webproxy IBOSS_WEBPROXY SYSLOG + JSON 2023-08-22
View Change
Quest File Access Audit Alert QUEST_FILE_AUDIT JSON 2024-01-13
View Change
Cisco VPN VPN CISCO_VPN SYSLOG 2024-07-02
View Change
Proofpoint Observeit Email Server OBSERVEIT JSON, KV 2024-10-17
View Change
Microsoft Defender for Office 365 Email server log types. MICROSOFT_DEFENDER_MAIL JSON 2024-10-10
View Change
Proofpoint On Demand Email Server PROOFPOINT_ON_DEMAND JSON 2024-08-28
View Change
ForgeRock OpenAM Identity and Access Management OPENAM CSV, SYSLOG + KV 2024-02-09
View Change
Cimcor | File Integrity Monitoring Monitoring CIMCOR SYSLOG + KV 2024-06-18
View Change
Cisco Firepower NGFW Firewall CISCO_FIREPOWER_FIREWALL SYSLOG + KV, SYSLOG + JSON, JSON 2024-08-13
View Change
TINTRI Data Security TINTRI syslog 2024-09-17
View Change
Azure WAF Log Aggregator AZURE_WAF JSON 2024-08-22
View Change
Aruba IPS IPS ARUBA_IPS JSON 2022-06-16
View Change
Forcepoint Email Security Email Server FORCEPOINT_EMAILSECURITY JSON 2024-08-22
View Change
VyOS Open Source Router DHCP VYOS SYSLOG 2022-10-12
View Change
Anomali IOC ANOMALI_IOC JSON, CEF 2024-02-09
View Change
Mikrotik Router Router MIKROTIK_ROUTER SYSLOG + Grok 2024-09-30
View Change
Dell OpenManage Systems Management Application DELL_OPENMANAGE SYSLOG + KV 2022-07-27
View Change
Akamai WAF WAF AKAMAI_WAF SYSLOG 2024-09-10
View Change
Phishlabs Digital Risk Protection PHISHLABS JSON 2024-03-22
View Change
UPX AntiDDoS DDOS Mitigation UPX_ANTIDDOS JSON 2024-05-31
View Change
Forescout NAC NAC FORESCOUT_NAC SYSLOG, CEF 2024-04-22
View Change
Tableau Web server TABLEAU JSON, KV, SYSLOG 2024-07-09
View Change
Tenable OT Vulnerability Scanners TENABLE_OT SYSLOG+CEF 2024-04-29
View Change
Recordia Telephone software RECORDIA JSON 2024-01-30
View Change
Sap Business Technology Platform SaaS Applications SAP_BTP JSON 2024-07-19
View Change
Symantec Web Isolation Secure Access Service Edge SYMANTEC_WEB_ISOLATION JSON 2022-07-08
View Change
Armis Devices DEVICES ARMIS_DEVICES JSON 2023-03-02
View Change
Cloudflare WAF Cloud Log CLOUDFLARE_WAF JSON 2024-08-08
View Change
wiz.io Identity and Access Management WIZ_IO JSON 2024-03-04
View Change
Tenable Audit Application server TENABLE_AUDIT JSON 2024-08-09
View Change
Silverfort Authentication Platform Identity and Access Management SILVERFORT CEF SYSLOG 2023-11-29
View Change
Microsoft Intune Context Mobile Device Management AZURE_MDM_INTUNE_CONTEXT Json 2024-09-19
View Change
Lenel Onguard Badge Management Access Control System LENEL_ONGUARD JSON 2022-10-31
View Change
IBM Tape Storages Monitoring IBM_LTO Syslog 2024-05-02
View Change
Quest Active Directory Authentication log QUEST_AD CEF SYSLOG + JSON 2024-02-09
View Change
Zscaler Internet Access Audit Logs Security Service Edge (SSE) ZSCALER_INTERNET_ACCESS CSV, SYSLOG, JSON 2024-06-21
View Change
Apache Cassandra Web server CASSANDRA JSON 2022-04-13
View Change
Tanium Asset Tanium Specific TANIUM_ASSET JSON, SYSLOG + KV 2024-02-27
View Change
Cisco Umbrella IP Web Proxy UMBRELLA_IP SYSLOG 2022-08-22
View Change
Cyberark Privilege Cloud Identity & Access Management CYBERARK_PRIVILEGE_CLOUD SYSLOG + KV 2024-08-21
View Change
HP Procurve Switch Switches HP_PROCURVE SYSLOG 2024-03-04
View Change
Abnormal Security Email Server ABNORMAL_SECURITY JSON , SYSLOG 2024-09-18
View Change
Unifi AP Switches and Routers UNIFI_AP SYSLOG + KV, SYSLOG + JSON 2024-03-22
View Change
A10 Load Balancer LOAD BALANCER A10_LOAD_BALANCER SYSLOG 2024-01-28
View Change
Firewall Rule Logging Google Cloud Specific N/A JSON 2024-05-01
View Change
Tanium Patch Tanium Specific TANIUM_PATCH JSON 2022-02-08
Imperva CEF CEF IMPERVA_CEF SYSLOG + KV 2024-09-12
View Change
Trend Micro AV AV / Endpoint TRENDMICRO_AV SYSLOG + KV, CEF 2023-05-21
View Change
Trustwave SEC MailMarshal Email server MAILMARSHAL SYSLOG 2023-04-06
View Change
SonicWall Firewall SONIC_FIREWALL SYSLOG + KV 2024-09-05
View Change
Okta User Context Identity and Access Management OKTA_USER_CONTEXT JSON 2024-10-10
View Change
Tenable Security Center Vulnerability Scanner TENABLE_SC SYSLOG 2021-05-18
Cisco Application Centric Infrastructure CISCO ACI CISCO_ACI JSON, SYSLOG 2022-09-26
View Change
HPE ILO Server Management HPE_ILO SYSLOG 2023-11-27
View Change
Red Hat OpenShift Kubernetes Container REDHAT_OPENSHIFT SYSLOG 2022-08-17
View Change
Skybox Firewall Assurance Firewall SKYBOX_FIREWALL_ASSURANCE SYSLOG + KV 2023-09-07
View Change
Windows Network Policy Server Authentication WINDOWS_NET_POLICY_SERVER SYSLOG, JSON, SYSLOG + XML 2024-03-27
View Change
One Identity Identity Manager unified identity security ONE_IDENTITY_IDENTITY_MANAGER kv 2024-10-03
View Change
Passwordstate below is a catch all for tokens, phones, groups, and endpoints PASSWORDSTATE SYSLOG 2024-06-28
View Change
Keycloak Identity and Access Management KEYCLOAK JSON 2024-09-17
View Change
Microsoft Defender for Identity EDR MICROSOFT_DEFENDER_IDENTITY JSON 2024-10-14
View Change
Sophos AV AV / Endpoint SOPHOS_AV CSV, JSON 2024-08-22
View Change
Jamf Protect Threat Events Threat Events Stream JAMF_THREAT_EVENTS JSON 2023-03-27
View Change
BIND DNS BIND_DNS SYSLOG 2024-07-08
View Change
Zimperium Mobile Device Management ZIMPERIUM SYSLOG + JSON 2024-04-16
View Change
Openpath AV / Endpoint OPENPATH SYSLOG 2023-11-08
View Change
F5 Silverline Application F5_SILVERLINE SYSLOG, SYSLOG + KV , JSON 2024-08-12
View Change
Archer Integrated Risk Management Risk Management Solution ARCHER_IRM SYSLOG 2024-08-27
View Change
Nagios Infrastructure Monitoring NETWORK MONITORING NAGIOS CSV 2024-08-22
View Change
AWS Identity and Access Management (IAM) AWS Specific AWS_IAM JSON 2023-12-14
View Change
Strong Swan VPN VPN STRONGSWAN_VPN JSON 2023-05-25
View Change
VanDyke SFTP Data Transfer VANDYKE_SFTP JSON, SYSLOG 2022-03-25
View Change
Quest Change Auditor for EMC Alert QUEST_CHANGE_AUDITOR_EMC JSON 2024-06-18
View Change
Tetragon Ebpf Audit Logs OS TETRAGON_EBPF_AUDIT_LOGS JSON 2024-03-15
View Change
GitGuardian Enterprise SaaS Applications GITGUARDIAN_ENTERPRISE JSON 2024-10-16
View Change
Cloud Load Balancing Google Cloud Specific GCP_LOADBALANCING JSON 2024-07-19
View Change
Microsoft Exchange Email Server EXCHANGE_MAIL SYSLOG 2024-08-06
View Change
ThreatLocker Platform THREATLOCKER THREATLOCKER JSON 2023-06-18
View Change
GitHub SaaS Application GITHUB JSON 2024-09-18
View Change
IBM DB2 Database DB2_DB LEEF 2024-09-25
View Change
Apigee Google Cloud Specific GCP_APIGEE JSON 2021-11-02
Opnsense Firewall and Routing Platform OPNSENSE Syslog, Syslog + CSV 2023-11-22
View Change
Cisco IronPort Gateway Security CISCO_IRONPORT SYSLOG + CSV 2024-10-16
View Change
Tanium Stream Tanium Specific TANIUM_TH JSON 2023-12-18
View Change
CIS Albert Alerts Alerts CIS_ALBERT_ALERT SYSLOG 2022-10-10
View Change
Juniper Junos Network Device JUNIPER_JUNOS SYSLOG + KV 2024-06-18
View Change
Cisco WLC/WCS Wireless CISCO_WIRELESS SYSLOG 2024-09-25
View Change
ISC DHCP DHCP ISC_DHCP JSON + SYSLOG + KV 2024-01-29
View Change
WordPress Configuration Management WORDPRESS_CMS JSON 2024-05-07
View Change
Dataminr Alerts SAAS Security Application DATAMINR_ALERT JSON 2024-02-14
View Change
Avaya Aura Experience Portal Avaya Aura Experience Portal AVAYA_AURA SYSLOG 2022-12-30
View Change
Jamf Protect Alerts Endpoint Security JAMF_PROTECT JSON 2024-10-08
View Change
GCP_SWP CLOUD GCP_SWP JSON 2024-04-15
View Change
Synology DATA STORAGE SYNOLOGY SYSLOG 2024-01-16
View Change
F5 Shape Security log F5_SHAPE JSON 2024-08-20
View Change
Google Cloud IAM Analysis Google Cloud Resources Contexts N/A JSON 2023-02-27
View Change
Proofpoint CASB CASB PROOFPOINT_CASB JSON 2024-09-07
View Change
BMC Helix Discovery bmc helix discovery BMC_HELIX_DISCOVERY SYSLOG 2022-08-29
View Change
BigQuery Google Cloud Resources Contexts N/A JSON 2024-04-24
View Change
Infoblox RPZ RPZ INFOBLOX_RPZ SYSLOG 2024-02-13
View Change
Sophos Central AV / Endpoint SOPHOS_CENTRAL JSON 2024-09-05
View Change
Cisco Umbrella DNS DNS UMBRELLA_DNS CSV, JSON 2024-05-28
View Change
SecureLink Remote Access Tools SECURELINK SYSLOG 2023-09-13
View Change
Netskope Cloud Security NETSKOPE_ALERT JSON 2024-08-14
View Change
Ping Identity Authentication PING JSON, SYSLOG + KV 2024-07-29
View Change
IBM z/OS OS IBM_ZOS LEEF 2023-07-25
View Change
Cofense Email Server COFENSE_TRIAGE SYSLOG + KV (CEF) 2024-06-18
View Change
ManageEngine Log360 Alert Log MANAGE_ENGINE_LOG360 SYSLOG+KV 2024-09-16
View Change
Sentinelone Alerts Endpoint Security SENTINELONE_ALERT JSON 2024-09-18
View Change
Datadog NDR DATADOG JSON 2023-07-21
View Change
Cisco Switch Switches, Routers CISCO_SWITCH SYSLOG 2024-10-03
View Change
IBM Mainframe Storage Monitoring IBM_MAINFRAME_STORAGE SYSLOG 2024-10-03
View Change
pfSense FIREWALL PFSENSE SYSLOG 2024-10-11
View Change
Cisco Umbrella Web Proxy Web Proxy UMBRELLA_WEBPROXY CSV 2024-09-05
View Change
AWS Security Hub IDS/IPS AWS_SECURITY_HUB JSON 2023-06-20
View Change
Symantec VIP Gateway Email Server SYMANTEC_VIP SYSLOG 2023-03-03
View Change
Palo Alto Cortex XDR Alerts NDR CORTEX_XDR JSON, SYSLOG + KV 2024-08-20
View Change
CyberArk PTA Privileged Threat Analytics AUDIT CYBERARK_PTA SYSLOG + KV (CEF) 2024-08-13
View Change
Imperva WAF IMPERVA_WAF SYSLOG+KV, JSON 2024-10-10
View Change
PerimeterX Bot Protection Security PERIMETERX_BOT_PROTECTION JSON 2024-03-27
View Change
Cisco Umbrella Cloud Firewall Firewall UMBRELLA_FIREWALL CSV 2022-09-02
View Change
Netskope V2 Cloud Security NETSKOPE_ALERT_V2 JSON 2024-09-25
View Change
Akamai Cloud Monitor Load Balancer, Traffic Shaper, ADC AKAMAI_CLOUD_MONITOR JSON 2023-09-16
View Change
Extreme Networks Switch Security EXTREME_SWITCH SYSLOG 2023-12-19
View Change
Cloud Storage Context Google Cloud Specific N/A JSON 2024-05-28
View Change
Emerging Threats Pro IOC ET_PRO_IOC CSV 2022-11-28
View Change
Palo Alto Networks Firewall Firewall PAN_FIREWALL CSV + CEF + LEEF 2024-10-09
View Change
Mimecast URL Logs Email server log types. MIMECAST_URL_LOGS JSON 2024-09-23
View Change
Rubrik Backup software RUBRIK SYSLOG 2022-12-01
View Change
TrendMicro Web Proxy Web Proxy TRENDMICRO_WEBPROXY SYSLOG + KV 2024-03-26
View Change
ExtraHop DNS DNS EXTRAHOP_DNS JSON 2021-12-13
COVID-19 Cyber Threat Coalition IOC COVID_CTC_IOC Value Entry 2020-06-02
OSQuery EDR OSQUERY_EDR SYSLOG + JSON 2024-05-01
View Change
Barracuda Firewall Firewall BARRACUDA_FIREWALL SYSLOG 2024-09-05
View Change
Windows Defender AV AV / Endpoint WINDOWS_DEFENDER_AV JSON, XML 2024-01-30
View Change
Trellix HX Event Streamer Cybersecurity TRELLIX_HX_ES SYSLOG + KV 2024-03-31
View Change
Sophos UTM Unified Threat Management SOPHOS_UTM KV 2024-10-10
View Change
Jenkins Automation and DevOps JENKINS JSON, SYSLOG 2024-08-14
View Change
ThreatX WAF WAF THREATX_WAF SYSLOG, JSON 2024-10-14
View Change
CA LDAP Web server CA_LDAP JSON 2022-08-19
View Change
Tanium Threat Response Tanium Specific TANIUM_THREAT_RESPONSE JSON 2024-10-16
View Change
Netscout OCI Alert log NETSCOUT_OCI SYSLOG + KV 2024-02-21
View Change
Windows Event Endpoint WINEVTLOG JSON,XML,SYSLOG+KV,SYSLOG+JSON,SYSLOG+XML 2024-10-18
View Change
