支持的数据集

Chronicle 可以从不同的公司、协议、系统和设备中提取原始日志。本文档介绍当前支持的数据集并定期更新。

如需生成支持的提取标签的最新列表,请使用提取 API 方法:

APIKEY="[[My_ApiKey]]"; curl --header "Content-Type: application/json" \
--request GET "https://malachiteingestion-pa.googleapis.com/v1/logtypes?key=${APIKEY}"

如需了解如何提取和规范化数据,请参阅将数据注入 Chronicle 概览

如需查看支持的默认解析器的列表,请参阅支持的默认解析器

提醒日志

  • Active Countermeasures
  • AlphaSOC
  • CIS Albert Alerts
  • CrowdStrike Falcon Stream
  • 客户提醒
  • Cylance Protect
  • FireEye
  • IBM zSecure Alert
  • Microsoft Graph API Alerts
  • Microsoft Security Center
  • Netskope

应用服务器日志

  • Apache Tomcat

应用白名单

  • Windows Applocker

身份验证日志

  • Auth0
  • Authx
  • Barracuda CloudGen Access
  • CA LDAP
  • Cisco ACS
  • Cisco TACACS+
  • Cyolo Zero Trust
  • Duo Auth
  • Duo Network Gateway
  • FreeRADIUS
  • IBM Security Verify
  • Quest Active Directory
  • RSA RADIUS
  • Thales MFA
  • Yubico OTP

自动化和 DevOps 工具

  • Ansible AWX
  • Automation Anywhere
  • GitHub
  • GitLab
  • Jenkins

AV 和端点日志

  • Apple MacOS
  • Automox
  • Azure ATP
  • Bitdefender
  • Cisco AMP
  • ClamAV
  • Comodo
  • Dell OpenManage
  • ESET AV
  • FireEye HX
  • Fortinet FortiSandbox
  • Kaspersky AV
  • Microsoft System Center Endpoint Protection
  • Minerva AV
  • Sophos AV
  • Superna Eyeglass
  • Symantec Endpoint Protection
  • Trend Micro AV
  • Windows Defender ATP
  • Windows Defender AV

AWS 专用日志

  • AWS CloudFront
  • AWS Cloudtrail
  • AWS CloudWatch
  • AWS Config
  • AWS Elastic Load Balancer
  • AWS Key Management Service
  • AWS Macie
  • AWS Redshift
  • AWS S3 Server Access
  • AWS Security Hub
  • AWS Session Manager

备份软件

  • Code42 CrashPlan
  • Cohesity
  • CommVault
  • Rubrik
  • Veeam

机器人防护

  • Cequence Bot Defense
  • Cloudflare Bot Management
  • F5 Bot
  • PerimeterX Bot Protection

CASB

  • Cisco CloudLock
  • Duo Access Gateway
  • McAfee MVISION CASB
  • McAfee Skyhigh CASB
  • Microsoft CASB
  • Palo Alto Prisma Access
  • Palo Alto Prisma Cloud
  • Proofpoint CASB
  • Symantec CloudSOC CASB

CMDB 日志

  • CSV 自定义 CMDB
  • JAMF CMDB
  • Medigate CMDB
  • ServiceNow CMDB
  • Windows Network Policy Server

协作日志

  • Appian Cloud
  • Atlassian Confluence
  • Box
  • Design Profit Central Server
  • Dropbox
  • iManage Cloud Platform
  • Kibana 审核日志
  • Mango Apps
  • Microsoft SharePoint
  • Puppet
  • Slack Audit

内容管理软件

  • OnBase CMS
  • WordPress

数据安全

  • Datadog
  • DataLocker SafeConsole
  • Dell EMC Data Domain
  • Fortanix Data Security Manager
  • Imperva Database
  • Rubrik Polaris
  • Thales Vormetric
  • Varonis

