지원되는 데이터 세트
Chronicle은 다양한 회사, 프로토콜, 시스템, 장비의 원시 로그를 수집할 수 있습니다. 이 문서에서는 현재 지원되는 데이터 세트에 대해 설명하고 정기적으로 업데이트됩니다.
지원되는 수집 라벨의 최신 목록을 생성하려면 Ingestion API 메서드를 사용하세요.
APIKEY="[[My_ApiKey]]"; curl --header "Content-Type: application/json" \
--request GET "https://malachiteingestion-pa.googleapis.com/v1/logtypes?key=${APIKEY}"
데이터를 수집하고 정규화하는 방법에 대한 자세한 내용은 Chronicle 데이터 수집 개요를 참조하세요.
지원되는 기본 파서 목록은 지원되는 기본 파서를 참조하세요.
알림 로그
- Active Countermeasures
- AlphaSOC
- CIS Albert Alerts
- CrowdStrike Falcon Stream
- 고객 알림
- Cylance Protect
- FireEye
- IBM zSecure Alert
- Microsoft Graph API 알림
- Microsoft Security Center
- Netskope
애플리케이션 서버 로그
- Apache Tomcat
애플리케이션 허용
- Windows Applocker
인증 로그
- Auth0
- Authx
- Barracuda CloudGen Access
- CA LDAP
- Cisco ACS
- Cisco TACACS+
- Cyolo Zero Trust
- Duo Auth
- Duo Network Gateway
- FreeRADIUS
- IBM Security Verify
- Quest Active Directory
- RSA RADIUS
- Thales MFA
- Yubico OTP
자동화 및 DevOps 도구
- Ansible AWX
- Automation Anywhere
- GitHub
- Gitlab
- Jenkins
AV 및 엔드포인트 로그
- Apple MacOS
- Automox
- Azure ATP
- Bitdefender
- Cisco AMP
- ClamAV
- Comodo
- Dell OpenManage
- ESET AV
- FireEye HX
- Fortinet FortiSandbox
- Kaspersky AV
- Microsoft System Center Endpoint Protection
- Minerva AV
- Sophos AV
- Superna Eyeglass
- Symantec Endpoint Protection
- Trend Micro AV
- Windows Defender ATP
- Windows Defender AV
AWS별 로그
- AWS CloudFront
- AWS Cloudtrail
- AWS CloudWatch
- AWS 구성
- AWS Elastic Load Balancer
- AWS Key Management Service
- AWS Macie
- AWS Redshift
- AWS S3 Server Access
- AWS Security Hub
- AWS Session Manager
백업 소프트웨어
- Code42 CrashPlan
- Cohesity
- CommVault
- Rubrik
- Veeam
봇 보호
- Cequence Bot Defense
- Cloudflare Bot Management
- F5 Bot
- PerimeterX Bot Protection
CASB : 클라우드 접근 보안 브로커(CASB)
- Cisco CloudLock
- Duo 액세스 게이트웨이
- McAfee MVISION CASB
- McAfee Skyhigh CASB
- Microsoft CASB
- Palo Alto Prisma Access
- Palo Alto Prisma Cloud
- Proofpoint CASB
- Symantec CloudSOC CASB
CMDB 로그
- CSV Custom CMDB
- JAMF CMDB
- Medigate CMDB
- ServiceNow CMDB
- Windows Network Policy Server
공동작업 로그
- Appian Cloud
- Atlassian Confluence
- Box
- Design Profit Central Server
- Dropbox
- iManage Cloud Platform
- Kibana 감사 로그
- Mango 앱
- Microsoft SharePoint
- Puppet
- Slack 감사
콘텐츠 관리 소프트웨어
- OnBase CMS
- WordPress
데이터 보안
- Datadog
- DataLocker SafeConsole
- Dell EMC Data Domain
- Fortanix Data Security Manager
- Imperva Database
- Rubrik Polaris
- Thales Vormetric
- Varonis
Data Transfer
- FileZilla
- Globalscape SFTP
- IBM MQ File Transfer
- Ipswitch MOVEit Automation
- Ipswitch MOVEit Transfer
- Ipswitch SFTP
- Nasuni File Services Platform
- SolarWinds Serv-U
- VanDyke SFTP
- VSFTPD 감사
데이터베이스 로그
- Azure Cosmos DB
- Azure SQL
- IBM DB2
- IBM Informix
- IBM JDE
- Maria Database
- Microsoft SQL Server
- Mongo Database
- MySQL
- Oracle
- SAP HANA
- SAP Insurance
- 눈송이
DDI 로그(DNS, DHCP, IPAM)
- Bluecat DDI
- EfficientIP DDI
DDOS 완화
- Akamai Prolexic
사기성 소프트웨어
- Acalvio
- Estar
DHCP 로그
