Supported log types and default parsers
This document contains information about Google Security Operations SIEM integrations for data ingestion.
It summarizes the devices, and the associated ingestion label (log_type) field in the
Ingestion API and data_type in a Forwarder configuration), that Google Security Operations SIEM supports.
Request a log type
In SIEM Settings, you can request a prebuilt log type from Google SecOps or create a custom log type on your own. For the corresponding prebuilt parsers and custom parsers, see Manage prebuilt and custom parsers.
- Like prebuilt parsers, prebuilt log types are created and owned by Google SecOps. Corresponding prebuilt parsers are configured by Google SecOps. Prebuilt log types are available after 2-3 weeks to all Google SecOps customers.
- Like custom parsers, custom log types are created and owned by your organization for use in your environment. Corresponding custom parsers need to be configured by your organization. Custom log types and parsers are available within 10 minutes after creation, but to your organization only.
- CSV: Comma Separated Values
- JSON: JavaScript Object Notation
- SYSLOG: syslog formatted message
- KV: key-value pair
- XML: Extensible Markup Language
- SYSLOG + KV: syslog header with key-value body
- SYSLOG + JSON: syslog header with JSON body
- SYSLOG + XML: syslog header with XML body
- LEEF: Log Event Extended Format
- CEF: Common Event Format
Supported log types with a default parser
Parsers normalize raw log data into structured Unified Data Model format. This
section lists supported devices, and the associated ingestion label (log_type field in the
Ingestion API and data_type in a Forwarder configuration), that also have a prebuilt default parser.
The default parser is supported by Google Security Operations as long as the device's
raw logs are received in the required format.
For a list of supported log types without a default parser, see Supported log types without a default parser.
The Format column indicates the high-level structure of the raw log, as:
These changes are applied to newly ingested logs. Parser changes are not applied retroactively to previously ingested logs.
| Vendor / Product | Category | Ingestion label | Format | Latest Update |
|---|---|---|---|---|
| FingerprintJS | Vulnerability scanners | FINGERPRINT_JS |
JSON | 2024-11-14 View Change |
| SAP Sybase Adaptive Server Enterprise Database | Database | SAP_ASE |
SYSLOG+KV | 2024-12-04 View Change |
| Qualys Asset Context | Vulnerability Scanner | QUALYS_ASSET_CONTEXT |
JSON | 2023-08-01 View Change |
| Brocade ServerIron ADX | Load Balancer | BROCADE_SERVERIRON |
SYSLOG | 2022-01-13 |
| Cylance Protect | Alerts | CYLANCE_PROTECT |
SYSLOG + KV | 2022-09-06 View Change |
| Cisco ACS | Authentication | CISCO_ACS |
SYSLOG + KV | 2024-11-14 View Change |
| IBM DataPower Gateway | API Gateway | IBM_DATAPOWER |
JSON, SYSLOG | 2024-06-18 View Change |
| Cloudflare | SaaS Application | CLOUDFLARE |
JSON | 2025-01-15 View Change |
| IBM OpenPages | Data Security | IBM_OPENPAGES |
SYSLOG | 2024-10-10 View Change |
| Appian Cloud | Collaboration log types | APPIAN_CLOUD |
SYSLOG | 2025-02-12 View Change |
| Sierra Wireless | IOT Devices | SIERRA_WIRELESS |
SYSLOG | 2023-11-23 View Change |
| AppOmni | SAAS Security Application | APPOMNI |
JSON | 2025-01-07 View Change |
| Cloud Passage | SaaS Application | CLOUD_PASSAGE |
JSON | 2022-06-30 View Change |
| Palo Alto Networks Firewall | Firewall | PAN_FIREWALL |
CSV + CEF + LEEF | 2025-02-14 View Change |
| Qualys Continuous Monitoring | Monitoring | QUALYS_CONTINUOUS_MONITORING |
JSON | 2022-08-30 View Change |
| SAP SM20 | Security Audit Log | SAP_SM20 |
JSON | 2024-04-16 View Change |
| Microsoft Defender for Office 365 | Email server log types. | MICROSOFT_DEFENDER_MAIL |
JSON | 2025-01-23 View Change |
| Anomali | IOC | ANOMALI_IOC |
JSON, CEF | 2024-02-09 View Change |
| Palo Alto Prisma Cloud | SECURITY PLATFORM | PAN_PRISMA_CLOUD |
JSON | 2024-11-18 View Change |
| AWS Aurora | AWS | AWS_AURORA |
JSON | 2024-01-12 View Change |
| Tanium Threat Response | Tanium Specific | TANIUM_THREAT_RESPONSE |
JSON | 2025-02-06 View Change |
| Windows Firewall | Firewall | WINDOWS_FIREWALL |
Space Separated Value | 2021-08-26 |
| Falco IDS | IDS/IPS | FALCO_IDS |
JSON | 2024-03-06 View Change |
| Netskope CASB | CASB | NETSKOPE_CASB |
JSON | 2024-02-12 View Change |
| Yubico OTP | Audit event | YUBICO_OTP |
SYSLOG, JSON, CSV | 2023-02-20 View Change |
| Huawei Switches | Switches and Routers | HUAWEI_SWITCH |
2025-01-22 View Change |
|
| QNAP Systems NAS | Storage solutions | QNAP_NAS |
SYSLOG, KV | 2024-12-09 View Change |
| Delinea Secret Server | Privileged Account Activity | DELINEA_SECRET_SERVER |
KV | 2025-01-29 View Change |
| EPIC Systems | Discovery and Monitoring | EPIC |
LEEF + KV | 2024-07-01 View Change |
| IBM Mainframe Storage | Monitoring | IBM_MAINFRAME_STORAGE |
SYSLOG | 2024-10-03 View Change |
| Virtru Email Encryption | EMAIL SERVER | VIRTRU_EMAIL_ENCRYPTION |
JSON | 2024-12-19 View Change |
| Thycotic | Identity and Access Management | THYCOTIC |
SYSLOG + KV (CEF) | 2024-10-08 View Change |
| AWS Elastic Load Balancer | AWS Specific | AWS_ELB |
SYSLOG, JSON | 2025-02-19 View Change |
| ClamAV | AV / Endpoint | CLAM_AV |
JSON | 2022-02-07 |
| Cisco WSA | WSA | CISCO_WSA |
SYSLOG | 2024-08-13 View Change |
| JAMF CMDB | Computer Inventory | JAMF |
JSON | 2024-05-28 View Change |
| Men and Mice DNS | DNS | MENANDMICE_DNS |
SYSLOG | 2021-11-12 |
| Fortinet FortiAnalyzer | Fortinet FortiAnalyzer | FORTINET_FORTIANALYZER |
JSON | 2025-01-31 View Change |
| Cisco NX-OS | OS | CISCO_NX_OS |
SYSLOG | 2025-02-07 View Change |
| VMware Tanzu Kubernetes Grid | IDS/IPS | VMWARE_TANZU |
JSON + SYSLOG+JSON | 2023-09-08 View Change |
| Duo Administrator Logs | Authentication | DUO_ADMIN |
JSON | 2025-01-02 View Change |
| CrowdStrike Filevantage | IT infrastructure | CS_FILEVANTAGE |
JSON | 2024-11-26 View Change |
| ThreatConnect | IOC | THREATCONNECT_IOC |
JSON | 2022-01-13 |
| NXLog Manager | Log Aggregator | NXLOG_MANAGER |
SYSLOG | 2022-01-13 |
| Imperva DRA | Data Security | IMPERVA_DRA |
SYSLOG,json | 2024-09-26 View Change |
| Netscope Client | CASB | NETSKOPE_CLIENT |
JSON | 2024-10-16 View Change |
| Palo Alto Panorama | Firewall | PAN_PANORAMA |
CSV | 2025-01-30 View Change |
| Tailscale | CASB | TAILSCALE |
JSON | 2024-11-21 View Change |
| TXOne Stellar | AV and Endpoint logs | TRENDMICRO_STELLAR |
SYSLOG , JSON | 2025-02-12 View Change |
| Kong API Gateway | Microservice management | KONG_GATEWAY |
SYSLOG + JSON | 2022-09-23 View Change |
| Ipswitch MOVEit Transfer | Switches | IPSWITCH_MOVEIT_TRANSFER |
SYSLOG + CSV | 2024-04-22 View Change |
| Trend Micro AV | AV / Endpoint | TRENDMICRO_AV |
SYSLOG + KV, CEF | 2023-05-21 View Change |
| Qualys Virtual Scanner | Vulnerability Scanner | QUALYS_VIRTUAL_SCANNER |
JSON | 2023-08-21 View Change |
| Cisco VCS Expressway | Telephone software | CISCO_VCS |
SYSLOG | 2023-06-12 View Change |
| WindChill | Lifecycle Management Software | WINDCHILL |
SYSLOG | 2024-11-21 View Change |
| Menlo Security | Web Proxy | MENLO_SECURITY |
JSON | 2023-08-03 View Change |
| Crowdstrike Identity Protection Services | AV AND ENDPOINT LOGS | CS_IDP |
JSON | 2025-01-28 View Change |
| SAP Webdispatcher | Software WebSwitch | SAP_WEBDISP |
SYSLOG | 2024-03-15 View Change |
| Dell EMC PowerStore | DATA STORAGE | DELL_EMC_POWERSTORE |
SYSLOG + KV | 2024-11-07 View Change |
| Skybox Firewall Assurance | Firewall | SKYBOX_FIREWALL_ASSURANCE |
SYSLOG + KV | 2023-09-07 View Change |
| AWS Config | AWS Specific | AWS_CONFIG |
JSON | 2024-06-09 View Change |
| OSQuery | EDR | OSQUERY_EDR |
SYSLOG + JSON | 2024-05-01 View Change |
| IBM WebSEAL | Web server | IBM_WEBSEAL |
JSON, SYSLOG | 2024-01-22 View Change |
| Medigate IoT | IoT | MEDIGATE_IOT |
SYSLOG + JSON | 2025-01-21 View Change |
| Sangfor Proxy | Application server logs | SANGFOR_PROXY |
SYSLOG | 2025-02-18 View Change |
| Sophos Firewall (Next Gen) | Firewall | SOPHOS_FIREWALL |
KV | 2024-08-26 View Change |
| Sysdig | Security | SYSDIG |
JSON | 2025-01-16 View Change |
| FortiMail Email Security | Email Security | FORTINET_FORTIMAIL |
KV | 2023-09-06 View Change |
| Checkpoint Audit | AUDIT | CHECKPOINT_AUDIT |
SYSLOG + KV (CEF) | 2024-10-01 View Change |
| Tanium Discover | Tanium Specific | TANIUM_DISCOVER |
JSON | 2022-11-24 View Change |
| Digi modems | Switches and Routers | DIGI_MODEMS |
SYSLOG | 2023-06-26 View Change |
| Digicert | IT infrastructure | DIGICERT |
JSON | 2025-02-13 View Change |
| Delinea Distributed Engine | Application server logs | DELINEA_DISTRIBUTED_ENGINE |
SYSLOG | 2024-12-06 View Change |
| Oort Security Tool | Identity and Access Management | OORT |
JSON | 2025-01-23 View Change |
| BMC AMI Defender | Mainframe | BMC_AMI_DEFENDER |
SYSLOG | 2024-05-27 View Change |
| Digital Guardian EDR | EDR | DIGITALGUARDIAN_EDR |
KV | 2022-12-07 View Change |
| Fidelis Network | NDR | FIDELIS_NETWORK |
SYSLOG + KV, JSON | 2024-10-09 View Change |
| Cisco Internetwork Operating System | Network Infrastructure | CISCO_IOS |
SYSLOG | 2025-02-11 View Change |
| Portnox CEF | Privileged Account Activity | PORTNOX_CEF |
CEF Syslog | 2024-05-31 View Change |
| Alcatel Switch | Privileged Account Activity | ALCATEL_SWITCH |
SYSLOG | 2024-03-11 View Change |
| Cisco Umbrella Audit | Firewall and Security Management | CISCO_UMBRELLA_AUDIT |
CSV | 2024-01-10 View Change |
| Mimecast URL Logs | Email server log types. | MIMECAST_URL_LOGS |
JSON | 2025-01-16 View Change |
| Fortinet Fortimanager | Network Management and Optimization software. | FORTINET_FORTIMANAGER |
KV + SYSLOG | 2025-01-24 View Change |
| Rippling Activity Logs | ACTIVITY_LOGS | RIPPLING_ACTIVITYLOGS |
JSON | 2024-08-01 View Change |
| SentinelOne Deep Visibility | EDR | SENTINEL_DV |
JSON | 2023-09-06 View Change |
| Elastic Search | Log Aggregator | ELASTIC_SEARCH |
JSON | 2023-11-02 View Change |
| McAfee Unified Cloud Edge | SaaS Application | MCAFEE_UCE |
JSON | 2021-07-20 |
| NetApp BlueXP | Security | NETAPP_BLUEXP |
JSON | 2024-10-23 View Change |
| Team Cymru Scout Threat Intelligence | Threat Intel | TEAM_CYMRU_SCOUT_THREATINTEL |
JSON | 2024-08-22 View Change |
| Journald | Log Aggregation and SIEM Systems | JOURNALD |
JSON | 2024-11-27 View Change |
| Lacework Cloud Security | Cloud Security | LACEWORK |
JSON | 2024-11-15 View Change |
| Talon | Security | TALON |
JSON | 2023-12-21 |
| CA Privileged Access Manager | NA | BROADCOM_CA_PAM |
SYSLOG | 2024-11-07 View Change |
| Tanium Insight | Tanium Specific | TANIUM_INSIGHT |
SYSLOG + KV | 2021-03-10 |
| VanDyke SFTP | Data Transfer | VANDYKE_SFTP |
JSON, SYSLOG | 2025-02-11 View Change |
| IBM MaaS360 | Security | IBM_MAAS360 |
JSON | 2024-11-06 View Change |
| GCP_MONITORING_ALERTS | Application server logs | GCP_MONITORING_ALERTS |
JSON | 2024-07-09 View Change |
| Imperva Attack Analytics | WAF | IMPERVA_ATTACK_ANALYTICS |
KV | 2024-11-07 View Change |
| Noname API Security | Security | NONAME_API_SECURITY |
JSON | 2024-06-08 View Change |
| CA ACF2 | Mainframe | CA_ACF2 |
LEEF | 2022-05-24 View Change |
| File Scanning Framework | File scanning | FILE_SCANNING_FRAMEWORK |
JSON | 2021-09-27 |
| Terraform Enterprise Audit | IT infrastructure | TERRAFORM_ENTERPRISE |
JSON, KV, SYSLOG | 2025-02-10 View Change |
| Microsoft CASB | CASB | MICROSOFT_CASB |
SYSLOG + KV (CEF) | 2023-11-27 View Change |
| Arcsight CEF | Security log | ARCSIGHT_CEF |
CEF Syslog | 2025-01-31 View Change |
| 1Password Audit Events | Identity and Access Management | ONEPASSWORD_AUDIT_EVENTS |
JSON | 2025-02-17 View Change |
| Saviynt Enterprise Identity Cloud | Endpoints | SAVIYNT_EIP |
JSON, JSON+KV | 2023-06-05 View Change |
| Carbon Black App Control | Security log | CB_APP_CONTROL |
CEF, JSON | 2024-07-29 View Change |
| Ping Federate | Authentication | PING_FEDERATE |
CSV | 2024-11-21 View Change |
| CloudGenix SD-WAN | Switches, Routers | CLOUDGENIX_SDWAN |
SYSLOG + KV | 2022-09-08 View Change |
| Mobile Endpoint Security | Mobile Endpoint Security | LOOKOUT_MOBILE_ENDPOINT_SECURITY |
CEF | 2024-11-20 View Change |
| Veritas NetBackup | Backup software | VERITAS_NETBACKUP |
SYSLOG | 2024-01-18 View Change |
| RH-ISAC | IOC | RH_ISAC_IOC |
JSON | 2024-03-07 View Change |
| Netfilter IPtables | Firewall | NETFILTER_IPTABLES |
SYSLOG + KV | 2023-10-12 View Change |
| AWS CloudWatch | Cloud service monitoring | AWS_CLOUDWATCH |
JSON, GROK | 2025-02-22 View Change |
| Zscaler Private Access | Security Service Edge | ZSCALER_ZPA |
SYSLOG + JSON, JSON | 2025-01-20 View Change |
| Trend Micro Cloud one | Cloud Security | TRENDMICRO_CLOUDONE |
SYSLOG, JSON | 2024-04-29 View Change |
| IBM Safenet | IT infrastructure | IBM_SAFENET |
SYSLOG | 2023-05-24 View Change |
| Keeper Enterprise Security | Security | KEEPER |
JSON | 2024-12-12 View Change |
| YAMAHA ROUTER RTX1200 | Switches AND Routers | YAMAHA_ROUTER |
SYSLOG | 2024-04-19 View Change |
| TCPWave DDI | Secure ddi | TCPWAVE_DDI |
SYSLOG + JSON | 2022-09-27 View Change |
| Mobileiron | ENDPOINT MANAGEMENT | MOBILEIRON |
JSON , SYSLOG | 2024-11-07 View Change |
| UPX AntiDDoS | DDOS Mitigation | UPX_ANTIDDOS |
JSON | 2025-02-13 View Change |
| Oracle Cloud Infrastructure Audit Logs | Oracle Cloud Infrastructure | OCI_AUDIT |
JSON | 2025-01-30 View Change |
| Deep Instinct EDR | EDR | DEEP_INSTINCT_EDR |
LEEF | 2023-12-27 View Change |
| Pure Storage | Data Storage | PURE_STORAGE |
SYSLOG + KV | 2024-10-01 View Change |
| Atlassian Jira | Ticketing Application | ATLASSIAN_JIRA |
SYSLOG, JSON | 2023-12-12 View Change |
| AWS CloudFront | CDN | AWS_CLOUDFRONT |
SYSLOG, JSON | 2024-09-05 View Change |
| PingIdentity Directory Server Logs | Security | PING_DIRECTORY |
SYSLOG + KV | 2024-11-19 View Change |
| PerimeterX Bot Protection | Security | PERIMETERX_BOT_PROTECTION |
JSON | 2024-03-27 View Change |
| Cybergatekeeper NAC | Security | CYBERGATEKEEPER_NAC |
SYSLOG + KV | 2024-04-23 View Change |
| Cisco Firepower NGFW | Firewall | CISCO_FIREPOWER_FIREWALL |
SYSLOG + KV, SYSLOG + JSON, JSON, SYSLOG | 2025-1-22 View Change |
| Fortinet Switch | Switches and Routers | FORTINET_SWITCH |
KV | 2024-11-11 View Change |
| Datto File Protection | DATTO_FILE_PROTECTION | DATTO_FILE_PROTECTION |
SYSLOG | 2022-08-22 View Change |
| Suricata IDS | IDS/IPS | SURICATA_IDS |
JSON | 2024-12-03 View Change |
| Acalvio | Deception Software | ACALVIO |
SYSLOG + KV | 2020-10-13 |
| AWS ECS Metrics | Security | AWS_ECS_METRICS |
SYSLOG + KV | 2025-02-06 View Change |
| Bitdefender | AV / Endpoint | BITDEFENDER |
CSV | 2023-05-02 View Change |
| BIND | DNS | BIND_DNS |
SYSLOG | 2024-11-25 View Change |
| Cisco EStreamer | Network Monitoring | CISCO_ESTREAMER |
SYSLOG + KV | 2025-02-13 View Change |
| Nokia VitalQIP | DDI (DNS, DHCP, IPAM) | VITALQIP |
SYSLOG | 2022-03-01 |
| Azure AD Sign-In | Misc Windows Specific | AZURE_AD_SIGNIN |
JSON | 2024-10-17 View Change |
| JAMF Pro | Mac Endpoint Management System | JAMF_PRO |
SYSLOG + KV, JSON | 2024-09-11 View Change |
| Oracle Unified Directory | ORACLE OUD | ORACLE_OUD |
SYSLOG | 2023-09-11 View Change |
| Ubika Waf | WAF | UBIKA_WAF |
JSON + SYSLOG, SYSLOG | 2024-08-23 View Change |
| Azure Front Door | Web server logs | AZURE_FRONT_DOOR |
2024-12-13 View Change |
|
| Claroty Enterprise Management Console | Cyber Security | CLAROTY_EMC |
SYSLOG+KV | 2024-04-30 View Change |
| Netwrix | Web Server | NETWRIX |
JSON | 2024-05-23 View Change |
| CA Access Control | Access Management | CA_ACCESS_CONTROL |
JSON+SYSLOG, SYSLOG | 2023-07-25 View Change |
| Netapp Storagegrid | Security | NETAPP_STORAGEGRID |
SYSLOG + KV | 2024-06-15 View Change |
| NGFW Enterprise | Google Cloud Specific | GCP_NGFW_ENTERPRISE |
JSON | 2024-04-16 View Change |
| D3 Banking | BANKING | D3_BANKING |
JSON | 2022-03-23 View Change |
| Checkpoint SmartDefense | SmartDefences | CHECKPOINT_SMARTDEFENSE |
SYSLOG + CEF | 2024-07-02 View Change |
| IBM Guardium | Database DLP | GUARDIUM |
CSV, CEF, LEEF | 2025-01-28 View Change |
| Hashicorp Vault | Privileged Account Activity | HASHICORP |
JSON, SYSLOG, SYSLOG+JSON, SYSLOG+KV | 2025-01-23 View Change |
| Palo Alto Cortex XDR Events | Monitoring and Threat Detection | PAN_CORTEX_XDR_EVENTS |
JSON | 2023-12-15 View Change |
| SailPoint IdentityIQ | Identity and Access Management | SAILPOINT_IIQ |
SYSLOG | 2024-10-01 View Change |
| VeridiumID by Veridium | Authentication Software | VERIDIUM_ID |
Syslog + KV | 2024-06-19 View Change |
| Infoblox | DHCP, DNS | INFOBLOX |
SYSLOG | 2025-01-16 View Change |
| Micro Focus iManager | Network Management and Optimization | MICROFOCUS_IMANAGER |
SYSLOG | 2025-01-02 View Change |
| Cisco Stealthwatch | Log Aggregator | CISCO_STEALTHWATCH |
JSON, CEF | 2024-10-29 View Change |
| Carbon Black | EDR | CB_EDR |
JSON | 2024-07-02 View Change |
| HYPR MFA | Security SSO | HYPR_MFA |
CSV | 2024-04-26 View Change |
| Zoom Operation Logs | Operation-Specific | ZOOM_OPERATION_LOGS |
SYSLOG | 2025-01-20 View Change |
| DomainTools Threat Intelligence | Threat intelligence | DOMAINTOOLS_THREATINTEL |
JSON | 2023-12-13 View Change |
| Rubrik Polaris | Data Security | RUBRIK_POLARIS |
JSON | 2024-05-27 View Change |
| AlgoSec Security Management | Policy Management | ALGOSEC |
SYSLOG + KV (CEF) | 2022-11-27 View Change |
| InterSystems Cache | Database | INTERSYSTEMS_CACHE |
SYSLOG + KV | 2022-10-19 View Change |
| Atlassian Bitbucket | Atlassian Bitbucket | ATLASSIAN_BITBUCKET |
JSON | 2023-06-12 View Change |
| AWS Network Firewall | Firewall | AWS_NETWORK_FIREWALL |
JSON | 2024-11-28 View Change |
| Ansible AWX | Automation and DevOps Tools | ANSIBLE_AWX |
JSON | 2024-06-25 View Change |
| Cynet 360 AutoXDR | AV and endpoint logs | CYNET_360_AUTOXDR |
