Supported log types and default parsers
This document contains information about Google Security Operations integrations
for data ingestion. It summarizes the devices and the associated ingestion
label ( log_type
) field in the Ingestion API and data_type
in a Forwarder
configuration that Google SecOps supports.
For information on how to request or create log types, see Request prebuilt and create custom log types .
Supported log types with a default parser
Parsers normalize raw log data into structured Unified Data Model (UDM) format. This
section lists supported devices, and the associated ingestion label ( log_type
field in the
Ingestion API and data_type
in a Forwarder configuration), that also have a prebuilt default parser.
The default parser is supported by Google SecOps as long as the device's
raw logs are received in the required format.
For a list of supported log types without a default parser, see Supported log types without a default parser .
The Formatcolumn indicates the high-level structure of the raw log, as:
- CSV: Comma Separated Values
- JSON: JavaScript Object Notation
- SYSLOG: syslog formatted message
- KV: key-value pair
- XML: Extensible Markup Language
- SYSLOG + KV: syslog header with key-value body
- SYSLOG + JSON: syslog header with JSON body
- SYSLOG + XML: syslog header with XML body
- LEEF: Log Event Extended Format
- CEF: Common Event Format
These changes are applied to newly ingested logs. Parser changes are not applied retroactively to previously ingested logs.
| Vendor / Product | Category | Ingestion label | Format | Latest Update |
|---|---|---|---|---|
|
IBM CICS
|
Service Bus | IBM_CICS
|
LEEF | 2021-10-27 |
| Email server | AREA1
|
JSON | 2024-09-23 View Change |
|
| Data Transfer | DNSFILTER
|
CSV | 2023-10-27 View Change |
|
|
Talon
|
Security | TALON
|
JSON | 2023-12-21 |
| Alert log types | SAP_GATEWAY
|
SYSLOG,SYSLOG+KV | 2026-04-01 View Change |
|
|
Upstream Vehicle SOC Alerts
|
Schema | UPSTREAM_VSOC_ALERTS
|
JSON | 2025-09-02 View Change |
|
Sendmail
|
Email Server | SENDMAIL
|
SYSLOG + KV | 2023-09-20 View Change |
| EDR | PAN_EDR
|
CSV + KV | 2022-08-22 View Change |
|
| IOC | RECORDED_FUTURE_IOC
|
JSON | 2026-01-19 View Change |
|
| Privilege Account Management | CYBERARK
|
KV (CEF), JSON | 2026-04-06 View Change |
|
| Identity and Access Management | OKTA_USER_CONTEXT
|
JSON | 2025-02-07 View Change |
|
| Cloud Security | LACEWORK
|
JSON | 2025-06-27 View Change |
|
| Misc. Windows-specific | POWERSHELL
|
SYSLOG + JSON, XML | 2025-12-03 View Change |
|
| Switches, Routers | DELL_SWITCH
|
SYSLOG | 2026-01-29 View Change |
|
MICROSOFT_DEFENDER_ENDPOINT_IOS
|
JSON | 2025-03-10 View Change |
||
|
Sonicwall Secure Mobile Access
|
Authentication | SONICWALL_SMA
|
SYSLOG + KV, JSON | 2025-03-27 View Change |
| DNS | WINDOWS_SYSMON
|
JSON, XML | 2025-11-04 View Change |
|
| File tranfser | FILEZILLA_FTP
|
SYSLOG | 2024-06-09 View Change |
|
|
ThreatX WAF
|
WAF | THREATX_WAF
|
SYSLOG, JSON | 2025-01-28 View Change |
|
Trend Micro AV
|
AV / Endpoint | TRENDMICRO_AV
|
SYSLOG + KV, CEF | 2023-05-21 View Change |
| Google Cloud Specific | GCP_CLOUDIDENTITY_DEVICES
|
JSON | 2024-07-01 View Change |
|
| Server | VMWARE_VCENTER
|
SYSLOG + JSON, LEEF | 2026-02-11 View Change |
|
| SaaS Applications | CHROMEOS_XDR
|
JSON | 2025-01-30 View Change |
|
| AWS Specific | AWS_EC2_HOSTS
|
JSON | 2024-01-31 View Change |
|
| SaaS Application | OFFICE_365
|
JSON | 2026-04-07 View Change |
|
|
Zimperium
|
Mobile Device Management | ZIMPERIUM
|
SYSLOG + JSON | 2025-11-27 View Change |
| Switches, Routers | H3C_SWITCH
|
SYSLOG | 2026-01-23 View Change |
|
| IT infrastructure | HACKERONE
|
JSON | 2025-02-25 View Change |
|
| Google Cloud Specific | GCP_ABUSE_EVENTS
|
JSON | 2025-08-27 View Change |
|