- Akamai DHCP
- Cisco DHCP
- ExtraHop DHCP
- Fortinet
- Infoblox DHCP
- ISC DHCP
- Kea DHCP
- Linux DHCP
- Sophos DHCP
- 고정 IP
- Windows DHCP
- Zeek DHCP
DLP
- Accellion
- Code42 Incydr
- CoSoSys Protector
- F5 Shape
- Forcepoint DLP
- IBM Guardium
- McAfee DLP
- Preveil Enterprise
- Proofpoint Observeit
- Protegrity Defiance
- Symantec DLP
- Tripwire
DNS 로그
- Akamai DNS
- AWS Route 53 DNS
- BIND
- Bluecat Edge DNS Resolver
- Cisco DNS
- Cisco Umbrella DNS
- ExtraHop DNS
- F5 DNS
- Infoblox DNS
- Infoblox RPZ
- Men and Mice DNS
- Passive DNS
- Power DNS
- Splunk DNS
- UltraDNS
- Unbound DNS
- Windows DNS
EDR 로그
- Carbon Black
- Carbon Black App Control
- Check Point Sandblast
- CrowdStrike Falcon
- CrowdStrike Falcon CEF
- Cybereason EDR
- Deep Instinct EDR
- Digital Guardian
- eCAR
- eCAR Bro
- EclecticIQ EDR
- Endgame
- ESET
- Fidelis Endpoint
- Fortinet FortiEDR
- JAMF Protect
- LimaCharlie
- Malwarebytes
- McAfee MVISION EDR
- 엔드포인트용 Microsoft Defender
- OSQuery
- Palo Alto Networks Traps
- Rapid7 Insight
- Red Canary
- SentinelOne Deep Visibility
- SentinelOne EDR
- Sophos Capsule8
- Sophos Intercept EDR
- Symantec EDR
- Sysdig
- TrendMicro EDR
- Uptycs EDR
- VMRay Analyzer
- White Cloud
- Windows 이벤트
- Windows Sysmon
이메일 서버 로그
- Abnormal Security
- Apache SpamAssassin
- Area1 Security
- Avanan Email Security
- Barracuda Email
- Check Point Email
- Cisco Email Security
- Cofense
- Cofense Vision
- Fireeye eMPS
- Fireeye ETP
- Gmail 로그
- GreatHorn Email Security
- KnowBe4 PhishER
- MailScanner
- Material Security
- Microsoft Exchange
- Mimecast
- PostFix 메일
- Proofpoint Email Filter
- Proofpoint On Demand
- Proofpoint Tap Alerts
- Proofpoint Threat Response
- Proofpoint Web Browser Isolation
- Sendmail
- Symantec Messaging Gateway
- Symantec VIP Gateway
- Trend Micro Cloud App Security
- Voltage
금융 서비스 로그
- D3 Banking
- GMV Checker ATM Security
- GMV Checker User Context
- Swift Alliance Messaging Hub
방화벽 로그
- Azure Firewall
- 확인 지점
- Cisco ASA
- Cisco Firepower NGFW
- Cisco Umbrella Cloud Firewall
- Cisco Umbrella IP
- FireMon Firewall
- Forcepoint NGFW
- FortiGate
- Juniper
- Netfilter IPtables
- Palo Alto Networks Firewall
- Radware 웹 애플리케이션 방화벽
- Silver Peak Firewall
- SonicWall
- Sophos Firewall(차세대)
- Sophos UTM
- Windows 방화벽
- ZScaler NGFW
형식 관련 로그
- BT IPControl
- Cisco Meraki
- Cisco WSA
- Cylance
- Infoblox
- Kubernetes 감사 로그
- Kubernetes 인증 프록시 로그
- Zeek JSON
- Zeek TSV
GCP 관련 로그
- Forseti Open Source
- GCP Apigee
- GCP Cloud ID 기기 사용자
- GCP Cloud IOT
- GCP Cloud NAT
- GCP Cloud Run
- GCP Cloud SQL
- GCP 컴퓨팅
- GCP DNS
- GCP 방화벽 규칙
- GCP Load Balancing
- GCP Threat Detection
- Workspace 활동
- Workspace 알림
- Workspace ChromeOS 기기
- Workspace 그룹
- Workspace 휴대기기
- Workspace 권한
- Workspace 사용자
하드웨어 보안 모듈
- Futurex HSM
- Thales Luna 하드웨어 보안 모듈
의료
- EPIC Systems
- Oscar Claims
허니팟
- Attivo Networks
- Guardicore Centra
- Honeyd
- Thinkst Canary
HTTP 로그
- Zeek HTTP
하이퍼바이저 및 애플리케이션 가상화
- Cameyo Bring Your Own Cloud