VMware Horizon VDI VMWARE_HORIZON SYSLOG 2022-08-15
View Change
Tanium Discover Tanium Specific TANIUM_DISCOVER JSON 2022-11-24
View Change
Awake NDR NDR AWAKE_NDR JSON 2024-01-11
View Change
Elastic Windows Event Log Beats Log Aggregator ELASTIC_WINLOGBEAT SYSLOG + JSON 2024-09-24
View Change
AlphaSOC Alert ASOC_ALERT JSON 2021-06-21
DigitalArts i-Filter Web Proxy DIGITALARTS_IFILTER SYSLOG 2024-06-24
View Change
Aruba Wireless ARUBA_WIRELESS SYSLOG 2024-09-04
View Change
Fluentd Logs Log Aggregator FLUENTD SYSLOG + JSON 2023-11-29
View Change
Workspace Mobile Devices Google Cloud Specific WORKSPACE_MOBILE JSON 2023-11-29
View Change
Pure Storage Data Storage PURE_STORAGE SYSLOG + KV 2024-10-01
View Change
CENSYS NDR CENSYS SYSLOG + KV 2024-02-03
View Change
Cylance Protect Alerts CYLANCE_PROTECT SYSLOG + KV 2022-09-06
View Change
Microsoft Intune Mobile Device Management AZURE_MDM_INTUNE JSON 2024-04-10
View Change
Windows DHCP DHCP WINDOWS_DHCP JSON, SYSLOG, CSV 2024-08-23
View Change
F5 ASM WAF F5_ASM SYSLOG, CSV 2024-10-10
View Change
Atlassian Jira Ticketing Application ATLASSIAN_JIRA SYSLOG, JSON 2023-12-12
View Change
Rapid7 Insight Vulnerability Scanner RAPID7_INSIGHT SYSLOG, JSON 2024-05-13
View Change
Azure Key Vault logging Audit AZURE_KEYVAULT_AUDIT JSON 2024-09-25
View Change
AWS CloudFront CDN AWS_CLOUDFRONT SYSLOG, JSON 2024-09-05
View Change
Claroty Enterprise Management Console Cyber Security CLAROTY_EMC SYSLOG+KV 2024-04-30
View Change
Airlock Digital Application Allowlisting Application Whitelisting AIRLOCK_DIGITAL SYSLOG 2024-06-18
View Change
Sophos Firewall (Next Gen) Firewall SOPHOS_FIREWALL KV 2024-08-26
View Change
Varonis Data Security / Insider Threat VARONIS SYSLOG + KV (CEF), LEEF 2022-10-08
View Change
JAMF Pro Mac Endpoint Management System JAMF_PRO SYSLOG + KV, JSON 2024-09-11
View Change
FortiGate Firewall FORTINET_FIREWALL JSON, SYSLOG + KV 2024-10-15
View Change
reCAPTCHA Enterprise Access Management GCP_RECAPTCHA_ENTERPRISE JSON 2024-02-12
View Change
NIMBLE OS OS NIMBLE_OS SYSLOG 2022-07-21
View Change
Duo Administrator Logs Authentication DUO_ADMIN JSON 2024-08-27
View Change
Passive DNS DNS PASSIVE_DNS JSON 2021-05-19
CoSoSys Protector Endpoint Detection ENDPOINT_PROTECTOR_DLP SYSLOG + KV 2023-04-17
View Change
Cisco DNA Center Platform Network Management and Optimization CISCO_DNAC SYSLOG+JSON 2023-12-29
View Change
Snyk Group level audit Logs Vulnerability Scanners SNYK_SDLC JSON 2023-04-25
View Change
Citrix Monitor Monitoring of DaaS CITRIX_MONITOR JSON 2022-12-06
View Change
ZScaler VPN VPN ZSCALER_VPN SYSLOG + CSV 2023-06-08
View Change
Avanan Email Security Email Server AVANAN_EMAIL JSON 2022-07-12
View Change
IBM-i Operating System I Operating System IBM_I Syslog CEF 2024-07-03
View Change
Salesforce SaaS Application SALESFORCE KV (LEEF), CSV 2024-10-07
View Change
MISP Threat Intelligence Cybersecurity MISP_IOC JSON, CSV 2024-09-05
View Change
Ubiquiti UniFi Switch Switch UBIQUITI_SWITCH SYSLOG 2023-11-21
View Change
Mimecast Email Server MIMECAST_MAIL KV 2024-08-05
View Change
RSA SecurID Access Identity Router SECURITY RSA_SECURID SYSLOG + CSV 2024-06-07
View Change
Acalvio Deception Software ACALVIO SYSLOG + KV 2020-10-13
Cisco UCM Communication Manager CISCO_UCM SYSLOG + KV 2024-10-15
View Change
Digital Shadows Indicators IOC DIGITAL_SHADOWS_IOC JSON 2022-04-23
IBM Security Verify Endpoint Security IBM_SECURITY_VERIFY SYSLOG,SYSLOG+XML 2024-05-13
View Change
Falco IDS IDS/IPS FALCO_IDS JSON 2024-03-06
View Change
McAfee Web Protection SaaS Application MCAFEE_WEB_PROTECTION JSON 2022-09-22
View Change
Cisco VCS Expressway Telephone software CISCO_VCS SYSLOG 2023-06-12
View Change
Semperis DSP LDAP SEMPERIS_DSP SYSLOG 2024-05-03
View Change
Zoom Operation Logs Operation-Specific ZOOM_OPERATION_LOGS SYSLOG 2022-11-04
View Change
ESET Threat Intelligence IOC ESET_IOC JSON 2023-10-05
View Change
Checkpoint SmartDefense SmartDefences CHECKPOINT_SMARTDEFENSE SYSLOG + CEF 2024-07-02
View Change
IBM Security QRadar SOAR Security IBM_SOAR SYSLOG + KV 2024-10-08
View Change
Palo Alto Panorama Firewall PAN_PANORAMA CSV 2024-09-10
View Change
Wallix Bastion Privileged Account Activity WALLIX_BASTION SYSLOG, SYSLOG + KV 2024-06-28
View Change
Kea DHCP DHCP KEA_DHCP SYSLOG 2022-03-22
View Change
CommVault Alert System COMMVAULT KV , SYSLOG 2024-10-08
View Change
Array Networks SSL VPN VPN ARRAYNETWORKS_VPN SYSLOG, SYSLOG + KV 2024-05-14
View Change
Ionix SECURITY IONIX JSON 2023-09-28
View Change
TCPWave DDI Secure ddi TCPWAVE_DDI SYSLOG + JSON 2022-09-27
View Change
D3 Banking BANKING D3_BANKING JSON 2022-03-23
View Change
Salesforce Commerce Cloud SaaS Application SALESFORCE_COMMERCE_CLOUD SYSLOG, JSON 2024-10-03
View Change
Workspace Alerts Google Cloud Specific WORKSPACE_ALERTS JSON 2024-10-08
View Change
Druva Backup Security DRUVA_BACKUP JSON 2024-10-15
View Change
AppOmni SAAS Security Application APPOMNI JSON 2023-08-23
View Change
DMP Physical Security DMP_ENTRE SYSLOG 2020-09-23
TeamViewer Remote Support TEAMVIEWER JSON 2022-08-02
View Change
McAfee IPS IDS/IPS MCAFEE_IPS SYSLOG 2021-04-15
Workday User Activity N/A WORKDAY_USER_ACTIVITY SYSLOG + JSON , JSON 2024-09-05
View Change
HYPR MFA Security SSO HYPR_MFA CSV 2024-04-26
View Change
Trend Micro Cloud one Cloud Security TRENDMICRO_CLOUDONE SYSLOG, JSON 2024-04-29
View Change
Azure AD Directory Audit Audit AZURE_AD_AUDIT JSON 2024-09-04
View Change
Okta Identity and Access Management OKTA JSON 2024-09-20
View Change
Juniper Firewall JUNIPER_FIREWALL SYSLOG + KV + JSON 2024-10-11
View Change
Workday Audit Logs Audit And Compliance WORKDAY_AUDIT CSV 2024-10-04
View Change
Unbound DNS DNS UNBOUND_DNS SYSLOG 2020-06-09
Kyriba Treasury Management SaaS Application KYRIBA CSV 2021-02-24
Ingrian Networks DataSecure Appliance System and Audit Logs INGRIAN_NETWORKS_DATASECURE_APPLIANCE Syslog 2024-06-06
View Change
AWS Aurora AWS AWS_AURORA JSON 2024-01-12
View Change
Cybereason EDR EDR CYBEREASON_EDR JSON 2024-01-25
View Change
Carbon Black App Control Security log CB_APP_CONTROL CEF, JSON 2024-07-29
View Change
Palo Alto Prisma Access Cloud Security PAN_CASB JSON 2022-11-25
View Change
Samba SMBD Privileged Account Activity SMBD Syslog 2023-03-09
View Change
Neo4j Database management system NEO4J JSON 2023-12-07
View Change
OSSEC IDS/IPS OSSEC SYSLOG 2024-04-24
View Change
ZScaler DNS DNS ZSCALER_DNS SYSLOG + KV, JSON 2024-05-28
View Change
Cisco UCS OS logs CISCO_UCS SYSLOG 2022-07-04
View Change
Spur data feeds Vulnerability Management SPUR_FEEDS JSON 2024-05-10
View Change
Stealthbits PAM Privileged Access Management Solution STEALTHBITS_PAM CEF + KV 2023-11-07
View Change
Zix Email Encryption Email Server ZIX_EMAIL_ENCRYPTION SYSLOG 2024-05-10
View Change
Netapp Storagegrid Security NETAPP_STORAGEGRID SYSLOG + KV 2024-06-15
View Change
Cloud SQL Context Google Cloud Specific GCP_SQL_CONTEXT JSON 2023-07-26
View Change
Proofpoint Sendmail Sentrion Email server PROOFPOINT_SENDMAIL_SENTRION SYSLOG 2024-06-05
View Change
Atlassian Confluence Knowledge base ATLASSIAN_CONFLUENCE SYSLOG, JSON 2024-07-05
View Change
Fortinet FortiClient Security FORTINET_FORTICLIENT KV 2023-12-29
View Change
Crowdstrike IOC IOC CROWDSTRIKE_IOC JSON 2023-08-23
View Change
Oracle DATABASE ORACLE_DB SYSLOG + KV 2024-09-25
View Change
Workspace Groups Google Cloud Specific WORKSPACE_GROUPS JSON 2023-11-29
View Change
Sourcefire IDS/IPS SOURCEFIRE_IDS JSON, CEF 2024-07-22
View Change
Cyber 2.0 IDS IDS CYBER_2_IDS SYSLOG+JSON 2024-08-21
View Change
Ntopng NDR NTOPNG SYSLOG + JSON 2024-02-01
View Change
Ubika WAAP WAF UBIKA_WAAP SYSLOG 2024-06-03
View Change
Cisco Meraki Wireless CISCO_MERAKI SYSLOG, JSON 2024-10-04
View Change
Virtru Email Encryption EMAIL SERVER VIRTRU_EMAIL_ENCRYPTION JSON 2024-06-11
View Change
Netscout NETWORK ARBOR_EDGE_DEFENSE SYSLOG + KV 2023-02-21
View Change
IBM Security Verify SaaS SaaS Application IBM_SECURITY_VERIFY_SAAS JSON 2023-10-27
View Change
Accellion DLP ACCELLION SYSLOG 2022-09-30
View Change
Duo Entity context data Identity and Access Management DUO_CONTEXT JSON 2022-03-14
ClamAV AV / Endpoint CLAM_AV JSON 2022-02-07
AWS EC2 Instances AWS Specific AWS_EC2_INSTANCES JSON 2024-01-31
View Change
Windows Event (XML) AV / Endpoint WINEVTLOG_XML SYSLOG + XML, KV, SYSLOG + JSON, SYSLOG + CSV 2024-10-10
View Change
Apple macOS AV / Endpoint MACOS SYSLOG, JSON 2024-09-18
View Change
Fivetran SIEM Systems FIVETRAN JSON 2024-06-24
View Change
Fortinet FortiNAC NAC FORTINET_FORTINAC SYSLOG 2022-07-08
View Change
Aruba Switch Network Infrastructure ARUBA_SWITCH SYSLOG 2024-10-16
View Change
Bitwarden Events Password Manager BITWARDEN_EVENTS JSON 2023-11-09
View Change
Microsoft AD LDAP WINDOWS_AD JSON 2024-10-08
View Change
Forcepoint CASB CASB FORCEPOINT_CASB SYSLOG + CEF 2022-08-23
View Change
SAP SuccessFactors Audit Log SAP_SUCCESSFACTORS CSV 2024-05-22
View Change
Digi modems Switches and Routers DIGI_MODEMS SYSLOG 2023-06-26
View Change
Microsoft Azure Activity Misc Windows Specific AZURE_ACTIVITY JSON 2024-09-25
View Change
Azure AD Sign-In Misc Windows Specific AZURE_AD_SIGNIN JSON 2024-10-17
View Change
Stealthbits Defend Security System for Active Directory and File Systems. STEALTHBITS_DEFEND SYSLOG + KV (LEEF, CEF) 2022-11-17
View Change
Trend Micro SMS, UNITY_ONE TIPPING_POINT SYSLOG 2024-10-15
View Change
SpyCloud AV / Endpoint SPYCLOUD SYSLOG + JSON , JSON 2024-08-13
View Change
Workspace Users Google Cloud Specific WORKSPACE_USERS JSON 2024-03-27
View Change
Open LDAP LDAP OPENLDAP SYSLOG 2024-06-06
View Change
ForgeRock OpenDJ LDAP OPENDJ SYSLOG + KV 2020-10-01
Corelight NDR CORELIGHT JSON 2024-09-20
View Change
Desynova Contido Switches DESYNOVA_CONTIDO SYSLOG + JSON 2023-09-19
View Change
Cynet 360 AutoXDR AV and endpoint logs CYNET_360_AUTOXDR JSON 2024-07-09
View Change
AMD Pensando DSS Firewall Firewall AMD_DSS_FIREWALL SYSLOG + CSV 2023-05-08
View Change
Google Cloud Identity Context Identity and Access Management CLOUD_IDENTITY_CONTEXT JSON 2023-07-25
View Change
Citrix Netscaler Load Balancer, Traffic Shaper, ADC CITRIX_NETSCALER SYSLOG + KV 2024-10-15
View Change
Microsoft IIS Web Server IIS SYSLOG + KV, JSON 2024-06-20
View Change
ExtraHop RevealX Firewall IDS/IPS EXTRAHOP JSON, SYSLOG 2023-10-27
View Change
Fortinet FortiEDR EDR FORTINET_FORTIEDR SYSLOG + KV 2024-09-16
View Change
Net Suite WAF NET_SUITE kv 2023-08-02
View Change
ProofPoint Secure Email Relay Email server PROOFPOINT_SER JSON 2024-10-03
View Change
GCP_MONITORING_ALERTS Application server logs GCP_MONITORING_ALERTS JSON 2024-07-09
View Change
Solarwinds Kiwi Syslog Server Security Log SOLARWINDS_KSS SYSLOG + KV 2024-06-11
View Change
Forcepoint Mail Relay Email Server FORCEPOINT_MAIL_RELAY JSON 2024-07-18
View Change
ForgeRock Identity Cloud Cloud Security FORGEROCK_IDENTITY_CLOUD JSON 2024-03-11
View Change
Ping Federate Authentication PING_FEDERATE CSV 2024-10-10
View Change
SAP SAST Suite Security SAP_SAST SYSLOG 2023-12-28
View Change
SentinelOne Singularity Cloud Funnel EVENTS SENTINELONE_CF JSON 2024-08-02
View Change
Cisco TACACS+ Authentication CISCO_TACACS SYSLOG + KV 2024-09-19
View Change