JSON | 2024-07-09 View Change |
| Cisco VPN | VPN | CISCO_VPN |
SYSLOG | 2025-01-30 View Change |
| Thinkst Canary | Deception Software | THINKST_CANARY |
JSON | 2025-02-04 View Change |
| Stealthbits Defend | Security System for Active Directory and File Systems. | STEALTHBITS_DEFEND |
SYSLOG + KV (LEEF, CEF) | 2022-11-17 View Change |
| AWS EC2 Instances | AWS Specific | AWS_EC2_INSTANCES |
JSON | 2024-01-31 View Change |
| WordPress | Configuration Management | WORDPRESS_CMS |
JSON | 2024-05-07 View Change |
| Avatier Password Management | SaaS Application | AVATIER |
SYSLOG + KV | 2021-08-05 |
| Proofpoint Threat Response | Email Server | PROOFPOINT_TRAP |
SYSLOG, JSON | 2025-02-20 View Change |
| OSSEC | IDS/IPS | OSSEC |
SYSLOG | 2024-04-24 View Change |
| Duo Auth | Authentication | DUO_AUTH |
JSON | 2024-11-26 View Change |
| WPEngine | Firewall log types | WPENGINE |
SYSLOG | 2025-02-11 View Change |
| Sophos Capsule8 | Container Security | SOPHOS_CAPSULE8 |
JSON | 2021-12-22 |
| Bluecat Edge DNS Resolver | DNS | BLUECAT_EDGE |
JSON, KV, SYSLOG | 2022-01-18 |
| ZScaler VPN | VPN | ZSCALER_VPN |
SYSLOG + CSV | 2023-06-08 View Change |
| Juniper Junos | Network Device | JUNIPER_JUNOS |
SYSLOG + KV | 2024-06-18 View Change |
| Oracle NetSuite | CASB | ORACLE_NETSUITE |
JSON | 2024-12-05 View Change |
| Fortinet FortiNAC | NAC | FORTINET_FORTINAC |
SYSLOG | 2022-07-08 View Change |
| Workspace Privileges | Google Cloud Specific | WORKSPACE_PRIVILEGES |
JSON | 2023-11-29 View Change |
| TrendMicro Deep Discovery Inspector | Physical and virtual network | TRENDMICRO_DDI |
SYSLOG | 2025-01-09 View Change |
| Google Cloud IAM Analysis | Google Cloud Resources Contexts | N/A |
JSON | 2023-02-27 View Change |
| Tenable Audit | Application server | TENABLE_AUDIT |
JSON | 2024-08-09 View Change |
| Tenable OT | Vulnerability Scanners | TENABLE_OT |
SYSLOG+CEF | 2024-04-29 View Change |
| Mikrotik Router | Router | MIKROTIK_ROUTER |
SYSLOG + Grok | 2025-02-07 View Change |
| Ruckus Networks | Wireless | RUCKUS_WIRELESS |
SYSLOG + KV | 2024-07-02 View Change |
| Workspace Alerts | Google Cloud Specific | WORKSPACE_ALERTS |
JSON | 2024-10-08 View Change |
| Honeyd | Deception Software | HONEYD |
SYSLOG | 2024-05-26 View Change |
| CrowdStrike Falcon Stream | Alerts | CS_STREAM |
KV (LEEF), JSON | 2025-02-14 View Change |
| Red Hat Directory Server LDAP | Identity and Access Management | REDHAT_DIRECTORY_SERVER |
JSON + SYSLOG + KV | 2024-10-24 View Change |
| Windows Applocker | Application Locker | WINDOWS_APPLOCKER |
SYSLOG + KV + JSON + XML | 2023-10-17 View Change |
| tenable.io | Vulnerability Scanner | TENABLE_IO |
JSON | 2025-02-18 View Change |
| AWS EMR | AWS Specific | AWS_EMR |
SYSLOG, SYSLOG+JSON, JSON | 2024-09-05 View Change |
| Pulse Secure | VPN | PULSE_SECURE_VPN |
SYSLOG | 2024-09-24 View Change |
| Aruba Airwave | Wireless | ARUBA_AIRWAVE |
XML | 2025-01-03 View Change |
| Dell CyberSense | Data Security | DELL_CYBERSENSE |
SYSLOG | 2025-02-13 View Change |
| Velo Firewall | FIREWALL | VELO_FIREWALL |
SYSLOG + KV | 2024-10-10 View Change |
| Ubiquiti UniFi Switch | Switch | UBIQUITI_SWITCH |
SYSLOG | 2023-11-21 View Change |
| Keycloak | Identity and Access Management | KEYCLOAK |
JSON | 2024-09-17 View Change |
| SentinelOne Singularity Cloud Funnel | EVENTS | SENTINELONE_CF |
JSON | 2024-08-02 View Change |
| Cisco Umbrella DNS | DNS | UMBRELLA_DNS |
CSV, JSON | 2025-01-08 View Change |
| AWS GuardDuty | IDS/IPS | GUARDDUTY |
JSON | 2025-02-11 View Change |
| Thales Digital Identity and Security | Digital Identity & Security | THALES_DIS |
SYSLOG | 2022-03-17 |
| Salesforce Commerce Cloud | SaaS Application | SALESFORCE_COMMERCE_CLOUD |
SYSLOG, JSON | 2024-10-03 View Change |
| Upstream Vehicle SOC Alerts | Schema | UPSTREAM_VSOC_ALERTS |
JSON | 2024-10-24 View Change |
| Zeek JSON | DNS | BRO_JSON |
JSON | 2024-05-01 View Change |
| Microsoft Dynamics 365 User Activity | Authentication logs | MICROSOFT_DYNAMICS_365 |
CSV | 2024-12-16 View Change |
| Open Policy Agent | NA | OPA |
JSON | 2025-01-16 View Change |
| Netscout | NETWORK | ARBOR_EDGE_DEFENSE |
SYSLOG + KV | 2023-02-21 View Change |
| Cloud Data Loss Prevention | Google Cloud Specific | N/A |
JSON | 2025-01-29 View Change |
| F5 Shape | Security log | F5_SHAPE |
JSON | 2024-08-20 View Change |
| Cisco UCM | Communication Manager | CISCO_UCM |
SYSLOG + KV | 2024-10-15 View Change |
| Cisco Call Manager | NETWORKING | CISCO_CALL_MANAGER |
SYSLOG | 2024-10-23 View Change |
| Tanium Question | TANIUM Logs | TANIUM_QUESTION |
JSON | 2025-01-23 View Change |
| IBM Tivoli | Monitoring | IBM_TIVOLI |
JSON, SYSLOG | 2024-03-15 View Change |
| Akeyless Vault Platform | Akeyless Vault Platform | AKEYLESS_VAULT |
KV + JSON | 2023-09-16 View Change |
| Windows Defender AV | AV / Endpoint | WINDOWS_DEFENDER_AV |
JSON, XML | 2025-02-14 View Change |
| Recorded Future | IOC | RECORDED_FUTURE_IOC |
JSON | 2021-11-17 |
| Aqua Security | IaaS Applications | AQUA_SECURITY |
JSON | 2024-10-10 View Change |
| Archer Integrated Risk Management | Risk Management Solution | ARCHER_IRM |
SYSLOG | 2024-08-27 View Change |
| Symantec DLP | DLP | SYMANTEC_DLP |
SYSLOG + KV (CEF), XML, CEF | 2025-02-04 View Change |
| Trend Micro Vision One Workbench | Schema | TRENDMICRO_VISION_ONE_WORKBENCH |
JSON | 2024-10-27 View Change |
| DigitalArts i-Filter | Web Proxy | DIGITALARTS_IFILTER |
SYSLOG | 2024-06-24 View Change |
| Airlock Digital Application Allowlisting | Application Whitelisting | AIRLOCK_DIGITAL |
SYSLOG,JSON | 2024-11-07 View Change |
| Opswat Metadefender | Threat Protection | OPSWAT_METADEFENDER |
SYSLOG + KV (CEF) | 2024-10-29 View Change |
| Palo Alto Prisma Cloud Alert payload | Cloud Security | PAN_PRISMA_CA |
JSON | 2025-01-22 View Change |
| Cloudflare WAF | Cloud Log | CLOUDFLARE_WAF |
JSON | 2025-01-31 View Change |
| Azure API Management | Schema | AZURE_API_MANAGEMENT |
JSON | 2025-01-21 View Change |
| ThreatX WAF | WAF | THREATX_WAF |
SYSLOG, JSON | 2025-01-28 View Change |
| HID DigitalPersona | Audit Log | HID_DIGITALPERSONA |
JSON, SYSLOG + KV | 2024-05-23 View Change |
| Kubernetes Audit | K8s cluster audit logs | KUBERNETES_AUDIT |
JSON | 2025-01-24 View Change |
| Infoblox DHCP | DHCP | INFOBLOX_DHCP |
SYSLOG | 2024-10-17 View Change |
| ServiceNow Security | SaaS Application | SERVICENOW_SECURITY |
JSON | 2021-05-24 |
| Microsoft Intune Context | Mobile Device Management | AZURE_MDM_INTUNE_CONTEXT |
Json | 2024-09-19 View Change |
| Ntopng | NDR | NTOPNG |
SYSLOG + JSON | 2024-02-01 View Change |
| Symantec Web Isolation | Secure Access Service Edge | SYMANTEC_WEB_ISOLATION |
JSON | 2022-07-08 View Change |
| Cisco Unity Connection | Administration and Management | CISCO_UNITY_CONNECTION |
SYSLOG + KV | 2024-10-17 View Change |
| Fluentd Logs | Log Aggregator | FLUENTD |
SYSLOG + JSON | 2023-11-29 View Change |
| Hitachi Cloud Platform | Hitachi Cloud Platform | HITACHI_CLOUD_PLATFORM |
SYSLOG | 2023-05-30 View Change |
| Open Cybersecurity Schema Framework (OCSF) | Schema | OCSF |
JSON | 2025-02-26 View Change |
| Aruba Switch | Network Infrastructure | ARUBA_SWITCH |
SYSLOG | 2024-11-14 View Change |
| McAfee MVISION CASB | CLOUD SECURITY | MCAFEE_MVISION_CASB |
KV | 2023-06-22 View Change |
| Palantir | Foundry SaaS | PALANTIR |
JSON | 2024-12-12 View Change |
| Peplink Firewall | Firewall | PEPLINK_FW |
SYSLOG + KV | 2023-08-17 View Change |
| Reserved LogType2 | LDAP | RESERVED_LOG_TYPE_2 |
JSON | 2024-12-09 View Change |
| Cisco Email Security | Email Server | CISCO_EMAIL_SECURITY |
SYSLOG + KV, JSON | 2025-01-23 View Change |
| Oracle Cloud Infrastructure VCN Flow Logs | Oracle Cloud Infrastructure | OCI_FLOW |
JSON | 2024-09-15 View Change |
| Symantec EDR | EDR | SYMANTEC_EDR |
JSON | 2022-03-31 View Change |
| Datadog | NDR | DATADOG |
JSON | 2025-02-21 View Change |
| Ops Genie | Web Proxy log types | OPS_GENIE |
JSON | 2025-02-19 View Change |
| Kubernetes Audit Azure | Log Aggregator | KUBERNETES_AUDIT_AZURE |
JSON | 2024-12-11 View Change |
| Sentinelone Alerts | Endpoint Security | SENTINELONE_ALERT |
JSON, CEF | 2024-12-09 View Change |
| Symantec Event export | SEP | SYMANTEC_EVENT_EXPORT |
JSON, SYSLOG | 2025-02-24 View Change |
| Tanium Stream | Tanium Specific | TANIUM_TH |
JSON | 2023-12-18 View Change |
| Ciena Router logs | Application server logs | CIENA_ROUTER |
SYSLOG | 2024-10-31 View Change |
| Zendesk CRM | Ticketing Applications | ZENDESK_CRM |
JSON | 2025-01-15 View Change |
| Oracle | DATABASE | ORACLE_DB |
SYSLOG + KV, SYSLOG | 2025-02-12 View Change |
| Windows Network Policy Server | Authentication | WINDOWS_NET_POLICY_SERVER |
SYSLOG, JSON, SYSLOG + XML | 2024-12-26 View Change |
| Extreme Networks Switch | Security | EXTREME_SWITCH |
SYSLOG | 2023-12-19 View Change |
| Microsoft Azure Resource | Log Aggregator | AZURE_RESOURCE_LOGS |
JSON | 2025-01-06 View Change |
| Cloud DNS | Google Cloud Specific | N/A |
JSON | 2024-12-16 View Change |
| Extreme Wireless | Network Management and Optimization software | EXTREME_WIRELESS |
SYSLOG | 2024-02-28 View Change |
| Saiwall VPN | VPN | SAIWALL_VPN |
KV | 2024-08-27 View Change |
| SonicWall | Firewall | SONIC_FIREWALL |
SYSLOG + KV | 2025-02-06 View Change |
| Zscaler DLP | Data Loss Prevention | ZSCALER_DLP |
JSON, CSV | 2024-10-24 View Change |
| Mattermost | Alerts | MATTERMOST |
JSON , SYSLOG | 2023-12-15 View Change |
| ION Spectrum | Automation | ION_SPECTRUM |
CSV | 2024-06-11 View Change |
| IBM Cloud Activity Tracker | Security Log | IBM_CLOUD_ACTIVITY_TRACKER |
JSON | 2024-09-12 View Change |
| Evision FircoSoft | Infrastructure | EVISION_FIRCOSOFT |
SYSLOG | 2023-11-22 View Change |
| EfficientIP DDI | Network | EFFICIENTIP_DDI |
SYSLOG + KV | 2024-11-07 View Change |
| Microsoft Defender For Cloud | Automation and DevOps Tools | MICROSOFT_DEFENDER_CLOUD_ALERTS |
JSON | 2024-09-11 |
| A10 Load Balancer | LOAD BALANCER | A10_LOAD_BALANCER |
SYSLOG | 2024-12-27 View Change |
| Ribbon Analytics Platform | Telephone Software | RIBBON_ANALYTICS_PLATFORM |
SYSLOG | 2022-09-09 View Change |
| AWS Lambda Function | Web Proxy log types. | AWS_LAMBDA_FUNCTION |
SYSLOG | 2025-02-19 View Change |
| Firewall Rule Logging | Google Cloud Specific | N/A |
JSON | 2024-05-01 View Change |
| Cloud SQL Context | Google Cloud Specific | GCP_SQL_CONTEXT |
JSON | 2023-07-26 View Change |
| Digital Shadows SearchLight | Threat Intelligence | DIGITAL_SHADOWS_SEARCHLIGHT |
JSON | 2022-05-02 |
| CircleCI | Automation and DevOps Tools | CIRCLECI |
CSV + JSON | 2024-12-20 View Change |
| Cisco Application Control Engine | Load Balancer, Traffic Shaper, ADC | CISCO_ACE |
SYSLOG | 2022-09-15 View Change |
| Trustwave SEC MailMarshal | Email server | MAILMARSHAL |
SYSLOG | 2023-04-06 View Change |
| Centrify | SSO | CENTRIFY_SSO |
JSON | 2022-08-10 View Change |
| Microsoft Defender Endpoint for iOS Logs | MICROSOFT_DEFENDER_ENDPOINT_IOS |
JSON | 2024-11-08 View Change |
|
| F5 BIGIP Access Policy Manager | Access Policy Manager | F5_BIGIP_APM |
SYSLOG | 2024-09-11 View Change |
| Radware Web Application Firewall | Firewall | RADWARE_FIREWALL |
SYSLOG | 2025-02-11 View Change |
| Citrix Monitor | Monitoring of DaaS | CITRIX_MONITOR |
JSON | 2022-12-06 View Change |
| Cloudflare Network Analytics | SaaS Application | CLOUDFLARE_NETWORK_ANALYTICS |
JSON | 2025-02-10 View Change |
| Tanium Comply | Tanium Specific | TANIUM_COMPLY |
JSON | 2022-08-18 View Change |
| ServiceNow Audit | SaaS Application | SERVICENOW_AUDIT |
JSON, Syslog, kv | 2025-01-15 View Change |
| F5 BIGIP LTM | Load Balancer, Traffic Shaper, ADC | F5_BIGIP_LTM |
SYSLOG, KV | 2024-12-17 View Change |
| Avanan Email Security | Email Server | AVANAN_EMAIL |
JSON | 2022-07-12 View Change |
| Awake NDR | NDR | AWAKE_NDR |
JSON | 2024-01-11 View Change |
| Forcepoint CASB | CASB | FORCEPOINT_CASB |
SYSLOG + CEF | 2022-08-23 View Change |
| Cisco Secure Workload | AV and Endpoint | CISCO_SECURE_WORKLOAD |
JSON | 2024-12-02 View Change |
| Network Policy Server | Network Policy Server | MICROSOFT_NPS |
JSON | 2024-07-24 View Change |
| Duo Activity Logs | Activity | DUO_ACTIVITY |
JSON | 2024-08-28 View Change |
| IBM Security Verify SaaS | SaaS Application | IBM_SECURITY_VERIFY_SAAS |
JSON | 2023-10-27 View Change |
| Pivotal | PaaS Application | PIVOTAL |
SYSLOG + KV | 2022-08-17 View Change |
| GCP_SWP | CLOUD | GCP_SWP |
JSON | 2024-04-15 View Change |
| IAM Context | Google Cloud Specific | N/A |
JSON | 2024-03-13 View Change |
| Lucid | Authentication log types. | LUCID |
JSON | 2024-06-19 View Change |
| Delinea PAM | Access Management | DELINEA_PAM |
SYSLOG + CSV | 2022-11-10 View Change |
| Digital Guardian DLP | DLP | DIGITALGUARDIAN_DLP |
JSON | 2023-06-02 View Change |
| Trellix HX Event Streamer | Cybersecurity | TRELLIX_HX_ES |
SYSLOG + KV | 2024-11-28 View Change |
| ZeroFox Platform | Database | ZEROFOX_PLATFORM |
JSON | 2025-01-09 View Change |
| Comodo | AV / Endpoint | COMODO_AV |
SYSLOG + KV (CEF) | 2021-04-09 |
| Cisco ASA | firewall | CISCO_ASA_FIREWALL |
SYSLOG | 2025-01-09 View Change |
| Synology | DATA STORAGE | SYNOLOGY |
SYSLOG | 2024-01-16 View Change |
| KnowBe4 PhishER | Email server log types. | KNOWBE4_PHISHER |
JSON | 2024-10-16 View Change |
| F5 Distributed Cloud Services | SaaS Applications | F5_DCS |
JSON | 2025-01-17 View Change |
| CA LDAP | Web server | CA_LDAP |
JSON | 2022-08-19 View Change |
| Linux Auditing System (AuditD) | OS | AUDITD |
SYSLOG | 2025-02-13 View Change |
| Citrix Analytics | Monitoring of DaaS | CITRIX_ANALYTICS |
JSON | 2024-06-03 View Change |
| Workday Audit Logs | Audit And Compliance | WORKDAY_AUDIT |
CSV | 2025-01-30 View Change |
| Symantec VIP Authentication Hub | VPN | SYMANTEC_VIP_AUTHHUB |
JSON | 2024-06-04 View Change |
| Barracuda Firewall | Firewall | BARRACUDA_FIREWALL |
SYSLOG | 2024-09-05 View Change |
| Phishlabs | Digital Risk Protection | PHISHLABS |
JSON | 2024-03-22 View Change |
| Passive DNS | DNS | PASSIVE_DNS |
JSON | 2021-05-19 |
| Trend Micro Deep Security | AV / Endpoint | TRENDMICRO_DEEP_SECURITY |
LEEF + CEF | 2025-01-08 View Change |
| Cequence Bot Defense | Log Aggregator | CEQUENCE_BOT_DEFENSE |
JSON | 2025-01-31 View Change |
| PAN Autofocus | IOC | PAN_IOC |
JSON | 2021-08-09 |
| Static IP | DHCP | ASSET_STATIC_IP |
CSV | 2023-06-16 View Change |
| Juniper MX Router | Routers and Switches | JUNIPER_MX |
SYSLOG + KV | 2025-01-15 View Change |
| VMware NSX | Network and Security Virtualization | VMWARE_NSX |
KV | 2024-09-25 View Change |
| Digital Shadows Indicators | IOC | DIGITAL_SHADOWS_IOC |
JSON | 2022-04-23 |
| 1Password | Identity and Access Management | ONEPASSWORD |
JSON | 2024-07-08 View Change |
| MySQL | Database | MYSQL |
SYSLOG | 2024-07-05 View Change |
| Jamf Protect Telemetry | Endpoint Security | JAMF_TELEMETRY |
JSON | 2024-05-01 View Change |
| Okta Access Gateway | OKTA specific | OKTA_ACCESS_GATEWAY |
SYSLOG + KV | 2023-02-20 View Change |
| Cisco APIC | Software-defined Networking (SDN) | CISCO_APIC |
SYSLOG | 2024-11-28 View Change |
| UKG | NA | UKG |
JSON | 2025-02-12 View Change |
| Sophos UTM | Unified Threat Management | SOPHOS_UTM |
KV | 2024-12-18 View Change |
| VMware vCenter | Server | VMWARE_VCENTER |
SYSLOG + JSON | 2024-11-14 View Change |
| IBM Informix | DATABASE | INFORMIX |
JSON + SYSLOG | 2022-02-18 |
| Cyberark Privilege Cloud | Identity & Access Management | CYBERARK_PRIVILEGE_CLOUD |
SYSLOG + KV | 2024-11-13 View Change |
| Watchguard EDR | EDR | WATCHGUARD_EDR |
JSON | 2025-01-30 View Change |
| Cloud Run | Google Cloud Specific | GCP_RUN |
JSON | 2024-01-22 View Change |
| Forcepoint NGFW | Network | FORCEPOINT_FIREWALL |
JSON | 2025-02-11 View Change |
| HPE ILO | Server Management | HPE_ILO |
SYSLOG | 2023-11-27 View Change |
| IBM AS/400 | Application System | IBM_AS400 |
SYSLOG + KV, SYSLOG + JSON | 2024-05-24 View Change |
| Fortinet FortiClient | Security | FORTINET_FORTICLIENT |
KV | 2025-01-13 View Change |
| Okta User Context | Identity and Access Management | OKTA_USER_CONTEXT |
JSON | 2025-02-07 View Change |
| ChromeOS XDR | SaaS Applications | CHROMEOS_XDR |
JSON | 2025-01-30 View Change |
| Wallix Bastion | Privileged Account Activity | WALLIX_BASTION |
SYSLOG, SYSLOG + KV | 2024-11-28 View Change |
| Zscaler Secure Private Access Audit Logs | AUDIT | ZSCALER_ZPA_AUDIT |
JSON | 2025-01-17 View Change |
| SpyCloud | AV / Endpoint | SPYCLOUD |
SYSLOG + JSON , JSON | 2024-08-13 View Change |
| NetApp SAN | Rest api | NETAPP_SAN |
SYSLOG | 2023-04-25 View Change |
| Akamai Enterprise Application Access | Enterprise Application Access | AKAMAI_EAA |
JSON | 2025-01-09 View Change |
| CrushFTP | Application server | CRUSHFTP |
SYSLOG+KV | 2025-01-23 View Change |
| ADVA Fiber Service Platform | Switches and Routers | ADVA_FSP |
SYSLOG+KV | 2023-12-18 View Change |
| Akamai SIEM Connector | Log Aggregation and SIEM Systems | AKAMAI_SIEM_CONNECTOR |
JSON | 2024-06-07 View Change |
| Bindplane Agent | Log Aggregation and SIEM Systems | BINDPLANE_AGENT |
JSON | 2024-12-27 View Change |
| Tanium Patch | Tanium Specific | TANIUM_PATCH |
JSON | 2022-02-08 |
| Compute Engine | Google Cloud Specific | GCP_COMPUTE |
JSON | 2024-06-18 View Change |
| Cloud Functions Context | Google Cloud Specific | GCP_CLOUD_FUNCTIONS_CONTEXT |
JSON | 2023-07-26 View Change |
| Dell OpenManage | Systems Management Application | DELL_OPENMANAGE |
SYSLOG + KV | 2022-07-27 View Change |
| Brocade Switch | Switches | BROCADE_SWITCH |
SYSLOG, CSV | 2024-04-15 View Change |
| Vmware Avinetworks iWAF | Server | VMWARE_AVINETWORKS_IWAF |
SYSLOG | 2025-01-31 View Change |
| Dope Security SWG | Secure Access Service Edge | DOPE_SWG |
CSV | 2023-05-18 View Change |
| TrendMicro Apex Central | Endpoint | TRENDMICRO_APEX_CENTRAL |
CEF | 2025-01-23 View Change |
| NetIQ Access Manager | Security | NETIQ_ACCESS_MANAGER |
