지원되는 데이터 세트

Chronicle은 다양한 회사, 프로토콜, 시스템, 장비의 원시 로그를 수집할 수 있습니다. 이 문서에서는 현재 지원되는 데이터 세트에 대해 설명하고 정기적으로 업데이트됩니다.

지원되는 수집 라벨의 최신 목록을 생성하려면 Ingestion API 메서드를 사용하세요.

APIKEY="[[My_ApiKey]]"; curl --header "Content-Type: application/json" \
--request GET "https://malachiteingestion-pa.googleapis.com/v1/logtypes?key=${APIKEY}"

데이터를 수집하고 정규화하는 방법에 대한 자세한 내용은 Chronicle 데이터 수집 개요를 참조하세요.

지원되는 기본 파서 목록은 지원되는 기본 파서를 참조하세요.

Chronicle 피드가 지원하는 로그 유형 목록은 유형별 피드 구성을 참조하세요.

알림 로그

• Active Countermeasures
• AlphaSOC
• CIS Albert Alerts
• CrowdStrike Falcon Stream
• 고객 알림
• Cylance Protect
• FireEye
• IBM zSecure Alert
• Microsoft Graph API 알림
• Microsoft Security Center
• Netskope

애플리케이션 서버 로그

• Apache Tomcat

애플리케이션 허용

• Windows Applocker

인증 로그

• Auth0
• Authx
• Barracuda CloudGen Access
• CA LDAP
• Cisco ACS
• Cisco TACACS+
• Cyolo Zero Trust
• Duo Auth
• Duo Network Gateway
• FreeRADIUS
• IBM Security Verify
• Quest Active Directory
• RSA RADIUS
• Thales MFA
• Yubico OTP

자동화 및 DevOps 도구

• Ansible AWX
• Automation Anywhere
• GitHub
• Gitlab
• Jenkins

AV 및 엔드포인트 로그

• Apple MacOS
• Automox
• Azure ATP
• Bitdefender
• Cisco AMP
• ClamAV
• Comodo
• Dell OpenManage
• ESET AV
• FireEye HX
• Fortinet FortiSandbox
• Kaspersky AV
• Microsoft System Center Endpoint Protection
• Minerva AV
• Sophos AV
• Superna Eyeglass
• Symantec Endpoint Protection
• Trend Micro AV
• Windows Defender ATP
• Windows Defender AV

AWS별 로그

• AWS CloudFront
• AWS Cloudtrail
• AWS CloudWatch
• AWS 구성
• AWS Elastic Load Balancer
• AWS Key Management Service
• AWS Macie
• AWS Redshift
• AWS S3 Server Access
• AWS Security Hub
• AWS Session Manager

백업 소프트웨어

• Code42 CrashPlan
• Cohesity
• CommVault
• Rubrik
• Veeam

봇 보호

• Cequence Bot Defense
• Cloudflare Bot Management
• F5 Bot
• PerimeterX Bot Protection

CASB : 클라우드 접근 보안 브로커(CASB)

• Cisco CloudLock
• Duo 액세스 게이트웨이
• McAfee MVISION CASB
• McAfee Skyhigh CASB
• Microsoft CASB
• Palo Alto Prisma Access
• Palo Alto Prisma Cloud
• Proofpoint CASB
• Symantec CloudSOC CASB

CMDB 로그

• CSV Custom CMDB
• JAMF CMDB
• Medigate CMDB
• ServiceNow CMDB
• Windows Network Policy Server

공동작업 로그

• Appian Cloud
• Atlassian Confluence
• Box
• Design Profit Central Server
• Dropbox
• iManage Cloud Platform
• Kibana 감사 로그
• Mango 앱
• Microsoft SharePoint
• Puppet
• Slack 감사

콘텐츠 관리 소프트웨어

• OnBase CMS
• WordPress

데이터 보안

• Datadog
• DataLocker SafeConsole
• Dell EMC Data Domain
• Fortanix Data Security Manager
• Imperva Database
• Rubrik Polaris
• Thales Vormetric
• Varonis

Data Transfer

• FileZilla
• Globalscape SFTP
• IBM MQ File Transfer
• Ipswitch MOVEit Automation
• Ipswitch MOVEit Transfer
• Ipswitch SFTP
• Nasuni File Services Platform
• SolarWinds Serv-U
• VanDyke SFTP
• VSFTPD 감사

데이터베이스 로그

• Azure Cosmos DB
• Azure SQL
• IBM DB2
• IBM Informix
• IBM JDE
• Maria Database
• Microsoft SQL Server
• Mongo Database
• MySQL
• Oracle
• SAP HANA
• SAP Insurance
• 눈송이