Data Transfer

  • FileZilla
  • Globalscape SFTP
  • IBM MQ File Transfer
  • Ipswitch MOVEit Automation
  • Ipswitch MOVEit Transfer
  • Ipswitch SFTP
  • Nasuni File Services Platform
  • SolarWinds Serv-U
  • VanDyke SFTP
  • VSFTPD Audit

数据库日志

  • Azure Cosmos DB
  • Azure SQL
  • IBM DB2
  • IBM Informix
  • IBM JDE
  • Maria Database
  • Microsoft SQL Server
  • Mongo Database
  • MySQL
  • Oracle
  • SAP HANA
  • SAP Insurance
  • Snowflake

DDI 日志(DNS、DHCP、IPAM)

  • Bluecat DDI
  • EfficientIP DDI

DDOS Mitigation

  • Akamai Prolexic

欺骗性软件

  • Acalvio
  • Estar

DHCP 日志

  • Akamai DHCP
  • Cisco DHCP
  • ExtraHop DHCP
  • Fortinet
  • Infoblox DHCP
  • ISC DHCP
  • Kea DHCP
  • Linux DHCP
  • Sophos DHCP
  • Static IP
  • Windows DHCP
  • Zeek DHCP

DLP

  • Accellion
  • Code42 Incydr
  • CoSoSys Protector
  • F5 Shape
  • Forcepoint DLP
  • IBM Guardium
  • McAfee DLP
  • Preveil Enterprise
  • Proofpoint Observeit
  • Protegrity Defiance
  • Symantec DLP
  • Tripwire

DNS 日志

  • Akamai DNS
  • AWS Route 53 DNS
  • BIND
  • Bluecat Edge DNS Resolver
  • Cisco DNS
  • Cisco Umbrella DNS
  • ExtraHop DNS
  • F5 DNS
  • Infoblox DNS
  • Infoblox RPZ
  • Men and Mice DNS
  • Passive DNS
  • Power DNS
  • Splunk DNS
  • UltraDNS
  • Unbound DNS
  • Windows DNS

EDR 日志

  • Carbon Black
  • Carbon Black App Control
  • Check Point Sandblast
  • CrowdStrike Falcon
  • CrowdStrike Falcon CEF
  • Cybereason EDR
  • Deep Instinct EDR
  • Digital Guardian
  • eCAR
  • eCAR Bro
  • EclecticIQ EDR
  • Endgame
  • ESET
  • Fidelis Endpoint
  • Fortinet FortiEDR
  • JAMF Protect
  • LimaCharlie
  • Malwarebytes
  • McAfee MVISION EDR
  • Microsoft Defender for Endpoint
  • OSQuery
  • Palo Alto Networks Traps
  • Rapid7 Insight
  • Red Canary
  • SentinelOne Deep Visibility
  • SentinelOne EDR
  • Sophos Capsule8
  • Sophos Intercept EDR
  • Symantec EDR
  • Sysdig
  • TrendMicro EDR
  • Uptycs EDR
  • VMRay 分析器
  • White Cloud
  • Windows Event
  • Windows Sysmon

电子邮件服务器日志

  • Abnormal Security
  • Apache SpamAssassin
  • Area1 Security
  • Avanan 电子邮件安全
  • Barracuda 电子邮件
  • Check Point Email
  • Cisco Email Security
  • Cofense
  • Cofense Vision
  • Fireeye eMPS
  • Fireeye ETP
  • GMAIL Logs
  • GreatHorn Email Security
  • KnowBe4 PhishER
  • MailScanner
  • Material Security
  • Microsoft Exchange
  • Mimecast
  • PostFix 邮件
  • Proofpoint Email Filter
  • Proofpoint On Demand
  • Proofpoint Tap Alerts
  • Proofpoint Threat Response
  • Proofpoint Web Browser Isolation
  • Sendmail
  • Symantec Messaging Gateway
  • Symantec VIP Gateway
  • Trend Micro Cloud App Security
  • Voltage