| Access Management | GCP_RECAPTCHA_ENTERPRISE
|
JSON | 2024-02-12 View Change |
|
|
Tenable OT
|
Vulnerability Scanners | TENABLE_OT
|
SYSLOG+CEF | 2025-11-25 View Change |
|
HCNET Account Adapter Plus
|
DHCP | HCNET_ACCOUNT_ADAPTER
|
SYSLOG | 2024-11-04 View Change |
|
TCPWave DDI
|
Secure ddi | TCPWAVE_DDI
|
SYSLOG + JSON, SYSLOG | 2025-12-02 View Change |
| Web Proxy | UMBRELLA_WEBPROXY
|
CSV | 2025-11-11 View Change |
|
| AV and Endpoint logs | VENAFI_ZTPKI
|
SYSLOG , JSON | 2025-10-14 View Change |
|
| VPN | AWS_VPN
|
JSON | 2024-09-19 View Change |
|
|
Splunk Attack Analyzer
|
CLOUD SECURITY | SPLUNK_ATTACK_ANALYZER
|
JSON | 2024-08-05 View Change |
|
SecureLink
|
Remote Access Tools | SECURELINK
|
SYSLOG | 2025-04-02 View Change |
| AV / Endpoint | KASPERSKY_AV
|
KV + CEF | 2025-10-24 View Change |
|
|
ForgeRock OpenDJ
|
LDAP | OPENDJ
|
SYSLOG + KV | 2020-10-01 |
| Security | IBM_SIM
|
JSON + KV | 2024-03-11 View Change |
|
| SAP | ONAPSIS
|
JSON , SYSLOG , KV | 2025-11-25 View Change |
|
| bmc helix discovery | BMC_HELIX_DISCOVERY
|
SYSLOG | 2022-08-29 View Change |
|
|
Fortinet FortiNAC
|
NAC | FORTINET_FORTINAC
|
SYSLOG,CSV | 2025-05-15 View Change |
|
McAfee ePolicy Orchestrator
|
Policy Management | MCAFEE_EPO
|
SYSLOG + XML, CSV, KV, JSON | 2026-04-07 View Change |
|
Tableau
|
Web server | TABLEAU
|
JSON, KV, SYSLOG | 2026-02-09 View Change |
| Network Management and Optimization | HCL_BIGFIX
|
JSON | 2023-12-08 View Change |
|
|
Security Command Center Threat
|
Google Cloud Specific | N/A
|
JSON | 2025-12-05 View Change |
| Security | ZERO_NETWORKS
|
JSON | 2025-03-13 View Change |
|
|
Proofpoint Threat Response
|
Email Server | PROOFPOINT_TRAP
|
SYSLOG, JSON | 2026-04-09 View Change |
| Identity and Access Management | DUO_TELEPHONY
|
JSON | 2023-08-24 View Change |
|
| Syslog and KV | WATCHGUARD
|
JSON, LEEF | 2026-04-02 View Change |
|
| Security | IBM_MAAS360
|
JSON | 2024-11-06 View Change |
|
| Threat intelligence | DOMAINTOOLS_THREATINTEL
|
JSON | 2023-12-13 View Change |
|
| Misc Windows Specific | AZURE_AD_SIGNIN
|
JSON | 2026-02-12 View Change |
|
|
Nexus Sonatype
|
Storage | NEXUS_SONATYPE
|
JSON+SYSLOG | 2025-11-18 View Change |
|
Compute Context
|
Google Cloud Specific | N/A
|
JSON | 2024-01-27 View Change |
| Tanium Specific | TANIUM_THREAT_RESPONSE
|
JSON | 2026-04-08 View Change |
|
|
Department of Homeland Security
|
Threat detection | DHS_IOC
|
XML | 2023-07-31 View Change |
|
Security Command Center Chokepoint
|
Google Cloud Specific | GCP_SECURITYCENTER_CHOKEPOINT
|
JSON | 2025-12-04 View Change |
|
STIX Threat Intelligence
|
Cybersecurity Threats | STIX
|
SYSLOG + KV (CEF), JSON | 2026-04-17 View Change |
| Email Server | BARRACUDA_EMAIL
|
SYSLOG+JSON, JSON | 2026-02-09 View Change |
|
|
Tenable Audit
|
Application server | TENABLE_AUDIT
|
JSON | 2024-08-09 View Change |
| Alert log types | SAP_HANA_AUDIT
|
CSV , JSON+CSV, JSON+SYSLOG,JSON, SYSLOG, SYSLOG+KV | 2026-04-17 View Change |
|
| Deception Software | GUARDICORE_CENTRA
|
JSON, SYSLOG+JSON | 2026-04-09 View Change |
|
| DNS | ZSCALER_DNS
|
JSON | 2026-01-09 View Change |
|
| Firewall | SONIC_FIREWALL
|
SYSLOG + KV | 2026-04-15 View Change |
|
|
Pivotal
|
PaaS Application | PIVOTAL
|
SYSLOG + KV | 2022-08-17 View Change |
| Google Cloud Specific | GCP_CLOUDIDENTITY_DEVICEUSERS
|
JSON | 2022-10-01 View Change |
|
|
Proofpoint Tap Threats
|
Email Server | PROOFPOINT_TAP_THREATS
|
JSON | 2025-01-09 View Change |
|
Juniper Mist
|
Network Management and Optimization software | JUNIPER_MIST
|
JSON | 2025-03-13 View Change |
| DLP | SYMANTEC_DLP
|
SYSLOG + KV (CEF), XML, CEF | 2026-01-22 View Change |
|
| Deception Software | ACALVIO
|
SYSLOG + KV | 2026-02-13 View Change |
|
|
Trustwave webmarshal
|
Proxy Server | WEBMARSHAL
|