- Docker
- VMware ESXi
- VMware HCX
- VMware Horizon
- VMware NSX
- VMware Tanzu Kubernetes Grid
- VMware vCenter
- VMware vRealize Suite
- VMware vShield
- VMware Workspace ONE
IaaS 애플리케이션
- Aqua Security
- AT&T Netbond
- GlusterFS
ID 및 액세스 관리
- Avatier Password Management
- AWS Control Tower
- Cisco ISE
- CloudM
- Duo Administrator 로그
- Duo Telephony 로그
- Google Cloud ID 컨텍스트
- HP Aruba(Clearpass)
IDS/IPS 로그
- Amazon Guardduty
- Aruba IPS
- Cisco Wireless IPS
- Cloud Passage(LIDS)
- Deepfence Network Monitoring
- Falco IDS
- Juniper IPS
- Lacework Cloud Security
- LookingGlass Aenoik IDPS
- McAfee IPS
- Microsoft ATA
- Orca Cloud Security Platform
- OSSEC
- Snort
- Sourcefire
- Suricata EVE
- Suricata IDS
- Trend Micro
IoC 로그
- Anomali
- Centripetal Networks IOC
- COVID-19 Cyber Threat Coalition
- Crowdstrike IOC
- CSV Custom IOC
- 미합중국 국토안보부
- Digital Shadows Indicators
- Digital Shadows SearchLight
- Emerging Threats Pro
- ESET Threat Intelligence
- Looking Glass
- MISP Threat Intelligence
- Open Source Intelligence
- PAN Autofocus
- Recorded Future
- RH-ISAC
- ThreatConnect
IoT
- Medigate IoT
- Ordr IoT
IT 인프라
- HPE ILO
- Nutanix Frame
- Nutanix Prism
K8s 클러스터 감사 로그 전용
- Kubernetes 노드 로그
- McAfee ePolicy Orchestrator
- Nokia VitalQIP
- pfSense
- Red Hat OpenShift
- WatchGuard
- Windows Event(XML)
LDAP 소프트웨어
- ForgeRock OpenDJ
- JumpCloud Directory as a Service
- Open LDAP
- Red Hat Directory Server LDAP
- Semperis ADFR
- Semperis DSP
부하 분산기, 트래픽 셰이퍼, ADC 로그
- Akamai Cloud Monitor
- Allot NetEnforcer
- Brocade ServerIron ADX
- Cisco Application Control Engine
- Citrix Netscaler
- F5 BIGIP LTM
- HaProxy 부하 분산기
- Infoblox 부하 분산기
- Kemp 부하 분산기
- Peplink 부하 분산기
- VMware Avi Vantage Platform
로그 집계 및 SIEM 시스템
- Arcsight CEF
- Cisco FireSIGHT Management Center
- Clearsense Healthcare Analytics
- Confluent Audit
- Custom Security Data Analytics
- Dynatrace
- Elastic Audit Beats
- Elastic File Beats
- Elastic Metric Beats
- Elastic Packet Beats
- Elastic Search
- Elastic Windows Event Log Beats
- Exabeam Fusion XDR
- Fluentd 로그
- McAfee Enterprise Security Manager
- Microsoft Sentinel
- NCR Digital Insight Global Logging
- NXLog Manager
- Snare System Diagnostic Logs
- Splunk Platform
- Wazuh
- ZeroFox Platform
메인프레임 로그
- BMC AMI Defender
- CA ACF2
- IBM AS/400
- IBM z/OS
기타 Windows 관련 로그
- Azure AD
- Azure AD Directory Audit
- Azure AD Organizational Context
- ManageEngine ADAudit Plus
- ManageEngine ADManager Plus
- ManageEngine ADSelfService Plus
- Microsoft AD
- Microsoft AD FS
- Microsoft Powershell
휴대기기 관리
- Absolute Mobile Device Management
- Microsoft ActiveSync
- Microsoft Intune
- Mobileiron
NAC 로그
- Forescout NAC
- Fortinet FortiNAC
- SafeConnect NAC
NDR 로그
- Bricata NDR
- Cato Networks
- Corelight
- Darktrace
- ExtraHop RevealX
- Fidelis Network
- FireEye NX
- Gigamon
- Netscout
- Palo Alto Cortex XDR
- Plixer Scrutinizer
- Vectra Detect
- Vectra Stream
- Verizon Network Detection and Response