金融服务日志

  • D3 Banking
  • GMV Checker ATM Security
  • GMV Checker User Context
  • Swift Alliance Messaging Hub

防火墙日志

  • Azure Firewall
  • Check Point
  • Cisco ASA
  • Cisco Firepower NGFW
  • Cisco Umbrella Cloud Firewall
  • Cisco Umbrella IP
  • FireMon Firewall
  • Forcepoint NGFW
  • FortiGate
  • Juniper
  • Netfilter IPtables
  • Palo Alto Networks Firewall
  • Radware Web Application Firewall
  • Silver Peak Firewall
  • SonicWall
  • Sophos Firewall(下一代)
  • Sophos UTM
  • Windows Firewall
  • ZScaler NGFW

格式专用日志

  • BT IPControl
  • Cisco Meraki
  • Cisco WSA
  • Cylance
  • Infoblox
  • Kubernetes 审核日志
  • Kubernetes 身份验证代理日志
  • Zeek JSON
  • Zeek TSV

GCP 专用日志

  • Forseti Open Source
  • GCP Apigee
  • GCP Cloud Identity Device Users
  • GCP Cloud IOT
  • GCP Cloud NAT
  • GCP Cloud Run
  • GCP Cloud SQL
  • GCP Compute
  • GCP DNS
  • GCP Firewall Rules
  • GCP Load Balancing
  • GCP Threat Detection
  • Workspace Activities
  • Workspace Alerts
  • Workspace ChromeOS Devices
  • Workspace Groups
  • Workspace Mobile Devices
  • Workspace Privileges
  • Workspace Users

Hardware Security Modules

  • Futurex HSM
  • Thales Luna Hardware Security Module

医疗保健

  • EPIC Systems
  • Oscar Claims

蜜罐

  • Attivo Networks
  • Guardicore Centra
  • Honeyd
  • Thinkst Canary

HTTP 日志

  • Zeek HTTP

Hypervisor 和应用虚拟化

  • Cameyo Bring Your Own Cloud
  • Docker
  • VMware ESXi
  • VMware HCX
  • VMware Horizon
  • VMware NSX
  • VMware Tanzu Kubernetes Grid
  • VMware vCenter
  • VMware vRealize Suite
  • VMware vShield
  • VMware Workspace ONE

IaaS 应用

  • Aqua Security
  • AT&T Netbond
  • GlusterFS

Identity and Access Management

  • Avatier Password Management
  • AWS Control Tower
  • Cisco ISE
  • CloudM
  • Duo Administrator Logs
  • Duo Telephony Logs
  • Google Cloud Identity Context
  • HP Aruba(Clearpass)

IDS/IPS 日志

  • Amazon Guardduty
  • Aruba IPS
  • Cisco Wireless IPS
  • Cloud Passage (LIDS)
  • Deepfence Network Monitoring
  • Falco IDS
  • Juniper IPS
  • Lacework Cloud Security
  • LookingGlass Aenoik IDPS
  • McAfee IPS
  • Microsoft ATA
  • Orca Cloud Security Platform
  • OSSEC
  • Snort
  • Sourcefire
  • Suricata EVE
  • Suricata IDS
  • Trend Micro

IoC 日志

  • Anomali
  • Centripetal Networks IOC
  • COVID-19 Cyber Threat Coalition
  • Crowdstrike IOC
  • CSV 自定义 IOC
  • Department of Homeland Security
  • Digital Shadows Indicators
  • Digital Shadows SearchLight
  • 新兴威胁专家
  • ESET Threat Intelligence
  • Looking Glass
  • MISP Threat Intelligence
  • Open Source Intelligence
  • PAN Autofocus
  • Recorded Future
  • RH-ISAC
  • ThreatConnect

IoT

  • Medigate IoT
  • Ordr IoT

IT 基础架构

  • HPE ILO
  • Nutanix Frame
  • Nutanix Prism

仅限 K8s 集群审核日志

  • Kubernetes 节点日志
  • McAfee ePolicy Orchestrator
  • Nokia VitalQIP
  • pfSense
  • Red Hat OpenShift
  • WatchGuard
  • Windows Event (XML)