SYSLOG + KV | 2024-12-12 View Change |
| Custom DNS | DNS | CUSTOM_DNS |
JSON | 2022-08-05 View Change |
| RSA SecurID Access Identity Router | SECURITY | RSA_SECURID |
SYSLOG + CSV | 2024-12-23 View Change |
| Active Countermeasures | Alert | AI_HUNTER |
SYSLOG | 2020-12-08 |
| Apache Hadoop | open-source software | HADOOP |
SYSLOG + KV | 2023-06-05 View Change |
| Forgerock OpenIdM | DATA SECURITY | FORGEROCK_OPENIDM |
JSON | 2025-02-13 View Change |
| CyberArk Privileged Access Manager (PAM) | CyberArk Privileged Access Manager | CYBERARK_PAM |
SYSLOG | 2025-02-06 View Change |
| Vsftpd | FTP Server | VSFTPD |
GROK | 2023-11-20 View Change |
| JumpCloud Directory Insights | CLOUD | JUMPCLOUD_DIRECTORY_INSIGHTS |
JSON | 2025-01-30 View Change |
| Proofpoint Email Filter | Email Server | PROOFPOINT_MAIL_FILTER |
KV | 2024-09-19 View Change |
| SAP SAST Suite | Security | SAP_SAST |
SYSLOG | 2023-12-28 View Change |
| Palo Alto Networks IoT Security | IoT | PAN_IOT |
SYSLOG | 2025-01-09 View Change |
| Sophos Intercept EDR | EDR logs | SOPHOS_EDR |
JSON | 2024-07-31 View Change |
| Microsoft AD | LDAP | WINDOWS_AD |
JSON | 2024-11-06 View Change |
| Atlassian Confluence | Knowledge base | ATLASSIAN_CONFLUENCE |
SYSLOG, JSON | 2024-07-05 View Change |
| Workspace Mobile Devices | Google Cloud Specific | WORKSPACE_MOBILE |
JSON | 2023-11-29 View Change |
| FireEye ETP | Email Server | FIREEYE_ETP |
JSON + SYSLOG | 2024-08-14 View Change |
| Duo Telephony Logs | Identity and Access Management | DUO_TELEPHONY |
JSON | 2023-08-24 View Change |
| Microsoft Netlogon | Authentication | MICROSOFT_NETLOGON |
SYSLOG | 2024-12-24 View Change |
| Linux DHCP | DHCP | LINUX_DHCP |
SYSLOG | 2024-09-05 View Change |
| ServiceNow CMDB | Policy Management | SERVICENOW_CMDB |
JSON | 2025-01-30 View Change |
| Amazon API Gateway | AWS-specific log types | AWS_API_GATEWAY |
JSON | 2025-02-13 View Change |
| Zscaler NSS Feeds for Alerts | Alert log types | ZSCALER_NSS_FEEDS |
JSON | 2024-10-21 View Change |
| Apache Tomcat | Web server | TOMCAT |
JSON | 2025-02-07 View Change |
| Spur data feeds | Vulnerability Management | SPUR_FEEDS |
JSON | 2024-05-10 View Change |
| Cisco CloudLock | CASB | CISCO_CLOUDLOCK_CASB |
JSON | 2021-10-04 |
| Snowflake | Database | SNOWFLAKE |
JSON, CSV | 2025-01-16 View Change |
| McAfee Enterprise Security Manager | Log Aggregator | MCAFEE_ESM |
SYSLOG + JSON | 2024-03-21 |
| Teleport Access Plane | Remote Access | TELEPORT_ACCESS_PLANE |
SYSLOG, JSON | 2025-02-19 View Change |
| pfSense | FIREWALL | PFSENSE |
SYSLOG | 2024-10-11 View Change |
| ZScaler DNS | DNS | ZSCALER_DNS |
SYSLOG + KV, JSON | 2025-02-22 View Change |
| Ergon Informatik Airlock IAM | Application Whitelisting | ERGON_INFORMATIK_AIRLOCK_IAM |
SYSLOG | 2024-08-28 View Change |
| Akamai WAF | WAF | AKAMAI_WAF |
SYSLOG | 2025-01-06 View Change |
| Azure Key Vault logging | Audit | AZURE_KEYVAULT_AUDIT |
JSON | 2025-01-30 View Change |
| NetDocuments Solutions | Threat Management Firewall | NETDOCUMENTS |
Cloud-Based Document Management System | 2024-05-06 View Change |
| Sophos DHCP | DHCP | SOPHOS_DHCP |
SYSLOG + KV | 2022-02-10 |
| AWS Route 53 DNS | AWS Specific | AWS_ROUTE_53 |
JSON + SYSLOG | 2025-02-06 View Change |
| SecureLink | Remote Access Tools | SECURELINK |
SYSLOG | 2023-09-13 View Change |
| Forseti Open Source | Google Cloud Specific | FORSETI |
JSON | 2021-12-23 |
| McAfee Web Protection | SaaS Application | MCAFEE_WEB_PROTECTION |
JSON | 2024-12-19 View Change |
| Tripwire | DLP | TRIPWIRE_FIM |
SYSLOG | 2024-11-07 View Change |
| AWS Control Tower | Identity and Access Management | AWS_CONTROL_TOWER |
JSON | 2024-03-17 View Change |
| Fortinet FortiEDR | EDR | FORTINET_FORTIEDR |
SYSLOG + KV | 2024-12-13 View Change |
| GitHub | SaaS Application | GITHUB |
JSON | 2025-02-20 View Change |
| Big Switch BigCloudFabric | Switches, Routers | BIGSWITCH_BCF |
SYSLOG | 2021-04-20 |
| Dell Switch | Switches, Routers | DELL_SWITCH |
SYSLOG | 2024-10-09 View Change |
| RSA NetWitness | PLATFORM CONFIGURATION | RSA_NETWITNESS |
SYSLOG | 2022-10-18 View Change |
| F5 ASM | WAF | F5_ASM |
SYSLOG, CSV | 2025-02-11 View Change |
| Azure VPN | VPN | AZURE_VPN |
JSON | 2024-10-11 View Change |
| Sourcefire | IDS/IPS | SOURCEFIRE_IDS |
JSON, CEF | 2024-12-23 View Change |
| VPC Flow Logs | Google Cloud Specific | GCP_VPC_FLOW |
JSON | 2024-10-24 View Change |
| IBM CICS | Service Bus | IBM_CICS |
LEEF | 2021-10-27 |
| Quest File Access Audit | Alert | QUEST_FILE_AUDIT |
JSON | 2024-01-13 View Change |
| IBM-i Operating System | I Operating System | IBM_I |
Syslog CEF | 2024-07-03 View Change |
| Signal Sciences WAF | WAF | SIGNAL_SCIENCES_WAF |
JSON | 2024-05-13 View Change |
| AWS Redshift | AWS | AWS_REDSHIFT |
JSON | 2025-02-06 View Change |
| Neo4j | Database management system | NEO4J |
JSON | 2023-12-07 View Change |
| Office 365 Message Trace | OFFICE_365 Specific | OFFICE_365_MESSAGETRACE |
JSON | 2024-06-07 View Change |
| VMware Workspace ONE | Logging and Troubleshooting | VMWARE_WORKSPACE_ONE |
SYSLOG | 2023-08-04 View Change |
| Netscout OCI | Alert log | NETSCOUT_OCI |
SYSLOG + KV | 2024-02-21 View Change |
| Darktrace | NDR | DARKTRACE |
SYSLOG + KV (CEF), SYSLOG + JSON | 2025-01-16 View Change |
| ESET AV | ESET_AV | ESET_AV |
SYSLOG + JSON | 2024-06-25 View Change |
| ESET Threat Intelligence | IOC | ESET_IOC |
JSON | 2023-10-05 View Change |
| Netskope V2 | Cloud Security | NETSKOPE_ALERT_V2 |
JSON | 2025-02-18 View Change |
| Akamai Cloud Monitor | Load Balancer, Traffic Shaper, ADC | AKAMAI_CLOUD_MONITOR |
JSON | 2023-09-16 View Change |
| Azure Application Gateway | GATEWAY | AZURE_GATEWAY |
JSON | 2025-02-24 View Change |
| Microsoft System Center Endpoint Protection | Malware Detection | MICROSOFT_SCEP |
KV | 2025-02-24 View Change |
| Cisco Switch | Switches, Routers | CISCO_SWITCH |
SYSLOG | 2025-02-18 View Change |
| Pulse Secure Virtual Traffic Manager | Traffic Shapers | PULSE_SECURE_VTM |
SYSLOG | 2023-11-03 View Change |
| Symantec VIP Gateway | Email Server | SYMANTEC_VIP |
SYSLOG | 2023-03-03 View Change |
| Kyriba Treasury Management | SaaS Application | KYRIBA |
CSV | 2021-02-24 |
| CENSYS | NDR | CENSYS |
SYSLOG + KV | 2024-02-03 View Change |
| Aruba | Wireless | ARUBA_WIRELESS |
SYSLOG | 2024-12-27 View Change |
| Fivetran | SIEM Systems | FIVETRAN |
JSON | 2024-06-24 View Change |
| Barracuda WAF | Firewall | BARRACUDA_WAF |
JSON, SYSLOG + KV | 2025-02-10 View Change |
| Microsoft Azure Activity | Misc Windows Specific | AZURE_ACTIVITY |
JSON | 2025-02-12 View Change |
| ZScaler NGFW | Firewall | ZSCALER_FIREWALL |
SYSLOG + KV (CEF), CSV | 2025-02-12 View Change |
| Proofpoint Tap Alerts | Email Server | PROOFPOINT_MAIL |
JSON + SYSLOG | 2025-02-19 View Change |
| Kubernetes Node | Kubernetes Container | KUBERNETES_NODE |
JSON | 2024-10-11 View Change |
| One Identity Identity Manager | unified identity security | ONE_IDENTITY_IDENTITY_MANAGER |
kv , SYSLOG + JSON | 2025-02-19 View Change |
| Akamai DNS | DNS | AKAMAI_DNS |
CSV, JSON | 2024-11-25 View Change |
| Stealthbits Audit | File system monitoring | STEALTHBITS_AUDIT |
JSON | 2021-11-09 |
| Symantec CloudSOC CASB | CASB | SYMANTEC_CASB |
SYSLOG + JSON, JSON | 2024-10-25 View Change |
| AWS Identity and Access Management (IAM) | AWS Specific | AWS_IAM |
JSON | 2023-12-14 View Change |
| Attivo Networks | NETWORK | ATTIVO |
SYSLOG + KV (CEF) | 2025-01-10 View Change |
| Solarwinds Kiwi Syslog Server | Security Log | SOLARWINDS_KSS |
SYSLOG + KV | 2024-06-11 View Change |
| Proofpoint CASB | CASB | PROOFPOINT_CASB |
JSON | 2024-09-07 View Change |
| Azure AD Organizational Context | LDAP | AZURE_AD_CONTEXT |
JSON | 2025-02-14 View Change |
| Vectra Detect | NDR | VECTRA_DETECT |
SYSLOG + JSON + CEF | 2025-01-16 View Change |
| Vercel WAF | Firewall log | VERCEL_WAF |
JSON | 2024-12-20 |
| Automation Anywhere | Automation Tools | AUTOMATION_ANYWHERE |
SYSLOG + KV | 2021-04-28 |
| Dell EMC Data Domain | Storage system | DELL_EMC_DATA_DOMAIN |
SYSLOG + KV | 2024-09-20 View Change |
| Zix Email Encryption | Email Server | ZIX_EMAIL_ENCRYPTION |
SYSLOG | 2024-05-10 View Change |
| Cimcor | File Integrity Monitoring | Monitoring | CIMCOR |
SYSLOG + KV | 2024-06-18 View Change |
| HPE BladeSystem C7000 | BladeSystem C7000 | HPE_BLADESYSTEM_C7000 |
SYSLOG | 2024-04-08 View Change |
| Azure Firewall | Azure Firewall Application Rule | AZURE_FIREWALL |
JSON | 2025-02-17 View Change |
| Oracle Cloud Infrastructure | Oracle Cloud Infrastructure | ORACLE_CLOUD_AUDIT |
JSON | 2023-10-30 View Change |
| Cisco AMP | AV / Endpoint | CISCO_AMP |
JSON | 2024-12-18 View Change |
| CrowdStrike Detection Monitoring | EDR | CS_DETECTS |
JSON | 2025-02-17 View Change |
| Forcepoint Mail Relay | Email Server | FORCEPOINT_MAIL_RELAY |
JSON | 2024-07-18 View Change |
| Forescout NAC | NAC | FORESCOUT_NAC |
SYSLOG, CEF | 2024-11-07 View Change |
| Juniper IPS | IDS/IPS | JUNIPER_IPS |
SYSLOG + KV | 2022-05-26 View Change |
| Office 365 | SaaS Application | OFFICE_365 |
JSON | 2025-02-25 View Change |
| Proofpoint Tap Forensics | Email Server | PROOFPOINT_TAP_FORENSICS |
JSON | 2024-11-06 View Change |
| Druva Backup | Security | DRUVA_BACKUP |
JSON | 2024-12-05 View Change |
| Hillstone Firewall | Application server logs | HILLSTONE_NGFW |
SYSLOG + KV | 2025-02-04 View Change |
| Cloudflare Warp | Data Security | CLOUDFLARE_WARP |
JSON | 2025-02-02 View Change |
| FireEye eMPS | Email server log types. | FIREEYE_EMPS |
JSON, CEF | 2024-10-29 View Change |
| Forcepoint Proxy | Web Proxy | FORCEPOINT_WEBPROXY |
SYSLOG + KV (CEF), LEEF, CSV | 2025-01-16 View Change |
| Chronicle SOAR Audit | SOAR | CHRONICLE_SOAR_AUDIT |
JSON | 2023-10-12 View Change |
| F5 DNS | DNS | F5_DNS |
SYSLOG | 2025-01-30 View Change |
| HP Linux | OS | HP_LINUX |
SYSLOG | 2025-01-21 View Change |
| Mimecast | Email Server | MIMECAST_MAIL |
KV | 2025-02-06 View Change |
| Apple macOS | AV / Endpoint | MACOS |
SYSLOG, JSON | 2024-09-18 View Change |
| Linkshadow NDR | NDR | LINKSHADOW_NDR |
SYSLOG + KV | 2025-01-16 View Change |
| AWS S3 Server Access | AWS Specific | AWS_S3_SERVER_ACCESS |
SYSLOG | 2024-11-12 View Change |
| AWS WAF | AWS Specific | AWS_WAF |
JSON | 2025-02-17 View Change |
| Proofpoint Observeit | Email Server | OBSERVEIT |
JSON, KV | 2024-12-13 View Change |
| Unix system | OS | NIX_SYSTEM |
SYSLOG, JSON | 2025-02-11 View Change |
| Workspace Users | Google Cloud Specific | WORKSPACE_USERS |
JSON | 2024-03-27 View Change |
| Cloudian hyperstore | Storage Solutions | CLOUDIAN_HYPERSTORE |
SYSLOG | 2021-05-05 |
| URLScan IO | Vulnerability scanners | URLSCAN_IO |
JSON | 2024-10-25 View Change |
| Zimperium | Mobile Device Management | ZIMPERIUM |
SYSLOG + JSON | 2025-02-11 View Change |
| COVID-19 Cyber Threat Coalition | IOC | COVID_CTC_IOC |
Value Entry | 2020-06-02 |
| Dataminr Alerts | SAAS Security Application | DATAMINR_ALERT |
JSON | 2024-02-14 View Change |
| Colinet Trotta GAUS SEGUROS | Alert | CT_GAUS_SEGUROS |
CSV | 2024-12-06 View Change |
| Voltage | Email Server | VOLTAGE |
SYSLOG | 2024-07-02 View Change |
| XAMS by Xiting | Log Aggregator | XITING_XAMS |
SYSLOG | 2024-09-26 View Change |
| Cisco Router | Switches, Routers | CISCO_ROUTER |
SYSLOG, SYSLOG+KV | 2024-12-12 View Change |
| Tanium Integrity Monitor | Tanium Specific | TANIUM_INTEGRITY_MONITOR |
JSON | 2022-10-12 View Change |
| Okera Dynamic Access Platform | Data Security | OKERA_DAP |
JSON | 2023-01-29 View Change |
| Cambium Networks | Switches and Routers Log Type | CAMBIUM_NETWORKS |
SYSLOG | 2023-07-27 View Change |
| Workspace Groups | Google Cloud Specific | WORKSPACE_GROUPS |
JSON | 2023-11-29 View Change |
| Area1 Security | Email server | AREA1 |
JSON | 2024-09-23 View Change |
| Cisco vManage SD-WAN | CASB | CISCO_SDWAN |
JSON | 2025-02-24 View Change |
| Cybereason EDR | EDR | CYBEREASON_EDR |
JSON | 2025-01-23 View Change |
| Cisco Umbrella Cloud Firewall | Firewall | UMBRELLA_FIREWALL |
CSV | 2025-01-29 View Change |
| Snyk Group level audit/issues logs | Security | SNYK_ISSUES |
JSON | 2025-02-20 View Change |
| Quest Change Auditor for EMC | Alert | QUEST_CHANGE_AUDITOR_EMC |
JSON | 2024-06-18 View Change |
| Microsoft Graph Activity Logs | AUDIT | MICROSOFT_GRAPH_ACTIVITY_LOGS |
JSON | 2024-10-08 View Change |
| Recordia | Telephone software | RECORDIA |
JSON | 2024-01-30 View Change |
| Swimlane Platform | SOAR Tools | SWIMLANE |
JSON | 2025-02-19 View Change |
| VMWare VSphere | virtualization | VMWARE_VSPHERE |
SYSLOG + CSV | 2024-10-29 View Change |
| Slack Audit | Productivity | SLACK_AUDIT |
JSON | 2023-10-27 View Change |
| Windows Local Administrator Password Solution | Local Administrator Password Solution | MICROSOFT_LAPS |
JSON | 2024-10-10 View Change |
| Vectra Stream | NDR | VECTRA_STREAM |
SYSLOG + KV + JSON | 2025-02-11 View Change |
| Avaya Aura Experience Portal | Avaya Aura Experience Portal | AVAYA_AURA |
SYSLOG | 2022-12-30 View Change |
| Sangfor Next Generation Firewall | Firewall | SANGFOR_NGAF |
SYSLOG + KV | 2024-01-31 View Change |
| McAfee DLP | DLP | MCAFEE_DLP |
CSV | 2022-04-13 View Change |
| SailPoint IAM | Identity and Access Management | SAILPOINT_IAM |
JSON | 2024-09-13 View Change |
| Cisco UCS | OS logs | CISCO_UCS |
SYSLOG | 2022-07-04 View Change |
| FireEye | Alerts | FIREEYE_ALERT |
SYSLOG + JSON, JSON, KV | 2024-10-16 View Change |
| Nucleus Unified Vulnerability Management | Nucleus Specific | NUCLEUS_VULNERABILITY |
JSON | 2021-06-30 |
| Cloudflare Audit | SaaS Application | CLOUDFLARE_AUDIT |
JSON | 2023-11-27 View Change |
| HCL BigFix | Network Management and Optimization | HCL_BIGFIX |
JSON | 2023-12-08 View Change |
| Cisco Umbrella SWG DLP | DLP | CISCO_UMBRELLA_SWG_DLP |
CSV | 2024-12-06 View Change |
| Layer7 SiteMinder | SSO | SITEMINDER_SSO |
KV+JSON, SYSLOG, JSON | 2025-02-12 View Change |
| ProFTPD | Web Server | PROFTPD |
SYSLOG | 2025-01-12 View Change |
| Workspace ChromeOS Devices | Google Cloud Specific | WORKSPACE_CHROMEOS |
JSON | 2024-12-03 View Change |
| Fortra Powertech SIEM Agent | STATUS_UPDATE | FORTRA_POWERTECH_SIEM_AGENT |
SYSLOG, CEF | 2024-04-30 View Change |
| reCAPTCHA Enterprise | Access Management | GCP_RECAPTCHA_ENTERPRISE |
JSON | 2024-02-12 View Change |
| Kaspersky AV | AV / Endpoint | KASPERSKY_AV |
KV + CEF | 2025-02-13 View Change |
| Azure SQL | Database | AZURE_SQL |
JSON | 2024-12-04 View Change |
| Ingrian Networks DataSecure Appliance | System and Audit Logs | INGRIAN_NETWORKS_DATASECURE_APPLIANCE |
Syslog | 2024-10-31 View Change |
| Oracle WebLogic Server | Web server logs | ORACLE_WEBLOGIC |
SYSLOG | 2024-10-30 View Change |
| Array Networks SSL VPN | VPN | ARRAYNETWORKS_VPN |
SYSLOG, SYSLOG + KV | 2024-05-14 View Change |
| Okta | Identity and Access Management | OKTA |
JSON | 2025-02-06 View Change |
| Microsoft PowerShell | Misc. Windows-specific | POWERSHELL |
SYSLOG + JSON, XML | 2025-01-29 View Change |
| BigQuery | Google Cloud Resources Contexts | N/A |
JSON | 2024-04-24 View Change |
| Nutanix Prism | Firewall | NUTANIX_PRISM |
JSON, SYSLOG | 2024-02-21 View Change |
| AWS RDS | Database | AWS_RDS |
SYSLOG,JSON | 2025-02-20 View Change |
| NetIQ eDirectory | Identity management deployments | NETIQ_EDIRECTORY |
Syslog, CEF | 2025-02-17 View Change |
| Cisco FireSIGHT Management Center | SaaS Application | CISCO_FIRESIGHT |
KV | 2025-02-21 View Change |
| Linux Sysmon | DNS | LINUX_SYSMON |
XML | 2024-10-22 View Change |
| ProofPoint Secure Email Relay | Email server | PROOFPOINT_SER |
JSON | 2025-01-02 View Change |
| Imperva | WAF | IMPERVA_WAF |
SYSLOG+KV, JSON | 2025-01-16 View Change |
| Ipswitch SFTP | Data Transfer | IPSWITCH_SFTP |
SYSLOG, JSON | 2022-09-05 View Change |
| Sap Business Technology Platform | SaaS Applications | SAP_BTP |
JSON | 2024-07-19 View Change |
| Google Cloud Identity Context | Identity and Access Management | CLOUD_IDENTITY_CONTEXT |
JSON | 2024-12-06 View Change |
| FortiGate | Firewall | FORTINET_FIREWALL |
JSON, SYSLOG + KV | 2025-02-24 View Change |
| Microsoft SQL Server | Database | MICROSOFT_SQL |
SYSLOG + KV, JSON, SYSLOG + JSON | 2024-11-28 View Change |
| Infoblox DNS | DNS | INFOBLOX_DNS |
SYSLOG, CEF | 2024-09-24 View Change |
| RSA | Identity and Access Management | RSA_AUTH_MANAGER |
CSV | 2024-03-13 View Change |
| Tanium Audit | SCAN NETWORK | TANIUM_AUDIT |
JSON | 2024-05-16 View Change |
| Auth0 | Authentication log | AUTH_ZERO |
JSON | 2025-01-12 View Change |
| Avigilon Access Logs | IaaS Applications | AVIGILON_ACCESS_LOGS |
XML | 2024-12-18 View Change |
| Thales Luna Hardware Security Module | THALES_LUNA_HSM specific | THALES_LUNA_HSM |
JSON/SYSLOG | 2024-11-28 View Change |
| CommVault Commcell | Alert System | COMMVAULT_COMMCELL |
KV , SYSLOG | 2024-01-24 View Change |
| ThreatLocker Platform | THREATLOCKER | THREATLOCKER |
JSON | 2023-06-18 View Change |
| NGINX | Server Management | NGINX |
JSON + SYSLOG | 2022-09-10 View Change |
| ManageEngine Reporter Plus | SaaS Application | MANAGE_ENGINE_REPORTER_PLUS |
JSON | 2022-08-29 View Change |
| Stealthbits PAM | Privileged Access Management Solution | STEALTHBITS_PAM |
CEF + KV | 2023-11-07 View Change |
| Intel Endpoint Management Assistant | Security | INTEL_EMA |
SYSLOG | 2025-02-07 View Change |
| AWS EC2 VPCs | AWS Specific | AWS_EC2_VPCS |
JSON | 2024-01-31 |
| Cisco Meraki | Wireless | CISCO_MERAKI |
SYSLOG, JSON | 2024-12-05 View Change |
| Thales MFA | Authentication | THALES_MFA |
SYSLOG + KV (CEF) | 2022-07-13 View Change |
| AWS Inspector | AWS-specific log types | AWS_INSPECTOR |
JSON, SYSLOG | 2025-02-25 View Change |
| Cloud IoT | Google Cloud Specific | GCP_CLOUDIOT |
JSON | 2022-06-06 View Change |
| Citrix Netscaler | Load Balancer, Traffic Shaper, ADC | CITRIX_NETSCALER |
SYSLOG + KV | 2025-02-13 View Change |