SYSLOG + CSV | 2023-05-04 View Change |
| AWS Specific | AWS_ROUTE_53
|
JSON + SYSLOG | 2025-04-22 View Change |
|
| Email Server | VOLTAGE
|
SYSLOG | 2025-06-11 View Change |
|
| Activity | DUO_ACTIVITY
|
JSON | 2024-08-28 View Change |
|
| Mobile Endpoint Security | LOOKOUT_MOBILE_ENDPOINT_SECURITY
|
CEF, JSON | 2026-03-12 View Change |
|
|
Proofpoint Observeit
|
Email Server | OBSERVEIT
|
JSON, KV | 2025-10-31 View Change |
| AV / Endpoint | MACOS
|
SYSLOG, JSON | 2025-12-18 View Change |
|
| NDR | FIDELIS_NETWORK
|
SYSLOG + KV, JSON | 2025-08-07 View Change |
|
|
Bitwarden Events
|
Password Manager | BITWARDEN_EVENTS
|
JSON | 2023-11-09 View Change |
|
Open LDAP
|
LDAP | OPENLDAP
|
SYSLOG | 2025-11-12 View Change |
|
Stormshield Firewall
|
FIREWALL | STORMSHIELD_FIREWALL
|
SYSLOG + KV | 2026-02-04 View Change |
| Network Policy Server | MICROSOFT_NPS
|
JSON + XML, JSON + CSV | 2025-12-31 View Change |
|
| Load Balancer, Traffic Shaper, ADC | CISCO_ACE
|
SYSLOG | 2022-09-15 View Change |
|
|
Sangfor Proxy
|
Application server logs | SANGFOR_PROXY
|
SYSLOG | 2025-02-18 View Change |
|
Kyriba Treasury Management
|
SaaS Application | KYRIBA
|
CSV | 2021-02-24 |
| Switches, Routers | CISCO_SWITCH
|
SYSLOG | 2026-04-16 View Change |
|
| SaaS Application | MCAFEE_WEB_PROTECTION
|
JSON | 2025-04-16 View Change |
|
| VPN | F5_VPN
|
SYSLOG, KV | 2024-10-23 View Change |
|
| Storage Solutions | CLOUDIAN_HYPERSTORE
|
SYSLOG | 2021-05-05 | |
| Cloud | VMWARE_VREALIZE
|
SYSLOG | 2025-08-05 View Change |
|
| NETWORK MONITORING | NAGIOS
|
CSV | 2024-08-22 View Change |
|
|
RSA SecurID Access Identity Router
|
SECURITY | RSA_SECURID
|
SYSLOG + CSV | 2024-12-23 View Change |
|
HP Linux
|
OS | HP_LINUX
|
SYSLOG | 2025-10-27 View Change |
|
IBM Tivoli
|
Monitoring | IBM_TIVOLI
|
JSON, SYSLOG | 2024-03-15 View Change |
|
Remediant SecureONE
|
Privileged Account Activity | REMEDIANT_SECUREONE
|
SYSLOG + JSON | 2025-07-09 View Change |
| Web Proxy | NETSKOPE_WEBPROXY
|
SYSLOG, SYSLOG+JSON, JSON, CSV | 2026-04-21 View Change |
|
| Application server logs | GCP_MONITORING_ALERTS
|
JSON | 2026-01-29 View Change |
|
|
Symantec Security Analytics
|
Vulnerability scanners | SYMANTEC_SA
|
SYSLOG + KV | 2025-05-23 View Change |
| Fortinet FortiAnalyzer | FORTINET_FORTIANALYZER
|
JSON, KV, SYSLOG+KV+JSON | 2026-03-09 View Change |
|
| FIREWALL | VERSA_FIREWALL
|
SYSLOG + KV | 2026-01-29 View Change |
|
|
BIND
|
DNS | BIND_DNS
|
SYSLOG | 2026-01-11 View Change |
|
Avanan Email Security
|
Email Server | AVANAN_EMAIL
|
JSON | 2025-11-17 View Change |
| Alerts | CS_STREAM
|
KV (LEEF), JSON | 2026-03-16 View Change |
|
|
IBM z/OS
|
OS | IBM_ZOS
|
LEEF | 2026-04-02 View Change |
| Data Security | TINES
|
JSON | 2024-10-01 View Change |
|
| EDR | SENTINEL_EDR
|
SYSLOG + JSON | 2025-07-23 View Change |
|
|
Airlock Digital Application Allowlisting
|
Application Whitelisting | AIRLOCK_DIGITAL
|
SYSLOG,JSON | 2024-11-07 View Change |
|
Halcyon Anti Ransomware
|
AV and endpoint logs | HALCYON
|
JSON | 2026-02-18 View Change |
| Software WebSwitch | SAP_WEBDISP
|
SYSLOG | 2026-01-15 View Change |
|
|
Dummy LogType
|
DNS | DUMMY_LOGTYPE
|
CSV | 2024-07-24 View Change |
| Collaboration log types | SHAREPOINT
|
SYSLOG,CSV,JSON | 2025-03-15 View Change |
|
|
GreyNoise
|
Threat Intel | GREYNOISE
|
JSON | 2026-01-19 View Change |
| Data Security | IBM_OPENPAGES
|
SYSLOG | 2024-10-10 View Change |
|
| Security | FORTINET_FORTIAUTHENTICATOR
|
SYSLOG + KV, KV | 2025-05-06 View Change |
|
|
Ubika Waf
|
WAF | UBIKA_WAF
|
JSON + SYSLOG, SYSLOG | 2026-03-09 View Change |
|
Azure VNET Flow
|
Netflow log type | AZURE_VNET_FLOW
|
JSON | 2025-07-18 View Change |
| Network Infrastructure | ARUBA_SWITCH
|
SYSLOG | 2026-01-16 View Change |
|
| DHCP | SOPHOS_DHCP
|
SYSLOG + KV | 2022-02-10 | |
|
