지원되는 데이터 세트

Chronicle은 다양한 회사, 프로토콜, 시스템, 장비의 원시 로그를 수집할 수 있습니다. 이 문서에서는 현재 지원되는 데이터 세트에 대해 설명하고 정기적으로 업데이트됩니다.

지원되는 수집 라벨의 최신 목록을 생성하려면 Ingestion API 메서드를 사용하세요.

APIKEY="[[My_ApiKey]]"; curl --header "Content-Type: application/json" \
--request GET "https://malachiteingestion-pa.googleapis.com/v1/logtypes?key=${APIKEY}"

데이터를 수집하고 정규화하는 방법에 대한 자세한 내용은 Chronicle 데이터 수집 개요를 참조하세요.

지원되는 기본 파서 목록은 지원되는 기본 파서를 참조하세요.

알림 로그

  • Active Countermeasures
  • AlphaSOC
  • CIS Albert Alerts
  • CrowdStrike Falcon Stream
  • 고객 알림
  • Cylance Protect
  • FireEye
  • IBM zSecure Alert
  • Microsoft Graph API 알림
  • Microsoft Security Center
  • Netskope

애플리케이션 서버 로그

  • Apache Tomcat

애플리케이션 허용

  • Windows Applocker

인증 로그

  • Auth0
  • Authx
  • Barracuda CloudGen Access
  • CA LDAP
  • Cisco ACS
  • Cisco TACACS+
  • Cyolo Zero Trust
  • Duo Auth
  • Duo Network Gateway
  • FreeRADIUS
  • IBM Security Verify
  • Quest Active Directory
  • RSA RADIUS
  • Thales MFA
  • Yubico OTP

자동화 및 DevOps 도구

  • Ansible AWX
  • Automation Anywhere
  • GitHub
  • Gitlab
  • Jenkins

AV 및 엔드포인트 로그

  • Apple MacOS
  • Automox
  • Azure ATP
  • Bitdefender
  • Cisco AMP
  • ClamAV
  • Comodo
  • Dell OpenManage
  • ESET AV
  • FireEye HX
  • Fortinet FortiSandbox
  • Kaspersky AV
  • Microsoft System Center Endpoint Protection
  • Minerva AV
  • Sophos AV
  • Superna Eyeglass
  • Symantec Endpoint Protection
  • Trend Micro AV
  • Windows Defender ATP
  • Windows Defender AV

AWS별 로그

  • AWS CloudFront
  • AWS Cloudtrail
  • AWS CloudWatch
  • AWS 구성
  • AWS Elastic Load Balancer
  • AWS Key Management Service
  • AWS Macie
  • AWS Redshift
  • AWS S3 Server Access
  • AWS Security Hub
  • AWS Session Manager

백업 소프트웨어

  • Code42 CrashPlan
  • Cohesity
  • CommVault
  • Rubrik
  • Veeam

봇 보호

  • Cequence Bot Defense
  • Cloudflare Bot Management
  • F5 Bot
  • PerimeterX Bot Protection

CASB : 클라우드 접근 보안 브로커(CASB)

  • Cisco CloudLock
  • Duo 액세스 게이트웨이
  • McAfee MVISION CASB
  • McAfee Skyhigh CASB
  • Microsoft CASB
  • Palo Alto Prisma Access
  • Palo Alto Prisma Cloud
  • Proofpoint CASB
  • Symantec CloudSOC CASB

CMDB 로그

  • CSV Custom CMDB
  • JAMF CMDB
  • Medigate CMDB
  • ServiceNow CMDB
  • Windows Network Policy Server

공동작업 로그

  • Appian Cloud
  • Atlassian Confluence
  • Box
  • Design Profit Central Server
  • Dropbox
  • iManage Cloud Platform
  • Kibana 감사 로그
  • Mango 앱
  • Microsoft SharePoint
  • Puppet
  • Slack 감사

콘텐츠 관리 소프트웨어

  • OnBase CMS
  • WordPress

데이터 보안

  • Datadog
  • DataLocker SafeConsole
  • Dell EMC Data Domain
  • Fortanix Data Security Manager
  • Imperva Database
  • Rubrik Polaris
  • Thales Vormetric
  • Varonis