| Qualys VM | Vulnerability Scanner | QUALYS_VM |
KV + JSON | 2023-10-27 View Change |
| Jamf Protect Threat Events | Threat Events Stream | JAMF_THREAT_EVENTS |
JSON | 2023-03-27 View Change |
| Uptycs EDR | Endpoint detection and response | UPTYCS_EDR |
JSON | 2022-07-08 View Change |
| Azure AD | LDAP | AZURE_AD |
JSON | 2025-01-11 View Change |
| Microsoft Azure NSG Flow | Network Flow | AZURE_NSG_FLOW |
JSON | 2025-01-23 View Change |
| Cisco Prime | Network Management and Optimization | CISCO_PRIME |
SYSLOG | 2024-01-26 View Change |
| Barracuda Email | Email Server | BARRACUDA_EMAIL |
JSON | 2024-05-28 View Change |
| Intel 471 Malware Intelligence | INTEL471_MALWARE_INTEL |
JSON | 2024-11-21 View Change |
|
| CyberArk PTA Privileged Threat Analytics | AUDIT | CYBERARK_PTA |
SYSLOG + KV (CEF) | 2024-08-13 View Change |
| Fastly CDN | WAF | FASTLY_CDN |
JSON | 2025-01-10 View Change |
| Verba Recording System | Recording System | VERBA_REC |
CSV | 2024-05-24 View Change |
| Wazuh | Log Aggregator | WAZUH |
SYSLOG + JSON | 2025-01-17 View Change |
| Bitwarden Events | Password Manager | BITWARDEN_EVENTS |
JSON | 2023-11-09 View Change |
| Mongo Database | DATABASE | MONGO_DB |
JSON | 2024-04-01 View Change |
| Sophos Central | AV / Endpoint | SOPHOS_CENTRAL |
JSON | 2025-01-30 View Change |
| Zscaler Internet Access Audit Logs | Security Service Edge (SSE) | ZSCALER_INTERNET_ACCESS |
CSV, SYSLOG, JSON | 2025-01-23 View Change |
| Malwarebytes | EDR | MALWAREBYTES_EDR |
JSON | 2024-08-14 View Change |
| Juniper Software Defined Wide Area Network | SYSLOG | JUNIPER_SDWAN |
SYSLOG | 2023-07-10 View Change |
| OneLogin | SSO | ONELOGIN_SSO |
JSON | 2024-05-27 View Change |
| TINTRI | Data Security | TINTRI |
syslog | 2024-09-17 View Change |
| AWS VPN | VPN | AWS_VPN |
JSON | 2024-09-19 View Change |
| McAfee IPS | IDS/IPS | MCAFEE_IPS |
SYSLOG | 2021-04-15 |
| F5 Advanced Firewall Management | Firewall | F5_AFM |
SYSLOG + CSV | 2024-11-07 View Change |
| Security Command Center Posture Violation | Google Cloud Specific | GCP_SECURITYCENTER_POSTURE_VIOLATION |
JSON | 2025-02-07 View Change |
| Ionix | SECURITY | IONIX |
JSON | 2023-09-28 View Change |
| Armis Activities | ACTIVITIES | ARMIS_ACTIVITIES |
JSON | 2023-02-07 View Change |
| ExtraHop RevealX | Firewall IDS/IPS | EXTRAHOP |
JSON, SYSLOG | 2025-01-15 View Change |
| BMC Client Management | Security | BMC_CLIENT_MANAGEMENT |
SYSLOG | 2024-10-11 View Change |
| Proofpoint On Demand | Email Server | PROOFPOINT_ON_DEMAND |
JSON | 2025-02-19 View Change |
| Kemp Load Balancer | Load Balancer, Traffic Shaper, ADC | KEMP_LOADBALANCER |
SYSLOG + KV | 2025-01-13 View Change |
| McAfee Web Gateway | Web Proxy | MCAFEE_WEBPROXY |
SYSLOG + KV (CEF), JSON | 2025-01-30 View Change |
| CyberArk Endpoint Privilege Manager (EPM) | EPM | CYBERARK_EPM |
JSON | 2023-08-22 View Change |
| AWS VPC Flow | AWS Specific | AWS_VPC_FLOW |
SYSLOG + JSON | 2025-02-14 View Change |
| Imperva CEF | CEF | IMPERVA_CEF |
SYSLOG + KV | 2024-09-12 View Change |
| Snyk Group level audit Logs | Vulnerability Scanners | SNYK_SDLC |
JSON | 2023-04-25 View Change |
| Microsoft ATA | IDS/IPS | MICROSOFT_ATA |
SYSLOG + KV | 2024-01-29 View Change |
| STIX Threat Intelligence | Cybersecurity Threats | STIX |
SYSLOG + KV (CEF) | 2024-11-07 View Change |
| Symantec Web Security Service | Web Proxy | SYMANTEC_WSS |
JSON | 2025-02-25 View Change |
| McAfee Skyhigh CASB | CASB | MCAFEE_SKYHIGH_CASB |
SYSLOG + KV | 2023-06-17 View Change |
| Emerging Threats Pro | IOC | ET_PRO_IOC |
CSV | 2022-11-28 View Change |
| iBoss Proxy | Webproxy | IBOSS_WEBPROXY |
SYSLOG + JSON | 2023-08-22 View Change |
| Proofpoint Web Browser Isolation | ATTACK PROTECTION ISOLATION | PROOFPOINT_WEB_BROWSER_ISOLATION |
JSON | 2023-05-25 View Change |
| UpGuard | Vulnerability scanners | UPGUARD |
JSON | 2024-11-13 View Change |
| LogonBox | Authentication | LOGONBOX |
SYSLOG + KV | 2024-02-05 View Change |
| Opengear Remote Management | Secure Remote Access | OPENGEAR |
SYSLOG | 2024-09-13 View Change |
| SecureAuth | SSO | SECUREAUTH_SSO |
SYSLOG, XML | 2023-07-09 View Change |
| Security Command Center Toxic Combination | Google Cloud Specific | GCP_SECURITYCENTER_TOXIC_COMBINATION |
JSON | 2025-02-07 View Change |
| Illumio Core | Policy Management | ILLUMIO_CORE |
JSON, SYSLOG, SYSLOG+JSON and SYSLOG+CEF. | 2024-11-14 View Change |
| Rapid7 | Vulnerability Scanner | RAPID7_NEXPOSE |
JSON | 2024-05-14 View Change |
| GCP_NETWORK_CONNECTIVITY | Computer Inventory | GCP_NETWORK_CONNECTIVITY_CONTEXT |
JSON | 2023-06-13 View Change |
| Zscaler Tunnel | N/A | ZSCALER_TUNNEL |
JSON, CSV | 2024-10-17 View Change |
| Quest Active Directory | Authentication log | QUEST_AD |
CEF SYSLOG + JSON | 2024-11-07 View Change |
| Proofpoint Sendmail Sentrion | Email server | PROOFPOINT_SENDMAIL_SENTRION |
SYSLOG | 2024-06-05 View Change |
| Fastly WAF | WAF | FASTLY_WAF |
JSON | 2022-06-06 View Change |
| Corelight | NDR | CORELIGHT |
JSON | 2024-09-20 View Change |
| Ubika WAAP | WAF | UBIKA_WAAP |
SYSLOG | 2024-06-03 View Change |
| MISP Threat Intelligence | Cybersecurity | MISP_IOC |
JSON, CSV | 2025-01-29 View Change |
| Windows DNS | DNS | WINDOWS_DNS |
JSON, XML, SYSLOG + KV | 2025-02-18 View Change |
| JFrog Artifactory | DevOps | JFROG_ARTIFACTORY |
SYSLOG | 2025-02-19 View Change |
| Apache | Security | APACHE |
SYSLOG + JSON | 2025-01-09 View Change |
| Azure AD Directory Audit | Audit | AZURE_AD_AUDIT |
JSON | 2025-02-19 View Change |
| HCNET Account Adapter Plus | DHCP | HCNET_ACCOUNT_ADAPTER |
SYSLOG | 2024-11-04 View Change |
| BeyondTrust Secure Remote Access | Remote Access Tools | BEYONDTRUST_REMOTE_ACCESS |
SYSLOG + KV | 2022-09-30 View Change |
| Netskope | Cloud Security | NETSKOPE_ALERT |
JSON | 2024-08-14 View Change |
| Elastic Windows Event Log Beats | Log Aggregator | ELASTIC_WINLOGBEAT |
SYSLOG + JSON | 2024-12-23 View Change |
| ExtraHop DNS | DNS | EXTRAHOP_DNS |
JSON | 2021-12-13 |
| FireEye NX | NDR | FIREEYE_NX |
JSON, SYSLOG+KV | 2024-10-17 View Change |
| Amazon VPC Transit Gateway Flow Logs | Network | AWS_VPC_TRANSIT_GATEWAY |
JSON | 2024-11-15 View Change |
| Cloud Storage Context | Google Cloud Specific | N/A |
JSON | 2024-05-28 View Change |
| HP Procurve Switch | Switches | HP_PROCURVE |
SYSLOG | 2024-03-04 View Change |
| Advanced Intrusion Detection Environment | Alert | AIDE |
Free text | 2024-10-24 View Change |
| Comforte SecurDPS | Data loss prevention | COMFORTE_SECURDPS |
SYSLOG + KV, JSON | 2024-06-10 View Change |
| Veeam | Backup software | VEEAM |
SYSLOG | 2024-10-24 View Change |
| Precisely Ironstream IBM z/OS | ZOS | IRONSTREAM_ZOS |
JSON | 2024-11-27 View Change |
| NIMBLE OS | OS | NIMBLE_OS |
SYSLOG | 2022-07-21 View Change |
| IBM Security QRadar SIEM | Security Log | IBM_QRADAR |
SYSLOG | 2024-06-18 View Change |
| Cloud Intrusion Detection System | Google Cloud Specific | GCP_IDS |
JSON | 2024-05-01 View Change |
| Microsoft Defender for Endpoint | EDR | MICROSOFT_DEFENDER_ENDPOINT |
JSON | 2025-02-11 View Change |
| Microsoft Defender for Identity | EDR | MICROSOFT_DEFENDER_IDENTITY |
JSON | 2025-02-11 View Change |
| SAP Netweaver | Database | SAP_NETWEAVER |
JSON | 2023-05-03 View Change |
| Qumulo FS | File System | QUMULO_FS |
SYSLOG | 2024-05-09 View Change |
| Snare System Diagnostic Logs | Security | SNARE_SOLUTIONS |
SYSLOG + KV , SYSLOG + JSON | 2025-02-25 View Change |
| VMware Horizon | VDI | VMWARE_HORIZON |
SYSLOG | 2025-02-06 View Change |
| Cyolo Secure Remote Access for OT | Remote Access Tools | CYOLO_OT |
SYSLOG + KV , SYSLOG + KV + JSON | 2025-02-21 View Change |
| Forcepoint DLP | Forcepoint DLP | FORCEPOINT_DLP |
CEF | 2025-02-19 View Change |
| Imperva SecureSphere Management | Data Security / Insider Threat | IMPERVA_SECURESPHERE |
SYSLOG + KV (CEF) | 2024-04-01 View Change |
| CrowdStrike Falcon | EDR | CS_EDR |
JSON | 2025-02-25 View Change |
| Cofense | Email Server | COFENSE_TRIAGE |
SYSLOG + KV (CEF) | 2024-06-18 View Change |
| Cisco IronPort | Gateway Security | CISCO_IRONPORT |
SYSLOG + CSV | 2025-01-31 View Change |
| IBM Websphere Application Server | Web server | IBM_WEBSPHERE_APP_SERVER |
JSON, SYSLOG | 2022-01-20 |
| Seqrite Endpoint Security (EPS) | AV and endpoint logs | SEQRITE_ENDPOINT |
LEEF | 2023-03-24 View Change |
| Microsoft CyberX | IoT | CYBERX |
SYSLOG+KV | 2025-01-23 View Change |
| DNSFilter | Data Transfer | DNSFILTER |
CSV | 2023-10-27 View Change |
| Nagios Infrastructure Monitoring | NETWORK MONITORING | NAGIOS |
CSV | 2024-08-22 View Change |
| FireEye HX Audit | Audits | FIREEYE_HX_AUDIT |
XML | 2022-11-04 View Change |
| Juniper | Firewall | JUNIPER_FIREWALL |
SYSLOG + KV + JSON | 2025-02-20 View Change |
| IBM DS8000 Storage | Audit Logs | IBM_DS8000 |
Syslog, CSV | 2024-07-24 View Change |
| IBM z/OS | OS | IBM_ZOS |
LEEF | 2024-10-26 View Change |
| Tanium Asset | Tanium Specific | TANIUM_ASSET |
JSON, SYSLOG + KV | 2025-01-08 View Change |
| Akamai DataStream 2 | SaaS Applications | AKAMAI_DATASTREAM_2 |
JSON | 2025-02-17 View Change |
| Abnormal Security | Email Server | ABNORMAL_SECURITY |
JSON , SYSLOG | 2024-09-18 View Change |
| Broadcom SSL Visibility Appliance | SSL Visibility | BROADCOM_SSL_VA |
SYSLOG | 2024-06-25 View Change |
| Windows Event (XML) | AV / Endpoint | WINEVTLOG_XML |
SYSLOG + XML, KV, SYSLOG + JSON, SYSLOG + CSV | 2025-02-20 View Change |
| Snoopy Logger | Log Aggregator | SNOOPY_LOGGER |
SYSLOG | 2022-08-10 View Change |
| Armis Devices | DEVICES | ARMIS_DEVICES |
JSON | 2023-03-02 View Change |
| BeyondTrust BeyondInsight | Privileged Account Activity | BEYONDTRUST_BEYONDINSIGHT |
KV , SYSLOG + JSON | 2025-02-06 View Change |
| Cisco Wireless IPS | Cisco Wips | CISCO_WIPS |
SYSLOG + KV | 2023-11-17 View Change |
| AlphaSOC | Alert | ASOC_ALERT |
JSON | 2021-06-21 |
| ZScaler Deception | VPN | ZSCALER_DECEPTION |
JSON | 2024-07-01 View Change |
| Fortinet FortiAuthenticator | Security | FORTINET_FORTIAUTHENTICATOR |
SYSLOG + KV, KV | 2024-08-29 View Change |
| Swift Alliance Messaging Hub | Finance | SWIFT_AMH |
JSON | 2024-03-14 View Change |
| Sophos AV | AV / Endpoint | SOPHOS_AV |
CSV, JSON | 2024-08-22 View Change |
| Twingate | VPN | TWINGATE |
JSON | 2024-12-11 View Change |
| Halcyon Anti Ransomware | AV and endpoint logs | HALCYON |
JSON | 2024-10-17 View Change |
| INTEL471 Watcher Alerts | Data Security | INTEL471_WATCHER_ALERTS |
JSON | 2024-10-17 View Change |
| Check Point | Firewall | CHECKPOINT_FIREWALL |
SYSLOG + KV, JSON | 2025-02-13 View Change |
| Accellion | DLP | ACCELLION |
SYSLOG | 2022-09-30 View Change |
| OpenVPN | Network | OPEN_VPN |
SYSLOG + KV + JSON | 2024-11-27 View Change |
| Jenkins | Automation and DevOps | JENKINS |
JSON, SYSLOG | 2024-11-19 View Change |
| Imperva Database | Cloud Application and Edge Security | IMPERVA_DB |
SYSLOG, SYSLOG+JSON | 2025-02-19 View Change |
| Aware Signals | SaaS Applications | AWARE_SIGNALS |
JSON | 2025-02-07 View Change |
| Preempt Alert | Identity and Access Management | PREEMPT |
SYSLOG + KV (CEF) | 2022-06-22 View Change |
| ReviveSec | Application server logs | REVIVESEC |
SYSLOG | 2025-02-25 View Change |
| McAfee ePolicy Orchestrator | Policy Management | MCAFEE_EPO |
SYSLOG + XML, CSV, KV, JSON | 2024-11-20 View Change |
| AWS Security Hub | IDS/IPS | AWS_SECURITY_HUB |
JSON | 2025-02-18 View Change |
| BeyondTrust | Privilege Account Activity | BOMGAR |
SYSLOG | 2024-01-12 View Change |
| LastPass Password Management | Identity and Access Management | LASTPASS |
JSON | 2024-03-22 View Change |
| Openpath | AV / Endpoint | OPENPATH |
SYSLOG | 2023-11-08 View Change |
| Salesforce | SaaS Application | SALESFORCE |
KV (LEEF), CSV | 2025-01-30 View Change |
| Snipe-IT | SaaS Applications | SNIPE_IT |
JSON | 2025-02-12 View Change |
| Shrubbery TACACS+ | NETWORK MANAGEMENT | SHRUBBERY_TACACS |
SYSLOG + KV | 2022-11-08 View Change |
| IBM Security QRadar SOAR | Security | IBM_SOAR |
SYSLOG + KV | 2024-10-08 View Change |
| Fortinet Web Application Firewall | WEB | FORTINET_FORTIWEB |
KV | 2025-02-06 View Change |
| WatchGuard | Syslog and KV | WATCHGUARD |
JSON | 2025-01-07 View Change |
| Dell EMC Isilon NAS | Storage | DELL_EMC_NAS |
SYSLOG | 2023-07-21 View Change |
| Security Command Center Threat | Google Cloud Specific | N/A |
JSON | 2025-02-07 View Change |
| Code42 Incydr | Data loss prevention (DLP) | CODE42_INCYDR |
JSON | 2024-12-10 View Change |
| Lenel Onguard Badge Management | Access Control System | LENEL_ONGUARD |
JSON | 2024-11-14 View Change |
| Custom Security Data Analytics | Log Aggregation | CUSTOM_SECURITY_DATA_ANALYTICS |
JSON | 2022-07-08 View Change |
| Microsoft IIS | Web Server | IIS |
SYSLOG + KV, JSON , XML | 2025-01-27 View Change |
| Onfido | Authentication | ONFIDO |
SYSLOG + JSON | 2023-03-10 View Change |
| ManageEngine ADManager Plus | Miscellaneous Windows-specific log types. | ADMANAGER_PLUS |
KV | 2025-02-17 View Change |
| Net Suite | WAF | NET_SUITE |
kv | 2023-08-02 View Change |
| Shibboleth IDP | Identity and Access Management | SHIBBOLETH_IDP |
SYSLOG, JSON | 2024-11-14 View Change |
| Resource Manager Context | Google Cloud Specific | GCP_RESOURCE_MANAGER_CONTEXT |
JSON | 2023-07-26 View Change |
| Workday | SaaS Application | WORKDAY |
JSON, CSV | 2024-06-25 View Change |
| Cloud Audit Logs | Google Cloud Specific | N/A |
JSON | 2025-01-27 View Change |
| Azure Cosmos DB | Database | AZURE_COSMOS_DB |
JSON | 2025-01-16 View Change |
| Microsoft Exchange | Email Server | EXCHANGE_MAIL |
SYSLOG | 2024-08-06 View Change |
| AWS Session Manager | AWS Specific | AWS_SESSION_MANAGER |
SYSLOG | 2023-06-14 View Change |
| HPE Aruba Networking Central | Data Security | ARUBA_CENTRAL |
SYSLOG | 2024-12-05 View Change |
| Broadcom Support Portal Audit Logs | Security | BROADCOM_SUPPORT_PORTAL |
SYSLOG + KV | 2025-01-29 View Change |
| Silverfort Authentication Platform | Identity and Access Management | SILVERFORT |
CEF SYSLOG | 2023-12-11 View Change |
| Trustwave webmarshal | Proxy Server | WEBMARSHAL |
SYSLOG + CSV | 2023-05-04 View Change |
| Cisco ISE | Identity and Access Management | CISCO_ISE |
SYSLOG | 2025-02-19 View Change |
| Opnsense | Firewall and Routing Platform | OPNSENSE |
Syslog, Syslog + CSV | 2025-02-18 View Change |
| Trend Micro | SMS, UNITY_ONE | TIPPING_POINT |
SYSLOG | 2025-01-09 View Change |
| UberAgent | Security | UBERAGENT |
CSV | 2024-12-29 View Change |
| CommVault | Alert System | COMMVAULT |
KV , SYSLOG | 2025-02-20 View Change |
| Pharos | NA | PHAROS |
JSON | 2025-02-18 |
| Island Browser logs | Web Browser | ISLAND_BROWSER |
JSON | 2024-05-20 View Change |
| Tanium Reveal | Tanium Specific | TANIUM_REVEAL |
JSON | 2021-11-15 |
| Nasuni File Services Platform | Data Transfer | NASUNI_FILE_SERVICES |
SYSLOG + JSON | 2022-08-21 View Change |
| AWS Macie | AWS-specific logs | AWS_MACIE |
JSON | 2022-08-08 View Change |
| Fortinet FortiDDoS | Network | FORTINET_FORTIDDOS |
KV | 2025-01-10 View Change |
| Entrust nShield HSM | Hardware Security Module | ENTRUST_HSM |
SYSLOG | 2024-10-15 View Change |
| Kiteworks | Network | KITEWORKS |
SYSLOG, CSV | 2023-11-10 View Change |
| Snort | IDS/IPS | SNORT_IDS |
SYSLOG + JSON | 2024-12-04 View Change |
| Stormshield Firewall | FIREWALL | STORMSHIELD_FIREWALL |
SYSLOG + KV | 2023-06-29 View Change |
| Nyansa Events | IoT | NYANSA_EVENTS |
SYSLOG + KV | 2023-03-01 View Change |
| Compute Context | Google Cloud Specific | N/A |
JSON | 2024-01-27 View Change |
| Chrome Management | Browser | N/A |
JSON | 2024-10-11 View Change |
| Kolide Endpoint Security | Security | KOLIDE |
JSON | 2025-01-29 View Change |
| F5 Silverline | Application | F5_SILVERLINE |
SYSLOG, SYSLOG + KV , JSON | 2024-08-12 View Change |
| Centripetal Networks IOC | IOC | CENTRIPETAL_IOC |
SYSLOG + KV | 2022-01-06 |
| Apache Cassandra | Web server | CASSANDRA |
JSON | 2022-04-13 View Change |
| Cyber 2.0 IDS | IDS | CYBER_2_IDS |
SYSLOG+JSON | 2024-11-28 View Change |
| Red Hat OpenShift | Kubernetes Container | REDHAT_OPENSHIFT |
SYSLOG | 2024-12-12 View Change |
| Venafi ZTPKI | AV and Endpoint logs | VENAFI_ZTPKI |
SYSLOG , JSON | 2024-12-20 View Change |
| SEPPmail Secure Email | email encryption and signature solutions | SEPPMAIL |
SYSLOG + KV | 2024-06-04 View Change |
| GMAIL Logs | Google Cloud Specific | GMAIL_LOGS |
JSON | 2024-05-10 View Change |
| KerioControl Firewall | Threat Management Firewall | KERIOCONTROL |
SYSLOG | 2024-02-28 View Change |
| Trend Micro Apex one | Endpoint Security | TRENDMICRO_APEX_ONE |
SYSLOG + KV | 2024-09-05 View Change |
| Kisi Access Management | Physical Security | KISI |
JSON | 2023-06-14 View Change |
| CyberArk | Privilege Account Management | CYBERARK |
KV (CEF) | 2024-06-14 View Change |
| VMware AirWatch | Wireless | AIRWATCH |
SYSLOG + KV | 2025-02-11 View Change |
| Armis Vulnerabilities | VULNERABILITIES | ARMIS_VULNERABILITIES |
JSON | 2023-02-07 View Change |
| Neosec | Security | NEOSEC |
JSON | 2023-07-31 View Change |
| Mandiant Custom IOC | IOC | MANDIANT_CUSTOM_IOC |
JSON | 2023-12-19 View Change |
| Claroty Continuous Threat Detection | IoT | CLAROTY_CTD |
KV | 2024-12-04 View Change |
| Duo User Context | Identity and Access Management | DUO_USER_CONTEXT |
JSON | 2024-05-31 View Change |
| Palo Alto Networks Traps | EDR | PAN_EDR |
CSV + KV | 2022-08-22 View Change |
| TeamViewer | Remote Support | TEAMVIEWER |
JSON | 2024-10-30 View Change |
| Netscout Arbor Sightline | Monitoring | ARBOR_SIGHTLINE |
SYSLOG + JSON | 2024-04-22 View Change |
| Remediant SecureONE | Privileged Account Activity | REMEDIANT_SECUREONE |
SYSLOG + JSON | 2024-12-12 View Change |
| Netskope Web Proxy | Web Proxy | NETSKOPE_WEBPROXY |
SYSLOG, SYSLOG+JSON, JSON | 2024-06-21 View Change |
| Palo Alto Cortex XDR Alerts | NDR | CORTEX_XDR |
JSON, SYSLOG + KV | 2025-02-24 View Change |