Proofpoint Web Browser Isolation ATTACK PROTECTION ISOLATION PROOFPOINT_WEB_BROWSER_ISOLATION JSON 2023-05-25
View Change
Cisco Internetwork Operating System Network Infrastructure CISCO_IOS SYSLOG 2024-10-16
View Change
Nokia Router Switches and Routers NOKIA_ROUTER SYSLOG + KV 2023-11-27
View Change
Duo User Context Identity and Access Management DUO_USER_CONTEXT JSON 2024-05-31
View Change
Terraform Enterprise Audit IT infrastructure TERRAFORM_ENTERPRISE JSON, KV, SYSLOG 2024-06-26
View Change
Saiwall VPN VPN SAIWALL_VPN KV 2024-08-27
View Change
HCNET Account Adapter Plus DHCP HCNET_ACCOUNT_ADAPTER SYSLOG 2022-09-15
View Change
VMware vRealize Suite (VMware Aria) Cloud VMWARE_VREALIZE SYSLOG 2023-06-25
View Change
NGFW Enterprise Google Cloud Specific GCP_NGFW_ENTERPRISE JSON 2024-04-16
View Change
Check Point Sandblast EDR CHECKPOINT_EDR SYSLOG + KV and SYSLOG + CEF 2024-05-09
View Change
Microsoft CyberX IoT CYBERX SYSLOG+KV 2024-06-25
View Change
Delinea Secret Server Privileged Account Activity DELINEA_SECRET_SERVER KV 2024-09-05
View Change
Dell EMC Data Domain Storage system DELL_EMC_DATA_DOMAIN SYSLOG + KV 2024-09-20
View Change
Suricata IDS IDS/IPS SURICATA_IDS JSON 2024-04-08
View Change
Network Policy Server Network Policy Server MICROSOFT_NPS JSON 2024-07-24
View Change
Qualys Virtual Scanner Vulnerability Scanner QUALYS_VIRTUAL_SCANNER JSON 2023-08-21
View Change
Portnox CEF Privileged Account Activity PORTNOX_CEF CEF Syslog 2024-05-31
View Change
Armis Vulnerabilities VULNERABILITIES ARMIS_VULNERABILITIES JSON 2023-02-07
View Change
Alcatel Switch Privileged Account Activity ALCATEL_SWITCH SYSLOG 2024-03-11
View Change
CloudGenix SD-WAN Switches, Routers CLOUDGENIX_SDWAN SYSLOG + KV 2022-09-08
View Change
Zscaler DLP Data Loss Prevention ZSCALER_DLP JSON, CSV 2024-03-11
View Change
Custom DNS DNS CUSTOM_DNS JSON 2022-08-05
View Change
Dell ECS Enterprise Object Storage ECS DELL_ECS SYSLOG 2024-03-18
View Change
Extreme Wireless Network Management and Optimization software EXTREME_WIRELESS SYSLOG 2024-02-28
View Change
Ergon Informatik Airlock IAM Application Whitelisting ERGON_INFORMATIK_AIRLOCK_IAM SYSLOG 2024-08-28
View Change
Sophos Capsule8 Container Security SOPHOS_CAPSULE8 JSON 2021-12-22
Blue Coat Proxy Web Proxy BLUECOAT_WEBPROXY SYSLOG + JSON, SYSLOG + KV, KV 2024-10-18
View Change
Resource Manager Context Google Cloud Specific GCP_RESOURCE_MANAGER_CONTEXT JSON 2023-07-26
View Change
Microsoft Graph API Alerts Gateway to data and intelligence MICROSOFT_GRAPH_ALERT JSON 2024-09-06
View Change
Microsoft IAS Server Endpoint Security MICROSOFT_IAS CSV + KV 2024-04-25
Twingate VPN TWINGATE JSON 2024-10-11
View Change
Ansible AWX Automation and DevOps Tools ANSIBLE_AWX JSON 2024-06-25
View Change
DomainTools Threat Intelligence Threat intelligence DOMAINTOOLS_THREATINTEL JSON 2023-12-13
View Change
Winscp Data Transfer WINSCP SYSLOG, CSV 2024-05-22
View Change
Windows DNS DNS WINDOWS_DNS JSON, XML, SYSLOG + KV 2024-06-25
View Change
Bluecat DDI DDI (DNS, DHCP, IPAM) BLUECAT_DDI SYSLOG 2022-11-08
View Change
Radware Web Application Firewall Firewall RADWARE_FIREWALL SYSLOG 2024-09-17
View Change
CA ACF2 Mainframe CA_ACF2 LEEF 2022-05-24
View Change
Neosec Security NEOSEC JSON 2023-07-31
View Change
Ordr IoT IoT ORDR_IOT SYSLOG + JSON 2024-03-05
View Change
FireEye HX Audit Audits FIREEYE_HX_AUDIT XML 2022-11-04
View Change
Comodo AV / Endpoint COMODO_AV SYSLOG + KV (CEF) 2021-04-09
Department of Homeland Security Threat detection DHS_IOC XML 2023-07-31
View Change
Kubernetes Audit K8s cluster audit logs KUBERNETES_AUDIT JSON 2023-08-21
View Change
HCL BigFix Network Management and Optimization HCL_BIGFIX JSON 2023-12-08
View Change
SAP Webdispatcher Software WebSwitch SAP_WEBDISP SYSLOG 2024-03-15
View Change
Kemp Load Balancer Load Balancer, Traffic Shaper, ADC KEMP_LOADBALANCER SYSLOG + KV 2023-05-31
View Change
Compute Context Google Cloud Specific N/A JSON 2024-01-27
View Change
STIX Threat Intelligence Cybersecurity Threats STIX SYSLOG + KV (CEF) 2024-09-25
View Change
Zeek JSON DNS BRO_JSON JSON 2024-05-01
View Change
Symantec Web Security Service Web Proxy SYMANTEC_WSS JSON 2024-09-24
View Change
Cisco CTS Telephone Software CISCO_CTS SYSLOG + KV 2021-05-20
Mattermost Alerts MATTERMOST JSON , SYSLOG 2023-12-15
View Change
YAMAHA ROUTER RTX1200 Switches AND Routers YAMAHA_ROUTER SYSLOG 2024-04-19
View Change
Guardicore Centra Deception Software GUARDICORE_CENTRA JSON 2024-10-09
View Change
ManageEngine Reporter Plus SaaS Application MANAGE_ENGINE_REPORTER_PLUS JSON 2022-08-29
View Change
Bluecat Edge DNS Resolver DNS BLUECAT_EDGE JSON, KV, SYSLOG 2022-01-18
Thales Digital Identity and Security Digital Identity & Security THALES_DIS SYSLOG 2022-03-17
Ipswitch SFTP Data Transfer IPSWITCH_SFTP SYSLOG, JSON 2022-09-05
View Change
Auth0 Authentication log AUTH_ZERO JSON 2024-10-10
View Change
Automation Anywhere Automation Tools AUTOMATION_ANYWHERE SYSLOG + KV 2021-04-28
Opswat Metadefender Threat Protection OPSWAT_METADEFENDER SYSLOG + KV (CEF) 2024-10-03
View Change
Custom Application Access Logs Security CUSTOM_APPLICATION_ACCESS JSON 2024-03-11
View Change
PostFix Mail Email Server POSTFIX_MAIL SYSLOG 2024-06-25
View Change
ESET EDR ESET_EDR SYSLOG + JSON 2024-04-08
View Change
BeyondTrust Secure Remote Access Remote Access Tools BEYONDTRUST_REMOTE_ACCESS SYSLOG + KV 2022-09-30
View Change
Duo Activity Logs Activity DUO_ACTIVITY JSON 2024-08-28
View Change
AWS Control Tower Identity and Access Management AWS_CONTROL_TOWER JSON 2024-03-17
View Change
McAfee Web Gateway Web Proxy MCAFEE_WEBPROXY SYSLOG + KV (CEF), JSON 2023-06-17
View Change
VMware AirWatch Wireless AIRWATCH SYSLOG + KV 2024-10-17
View Change
Unix system OS NIX_SYSTEM SYSLOG, JSON 2024-10-25
View Change
HP Linux OS HP_LINUX SYSLOG 2024-10-08
View Change
Cloud SQL Google Cloud Specific GCP_CLOUDSQL JSON 2024-09-27
View Change
Apache Hadoop open-source software HADOOP SYSLOG + KV 2023-06-05
View Change
IBM AS/400 Application System IBM_AS400 SYSLOG + KV, SYSLOG + JSON 2024-05-24
View Change
Veritas NetBackup Backup software VERITAS_NETBACKUP SYSLOG 2024-01-18
View Change
JumpCloud Directory Insights CLOUD JUMPCLOUD_DIRECTORY_INSIGHTS JSON 2024-05-20
View Change
OneLogin SSO ONELOGIN_SSO JSON 2024-05-27
View Change
Open Cybersecurity Schema Framework (OCSF) Schema OCSF JSON 2023-10-30
View Change
Riverbed Steelhead Network Management and Optimization STEELHEAD JSON , SYSLOG 2024-06-11
View Change
Cloud Data Loss Prevention Google Cloud Specific N/A JSON 2024-09-23
View Change
Netskope CASB CASB NETSKOPE_CASB JSON 2024-02-12
View Change
Fortra Powertech SIEM Agent STATUS_UPDATE FORTRA_POWERTECH_SIEM_AGENT SYSLOG, CEF 2024-04-30
View Change
Atlassian Bitbucket Atlassian Bitbucket ATLASSIAN_BITBUCKET JSON 2023-06-12
View Change
Microsoft System Center Endpoint Protection Malware Detection MICROSOFT_SCEP KV 2024-10-17
View Change
Fortinet DHCP FORTINET_DHCP KV 2022-11-21
View Change
Netwrix Web Server NETWRIX JSON 2024-05-23
View Change
Windows Hyper-V Virtualization Software WINDOWS_HYPERV JSON 2023-10-09
View Change
VPC Flow Logs Google Cloud Specific GCP_VPC_FLOW JSON 2024-03-15
View Change
Imperva Audit Trail IT infrastructure IMPERVA_AUDIT_TRAIL JSON, SYSLOG 2024-10-10
View Change
AWS Config AWS Specific AWS_CONFIG JSON 2024-06-09
View Change
CA Access Control Access Management CA_ACCESS_CONTROL JSON+SYSLOG, SYSLOG 2023-07-25
View Change
Cloud Audit Logs Google Cloud Specific N/A JSON 2024-10-15
View Change
Maria Database Databbase MARIA_DB SYSLOG 2024-07-07
View Change
Yubico OTP Audit event YUBICO_OTP SYSLOG, JSON, CSV 2023-02-20
View Change
Microsoft CASB CASB MICROSOFT_CASB SYSLOG + KV (CEF) 2023-11-27
View Change
Cloud Identity Device Users Google Cloud Specific GCP_CLOUDIDENTITY_DEVICEUSERS JSON 2022-10-01
View Change
Kubernetes Node Kubernetes Container KUBERNETES_NODE JSON 2024-10-11
View Change
Solaris system OS SOLARIS_SYSTEM SYSLOG 2024-04-05
View Change
NXLog Manager Log Aggregator NXLOG_MANAGER SYSLOG 2022-01-13
Trend Micro Apex one Endpoint Security TRENDMICRO_APEX_ONE SYSLOG + KV 2024-09-05
View Change
CyberArk Endpoint Privilege Manager (EPM) EPM CYBERARK_EPM JSON 2023-08-22
View Change
Ubika Waf WAF UBIKA_WAF JSON + SYSLOG, SYSLOG 2024-08-23
View Change
Cisco NX-OS OS CISCO_NX_OS SYSLOG 2023-09-05
View Change
Cisco Unity Connection Administration and Management CISCO_UNITY_CONNECTION SYSLOG + KV 2024-10-17
View Change
macOS Endpoint Security AV and endpoint logs MACOS_ENDPOINT_SECURITY SYSLOG + KV 2023-07-17
View Change
IBM DataPower Gateway API Gateway IBM_DATAPOWER JSON, SYSLOG 2024-06-18
View Change
FireEye NX NDR FIREEYE_NX JSON, SYSLOG+KV 2024-10-17
View Change
KnowBe4 PhishER Email server log types. KNOWBE4_PHISHER JSON 2024-10-16
View Change
Squid Web Proxy Web Proxy SQUID_WEBPROXY SYSLOG 2024-09-11
View Change
GMAIL Logs Google Cloud Specific GMAIL_LOGS JSON 2024-05-10
View Change
Thales Vormetric Encryption VORMETRIC SYSLOG 2024-08-05
View Change
Linux Sysmon DNS LINUX_SYSMON XML 2024-06-17
View Change
Aruba Airwave Wireless ARUBA_AIRWAVE XML 2023-12-06
View Change
Malwarebytes EDR MALWAREBYTES_EDR JSON 2024-08-14
View Change
Forcepoint NGFW Network FORCEPOINT_FIREWALL JSON 2023-02-16
View Change
Windows Sysmon DNS WINDOWS_SYSMON JSON, XML 2024-10-04
View Change
Qualys VM Vulnerability Scanner QUALYS_VM KV + JSON 2023-10-27
View Change
Cribl Stream Log Aggregation and SIEM Systems CRIBL_STREAM JSON 2024-06-05
View Change
VMware Tanzu Kubernetes Grid IDS/IPS VMWARE_TANZU JSON + SYSLOG+JSON 2023-09-08
View Change
Wazuh Log Aggregator WAZUH SYSLOG + JSON 2024-09-12
View Change
Mongo Database DATABASE MONGO_DB JSON 2024-04-01
View Change
PostgreSQL Database POSTGRESQL JSON,KV 2024-08-07
View Change
Oracle Cloud Infrastructure VCN Flow Logs Oracle Cloud Infrastructure OCI_FLOW JSON 2024-09-15
View Change
Akamai SIEM Connector Log Aggregation and SIEM Systems AKAMAI_SIEM_CONNECTOR JSON 2024-06-07
View Change
Azure App Service SAAS AZURE_APP_SERVICE JSON 2024-09-30
View Change
Qualys Asset Context Vulnerability Scanner QUALYS_ASSET_CONTEXT JSON 2023-08-01
View Change
Honeyd Deception Software HONEYD SYSLOG 2024-05-26
View Change
Stormshield Firewall FIREWALL STORMSHIELD_FIREWALL SYSLOG + KV 2023-06-29
View Change
Cisco Wireless IPS Cisco Wips CISCO_WIPS SYSLOG + KV 2023-11-17
View Change
Oracle Cloud Infrastructure Oracle Cloud Infrastructure ORACLE_CLOUD_AUDIT JSON 2023-10-30
View Change
Azion Firewall AZION JSON 2023-09-30
View Change
Qumulo FS File System QUMULO_FS SYSLOG 2024-05-09
View Change
Custom Security Data Analytics Log Aggregation CUSTOM_SECURITY_DATA_ANALYTICS JSON 2022-07-08
View Change
Digital Guardian DLP DLP DIGITALGUARDIAN_DLP JSON 2023-06-02
View Change
Mandiant Custom IOC IOC MANDIANT_CUSTOM_IOC JSON 2023-12-19
View Change
Bitdefender AV / Endpoint BITDEFENDER CSV 2023-05-02
View Change
Workday SaaS Application WORKDAY JSON, CSV 2024-06-25
View Change
Team Cymru Scout Threat Intelligence Threat Intel TEAM_CYMRU_SCOUT_THREATINTEL JSON 2024-08-22
View Change
HID DigitalPersona Audit Log HID_DIGITALPERSONA JSON, SYSLOG + KV 2024-05-23
View Change