Netflow 로그
- Cisco Stealthwatch
네트워크 인프라
- APC Smart-UPS
- APC StruxureWare Portal
- Eaton UPS
네트워크 관리 및 최적화 소프트웨어
- Axonius Cybersecurity Asset Management
- Cisco Prime
- Cradlepoint NetCloud
- Entrust NTP Server
- HCL BigFix
- Infoblox NetMRI
- Kaseya IT Management
- MicroSemi NTP
- NetDisco
- Riverbed Steelhead
- Western Telematic Inc Console Servers
네트워크 모니터링
- Nagios 인프라 모니터링
Nucleus 보안 통합 취약점 관리
- Nucleus Asset Metadata
- Nucleus Unified Vulnerability Management
- Nucleus Vulnerability Scan Delta
OS 로그
- Cisco Internetwork Operating System
- Cisco NX-OS
- Cisco UCS
- Juniper Junos
- Linux Auditing System(AuditD)
- NIMBLE OS
- Plaso Super Timeline
- Red Canary Cloud Protection
- TGDetect
IdP
- 1Password
- Duo Entity Context Data
- Duo User Context
- ForgeRock OpenAM
- FreeIPA
- IBM DataPower Gateway
- IBM Tivoli
- Imprivata Confirm ID
- Imprivata Identity Governance
- Imprivata OneSign
- Keeper Enterprise Security
- LastPass Password Management
- Liaison NuBridges Platform
- ManageEngine AD360
- ManageEngine Password Manager Pro
- Microsoft Defender for Identity
- NCR Digital Insight FSG
- Okta
- Okta Access Gateway
- Okta RADIUS
- Okta User Context
- Ping Identity
- Preempt Alert
- Preempt Auth
- ProofID
- Red Hat Identity Management
- Red Hat Keycloak
- RSA
- SailPoint IAM
- Shibboleth IDP
- Silverfort Authentication Platform
- Thycotic
- Thycotic DevOps Secret Vault
- Venafi
패킷 캡처
- Arkime Packet Capture
물리적 보안 로그
- BRIVO
- Datawatch
- DMP
- Honeywell Pro-Watch
- Kisi Access Management
- Lenel Onguard Badge Management
- LSI Badge Management System
- Matrix Frontier Badge Management
- Openpath
- Siemens SiPass
- Thales Digital Identity and Security
정책 관리
- AlgoSec Security Management
- Cisco Content Security Management Appliance
- Cloud Passage(CSM)
- Cloud Passage(FIM)
- Secberus Cloud Security Governance
프린터 로그
- HP Printer 로그
- Lexmark Printer 로그
권한이 있는 계정 활동
- BeyondTrust
- BeyondTrust BeyondInsight
- BeyondTrust Cloud Privilege Broker
- BeyondTrust Endpoint Privilege Management
- CA Access Control
- CyberArk
- Hashicorp Vault
- Hitachi PAM
- One Identity Active Role Service
- One Identity Change Auditor
- One Identity Defender
- One Identity TPAM
- OneIdentity Balabit
- Remediant SecureONE
- SpyCloud
원격 액세스 도구
- Check Point Harmony
- Citrix Storefront
- Dell iDRAC
- Opengear Remote Management
- OpenSSH
- SecureLink
- TeamViewer
SaaS 애플리케이션
- AppOmni
- Aptos Enterprise Order Management
- Archer Integrated Risk Management
- Armor Anywhere
- Azure Security Center
- Cloud Passage
- Cloudflare
- Code Worldwide
- CWT SatoTravel
- ETQ Reliance
- IBM MaaS360
- Kyriba Treasury Management
- Logic Monitor
- ManageEngine Reporter Plus
- McAfee Unified Cloud Edge
- McAfee Web Protection
- Microsoft Azure
- Microsoft Azure Activity
- Microsoft Azure Resource
- NCC Scout Suite
- Obsidian
- Office 365
- OpenText Fax2Mail
- Oracle 클라우드 인프라
- PeopleSoft
- Pivotal
- Salesforce
- Salesforce Context
- ServiceNow Audit