Watchguard EDR
|
EDR | WATCHGUARD_EDR
|
JSON | 2025-01-30 View Change |
|
PostgreSQL
|
Database | POSTGRESQL
|
JSON,KV,SYSLOG | 2026-02-18 View Change |
| Telephone software | CISCO_VCS
|
SYSLOG | 2025-08-22 View Change |
|
| Monitoring | IBM_MAINFRAME_STORAGE
|
SYSLOG | 2024-10-03 View Change |
|
|
Honeyd
|
Deception Software | HONEYD
|
SYSLOG | 2024-05-26 View Change |
| Audit And Compliance | WORKDAY_AUDIT
|
CSV | 2026-02-02 View Change |
|
| DHCP | VYOS
|
SYSLOG | 2022-10-12 View Change |
|
| Firewall | NUTANIX_PRISM
|
JSON, SYSLOG | 2025-12-30 View Change |
|
|
Cisco Secure Access
|
Remote Access Tools | CISCO_SECURE_ACCESS
|
CSV | 2026-04-03 View Change |
| Security | INTEL_EMA
|
SYSLOG | 2025-02-07 View Change |
|
| Identity and Access Management | RSA_AUTH_MANAGER
|
CSV | 2025-10-29 View Change |
|
| IDS/IPS | AWS_SECURITY_HUB
|
JSON | 2026-04-07 View Change |
|
| Automation and DevOps Tools | HARNESS_IO
|
JSON | 2025-04-16 View Change |
|
| IOC | ANOMALI_IOC
|
JSON, CEF | 2024-02-09 View Change |
|
| Firewall | SOPHOS_FIREWALL
|
KV | 2025-04-23 View Change |
|
|
Kiteworks
|
Network | KITEWORKS
|
SYSLOG, CSV, SYSLOG+JSON, SYSLOG+KV, JSON | 2025-11-14 View Change |
| Authentication | DUO_AUTH
|
JSON | 2026-03-17 View Change |
|
|
Obsidian
|
SaaS Application | OBSIDIAN
|
JSON | 2026-03-26 View Change |
| Privileged Account Activity | ALCATEL_SWITCH
|
SYSLOG | 2024-03-11 View Change |
|
| endpoints | LOOKER_AUDIT
|
JSON | 2025-03-13 View Change |
|
| Authentication Software | VERIDIUM_ID
|
Syslog + KV | 2024-06-19 View Change |
|
| Misc Windows Specific | AZURE_ACTIVITY
|
JSON | 2026-03-07 View Change |
|
|
TrendMicro Web Proxy
|
Web Proxy | TRENDMICRO_WEBPROXY
|
SYSLOG + KV | 2024-03-26 View Change |
| SaaS Application | GITHUB
|
JSON,SYSLOG, SYSLOG+JSON, SYSLOG+KV | 2026-04-02 View Change |
|
|
AWS Lambda Function
|
Web Proxy log types. | AWS_LAMBDA_FUNCTION
|
SYSLOG | 2025-07-29 View Change |
| Email Server | CISCO_EMAIL_SECURITY
|
SYSLOG + KV, JSON | 2026-03-30 View Change |
|
| Alerts | CYLANCE_PROTECT
|
SYSLOG + KV | 2025-05-16 View Change |
|
| Tanium Specific | TANIUM_INSIGHT
|
SYSLOG + KV | 2021-03-10 | |
|
Passive DNS
|
DNS | PASSIVE_DNS
|
JSON | 2021-05-19 |
|
Privacy-I
|
NA | PRIVACY_I
|
CSV + KV | 2025-02-17 View Change |
| AUDIT | MICROSOFT_GRAPH_ACTIVITY_LOGS
|
JSON | 2024-10-08 View Change |
|
| Vulnerability scanners | FINGERPRINT_JS
|
JSON | 2024-11-14 View Change |
|
| DNS | F5_DNS
|
SYSLOG | 2026-02-09 View Change |
|
|
Stealthbits Audit
|
File system monitoring | STEALTHBITS_AUDIT
|
JSON | 2021-11-09 |
| Ticketing Applications | ZENDESK_CRM
|
JSON | 2025-09-02 View Change |
|
| VPN | AZURE_VPN
|
JSON | 2024-10-11 View Change |
|
|
BMC Client Management
|
Security | BMC_CLIENT_MANAGEMENT
|
SYSLOG | 2024-10-11 View Change |
| Authentication logs | MICROSOFT_DYNAMICS_365
|
CSV | 2024-12-16 View Change |
|
| EDR | TRELLIX_HX_HOSTS
|
JSON | 2026-02-05 View Change |
|
|
Juniper Software Defined Wide Area Network
|
SYSLOG | JUNIPER_SDWAN
|
SYSLOG | 2023-07-10 View Change |
| Switch | UBIQUITI_SWITCH
|
SYSLOG | 2025-08-06 View Change |
|
| Security | APACHE
|
SYSLOG + JSON, SYSLOG, JSON | 2026-03-03 View Change |
|
| Identity and Access Management | OORT
|
JSON | 2026-03-09 View Change |
|
| CDN | AWS_CLOUDFRONT
|
SYSLOG, JSON, SYSLOG + KV | 2026-03-13 View Change |
|
| Tanium Specific | TANIUM_REVEAL
|
JSON | 2021-11-15 | |
|
CrowdStrike Alerts API
|
EDR | CS_ALERTS
|
JSON | 2026-02-18 View Change |
| EDR | SYMANTEC_EDR
|
JSON | 2026-02-26 View Change |
|
|
Microsoft ATA
|
IDS/IPS | MICROSOFT_ATA
|
SYSLOG + KV | 2024-01-29 View Change |
|
IAM Context
|
Google Cloud Specific | N/A
|
JSON | 2024-03-13 View Change |
| NDR | DARKTRACE
|
SYSLOG + KV (CEF), SYSLOG + JSON | 2025-12-02 View Change |
|