Data Transfer

  • FileZilla
  • Globalscape SFTP
  • IBM MQ File Transfer
  • Ipswitch MOVEit Automation
  • Ipswitch MOVEit Transfer
  • Ipswitch SFTP
  • Nasuni File Services Platform
  • SolarWinds Serv-U
  • VanDyke SFTP
  • VSFTPD 감사

데이터베이스 로그

  • Azure Cosmos DB
  • Azure SQL
  • IBM DB2
  • IBM Informix
  • IBM JDE
  • Maria Database
  • Microsoft SQL Server
  • Mongo Database
  • MySQL
  • Oracle
  • SAP HANA
  • SAP Insurance
  • 눈송이

DDI 로그(DNS, DHCP, IPAM)

  • Bluecat DDI
  • EfficientIP DDI

DDOS 완화

  • Akamai Prolexic

사기성 소프트웨어

  • Acalvio
  • Estar

DHCP 로그

  • Akamai DHCP
  • Cisco DHCP
  • ExtraHop DHCP
  • Fortinet
  • Infoblox DHCP
  • ISC DHCP
  • Kea DHCP
  • Linux DHCP
  • Sophos DHCP
  • 고정 IP
  • Windows DHCP
  • Zeek DHCP

DLP

  • Accellion
  • Code42 Incydr
  • CoSoSys Protector
  • F5 Shape
  • Forcepoint DLP
  • IBM Guardium
  • McAfee DLP
  • Preveil Enterprise
  • Proofpoint Observeit
  • Protegrity Defiance
  • Symantec DLP
  • Tripwire

DNS 로그

  • Akamai DNS
  • AWS Route 53 DNS
  • BIND
  • Bluecat Edge DNS Resolver
  • Cisco DNS
  • Cisco Umbrella DNS
  • ExtraHop DNS
  • F5 DNS
  • Infoblox DNS
  • Infoblox RPZ
  • Men and Mice DNS
  • Passive DNS
  • Power DNS
  • Splunk DNS
  • UltraDNS
  • Unbound DNS
  • Windows DNS

EDR 로그

  • Carbon Black
  • Carbon Black App Control
  • Check Point Sandblast
  • CrowdStrike Falcon
  • CrowdStrike Falcon CEF
  • Cybereason EDR
  • Deep Instinct EDR
  • Digital Guardian
  • eCAR
  • eCAR Bro
  • EclecticIQ EDR
  • Endgame
  • ESET
  • Fidelis Endpoint
  • Fortinet FortiEDR
  • JAMF Protect
  • LimaCharlie
  • Malwarebytes
  • McAfee MVISION EDR
  • 엔드포인트용 Microsoft Defender
  • OSQuery
  • Palo Alto Networks Traps
  • Rapid7 Insight
  • Red Canary
  • SentinelOne Deep Visibility
  • SentinelOne EDR
  • Sophos Capsule8
  • Sophos Intercept EDR
  • Symantec EDR
  • Sysdig
  • TrendMicro EDR
  • Uptycs EDR
  • VMRay Analyzer
  • White Cloud
  • Windows 이벤트
  • Windows Sysmon

이메일 서버 로그

  • Abnormal Security
  • Apache SpamAssassin
  • Area1 Security
  • Avanan Email Security
  • Barracuda Email
  • Check Point Email
  • Cisco Email Security
  • Cofense
  • Cofense Vision
  • Fireeye eMPS
  • Fireeye ETP
  • Gmail 로그
  • GreatHorn Email Security
  • KnowBe4 PhishER
  • MailScanner
  • Material Security
  • Microsoft Exchange
  • Mimecast
  • PostFix 메일
  • Proofpoint Email Filter
  • Proofpoint On Demand
  • Proofpoint Tap Alerts
  • Proofpoint Threat Response
  • Proofpoint Web Browser Isolation
  • Sendmail
  • Symantec Messaging Gateway
  • Symantec VIP Gateway
  • Trend Micro Cloud App Security
  • Voltage

