지원되는 데이터 세트

Chronicle은 다양한 회사, 프로토콜, 시스템, 장비의 원시 로그를 수집할 수 있습니다. 이 문서에서는 현재 지원되는 데이터 세트에 대해 설명하고 정기적으로 업데이트됩니다.

지원되는 수집 라벨의 최신 목록을 생성하려면 Ingestion API 메서드를 사용하세요.

APIKEY="[[My_ApiKey]]"; curl --header "Content-Type: application/json" \
--request GET "https://malachiteingestion-pa.googleapis.com/v1/logtypes?key=${APIKEY}"

데이터를 수집하고 정규화하는 방법에 대한 자세한 내용은 Chronicle 데이터 수집 개요를 참조하세요.

지원되는 기본 파서 목록은 지원되는 기본 파서를 참조하세요.

알림 로그

• Active Countermeasures
• AlphaSOC
• CIS Albert Alerts
• CrowdStrike Falcon Stream
• 고객 알림
• Cylance Protect
• FireEye
• IBM zSecure Alert
• Microsoft Graph API 알림
• Microsoft Security Center
• Netskope

애플리케이션 서버 로그

• Apache Tomcat

애플리케이션 허용

• Windows Applocker

인증 로그

• Auth0
• Authx
• Barracuda CloudGen Access
• CA LDAP
• Cisco ACS
• Cisco TACACS+
• Cyolo Zero Trust
• Duo Auth
• Duo Network Gateway
• FreeRADIUS
• IBM Security Verify
• Quest Active Directory
• RSA RADIUS
• Thales MFA
• Yubico OTP

자동화 및 DevOps 도구

• Ansible AWX
• Automation Anywhere
• GitHub
• Gitlab
• Jenkins

AV 및 엔드포인트 로그

• Apple MacOS
• Automox
• Azure ATP
• Bitdefender
• Cisco AMP
• ClamAV
• Comodo
• Dell OpenManage
• ESET AV
• FireEye HX
• Fortinet FortiSandbox
• Kaspersky AV
• Microsoft System Center Endpoint Protection
• Minerva AV
• Sophos AV
• Superna Eyeglass
• Symantec Endpoint Protection
• Trend Micro AV
• Windows Defender ATP
• Windows Defender AV

AWS별 로그

• AWS CloudFront
• AWS Cloudtrail
• AWS CloudWatch
• AWS 구성
• AWS Elastic Load Balancer
• AWS Key Management Service
• AWS Macie
• AWS Redshift
• AWS S3 Server Access
• AWS Security Hub
• AWS Session Manager

백업 소프트웨어

• Code42 CrashPlan
• Cohesity
• CommVault
• Rubrik
• Veeam

봇 보호

• Cequence Bot Defense
• Cloudflare Bot Management
• F5 Bot
• PerimeterX Bot Protection

CASB : 클라우드 접근 보안 브로커(CASB)

• Cisco CloudLock
• Duo 액세스 게이트웨이
• McAfee MVISION CASB
• McAfee Skyhigh CASB
• Microsoft CASB
• Palo Alto Prisma Access
• Palo Alto Prisma Cloud
• Proofpoint CASB
• Symantec CloudSOC CASB

CMDB 로그

• CSV Custom CMDB
• JAMF CMDB
• Medigate CMDB
• ServiceNow CMDB
• Windows Network Policy Server

공동작업 로그

• Appian Cloud
• Atlassian Confluence
• Box
• Design Profit Central Server
• Dropbox
• iManage Cloud Platform
• Kibana 감사 로그
• Mango 앱
• Microsoft SharePoint
• Puppet
• Slack 감사

콘텐츠 관리 소프트웨어

• OnBase CMS
• WordPress

데이터 보안

• Datadog
• DataLocker SafeConsole
• Dell EMC Data Domain
• Fortanix Data Security Manager
• Imperva Database
• Rubrik Polaris
• Thales Vormetric
• Varonis

Data Transfer

• FileZilla
• Globalscape SFTP
• IBM MQ File Transfer
• Ipswitch MOVEit Automation
• Ipswitch MOVEit Transfer
• Ipswitch SFTP
• Nasuni File Services Platform
• SolarWinds Serv-U
• VanDyke SFTP
• VSFTPD 감사

데이터베이스 로그

• Azure Cosmos DB
• Azure SQL
• IBM DB2
• IBM Informix
• IBM JDE
• Maria Database
• Microsoft SQL Server
• Mongo Database
• MySQL
• Oracle
• SAP HANA
• SAP Insurance
• 눈송이