| GCP_APP_ENGINE | Cloud Computing | GCP_APP_ENGINE |
JSON and KV | 2024-08-01 View Change |
| Cloud Identity Device Users | Google Cloud Specific | GCP_CLOUDIDENTITY_DEVICEUSERS |
JSON | 2022-10-01 View Change |
| OpenSSH | Logging and Troubleshooting | OPENSSH |
SYSLOG | 2024-01-23 View Change |
| Microsoft AD FS | LDAP | ADFS |
JSON | 2025-02-20 View Change |
| BeyondTrust Privileged Identity | Privilege Account Activity | BEYONDTRUST_PI |
SYSLOG | 2024-08-19 View Change |
| AWS Key Management Service | AWS Specific | AWS_KMS |
JSON | 2022-05-27 View Change |
| Cisco WLC/WCS | Wireless | CISCO_WIRELESS |
SYSLOG | 2024-09-25 View Change |
| Oracle Fusion | SaaS Application | ORACLE_FUSION |
JSON | 2024-10-18 View Change |
| Splunk Platform | Security log | SPLUNK |
JSON | 2024-05-01 View Change |
| Arista Switch | Switches | ARISTA_SWITCH |
JSON+SYSLOG | 2024-06-07 View Change |
| Cisco Web Services Manager | CISCO_WSM | CISCO_WSM |
SYSLOG | 2023-10-05 View Change |
| Open LDAP | LDAP | OPENLDAP |
SYSLOG | 2025-02-14 View Change |
| Bluecat DDI | DDI (DNS, DHCP, IPAM) | BLUECAT_DDI |
SYSLOG | 2022-11-08 View Change |
| Microsoft Graph API Alerts | Gateway to data and intelligence | MICROSOFT_GRAPH_ALERT |
JSON | 2025-01-06 View Change |
| Privacy-I | NA | PRIVACY_I |
CSV + KV | 2025-02-17 View Change |
| CipherTrust Manager | CIPHERTRUST_MANAGER |
SYSLOG + CEF + JSON | 2024-06-24 View Change |
|
| Looker Audit | CASB | LOOKER_AUDIT |
JSON | 2025-02-04 View Change |
| Nozomi Networks Scada Guardian | Network Monitoring | NOZOMI_GUARDIAN |
CEF and JSON | 2025-01-30 View Change |
| Workspace Activities | Google Cloud Specific | WORKSPACE_ACTIVITY |
JSON | 2024-11-22 View Change |
| Atlassian Cloud Admin Audit | Audit | ATLASSIAN_AUDIT |
JSON | 2025-01-09 View Change |
| Fortinet Proxy | Storage | FORTINET_WEBPROXY |
SYSLOG + KV | 2025-01-07 |
| Azion | Firewall | AZION |
JSON | 2023-09-30 View Change |
| BMC Helix Discovery | bmc helix discovery | BMC_HELIX_DISCOVERY |
SYSLOG | 2022-08-29 View Change |
| Cisco Vision Dynamic Signage Director | Content and Delivery Management | CISCO_STADIUMVISION |
SYSLOG, SYSLOG+KV | 2023-05-12 View Change |
| AWS EC2 Hosts | AWS Specific | AWS_EC2_HOSTS |
JSON | 2024-01-31 View Change |
| Riverbed Steelhead | Network Management and Optimization | STEELHEAD |
JSON , SYSLOG | 2024-06-11 View Change |
| Squid Web Proxy | Web Proxy | SQUID_WEBPROXY |
SYSLOG | 2024-11-04 View Change |
| SAP SuccessFactors | Audit Log | SAP_SUCCESSFACTORS |
CSV | 2024-05-22 View Change |
| Ping Identity | Authentication | PING |
JSON, SYSLOG + KV | 2024-11-27 View Change |
| Cloud SQL | Google Cloud Specific | GCP_CLOUDSQL |
JSON | 2024-09-27 View Change |
| Barracuda CloudGen Firewall | SaaS Applications | BARRACUDA_CLOUDGEN_FIREWALL |
Syslog | 2025-02-10 View Change |
| Blue Coat Proxy | Web Proxy | BLUECOAT_WEBPROXY |
SYSLOG + JSON, SYSLOG + KV, KV | 2025-02-19 View Change |
| Passwordstate | below is a catch all for tokens, phones, groups, and endpoints | PASSWORDSTATE |
SYSLOG | 2024-06-28 View Change |
| Cisco Firewall Services Module | Firewall | CISCO_FWSM |
SYSLOG | 2023-05-05 View Change |
| Crowdstrike IOC | IOC | CROWDSTRIKE_IOC |
JSON | 2023-08-23 View Change |
| F5 VPN | VPN | F5_VPN |
SYSLOG, KV | 2024-10-23 View Change |
| LimaCharlie | EDR | LIMACHARLIE_EDR |
JSON | 2023-08-07 |
| Oracle Cloud Guard | Cloud | OCI_CLOUDGUARD |
JSON | 2025-02-06 View Change |
| IBM Tape Storages | Monitoring | IBM_LTO |
Syslog | 2024-05-02 View Change |
| Trend Micro Email Security Advanced | Email Security | TRENDMICRO_EMAIL_SECURITY |
CEF | 2025-02-20 View Change |
| Tableau | Web server | TABLEAU |
JSON, KV, SYSLOG | 2024-12-19 View Change |
| Windows Event | Endpoint | WINEVTLOG |
JSON,XML,SYSLOG+KV,SYSLOG+JSON,SYSLOG+XML | 2025-02-24 View Change |
| Unifi AP | Switches and Routers | UNIFI_AP |
SYSLOG + KV, SYSLOG + JSON | 2024-03-22 View Change |
| Aruba EdgeConnect SD-WAN | Network Security | ARUBA_EDGECONNECT_SDWAN |
SYSLOG + CSV | 2024-06-10 View Change |
| Microsoft Intune | Mobile Device Management | AZURE_MDM_INTUNE |
JSON | 2024-04-10 View Change |
| Azure Storage Audit | Storage | AZURE_STORAGE_AUDIT |
JSON | 2024-12-12 View Change |
| Gitlab | SAAS | GITLAB |
JSON,SYSLOG + JSON | 2025-01-22 View Change |
| Fortinet | DHCP | FORTINET_DHCP |
KV | 2022-11-21 View Change |
| Harness IO | Automation and DevOps Tools | HARNESS_IO |
JSON | 2025-02-05 View Change |
| macOS Endpoint Security | AV and endpoint logs | MACOS_ENDPOINT_SECURITY |
SYSLOG + KV | 2023-07-17 View Change |
| Dell ECS Enterprise Object Storage | ECS | DELL_ECS |
SYSLOG | 2024-03-18 View Change |
| Claroty Xdome | SaaS Applications | CLAROTY_XDOME |
SYSLOG , JSON , KV | 2025-01-29 View Change |
| ManageEngine AD360 | Identity and Access Management | MANAGE_ENGINE_AD360 |
SYSLOG + KV | 2022-09-16 View Change |
| Custom Application Access Logs | Security | CUSTOM_APPLICATION_ACCESS |
JSON | 2025-02-07 View Change |
| ForgeRock OpenDJ | LDAP | OPENDJ |
SYSLOG + KV | 2020-10-01 |
| IBM Security Identity Manager | Security | IBM_SIM |
JSON + KV | 2024-03-11 View Change |
| SiteMinder Web Access Management | SSO | CA_SSO_WEB |
JSON, SYSLOG | 2024-06-25 View Change |
| GCP_KUBERNETES_CONTEXT | Computer Inventory | GCP_KUBERNETES_CONTEXT |
JSON | 2023-11-01 View Change |
| Juniper Mist | Network Management and Optimization software | JUNIPER_MIST |
JSON | 2024-11-14 View Change |
| Box | Collaboration | BOX |
JSON | 2024-03-11 View Change |
| GMV Checker ATM Security | ATM Audit | GMV_CHECKER |
SYSLOG, SYSLOG + KV | 2024-08-27 View Change |
| ForgeRock OpenAM | Identity and Access Management | OPENAM |
CSV, SYSLOG + KV | 2024-11-28 View Change |
| SOTI MobiControl | Mobile Device Management | SOTI_MOBICONTROL |
SYSLOG | 2023-09-08 View Change |
| Zeek TSV | Format Specific | BRO_TSV |
SYSLOG + TSV | 2024-05-17 View Change |
| Versa Firewall | FIREWALL | VERSA_FIREWALL |
SYSLOG + KV | 2024-06-03 View Change |
| VMware vRealize Suite (VMware Aria) | Cloud | VMWARE_VREALIZE |
SYSLOG | 2023-06-25 View Change |
| Cisco Umbrella IP | Web Proxy | UMBRELLA_IP |
SYSLOG | 2022-08-22 View Change |
| Metabase | Data Security | METABASE |
JSON | 2025-02-05 View Change |
| Zscaler | Web Proxy | ZSCALER_WEBPROXY |
SYSLOG + KV, CSV | 2025-02-13 View Change |
| Smartsheet | CASB | SMARTSHEET |
JSON | 2024-12-16 View Change |
| Sentry | Data Security | SENTRY |
JSON | 2025-01-16 View Change |
| Kea DHCP | DHCP | KEA_DHCP |
SYSLOG | 2022-03-22 View Change |
| Ordr IoT | IoT | ORDR_IOT |
SYSLOG + JSON | 2024-03-05 View Change |
| IBM DB2 | Database | DB2_DB |
LEEF | 2024-09-25 View Change |
| Red Canary | EDR | REDCANARY_EDR |
JSON | 2022-09-15 View Change |
| Onapsis | SAP | ONAPSIS |
JSON , SYSLOG , KV | 2023-12-08 View Change |
| BloxOne Threat Defense | DNS | BLOXONE |
SYSLOG + JSON | 2025-01-07 View Change |
| ESET | EDR | ESET_EDR |
SYSLOG + JSON | 2024-04-08 View Change |
| Azure WAF | Log Aggregator | AZURE_WAF |
JSON | 2024-08-22 View Change |
| Splunk Attack Analyzer | CLOUD SECURITY | SPLUNK_ATTACK_ANALYZER |
JSON | 2024-08-05 View Change |
| Vectra Alerts | Content Management Software | VECTRA_ALERTS |
JSON | 2025-02-18 View Change |
| Zywall | Network infrastructure | ZYWALL |
KV | 2024-08-29 View Change |
| Solaris system | OS | SOLARIS_SYSTEM |
SYSLOG | 2024-12-29 View Change |
| Sonrai Enterprise Cloud Security Solution | Cloud Security Solution | SONRAI |
JSON | 2024-06-13 View Change |
| Elastic Packet Beats | Log Aggregator | ELASTIC_PACKETBEATS |
SYSLOG + JSON , JSON | 2025-02-13 View Change |
| Cisco Umbrella Web Proxy | Web Proxy | UMBRELLA_WEBPROXY |
CSV | 2025-01-15 View Change |
| Apigee | Google Cloud Specific | GCP_APIGEE |
JSON | 2021-11-02 |
| Trend Micro Vision One | AV and endpoint logs | TRENDMICRO_VISION_ONE |
SYSLOG + KV, CEF, JSON | 2025-02-11 View Change |
| Asset Panda | SaaS Applications | ASSET_PANDA |
JSON | 2025-02-04 View Change |
| CIS Albert Alerts | Alerts | CIS_ALBERT_ALERT |
SYSLOG | 2022-10-10 View Change |
| Check Point Harmony | Remote Access Tools | CHECKPOINT_HARMONY |
SYSLOG+KV | 2025-01-08 View Change |
| Rubrik | Backup software | RUBRIK |
SYSLOG | 2025-01-22 View Change |
| Nucleus Asset Metadata | Nucleus Specific | NUCLEUS_ASSET |
JSON | 2021-08-05 |
| Microsoft Sentinel | Microsoft Sentinel | MICROSOFT_SENTINEL |
JSON | 2025-02-03 View Change |
| Preempt Auth | Identity and Access Management | PREEMPT_AUTH |
SYSLOG + JSON | 2021-06-16 |
| GitGuardian Enterprise | SaaS Applications | GITGUARDIAN_ENTERPRISE |
JSON | 2024-10-16 View Change |
| Azure App Service | SAAS | AZURE_APP_SERVICE |
JSON | 2024-10-18 View Change |
| Cisco PIX Firewall | Firewall | CISCO_PIX_FIREWALL |
SYSLOG | 2023-05-23 View Change |
| AMD Pensando DSS Firewall | Firewall | AMD_DSS_FIREWALL |
SYSLOG + CSV | 2023-05-08 View Change |
| Guardicore Centra | Deception Software | GUARDICORE_CENTRA |
JSON | 2024-12-04 View Change |
| Sendmail | Email Server | SENDMAIL |
SYSLOG + KV | 2023-09-20 View Change |
| Tines | Data Security | TINES |
JSON | 2024-10-01 View Change |
| Windows Hyper-V | Virtualization Software | WINDOWS_HYPERV |
JSON | 2023-10-09 View Change |
| Unbound DNS | DNS | UNBOUND_DNS |
SYSLOG | 2020-06-09 |
| CloudM | Identity and Access Management | CLOUDM |
JSON | 2022-06-09 View Change |
| Windows DHCP | DHCP | WINDOWS_DHCP |
JSON, SYSLOG, CSV | 2025-02-20 View Change |
| FireEye PX | Firewall | FIREEYE_PX |
JSON | 2024-01-05 View Change |
| FireEye HX | EDR | FIREEYE_HX |
JSON | 2024-12-12 View Change |
| Windows Sysmon | DNS | WINDOWS_SYSMON |
JSON, XML | 2025-02-25 View Change |
| Tenable CSPM | Cloud Security | TENABLE_CSPM |
JSON | 2025-02-17 View Change |
| Absolute Mobile Device Management | Mobile Device Management | ABSOLUTE |
SYSLOG + KV (CEF) | 2024-12-03 View Change |
| Forcepoint Email Security | Email Server | FORCEPOINT_EMAILSECURITY |
JSON | 2024-08-22 View Change |
| Armis Alerts | ALERTS | ARMIS_ALERTS |
JSON | 2023-02-07 View Change |
| ForgeRock Identity Cloud | Cloud Security | FORGEROCK_IDENTITY_CLOUD |
JSON | 2024-03-11 View Change |
| Cohesity | Backup Software | COHESITY |
SYSLOG | 2024-09-24 View Change |
| Jamf Protect Alerts | Endpoint Security | JAMF_PROTECT |
JSON | 2024-10-08 View Change |
| ISC DHCP | DHCP | ISC_DHCP |
JSON + SYSLOG + KV | 2024-11-27 View Change |
| Palo Alto Prisma Access | Cloud Security | PAN_CASB |
JSON, SYSLOG + CSV | 2025-02-19 View Change |
| Workday User Activity | N/A | WORKDAY_USER_ACTIVITY |
SYSLOG + JSON , JSON | 2025-02-20 View Change |
| Radware Alteon | Load Balancer | RADWARE_ALTEON |
SYSLOG | 2024-06-21 View Change |
| Imperva Audit Trail | IT infrastructure | IMPERVA_AUDIT_TRAIL |
JSON, SYSLOG | 2024-10-10 View Change |
| Tenable Active Directory Security | Tenable Active Directory Security | TENABLE_ADS |
SYSLOG | 2025-01-23 View Change |
| Orca Cloud Security Platform | IDS/IPS log types | ORCA |
JSON | 2025-02-06 View Change |
| Thales Vormetric | Encryption | VORMETRIC |
SYSLOG | 2024-08-05 View Change |
| HP Aruba (ClearPass) | Identity and Access Management | CLEARPASS |
SYSLOG + KV | 2024-09-12 View Change |
| Winscp | Data Transfer | WINSCP |
SYSLOG, CSV | 2024-05-22 View Change |
| Suricata EVE | IPS IDS | SURICATA_EVE |
JSON | 2025-01-09 View Change |
| Department of Homeland Security | Threat detection | DHS_IOC |
XML | 2023-07-31 View Change |
| Strong Swan VPN | VPN | STRONGSWAN_VPN |
JSON | 2023-05-25 View Change |
| IBM Security Access Manager | WAF | IBM_SAM |
SYSLOG | 2024-11-19 View Change |
| Cloud Load Balancing | Google Cloud Specific | GCP_LOADBALANCING |
JSON | 2024-07-19 View Change |
| Cloud NAT | Google Cloud Specific | N/A |
JSON | 2024-05-01 View Change |
| wiz.io | Identity and Access Management | WIZ_IO |
JSON | 2024-03-04 View Change |
| Maria Database | Databbase | MARIA_DB |
SYSLOG | 2024-12-03 View Change |
| Elastic Audit Beats | ALERTING | ELASTIC_AUDITBEAT |
JSON | 2024-12-10 View Change |
| Infoblox RPZ | RPZ | INFOBLOX_RPZ |
SYSLOG | 2024-02-13 View Change |
| Tenable Security Center | Vulnerability Scanner | TENABLE_SC |
SYSLOG | 2024-11-21 View Change |
| Ping One | NA | PING_ONE |
JSON | 2024-12-05 View Change |
| Cato Networks | NDR | CATO_NETWORKS |
JSON | 2025-02-05 View Change |
| CoSoSys Protector | Endpoint Detection | ENDPOINT_PROTECTOR_DLP |
SYSLOG + KV | 2023-04-17 View Change |
| DMP | Physical Security | DMP_ENTRE |
SYSLOG | 2020-09-23 |
| Imperva FlexProtect | Cloud App & Network Security | IMPERVA_FLEXPROTECT |
CEF + KV | 2023-08-28 View Change |
| Kaspersky Endpoint | Security | KASPERSKY_ENDPOINT |
SYSLOG | 2025-02-12 View Change |
| Samba SMBD | Privileged Account Activity | SMBD |
Syslog | 2023-03-09 View Change |
| Semperis DSP | LDAP | SEMPERIS_DSP |
SYSLOG | 2024-05-03 View Change |
| NetApp ONTAP | Rest api | NETAPP_ONTAP |
SYSLOG | 2024-08-29 View Change |
| Qualys Scan | Vulnerability scanner | QUALYS_SCAN |
JSON | 2023-04-21 View Change |
| Netwrix StealthAudit | N/A | NETWRIX_STEALTHAUDIT |
SYSLOG + KV | 2025-01-20 View Change |
| AWS Cloudtrail | Cloud Log Aggregator | AWS_CLOUDTRAIL |
JSON | 2025-02-20 View Change |
| IBM Security Verify | Endpoint Security | IBM_SECURITY_VERIFY |
SYSLOG,SYSLOG+XML | 2024-05-13 View Change |
| FireEye NX Audit | AUDIT | FIREEYE_NX_AUDIT |
Syslog | 2024-05-01 View Change |
| Imperva Advanced Bot Protection | Bot Protection | IMPERVA_ABP |
JSON | 2024-12-05 View Change |
| Desynova Contido | Switches | DESYNOVA_CONTIDO |
SYSLOG + JSON | 2023-09-19 View Change |
| VMware ESXi | Hypervisor | VMWARE_ESX |
SYSLOG, JSON | 2025-02-11 View Change |
| AIX system | OS | AIX_SYSTEM |
SYSLOG | 2025-02-16 View Change |
| HAProxy | Load balancing | HAPROXY |
SYSLOG | 2024-08-23 View Change |
| Duo Entity context data | Identity and Access Management | DUO_CONTEXT |
JSON | 2022-03-14 |
| Cisco DNA Center Platform | Network Management and Optimization | CISCO_DNAC |
SYSLOG+JSON | 2024-11-28 View Change |
| Sonicwall Secure Mobile Access | Authentication | SONICWALL_SMA |
SYSLOG + KV | 2024-03-28 View Change |
| Apigee | Google Cloud Specific | GCP_APIGEE_X |
JSON | 2024-10-16 View Change |
| Tetragon Ebpf Audit Logs | OS | TETRAGON_EBPF_AUDIT_LOGS |
JSON | 2024-03-15 View Change |
| Cisco CTS | Telephone Software | CISCO_CTS |
SYSLOG + KV | 2021-05-20 |
| Azure DevOps Audit | Automation and DevOps Tools | AZURE_DEVOPS |
JSON | 2024-01-19 View Change |
| TrendMicro Web Proxy | Web Proxy | TRENDMICRO_WEBPROXY |
SYSLOG + KV | 2024-03-26 View Change |
| Barracuda Web Filter | Webfilter | BARRACUDA_WEBFILTER |
SYSLOG | 2024-11-14 View Change |
| BeyondTrust Endpoint Privilege Management | Privileged Account Activity | BEYONDTRUST_ENDPOINT |
JSON | 2024-12-12 View Change |
| Varonis | Data Security / Insider Threat | VARONIS |
SYSLOG + KV (CEF), LEEF | 2025-02-06 View Change |
| JAMF Security Cloud | Automation and DevOps Tools | JAMF_SECURITY_CLOUD |
JSON | 2025-01-31 View Change |
| Cloud Identity Devices | Google Cloud Specific | GCP_CLOUDIDENTITY_DEVICES |
JSON | 2024-07-01 View Change |
| Alveo Risk Data Management | SaaS Applications | ALVEO_RDM |
JSON | 2025-02-19 View Change |
| SentinelOne EDR | EDR | SENTINEL_EDR |
SYSLOG + JSON | 2024-07-29 View Change |
| Rapid7 Insight | Vulnerability Scanner | RAPID7_INSIGHT |
SYSLOG, JSON | 2024-05-13 View Change |
| Aware Audit | Application server logs | AWARE_AUDIT |
JSON | 2025-02-10 View Change |
| Cisco Application Centric Infrastructure | CISCO ACI | CISCO_ACI |
JSON, SYSLOG | 2025-01-16 View Change |
| PostgreSQL | Database | POSTGRESQL |
JSON,KV | 2024-08-07 View Change |
| PostFix Mail | Email Server | POSTFIX_MAIL |
SYSLOG | 2024-06-25 View Change |
| ManageEngine ADAudit Plus | Active Directory Audit | ADAUDIT_PLUS |
SYSLOG + KV (CEF) | 2025-02-19 View Change |
| Cisco TACACS+ | Authentication | CISCO_TACACS |
SYSLOG + KV | 2024-11-07 View Change |
| Symantec Endpoint Protection | AV / Endpoint | SEP |
SYSLOG, KV | 2025-01-09 View Change |
| Edgio WAF | Web Application Firewall | EDGIO_WAF |
JSON | 2025-02-04 View Change |
| OpenCanary | Data Security | OPENCANARY |
SYSLOG + JSON | 2024-03-11 View Change |
| Windows Defender ATP | AV / Endpoint | WINDOWS_DEFENDER_ATP |
SYSLOG + JSON, XML, JSON | 2024-10-15 View Change |
| Check Point Sandblast | EDR | CHECKPOINT_EDR |
SYSLOG + KV and SYSLOG + CEF | 2024-05-09 View Change |
| Cisco DHCP | DHCP | CISCO_DHCP |
SYSLOG + CSV | 2022-02-07 |
| CSV Custom IOC | IOC | CSV_CUSTOM_IOC |
CSV | 2024-02-15 View Change |
| Aruba IPS | IPS | ARUBA_IPS |
JSON | 2022-06-16 View Change |
| Nokia Router | Switches and Routers | NOKIA_ROUTER |
SYSLOG + KV | 2023-11-27 View Change |
| FileZilla | File tranfser | FILEZILLA_FTP |
SYSLOG | 2024-06-09 View Change |
| Cribl Stream | Log Aggregation and SIEM Systems | CRIBL_STREAM |
JSON | 2024-06-05 View Change |
| ManageEngine Log360 | Alert Log | MANAGE_ENGINE_LOG360 |
SYSLOG+KV | 2024-10-28 View Change |
| Zscaler CASB | CASB | ZSCALER_CASB |
JSON | 2024-06-04 View Change |
| VyOS Open Source Router | DHCP | VYOS |
SYSLOG | 2022-10-12 View Change |
| Citrix Storefront | Remote Access Tools | CITRIX_STOREFRONT |
JSON | 2025-02-12 View Change |
| Clearswift | Information Security | CLEARSWIFT |
SYSLOG | 2023-11-22 View Change |
| Kubernetes Auth Proxy | Kubernetes Specific | KUBERNETES_AUTH_PROXY |
JSON | 2022-09-08 View Change |
| Microsoft IAS Server | Endpoint Security | MICROSOFT_IAS |
CSV + KV | 2024-04-25 |
Supported log types without a default parser
Google Security Operations SIEM does not provide a default parser for these log types. You can ingest raw logs from these devices using the Google Security Operations SIEM Ingestion API or the Google Security Operations SIEM forwarder. Google Security Operations SIEM will not normalize the data to structured Unified Data Model format.