| EDR | MICROSOFT_DEFENDER_ENDPOINT
|
JSON | 2026-04-23 View Change |
|
| Identity and Access Management | KEYCLOAK
|
JSON | 2026-01-23 View Change |
|
| Security Service Edge | ZSCALER_ZPA
|
JSON | 2026-01-07 View Change |
|
| SaaS Application | MANAGE_ENGINE_REPORTER_PLUS
|
JSON | 2022-08-29 View Change |
|
| Monitoring | QUALYS_CONTINUOUS_MONITORING
|
JSON | 2022-08-30 View Change |
|
| AWS Specific | AWS_IAM
|
JSON | 2023-12-14 View Change |
|
| FTP Server | VSFTPD
|
GROK | 2023-11-20 View Change |
|
| AV AND ENDPOINT LOGS | CS_IDP
|
JSON | 2025-01-28 View Change |
|
|
Netskope CASB
|
CASB | NETSKOPE_CASB
|
JSON | 2025-09-29 View Change |
|
Cisco Umbrella SWG DLP
|
DLP | CISCO_UMBRELLA_SWG_DLP
|
CSV | 2025-10-07 View Change |
|
Proofpoint Web Browser Isolation
|
ATTACK PROTECTION ISOLATION | PROOFPOINT_WEB_BROWSER_ISOLATION
|
JSON | 2023-05-25 View Change |
| Schema | TRENDMICRO_VISION_ONE_WORKBENCH
|
JSON | 2026-03-23 View Change |
|
| Network Management and Optimization | CISCO_PRIME
|
SYSLOG | 2025-04-30 View Change |
|
|
Mimecast URL Logs
|
Email server log types. | MIMECAST_URL_LOGS
|
JSON | 2025-01-16 View Change |
|
Portnox CEF
|
Privileged Account Activity | PORTNOX_CEF
|
CEF Syslog | 2024-05-31 View Change |
|
Workspace Alerts
|
Google Cloud Specific | WORKSPACE_ALERTS
|
JSON | 2026-01-27 View Change |
| LDAP | WINDOWS_AD
|
JSON | 2025-07-08 View Change |
|
| Load Balancer, Traffic Shaper, ADC | AKAMAI_CLOUD_MONITOR
|
JSON | 2026-01-16 View Change |
|
|
Oracle Cloud Infrastructure VCN Flow Logs
|
Oracle Cloud Infrastructure | OCI_FLOW
|
JSON | 2025-08-05 View Change |
| Application Whitelisting | ERGON_INFORMATIK_AIRLOCK_IAM
|
SYSLOG | 2024-08-28 View Change |
|
| Security | SYSDIG
|
JSON | 2026-04-06 View Change |
|
| CASB | MCAFEE_SKYHIGH_CASB
|
SYSLOG + KV, SYSLOG + CSV | 2026-03-13 View Change |
|
| Authentication log | AUTH_ZERO
|
JSON | 2026-04-22 View Change |
|
|
SAP HANA
|
Database log types | SAP_HANA
|
CSV | 2026-02-19 View Change |
| Secure Access Service Edge | DOPE_SWG
|
CSV,JSON | 2025-03-12 View Change |
|
| Web server | CA_LDAP
|
JSON | 2022-08-19 View Change |
|
| Storage | AZURE_STORAGE_AUDIT
|
JSON | 2025-08-28 View Change |
|
|
Tenable CSPM
|
Cloud Security | TENABLE_CSPM
|
JSON | 2025-02-17 View Change |
| Physical and virtual network | TRENDMICRO_DDI
|
SYSLOG | 2026-01-21 View Change |
|
|
Layer7 SiteMinder
|
SSO | SITEMINDER_SSO
|
KV+JSON, SYSLOG, JSON | 2025-02-12 View Change |
| Automation and DevOps Tools | AZURE_DEVOPS
|
JSON | 2025-03-10 View Change |
|
| EPM | CYBERARK_EPM
|
JSON | 2025-09-12 View Change |
|
| Log Aggregator | MCAFEE_ESM
|
SYSLOG + JSON | 2026-02-27 | |
|
SAP Identity and Authentication Data
|
SaaS Applications | SAP_IDENTITY_AND_AUTH_DATA
|
JSON | 2026-02-04 View Change |
| Email Server | SYMANTEC_VIP
|
SYSLOG | 2023-03-03 View Change |
|
|
Trend Micro Vision One Container Vulnerabilities
|
Schema | TRENDMICRO_VISION_ONE_CONTAINER_VULNERABILITIES
|
JSON | 2025-04-07 View Change |
|
Terraform Enterprise Audit
|
IT infrastructure | TERRAFORM_ENTERPRISE
|
JSON, KV, SYSLOG | 2025-06-23 View Change |
| SOAR Tools | SWIMLANE
|
JSON | 2025-02-19 View Change |
|
|
AWS EC2 VPCs
|
AWS Specific | AWS_EC2_VPCS
|
JSON | 2024-01-31 View Change |
| VDI | VMWARE_HORIZON
|
SYSLOG, KV | 2026-03-15 View Change |
|
| EDR | ESET_EDR
|
SYSLOG + JSON | 2024-04-08 View Change |
|
|
Microsoft AD FS
|
LDAP | ADFS
|
JSON | 2026-01-20 View Change |
|
Quest Active Directory
|
Authentication log | QUEST_AD
|
CEF SYSLOG + JSON | 2025-08-13 View Change |
| Cloud service monitoring | AWS_CLOUDWATCH
|
JSON, SYSLOG, JSON+KV | 2026-03-27 View Change |
|
|
Kisi Access Management
|
Physical Security | KISI
|
JSON | 2023-06-14 View Change |
|
Sentinelone Activity
|
Endpoint Security | SENTINELONE_ACTIVITY
|