CrushFTP Application server CRUSHFTP SYSLOG+KV 2024-09-16
View Change
Aqua Security IaaS Applications AQUA_SECURITY JSON 2024-10-10
View Change
Evision FircoSoft Infrastructure EVISION_FIRCOSOFT SYSLOG 2023-11-22
View Change
KerioControl Firewall Threat Management Firewall KERIOCONTROL SYSLOG 2024-02-28
View Change
Sophos Intercept EDR EDR logs SOPHOS_EDR JSON 2024-07-31
View Change
Palo Alto Prisma Cloud SECURITY PLATFORM PAN_PRISMA_CLOUD JSON 2024-03-28
View Change
AWS RDS Database AWS_RDS SYSLOG,JSON 2024-10-03
View Change
AWS VPN VPN AWS_VPN JSON 2024-09-19
View Change
Gitlab SAAS GITLAB JSON 2024-04-08
View Change
Symantec CloudSOC CASB CASB SYMANTEC_CASB SYSLOG + JSON 2024-03-19
View Change
Vsftpd FTP Server VSFTPD GROK 2023-11-20
View Change
HPE BladeSystem C7000 BladeSystem C7000 HPE_BLADESYSTEM_C7000 SYSLOG 2024-04-08
View Change
Precisely Ironstream IBM z/OS ZOS IRONSTREAM_ZOS JSON 2024-07-30
View Change
Microsoft PowerShell Misc. Windows-specific POWERSHELL SYSLOG + JSON, XML 2024-08-20
View Change
Pivotal PaaS Application PIVOTAL SYSLOG + KV 2022-08-17
View Change
Thycotic Identity and Access Management THYCOTIC SYSLOG + KV (CEF) 2024-10-08
View Change
Preempt Alert Identity and Access Management PREEMPT SYSLOG + KV (CEF) 2022-06-22
View Change
Menlo Security Web Proxy MENLO_SECURITY JSON 2023-08-03
View Change
Juniper IPS IDS/IPS JUNIPER_IPS SYSLOG + KV 2022-05-26
View Change
Microsoft SQL Server Database MICROSOFT_SQL SYSLOG + KV, JSON, SYSLOG + JSON 2024-10-08
View Change
Fortinet Fortimanager Network Management and Optimization software. FORTINET_FORTIMANAGER KV + SYSLOG 2024-09-18
View Change
Cambium Networks Switches and Routers Log Type CAMBIUM_NETWORKS SYSLOG 2023-07-27
View Change
Versa Firewall FIREWALL VERSA_FIREWALL SYSLOG + KV 2024-06-03
View Change
SEPPmail Secure Email email encryption and signature solutions SEPPMAIL SYSLOG + KV 2024-06-04
View Change
IBM Security Access Manager WAF IBM_SAM SYSLOG 2024-03-08
View Change
ManageEngine AD360 Identity and Access Management MANAGE_ENGINE_AD360 SYSLOG + KV 2022-09-16
View Change
Cloud DNS Google Cloud Specific N/A JSON 2023-05-12
View Change
CyberArk Privileged Access Manager (PAM) CyberArk Privileged Access Manager CYBERARK_PAM SYSLOG 2024-05-05
View Change
Fortinet FortiAnalyzer Fortinet FortiAnalyzer FORTINET_FORTIANALYZER JSON 2024-10-01
View Change
Azure Cosmos DB Database AZURE_COSMOS_DB JSON 2023-02-22
View Change
Absolute Mobile Device Management Mobile Device Management ABSOLUTE SYSLOG + KV (CEF) 2023-07-07
View Change
Digital Guardian EDR EDR DIGITALGUARDIAN_EDR KV 2022-12-07
View Change
Cisco AMP AV / Endpoint CISCO_AMP JSON 2024-05-14
View Change
Windows Firewall Firewall WINDOWS_FIREWALL Space Separated Value 2021-08-26
Zscaler Secure Private Access Audit Logs AUDIT ZSCALER_ZPA_AUDIT JSON 2024-07-08
View Change
Symantec EDR EDR SYMANTEC_EDR JSON 2022-03-31
View Change
UberAgent Security UBERAGENT CSV 2024-09-19
View Change
Cloud Identity Devices Google Cloud Specific GCP_CLOUDIDENTITY_DEVICES JSON 2024-07-01
View Change
McAfee ePolicy Orchestrator Policy Management MCAFEE_EPO SYSLOG + XML, CSV, KV, JSON 2024-10-01
View Change
Barracuda Email Email Server BARRACUDA_EMAIL JSON 2024-05-28
View Change
LogonBox Authentication LOGONBOX SYSLOG + KV 2024-02-05
View Change
Cisco Email Security Email Server CISCO_EMAIL_SECURITY SYSLOG + KV, JSON 2023-10-05
View Change
IAM Context Google Cloud Specific N/A JSON 2024-03-13
View Change
Linux Auditing System (AuditD) OS AUDITD SYSLOG 2024-10-15
View Change
Centripetal Networks IOC IOC CENTRIPETAL_IOC SYSLOG + KV 2022-01-06
RH-ISAC IOC RH_ISAC_IOC JSON 2024-03-07
View Change
Broadcom SSL Visibility Appliance SSL Visibility BROADCOM_SSL_VA SYSLOG 2024-06-25
View Change
CipherTrust Manager CIPHERTRUST_MANAGER SYSLOG + CEF + JSON 2024-06-24
View Change
HAProxy Load balancing HAPROXY SYSLOG 2024-08-23
View Change
Microsoft Defender for Endpoint EDR MICROSOFT_DEFENDER_ENDPOINT JSON 2024-09-24
View Change
Microsoft Azure NSG Flow Network Flow AZURE_NSG_FLOW JSON 2022-04-18
View Change
Big Switch BigCloudFabric Switches, Routers BIGSWITCH_BCF SYSLOG 2021-04-20
Citrix Storefront Remote Access Tools CITRIX_STOREFRONT JSON 2022-07-22
View Change
Workspace ChromeOS Devices Google Cloud Specific WORKSPACE_CHROMEOS JSON 2023-11-29
View Change
Compute Engine Google Cloud Specific GCP_COMPUTE JSON 2024-06-18
View Change
Workspace Privileges Google Cloud Specific WORKSPACE_PRIVILEGES JSON 2023-11-29
View Change
Fidelis Network NDR FIDELIS_NETWORK SYSLOG + KV, JSON 2024-10-09
View Change
AWS EMR AWS Specific AWS_EMR SYSLOG, SYSLOG+JSON, JSON 2024-09-05
View Change
VMware vCenter Server VMWARE_VCENTER SYSLOG + JSON 2024-08-27
View Change
AlgoSec Security Management Policy Management ALGOSEC SYSLOG + KV (CEF) 2022-11-27
View Change
Office 365 Message Trace OFFICE_365 Specific OFFICE_365_MESSAGETRACE JSON 2024-06-07
View Change
Okta Access Gateway OKTA specific OKTA_ACCESS_GATEWAY SYSLOG + KV 2023-02-20
View Change
Apache Tomcat Web server TOMCAT JSON 2024-10-07
View Change
AWS Network Firewall Firewall AWS_NETWORK_FIREWALL JSON 2023-05-05
View Change
Tenable Active Directory Security Tenable Active Directory Security TENABLE_ADS SYSLOG 2023-11-06
View Change
CrowdStrike Falcon EDR CS_EDR JSON 2024-10-09
View Change
Office 365 SaaS Application OFFICE_365 JSON 2024-10-11
View Change
Windows Applocker Application Locker WINDOWS_APPLOCKER SYSLOG + KV + JSON + XML 2023-10-17
View Change
Azure SQL Database AZURE_SQL JSON 2022-02-08
Comforte SecurDPS Data loss prevention COMFORTE_SECURDPS SYSLOG + KV, JSON 2024-06-10
View Change
Azure Application Gateway GATEWAY AZURE_GATEWAY JSON 2024-06-20
View Change
Cloudian hyperstore Storage Solutions CLOUDIAN_HYPERSTORE SYSLOG 2021-05-05
Security Command Center Toxic Combination Google Cloud Specific GCP_SECURITYCENTER_TOXIC_COMBINATION JSON 2024-03-20
View Change
Elastic Search Log Aggregator ELASTIC_SEARCH JSON 2023-11-02
View Change
Men and Mice DNS DNS MENANDMICE_DNS SYSLOG 2021-11-12
Red Hat Directory Server LDAP Identity and Access Management REDHAT_DIRECTORY_SERVER JSON + SYSLOG + KV 2024-10-07
View Change
Fastly WAF WAF FASTLY_WAF JSON 2022-06-06
View Change
AWS Session Manager AWS Specific AWS_SESSION_MANAGER SYSLOG 2023-06-14
View Change
Keeper Enterprise Security Security KEEPER JSON 2024-06-09
View Change
IBM WebSEAL Web server IBM_WEBSEAL JSON, SYSLOG 2024-01-22
View Change
Aruba EdgeConnect SD-WAN Network Security ARUBA_EDGECONNECT_SDWAN SYSLOG + CSV 2024-06-10
View Change
GCP_KUBERNETES_CONTEXT Computer Inventory GCP_KUBERNETES_CONTEXT JSON 2023-11-01
View Change
RSA Identity and Access Management RSA_AUTH_MANAGER CSV 2024-03-13
View Change
Citrix Analytics Monitoring of DaaS CITRIX_ANALYTICS JSON 2024-06-03
View Change
tenable.io Vulnerability Scanner TENABLE_IO JSON 2023-01-02
View Change
Linux DHCP DHCP LINUX_DHCP SYSLOG 2024-09-05
View Change
ADVA Fiber Service Platform Switches and Routers ADVA_FSP SYSLOG+KV 2023-12-18
View Change
Micro Focus iManager Network Management and Optimization MICROFOCUS_IMANAGER SYSLOG 2024-02-12
View Change
SecureAuth SSO SECUREAUTH_SSO SYSLOG, XML 2023-07-09
View Change
Cloud NAT Google Cloud Specific N/A JSON 2024-05-01
View Change
Netfilter IPtables Firewall NETFILTER_IPTABLES SYSLOG + KV 2023-10-12
View Change
GMV Checker ATM Security ATM Audit GMV_CHECKER SYSLOG, SYSLOG + KV 2024-08-27
View Change
CloudM Identity and Access Management CLOUDM JSON 2022-06-09
View Change
Lacework Cloud Security Cloud Security LACEWORK JSON 2024-09-25
View Change
Sonrai Enterprise Cloud Security Solution Cloud Security Solution SONRAI JSON 2024-06-13
View Change
Cisco Umbrella Audit Firewall and Security Management CISCO_UMBRELLA_AUDIT CSV 2024-01-10
View Change
Entrust nShield HSM Hardware Security Module ENTRUST_HSM SYSLOG 2024-10-15
View Change
BeyondTrust Privileged Identity Privilege Account Activity BEYONDTRUST_PI SYSLOG 2024-08-19
View Change
AWS WAF AWS Specific AWS_WAF JSON 2024-03-14
View Change
Cisco WSA WSA CISCO_WSA SYSLOG 2024-08-13
View Change
Ipswitch MOVEit Transfer Switches IPSWITCH_MOVEIT_TRANSFER SYSLOG + CSV 2024-04-22
View Change
Juniper Mist Network Management and Optimization software JUNIPER_MIST JSON 2024-07-08
View Change
Tripwire DLP TRIPWIRE_FIM SYSLOG 2023-06-21
View Change
Arista Switch Switches ARISTA_SWITCH JSON+SYSLOG 2024-06-07
View Change
Proofpoint Threat Response Email Server PROOFPOINT_TRAP SYSLOG, JSON 2024-09-11
View Change
Security Command Center Posture Violation Google Cloud Specific GCP_SECURITYCENTER_POSTURE_VIOLATION JSON 2024-03-20
View Change
Vectra Stream NDR VECTRA_STREAM SYSLOG + KV + JSON 2024-07-26
View Change
SailPoint IAM Identity and Access Management SAILPOINT_IAM JSON 2024-09-13
View Change
Akamai DNS DNS AKAMAI_DNS CSV 2024-08-29
View Change
CrowdStrike Falcon Stream Alerts CS_STREAM KV (LEEF) 2022-07-18
View Change
Cisco Firewall Services Module Firewall CISCO_FWSM SYSLOG 2023-05-05
View Change
Swift Alliance Messaging Hub Finance SWIFT_AMH JSON 2024-03-14
View Change
Datto File Protection DATTO_FILE_PROTECTION DATTO_FILE_PROTECTION SYSLOG 2022-08-22
View Change
AWS Cloudtrail Cloud Log Aggregator AWS_CLOUDTRAIL JSON 2024-10-03
View Change
AWS VPC Flow AWS Specific AWS_VPC_FLOW SYSLOG + JSON 2024-10-01
View Change
Cisco Application Control Engine Load Balancer, Traffic Shaper, ADC CISCO_ACE SYSLOG 2022-09-15
View Change
Cisco Stealthwatch Log Aggregator CISCO_STEALTHWATCH JSON, CEF 2024-09-26
View Change
IBM Websphere Application Server Web server IBM_WEBSPHERE_APP_SERVER JSON, SYSLOG 2022-01-20
Oracle Unified Directory ORACLE OUD ORACLE_OUD SYSLOG 2023-09-11
View Change
McAfee DLP DLP MCAFEE_DLP CSV 2022-04-13
View Change
Mobileiron ENDPOINT MANAGEMENT MOBILEIRON JSON 2023-02-02
View Change
IBM Informix DATABASE INFORMIX JSON + SYSLOG 2022-02-18
Suricata EVE IPS IDS SURICATA_EVE JSON 2024-09-11
View Change
Amazon API Gateway AWS-specific log types AWS_API_GATEWAY JSON 2024-07-24
View Change
JFrog Artifactory DevOps JFROG_ARTIFACTORY SYSLOG 2024-09-23
View Change
SentinelOne EDR EDR SENTINEL_EDR SYSLOG + JSON 2024-07-29
View Change
OpenCanary Data Security OPENCANARY SYSLOG + JSON 2024-03-11
View Change
ServiceNow Security SaaS Application SERVICENOW_SECURITY JSON 2021-05-24
Cisco CloudLock CASB CISCO_CLOUDLOCK_CASB JSON 2021-10-04
Forgerock OpenIdM DATA SECURITY FORGEROCK_OPENIDM JSON 2024-06-15
View Change
AWS Key Management Service AWS Specific AWS_KMS JSON 2022-05-27
View Change
Cisco Router Switches, Routers CISCO_ROUTER SYSLOG, SYSLOG+KV 2024-10-15
View Change
Apache Security APACHE SYSLOG + JSON 2024-09-10
View Change
Cisco Secure Workload AV and Endpoint CISCO_SECURE_WORKLOAD JSON 2024-02-12
View Change
MySQL Database MYSQL SYSLOG 2024-07-05
View Change

Supported log types without a default parser

Google Security Operations SIEM does not provide a default parser for these log types. You can ingest raw logs from these devices using the Google Security Operations SIEM Ingestion API or the Google Security Operations SIEM forwarder. Google Security Operations SIEM will not normalize the data to structured Unified Data Model format.