DDI 로그(DNS, DHCP, IPAM)

• Bluecat DDI
• EfficientIP DDI

DDOS 완화

• Akamai Prolexic

사기성 소프트웨어

• Acalvio
• Estar

DHCP 로그

• Akamai DHCP
• Cisco DHCP
• ExtraHop DHCP
• Fortinet
• Infoblox DHCP
• ISC DHCP
• Kea DHCP
• Linux DHCP
• Sophos DHCP
• 고정 IP
• Windows DHCP
• Zeek DHCP

DLP

• Accellion
• Code42 Incydr
• CoSoSys Protector
• F5 Shape
• Forcepoint DLP
• IBM Guardium
• McAfee DLP
• Preveil Enterprise
• Proofpoint Observeit
• Protegrity Defiance
• Symantec DLP
• Tripwire

DNS 로그

• Akamai DNS
• AWS Route 53 DNS
• BIND
• Bluecat Edge DNS Resolver
• Cisco DNS
• Cisco Umbrella DNS
• ExtraHop DNS
• F5 DNS
• Infoblox DNS
• Infoblox RPZ
• Men and Mice DNS
• Passive DNS
• Power DNS
• Splunk DNS
• UltraDNS
• Unbound DNS
• Windows DNS

EDR 로그

• Carbon Black
• Carbon Black App Control
• Check Point Sandblast
• CrowdStrike Falcon
• CrowdStrike Falcon CEF
• Cybereason EDR
• Deep Instinct EDR
• Digital Guardian
• eCAR
• eCAR Bro
• EclecticIQ EDR
• Endgame
• ESET
• Fidelis Endpoint
• Fortinet FortiEDR
• JAMF Protect
• LimaCharlie
• Malwarebytes
• McAfee MVISION EDR
• 엔드포인트용 Microsoft Defender
• OSQuery
• Palo Alto Networks Traps
• Rapid7 Insight
• Red Canary
• SentinelOne Deep Visibility
• SentinelOne EDR
• Sophos Capsule8
• Sophos Intercept EDR
• Symantec EDR
• Sysdig
• TrendMicro EDR
• Uptycs EDR
• VMRay Analyzer
• White Cloud
• Windows 이벤트
• Windows Sysmon

이메일 서버 로그

• Abnormal Security
• Apache SpamAssassin
• Area1 Security
• Avanan Email Security
• Barracuda Email
• Check Point Email
• Cisco Email Security
• Cofense
• Cofense Vision
• Fireeye eMPS
• Fireeye ETP
• Gmail 로그
• GreatHorn Email Security
• KnowBe4 PhishER
• MailScanner
• Material Security
• Microsoft Exchange
• Mimecast
• PostFix 메일
• Proofpoint Email Filter
• Proofpoint On Demand
• Proofpoint Tap Alerts
• Proofpoint Threat Response
• Proofpoint Web Browser Isolation
• Sendmail
• Symantec Messaging Gateway
• Symantec VIP Gateway
• Trend Micro Cloud App Security
• Voltage

금융 서비스 로그

• D3 Banking
• GMV Checker ATM Security
• GMV Checker User Context
• Swift Alliance Messaging Hub

방화벽 로그

• Azure Firewall
• 확인 지점
• Cisco ASA
• Cisco Firepower NGFW
• Cisco Umbrella Cloud Firewall
• Cisco Umbrella IP
• FireMon Firewall
• Forcepoint NGFW
• FortiGate
• Juniper
• Netfilter IPtables
• Palo Alto Networks Firewall
• Radware 웹 애플리케이션 방화벽
• Silver Peak Firewall
• SonicWall
• Sophos Firewall(차세대)
• Sophos UTM
• Windows 방화벽
• ZScaler NGFW

형식 관련 로그

• BT IPControl
• Cisco Meraki
• Cisco WSA
• Cylance
• Infoblox
• Kubernetes 감사 로그
• Kubernetes 인증 프록시 로그
• Zeek JSON
• Zeek TSV

GCP 관련 로그

• Forseti Open Source
• GCP Apigee
• GCP Cloud ID 기기 사용자
• GCP Cloud IOT
• GCP Cloud NAT
• GCP Cloud Run
• GCP Cloud SQL
• GCP 컴퓨팅
• GCP DNS
• GCP 방화벽 규칙
• GCP Load Balancing
• GCP Threat Detection
• Workspace 활동
• Workspace 알림
• Workspace ChromeOS 기기
• Workspace 그룹
• Workspace 휴대기기
• Workspace 권한
• Workspace 사용자