JSON | 2025-10-10 View Change |
| Cloud Log Aggregator | AWS_CLOUDTRAIL
|
JSON | 2026-03-24 View Change |
|
| Web Proxy | FORCEPOINT_WEBPROXY
|
SYSLOG + KV (CEF), LEEF, CSV | 2026-02-20 View Change |
|
| Log Aggregator | ELASTIC_WINLOGBEAT
|
SYSLOG + JSON | 2025-04-29 View Change |
|
|
Strong Swan VPN
|
VPN | STRONGSWAN_VPN
|
JSON | 2023-05-25 View Change |
| Content and Delivery Management | CISCO_STADIUMVISION
|
SYSLOG, SYSLOG+KV | 2023-05-12 View Change |
|
| Container Security | SOPHOS_CAPSULE8
|
JSON | 2021-12-22 | |
| Network | AWS_VPC_TRANSIT_GATEWAY
|
JSON | 2025-09-19 View Change |
|
| Azure Firewall Application Rule | AZURE_FIREWALL
|
JSON | 2026-04-13 View Change |
|
| Operation-Specific | ZOOM_OPERATION_LOGS
|
SYSLOG | 2025-11-06 View Change |
|
| CASB | CISCO_CLOUDLOCK_CASB
|
JSON | 2021-10-04 | |
| VULNERABILITIES | ARMIS_VULNERABILITIES
|
JSON | 2023-02-07 View Change |
|
| Security | FORTINET_FORTICLIENT
|
KV | 2025-01-13 View Change |
|
|
Palo Alto Prisma Access
|
Cloud Security | PAN_CASB
|
JSON, SYSLOG + CSV | 2026-04-08 View Change |
| OS logs | CISCO_UCS
|
SYSLOG | 2022-07-04 View Change |
|
|
IBM-i Operating System
|
I Operating System | IBM_I
|
Syslog CEF | 2025-07-30 View Change |
| SaaS Application | CLOUD_PASSAGE
|
JSON | 2022-06-30 View Change |
|
| FIREWALL | PFSENSE
|
SYSLOG | 2025-07-18 View Change |
|
| Cloud Security | NETSKOPE_ALERT
|
JSON | 2024-08-14 View Change |
|
| Log Aggregator | CISCO_STEALTHWATCH
|
JSON, CEF | 2026-01-12 View Change |
|
| SaaS Applications | CLAROTY_XDOME
|
SYSLOG , JSON , KV, CEF | 2026-04-02 View Change |
|
|
IBM Security QRadar SIEM
|
Security Log | IBM_QRADAR
|
SYSLOG | 2024-06-18 View Change |
|
KnowBe4 PhishER
|
Email server log types. | KNOWBE4_PHISHER
|
JSON | 2025-12-12 View Change |
|
SEPPmail Secure Email
|
email encryption and signature solutions | SEPPMAIL
|
SYSLOG + KV | 2024-06-04 View Change |
| Active Directory Audit | ADAUDIT_PLUS
|
SYSLOG + KV (CEF) | 2026-02-10 View Change |
|
| Wireless | CISCO_WIRELESS
|
SYSLOG | 2026-04-20 View Change |
|
| OS | NIX_SYSTEM
|
SYSLOG, JSON | 2026-04-21 View Change |
|
|
Cloudflare Audit
|
SaaS Application | CLOUDFLARE_AUDIT
|
JSON | 2026-01-01 View Change |
| DLP | TRIPWIRE_FIM
|
SYSLOG | 2026-02-10 View Change |
|
|
Alveo Risk Data Management
|
SaaS Applications | ALVEO_RDM
|
JSON | 2025-03-06 View Change |
| Log Aggregator | XITING_XAMS
|
SYSLOG | 2024-09-26 View Change |
|
| Switches and Routers Log Type | CAMBIUM_NETWORKS
|
SYSLOG | 2025-10-28 View Change |
|
| Mainframe | CA_ACF2
|
LEEF | 2022-05-24 View Change |
|
|
GCP_NETWORK_CONNECTIVITY
|
Computer Inventory | GCP_NETWORK_CONNECTIVITY_CONTEXT
|
JSON | 2023-06-13 View Change |
| AUDIT | ZSCALER_ZPA_AUDIT
|
JSON | 2026-01-07 View Change |
|
| Gateway Security | CISCO_IRONPORT
|
SYSLOG + CSV | 2025-11-13 View Change |
|
| Database management system | NEO4J
|
JSON | 2023-12-07 View Change |
|
| Risk Management Solution | ARCHER_IRM
|
SYSLOG | 2024-08-27 View Change |
|
|
UPX AntiDDoS
|
DDOS Mitigation | UPX_ANTIDDOS
|
JSON | 2025-02-13 View Change |
|
Proofpoint Tap Forensics
|
Email Server | PROOFPOINT_TAP_FORENSICS
|
JSON | 2024-11-06 View Change |
| Firewall | BARRACUDA_WAF
|
JSON, SYSLOG + KV | 2025-11-26 View Change |
|
| Email Server | ABNORMAL_SECURITY
|
JSON , SYSLOG | 2026-03-25 View Change |
|
| EDR | TRELLIX_HX_ALERTS
|
JSON | 2025-11-14 View Change |
|
|
Peplink Firewall
|
Firewall | PEPLINK_FW
|
SYSLOG + KV | 2023-08-17 View Change |
|
CA Access Control
|
Access Management | CA_ACCESS_CONTROL
|
JSON+SYSLOG, SYSLOG | 2023-07-25 View Change |
| Security | BROADCOM_SUPPORT_PORTAL
|
SYSLOG + KV,SYSLOG,JSON | 2025-03-23 View Change |
|
| Google Cloud Specific | GCP_IDS
|
JSON | 2024-05-01 View Change |
|
| Email Server | FIREEYE_ETP
|
JSON + SYSLOG | 2026-03-23 View Change |