LDAP 软件

  • ForgeRock OpenDJ
  • JumpCloud Directory as a Service
  • Open LDAP
  • Red Hat Directory Server LDAP
  • Semperis ADFR
  • Semperis DSP

负载均衡器、流量调整器和 ADC 日志

  • Akamai Cloud Monitor
  • Allot NetEnforcer
  • Brocade ServerIron ADX
  • Cisco Application Control Engine
  • Citrix Netscaler
  • F5 BIGIP LTM
  • HaProxy LoadBalancer
  • Infoblox Loadbalancer
  • Kemp Load Balancer
  • Peplink Loadbalancer
  • VMware Avi Vantage Platform

日志聚合和 SIEM 系统

  • Arcsight CEF
  • Cisco FireSIGHT Management Center
  • Clearsense Healthcare Analytics
  • Confluent Audit
  • Custom Security Data Analytics
  • Dynatrace
  • Elastic Audit Beats
  • Elastic File Beats
  • Elastic Metric Beats
  • Elastic Packet Beats
  • Elastic Search
  • Elastic Windows Event Log Beats
  • Exabeam Fusion XDR
  • Fluentd Logs
  • McAfee Enterprise Security Manager
  • Microsoft Sentinel
  • NCR Digital Insight Global Logging
  • NXLog Manager
  • Snare System Diagnostic Logs
  • Splunk Platform
  • Wazuh
  • ZeroFox Platform

大型主机日志

  • BMC AMI Defender
  • CA ACF2
  • IBM AS/400
  • IBM z/OS

其他 Windows 专用日志

  • Azure AD
  • Azure AD Directory Audit
  • Azure AD Organizational Context
  • ManageEngine ADAudit Plus
  • ManageEngine ADManager Plus
  • ManageEngine ADSelfService Plus
  • Microsoft AD
  • Microsoft AD FS
  • Microsoft Powershell

移动设备管理

  • 绝对移动设备管理
  • Microsoft ActiveSync
  • Microsoft Intune
  • Mobileiron

NAC 日志

  • Forescout NAC
  • Fortinet FortiNAC
  • SafeConnect NAC

NDR 日志

  • Bricata NDR
  • Cato Networks
  • Corelight
  • Darktrace
  • ExtraHop RevealX
  • Fidelis Network
  • FireEye NX
  • Gigamon
  • Netscout
  • Palo Alto Cortex XDR
  • Plixer Scrutinizer
  • Vectra Detect
  • Vectra Stream
  • Verizon Network Detection and Response

Netflow 日志

  • Cisco Stealthwatch

网络基础架构

  • APC Smart-UPS
  • APC StruxureWare Portal
  • Eaton UPS

网络管理和优化软件

  • Axonius Cybersecurity Asset Management
  • Cisco Prime
  • Cradlepoint NetCloud
  • Entrust NTP Server
  • HCL BigFix
  • Infoblox NetMRI
  • Kaseya IT Management
  • MicroSemi NTP
  • NetDisco
  • Riverbed Steelhead
  • Western Telematic Inc Console Servers

网络监控

  • Nagios Infrastructure Monitoring

Nucleus Security Unified Vulnerability Management

  • Nucleus Asset Metadata
  • Nucleus Unified Vulnerability Management
  • Nucleus Vulnerability Scan Delta

操作系统日志

  • Cisco Internetwork Operating System
  • Cisco NX-OS
  • Cisco UCS
  • Juniper Junos
  • Linux Auditing System (AuditD)
  • NIMBLE OS
  • Plaso Super Timeline
  • Red Canary Cloud Protection
  • TGDetect