하드웨어 보안 모듈

• Futurex HSM
• Thales Luna 하드웨어 보안 모듈

의료

• EPIC Systems
• Oscar Claims

허니팟

• Attivo Networks
• Guardicore Centra
• Honeyd
• Thinkst Canary

HTTP 로그

• Zeek HTTP

하이퍼바이저 및 애플리케이션 가상화

• Cameyo Bring Your Own Cloud
• Docker
• VMware ESXi
• VMware HCX
• VMware Horizon
• VMware NSX
• VMware Tanzu Kubernetes Grid
• VMware vCenter
• VMware vRealize Suite
• VMware vShield
• VMware Workspace ONE

IaaS 애플리케이션

• Aqua Security
• AT&T Netbond
• GlusterFS

ID 및 액세스 관리

• Avatier Password Management
• AWS Control Tower
• Cisco ISE
• CloudM
• Duo Administrator 로그
• Duo Telephony 로그
• Google Cloud ID 컨텍스트
• HP Aruba(Clearpass)

IDS/IPS 로그

• Amazon Guardduty
• Aruba IPS
• Cisco Wireless IPS
• Cloud Passage(LIDS)
• Deepfence Network Monitoring
• Falco IDS
• Juniper IPS
• Lacework Cloud Security
• LookingGlass Aenoik IDPS
• McAfee IPS
• Microsoft ATA
• Orca Cloud Security Platform
• OSSEC
• Snort
• Sourcefire
• Suricata EVE
• Suricata IDS
• Trend Micro

IoC 로그

• Anomali
• Centripetal Networks IOC
• COVID-19 Cyber Threat Coalition
• Crowdstrike IOC
• CSV Custom IOC
• 미합중국 국토안보부
• Digital Shadows Indicators
• Digital Shadows SearchLight
• Emerging Threats Pro
• ESET Threat Intelligence
• Looking Glass
• MISP Threat Intelligence
• Open Source Intelligence
• PAN Autofocus
• Recorded Future
• RH-ISAC
• ThreatConnect

IoT

• Medigate IoT
• Ordr IoT

IT 인프라

• HPE ILO
• Nutanix Frame
• Nutanix Prism

K8s 클러스터 감사 로그 전용

• Kubernetes 노드 로그
• McAfee ePolicy Orchestrator
• Nokia VitalQIP
• pfSense
• Red Hat OpenShift
• WatchGuard
• Windows Event(XML)

LDAP 소프트웨어

• ForgeRock OpenDJ
• JumpCloud Directory as a Service
• Open LDAP
• Red Hat Directory Server LDAP
• Semperis ADFR
• Semperis DSP

부하 분산기, 트래픽 셰이퍼, ADC 로그

• Akamai Cloud Monitor
• Allot NetEnforcer
• Brocade ServerIron ADX
• Cisco Application Control Engine
• Citrix Netscaler
• F5 BIGIP LTM
• HaProxy 부하 분산기
• Infoblox 부하 분산기
• Kemp 부하 분산기
• Peplink 부하 분산기
• VMware Avi Vantage Platform

로그 집계 및 SIEM 시스템

• Arcsight CEF
• Cisco FireSIGHT Management Center
• Clearsense Healthcare Analytics
• Confluent Audit
• Custom Security Data Analytics
• Dynatrace
• Elastic Audit Beats
• Elastic File Beats
• Elastic Metric Beats
• Elastic Packet Beats
• Elastic Search
• Elastic Windows Event Log Beats
• Exabeam Fusion XDR
• Fluentd 로그
• McAfee Enterprise Security Manager
• Microsoft Sentinel
• NCR Digital Insight Global Logging
• NXLog Manager
• Snare System Diagnostic Logs
• Splunk Platform
• Wazuh
• ZeroFox Platform

메인프레임 로그

• BMC AMI Defender
• CA ACF2
• IBM AS/400
• IBM z/OS

기타 Windows 관련 로그

• Azure AD
• Azure AD Directory Audit
• Azure AD Organizational Context
• ManageEngine ADAudit Plus
• ManageEngine ADManager Plus
• ManageEngine ADSelfService Plus
• Microsoft AD
• Microsoft AD FS
• Microsoft Powershell

휴대기기 관리

• Absolute Mobile Device Management
• Microsoft ActiveSync
• Microsoft Intune
• Mobileiron