금융 서비스 로그

  • D3 Banking
  • GMV Checker ATM Security
  • GMV Checker User Context
  • Swift Alliance Messaging Hub

방화벽 로그

  • Azure Firewall
  • 확인 지점
  • Cisco ASA
  • Cisco Firepower NGFW
  • Cisco Umbrella Cloud Firewall
  • Cisco Umbrella IP
  • FireMon Firewall
  • Forcepoint NGFW
  • FortiGate
  • Juniper
  • Netfilter IPtables
  • Palo Alto Networks Firewall
  • Radware 웹 애플리케이션 방화벽
  • Silver Peak Firewall
  • SonicWall
  • Sophos Firewall(차세대)
  • Sophos UTM
  • Windows 방화벽
  • ZScaler NGFW

형식 관련 로그

  • BT IPControl
  • Cisco Meraki
  • Cisco WSA
  • Cylance
  • Infoblox
  • Kubernetes 감사 로그
  • Kubernetes 인증 프록시 로그
  • Zeek JSON
  • Zeek TSV

GCP 관련 로그

  • Forseti Open Source
  • GCP Apigee
  • GCP Cloud ID 기기 사용자
  • GCP Cloud IOT
  • GCP Cloud NAT
  • GCP Cloud Run
  • GCP Cloud SQL
  • GCP 컴퓨팅
  • GCP DNS
  • GCP 방화벽 규칙
  • GCP Load Balancing
  • GCP Threat Detection
  • Workspace 활동
  • Workspace 알림
  • Workspace ChromeOS 기기
  • Workspace 그룹
  • Workspace 휴대기기
  • Workspace 권한
  • Workspace 사용자

하드웨어 보안 모듈

  • Futurex HSM
  • Thales Luna 하드웨어 보안 모듈

의료

  • EPIC Systems
  • Oscar Claims

허니팟

  • Attivo Networks
  • Guardicore Centra
  • Honeyd
  • Thinkst Canary

HTTP 로그

  • Zeek HTTP

하이퍼바이저 및 애플리케이션 가상화

  • Cameyo Bring Your Own Cloud
  • Docker
  • VMware ESXi
  • VMware HCX
  • VMware Horizon
  • VMware NSX
  • VMware Tanzu Kubernetes Grid
  • VMware vCenter
  • VMware vRealize Suite
  • VMware vShield
  • VMware Workspace ONE

IaaS 애플리케이션

  • Aqua Security
  • AT&T Netbond
  • GlusterFS

ID 및 액세스 관리

  • Avatier Password Management
  • AWS Control Tower
  • Cisco ISE
  • CloudM
  • Duo Administrator 로그
  • Duo Telephony 로그
  • Google Cloud ID 컨텍스트
  • HP Aruba(Clearpass)

IDS/IPS 로그

  • Amazon Guardduty
  • Aruba IPS
  • Cisco Wireless IPS
  • Cloud Passage(LIDS)
  • Deepfence Network Monitoring
  • Falco IDS
  • Juniper IPS
  • Lacework Cloud Security
  • LookingGlass Aenoik IDPS
  • McAfee IPS
  • Microsoft ATA
  • Orca Cloud Security Platform
  • OSSEC
  • Snort
  • Sourcefire
  • Suricata EVE
  • Suricata IDS
  • Trend Micro

IoC 로그

  • Anomali
  • Centripetal Networks IOC
  • COVID-19 Cyber Threat Coalition
  • Crowdstrike IOC
  • CSV Custom IOC
  • 미합중국 국토안보부
  • Digital Shadows Indicators
  • Digital Shadows SearchLight
  • Emerging Threats Pro
  • ESET Threat Intelligence
  • Looking Glass
  • MISP Threat Intelligence
  • Open Source Intelligence
  • PAN Autofocus
  • Recorded Future
  • RH-ISAC
  • ThreatConnect