You can create a custom parser to normalize these logs. You can also search raw logs.

Vendor / Product Ingestion label
Accops Hysecure VPN ACCOPS_HYSECURE_VPN
Acquia Cloud Platform ACQUIA_CLOUD_PLATFORM
Acronis Backup ACRONIS
Active Identity HID ACTIVE_IDENTITY_HID
Microsoft ActiveSync ACTIVE_SYNC
Adaptive Shield ADAPTIVE_SHIELD
Adaxes ADAXES
ManageEngine ADManager Plus ADMANAGER_PLUS
Admin by request PAM ADMIN_BY_REQUEST
Adobe Commerce ADOBE_COMMERCE
Adobe Experience Manager ADOBE_EXPERIENCE_MANAGER
Adobe I/O Runtime ADOBE_IO_RUNTIME
ManageEngine ADSelfService Plus ADSELFSERVICE_PLUS
ADTRAN NetVanta router ADTRAN_NETVANTA
Agari Phishing Defense AGARI_PHISHING_DEFENSE
Agiloft AGILOFT
Advanced Intrusion Detection Environment AIDE
Extreme Networks AirDefense AIRDEFENSE
Airwatch Context AIRWATCH_CONTEXT
Air Table AIR_TABLE
Akamai Prolexic AKAMAI_DDOS
Akamai DHCP AKAMAI_DHCP
Akamai Enterprise Threat Protector AKAMAI_ETP
Akamai Event Viewer AKAMAI_EVT_VWR
Akamai Guardicore AKAMAI_GUARDICORE
Akamai Log Delivery Service AKAMAI_LDS
AlertLogic Notifications ALERTLOGIC_NOTIFICATIONS
Alert Enterprise Guardian ALERT_GUARDIAN
AliCloud Anti DDos ALICLOUD_ANTI_DDOS
AliCloud WAF ALICLOUD_WAF
AlienVault Open Threat Exchange ALIENVAULT_OTX
Allot NetEnforcer ALLOT_NETENFORCER
Alveo Risk Data Management ALVEO_RDM
Amavis AMAVIS
Analyst1 IOC ANALYST1_IOC
Apache Kafka Audit APACHE_KAFKA_AUDIT
Apache SpamAssassin APACHE_SPAMASSASSIN
APC Automatic Transfer Switch APC_ATS
APC Netbotz APC_NETBOTZ
APC Power Distribution Unit APC_PDU
APC Smart-UPS APC_SMART_UPS
APC StruxureWare Portal APC_STRUXUREWARE
Apiiro Cloud Application Security Platform APIIRO
Appgate Software-defined Perimeter APPGATE_SDP
Appian Cloud APPIAN_CLOUD
Appsentinels APPSENTINELS
AppViewX APPVIEWX
Aptos Enterprise Order Management APTOS_EOM
Argo CD ARGO_CD
Argo Workflows ARGO_WORKFLOWS
Arista Guardian For Network Identity ARISTA_AGNI
Arista CloudVision Portal ARISTA_CVP
Arista NDR ARISTA_NDR
Arkime Packet Capture ARKIME_PCAP
Armis ARMIS
Armorblox Email Security ARMORBLOX_ESC
Armor Anywhere ARMOR_ANYWHERE
Array Networks WAF ARRAY_NETWORKS_WAF
HPE Aruba Networking Central ARUBA_CENTRAL
Aruba Orchestrator ARUBA_ORCHESTRATOR
Aruba Switches ARUBA_SWT
Arxan Threat Analytics ARXAN_THREAT_ANALYTICS
Asana ASANA
Ascertia ASCERTIA
Asimily ASIMILY
AssetNote ASSETNOTE
Asset Panda ASSET_PANDA
AstriX ASTRIX
Atlan ATLAN
Atlassian Cloud Admin Audit ATLASSIAN_AUDIT
Atlassian Beacon ATLASSIAN_BEACON
Atlassian Jira Confluence Json ATLASSIAN_CONFLUENCE_JSON
Atlassian Jira Json ATLASSIAN_JIRA_JSON
Attack IQ ATTACK_IQ
AT&T Netbond ATT_NETBOND
AudioCodes Voice DNA AUDIOCODES
Authentic8 Silo AUTHENTIC8_SILO
Authx Identity Management AUTHX
Authx User Context AUTHX_USER_CONTEXT
Autodesk Vault AUTODESK_VAULT
Automox AUTOMOX_EPM
Avast Business AVAST_HUB
Avaya Session Border Controller AVAYA_BORDER
Avaya Interactive Voice Response AVAYA_IVR
Avaya VSP Switch AVAYA_VSP
Avaya Wireless AVAYA_WIRELESS
Avaza AVAZA
Aviatrix Cloud Network Platform AVIATRIX
Avigilon Access Logs AVIGILON_ACCESS_LOGS
AWS Dynamo DB AWS_DYNAMO_DB
Amazon ElastiCache AWS_ELASTI_CACHE
Amazon FSx for Windows File Server AWS_FSX
AWS Inspector AWS_INSPECTOR
AWS Inspector2 AWS_INSPECTOR2
AWS NGINX AWS_NGINX
AWS PY Tools AWS_PY_TOOLS
AWS Redshift AWS_REDSHIFT
AWS Simple Email Service AWS_SES
AWS Shield AWS_SHIELD
Amazon VPC Transit Gateway Flow Logs AWS_VPC_TRANSIT_GATEWAY
Axis Atmos AXIS_ATMOS
Axis Camera AXIS_CAMERA
Axis License Plate Reader AXIS_LPR
Axis Security Audit AXIS_OS
Axonius Cybersecurity Asset Management AXONIUS
Axway AXWAY
Microsoft Azure AZURE
Azure AD Password Protection AZURE_AD_PASSWORD_PROTECTION
Azure AD Provisioning AZURE_AD_PROVISIONING
Azure API Management AZURE_API_MANAGEMENT
Azure ATP AZURE_ATP
Azure Bastion AZURE_BASTION
Azure Container Registry AZURE_CONTAINER_REGISTRY
Azure DNS logs AZURE_DNS
Azure Front Door AZURE_FRONT_DOOR
Azure Nix System AZURE_NIX_SYSTEM
Azure Security Center AZURE_SECURITY_CENTER
Babelforce BABELFORCE
Backbase Engagement Banking Platform BACKBASE
Backbox BACKBOX
Backstage BACKSTAGE
OneIdentity Balabit BALABIT
BambooHR BAMBOO_HR
Banner dd BANNER_DD
Barracuda CloudGen Access BARRACUDA_CLOUDGEN_ACCESS
Barracuda CloudGen Firewall BARRACUDA_CLOUDGEN_FIREWALL
Barracuda Impersonation Protection BARRACUDA_IMPERSONATION
Barracuda Incident Response BARRACUDA_INCIDENTRESPONSE
Barracuda Content Shield BARRACUDA_SHIELD
Bettercloud BETTERCLOUD
BetterStack Uptime BETTERSTACK_UPTIME
BeyondTrust BeyondInsight BEYONDTRUST_BEYONDINSIGHT
BeyondTrust Cloud Privilege Broker BEYONDTRUST_CPB
BeyondTrust Management console BEYONDTRUST_MC
Beyond Identity BEYOND_IDENTITY
BindPlane Audit Logs BINDPLANE
Bindplane Agent BINDPLANE_AGENT
Bitsight BITSIGHT
Bitvise SFTP BITVISE_SFTP
Bitvise SSHd BITVISE_SSHD
Bitwarden Password Manager User Context BITWARDEN_USER_CONTEXT
Biztalk BIZTALK
Blackberry Workspaces BLACKBERRY_WORKSPACES
BloodHound BLOODHOUND
Bluecat Address Manager BLUECAT_AM
Blue Prism BLUE_PRISM
BMC Control-M BMC_CONTROL_M
Core Privileged Access Manager (BoKS) BOKS
Boomi App BOOMI
Bricata NDR BRICATA_NDR
Britive Audit API BRITIVE_AUDIT_API
BRIVO BRIVO
CA Privileged Access Manager BROADCOM_CA_PAM
Broadcom Compliance Event Manager BROADCOM_CEM
Broadcom Support Portal Audit Logs BROADCOM_SUPPORT_PORTAL
Brocade Fabric OS BROCADE_FOS
Brocade SANnav Management Portal BROCADE_SANNAV
Zeek DHCP BRO_DHCP
Zeek HTTP BRO_HTTP
BT IPControl BT_IPCONTROL
Burpsuite Application Security testing tool BURPSUITE
CallTower Audio Conferencing CALLTOWER_AUDIO
Cameyo Bring Your Own Cloud CAMEYO_BYO_CLOUD
Canary Audit Trail CANARY_AUDIT_TRAIL
Canon Printers CANON_PRINTERS
CATO SD-WAN CATO_SDWAN
Censornet CASB CENSORNET_CASB
Cerberus FTP Server CERBERUS_FTP
ChatGPT Audit Logs CHATGPT_AUDIT_LOGS
Check Point CloudGuard CHECKPOINT_CLOUDGUARD
Check Point Email CHECKPOINT_EMAIL
Check Point FDE CHECKPOINT_FDE
Checkpoint Gaia CHECKPOINT_GAIA
Ciena Router logs CIENA_ROUTER
Cilium CILIUM
Cisco Aironet CISCO_AIRONET
Cisco APIC CISCO_APIC
Cisco Call Manager CISCO_CALL_MANAGER
Cisco Cyber Vision CISCO_CYBER_VISION
Cisco DNS CISCO_DNS
Cisco Meraki Camera CISCO_MERAKI_CAMERA
Cisco vManage SD-WAN CISCO_SDWAN
Cisco Secure Access CISCO_SECURE_ACCESS
Cisco Secure Endpoint CISCO_SECURE_ENDPOINT
Cisco Secure Malware Analytics CISCO_SECURE_MALWARE_ANALYTICS
Cisco Content Security Management Appliance CISCO_SMA
Cisco SNMP Trapd CISCO_SNMP
Cisco Viptela CISCO_VIPTELA
CiscoXDR CISCO_XDR
Citrix Netscaler Web Logs CITRIX_NETSCALER_WEB_LOGS
Citrix SD-WAN CITRIX_SDWAN
Citrix Session Metadata CITRIX_SESSION_METADATA
Citrix Virtual Desktop Infrastructure CITRIX_VDI
Citrix WAF CITRIX_WAF
Citrix Web Gateway CITRIX_WEB_GATEWAY
Citrix Workspace CITRIX_WORKSPACE
Citrix XenCenter CITRIX_XENCENTER
Claroty Xdome CLAROTY_XDOME
Cleafy CLEAFY
Clear Bank Portal Audit CLEARBANK_PORTAL
Clearsense Healthcare Analytics CLEARSENSE
Click Studios Passwordstate CLICK_STUDIOS_PASSWORDSTATE
Cloudaware CLOUDAWARE
CloudBees CLOUDBEES
CloudBolt CLOUDBOLT
Cloudflare Access CLOUDFLARE_ACCESS
Cloudflare Bot Management CLOUDFLARE_BOT_MANAGEMENT
Cloudflare Warp CLOUDFLARE_WARP
Cloud Passage (CSM) CLOUDPASSAGE_CSM
Cloud Passage (FIM) CLOUDPASSAGE_FIM
Cloud Passage (LIDS) CLOUDPASSAGE_LIDS
Cloud Passage (SVM) CLOUDPASSAGE_SVM
cmd.com CMD
Coalition Control API COALITION
Cockroach DB COCKROACH_DB
Coda Io CODA_IO
Code42 CrashPlan CODE42
Code42 Incydr CODE42_INCYDR
Code Worldwide CODE_WORLDWIDE
Cofense Vision COFENSE_VISION
Cohesity Helios COHESITY_HELIOS
Cohesity Smartfiles COHESITY_SMARTFILES
Commvault Metallic COMMVAULT_METALLIC
Conductor One CONDUCTOR_ONE
Confluent Audit CONFLUENT_AUDIT
ConnectWise Automate CONNECTWISE_AUTOMATE
ConnectWise Control CONNECTWISE_CONTROL
Control D DNS CONTROL_D
Control Plane CONTROL_PLANE
Control UP CONTROL_UP
Corrata CORRATA
Cradlepoint Router Logs CRADLEPOINT
Cradlepoint NetCloud CRADLEPOINT_NETCLOUD
Cribl AppScope CRIBL_APPSCOPE
Cribl Cloud CRIBL_CLOUD
Cribl Edge CRIBL_EDGE
Cribl Search CRIBL_SEARCH
Crowdstrike Spotlight CROWDSTRIKE_SPOTLIGHT
ProLion CryptoSpike CRYPTOSPIKE
CSG Custom Rules Engine CSG_CUSTOMENGINE
CSG Singleview CSG_SINGLEVIEW
CSV Custom CMDB CSV_CUSTOM_CMDB
CrowdStrike Alerts API CS_ALERTS
CrowdStrike Falcon CEF CS_CEF_EDR
Crowdstrike Endpoint Security API CS_ENDPOINT_SECURITY_API
CrowdStrike Filevantage CS_FILEVANTAGE
Crowdstrike Identity Protection Services CS_IDP
CTERA Drive CTERA_DRIVE
Colinet Trotta GAUS SEGUROS CT_GAUS_SEGUROS
Cubist Audit CUBIST_AUDIT
Culture AI CULTURE_AI
Customer Alerts CUSTOMER_ALERT
Custom CSV Log CUSTOM_CSV_LOG
Custom Host Forensics CUSTOM_HOST_FORENSICS
CyberArk Identity Single Sign-On CYBERARK_SSO
Connectsecure CYBERCNS
Cyberhaven Data Detection and Response CYBERHAVEN_DDR
Cyberhaven CYBERHAVEN_EVENTS