NAC 로그

• Forescout NAC
• Fortinet FortiNAC
• SafeConnect NAC

NDR 로그

• Bricata NDR
• Cato Networks
• Corelight
• Darktrace
• ExtraHop RevealX
• Fidelis Network
• FireEye NX
• Gigamon
• Netscout
• Palo Alto Cortex XDR
• Plixer Scrutinizer
• Vectra Detect
• Vectra Stream
• Verizon Network Detection and Response

Netflow 로그

• Cisco Stealthwatch

네트워크 인프라

• APC Smart-UPS
• APC StruxureWare Portal
• Eaton UPS

네트워크 관리 및 최적화 소프트웨어

• Axonius Cybersecurity Asset Management
• Cisco Prime
• Cradlepoint NetCloud
• Entrust NTP Server
• HCL BigFix
• Infoblox NetMRI
• Kaseya IT Management
• MicroSemi NTP
• NetDisco
• Riverbed Steelhead
• Western Telematic Inc Console Servers

네트워크 모니터링

• Nagios 인프라 모니터링

Nucleus 보안 통합 취약점 관리

• Nucleus Asset Metadata
• Nucleus Unified Vulnerability Management
• Nucleus Vulnerability Scan Delta

OS 로그

• Cisco Internetwork Operating System
• Cisco NX-OS
• Cisco UCS
• Juniper Junos
• Linux Auditing System(AuditD)
• NIMBLE OS
• Plaso Super Timeline
• Red Canary Cloud Protection
• TGDetect

IdP

• 1Password
• Duo Entity Context Data
• Duo User Context
• ForgeRock OpenAM
• FreeIPA
• IBM DataPower Gateway
• IBM Tivoli
• Imprivata Confirm ID
• Imprivata Identity Governance
• Imprivata OneSign
• Keeper Enterprise Security
• LastPass Password Management
• Liaison NuBridges Platform
• ManageEngine AD360
• ManageEngine Password Manager Pro
• Microsoft Defender for Identity
• NCR Digital Insight FSG
• Okta
• Okta Access Gateway
• Okta RADIUS
• Okta User Context
• Ping Identity
• Preempt Alert
• Preempt Auth
• ProofID
• Red Hat Identity Management
• Red Hat Keycloak
• RSA
• SailPoint IAM
• Shibboleth IDP
• Silverfort Authentication Platform
• Thycotic
• Thycotic DevOps Secret Vault
• Venafi

패킷 캡처

• Arkime Packet Capture

물리적 보안 로그

• BRIVO
• Datawatch
• DMP
• Honeywell Pro-Watch
• Kisi Access Management
• Lenel Onguard Badge Management
• LSI Badge Management System
• Matrix Frontier Badge Management
• Openpath
• Siemens SiPass
• Thales Digital Identity and Security

정책 관리

• AlgoSec Security Management
• Cisco Content Security Management Appliance
• Cloud Passage(CSM)
• Cloud Passage(FIM)
• Secberus Cloud Security Governance

프린터 로그

• HP Printer 로그
• Lexmark Printer 로그

권한이 있는 계정 활동

• BeyondTrust
• BeyondTrust BeyondInsight
• BeyondTrust Cloud Privilege Broker
• BeyondTrust Endpoint Privilege Management
• CA Access Control
• CyberArk
• Hashicorp Vault
• Hitachi PAM
• One Identity Active Role Service
• One Identity Change Auditor
• One Identity Defender
• One Identity TPAM
• OneIdentity Balabit
• Remediant SecureONE
• SpyCloud

원격 액세스 도구

• Check Point Harmony
• Citrix Storefront
• Dell iDRAC
• Opengear Remote Management
• OpenSSH
• SecureLink
• TeamViewer

SaaS 애플리케이션

• AppOmni
• Aptos Enterprise Order Management
• Archer Integrated Risk Management
• Armor Anywhere
• Azure Security Center
• Cloud Passage
• Cloudflare
• Code Worldwide
• CWT SatoTravel
• ETQ Reliance
• IBM MaaS360
• Kyriba Treasury Management
• Logic Monitor
• ManageEngine Reporter Plus
• McAfee Unified Cloud Edge
• McAfee Web Protection
• Microsoft Azure
• Microsoft Azure Activity
• Microsoft Azure Resource
• NCC Scout Suite
• Obsidian
• Office 365
• OpenText Fax2Mail
• Oracle 클라우드 인프라
• PeopleSoft
• Pivotal
• Salesforce
• Salesforce Context
• ServiceNow Audit
• ServiceNow Roles
• ServiceNow Security
• Snipe-IT
• Sophos Central
• Symantec Event 내보내기
• Workday
• Workday Audit Logs
• WP Engine