DDI 로그(DNS, DHCP, IPAM)

• Bluecat DDI
• EfficientIP DDI

DDOS 완화

• Akamai Prolexic

사기성 소프트웨어

• Acalvio
• Estar

DHCP 로그

• Akamai DHCP
• Cisco DHCP
• ExtraHop DHCP
• Fortinet
• Infoblox DHCP
• ISC DHCP
• Kea DHCP
• Linux DHCP
• Sophos DHCP
• 고정 IP
• Windows DHCP
• Zeek DHCP

DLP

• Accellion
• Code42 Incydr
• CoSoSys Protector
• F5 Shape
• Forcepoint DLP
• IBM Guardium
• McAfee DLP
• Preveil Enterprise
• Proofpoint Observeit
• Protegrity Defiance
• Symantec DLP
• Tripwire

DNS 로그

• Akamai DNS
• AWS Route 53 DNS
• BIND
• Bluecat Edge DNS Resolver
• Cisco DNS
• Cisco Umbrella DNS
• ExtraHop DNS
• F5 DNS
• Infoblox DNS
• Infoblox RPZ
• Men and Mice DNS
• Passive DNS
• Power DNS
• Splunk DNS
• UltraDNS
• Unbound DNS
• Windows DNS

EDR 로그

• Carbon Black
• Carbon Black App Control
• Check Point Sandblast
• CrowdStrike Falcon
• CrowdStrike Falcon CEF
• Cybereason EDR
• Deep Instinct EDR
• Digital Guardian
• eCAR
• eCAR Bro
• EclecticIQ EDR
• Endgame
• ESET
• Fidelis Endpoint
• Fortinet FortiEDR
• JAMF Protect
• LimaCharlie
• Malwarebytes
• McAfee MVISION EDR
• 엔드포인트용 Microsoft Defender
• OSQuery
• Palo Alto Networks Traps
• Rapid7 Insight
• Red Canary
• SentinelOne Deep Visibility
• SentinelOne EDR
• Sophos Capsule8
• Sophos Intercept EDR
• Symantec EDR
• Sysdig
• TrendMicro EDR
• Uptycs EDR
• VMRay Analyzer
• White Cloud
• Windows 이벤트
• Windows Sysmon

이메일 서버 로그

• Abnormal Security
• Apache SpamAssassin
• Area1 Security
• Avanan Email Security
• Barracuda Email
• Check Point Email
• Cisco Email Security
• Cofense
• Cofense Vision
• Fireeye eMPS
• Fireeye ETP
• Gmail 로그
• GreatHorn Email Security
• KnowBe4 PhishER
• MailScanner
• Material Security
• Microsoft Exchange
• Mimecast
• PostFix 메일
• Proofpoint Email Filter
• Proofpoint On Demand
• Proofpoint Tap Alerts
• Proofpoint Threat Response
• Proofpoint Web Browser Isolation
• Sendmail
• Symantec Messaging Gateway
• Symantec VIP Gateway
• Trend Micro Cloud App Security
• Voltage

금융 서비스 로그

• D3 Banking
• GMV Checker ATM Security
• GMV Checker User Context
• Swift Alliance Messaging Hub

방화벽 로그

• Azure Firewall
• 확인 지점
• Cisco ASA
• Cisco Firepower NGFW
• Cisco Umbrella Cloud Firewall
• Cisco Umbrella IP
• FireMon Firewall
• Forcepoint NGFW
• FortiGate
• Juniper
• Netfilter IPtables
• Palo Alto Networks Firewall
• Radware 웹 애플리케이션 방화벽
• Silver Peak Firewall
• SonicWall
• Sophos Firewall(차세대)
• Sophos UTM
• Windows 방화벽
• ZScaler NGFW

형식 관련 로그

• BT IPControl
• Cisco Meraki
• Cisco WSA
• Cylance
• Infoblox
• Kubernetes 감사 로그
• Kubernetes 인증 프록시 로그
• Zeek JSON
• Zeek TSV

GCP 관련 로그

• Forseti Open Source
• GCP Apigee
• GCP Cloud ID 기기 사용자
• GCP Cloud IOT
• GCP Cloud NAT
• GCP Cloud Run
• GCP Cloud SQL
• GCP 컴퓨팅
• GCP DNS
• GCP 방화벽 규칙
• GCP Load Balancing
• GCP Threat Detection
• Workspace 활동
• Workspace 알림
• Workspace ChromeOS 기기
• Workspace 그룹
• Workspace 휴대기기
• Workspace 권한
• Workspace 사용자