Cyberint CYBERINT
Cybersixgill CYBERSIXGILL
Cycode Platform CYCODE
Insider threat detection and response CYDERES_INSIDER
Cyderes IOC CYDERES_IOC
Cylance CYLANCE
Cylera IOT CYLERA_IOT
Cymulate CYMULATE
Cyolo Secure Remote Access for OT CYOLO_OT
Cyolo Zero Trust CYOLO_ZTNA
Cyral CYRAL
C Zentrix C_ZENTRIX
D3 Security D3_SECURITY
Databricks DATABRICKS
Dataiku DSS Logging DATAIKU_DSS_LOGS
DataLocker SafeConsole DATALOCKER_SAFECONSOLE
Datalust DATALUST
Datasunrise Dam DATASUNRISE_DAM
Datawatch DATAWATCH
DealCloud DEAL_CLOUD
Deepfence Network Monitoring DEEPFENCE
DefectDojo DEFECTDOJO
Delinea Privilege Manager DELINEA_PRIVILEGE_MANAGER
Delinea Server Suite DELINEA_SERVER_SUITE
Dell Compellent DELL_COMPELLENT
Dell Cyber Recovery Manager DELL_CRM
Dell CyberSense DELL_CYBERSENSE
Dell EMC Avamar DELL_EMC_AVAMAR
Dell EMC Cloudlink DELL_EMC_CLOUDLINK
Dell Core Switch DELL_EMC_NETWORKING
Dell EMC PowerStore DELL_EMC_POWERSTORE
Dell EMC Unity DELL_EMC_UNITY
Dell SonicWALL WAF DELL_WAF
Design Profit Central Server DESIGN_PROFIT_CENTRAL_SERVER
Device 42 DEVICE_42
Devolutions Remote Desktop Manager DEVOLUTIONS_RDM
Digicert DIGICERT
Divvy Cloud DIVVY_CLOUD
DLink Switch DLINK_SWITCH
Dmarcian DMARCIAN
Docker DOCKER
DocuSign DOCUSIGN
DOMO Business Cloud DOMO
Dragos DRAGOS
Draytek Firewall DRAYTEK
Dremio Data Lakehouse DREMIO_DATA_LAKEHOUSE
Dropbox DROPBOX
Drupal Logging DRUPAL
Druva DRUVA
DSP Toolkit audit DSP_AUDIT
Dtex Intercept DTEX_INTERCEPT
Duo Access Gateway DUO_CASB
Duo Network Gateway DUO_NETWORK_GATEWAY
Duo Trust Monitor DUO_TRUST_MONITOR
Dynatrace DYNATRACE
E2 Guardian E2_GUARDIAN
CWT SatoTravel E2_SOLUTIONS
Eaton UPS EATON_UPS
eCAR ECAR
eCAR Bro ECAR_BRO
Edgecore Networks EDGECORE_NETWORKS
Edgio CDN EDGIO_CDN
Edgio Rate Limiting EDGIO_RL
Edgio WAF EDGIO_WAF
Efax EFAX
Egnyte EGNYTE
Egress Defend EGRESS_DEFEND
Egress Prevent EGRESS_PREVENT
EclecticIQ EDR EIQ_EDR
Elastic Defend ELASTIC_DEFEND
Elastic Security ELASTIC_EDR
Elastic File Beats ELASTIC_FILEBEAT
Elastic Metric Beats ELASTIC_METRICBEAT
Emerson Smart Firewall EMERSON_FIREWALL
Emsisoft AntiVirus EMSISOFT_ANTIVIRUS
Endgame ENDGAME_EDR
Ensono Cloud Mainframe Solution ENSONO
Entrust NTP Server ENTRUST_NTP_SERVER
Entrust Secrets Vault ENTRUST_SECRETS_VAULT
Entrust DataControl Audit ENTR_DATACTRL_AUDIT
Erlang Shell Logs ERLANG_SHELL
Ermes Web Protection ERMES
Ermetic ERMETIC
Eset Protect Platform ESET_PROTECT_PLATFORM
E-Share platform ESHARE_PLATFORM
Estar ESTAR
ETQ Reliance ETQ_RELIANCE
Evidos Firewall EVIDOS_FIREWALL
Exabeam Fusion XDR EXABEAM_FUSION_XDR
Exim Internet Mailer EXIM_INTERNET_MAILER
ExtraHop DHCP EXTRAHOP_DHCP
ExtremeWare Operating System (OS) EXTREMEWARE_NETWORKS
xtreme Networks ExtremeControl NAC Solution EXTREME_CONTROL
Extreme Management Center EXTREME_MANAGEMENT
EzProxy EZPROXY
F5 Bot F5_BOT
F5 Distributed Cloud Services F5_DCS
F5 IP Intelligence F5_IP_INTELLIGENCE
F5 System Logs F5_SYSTEM_LOGS
Fail2Ban Scan FAIL2BAN
Farsight DNSDB FARSIGHT_DNSDB
Fastly CDN FASTLY_CDN
Feenics Access Control FEENICS_ACCESS_CONTROL
Fidelis Endpoint FIDELIS_ENDPOINT
FileMage SFTP FILEMAGE_SFTP
FingerprintJS FINGERPRINT_JS
Firebase FIREBASE
Fireblocks FIREBLOCKS
FireEye CMS FIREEYE_CMS
FireEye eMPS FIREEYE_EMPS
FireEye Helix FIREEYE_HELIX
FireMon Firewall FIREMON_FIREWALL
Fisglobal Quantum FISGLOBAL_QUANTUM
Flashpoint IOC FLASHPOINT_IOC
Fleet DM FLEET_DM
FM Systems Workplace Management FM_SYSTEMS
Forcepoint Insider Threat FORCEPOINT_FIT
Forcepoint V Series FORCEPOINT_VSERIES
Forescout eyeInspect FORESCOUT_EYEINSPECT
Fortanix Data Security Manager FORTANIX_DSM
Fortinet Wireless Access Point FORTINET_AP
Fortinet FortiGate IPS FORTINET_IPS
Fortinet FortiSandbox FORTINET_SANDBOX
Fortinet Switch FORTINET_SWITCH
Fortinet Proxy FORTINET_WEBPROXY
Foundry Fastiron FOUNDRY_FASTIRON
Fox-IT FOX_IT_STIX
FreeIPA FREEIPA
FreeRADIUS FREERADIUS
Digital Defense Frontline VM FRONTLINE_VM
FS-ISAC IOC FS_ISAC_IOC
Fusion Auth FUSION_AUTH
Futurex HSM FUTUREX_HSM
Google Cloud Abuse Events GCP_ABUSE_EVENTS
GCP Artifact Registry GCP_ARTIFACT_REGISTRY
GCP Identity Toolkit GCP_IDENTITYTOOLKIT
GCP Google Kubernetes Container Security GCP_KUBERNETES_CONTAINER_SECURITY
GCP Threat Detection GCP_THREAT_DETECTION
Genetec Audit GENETEC_AUDIT
Gigamon GIGAMON
Gigya CIAM GIGYA_CIAM
GitHub Events GITHUB_EVENTS
Glean GLEAN
Globalscape SFTP GLOBALSCAPE_SFTP
GlusterFS GLUSTER_FS
GluWare Network Automation GLUWARE_NETWORK_AUTOMATION
GMV Checker User Context GMV_CHECKER_CONTEXT
GoAnywhere MFT GOANYWHERE_MFT
GoDaddy DNS GODADDY_DNS
GoldiLock GOLDILOCK
Gong GONG
Google Ads GOOGLE_ADS
Grafana GRAFANA
GrayhatWarfare GRAYHATWARFARE
Graylog Operations GRAYLOG
GreatHorn Email Security GREATHORN
Greenhouse Harvest GREENHOUSE_HARVEST
GreyNoise GREYNOISE
GTB Technologies DLP GTB_DLP
Guidewire Billing Center GUIDEWIRE_BILLING_CENTER
Guidewire Claim Center GUIDEWIRE_CLAIM_CENTER
Guidewire Policy Center GUIDEWIRE_POLICY_CENTER
Gurucul Risk Analytics GURUCUL
H3C Router H3C_ROUTER
H3C Comware Platform Switch H3C_SWITCH
Hackerone HACKERONE
Halo HALO
Halo Sensor HALO_SENSOR
HaProxy LoadBalancer HAPROXY_LOADBALANCER
Harbor HARBOR
Harfanglab EDR HARFANGLAB_EDR
Harness IO HARNESS_IO
Hashcast HASHCAST
Hashicorp Boundary HASHICORP_BOUNDARY
Hashicorp Nomad HASHICORP_NOMAD
HAVI Connect HAVI_CONNECT
Perforce Helix Core HELIX_CORE
Heroku HEROKU
HiBob HIBOB
HaveIBeenPwned HIBP
Hillstone NDR HILLSTONE_NDR
Hirschmann Switch HIRSCHMANN_SWITCH
Hitachi PAM HITACHI_ID_PAM
HL7 HL7
HoopDev HOOPDEV
Hornet Email Security HORNET_SECURITY
Hewlett Packard Enterprise SAN HPE_SAN
HPE Oneview HP_ONEVIEW
HP Poly HP_POLY
HP Printer logs HP_PRINTER
HP Wolf Pro Security HP_WOLF
Huawei Campus Switch HUAWEI_CAMPUS_SWITCH
Huawei CloudEngine HUAWEI_CLOUDENGINE
Huawei NAC HUAWEI_NAC
Huawei Switches HUAWEI_SWITCH
HubSpot Activity Logs HUBSPOT_ACTIVITY
HubSpot CRM Platform HUBSPOT_CRM
HubSpot Authentication Logs HUBSPOT_LOGIN
3Com 8800 Series Switch IBM_3COM
IBM Cleversafe Object Storage IBM_CLEVERSAFE
IBM Cloud System IBM_CLOUD_SYSTEM
IBM Security Guardium Insights IBM_INSIGHTS
IBM KNS IBM_KNS
IBM MaaS360 IBM_MAAS360
IBM MQ File Transfer IBM_MQ_FILE_TRANSFER
IBM NS1 IBM_NS1
IBM Spectrum Protect IBM_SPECTRUM_PROTECT
IBM Switch IBM_SWITCH
IBM Tririga IBM_TRIRIGA
IBM WinCollect IBM_WINCOLLECT
IBM zSecure Alert IBM_ZSECURE_ALERT
Idecsi IDECSI
Identity Security Cloud IDENTITY_SECURITY_CLOUD
Dell iDRAC IDRAC
ImageNow IMAGENOW
iManage Cloud Platform IMANAGE_CLOUD
Imperva Attack Analytics IMPERVA_ATTACK_ANALYTICS
Imperva Data Risk Analytics IMPERVA_DATA_ANALYTICS
Imperva Sonar IMPERVA_SONAR
Imprivata Confirm ID IMPRIVATA_CONFIRM_ID
Imprivata Identity Governance IMPRIVATA_IDG
Imprivata OneSign IMPRIVATA_ONESIGN
IM Express IM_EXPRESS
Incident Io INCIDENT_IO
INFINICO NetWyvern Series Appliance INFINICO_NETWYVERN
Infinidat INFINIDAT
Infoblox Loadbalancer INFOBLOX_LOADBALANCER
Infoblox NetMRI INFOBLOX_NETMRI
INKY Secure Email INKY
Intel 471 Malware Intelligence INTEL471_MALWARE_INTEL
Intezer INTEZER
Intruder.IO INTRUDER_IO
inWebo MFA INWEBO_MFA
Ipswitch MOVEit Automation IPSWITCH_MOVEIT_AUTOMATION
Ironscales IRONSCALES
iSecurity | Security Services and Remediation ISECURITY
iTop ITOP
Ivanti Application Control IVANTI_APP_CONTROL
Ivanti Connect Secure IVANTI_CONNECT_SECURE
Ivanti Device Control IVANTI_DEVICE_CONTROL
ISM Xtraction IVANTI_XTRACTION
iverify IVERIFY
Jamf Compliance Reporter JAMF_COMPLIANCE_REPORTER
Jamf Protect Network Traffic JAMF_NETWORK_TRAFFIC
Jamf pro context JAMF_PRO_CONTEXT
Jamf Pro MDM JAMF_PRO_MDM
JAMF Security Cloud JAMF_SECURITY_CLOUD
JBoss Web JBOSS_WEB
IBM JDE JDE
Journald JOURNALD
JumpCloud Directory as a Service JUMPCLOUD_DAAS
JumpCloud Desktop JUMPCLOUD_DESKTOP
Jumpcloud IAM JUMPCLOUD_IAM
Juniper Secure Connect VPN JUNIPER_VPN
Jupiter One JUPITER_ONE
KACE Service Desk KACE_SERVICE_DESK
KACE Systems Management Appliance KACE_SMA
Kamailio KAMAILIO
Kandji KANDJI
Kandji Context KANDJI_CONTEXT
Kaseya IT Management KASEYA
Kaspersky Endpoint KASPERSKY_ENDPOINT
Keepalived Routing software KEEPALIVED
Kentik DDoS Detection KENTIK_ALERTS
Keyfactor KEYFACTOR
Keysight Packet Brokers KEYSIGHT
Kibana audit logs KIBANA
Kion KION
Kustomer CRM KUSTOMER_CRM
Kyverno KYVERNO
Lansweeper Asset Management LANSWEEPER
LaunchDarkly LAUNCH_DARKLY
LOAD_BALANCER_ADC LB_ADC
LeanIX Enterprise LEANIX
Leanix CMDB LEANIX_CMDB
Lenels2 Elements Secure LENELS2_ELEMENTS_SECURE
Lepide LEPIDE
Lexmark Printer logs LEXMARK_PRINTER
Liaison NuBridges Platform LIAISON_NUBRIDGES
Libraesva Email Security LIBRAESVA_EMAIL
Lira LIRA
Lockself Lockpass LOCKSELF_LOCKPASS
Logic Monitor LOGICMONITOR
Looker Audit LOOKER_AUDIT
LookingGlass Aenoik IDPS LOOKINGGLASS_IPS
Looking Glass LOOKING_GLASS_IOC
LSI Badge Management System LSI_BMS
Lumen DDoS Hyper LUMEN_DDOS_HYPER
Lumeta Spectre LUMETA
Lumos LUMOS