You can create a custom parser to normalize these logs. You can also search raw logs.
| Vendor / Product | Ingestion label |
|---|---|
| Accops Hysecure VPN | ACCOPS_HYSECURE_VPN |
| Acquia Cloud Platform | ACQUIA_CLOUD_PLATFORM |
| Acronis Backup | ACRONIS |
| Active Identity HID | ACTIVE_IDENTITY_HID |
| Microsoft ActiveSync | ACTIVE_SYNC |
| Adaptive Shield | ADAPTIVE_SHIELD |
| Adaxes | ADAXES |
| Addigy MDM | ADDIGY_MDM |
| Admin by request PAM | ADMIN_BY_REQUEST |
| Adobe Commerce | ADOBE_COMMERCE |
| Adobe Experience Manager | ADOBE_EXPERIENCE_MANAGER |
| Adobe I/O Runtime | ADOBE_IO_RUNTIME |
| ManageEngine ADSelfService Plus | ADSELFSERVICE_PLUS |
| ADTRAN NetVanta router | ADTRAN_NETVANTA |
| Agari Phishing Defense | AGARI_PHISHING_DEFENSE |
| Agiloft | AGILOFT |
| Extreme Networks AirDefense | AIRDEFENSE |
| Airwatch Context | AIRWATCH_CONTEXT |
| Air Table | AIR_TABLE |
| Akamai Prolexic | AKAMAI_DDOS |
| Akamai DHCP | AKAMAI_DHCP |
| Akamai Enterprise Threat Protector | AKAMAI_ETP |
| Akamai Event Viewer | AKAMAI_EVT_VWR |
| Akamai Guardicore | AKAMAI_GUARDICORE |
| Akamai Log Delivery Service | AKAMAI_LDS |
| AlertLogic Notifications | ALERTLOGIC_NOTIFICATIONS |
| Alert Enterprise Guardian | ALERT_GUARDIAN |
| AliCloud Anti DDos | ALICLOUD_ANTI_DDOS |
| AliCloud WAF | ALICLOUD_WAF |
| AlienVault Open Threat Exchange | ALIENVAULT_OTX |
| Allot NetEnforcer | ALLOT_NETENFORCER |
| Amavis | AMAVIS |
| Analyst1 IOC | ANALYST1_IOC |
| Anzenna | ANZENNA |
| Apache Kafka Audit | APACHE_KAFKA_AUDIT |
| Apache SpamAssassin | APACHE_SPAMASSASSIN |
| APC Automatic Transfer Switch | APC_ATS |
| APC Netbotz | APC_NETBOTZ |
| APC Power Distribution Unit | APC_PDU |
| APC Smart-UPS | APC_SMART_UPS |
| APC StruxureWare Portal | APC_STRUXUREWARE |
| Apiiro Cloud Application Security Platform | APIIRO |
| Appgate Software-defined Perimeter | APPGATE_SDP |
| Appsentinels | APPSENTINELS |
| AppViewX | APPVIEWX |
| Aptos Enterprise Order Management | APTOS_EOM |
| Arcon PAM | ARCON_PAM |
| Argo CD | ARGO_CD |
| Argo Workflows | ARGO_WORKFLOWS |
| Arista Guardian For Network Identity | ARISTA_AGNI |
| Arista CloudVision Portal | ARISTA_CVP |
| Arista NDR | ARISTA_NDR |
| Arize Cloud | ARIZE_CLOUD |
| Arkime Packet Capture | ARKIME_PCAP |
| Armis | ARMIS |
| Armorblox Email Security | ARMORBLOX_ESC |
| Armor Anywhere | ARMOR_ANYWHERE |
| Array Networks WAF | ARRAY_NETWORKS_WAF |
| Aruba Orchestrator | ARUBA_ORCHESTRATOR |
| Aruba Switches | ARUBA_SWT |
| Arxan Threat Analytics | ARXAN_THREAT_ANALYTICS |
| Asana | ASANA |
| Ascertia | ASCERTIA |
| Asimily | ASIMILY |
| AssetNote | ASSETNOTE |
| AstriX | ASTRIX |
| Atlan | ATLAN |
| Atlassian Beacon | ATLASSIAN_BEACON |
| Atlassian Jira Confluence Json | ATLASSIAN_CONFLUENCE_JSON |
| Atlassian Jira Json | ATLASSIAN_JIRA_JSON |
| Attack IQ | ATTACK_IQ |
| AT&T Netbond | ATT_NETBOND |
| AudioCodes Voice DNA | AUDIOCODES |
| Authentic8 Silo | AUTHENTIC8_SILO |
| Authx Identity Management | AUTHX |
| Authx User Context | AUTHX_USER_CONTEXT |
| Autodesk Cad Cam | AUTODESK_CAD_CAM |
| Autodesk Vault | AUTODESK_VAULT |
| Automox | AUTOMOX_EPM |
| Avast Business | AVAST_HUB |
| Avaya Session Border Controller | AVAYA_BORDER |
| Avaya Interactive Voice Response | AVAYA_IVR |
| Avaya VSP Switch | AVAYA_VSP |
| Avaya Wireless | AVAYA_WIRELESS |
| Avaza | AVAZA |
| Aviatrix Cloud Network Platform | AVIATRIX |
| AWS Dynamo DB | AWS_DYNAMO_DB |
| Amazon ElastiCache | AWS_ELASTI_CACHE |
| Amazon FSx for Windows File Server | AWS_FSX |
| AWS Inspector2 | AWS_INSPECTOR2 |
| AWS NGINX | AWS_NGINX |
| AWS PY Tools | AWS_PY_TOOLS |
| AWS Simple Email Service | AWS_SES |
| AWS Shield | AWS_SHIELD |
| Axis Atmos | AXIS_ATMOS |
| Axis Camera | AXIS_CAMERA |
| Axis License Plate Reader | AXIS_LPR |
| Axis Security Audit | AXIS_OS |
| Axonius Cybersecurity Asset Management | AXONIUS |
| Axway | AXWAY |
| Microsoft Azure | AZURE |
| Azure AD Password Protection | AZURE_AD_PASSWORD_PROTECTION |
| Azure AD Provisioning | AZURE_AD_PROVISIONING |
| Azure ATP | AZURE_ATP |
| Azure Bastion | AZURE_BASTION |
| Azure Container Registry | AZURE_CONTAINER_REGISTRY |
| Azure DNS logs | AZURE_DNS |
| Azure Log Analytics Workspace | AZURE_LOG_ANALYTICS_WORKSPACE |
| Azure Nix System | AZURE_NIX_SYSTEM |
| Azure PostgreSQL | AZURE_POSTGRESQL |
| Azure Risky Users | AZURE_RISKY_USERS |
| Azure Risk Events | AZURE_RISK_EVENTS |
| Azure Security Center | AZURE_SECURITY_CENTER |
| Azure Service Principal Logins | AZURE_SERVICE_PRINCIPAL_LOGINS |
| Azure VNET Flow | AZURE_VNET_FLOW |
| Babelforce | BABELFORCE |
| Backbase Engagement Banking Platform | BACKBASE |
| Backbox | BACKBOX |
| Backstage | BACKSTAGE |
| OneIdentity Balabit | BALABIT |
| BambooHR | BAMBOO_HR |
| Banner dd | BANNER_DD |
| Barracuda CloudGen Access | BARRACUDA_CLOUDGEN_ACCESS |
| Barracuda Impersonation Protection | BARRACUDA_IMPERSONATION |
| Barracuda Incident Response | BARRACUDA_INCIDENTRESPONSE |
| Barracuda Content Shield | BARRACUDA_SHIELD |
| Belden Switch | BELDEN_SWITCH |
| Bettercloud | BETTERCLOUD |
| BetterStack Uptime | BETTERSTACK_UPTIME |
| BeyondTrust Cloud Privilege Broker | BEYONDTRUST_CPB |
| BeyondTrust Management console | BEYONDTRUST_MC |
| Beyond Identity | BEYOND_IDENTITY |
| BindPlane Audit Logs | BINDPLANE |
| Bitsight | BITSIGHT |
| Bitvise SFTP | BITVISE_SFTP |
| Bitvise SSHd | BITVISE_SSHD |
| Bitwarden Password Manager User Context | BITWARDEN_USER_CONTEXT |
| Biztalk | BIZTALK |
| Blackberry Workspaces | BLACKBERRY_WORKSPACES |
| Blockdaemon API | BLOCKDAEMON_API |
| BloodHound | BLOODHOUND |
| Bluecat Address Manager | BLUECAT_AM |
| Blue Prism | BLUE_PRISM |
| Blue Voyant | BLUE_VOYANT |
| BMC Control-M | BMC_CONTROL_M |
| Core Privileged Access Manager (BoKS) | BOKS |
| Boomi App | BOOMI |
| Bricata NDR | BRICATA_NDR |
| Britive Audit API | BRITIVE_AUDIT_API |
| BRIVO | BRIVO |
| Broadcom Compliance Event Manager | BROADCOM_CEM |
| Brocade Fabric OS | BROCADE_FOS |
| Brocade SANnav Management Portal | BROCADE_SANNAV |
| Zeek DHCP | BRO_DHCP |
| Zeek HTTP | BRO_HTTP |
| BT IPControl | BT_IPCONTROL |
| Burpsuite Application Security testing tool | BURPSUITE |
| CallTower Audio Conferencing | CALLTOWER_AUDIO |
| Cameyo Activity Logs | CAMEYO_ACTIVITY_LOGS |
| Cameyo Bring Your Own Cloud | CAMEYO_BYO_CLOUD |
| Canary Audit Trail | CANARY_AUDIT_TRAIL |
| Canon Printers | CANON_PRINTERS |
| CATO SD-WAN | CATO_SDWAN |
| Censornet CASB | CENSORNET_CASB |
| Cerberus FTP Server | CERBERUS_FTP |
| ChatGPT Audit Logs | CHATGPT_AUDIT_LOGS |
| Check Point CloudGuard | CHECKPOINT_CLOUDGUARD |
| Check Point Email | CHECKPOINT_EMAIL |
| Check Point FDE | CHECKPOINT_FDE |
| Checkpoint Gaia | CHECKPOINT_GAIA |
| Chronicle Feed | CHRONICLE_FEED |
| Cilium | CILIUM |
| Cisco Aironet | CISCO_AIRONET |
| Cisco Cyber Vision | CISCO_CYBER_VISION |
| Cisco DNS | CISCO_DNS |
| Cisco Meraki Camera | CISCO_MERAKI_CAMERA |
| Cisco NetFlow | CISCO_NETFLOW |
| Cisco Secure Access | CISCO_SECURE_ACCESS |
| Cisco Secure Endpoint | CISCO_SECURE_ENDPOINT |
| Cisco Secure Malware Analytics | CISCO_SECURE_MALWARE_ANALYTICS |
| Cisco Content Security Management Appliance | CISCO_SMA |
| Cisco SNMP Trapd | CISCO_SNMP |
| Cisco Umbrella Firewall | CISCO_UMBRELLA_FIREWALL |
| Cisco Umbrella IPS | CISCO_UMBRELLA_IPS |
| Cisco Viptela | CISCO_VIPTELA |
| Cisco Vulnerability Management | CISCO_VULNERABILITY_MANAGEMENT |
| CiscoXDR | CISCO_XDR |
| Citrix Netscaler Web Logs | CITRIX_NETSCALER_WEB_LOGS |
| Citrix SD-WAN | CITRIX_SDWAN |
| Citrix Session Metadata | CITRIX_SESSION_METADATA |
| Citrix Virtual Desktop Infrastructure | CITRIX_VDI |
| Citrix WAF | CITRIX_WAF |
| Citrix Web Gateway | CITRIX_WEB_GATEWAY |
| Citrix Workspace | CITRIX_WORKSPACE |
| Citrix XenCenter | CITRIX_XENCENTER |
| Claroty xDome Secure Access | CLAROTY_XDOME_SECURE_ACCESS |
| Clavistier Firewall | CLAVISTER_FIREWALL |
| Cleafy | CLEAFY |
| Clear Bank Portal Audit | CLEARBANK_PORTAL |
| Clearsense Healthcare Analytics | CLEARSENSE |
| ClickHouse | CLICKHOUSE |
| Click Studios Passwordstate | CLICK_STUDIOS_PASSWORDSTATE |
| Cloudaware | CLOUDAWARE |
| CloudBees | CLOUDBEES |
| CloudBolt | CLOUDBOLT |
| Cloudflare Access | CLOUDFLARE_ACCESS |
| Cloudflare Bot Management | CLOUDFLARE_BOT_MANAGEMENT |
| Cloudflare Pageshield | CLOUDFLARE_PAGESHIELD |
| Cloudflare Spectrum | CLOUDFLARE_SPECTRUM |
| Cloud Passage (CSM) | CLOUDPASSAGE_CSM |
| Cloud Passage (FIM) | CLOUDPASSAGE_FIM |
| Cloud Passage (LIDS) | CLOUDPASSAGE_LIDS |
| Cloud Passage (SVM) | CLOUDPASSAGE_SVM |
| Cloudsek Alerts | CLOUDSEK_ALERTS |
| cmd.com | CMD |
| Coalition Control API | COALITION |
| Cockroach DB | COCKROACH_DB |
| Coda Io | CODA_IO |
| Code42 CrashPlan | CODE42 |
| Code Worldwide | CODE_WORLDWIDE |
| Cofense Vision | COFENSE_VISION |
| Cohesity Helios | COHESITY_HELIOS |
| Cohesity Smartfiles | COHESITY_SMARTFILES |
| Commvault Metallic | COMMVAULT_METALLIC |
| Conductor One | CONDUCTOR_ONE |
| Confluent Audit | CONFLUENT_AUDIT |
| ConnectWise Automate | CONNECTWISE_AUTOMATE |
| ConnectWise Control | CONNECTWISE_CONTROL |
| Control D DNS | CONTROL_D |
| Control Plane | CONTROL_PLANE |
| Control UP | CONTROL_UP |
| Corrata | CORRATA |
| Cradlepoint Router Logs | CRADLEPOINT |
| Cradlepoint NetCloud | CRADLEPOINT_NETCLOUD |
| Cribl AppScope | CRIBL_APPSCOPE |
| Cribl Cloud | CRIBL_CLOUD |
| Cribl Edge | CRIBL_EDGE |
| Cribl Search | CRIBL_SEARCH |
| CrowdStrike DLP | CROWDSTRIKE_DLP |
| Crowdstrike Recon (TI) | CROWDSTRIKE_RECON |
| Crowdstrike Spotlight | CROWDSTRIKE_SPOTLIGHT |
| ProLion CryptoSpike | CRYPTOSPIKE |
| Citrix Receiver | CSG_CITRIX_RX |
| CSG Custom Rules Engine | CSG_CUSTOMENGINE |
| CSG Singleview | CSG_SINGLEVIEW |
| CSV Custom CMDB | CSV_CUSTOM_CMDB |
| CrowdStrike Alerts API | CS_ALERTS |
| CrowdStrike Falcon CEF | CS_CEF_EDR |
| Crowdstrike Endpoint Security API | CS_ENDPOINT_SECURITY_API |
| CTERA Drive | CTERA_DRIVE |
| Cubist Audit | CUBIST_AUDIT |
| Culture AI | CULTURE_AI |
| Customer Alerts | CUSTOMER_ALERT |
| Custom CSV Log | CUSTOM_CSV_LOG |
| Custom Host Forensics | CUSTOM_HOST_FORENSICS |
| CyberArk Secure Cloud Access | CYBERARK_SCA |
| CyberArk Identity Single Sign-On | CYBERARK_SSO |
| Connectsecure | CYBERCNS |
| Cyberhaven Data Detection and Response | CYBERHAVEN_DDR |
| Cyberhaven | CYBERHAVEN_EVENTS |
| Cyberint | CYBERINT |
| Cybersixgill | CYBERSIXGILL |
| Cycode Platform | CYCODE |
| Insider threat detection and response | CYDERES_INSIDER |
| Cyderes IOC | CYDERES_IOC |
| Cylance | CYLANCE |
| Cylera IOT | CYLERA_IOT |
| Cymulate | CYMULATE |
| Cynerio Healthcare NDR | CYNERIO_NDR_H |
| Cyolo Zero Trust | CYOLO_ZTNA |
| Cyral | CYRAL |
| C Zentrix | C_ZENTRIX |
| D3 Security | D3_SECURITY |
| Databricks | DATABRICKS |
| Dataiku DSS Logging | DATAIKU_DSS_LOGS |
| DataLocker SafeConsole | DATALOCKER_SAFECONSOLE |
| Datalust | DATALUST |
| Datasunrise Dam | DATASUNRISE_DAM |
| Datawatch | DATAWATCH |
| DBT Cloud | DBT_CLOUD |
| DealCloud | DEAL_CLOUD |
| Deepfence Network Monitoring | DEEPFENCE |
| DefectDojo | DEFECTDOJO |
| Delinea PBA | DELINEA_PBA |
| Delinea Privilege Manager | DELINEA_PRIVILEGE_MANAGER |
| Delinea Server Suite | DELINEA_SERVER_SUITE |
| Dell Compellent | DELL_COMPELLENT |
| Dell Cyber Recovery Manager | DELL_CRM |
| Dell EMC Avamar | DELL_EMC_AVAMAR |
| Dell EMC Cloudlink | DELL_EMC_CLOUDLINK |
| Dell Core Switch | DELL_EMC_NETWORKING |
| Dell EMC Unity | DELL_EMC_UNITY |
| Dell SonicWALL WAF | DELL_WAF |
| Design Profit Central Server | DESIGN_PROFIT_CENTRAL_SERVER |
| Device 42 | DEVICE_42 |
| Devolutions Remote Desktop Manager | DEVOLUTIONS_RDM |
| Divvy Cloud | DIVVY_CLOUD |
| DLink Switch | DLINK_SWITCH |
| Dmarcian | DMARCIAN |
| Docker | DOCKER |
| Docker Hub Activity | DOCKER_HUB_ACTIVITY |
| DocuSign | DOCUSIGN |
| DOMO Business Cloud | DOMO |
| Dragos | DRAGOS |
| Draytek Firewall | DRAYTEK |
| Draytek Router | DRAYTEK_ROUTER |
| Dremio Data Lakehouse | DREMIO_DATA_LAKEHOUSE |
| Dropbox | DROPBOX |
| Drupal Logging | DRUPAL |
| Druva | DRUVA |
| DSP Toolkit audit | DSP_AUDIT |
| Dtex Audit | DTEX_AUDIT |
| Dtex Intercept | DTEX_INTERCEPT |
| Duo Access Gateway | DUO_CASB |
| Duo Network Gateway | DUO_NETWORK_GATEWAY |
| Duo Trust Monitor | DUO_TRUST_MONITOR |
| Dynatrace | DYNATRACE |
| E2 Guardian | E2_GUARDIAN |
| CWT SatoTravel | E2_SOLUTIONS |
| Eaton UPS | EATON_UPS |
| eCAR | ECAR |
| eCAR Bro | ECAR_BRO |
| Edgecore Networks | EDGECORE_NETWORKS |
| Edgio CDN | EDGIO_CDN |
| Edgio Rate Limiting | EDGIO_RL |
| Efax | EFAX |
| Egnyte | EGNYTE |
| Egress Defend | EGRESS_DEFEND |
| Egress Prevent | EGRESS_PREVENT |
| EclecticIQ EDR | EIQ_EDR |
| Elastic Defend | ELASTIC_DEFEND |
| Elastic Security | ELASTIC_EDR |
| Elastic File Beats | ELASTIC_FILEBEAT |
| Elastic Metric Beats | ELASTIC_METRICBEAT |
| Emerson Smart Firewall | EMERSON_FIREWALL |
| Emsisoft AntiVirus | EMSISOFT_ANTIVIRUS |
| Endgame | ENDGAME_EDR |
| Ensono Cloud Mainframe Solution | ENSONO |
| Entrust NTP Server | ENTRUST_NTP_SERVER |
| Entrust Secrets Vault | ENTRUST_SECRETS_VAULT |
| Entrust DataControl Audit | ENTR_DATACTRL_AUDIT |
| Erlang Shell Logs | ERLANG_SHELL |
| Ermes Web Protection | ERMES |
| Ermetic | ERMETIC |
| Eset Protect Platform | ESET_PROTECT_PLATFORM |
| E-Share platform | ESHARE_PLATFORM |
| Estar | ESTAR |
| ETQ Reliance | ETQ_RELIANCE |
| Evidos Firewall | EVIDOS_FIREWALL |
| Exabeam Fusion XDR | EXABEAM_FUSION_XDR |
| Exim Internet Mailer | EXIM_INTERNET_MAILER |
| Exterro FTK Central | EXTERRO_FTK_CENTRAL |
| ExtraHop DHCP | EXTRAHOP_DHCP |
| ExtremeWare Operating System (OS) | EXTREMEWARE_NETWORKS |
| xtreme Networks ExtremeControl NAC Solution | EXTREME_CONTROL |
| Extreme Management Center | EXTREME_MANAGEMENT |
| EzProxy | EZPROXY |
| F5 Bot | F5_BOT |
| F5 IP Intelligence | F5_IP_INTELLIGENCE |
| F5 System Logs | F5_SYSTEM_LOGS |
| Fail2Ban Scan | FAIL2BAN |
| Farsight DNSDB | FARSIGHT_DNSDB |
| FA Solutions | FA_SOLUTIONS |
| Featurespace Aric | FEATURESPACE_ARIC |
| Feenics Access Control | FEENICS_ACCESS_CONTROL |
| Fidelis Endpoint | FIDELIS_ENDPOINT |