IoT

  • Medigate IoT
  • Ordr IoT

IT 인프라

  • HPE ILO
  • Nutanix Frame
  • Nutanix Prism

K8s 클러스터 감사 로그 전용

  • Kubernetes 노드 로그
  • McAfee ePolicy Orchestrator
  • Nokia VitalQIP
  • pfSense
  • Red Hat OpenShift
  • WatchGuard
  • Windows Event(XML)

LDAP 소프트웨어

  • ForgeRock OpenDJ
  • JumpCloud Directory as a Service
  • Open LDAP
  • Red Hat Directory Server LDAP
  • Semperis ADFR
  • Semperis DSP

부하 분산기, 트래픽 셰이퍼, ADC 로그

  • Akamai Cloud Monitor
  • Allot NetEnforcer
  • Brocade ServerIron ADX
  • Cisco Application Control Engine
  • Citrix Netscaler
  • F5 BIGIP LTM
  • HaProxy 부하 분산기
  • Infoblox 부하 분산기
  • Kemp 부하 분산기
  • Peplink 부하 분산기
  • VMware Avi Vantage Platform

로그 집계 및 SIEM 시스템

  • Arcsight CEF
  • Cisco FireSIGHT Management Center
  • Clearsense Healthcare Analytics
  • Confluent Audit
  • Custom Security Data Analytics
  • Dynatrace
  • Elastic Audit Beats
  • Elastic File Beats
  • Elastic Metric Beats
  • Elastic Packet Beats
  • Elastic Search
  • Elastic Windows Event Log Beats
  • Exabeam Fusion XDR
  • Fluentd 로그
  • McAfee Enterprise Security Manager
  • Microsoft Sentinel
  • NCR Digital Insight Global Logging
  • NXLog Manager
  • Snare System Diagnostic Logs
  • Splunk Platform
  • Wazuh
  • ZeroFox Platform

메인프레임 로그

  • BMC AMI Defender
  • CA ACF2
  • IBM AS/400
  • IBM z/OS

기타 Windows 관련 로그

  • Azure AD
  • Azure AD Directory Audit
  • Azure AD Organizational Context
  • ManageEngine ADAudit Plus
  • ManageEngine ADManager Plus
  • ManageEngine ADSelfService Plus
  • Microsoft AD
  • Microsoft AD FS
  • Microsoft Powershell

휴대기기 관리

  • Absolute Mobile Device Management
  • Microsoft ActiveSync
  • Microsoft Intune
  • Mobileiron

NAC 로그

  • Forescout NAC
  • Fortinet FortiNAC
  • SafeConnect NAC

NDR 로그

  • Bricata NDR
  • Cato Networks
  • Corelight
  • Darktrace
  • ExtraHop RevealX
  • Fidelis Network
  • FireEye NX
  • Gigamon
  • Netscout
  • Palo Alto Cortex XDR
  • Plixer Scrutinizer
  • Vectra Detect
  • Vectra Stream
  • Verizon Network Detection and Response

Netflow 로그

  • Cisco Stealthwatch

네트워크 인프라

  • APC Smart-UPS
  • APC StruxureWare Portal
  • Eaton UPS

네트워크 관리 및 최적화 소프트웨어

  • Axonius Cybersecurity Asset Management
  • Cisco Prime
  • Cradlepoint NetCloud
  • Entrust NTP Server
  • HCL BigFix
  • Infoblox NetMRI
  • Kaseya IT Management
  • MicroSemi NTP
  • NetDisco
  • Riverbed Steelhead
  • Western Telematic Inc Console Servers

네트워크 모니터링

  • Nagios 인프라 모니터링

Nucleus 보안 통합 취약점 관리

  • Nucleus Asset Metadata
  • Nucleus Unified Vulnerability Management
  • Nucleus Vulnerability Scan Delta

OS 로그

  • Cisco Internetwork Operating System
  • Cisco NX-OS
  • Cisco UCS
  • Juniper Junos
  • Linux Auditing System(AuditD)
  • NIMBLE OS
  • Plaso Super Timeline
  • Red Canary Cloud Protection
  • TGDetect