IdP

  • 1Password
  • Duo Entity context data
  • Duo User Context
  • ForgeRock OpenAM
  • FreeIPA
  • IBM DataPower Gateway
  • IBM Tivoli
  • Imprivata Confirm ID
  • Imprivata Identity Governance
  • Imprivata OneSign
  • Keeper Enterprise Security
  • LastPass Password Management
  • Liaison NuBridges Platform
  • ManageEngine AD360
  • ManageEngine Password Manager Pro
  • Microsoft Defender for Identity
  • NCR Digital Insight FSG
  • Okta
  • Okta Access Gateway
  • Okta RADIUS
  • Okta User Context
  • Ping Identity
  • Preempt Alert
  • 抢占身份验证
  • ProofID
  • Red Hat Identity Management
  • Red Hat Keycloak
  • RSA
  • SailPoint IAM
  • Shibboleth IDP
  • Silverfort Authentication Platform
  • Thycotic
  • Thycotic devops secret vault
  • Venafi

数据包捕获

  • Arkime Packet Capture

物理安全日志

  • BRIVO
  • Datawatch
  • DMP
  • Honeywell Pro-Watch
  • Kisi Access Management
  • Lenel Onguard Badge Management
  • LSI Badge Management System
  • Matrix Frontier Badge Management
  • Openpath
  • Siemens SiPass
  • Thales Digital Identity and Security

政策管理

  • AlgoSec 安全管理
  • Cisco Content Security Management Appliance
  • Cloud Passage (CSM)
  • Cloud Passage (FIM)
  • Secberus Cloud Security Governance

打印机日志

  • HP Printer logs
  • Lexmark Printer logs

特权帐号活动

  • BeyondTrust
  • BeyondTrust BeyondInsight
  • BeyondTrust Cloud Privilege Broker
  • BeyondTrust Endpoint Privilege Management
  • CA Access Control
  • CyberArk
  • Hashicorp Vault
  • Hitachi PAM
  • One Identity Active Role Service
  • One Identity Change Auditor
  • One Identity Defender
  • One Identity TPAM
  • OneIdentity Balabit
  • Remediant SecureONE
  • SpyCloud

远程访问工具

  • Check Point Harmony
  • Citrix Storefront
  • Dell iDRAC
  • Opengear Remote Management
  • OpenSSH
  • SecureLink
  • TeamViewer

SaaS 应用

  • AppOmni
  • Aptos Enterprise Order Management
  • Archer Integrated Risk Management
  • Armor Anywhere
  • Azure 安全中心
  • Cloud Passage
  • Cloudflare
  • Code Worldwide
  • CWT SatoTravel
  • ETQ Reliance
  • IBM MaaS360
  • Kyriba Treasury Management
  • Logic Monitor
  • ManageEngine Reporter Plus
  • McAfee Unified Cloud Edge
  • McAfee Web 防护
  • Microsoft Azure
  • Microsoft Azure Activity
  • Microsoft Azure Resource
  • NCC Scout Suite
  • Obsidian
  • Office 365
  • OpenText Fax2Mail
  • Oracle Cloud Infrastructure
  • PeopleSoft
  • Pivotal
  • Salesforce
  • Salesforce Context
  • ServiceNow Audit
  • ServiceNow Roles
  • ServiceNow Security
  • Snipe-IT
  • Sophos Central
  • Symantec Event export
  • Workday
  • Workday Audit Logs
  • WP Engine

沙盒技术

  • Authentic8 Silo
  • 文件扫描框架
  • Symantec Web Isolation

搜索引擎

  • shodan.io

服务总线

  • IBM CICS
  • Mulesoft

SOAR 工具

  • D3 Security
  • Splunk Phantom
  • Swimlane Platform

软件定义网络 (SDN)

  • Cisco APIC
  • Cisco Application Centric Infrastructure

SSL 握手类型

  • SSL pcap

SSO 日志

  • Centrify
  • Citrix Workspace
  • Layer7 SiteMinder
  • OneLogin
  • OneLogin User Context
  • SecureAuth
  • SiteMinder Web Access Management