하드웨어 보안 모듈

• Futurex HSM
• Thales Luna 하드웨어 보안 모듈

의료

• EPIC Systems
• Oscar Claims

허니팟

• Attivo Networks
• Guardicore Centra
• Honeyd
• Thinkst Canary

HTTP 로그

• Zeek HTTP

하이퍼바이저 및 애플리케이션 가상화

• Cameyo Bring Your Own Cloud
• Docker
• VMware ESXi
• VMware HCX
• VMware Horizon
• VMware NSX
• VMware Tanzu Kubernetes Grid
• VMware vCenter
• VMware vRealize Suite
• VMware vShield
• VMware Workspace ONE

IaaS 애플리케이션

• Aqua Security
• AT&T Netbond
• GlusterFS

ID 및 액세스 관리

• Avatier Password Management
• AWS Control Tower
• Cisco ISE
• CloudM
• Duo Administrator 로그
• Duo Telephony 로그
• Google Cloud ID 컨텍스트
• HP Aruba(Clearpass)

IDS/IPS 로그

• Amazon Guardduty
• Aruba IPS
• Cisco Wireless IPS
• Cloud Passage(LIDS)
• Deepfence Network Monitoring
• Falco IDS
• Juniper IPS
• Lacework Cloud Security
• LookingGlass Aenoik IDPS
• McAfee IPS
• Microsoft ATA
• Orca Cloud Security Platform
• OSSEC
• Snort
• Sourcefire
• Suricata EVE
• Suricata IDS
• Trend Micro

IoC 로그

• Anomali
• Centripetal Networks IOC
• COVID-19 Cyber Threat Coalition
• Crowdstrike IOC
• CSV Custom IOC
• 미합중국 국토안보부
• Digital Shadows Indicators
• Digital Shadows SearchLight
• Emerging Threats Pro
• ESET Threat Intelligence
• Looking Glass
• MISP Threat Intelligence
• Open Source Intelligence
• PAN Autofocus
• Recorded Future
• RH-ISAC
• ThreatConnect

IoT

• Medigate IoT
• Ordr IoT

IT 인프라

• HPE ILO
• Nutanix Frame
• Nutanix Prism

K8s 클러스터 감사 로그 전용

• Kubernetes 노드 로그
• McAfee ePolicy Orchestrator
• Nokia VitalQIP
• pfSense
• Red Hat OpenShift
• WatchGuard
• Windows Event(XML)

LDAP 소프트웨어

• ForgeRock OpenDJ
• JumpCloud Directory as a Service
• Open LDAP
• Red Hat Directory Server LDAP
• Semperis ADFR
• Semperis DSP

부하 분산기, 트래픽 셰이퍼, ADC 로그

• Akamai Cloud Monitor
• Allot NetEnforcer
• Brocade ServerIron ADX
• Cisco Application Control Engine
• Citrix Netscaler
• F5 BIGIP LTM
• HaProxy 부하 분산기
• Infoblox 부하 분산기
• Kemp 부하 분산기
• Peplink 부하 분산기
• VMware Avi Vantage Platform

로그 집계 및 SIEM 시스템

• Arcsight CEF
• Cisco FireSIGHT Management Center
• Clearsense Healthcare Analytics
• Confluent Audit
• Custom Security Data Analytics
• Dynatrace
• Elastic Audit Beats
• Elastic File Beats
• Elastic Metric Beats
• Elastic Packet Beats
• Elastic Search
• Elastic Windows Event Log Beats
• Exabeam Fusion XDR
• Fluentd 로그
• McAfee Enterprise Security Manager
• Microsoft Sentinel
• NCR Digital Insight Global Logging
• NXLog Manager
• Snare System Diagnostic Logs
• Splunk Platform
• Wazuh
• ZeroFox Platform

메인프레임 로그

• BMC AMI Defender
• CA ACF2
• IBM AS/400
• IBM z/OS

기타 Windows 관련 로그

• Azure AD
• Azure AD Directory Audit
• Azure AD Organizational Context
• ManageEngine ADAudit Plus
• ManageEngine ADManager Plus
• ManageEngine ADSelfService Plus
• Microsoft AD
• Microsoft AD FS
• Microsoft Powershell

휴대기기 관리

• Absolute Mobile Device Management
• Microsoft ActiveSync
• Microsoft Intune
• Mobileiron