IdP

  • 1Password
  • Duo Entity Context Data
  • Duo User Context
  • ForgeRock OpenAM
  • FreeIPA
  • IBM DataPower Gateway
  • IBM Tivoli
  • Imprivata Confirm ID
  • Imprivata Identity Governance
  • Imprivata OneSign
  • Keeper Enterprise Security
  • LastPass Password Management
  • Liaison NuBridges Platform
  • ManageEngine AD360
  • ManageEngine Password Manager Pro
  • Microsoft Defender for Identity
  • NCR Digital Insight FSG
  • Okta
  • Okta Access Gateway
  • Okta RADIUS
  • Okta User Context
  • Ping Identity
  • Preempt Alert
  • Preempt Auth
  • ProofID
  • Red Hat Identity Management
  • Red Hat Keycloak
  • RSA
  • SailPoint IAM
  • Shibboleth IDP
  • Silverfort Authentication Platform
  • Thycotic
  • Thycotic DevOps Secret Vault
  • Venafi

패킷 캡처

  • Arkime Packet Capture

물리적 보안 로그

  • BRIVO
  • Datawatch
  • DMP
  • Honeywell Pro-Watch
  • Kisi Access Management
  • Lenel Onguard Badge Management
  • LSI Badge Management System
  • Matrix Frontier Badge Management
  • Openpath
  • Siemens SiPass
  • Thales Digital Identity and Security

정책 관리

  • AlgoSec Security Management
  • Cisco Content Security Management Appliance
  • Cloud Passage(CSM)
  • Cloud Passage(FIM)
  • Secberus Cloud Security Governance

프린터 로그

  • HP Printer 로그
  • Lexmark Printer 로그

권한이 있는 계정 활동

  • BeyondTrust
  • BeyondTrust BeyondInsight
  • BeyondTrust Cloud Privilege Broker
  • BeyondTrust Endpoint Privilege Management
  • CA Access Control
  • CyberArk
  • Hashicorp Vault
  • Hitachi PAM
  • One Identity Active Role Service
  • One Identity Change Auditor
  • One Identity Defender
  • One Identity TPAM
  • OneIdentity Balabit
  • Remediant SecureONE
  • SpyCloud

원격 액세스 도구

  • Check Point Harmony
  • Citrix Storefront
  • Dell iDRAC
  • Opengear Remote Management
  • OpenSSH
  • SecureLink
  • TeamViewer

SaaS 애플리케이션

  • AppOmni
  • Aptos Enterprise Order Management
  • Archer Integrated Risk Management
  • Armor Anywhere
  • Azure Security Center
  • Cloud Passage
  • Cloudflare
  • Code Worldwide
  • CWT SatoTravel
  • ETQ Reliance
  • IBM MaaS360
  • Kyriba Treasury Management
  • Logic Monitor
  • ManageEngine Reporter Plus
  • McAfee Unified Cloud Edge
  • McAfee Web Protection
  • Microsoft Azure
  • Microsoft Azure Activity
  • Microsoft Azure Resource
  • NCC Scout Suite
  • Obsidian
  • Office 365
  • OpenText Fax2Mail
  • Oracle 클라우드 인프라
  • PeopleSoft
  • Pivotal
  • Salesforce
  • Salesforce Context
  • ServiceNow Audit
  • ServiceNow Roles
  • ServiceNow Security
  • Snipe-IT
  • Sophos Central
  • Symantec Event 내보내기
  • Workday
  • Workday Audit Logs
  • WP Engine

샌드박스 기술

  • Authentic8 Silo
  • File Scanning Framework
  • Symantec Web Isolation

검색엔진

  • shodan.io

서비스 버스

  • IBM CICS
  • Mulesoft

SOAR 도구

  • D3 Security
  • Splunk Phantom
  • Swimlane Platform

소프트웨어 정의 네트워킹(SDN)

  • Cisco APIC
  • Cisco Application Centric Infrastructure

SSL 핸드셰이크 유형

  • SSL pcap

SSO 로그

  • Centrify
  • Citrix Workspace
  • Layer7 SiteMinder
  • OneLogin
  • OneLogin User Context
  • SecureAuth
  • SiteMinder Web Access Management