| FileMage SFTP | FILEMAGE_SFTP |
| Files dot com | FILES_DOT_COM |
| Firebase | FIREBASE |
| Fireblocks | FIREBLOCKS |
| FireEye CMS | FIREEYE_CMS |
| FireEye Helix | FIREEYE_HELIX |
| FireMon Firewall | FIREMON_FIREWALL |
| Fisglobal Quantum | FISGLOBAL_QUANTUM |
| Flashpoint IOC | FLASHPOINT_IOC |
| Fleet DM | FLEET_DM |
| FM Systems Workplace Management | FM_SYSTEMS |
| Forcepoint Insider Threat | FORCEPOINT_FIT |
| Forcepoint One | FORCEPOINT_ONE |
| Forcepoint V Series | FORCEPOINT_VSERIES |
| Forescout eyeInspect | FORESCOUT_EYEINSPECT |
| Fortanix Data Security Manager | FORTANIX_DSM |
| Fortinet ADC | FORTINET_ADC |
| Fortinet Wireless Access Point | FORTINET_AP |
| Fortinet FortiGate IPS | FORTINET_IPS |
| Fortinet FortiSandbox | FORTINET_SANDBOX |
| Fortra Vulnerability Management | FORTRA_VM |
| Foundry Fastiron | FOUNDRY_FASTIRON |
| FoxPass Audit Logs | FOXPASS_AUDIT_LOGS |
| Fox-IT | FOX_IT_STIX |
| FreeIPA | FREEIPA |
| FreeRADIUS | FREERADIUS |
| Front | FRONT |
| Digital Defense Frontline VM | FRONTLINE_VM |
| FS-ISAC IOC | FS_ISAC_IOC |
| Fusion Auth | FUSION_AUTH |
| Futurex HSM | FUTUREX_HSM |
| Google Cloud Abuse Events | GCP_ABUSE_EVENTS |
| Google Cloud Product Artifact Registry | GCP_ARTIFACT_REGISTRY |
| Google Cloud Product Cloud Asset Inventory | GCP_CLOUD_ASSET_INVENTORY |
| Google Cloud Product Identity Toolkit | GCP_IDENTITYTOOLKIT |
| Google Cloud Product Google Kubernetes Container Security | GCP_KUBERNETES_CONTAINER_SECURITY |
| Google Cloud Product Threat Detection | GCP_THREAT_DETECTION |
| Genesys Audit | GENESYS_AUDIT |
| Genetec Audit | GENETEC_AUDIT |
| Ghangor DLP | GHANGOR_DLP |
| Gigamon | GIGAMON |
| Gigya CIAM | GIGYA_CIAM |
| GitHub Events | GITHUB_EVENTS |
| Glean | GLEAN |
| Globalscape SFTP | GLOBALSCAPE_SFTP |
| GlusterFS | GLUSTER_FS |
| GluWare Network Automation | GLUWARE_NETWORK_AUTOMATION |
| GMV Checker User Context | GMV_CHECKER_CONTEXT |
| GoAnywhere MFT | GOANYWHERE_MFT |
| GoDaddy DNS | GODADDY_DNS |
| GoldiLock | GOLDILOCK |
| Gong | GONG |
| Google Ads | GOOGLE_ADS |
| Grafana | GRAFANA |
| GrayhatWarfare | GRAYHATWARFARE |
| Graylog Operations | GRAYLOG |
| GreatHorn Email Security | GREATHORN |
| Greenhouse Harvest | GREENHOUSE_HARVEST |
| GreyNoise | GREYNOISE |
| GTB Technologies DLP | GTB_DLP |
| Guidewire Billing Center | GUIDEWIRE_BILLING_CENTER |
| Guidewire Claim Center | GUIDEWIRE_CLAIM_CENTER |
| Guidewire Policy Center | GUIDEWIRE_POLICY_CENTER |
| Gurucul Risk Analytics | GURUCUL |
| H3C Router | H3C_ROUTER |
| H3C Comware Platform Switch | H3C_SWITCH |
| Hackerone | HACKERONE |
| Halo | HALO |
| Halo Sensor | HALO_SENSOR |
| HaProxy LoadBalancer | HAPROXY_LOADBALANCER |
| Harbor | HARBOR |
| Harfanglab EDR | HARFANGLAB_EDR |
| Hashcast | HASHCAST |
| Hashicorp Boundary | HASHICORP_BOUNDARY |
| Hashicorp Nomad | HASHICORP_NOMAD |
| HAVI Connect | HAVI_CONNECT |
| Perforce Helix Core | HELIX_CORE |
| Heroku | HEROKU |
| Hex | HEX |
| HiBob | HIBOB |
| HaveIBeenPwned | HIBP |
| Hillstone NDR | HILLSTONE_NDR |
| Hirschmann Switch | HIRSCHMANN_SWITCH |
| Hitachi PAM | HITACHI_ID_PAM |
| HL7 | HL7 |
| Honeywell Cyber Insights | HONEYWELL_CYBERINSIGHTS |
| HoopDev | HOOPDEV |
| Hornet Email Security | HORNET_SECURITY |
| Hoxhunt | HOXHUNT |
| Hewlett Packard Enterprise SAN | HPE_SAN |
| HPE Oneview | HP_ONEVIEW |
| HP Poly | HP_POLY |
| HP Printer logs | HP_PRINTER |
| HP Router | HP_ROUTER |
| HP Wolf Pro Security | HP_WOLF |
| Huawei Campus Switch | HUAWEI_CAMPUS_SWITCH |
| Huawei CloudEngine | HUAWEI_CLOUDENGINE |
| Huawei NextGen Firewall | HUAWEI_FIREWALL |
| Huawei Fusion Sphere Hypervisor | HUAWEI_FUSIONSPHERE |
| Huawei NAC | HUAWEI_NAC |
| Huawei Wireless | HUAWEI_WIRELESS |
| HubSpot Activity Logs | HUBSPOT_ACTIVITY |
| HubSpot CRM Platform | HUBSPOT_CRM |
| HubSpot Authentication Logs | HUBSPOT_LOGIN |
| Health ISAC | H_ISAC |
| 3Com 8800 Series Switch | IBM_3COM |
| IBM Cleversafe Object Storage | IBM_CLEVERSAFE |
| IBM Cloud System | IBM_CLOUD_SYSTEM |
| IBM Security Guardium Insights | IBM_INSIGHTS |
| IBM KNS | IBM_KNS |
| IBM MQ File Transfer | IBM_MQ_FILE_TRANSFER |
| IBM NS1 | IBM_NS1 |
| IBM Sense | IBM_SENSE |
| IBM Spectrum Protect | IBM_SPECTRUM_PROTECT |
| IBM Security Verify Access | IBM_SVA |
| IBM Switch | IBM_SWITCH |
| IBM Tririga | IBM_TRIRIGA |
| IBM WinCollect | IBM_WINCOLLECT |
| IBM zSecure Alert | IBM_ZSECURE_ALERT |
| Idecsi | IDECSI |
| Identity Security Cloud | IDENTITY_SECURITY_CLOUD |
| Dell iDRAC | IDRAC |
| IIJ_LanScope | IIJ_LANSCOPE |
| ImageNow | IMAGENOW |
| iManage Cloud Platform | IMANAGE_CLOUD |
| Imperva Data Risk Analytics | IMPERVA_DATA_ANALYTICS |
| Imperva Sonar | IMPERVA_SONAR |
| Imprivata Confirm ID | IMPRIVATA_CONFIRM_ID |
| Imprivata Identity Governance | IMPRIVATA_IDG |
| Imprivata OneSign | IMPRIVATA_ONESIGN |
| IM Express | IM_EXPRESS |
| Incident Io | INCIDENT_IO |
| Indusface WAF | INDUSFACE_WAF |
| INFINICO NetWyvern Series Appliance | INFINICO_NETWYVERN |
| Infinidat | INFINIDAT |
| Infoblox Loadbalancer | INFOBLOX_LOADBALANCER |
| Infoblox NetMRI | INFOBLOX_NETMRI |
| Informatica | INFORMATICA |
| Informatica Powercenter | INFORMATICA_POWERCENTER |
| INKY Secure Email | INKY |
| Intezer | INTEZER |
| Intruder.IO | INTRUDER_IO |
| inWebo MFA | INWEBO_MFA |
| IPFire | IPFIRE |
| Ipswitch MOVEit Automation | IPSWITCH_MOVEIT_AUTOMATION |
| Ironscales | IRONSCALES |
| iSecurity | Security Services and Remediation | ISECURITY |
| iTop | ITOP |
| Ivanti Application Control | IVANTI_APP_CONTROL |
| Ivanti Connect Secure | IVANTI_CONNECT_SECURE |
| Ivanti Device Control | IVANTI_DEVICE_CONTROL |
| ISM Xtraction | IVANTI_XTRACTION |
| iverify | IVERIFY |
| Jamf Compliance Reporter | JAMF_COMPLIANCE_REPORTER |
| Jamf Connect | JAMF_CONNECT |
| Jamf Protect Network Traffic | JAMF_NETWORK_TRAFFIC |
| Jamf pro context | JAMF_PRO_CONTEXT |
| Jamf Pro MDM | JAMF_PRO_MDM |
| Jamf Protect Telemetry V2 | JAMF_TELEMETRY_V2 |
| JBoss Web | JBOSS_WEB |
| IBM JDE | JDE |
| JiranSecurity MailScreen | JIRANSECURITY_MAILSCREEN |
| Joblogic | JOBLOGIC |
| JumpCloud Directory as a Service | JUMPCLOUD_DAAS |
| JumpCloud Desktop | JUMPCLOUD_DESKTOP |
| Jumpcloud IAM | JUMPCLOUD_IAM |
| Juniper SSR Conductor | JUNIPER_SSR_CONDUCTOR |
| Juniper Secure Connect VPN | JUNIPER_VPN |
| Jupiter One | JUPITER_ONE |
| KACE Service Desk | KACE_SERVICE_DESK |
| KACE Systems Management Appliance | KACE_SMA |
| Kamailio | KAMAILIO |
| Kandji | KANDJI |
| Kandji Context | KANDJI_CONTEXT |
| Kaseya IT Management | KASEYA |
| Keepalived Routing software | KEEPALIVED |
| Kentik DDoS Detection | KENTIK_ALERTS |
| Keyfactor | KEYFACTOR |
| Keysight Packet Brokers | KEYSIGHT |
| Kibana audit logs | KIBANA |
| Kion | KION |
| KnowBe4 Audit Log | KNOWBE4 |
| Kustomer CRM | KUSTOMER_CRM |
| Kyverno | KYVERNO |
| Lansweeper Asset Management | LANSWEEPER |
| LaunchDarkly | LAUNCH_DARKLY |
| LOAD_BALANCER_ADC | LB_ADC |
| LeanIX Enterprise | LEANIX |
| Leanix CMDB | LEANIX_CMDB |
| Lenels2 Elements Secure | LENELS2_ELEMENTS_SECURE |
| Lepide | LEPIDE |
| Lexmark Printer logs | LEXMARK_PRINTER |
| Liaison NuBridges Platform | LIAISON_NUBRIDGES |
| Libraesva Email Security | LIBRAESVA_EMAIL |
| Lira | LIRA |
| Lockself Lockpass | LOCKSELF_LOCKPASS |
| LogicGate | LOGICGATE |
| Logic Monitor | LOGICMONITOR |
| LookingGlass Aenoik IDPS | LOOKINGGLASS_IPS |
| Looking Glass | LOOKING_GLASS_IOC |
| LSI Badge Management System | LSI_BMS |
| Lumen DDoS Hyper | LUMEN_DDOS_HYPER |
| Lumeta Spectre | LUMETA |
| Lumos | LUMOS |
| Lenovo XClarity Orchestrator | LXC_ORCHESTRATOR |
| MacStadium | MACSTADIUM |
| Magic Collaboration Studio | MAGIC_CS |
| MailScanner | MAILSCANNER |
| Maltiverse IOC | MALTIVERSE_IOC |
| Mambu | MAMBU |
| Manage Engine Endpoint | MANAGEENGINE_ENDPOINT |
| ManageEngine NCM | MANAGEENGINE_NCM |
| ManageEngine Remote Access Plus | MANAGEENGINE_RAP |
| ManageEngine Asset Explorer | MANAGE_ENGINE_ASSET_EXPLR |
| ManageEngine Endpoint Central | MANAGE_ENGINE_ENDPT_CNTRL |
| ManageEngine OpUtils | MANAGE_ENGINE_OPUTILS |
| ManageEngine PAM360 | MANAGE_ENGINE_PAM360 |
| ManageEngine Password Manager Pro | MANAGE_ENGINE_PASSWORD_MANAGER |
| Mandiant Attack Surface Management Entity | MANDIANT_ASM_ENTITY |
| Mandiant Attack Surface Management Discovered Issue | MANDIANT_ASM_ISSUE |
| Mandiant Attack Surface Management Technology | MANDIANT_ASM_TECHNOLOGY |
| Mandiant Digital Threat Monitoring | MANDIANT_DTM_ALERTS |
| Mango Apps | MANGOAPPS |
| Manhattan Warehouse Management System | MANHATTAN_WMS |
| Material Security | MATERIAL_SECURITY |
| Matrix Frontier Badge Management | MATRIX_FRONTIER |
| McAfee Application Control | MCAFEE_APP_CONTROL |
| McAfee Advanced Threat Defense | MCAFEE_ATD |
| McAfee MVISION EDR | MCAFEE_EDR |
| McAfee Network Security Platform | MCAFEE_NSP |
| McAfee Solid Core | MCAFEE_SOLID_CORE |
| Medigate CMDB | MEDIGATE_CMDB |
| Melissa | MELISSA |
| Mend IO | MEND_IO |
| Metaswitch Perimeta | METASWITCH_PERIMETA |
| Meta Marketing | META_MARKETING |
| Miasma SecretScanner | MIASMA_SECRETSCANNER |
| MicroSemi NTP | MICROSEMI_NTP |
| Microsoft Ads | MICROSOFT_ADS |
| Microsoft CASB Files & Entities | MICROSOFT_CASB_CONTEXT |
| Microsoft Dotnet Log Files | MICROSOFT_DOTNET |
| Microsoft Defender External Attack Surface Management | MICROSOFT_EASM |
| Microsoft Graph Incident | MICROSOFT_GRAPH_INCIDENT |
| Microsoft Graph Risky Users | MICROSOFT_GRAPH_RISKY_USERS |
| Microsoft Identity Protection | MICROSOFT_IDENTITY_PROTECTION |
| Power BI Activity Log | MICROSOFT_POWERBI_ACTIVITY_LOG |
| Microsoft Purview | MICROSOFT_PURVIEW |
| Microsoft Azure AD Risk Detections | MICROSOFT_RISK_DETECTIONS |
| Microsoft Security Actions | MICROSOFT_SECURITY_ACTIONS |
| Microsoft Security Advisories Alerts | MICROSOFT_SECURITY_ALERTS |
| Microsoft SSTP VPN | MICROSOFT_SSTP |
| Microsoft Threat Indicators | MICROSOFT_THREAT_INDICATORS |
| Mimecast Attachment Logs | MIMECAST_ATTACHMENT_LOGS |
| Mimecast Audit Logs | MIMECAST_AUDIT_LOGS |
| Mimecast DLP Logs | MIMECAST_DLP_LOGS |
| Mimecast impersonation Logs | MIMECAST_IMPERSONATION_LOGS |
| Mimecast Web Security | MIMECAST_WEBPROXY |
| Minerva AV | MINERVA_AV |
| Miro | MIRO |
| Miro Cloud | MIRO_CLOUD |
| Mirth OnPrem Appliances NextGen | MIRTH_NEXTGEN |
| Mitel Communications Director | MITEL_MCD |
| Mode Analytics | MODE_ANALYTICS |
| ModSecurity | MODSECURITY |
| Monday | MONDAY |
| Mongo Atlas Audit | MONGO_ATLAS_AUDIT |
| Mosyle | MOSYLE |
| Windows Performance Monitor | MS_PERFMON |
| Mulesoft | MULESOFT |
| Multicom Switch | MULTICOM_SWITCH |
| MultiPay | MULTIPAY |
| NCC Scout Suite | NCC_SCOUTSUITE |
| NCR Digital Insight FSG | NCR_DIGITAL_INSIGHT_FSG |
| NCR Digital Insight Global Logging | NCR_DIGITAL_INSIGHT_GL |
| Nessus | NESSUS |
| Nessus Network Monitor | NESSUS_NETWORK_MONITOR |
| NetBrain | NETBRAIN |
| NetDisco | NETDISCO |
| Netenrich Entity Behaviour | NETENRICH_ENTITY_BEHAVIOR |
| Netenrich Entity Context | NETENRICH_ENTITY_CONTEXT |
| Netgate Firewall | NETGATE_FIREWALL |
| Netgear Switch | NETGEAR_SWITCH |
| Netlify Log Drains | NETLIFY_LOGDRAINS |
| Netmotion | NETMOTION |
| Netography Fusion | NETOGRAPHY_FUSION |
| Netsurion ProtectWise | NETSURION_PROTECTWISE |
| Netwrix Activity Monitor | NETWRIX_ACTIVITY_MONITOR |
| Netwrix Stealth Intercept | NETWRIX_STEALTH_INTERCEPT |
| Netwrix Threat Manager | NETWRIX_THREAT_MANAGER |
| Neustar SiteProtect | NEUSTAR_SITEPROTECT |
| New Relic Platform | NEW_RELIC |
| Nextcloud Hub | NEXTCLOUD_HUB |
| Nextthink Finder | NEXTTHINK_FINDER |
| Nexus Sonatype | NEXUS_SONATYPE |
| Ne Silent Log | NE_SILENT_LOG |
| Nightfall DLP | NIGHTFALL |
| Ninja One | NINJAONE |
| NIST National Vulnerability Database | NIST_NVD |
| NNT File Integrity monitoring | NNT_FIM |
| Nokia Home Device Manager | NOKIA_HDM |
| NordLayer VPN | NORD_LAYER |
| Nortel Secure Router | NORTEL_SR |
| Nortel Contivity VPN Switch | NORTEL_SWITCH |
| Notion | NOTION |
| Nucleus Vulnerability Scan Delta | NUCLEUS_VULNERABILITY_DELTA |
| Nutanix Frame | NUTANIX_FRAME |
| Nxlog Agent | NXLOG_AGENT |
| Nxlog Fim | NXLOG_FIM |
| N-Able N-Central RMM | N_ABLE_N_CENTRAL_RMM |
| Obsidian | OBSIDIAN |
| Okta RADIUS | OKTA_RADIUS |
| OnBase CMS | ONBASE_CMS |
| One Identity Active Role Service | ONEIDENTITY_ARS |
| One Identity Change Auditor | ONEIDENTITY_CHANGE_AUDITOR |
| One Identity Defender | ONEIDENTITY_DEFENDER |
| OneIdentity Safeguard | ONEIDENTITY_SAFEGUARD |
| One Identity TPAM | ONEIDENTITY_TPAM |
| 1KOSMOS | Identity and Authentication | ONEKOSMOS |
| OneLogin User Context | ONELOGIN_USER_CONTEXT |
| Oomnitza | OOMNITZA |
| Open CTI Platform | OPENCTI |
| Opentelemetry | OPENTELEMETRY |
| OpenText Cordy | OPENTEXT_CORDY |
| Opentext Exstream | OPENTEXT_EXSTREAM |
| OpenText Fax2Mail | OPENTEXT_FAX2MAIL |
| IDnomic Public Key Infrastructure | OPENTRUST |
| OpenVAS | OPENVAS |
| OpsRamp | OPSRAMP |
| Opswat Kiosk | OPSWAT_KIOSK |
| Opus Codec | OPUS |
| Oracle Access Manager | ORACLE_AM |
| Oracle EBS | ORACLE_EBS |
| Oracle HCM Human resources platform solution | ORACLE_HCM |
| Oracle Enterprise Manager | ORACLE_OEM |
| Oracle SSO Audit Logging | ORACLE_SSO_AUDIT |
| Oracle Zero Data Loss Recovery Appliance | ORACLE_ZDLRA |
| Oscar Claims | OSCAR_CLAIMS |
| Open Source Intelligence | OSINT_IOC |
| Osirium PAM | OSIRIUM_PAM |
| Outline Activity Logs | OUTLINE_ACTIVITY_LOGS |
| Outpost24 | OUTPOST24 |
| OVHcloud | OVHCLOUD |
| OX Security | OX_SECURITY |
| Packetlight Dwdm | PACKETLIGHT_DWDM |
| Packet Viper | PACKET_VIPER |
| PACOM Systems | PACOM_SYSTEMS |
| PAGELY | PAGELY |
| PagerDuty | PAGERDUTY |
| Pagerduty Audit | PAGERDUTY_AUDIT |
| Palo Alto Cortex IIS | PAN_CORTEX_XDR_IIS |
| Palo Alto DNS Security | PAN_DNS_SECURITY |
| Palo Alto Networks Global Protect | PAN_GLOBAL_PROTECT |
| Palo Alto Global Protect SVC | PAN_GPSVC |
| Palo Alto SSLVPN Access | PAN_SSLVPN_ACCESS |
| Palo Alto Telemetry | PAN_TELEMETRY |
| Palo Alto Cortex XDR Management Audit | PAN_XDR_MGMT_AUDIT |
| Palo Alto Networks XSOAR Audit | PAN_XSOAR |