|
| Webproxy | IBOSS_WEBPROXY
|
SYSLOG + JSON | 2023-08-22 View Change |
|
|
CIS Albert Alerts
|
Alerts | CIS_ALBERT_ALERT
|
SYSLOG, JSON | 2025-05-19 View Change |
| VPN | PULSE_SECURE_VPN
|
SYSLOG | 2025-12-10 View Change |
|
| open-source software | HADOOP
|
SYSLOG + KV | 2026-02-23 View Change |
|
| VPN | ARRAYNETWORKS_VPN
|
SYSLOG, SYSLOG + KV | 2024-05-14 View Change |
|
| CyberArk Privileged Access Manager | CYBERARK_PAM
|
SYSLOG, JSON, SYSLOG + KV, JSON + CEF | 2026-04-10 View Change |
|
| Log Aggregator | AZURE_RESOURCE_LOGS
|
JSON | 2025-03-12 View Change |
|
| Email Server | MIMECAST_MAIL_V2
|
SYSLOG + JSON | 2026-03-02 View Change |
|
| IOC | MANDIANT_CUSTOM_IOC
|
JSON | 2023-12-19 View Change |
|
| Application server logs | HILLSTONE_NGFW
|
SYSLOG + KV | 2025-02-04 View Change |
|
| Web server | TOMCAT
|
JSON | 2025-02-07 View Change |
|
| CEF | IMPERVA_CEF
|
SYSLOG + KV | 2024-09-12 View Change |
|
| Gateway to data and intelligence | MICROSOFT_GRAPH_ALERT
|
JSON | 2026-04-22 View Change |
|
| Network Infrastructure | CISCO_IOS
|
SYSLOG | 2026-04-14 View Change |
|
| OS | AUDITD
|
SYSLOG, JSON, XML, KV | 2026-04-13 View Change |
|
| DNS | INFOBLOX_DNS
|
SYSLOG, CEF | 2026-01-27 View Change |
|
|
Tetragon Ebpf Audit Logs
|
OS | TETRAGON_EBPF_AUDIT_LOGS
|
JSON | 2024-03-15 View Change |
|
Intel 471 Malware Intelligence
|
INTEL471_MALWARE_INTEL
|
JSON | 2024-11-21 View Change |
|
|
Ciena Router logs
|
Application server logs | CIENA_ROUTER
|
SYSLOG | 2024-10-31 View Change |
|
Desynova Contido
|
Switches | DESYNOVA_CONTIDO
|
SYSLOG + JSON | 2023-09-19 View Change |
| Mobile Device Management | AZURE_MDM_INTUNE
|
JSON | 2025-12-26 View Change |
|
| Content Management Software | VECTRA_ALERTS
|
JSON | 2025-02-18 View Change |
|
| Google Cloud Specific | GCP_LOADBALANCING
|
JSON | 2025-08-13 View Change |
|
| SaaS Application | ORACLE_FUSION
|
JSON | 2024-10-18 View Change |
|
| Google Cloud Specific | GCP_NGFW_ENTERPRISE
|
JSON | 2024-04-16 View Change |
|
|
GTB Technologies DLP
|
Security | GTB_DLP
|
SYSLOG+KV, SYSLOG+JSON | 2025-10-28 View Change |
| DNS Security | GCP_DNS_ATD
|
JSON | 2025-07-25 View Change |
|
|
IBM zSecure Alert
|
Alert log types | IBM_ZSECURE_ALERT
|
SYSLOG | 2025-06-19 View Change |
| Endpoint | WINEVTLOG
|
JSON,XML,SYSLOG+KV,SYSLOG+JSON,SYSLOG+XML | 2026-04-06 View Change |
|
|
Ping Identity
|
Authentication | PING
|
JSON, SYSLOG + KV, CEF | 2026-04-22 View Change |
|
Cloud SQL Context
|
Google Cloud Specific | GCP_SQL_CONTEXT
|
JSON | 2023-07-26 View Change |
| Hitachi Cloud Platform | HITACHI_CLOUD_PLATFORM
|
SYSLOG | 2023-05-30 View Change |
|
| Endpoint Security | JAMF_TELEMETRY
|
JSON | 2024-05-01 View Change |
|
| Load Balancer, Traffic Shaper, ADC | CITRIX_NETSCALER
|
SYSLOG + KV | 2026-04-16 View Change |
|
| SmartDefences | CHECKPOINT_SMARTDEFENSE
|
SYSLOG + CEF, SYSLOG + KV | 2026-04-01 View Change |
|
|
IBM Security Verify SaaS
|
SaaS Application | IBM_SECURITY_VERIFY_SAAS
|
JSON | 2023-10-27 View Change |
|
Cisco DHCP
|
DHCP | CISCO_DHCP
|
SYSLOG + CSV | 2022-02-07 |
| Switches | ARISTA_SWITCH
|
JSON+SYSLOG | 2025-12-16 View Change |
|
|
Semperis DSP
|
LDAP | SEMPERIS_DSP
|
SYSLOG | 2025-09-12 View Change |
| Privileged Account Activity | ONEIDENTITY_TPAM
|
KV ,CEF | 2025-12-23 View Change |
|
|
McAfee DLP
|
DLP | MCAFEE_DLP
|
CSV | 2025-12-04 View Change |
| Switches, Routers | CLOUDGENIX_SDWAN
|
SYSLOG + KV | 2022-09-08 View Change |
|
| Malware Detection | MICROSOFT_SCEP
|
KV | 2025-02-24 View Change |
|
| Security | IBM_SVA
|
Syslog | 2025-08-29 View Change |
|
|
Teradata DB
|
Database log types | TERADATA_DB
|
SYSLOGgcert | 2025-06-17 View Change |
| Audit | AZURE_KEYVAULT_AUDIT
|
JSON | 2025-07-08 View Change |
|
| Local Administrator Password Solution | MICROSOFT_LAPS