NAC 로그

• Forescout NAC
• Fortinet FortiNAC
• SafeConnect NAC

NDR 로그

• Bricata NDR
• Cato Networks
• Corelight
• Darktrace
• ExtraHop RevealX
• Fidelis Network
• FireEye NX
• Gigamon
• Netscout
• Palo Alto Cortex XDR
• Plixer Scrutinizer
• Vectra Detect
• Vectra Stream
• Verizon Network Detection and Response

Netflow 로그

• Cisco Stealthwatch

네트워크 인프라

• APC Smart-UPS
• APC StruxureWare Portal
• Eaton UPS

네트워크 관리 및 최적화 소프트웨어

• Axonius Cybersecurity Asset Management
• Cisco Prime
• Cradlepoint NetCloud
• Entrust NTP Server
• HCL BigFix
• Infoblox NetMRI
• Kaseya IT Management
• MicroSemi NTP
• NetDisco
• Riverbed Steelhead
• Western Telematic Inc Console Servers

네트워크 모니터링

• Nagios 인프라 모니터링

Nucleus 보안 통합 취약점 관리

• Nucleus Asset Metadata
• Nucleus Unified Vulnerability Management
• Nucleus Vulnerability Scan Delta

OS 로그

• Cisco Internetwork Operating System
• Cisco NX-OS
• Cisco UCS
• Juniper Junos
• Linux Auditing System(AuditD)
• NIMBLE OS
• Plaso Super Timeline
• Red Canary Cloud Protection
• TGDetect

IdP

• 1Password
• Duo Entity Context Data
• Duo User Context
• ForgeRock OpenAM
• FreeIPA
• IBM DataPower Gateway
• IBM Tivoli
• Imprivata Confirm ID
• Imprivata Identity Governance
• Imprivata OneSign
• Keeper Enterprise Security
• LastPass Password Management
• Liaison NuBridges Platform
• ManageEngine AD360
• ManageEngine Password Manager Pro
• Microsoft Defender for Identity
• NCR Digital Insight FSG
• Okta
• Okta Access Gateway
• Okta RADIUS
• Okta User Context
• Ping Identity
• Preempt Alert
• Preempt Auth
• ProofID
• Red Hat Identity Management
• Red Hat Keycloak
• RSA
• SailPoint IAM
• Shibboleth IDP
• Silverfort Authentication Platform
• Thycotic
• Thycotic DevOps Secret Vault
• Venafi

패킷 캡처

• Arkime Packet Capture

물리적 보안 로그

• BRIVO
• Datawatch
• DMP
• Honeywell Pro-Watch
• Kisi Access Management
• Lenel Onguard Badge Management
• LSI Badge Management System
• Matrix Frontier Badge Management
• Openpath
• Siemens SiPass
• Thales Digital Identity and Security

정책 관리

• AlgoSec Security Management
• Cisco Content Security Management Appliance
• Cloud Passage(CSM)
• Cloud Passage(FIM)
• Secberus Cloud Security Governance

프린터 로그

• HP Printer 로그
• Lexmark Printer 로그

권한이 있는 계정 활동

• BeyondTrust
• BeyondTrust BeyondInsight
• BeyondTrust Cloud Privilege Broker
• BeyondTrust Endpoint Privilege Management
• CA Access Control
• CyberArk
• Hashicorp Vault
• Hitachi PAM
• One Identity Active Role Service
• One Identity Change Auditor
• One Identity Defender
• One Identity TPAM
• OneIdentity Balabit
• Remediant SecureONE
• SpyCloud

원격 액세스 도구

• Check Point Harmony
• Citrix Storefront
• Dell iDRAC
• Opengear Remote Management
• OpenSSH
• SecureLink
• TeamViewer

SaaS 애플리케이션

• AppOmni
• Aptos Enterprise Order Management
• Archer Integrated Risk Management
• Armor Anywhere
• Azure Security Center
• Cloud Passage
• Cloudflare
• Code Worldwide
• CWT SatoTravel
• ETQ Reliance
• IBM MaaS360
• Kyriba Treasury Management
• Logic Monitor
• ManageEngine Reporter Plus
• McAfee Unified Cloud Edge
• McAfee Web Protection
• Microsoft Azure
• Microsoft Azure Activity
• Microsoft Azure Resource
• NCC Scout Suite
• Obsidian
• Office 365
• OpenText Fax2Mail
• Oracle 클라우드 인프라
• PeopleSoft
• Pivotal
• Salesforce
• Salesforce Context
• ServiceNow Audit
• ServiceNow Roles
• ServiceNow Security
• Snipe-IT
• Sophos Central
• Symantec Event 내보내기
• Workday
• Workday Audit Logs
• WP Engine