STIX 提供商

  • Fox-IT

存储解决方案

  • Cloudian hyperstore
  • Dell EMC Avamar
  • Dell EMC Cloudlink
  • Dell EMC Isilon NAS
  • Dremio Data Lakehouse
  • IBM Spectrum Protect
  • NetApp SAN
  • Pure Storage

交换机和路由器日志

  • Arista Switch
  • Big Switch BigCloudFabric
  • Brocade Switch
  • CATO SD-WAN
  • Cisco Router
  • Cisco Switch
  • Citrix SD-WAN
  • CloudGenix SD-WAN
  • Dell Switch
  • Extreme Networks Switch
  • HP Procurve Switch
  • IBM Switch
  • Juniper MX Router
  • Peplink Router
  • Peplink Switch
  • Ubiquiti UniFi Switch
  • Unifi AP
  • Unifi Switch

TANIUM 日志

  • Tanium Asset
  • Tanium Audit
  • Tanium Comply
  • Tanium Deploy
  • Tanium Discover
  • Tanium Insight
  • Tanium Integrity Monitor
  • Tanium Patch
  • Tanium Question
  • Tanium Reveal
  • Tanium Stream
  • Tanium Threat Response

基于任务的访问管理

  • Armis
  • Stealthbits Audit
  • Stealthbits Defend

电话软件

  • Cisco CTS
  • Cisco UCM
  • Kamailio
  • Ribbon Analytics Platform
  • Ribbon Session Border Controller
  • Ring Central
  • Zoom Operation Logs

工单应用

  • Atlassian Jira

统一数据模型

  • UDM

Unix 专用日志

  • AIX 系统
  • cmd.com
  • Solaris 系统
  • Unix 系统

VPN 日志

  • Array Networks SSL VPN
  • Cisco VPN
  • F5 VPN
  • Fortinet FortiClient
  • Microsoft SSTP VPN
  • Netmotion
  • OpenVPN
  • Palo Alto Networks Global Protect
  • Pulse Secure
  • Strong Swan VPN
  • ZScaler VPN

漏洞扫描器

  • Arxan Threat Analytics
  • Cisco Secure Malware Analytics
  • Cloud Passage (SVM)
  • Digital Defense Frontline VM
  • Qualys Continuous Monitoring
  • Qualys VM
  • Rapid7
  • RedHat StackRox
  • RiskIQ Digital Footprint
  • SonarQube
  • Tenable Security Center
  • tenable.io
  • VirusTotal Threat Hunter
  • wiz.io

WAF

  • Akamai WAF
  • AWS WAF
  • Barracuda
  • Cloudflare WAF
  • F5 ASM
  • Fastly WAF
  • Imperva
  • Imperva SecureSphere Management
  • Signal Sciences WAF
  • Vmware Avinetworks iWAF

Web 代理日志

  • Akamai Enterprise Threat Protector
  • Blue Coat Proxy
  • Cisco Umbrella Web Proxy
  • Citrix Netscaler Web Logs
  • Citrix Web Gateway
  • Forcepoint Proxy
  • Fortinet Proxy
  • iBoss Proxy
  • McAfee Web Gateway
  • Menlo Security
  • Mimecast Web Security
  • Netskope Web Proxy
  • Squid Web Proxy
  • Symantec Web Security Service
  • TrendMicro Web Proxy
  • Zscaler

Web 服务器日志

  • Apache
  • Apache Cassandra
  • Apache Hadoop
  • Apache Kafka Audit
  • HAProxy
  • IBM Websphere Application Server
  • Kong API Gateway
  • Microsoft IIS
  • NGINX

无线日志

  • 阿鲁巴
  • Aruba Airwave
  • Avaya Wireless
  • Cisco WLC/WCS
  • Extreme Networks AirDefense
  • Ruckus Networks
  • VMware AirWatch
  • Domain Tools Phisheye
  • Stream Alert
  • ZScaler DNS