Lenovo XClarity Orchestrator LXC_ORCHESTRATOR
MacStadium MACSTADIUM
Magic Collaboration Studio MAGIC_CS
MailScanner MAILSCANNER
Maltiverse IOC MALTIVERSE_IOC
Mambu MAMBU
Manage Engine Endpoint MANAGEENGINE_ENDPOINT
ManageEngine Remote Access Plus MANAGEENGINE_RAP
ManageEngine Asset Explorer MANAGE_ENGINE_ASSET_EXPLR
ManageEngine Endpoint Central MANAGE_ENGINE_ENDPT_CNTRL
ManageEngine OpUtils MANAGE_ENGINE_OPUTILS
ManageEngine PAM360 MANAGE_ENGINE_PAM360
ManageEngine Password Manager Pro MANAGE_ENGINE_PASSWORD_MANAGER
Mandiant Attack Surface Management Entity MANDIANT_ASM_ENTITY
Mandiant Attack Surface Management Discovered Issue MANDIANT_ASM_ISSUE
Mandiant Attack Surface Management Technology MANDIANT_ASM_TECHNOLOGY
Mandiant Digital Threat Monitoring MANDIANT_DTM_ALERTS
Mango Apps MANGOAPPS
Manhattan Warehouse Management System MANHATTAN_WMS
Material Security MATERIAL_SECURITY
Matrix Frontier Badge Management MATRIX_FRONTIER
McAfee Application Control MCAFEE_APP_CONTROL
McAfee Advanced Threat Defense MCAFEE_ATD
McAfee MVISION EDR MCAFEE_EDR
McAfee Network Security Platform MCAFEE_NSP
McAfee Solid Core MCAFEE_SOLID_CORE
Medigate CMDB MEDIGATE_CMDB
Melissa MELISSA
Mend IO MEND_IO
Metaswitch Perimeta METASWITCH_PERIMETA
Meta Marketing META_MARKETING
Miasma SecretScanner MIASMA_SECRETSCANNER
MicroSemi NTP MICROSEMI_NTP
Microsoft Ads MICROSOFT_ADS
Microsoft CASB Files & Entities MICROSOFT_CASB_CONTEXT
Microsoft Defender Endpoint for iOS Logs MICROSOFT_DEFENDER_ENDPOINT_IOS
Microsoft Dynamics 365 User Activity MICROSOFT_DYNAMICS_365
Microsoft Defender External Attack Surface Management MICROSOFT_EASM
Microsoft Graph Incident MICROSOFT_GRAPH_INCIDENT
Microsoft Graph Risky Users MICROSOFT_GRAPH_RISKY_USERS
Microsoft Identity Protection MICROSOFT_IDENTITY_PROTECTION
Power BI Activity Log MICROSOFT_POWERBI_ACTIVITY_LOG
Microsoft Purview MICROSOFT_PURVIEW
Microsoft Azure AD Risk Detections MICROSOFT_RISK_DETECTIONS
Microsoft Security Actions MICROSOFT_SECURITY_ACTIONS
Microsoft Security Advisories Alerts MICROSOFT_SECURITY_ALERTS
Microsoft SSTP VPN MICROSOFT_SSTP
Microsoft Threat Indicators MICROSOFT_THREAT_INDICATORS
Mimecast Attachment Logs MIMECAST_ATTACHMENT_LOGS
Mimecast Audit Logs MIMECAST_AUDIT_LOGS
Mimecast DLP Logs MIMECAST_DLP_LOGS
Mimecast impersonation Logs MIMECAST_IMPERSONATION_LOGS
Mimecast Web Security MIMECAST_WEBPROXY
Minerva AV MINERVA_AV
Miro MIRO
Miro Cloud MIRO_CLOUD
Mirth OnPrem Appliances NextGen MIRTH_NEXTGEN
Mitel Communications Director MITEL_MCD
Mode Analytics MODE_ANALYTICS
ModSecurity MODSECURITY
Monday MONDAY
Mongo Atlas Audit MONGO_ATLAS_AUDIT
Mosyle MOSYLE
Windows Performance Monitor MS_PERFMON
Mulesoft MULESOFT
Multicom Switch MULTICOM_SWITCH
MultiPay MULTIPAY
NCC Scout Suite NCC_SCOUTSUITE
NCR Digital Insight FSG NCR_DIGITAL_INSIGHT_FSG
NCR Digital Insight Global Logging NCR_DIGITAL_INSIGHT_GL
Nessus NESSUS
NetApp BlueXP NETAPP_BLUEXP
NetBrain NETBRAIN
NetDisco NETDISCO
Netenrich Entity Behaviour NETENRICH_ENTITY_BEHAVIOR
Netenrich Entity Context NETENRICH_ENTITY_CONTEXT
Netgate Firewall NETGATE_FIREWALL
Netgear Switch NETGEAR_SWITCH
NetIQ Access Manager NETIQ_ACCESS_MANAGER
Netmotion NETMOTION
Netsurion ProtectWise NETSURION_PROTECTWISE
Netwrix Activity Monitor NETWRIX_ACTIVITY_MONITOR
Netwrix Stealth Intercept NETWRIX_STEALTH_INTERCEPT
Netwrix Threat Manager NETWRIX_THREAT_MANAGER
Neustar SiteProtect NEUSTAR_SITEPROTECT
New Relic Platform NEW_RELIC
Nextcloud Hub NEXTCLOUD_HUB
Nextthink Finder NEXTTHINK_FINDER
Nexus Sonatype NEXUS_SONATYPE
Ne Silent Log NE_SILENT_LOG
9NowAudit NINENOW_AUDIT
Ninja One NINJAONE
NIST National Vulnerability Database NIST_NVD
NNT File Integrity monitoring NNT_FIM
Nokia Home Device Manager NOKIA_HDM
NordLayer VPN NORD_LAYER
Nortel Secure Router NORTEL_SR
Nortel Contivity VPN Switch NORTEL_SWITCH
Notion NOTION
Nozomi Networks Scada Guardian NOZOMI_GUARDIAN
Nucleus Vulnerability Scan Delta NUCLEUS_VULNERABILITY_DELTA
Nutanix Frame NUTANIX_FRAME
Nxlog Agent NXLOG_AGENT
Nxlog Fim NXLOG_FIM
N-Able N-Central RMM N_ABLE_N_CENTRAL_RMM
Obsidian OBSIDIAN
Oracle Cloud Guard OCI_CLOUDGUARD
Okta RADIUS OKTA_RADIUS
OnBase CMS ONBASE_CMS
One Identity Active Role Service ONEIDENTITY_ARS
One Identity Change Auditor ONEIDENTITY_CHANGE_AUDITOR
One Identity Defender ONEIDENTITY_DEFENDER
One Identity TPAM ONEIDENTITY_TPAM
1KOSMOS | Identity and Authentication ONEKOSMOS
OneLogin User Context ONELOGIN_USER_CONTEXT
1Password Audit Events ONEPASSWORD_AUDIT_EVENTS
Oort Security Tool OORT
Open Policy Agent OPA
Opentelemetry OPENTELEMETRY
Opentext Exstream OPENTEXT_EXSTREAM
OpenText Fax2Mail OPENTEXT_FAX2MAIL
IDnomic Public Key Infrastructure OPENTRUST
OpenVAS OPENVAS
OpsRamp OPSRAMP
Opswat Kiosk OPSWAT_KIOSK
Ops Genie OPS_GENIE
Opus Codec OPUS
Oracle Access Manager ORACLE_AM
Oracle Fusion ORACLE_FUSION
Oracle HCM Human resources platform solution ORACLE_HCM
Oracle NetSuite ORACLE_NETSUITE
Oracle Enterprise Manager ORACLE_OEM
Oracle SSO Audit Logging ORACLE_SSO_AUDIT
Oracle WebLogic Server ORACLE_WEBLOGIC
Orca Cloud Security Platform ORCA
Oscar Claims OSCAR_CLAIMS
Open Source Intelligence OSINT_IOC
Osirium PAM OSIRIUM_PAM
Outline Activity Logs OUTLINE_ACTIVITY_LOGS
Outpost24 OUTPOST24
OVHcloud OVHCLOUD
OX Security OX_SECURITY
Packetlight Dwdm PACKETLIGHT_DWDM
Packet Viper PACKET_VIPER
PACOM Systems PACOM_SYSTEMS
PAGELY PAGELY
PagerDuty PAGERDUTY
Pagerduty Audit PAGERDUTY_AUDIT
Palantir PALANTIR
Palo Alto DNS Security PAN_DNS_SECURITY
Palo Alto Networks Global Protect PAN_GLOBAL_PROTECT
Palo Alto Global Protect SVC PAN_GPSVC
Palo Alto Networks IoT Security PAN_IOT
Palo Alto SSLVPN Access PAN_SSLVPN_ACCESS
Palo Alto Telemetry PAN_TELEMETRY
Palo Alto Cortex XDR Management Audit PAN_XDR_MGMT_AUDIT
Palo Alto Networks XSOAR Audit PAN_XSOAR
PaperCut Printing Management System PAPER_CUT
Passfort PASSFORT
Paxton Access Control Systems PAXTON_ACS
SSL pcap PCAP_SSL_CLIENT_HELLO
Pega Automation PEGA
Pentera PENTERA
Pentera ASV PENTERA_ASV
Pentera Leef PENTERA_LEEF
PeopleSoft PEOPLESOFT
People Strong PEOPLE_STRONG
Peplink Loadbalancer PEPLINK_LOADBALANCER
Peplink Router PEPLINK_ROUTER
Peplink Switch PEPLINK_SWITCH
Perception Point XRay PERCEPTION_POINT_XRAY
Perimeter 81 PERIMETER_81
Pharos PHAROS
Domain Tools Phisheye PHISHEYE_ALERT
Pingdom PINGDOM
Pingsafe PINGSAFE
Ping Access PING_ACCESS
PingIdentity Directory Server Logs PING_DIRECTORY
Ping One PING_ONE
Ping SDK PING_SDK
Plaso Super Timeline PLASO
Plixer Scrutinizer PLIXER_SCRUTINIZER
Pomerium POMERIUM
Portnox Audit PORTNOX_AUDIT
MS PowerShell Transcript POWERSHELL_TRANSCRIPT
Power DNS POWER_DNS
Preveil Enterprise PREVEIL_ENTERPRISE
Prismatic IO PRISMATIC_IO
Prisma SD-WAN PRISMA_SD_WAN
ProFTPD PROFTPD
ProofID PROOFID
Proofpoint DLP PROOFPOINT_DLP
Proofpoint Endpoint Data Loss Prevention PROOFPOINT_ENDPOINT_DLP
Proofpoint Meta PROOFPOINT_META
Proofpoint Secure Share PROOFPOINT_SECURE_SHARE
Proofpoint Security Awareness Training PROOFPOINT_SECURITY_AWARENESS_TRAINING
Proofpoint Tap Campaign PROOFPOINT_TAP_CAMPAIGN
Proofpoint Tap Forensics PROOFPOINT_TAP_FORENSICS
Proofpoint Tap People PROOFPOINT_TAP_PEOPLE
Proofpoint Tap Threats PROOFPOINT_TAP_THREATS
Proofpoint Tis IOC PROOFPOINT_TIS_IOC
Protegrity Defiance PROTEGRITY_DEFIANCE
Provision Asset Context PROVISION_ASSET_CONTEXT
Honeywell Pro-Watch PROWATCH
ProxMax PROXMAX
PRTG Network Monitor PRTG_NETWORKMONITOR
Puppet PUPPET
Push Security PUSH_SECURITY
QLIK Audit QLIK_AUDIT
QNAP Systems NAS QNAP_NAS
Qualys User Activity QUALYS_ACTIVITY
Qualys Knowledgebase QUALYS_KNOWLEDGEBASE
Quest CA Audit QUEST_CA_AUDIT
Rabbit MQ RABBITMQ
RadiFlow IDS RADIFLOW_IDS
RSA RADIUS RADIUS
Radware DDoS Protection RADWARE_DDOS
RAD ETX RAD_ETX
Ransomcare RANSOMCARE
Rapid7 Insights Threat Command RAPID7_INSIGHTS_THREAT_COMMAND
Rapid7 Security Onion RAPID7_SECURITY_ONION
Raritan Dominion SX II RARITAN_DOMINION
RealiteQ REALITEQ
Recordedfuture Alerts RECORDEDFUTURE_ALERTS
Red Canary Cloud Protection REDCANARY_CLOUD_PROTECTION_RAW
Red Hat Identity Management REDHAT_IM
Redhat Jboss REDHAT_JBOSS
Red Hat Keycloak REDHAT_KEYCLOAK
RedHat Satellite Server REDHAT_SATELLITE
RedHat StackRox REDHAT_STACKROX
Redis REDIS
RedSift BrandTrust REDSIFT_BRANDTRUST
ReliaQuest RELIAQUEST
Reserved LogType1 RESERVED_LOG_TYPE_1
Reserved LogType10 RESERVED_LOG_TYPE_10
Reserved LogType11 RESERVED_LOG_TYPE_11
Reserved LogType12 RESERVED_LOG_TYPE_12
Reserved LogType13 RESERVED_LOG_TYPE_13
Reserved LogType14 RESERVED_LOG_TYPE_14
Reserved LogType15 RESERVED_LOG_TYPE_15
Reserved LogType16 RESERVED_LOG_TYPE_16
Reserved LogType17 RESERVED_LOG_TYPE_17
Reserved LogType18 RESERVED_LOG_TYPE_18
Reserved LogType19 RESERVED_LOG_TYPE_19
Reserved LogType2 RESERVED_LOG_TYPE_2
Reserved LogType20 RESERVED_LOG_TYPE_20
Reserved LogType21 RESERVED_LOG_TYPE_21