STIX 제공업체

  • Fox-IT

스토리지 솔루션

  • Cloudian HyperStore
  • Dell EMC Avamar
  • Dell EMC Cloudlink
  • Dell EMC Isilon NAS
  • Dremio Data Lakehouse
  • IBM Spectrum Protect
  • NetApp SAN
  • Pure Storage

스위치 및 라우터 로그

  • Arista Switch
  • Big Switch BigCloudFabric
  • Brocade Switch
  • CATO SD-WAN
  • Cisco Router
  • Cisco Switch
  • Citrix SD-WAN
  • CloudGenix SD-WAN
  • Dell Switch
  • Extreme Networks Switch
  • HP Procurve Switch
  • IBM Switch
  • Juniper MX Router
  • Peplink Router
  • Peplink Switch
  • Ubiquiti UniFi Switch
  • Unifi AP
  • Unifi Switch

TANIUM 로그

  • Tanium Asset
  • Tanium Audit
  • Tanium Comply
  • Tanium Deploy
  • Tanium Discover
  • Tanium Insight
  • Tanium Integrity Monitor
  • Tanium Patch
  • Tanium Question
  • Tanium Reveal
  • Tanium Stream
  • Tanium Threat Response

태스크 기반 액세스 관리

  • Armis
  • Stealthbits Audit
  • Stealthbits Defend

전화 소프트웨어

  • Cisco CTS
  • Cisco UCM
  • Kamailio
  • Ribbon Analytics Platform
  • Ribbon Session Border Controller
  • Ring Central
  • Zoom Operation Logs

티켓팅 애플리케이션

  • Atlassian Jira

통합 데이터 모델

  • UDM

Unix 관련 로그

  • AIX 시스템
  • cmd.com
  • Solaris 시스템
  • Unix 시스템

VPN 로그

  • Array Networks SSL VPN
  • Cisco VPN
  • F5 VPN
  • Fortinet FortiClient
  • Microsoft SSTP VPN
  • Netmotion
  • OpenVPN
  • Palo Alto Networks Global Protect
  • Pulse Secure
  • Strong Swan VPN
  • ZScaler VPN

취약점 검사기

  • Arxan Threat Analytics
  • Cisco Secure Malware Analytics
  • Cloud Passage(SVM)
  • Digital Defense Frontline VM
  • Qualys Continuous Monitoring
  • Qualys VM
  • Rapid7
  • RedHat StackRox
  • RiskIQ Digital Footprint
  • SonarQube
  • Tenable Security Center
  • tenable.io
  • VirusTotal Threat Hunter
  • wiz.io

WAF

  • Akamai WAF
  • AWS WAF
  • Barracuda
  • Cloudflare WAF
  • F5 ASM
  • Fastly WAF
  • Imperva
  • Imperva SecureSphere Management
  • Signal Sciences WAF
  • Vmware Avinetworks iWAF

웹 프록시 로그

  • Akamai Enterprise Threat Protector
  • Blue Coat Proxy
  • Cisco Umbrella Web Proxy
  • Citrix Netscaler Web Logs
  • Citrix Web Gateway
  • Forcepoint Proxy
  • Fortinet Proxy
  • iBoss Proxy
  • McAfee Web Gateway
  • Menlo Security
  • Mimecast Web Security
  • Netskope Web Proxy
  • Squid Web Proxy
  • Symantec Web Security Service
  • TrendMicro Web Proxy
  • Zscaler

웹 서버 로그

  • Apache
  • Apache Cassandra
  • Apache Hadoop
  • Apache Kafka Audit
  • HAProxy
  • IBM Websphere Application Server
  • Kong API Gateway
  • Microsoft IIS
  • NGINX

무선 로그

  • 아루바
  • Aruba Airwave
  • Avaya Wireless
  • Cisco WLC/WCS
  • Extreme Networks AirDefense
  • Ruckus Networks
  • VMware AirWatch
  • Domain Tools Phisheye
  • Stream Alert
  • ZScaler DNS