샌드박스 기술

• Authentic8 Silo
• File Scanning Framework
• Symantec Web Isolation

검색엔진

• shodan.io

서비스 버스

• IBM CICS
• Mulesoft

SOAR 도구

• D3 Security
• Splunk Phantom
• Swimlane Platform

소프트웨어 정의 네트워킹(SDN)

• Cisco APIC
• Cisco Application Centric Infrastructure

SSL 핸드셰이크 유형

• SSL pcap

SSO 로그

• Centrify
• Citrix Workspace
• Layer7 SiteMinder
• OneLogin
• OneLogin User Context
• SecureAuth
• SiteMinder Web Access Management

STIX 제공업체

• Fox-IT

스토리지 솔루션

• Cloudian HyperStore
• Dell EMC Avamar
• Dell EMC Cloudlink
• Dell EMC Isilon NAS
• Dremio Data Lakehouse
• IBM Spectrum Protect
• NetApp SAN
• Pure Storage

스위치 및 라우터 로그

• Arista Switch
• Big Switch BigCloudFabric
• Brocade Switch
• CATO SD-WAN
• Cisco Router
• Cisco Switch
• Citrix SD-WAN
• CloudGenix SD-WAN
• Dell Switch
• Extreme Networks Switch
• HP Procurve Switch
• IBM Switch
• Juniper MX Router
• Peplink Router
• Peplink Switch
• Ubiquiti UniFi Switch
• Unifi AP
• Unifi Switch

TANIUM 로그

• Tanium Asset
• Tanium Audit
• Tanium Comply
• Tanium Deploy
• Tanium Discover
• Tanium Insight
• Tanium Integrity Monitor
• Tanium Patch
• Tanium Question
• Tanium Reveal
• Tanium Stream
• Tanium Threat Response

태스크 기반 액세스 관리

• Armis
• Stealthbits Audit
• Stealthbits Defend

전화 소프트웨어

• Cisco CTS
• Cisco UCM
• Kamailio
• Ribbon Analytics Platform
• Ribbon Session Border Controller
• Ring Central
• Zoom Operation Logs

티켓팅 애플리케이션

• Atlassian Jira

통합 데이터 모델

• UDM

Unix 관련 로그

• AIX 시스템
• cmd.com
• Solaris 시스템
• Unix 시스템

VPN 로그

• Array Networks SSL VPN
• Cisco VPN
• F5 VPN
• Fortinet FortiClient
• Microsoft SSTP VPN
• Netmotion
• OpenVPN
• Palo Alto Networks Global Protect
• Pulse Secure
• Strong Swan VPN
• ZScaler VPN

취약점 검사기

• Arxan Threat Analytics
• Cisco Secure Malware Analytics
• Cloud Passage(SVM)
• Digital Defense Frontline VM
• Qualys Continuous Monitoring
• Qualys VM
• Rapid7
• RedHat StackRox
• RiskIQ Digital Footprint
• SonarQube
• Tenable Security Center
• tenable.io
• VirusTotal Threat Hunter
• wiz.io

WAF

• Akamai WAF
• AWS WAF
• Barracuda
• Cloudflare WAF
• F5 ASM
• Fastly WAF
• Imperva
• Imperva SecureSphere Management
• Signal Sciences WAF
• Vmware Avinetworks iWAF

웹 프록시 로그

• Akamai Enterprise Threat Protector
• Blue Coat Proxy
• Cisco Umbrella Web Proxy
• Citrix Netscaler Web Logs
• Citrix Web Gateway
• Forcepoint Proxy
• Fortinet Proxy
• iBoss Proxy
• McAfee Web Gateway
• Menlo Security
• Mimecast Web Security
• Netskope Web Proxy
• Squid Web Proxy
• Symantec Web Security Service
• TrendMicro Web Proxy
• Zscaler

웹 서버 로그

• Apache
• Apache Cassandra
• Apache Hadoop
• Apache Kafka Audit
• HAProxy
• IBM Websphere Application Server
• Kong API Gateway
• Microsoft IIS
• NGINX

무선 로그

• 아루바
• Aruba Airwave
• Avaya Wireless
• Cisco WLC/WCS
• Extreme Networks AirDefense
• Ruckus Networks
• VMware AirWatch
• Domain Tools Phisheye
• Stream Alert
• ZScaler DNS