샌드박스 기술

• Authentic8 Silo
• File Scanning Framework
• Symantec Web Isolation

검색엔진

• shodan.io

서비스 버스

• IBM CICS
• Mulesoft

SOAR 도구

• D3 Security
• Splunk Phantom
• Swimlane Platform

소프트웨어 정의 네트워킹(SDN)

• Cisco APIC
• Cisco Application Centric Infrastructure

SSL 핸드셰이크 유형

• SSL pcap

SSO 로그

• Centrify
• Citrix Workspace
• Layer7 SiteMinder
• OneLogin
• OneLogin User Context
• SecureAuth
• SiteMinder Web Access Management

STIX 제공업체

• Fox-IT

스토리지 솔루션

• Cloudian HyperStore
• Dell EMC Avamar
• Dell EMC Cloudlink
• Dell EMC Isilon NAS
• Dremio Data Lakehouse
• IBM Spectrum Protect
• NetApp SAN
• Pure Storage

스위치 및 라우터 로그

• Arista Switch
• Big Switch BigCloudFabric
• Brocade Switch
• CATO SD-WAN
• Cisco Router
• Cisco Switch
• Citrix SD-WAN
• CloudGenix SD-WAN
• Dell Switch
• Extreme Networks Switch
• HP Procurve Switch
• IBM Switch
• Juniper MX Router
• Peplink Router
• Peplink Switch
• Ubiquiti UniFi Switch
• Unifi AP
• Unifi Switch

TANIUM 로그

• Tanium Asset
• Tanium Audit
• Tanium Comply
• Tanium Deploy
• Tanium Discover
• Tanium Insight
• Tanium Integrity Monitor
• Tanium Patch
• Tanium Question
• Tanium Reveal
• Tanium Stream
• Tanium Threat Response

태스크 기반 액세스 관리

• Armis
• Stealthbits Audit
• Stealthbits Defend

전화 소프트웨어

• Cisco CTS
• Cisco UCM
• Kamailio
• Ribbon Analytics Platform
• Ribbon Session Border Controller
• Ring Central
• Zoom Operation Logs

티켓팅 애플리케이션

• Atlassian Jira

통합 데이터 모델

• UDM

Unix 관련 로그

• AIX 시스템
• cmd.com
• Solaris 시스템
• Unix 시스템

VPN 로그

• Array Networks SSL VPN
• Cisco VPN
• F5 VPN
• Fortinet FortiClient
• Microsoft SSTP VPN
• Netmotion
• OpenVPN
• Palo Alto Networks Global Protect
• Pulse Secure
• Strong Swan VPN
• ZScaler VPN

취약점 검사기

• Arxan Threat Analytics
• Cisco Secure Malware Analytics
• Cloud Passage(SVM)
• Digital Defense Frontline VM
• Qualys Continuous Monitoring
• Qualys VM
• Rapid7
• RedHat StackRox
• RiskIQ Digital Footprint
• SonarQube
• Tenable Security Center
• tenable.io
• VirusTotal Threat Hunter
• wiz.io

WAF

• Akamai WAF
• AWS WAF
• Barracuda
• Cloudflare WAF
• F5 ASM
• Fastly WAF
• Imperva
• Imperva SecureSphere Management
• Signal Sciences WAF
• Vmware Avinetworks iWAF

웹 프록시 로그

• Akamai Enterprise Threat Protector
• Blue Coat Proxy
• Cisco Umbrella Web Proxy
• Citrix Netscaler Web Logs
• Citrix Web Gateway
• Forcepoint Proxy
• Fortinet Proxy
• iBoss Proxy
• McAfee Web Gateway
• Menlo Security
• Mimecast Web Security
• Netskope Web Proxy
• Squid Web Proxy
• Symantec Web Security Service
• TrendMicro Web Proxy
• Zscaler

웹 서버 로그

• Apache
• Apache Cassandra
• Apache Hadoop
• Apache Kafka Audit
• HAProxy
• IBM Websphere Application Server
• Kong API Gateway
• Microsoft IIS
• NGINX

무선 로그

• 아루바
• Aruba Airwave
• Avaya Wireless
• Cisco WLC/WCS
• Extreme Networks AirDefense
• Ruckus Networks
• VMware AirWatch
• Domain Tools Phisheye
• Stream Alert
• ZScaler DNS