| PaperCut Printing Management System | PAPER_CUT |
| Passfort | PASSFORT |
| Pave | PAVE |
| Paxton Access Control Systems | PAXTON_ACS |
| SSL pcap | PCAP_SSL_CLIENT_HELLO |
| Pega Automation | PEGA |
| Pentera | PENTERA |
| Pentera ASV | PENTERA_ASV |
| Pentera Leef | PENTERA_LEEF |
| PeopleSoft | PEOPLESOFT |
| People Strong | PEOPLE_STRONG |
| Peplink Loadbalancer | PEPLINK_LOADBALANCER |
| Peplink Router | PEPLINK_ROUTER |
| Peplink Switch | PEPLINK_SWITCH |
| Perception Point XRay | PERCEPTION_POINT_XRAY |
| Perimeter 81 | PERIMETER_81 |
| PhishAlarm | PHISHALARM |
| Domain Tools Phisheye | PHISHEYE_ALERT |
| Pingcap TIDB | PINGCAP_TIDB |
| Pingdom | PINGDOM |
| PingOne Advanced Identity Cloud | PINGONE_AIC |
| PingOne Protect | PINGONE_PROTECT |
| Pingsafe | PINGSAFE |
| Ping Access | PING_ACCESS |
| Ping SDK | PING_SDK |
| Plaso Super Timeline | PLASO |
| Plixer Scrutinizer | PLIXER_SCRUTINIZER |
| Pomerium | POMERIUM |
| Portnox Audit | PORTNOX_AUDIT |
| MS PowerShell Transcript | POWERSHELL_TRANSCRIPT |
| Power DNS | POWER_DNS |
| Preveil Enterprise | PREVEIL_ENTERPRISE |
| Prismatic IO | PRISMATIC_IO |
| Prisma SD-WAN | PRISMA_SD_WAN |
| ProofID | PROOFID |
| Proofpoint DLP | PROOFPOINT_DLP |
| Proofpoint Endpoint Data Loss Prevention | PROOFPOINT_ENDPOINT_DLP |
| Proofpoint Identity Threat Platform | PROOFPOINT_IDENTITY_THREAT_PLATFORM |
| Proofpoint Meta | PROOFPOINT_META |
| Proofpoint Secure Share | PROOFPOINT_SECURE_SHARE |
| Proofpoint Security Awareness Training | PROOFPOINT_SECURITY_AWARENESS_TRAINING |
| Proofpoint Tap Campaign | PROOFPOINT_TAP_CAMPAIGN |
| Proofpoint Tap People | PROOFPOINT_TAP_PEOPLE |
| Proofpoint Tap Threats | PROOFPOINT_TAP_THREATS |
| Proofpoint Tis IOC | PROOFPOINT_TIS_IOC |
| Protegrity Defiance | PROTEGRITY_DEFIANCE |
| Provision Asset Context | PROVISION_ASSET_CONTEXT |
| Honeywell Pro-Watch | PROWATCH |
| ProxMax | PROXMAX |
| PRTG Network Monitor | PRTG_NETWORKMONITOR |
| Puppet | PUPPET |
| Push Security | PUSH_SECURITY |
| QLIK Audit | QLIK_AUDIT |
| Qualys User Activity | QUALYS_ACTIVITY |
| Qualys Knowledgebase | QUALYS_KNOWLEDGEBASE |
| Quest CA Audit | QUEST_CA_AUDIT |
| Rabbit MQ | RABBITMQ |
| RadiFlow IDS | RADIFLOW_IDS |
| RSA RADIUS | RADIUS |
| Radware DDoS Protection | RADWARE_DDOS |
| RAD ETX | RAD_ETX |
| Ransomcare | RANSOMCARE |
| Rapid7 Insights Threat Command | RAPID7_INSIGHTS_THREAT_COMMAND |
| Rapid7 Security Onion | RAPID7_SECURITY_ONION |
| Rapid Identity | RAPID_IDENTITY |
| Raritan Dominion SX II | RARITAN_DOMINION |
| Raven DB | RAVEN_DB |
| RealiteQ | REALITEQ |
| Recordedfuture Alerts | RECORDEDFUTURE_ALERTS |
| Red Canary Cloud Protection | REDCANARY_CLOUD_PROTECTION_RAW |
| Red Hat Identity Management | REDHAT_IM |
| Redhat Jboss | REDHAT_JBOSS |
| Red Hat Keycloak | REDHAT_KEYCLOAK |
| RedHat Satellite Server | REDHAT_SATELLITE |
| RedHat StackRox | REDHAT_STACKROX |
| Redis | REDIS |
| RedSift BrandTrust | REDSIFT_BRANDTRUST |
| Relativity | RELATIVITY |
| ReliaQuest | RELIAQUEST |
| Reserved LogType1 | RESERVED_LOG_TYPE_1 |
| Reserved LogType10 | RESERVED_LOG_TYPE_10 |
| Reserved LogType11 | RESERVED_LOG_TYPE_11 |
| Reserved LogType12 | RESERVED_LOG_TYPE_12 |
| Reserved LogType13 | RESERVED_LOG_TYPE_13 |
| Reserved LogType14 | RESERVED_LOG_TYPE_14 |
| Reserved LogType15 | RESERVED_LOG_TYPE_15 |
| Reserved LogType16 | RESERVED_LOG_TYPE_16 |
| Reserved LogType17 | RESERVED_LOG_TYPE_17 |
| Reserved LogType18 | RESERVED_LOG_TYPE_18 |
| Reserved LogType19 | RESERVED_LOG_TYPE_19 |
| Reserved LogType20 | RESERVED_LOG_TYPE_20 |
| Reserved LogType21 | RESERVED_LOG_TYPE_21 |
| Reserved LogType22 | RESERVED_LOG_TYPE_22 |
| Reserved LogType23 | RESERVED_LOG_TYPE_23 |
| Reserved LogType24 | RESERVED_LOG_TYPE_24 |
| Reserved LogType25 | RESERVED_LOG_TYPE_25 |
| Reserved LogType26 | RESERVED_LOG_TYPE_26 |
| Reserved LogType27 | RESERVED_LOG_TYPE_27 |
| Reserved LogType28 | RESERVED_LOG_TYPE_28 |
| Reserved LogType29 | RESERVED_LOG_TYPE_29 |
| Reserved LogType3 | RESERVED_LOG_TYPE_3 |
| Reserved LogType30 | RESERVED_LOG_TYPE_30 |
| Reserved LogType31 | RESERVED_LOG_TYPE_31 |
| Reserved LogType32 | RESERVED_LOG_TYPE_32 |
| Reserved LogType33 | RESERVED_LOG_TYPE_33 |
| Reserved LogType34 | RESERVED_LOG_TYPE_34 |
| Reserved LogType35 | RESERVED_LOG_TYPE_35 |
| Reserved LogType36 | RESERVED_LOG_TYPE_36 |
| Reserved LogType37 | RESERVED_LOG_TYPE_37 |
| Reserved LogType38 | RESERVED_LOG_TYPE_38 |
| Reserved LogType39 | RESERVED_LOG_TYPE_39 |
| Reserved LogType4 | RESERVED_LOG_TYPE_4 |
| Reserved LogType40 | RESERVED_LOG_TYPE_40 |
| Reserved LogType41 | RESERVED_LOG_TYPE_41 |
| Reserved LogType42 | RESERVED_LOG_TYPE_42 |
| Reserved LogType43 | RESERVED_LOG_TYPE_43 |
| Reserved LogType44 | RESERVED_LOG_TYPE_44 |
| Reserved LogType45 | RESERVED_LOG_TYPE_45 |
| Reserved LogType46 | RESERVED_LOG_TYPE_46 |
| Reserved LogType47 | RESERVED_LOG_TYPE_47 |
| Reserved LogType48 | RESERVED_LOG_TYPE_48 |
| Reserved LogType49 | RESERVED_LOG_TYPE_49 |
| Reserved LogType5 | RESERVED_LOG_TYPE_5 |
| Reserved LogType50 | RESERVED_LOG_TYPE_50 |
| Reserved LogType6 | RESERVED_LOG_TYPE_6 |
| Reserved LogType7 | RESERVED_LOG_TYPE_7 |
| Reserved LogType8 | RESERVED_LOG_TYPE_8 |
| Reserved LogType9 | RESERVED_LOG_TYPE_9 |
| Retool | RETOOL |
| Ribbon Session Border Controller | RIBBON_SBC |
| Ring Central | RING_CENTRAL |
| RiskIQ Digital Footprint | RISKIQ_DIGITAL_FOOTPRINT |
| Riverbed | RIVERBED |
| Rublon | RUBLON |
| Rumble Network Discovery | RUMBLE_NETWORK_DISCOVERY |
| SafeBreach | SAFEBREACH |
| SafeConnect NAC | SAFECONNECT_NAC |
| Salesforce Context | SALESFORCE_CONTEXT |
| Saporo | SAPORO |
| SAP Cloud for Customer | SAP_C4C |
| SAP ERP | SAP_ERP |
| SAP HANA | SAP_HANA |
| SAP Identity Management | SAP_IDM |
| SAP Insurance | SAP_INSURANCE |
| SAS Metadata Server log | SAS_METADATA_SERVER_LOG |
| Saturn Cloud | SATURN_CLOUD |
| Savvy Security | SAVVY_SECURITY |
| Scality Ring Audit | SCALITY_RING_AUDIT |
| Microsoft System Center Configuration Manager | SCCM |
| Scylla | SCYLLA |
| Secberus Cloud Security Governance | SECBERUS |
| Fiserv SecureNow | SECURE_NOW |
| SecurityScorecard Platform | SECURITYSCORECARD |
| SecurityBridge | SECURITY_BRIDGE |
| Sekoia Ioc | SEKOIA_IOC |
| Semperis ADFR | SEMPERIS_ADFR |
| Sendgrid Api | SENDGRID |
| Sendsafely | SENDSAFELY |
| Senhasegura PAM | SENHASEGURA_PAM |
| CloudWaves Sensato Nightingale Honeypot | SENSATO_HONEYPOT |
| Senseon Alerts | SENSEON_ALERTS |
| Sentinelone Activity | SENTINELONE_ACTIVITY |
| Sentrigo | SENTRIGO |
| Serpico | SERPICO |
| Servertech PDUs | SERVERTECH_PDUS |
| ServiceNow Roles | SERVICENOW_ROLES |
| Sevco Security CMDB | SEVCO_CMDB |
| Sharefile Logs | SHAREFILE_LOGS |
| Microsoft SharePoint | SHAREPOINT |
| Sharepoint Unified Logging Service (ULS) | SHAREPOINT_ULS |
| shodan.io | SHODAN_IO |
| Siebel Monitoring | SIEBEL |
| Siemens SiPass | SIEMENS_SIPASS |
| Siga Level Zero OT Resilience | SIGA |
| Silver Peak Firewall | SILVERPEAK_FIREWALL |
| Single Store | SINGLE_STORE |
| Site24x7 | SITE24X7 |
| SKYSEA Client View | SKYSEA |
| Smart Simple | SMART_SIMPLE |
| Snapattack | SNAPATTACK |
| Winevtlog Snare | SNARE_WINEVTLOG |
| Socomec UPS | SOCOMEC_UPS |
| SoftEther VPN | SOFTETHER_VPN |
| Software House Access Control | SOFTWARE_HOUSE_ACS |
| Software House Ccure9000 | SOFTWARE_HOUSE_CCURE9000 |
| Solace PubSub Cloud | SOLACE_AUDIT |
| SolarWinds Network Performance Monitor | SOLARWINDS_NPM |
| SolarWinds Serv-U | SOLARWINDS_SERV_U |
| Solar System | SOLAR_SYSTEM |
| SolidServer | SOLIDSERVER |
| SonarQube | SONARQUBE |
| Sonic Switch | SONIC_SWITCH |
| Sophos Email Appliance | SOPHOS_EMAIL |
| Sophos URL filtering | SOPHOS_URL |
| Spacelift | SPACELIFT |
| Spamhaus | SPAMHAUS |
| Symantec Protection Engine | SPE |
| SpecterX | SPECTERX |
| Spirion | SPIRION |
| Splashtop Remote Access and Support software | SPLASHTOP |
| Splunk DNS | SPLUNK_DNS |
| Splunk Phantom | SPLUNK_PHANTOM |
| Splunk Intel Management | SPLUNK_TRUSTAR |
| Sprinkledata(DWH) | SPRINKLEDATA_DWH |
| StackHawk | STACKHAWK |
| Stairwell Inception | STAIRWELL_INCEPTION |
| Statusgator | STATUSGATOR |
| Stealthbits DLP | STEALTHBITS_DLP |
| Stellar Cyber | STELLAR_CYBER |
| Stream Alert | STREAMALERT |
| StrongDM | STRONGDM |
| Sublime Security | SUBLIMESECURITY |
| Supermicro IPMI | SUPERMICRO_IPMI |
| Superna Eyeglass | SUPERNA_EYEGLASS |
| SureView Systems Activity | SUREVIEW_SYSTEMS |
| Swift | SWIFT |
| Symantec Data Center Security | SYMANTEC_DCS |
| Symantec Messaging Gateway | SYMANTEC_MAIL |
| Symantec Security Analytics | SYMANTEC_SA |
| Symphony Summit AI | SYMPHONYAI |
| Syncplify SFTP 2 Events | SYNCPLIFY_SFTP |
| Syxsense | SYXSENSE |
| TACACS Plus | TACACS_PLUS |
| Tanium Deploy | TANIUM_DEPLOY |
| Tanium TanOS | TANIUM_TANOS |
| Technitium DNS | TECHNITIUM_DNS |
| Tehtris EDR | TEHTRIS_EDR |
| Temenos Journey Manager System Event Publisher | TEMENOS_MANAGER_SYSTEMEVENT |
| Tenable Web App Scanning | TENABLE_WAS |
| Tencent Cloud Firewall | TENCENT_CLOUD_FIREWALL |
| Tencent Cloud Waf | TENCENT_CLOUD_WAF |
| Tencent Cloud Workload Protection | TENCENT_CLOUD_WORKLOAD_PROTECTION |
| Teqtivity Assets | TEQTIVITY_ASSETS |
| Teradata Aster | TERADATA_ASTER |
| Teradici PCoIP | TERADICI_PCOIP |
| Teramind | TERAMIND |
| Tessian Cloud Email Security Platform | TESSIAN_PLATFORM |
| TGDetect | TGDETECT |
| ThreatQuotient | THREATQ_IOC |
| Thycotic devops secret vault | THYCOTIC_DEVOPS_SECRETVAULT |
| Tiktok for Developers | TIKTOK |
| Titan MFT | TITAN_MFT |
| TP Link Network Switches | TPLINK_SWITCH |
| Traceable API Security | TRACEABLE_PLATFORM |
| Traefik Labs | TRAEFIK |
| Transmit BindID | TRANSMIT_BINDID |
| Transmit Security FlexID | TRANSMIT_FLEXID |
| Trend Micro Cloud App Security | TRENDMICRO_CLOUDAPPSECURITY |
| TrendMicro Cloud Email Gateway Protection | TRENDMICRO_CLOUD_EMAIL_GATEWAY_PROTECTION |
| Trend Micro EdgeIPS | TRENDMICRO_EDGEIPS |
| TrendMicro EDR | TRENDMICRO_EDR |
| Trend Micro Server Protect | TRENDMICRO_SERVER_PROTECT |
| Trend Micro Vision One Activity | TRENDMICRO_VISION_ONE_ACTIVITY |
| Trend Micro Vision One Audit | TRENDMICRO_VISION_ONE_AUDIT |
| Trend Micro Vision One Container Vulnerabilities | TRENDMICRO_VISION_ONE_CONTAINER_VULNERABILITIES |
| Trend Micro Vision One Detections | TRENDMICRO_VISION_ONE_DETECTIONS |
| Trend Micro Vision One Observerd Attack Techniques | TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES |
| TrendMicro Webproxy DSM | TRENDMICRO_WEBPROXY_DSM |
| Tridium Niagara Framework | TRIDIUM_NIAGARA_FRAMEWORK |
| Tripp Lite | TRIPP_LITE |
| TrueFort Platform | TRUEFORT |
| TrueNAS | TRUENAS |
| E-Motional Transparent Screen Lock TSL RFID | TSL_PRO |
| TT D365 | TT_D365 |
| TT MSAN DSLAM | TT_MSAN_DSLAM |
| TT Trio Chordiant | TT_TRIO_CHORDIANT |
| Tufin | TUFIN |
| Tufin Secure Track | TUFIN_SECURE_TRACK |
| Twilio Audit | TWILIO_AUDIT |
| Twilio Authy | TWILIO_AUTHY |
| Tyk IO | TYK_IO |
| Ubiquiti Accesspoint | UBIQUITI_ACCESSPOINT |
| Ubiquiti UDM Firewall | UBIQUITI_FIREWALL |
| UDM | UDM |
| Uipath | UIPATH |
| UltraDNS | ULTRADNS |
| Ultra Electronics CyberFence | ULTRA_CYBERFENCE |
| Unifi Router | UNIFI_ROUTER |
| Unifi Switch | UNIFI_SWITCH |
| Unit 21 | UNIT21 |
| Uptivity | UPTIVITY |
| Upwind | UPWIND |
| USBAV Koramis | USBAV_KORAMIS |
| Vanguard Active Alerts | VANGUARD |
| Vanta Context | VANTA_CONTEXT |
| Varnish Cache | VARNISH_CACHE |
| Vector Dev | VECTOR_DEV |
| Vectra AI | VECTRA_AI |
| Vectra Protect | VECTRA_PROTECT |
| Vectra XDR | VECTRA_XDR |
| VMware VeloCloud SD-WAN | VELOCLOUD_SDWAN |
| Venafi | VENAFI |
| Vercara | VERCARA |
| Veriato Cerebral | VERIATO_CEREBRAL |
| Verizon Network Detection and Response | VERIZON_NDR |
| Verkada | VERKADA |
| Vertiv UPS | VERTIV_UPS |
| Very Good Security | VERY_GOOD_SECURITY |
| Veza Access Control Platform | VEZA |
| ViaControl Server Application | VIACONTROL |
| Vicarious VRX Events | VICARIUS_VRX_EVENTS |
| Virsec Event Logs | VIRSEC_EVENT |
| Virsec Attack and Threat Logs | VIRSEC_THREAT |
| Virtual Browser | VIRTUAL_BROWSER |
| Virtual Network Flow Logs | VIRTUAL_NETWORK_FLOW_LOGS |
| VirusTotal Threat Hunter | VIRUSTOTAL_THREAT_HUNTER |
| VMRay Analyzer | VMRAY_FLOG_XML |
| VMware Aria Logs | VMWARE_ARIA_LOGS |
| VMware Avi Vantage Platform | VMWARE_AVI_VANTAGE |
| VMware Cloud Director | VMWARE_CD |
| VMware HCX | VMWARE_HCX |
| VMware NSX AVI | VMWARE_NSX_AVI |
| VMware SDDC | VMWARE_SDDC |
| VMware SDWN Events | VMWARE_SDWN_EVENTS |
| VMware Unified Access Gateway | VMWARE_UNIFIED_ACCESS_GATEWAY |
| VMware vShield | VMWARE_VSHIELD |
| Vonage | VONAGE |
| VSFTPD Audit | VSFTPD_AUDIT |
| Wallarm Webhook Notifications | WALLARM_NOTIFICATIONS |
| Wallix Endpoint Privilege Management | WALLIX_EPM |
| Wallix Privileged Access Management | WALLIX_PAM |
| Waterfall Data Security Manager | WATERFALL_DSM |
| WebEx | WEBEX_SAAS |
| Web Methods Api Gateway | WEBMETHODS_API_GATEWAY |
| Webroot Endpoint Protection | WEBROOT |
| Webroot Identity Protection | WEBROOT_IDENTITY_PROTECTION |
| White Cloud | WHITECLOUD_EDR |
| WideField | WIDEFIELD_SECURITY |
| Windows Filtering Platform | WINDOWS_WFP |
| Wing Security | WING_SECURITY |
| WireGuard VPN Logs | WIREGUARD_VPN |
| WithSecure Cloud Protection | WITHSECURE_CLOUD |
| WithSecure Elements Connector | WITHSECURE_ELEMENTS |
| Wolters Kluwer Teammate | WOLTERS_KLUWER_TEAMMATE |
| Wordpress Simple History | WORDPRESS_SIMPLE_HISTORY |
| Workato Audit Logs | WORKATO |
| Workspot Control | WORKSPOT_CONTROL |
| WPass | WPASS |
| WP Engine | WP_ENGINE |
| WS Ftp | WS_FTP |
| Western Telematic Inc Console Servers | WTI_CONSOLE_SERVERS |
| Xirrus Wireless Controller | XIRRUS |
| XM Cyber | XM_CYBER |
| Ysoft Data Security Manager | YSOFT_DSM |
| Zabbix | ZABBIX |
| Zero Networks | ZERO_NETWORKS |
| Zoho Assist | ZOHO_ASSIST |
| Zoho Analytics Audits | ZOHO_AUDIT |
| Zscaler Digital Experience | ZSCALER_DIGITAL_EXPERIENCE |
| Zscaler Sandbox | ZSCALER_SANDBOX |
| Zscaler Client Connector | ZSCALER_ZCC |
| Zscaler ZDX | ZSCALER_ZDX |
| Zuora App Logs | ZUORA_APP_LOGS |