- ServiceNow Roles
- ServiceNow Security
- Snipe-IT
- Sophos Central
- Symantec Event 내보내기
- Workday
- Workday Audit Logs
- WP Engine
샌드박스 기술
- Authentic8 Silo
- File Scanning Framework
- Symantec Web Isolation
검색엔진
- shodan.io
서비스 버스
- IBM CICS
- Mulesoft
SOAR 도구
- D3 Security
- Splunk Phantom
- Swimlane Platform
소프트웨어 정의 네트워킹(SDN)
- Cisco APIC
- Cisco Application Centric Infrastructure
SSL 핸드셰이크 유형
- SSL pcap
SSO 로그
- Centrify
- Citrix Workspace
- Layer7 SiteMinder
- OneLogin
- OneLogin User Context
- SecureAuth
- SiteMinder Web Access Management
STIX 제공업체
- Fox-IT
스토리지 솔루션
- Cloudian HyperStore
- Dell EMC Avamar
- Dell EMC Cloudlink
- Dell EMC Isilon NAS
- Dremio Data Lakehouse
- IBM Spectrum Protect
- NetApp SAN
- Pure Storage
스위치 및 라우터 로그
- Arista Switch
- Big Switch BigCloudFabric
- Brocade Switch
- CATO SD-WAN
- Cisco Router
- Cisco Switch
- Citrix SD-WAN
- CloudGenix SD-WAN
- Dell Switch
- Extreme Networks Switch
- HP Procurve Switch
- IBM Switch
- Juniper MX Router
- Peplink Router
- Peplink Switch
- Ubiquiti UniFi Switch
- Unifi AP
- Unifi Switch
TANIUM 로그
- Tanium Asset
- Tanium Audit
- Tanium Comply
- Tanium Deploy
- Tanium Discover
- Tanium Insight
- Tanium Integrity Monitor
- Tanium Patch
- Tanium Question
- Tanium Reveal
- Tanium Stream
- Tanium Threat Response
태스크 기반 액세스 관리
- Armis
- Stealthbits Audit
- Stealthbits Defend
전화 소프트웨어
- Cisco CTS
- Cisco UCM
- Kamailio
- Ribbon Analytics Platform
- Ribbon Session Border Controller
- Ring Central
- Zoom Operation Logs
티켓팅 애플리케이션
- Atlassian Jira
통합 데이터 모델
- UDM
Unix 관련 로그
- AIX 시스템
- cmd.com
- Solaris 시스템
- Unix 시스템
VPN 로그
- Array Networks SSL VPN
- Cisco VPN
- F5 VPN
- Fortinet FortiClient
- Microsoft SSTP VPN
- Netmotion
- OpenVPN
- Palo Alto Networks Global Protect
- Pulse Secure
- Strong Swan VPN
- ZScaler VPN
취약점 검사기
- Arxan Threat Analytics
- Cisco Secure Malware Analytics
- Cloud Passage(SVM)
- Digital Defense Frontline VM
- Qualys Continuous Monitoring
- Qualys VM
- Rapid7
- RedHat StackRox
- RiskIQ Digital Footprint
- SonarQube
- Tenable Security Center
- tenable.io
- VirusTotal Threat Hunter
- wiz.io
WAF
- Akamai WAF
- AWS WAF
- Barracuda
- Cloudflare WAF
- F5 ASM
- Fastly WAF
- Imperva
- Imperva SecureSphere Management
- Signal Sciences WAF
- Vmware Avinetworks iWAF
웹 프록시 로그
- Akamai Enterprise Threat Protector
- Blue Coat Proxy
- Cisco Umbrella Web Proxy
- Citrix Netscaler Web Logs
- Citrix Web Gateway
- Forcepoint Proxy
- Fortinet Proxy
- iBoss Proxy
- McAfee Web Gateway
- Menlo Security
- Mimecast Web Security
- Netskope Web Proxy
- Squid Web Proxy
- Symantec Web Security Service
- TrendMicro Web Proxy
- Zscaler
웹 서버 로그
- Apache
- Apache Cassandra
- Apache Hadoop
- Apache Kafka Audit
- HAProxy
- IBM Websphere Application Server
- Kong API Gateway
- Microsoft IIS
- NGINX
무선 로그
- 아루바
- Aruba Airwave
- Avaya Wireless
- Cisco WLC/WCS
- Extreme Networks AirDefense
- Ruckus Networks
- VMware AirWatch
- Domain Tools Phisheye
- Stream Alert
- ZScaler DNS