Reserved LogType22 RESERVED_LOG_TYPE_22
Reserved LogType23 RESERVED_LOG_TYPE_23
Reserved LogType24 RESERVED_LOG_TYPE_24
Reserved LogType25 RESERVED_LOG_TYPE_25
Reserved LogType26 RESERVED_LOG_TYPE_26
Reserved LogType27 RESERVED_LOG_TYPE_27
Reserved LogType28 RESERVED_LOG_TYPE_28
Reserved LogType29 RESERVED_LOG_TYPE_29
Reserved LogType3 RESERVED_LOG_TYPE_3
Reserved LogType30 RESERVED_LOG_TYPE_30
Reserved LogType31 RESERVED_LOG_TYPE_31
Reserved LogType32 RESERVED_LOG_TYPE_32
Reserved LogType33 RESERVED_LOG_TYPE_33
Reserved LogType34 RESERVED_LOG_TYPE_34
Reserved LogType35 RESERVED_LOG_TYPE_35
Reserved LogType36 RESERVED_LOG_TYPE_36
Reserved LogType37 RESERVED_LOG_TYPE_37
Reserved LogType38 RESERVED_LOG_TYPE_38
Reserved LogType39 RESERVED_LOG_TYPE_39
Reserved LogType4 RESERVED_LOG_TYPE_4
Reserved LogType40 RESERVED_LOG_TYPE_40
Reserved LogType41 RESERVED_LOG_TYPE_41
Reserved LogType42 RESERVED_LOG_TYPE_42
Reserved LogType43 RESERVED_LOG_TYPE_43
Reserved LogType44 RESERVED_LOG_TYPE_44
Reserved LogType45 RESERVED_LOG_TYPE_45
Reserved LogType46 RESERVED_LOG_TYPE_46
Reserved LogType47 RESERVED_LOG_TYPE_47
Reserved LogType48 RESERVED_LOG_TYPE_48
Reserved LogType49 RESERVED_LOG_TYPE_49
Reserved LogType5 RESERVED_LOG_TYPE_5
Reserved LogType50 RESERVED_LOG_TYPE_50
Reserved LogType6 RESERVED_LOG_TYPE_6
Reserved LogType7 RESERVED_LOG_TYPE_7
Reserved LogType8 RESERVED_LOG_TYPE_8
Reserved LogType9 RESERVED_LOG_TYPE_9
Ribbon Session Border Controller RIBBON_SBC
Ring Central RING_CENTRAL
RiskIQ Digital Footprint RISKIQ_DIGITAL_FOOTPRINT
Riverbed RIVERBED
Rublon RUBLON
Rumble Network Discovery RUMBLE_NETWORK_DISCOVERY
SafeBreach SAFEBREACH
SafeConnect NAC SAFECONNECT_NAC
SailPoint IdentityIQ SAILPOINT_IIQ
Salesforce Context SALESFORCE_CONTEXT
Saporo SAPORO
SAP Sybase Adaptive Server Enterprise Database SAP_ASE
SAP Cloud for Customer SAP_C4C
SAP ERP SAP_ERP
SAP HANA SAP_HANA
SAP Identity Management SAP_IDM
SAP Insurance SAP_INSURANCE
SAS Metadata Server log SAS_METADATA_SERVER_LOG
Scality Ring Audit SCALITY_RING_AUDIT
Microsoft System Center Configuration Manager SCCM
Scylla SCYLLA
Secberus Cloud Security Governance SECBERUS
Fiserv SecureNow SECURE_NOW
SecurityScorecard Platform SECURITYSCORECARD
Sekoia Ioc SEKOIA_IOC
Semperis ADFR SEMPERIS_ADFR
Sendgrid Api SENDGRID
Sendsafely SENDSAFELY
Senhasegura PAM SENHASEGURA_PAM
Senseon Alerts SENSEON_ALERTS
Sentinelone Activity SENTINELONE_ACTIVITY
Sentrigo SENTRIGO
Sentry SENTRY
Serpico SERPICO
Servertech PDUs SERVERTECH_PDUS
ServiceNow Audit SERVICENOW_AUDIT
ServiceNow Roles SERVICENOW_ROLES
Sevco Security CMDB SEVCO_CMDB
Sharefile Logs SHAREFILE_LOGS
Microsoft SharePoint SHAREPOINT
Sharepoint Unified Logging Service (ULS) SHAREPOINT_ULS
shodan.io SHODAN_IO
Siebel Monitoring SIEBEL
Siemens SiPass SIEMENS_SIPASS
Siga Level Zero OT Resilience SIGA
Silver Peak Firewall SILVERPEAK_FIREWALL
Single Store SINGLE_STORE
Site24x7 SITE24X7
SKYSEA Client View SKYSEA
Smartsheet SMARTSHEET
Smart Simple SMART_SIMPLE
Snapattack SNAPATTACK
Winevtlog Snare SNARE_WINEVTLOG
Snipe-IT SNIPE_IT
Snyk Group level audit/issues logs SNYK_ISSUES
Socomec UPS SOCOMEC_UPS
Software House Access Control SOFTWARE_HOUSE_ACS
Software House Ccure9000 SOFTWARE_HOUSE_CCURE9000
Solace PubSub Cloud SOLACE_AUDIT
SolarWinds Network Performance Monitor SOLARWINDS_NPM
SolarWinds Serv-U SOLARWINDS_SERV_U
Solar System SOLAR_SYSTEM
SonarQube SONARQUBE
Sonic Switch SONIC_SWITCH
Sophos Email Appliance SOPHOS_EMAIL
Sophos URL filtering SOPHOS_URL
Spamhaus SPAMHAUS
Symantec Protection Engine SPE
SpecterX SPECTERX
Spirion SPIRION
Splashtop Remote Access and Support software SPLASHTOP
Splunk DNS SPLUNK_DNS
Splunk Phantom SPLUNK_PHANTOM
Splunk Intel Management SPLUNK_TRUSTAR
Sprinkledata(DWH) SPRINKLEDATA_DWH
StackHawk STACKHAWK
Stairwell Inception STAIRWELL_INCEPTION
Statusgator STATUSGATOR
Stealthbits DLP STEALTHBITS_DLP
Stellar Cyber STELLAR_CYBER
Stream Alert STREAMALERT
StrongDM STRONGDM
Sublime Security SUBLIMESECURITY
Supermicro IPMI SUPERMICRO_IPMI
Superna Eyeglass SUPERNA_EYEGLASS
SureView Systems Activity SUREVIEW_SYSTEMS
Swift SWIFT
Swimlane Platform SWIMLANE
Symantec Data Center Security SYMANTEC_DCS
Symantec Messaging Gateway SYMANTEC_MAIL
Symphony Summit AI SYMPHONYAI
Syncplify SFTP 2 Events SYNCPLIFY_SFTP
Syxsense SYXSENSE
Tailscale TAILSCALE
Tanium Deploy TANIUM_DEPLOY
Tanium Question TANIUM_QUESTION
Tanium TanOS TANIUM_TANOS
Technitium DNS TECHNITIUM_DNS
Temenos Journey Manager System Event Publisher TEMENOS_MANAGER_SYSTEMEVENT
Tenable CSPM TENABLE_CSPM
Tenable Web App Scanning TENABLE_WAS
Tencent Cloud Firewall TENCENT_CLOUD_FIREWALL
Tencent Cloud Waf TENCENT_CLOUD_WAF
Tencent Cloud Workload Protection TENCENT_CLOUD_WORKLOAD_PROTECTION
Teqtivity Assets TEQTIVITY_ASSETS
Teradata Aster TERADATA_ASTER
Teradici PCoIP TERADICI_PCOIP
Teramind TERAMIND
Tessian Cloud Email Security Platform TESSIAN_PLATFORM
TGDetect TGDETECT
ThreatQuotient THREATQ_IOC
Thycotic devops secret vault THYCOTIC_DEVOPS_SECRETVAULT
Tiktok for Developers TIKTOK
Titan MFT TITAN_MFT
TP Link Network Switches TPLINK_SWITCH
Traceable API Security TRACEABLE_PLATFORM
Traefik Labs TRAEFIK
Transmit BindID TRANSMIT_BINDID
Trend Micro Cloud App Security TRENDMICRO_CLOUDAPPSECURITY
TrendMicro Deep Discovery Inspector TRENDMICRO_DDI
Trend Micro EdgeIPS TRENDMICRO_EDGEIPS
TrendMicro EDR TRENDMICRO_EDR
Trend Micro Email Security Advanced TRENDMICRO_EMAIL_SECURITY
Trend Micro Server Protect TRENDMICRO_SERVER_PROTECT
TXOne Stellar TRENDMICRO_STELLAR
Trend Micro Vision One Audit TRENDMICRO_VISION_ONE_AUDIT
Trend Micro Vision One Observerd Attack Techniques TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES
Trend Micro Vision One Workbench TRENDMICRO_VISION_ONE_WORKBENCH
TrendMicro Webproxy DSM TRENDMICRO_WEBPROXY_DSM
Tridium Niagara Framework TRIDIUM_NIAGARA_FRAMEWORK
Tripp Lite TRIPP_LITE
TrueFort Platform TRUEFORT
TrueNAS TRUENAS
E-Motional Transparent Screen Lock TSL RFID TSL_PRO
TT D365 TT_D365
TT MSAN DSLAM TT_MSAN_DSLAM
TT Trio Chordiant TT_TRIO_CHORDIANT
Tufin TUFIN
Tufin Secure Track TUFIN_SECURE_TRACK
Twilio Audit TWILIO_AUDIT
Twilio Authy TWILIO_AUTHY
Tyk IO TYK_IO
Ubiquiti Accesspoint UBIQUITI_ACCESSPOINT
Ubiquiti UDM Firewall UBIQUITI_FIREWALL
UDM UDM
Uipath UIPATH
UKG UKG
UltraDNS ULTRADNS
Ultra Electronics CyberFence ULTRA_CYBERFENCE
Unifi Switch UNIFI_SWITCH
Unit 21 UNIT21
UpGuard UPGUARD
Upstream Vehicle SOC Alerts UPSTREAM_VSOC_ALERTS
Uptivity UPTIVITY
Upwind UPWIND
URLScan IO URLSCAN_IO
USBAV Koramis USBAV_KORAMIS
Vanguard Active Alerts VANGUARD
Vanta Context VANTA_CONTEXT
Varnish Cache VARNISH_CACHE
Vector Dev VECTOR_DEV
Vectra Protect VECTRA_PROTECT
Venafi VENAFI
Vercara VERCARA
Vercel WAF VERCEL_WAF
Veriato Cerebral VERIATO_CEREBRAL
Verizon Network Detection and Response VERIZON_NDR
Verkada VERKADA
Vertiv UPS VERTIV_UPS
Very Good Security VERY_GOOD_SECURITY
Veza Access Control Platform VEZA
ViaControl Server Application VIACONTROL
Virsec Event Logs VIRSEC_EVENT
Virsec Attack and Threat Logs VIRSEC_THREAT
Virtual Browser VIRTUAL_BROWSER
Virtual Network Flow Logs VIRTUAL_NETWORK_FLOW_LOGS
VirusTotal Threat Hunter VIRUSTOTAL_THREAT_HUNTER
VMRay Analyzer VMRAY_FLOG_XML
VMware Aria Logs VMWARE_ARIA_LOGS
Vmware Avinetworks iWAF VMWARE_AVINETWORKS_IWAF
VMware Avi Vantage Platform VMWARE_AVI_VANTAGE
VMware Cloud Director VMWARE_CD
VMware HCX VMWARE_HCX
VMware NSX AVI VMWARE_NSX_AVI
VMware SDDC VMWARE_SDDC
VMware SDWN Events VMWARE_SDWN_EVENTS
VMware Unified Access Gateway VMWARE_UNIFIED_ACCESS_GATEWAY
VMware vShield VMWARE_VSHIELD
VMWare VSphere VMWARE_VSPHERE
Vonage VONAGE
VSFTPD Audit VSFTPD_AUDIT
Wallarm Webhook Notifications WALLARM_NOTIFICATIONS
Wallix Endpoint Privilege Management WALLIX_EPM
Wallix Privileged Access Management WALLIX_PAM
Waterfall Data Security Manager WATERFALL_DSM
WebEx WEBEX_SAAS
Web Methods Api Gateway WEBMETHODS_API_GATEWAY
Webroot Endpoint Protection WEBROOT
Webroot Identity Protection WEBROOT_IDENTITY_PROTECTION
White Cloud WHITECLOUD_EDR
WideField WIDEFIELD_SECURITY
Windows Filtering Platform WINDOWS_WFP
WithSecure Cloud Protection WITHSECURE_CLOUD
WithSecure Elements Connector WITHSECURE_ELEMENTS
Wolters Kluwer Teammate WOLTERS_KLUWER_TEAMMATE
Wordpress Simple History WORDPRESS_SIMPLE_HISTORY
Workato Audit Logs WORKATO
Workspot Control WORKSPOT_CONTROL
WPass WPASS
WPEngine WPENGINE
WP Engine WP_ENGINE
WS Ftp WS_FTP
Western Telematic Inc Console Servers WTI_CONSOLE_SERVERS
Xirrus Wireless Controller XIRRUS
Ysoft Data Security Manager YSOFT_DSM
Zabbix ZABBIX
Zendesk CRM ZENDESK_CRM
Zoho Analytics Audits ZOHO_AUDIT
Zscaler Digital Experience ZSCALER_DIGITAL_EXPERIENCE
Zscaler NSS Feeds for Alerts ZSCALER_NSS_FEEDS
Zscaler Sandbox ZSCALER_SANDBOX
Zscaler Client Connector ZSCALER_ZCC
Zscaler ZDX ZSCALER_ZDX
Zuora App Logs ZUORA_APP_LOGS