|
JSON | 2024-10-10 View Change |
|
| Access Management | DELINEA_PAM
|
SYSLOG + CSV | 2022-11-10 View Change |
|
|
Rubrik
|
Backup software | RUBRIK
|
SYSLOG | 2025-01-22 View Change |
| Web Application Firewall | EDGIO_WAF
|
JSON | 2025-02-04 View Change |
|
| Endpoint Security | JAMF_TELEMETRY_V2
|
JSON | 2025-11-19 View Change |
|
| Enterprise Application Access | AKAMAI_EAA
|
JSON | 2025-07-15 View Change |
|
| IOC | CROWDSTRIKE_IOC
|
JSON | 2025-05-30 View Change |
|
| IDS/IPS | OSSEC
|
SYSLOG | 2024-04-24 View Change |
|
| Database | SNOWFLAKE
|
JSON, CSV | 2025-04-15 View Change |
|
|
Databricks
|
Storage solutions | DATABRICKS
|
JSON | 2026-03-17 View Change |
| Email Server | EXCHANGE_MAIL
|
SYSLOG | 2025-09-30 View Change |
|
| VPN | CISCO_VPN
|
SYSLOG | 2025-03-13 View Change |
|
| WAF | IMPERVA_WAF
|
SYSLOG+KV, JSON | 2026-01-08 View Change |
|
|
AWS Inspector
|
AWS-specific log types | AWS_INSPECTOR
|
JSON, SYSLOG | 2025-02-25 View Change |
|
Proofpoint CASB
|
CASB | PROOFPOINT_CASB
|
JSON | 2026-01-16 View Change |
|
Forescout eyeInspect
|
Network Monitoring | FORESCOUT_EYEINSPECT
|
SYSLOG, CEF | 2025-12-05 View Change |
|
Reserved LogType2
|
LDAP | RESERVED_LOG_TYPE_2
|
JSON | 2024-12-09 View Change |
|
Verba Recording System
|
Recording System | VERBA_REC
|
CSV | 2024-05-24 View Change |
| Schema | OCSF
|
JSON | 2025-11-25 View Change |
|
|
Spur data feeds
|
Vulnerability Management | SPUR_FEEDS
|
JSON | 2024-05-10 View Change |
| Alert log types | SAP_CHANGE_DOCUMENT
|
JSON | 2026-03-17 View Change |
|
| Policy Management | SERVICENOW_CMDB
|
JSON | 2025-03-27 View Change |
|
| NDR | OPENAI_AUDITLOG
|
JSON | 2025-03-20 | |
|
Rubrik Security Cloud
|
Security Violation, Login, Anomaly, Threat Monitoring, Threat Hunt | RUBRIK_SECURITY_CLOUD
|
JSON | 2026-02-09 View Change |
| Audit | ATLASSIAN_AUDIT
|
JSON | 2025-01-09 View Change |
|
|
Okta Access Gateway
|
OKTA specific | OKTA_ACCESS_GATEWAY
|
SYSLOG + KV | 2023-02-20 View Change |
| SaaS Applications | SNIPE_IT
|
JSON | 2025-02-12 View Change |
|
| SaaS Application | SERVICENOW_AUDIT
|
JSON, Syslog, kv | 2025-12-19 View Change |
|
| Kubernetes Container | KUBERNETES_NODE
|
JSON | 2026-02-10 View Change |
|
|
Rapid7
|
Vulnerability Scanner | RAPID7_NEXPOSE
|
JSON | 2024-05-14 View Change |
|
Shrubbery TACACS+
|
NETWORK MANAGEMENT | SHRUBBERY_TACACS
|
SYSLOG + KV | 2022-11-08 View Change |
| Security | NETIQ_ACCESS_MANAGER
|
SYSLOG + KV | 2026-01-22 View Change |
|
| Monitoring of DaaS | CITRIX_ANALYTICS
|
JSON | 2024-06-03 View Change |
|
|
PostFix Mail
|
Email Server | POSTFIX_MAIL
|
SYSLOG | 2026-01-29 View Change |
| Cloud Security | TRENDMICRO_CLOUDONE
|
SYSLOG, JSON | 2025-07-29 View Change |
|
| IOC | DIGITAL_SHADOWS_IOC
|
JSON | 2022-04-23 | |
|
Azure SQL
|
Database | AZURE_SQL
|
JSON | 2026-03-27 View Change |
| Privileged Account Activity | HASHICORP
|
JSON, SYSLOG, SYSLOG+JSON, SYSLOG+KV | 2025-12-11 View Change |
|
|
PerimeterX Bot Protection
|
Security | PERIMETERX_BOT_PROTECTION
|
JSON | 2024-03-27 View Change |
| WAF | SIGNAL_SCIENCES_WAF
|
JSON | 2024-05-13 View Change |
|
|
IBM Safenet
|
IT infrastructure | IBM_SAFENET
|
SYSLOG | 2026-03-05 View Change |
| Email DLP | ZSCALER_EMAIL_DLP
|
JSON | 2026-04-06 View Change |
|
| Software-defined Networking (SDN) | CISCO_APIC
|
SYSLOG | 2024-11-28 View Change |
|
|
Opswat Metadefender
|
Threat Protection | OPSWAT_METADEFENDER
|
SYSLOG + KV (CEF) | 2025-10-07 View Change |
| Network | EFFICIENTIP_DDI
|
SYSLOG + KV | 2025-11-04 View Change |
|
|
IBM Cloud Activity Tracker
|
Security Log | IBM_CLOUD_ACTIVITY_TRACKER
|
JSON | 2025-05-29 View Change |
| Cloud Security | PAN_PRISMA_CA
|
JSON | 2026-03-30 View Change |
|
|
Barracuda Firewall
|
Firewall | BARRACUDA_FIREWALL
|
SYSLOG | 2026-02-23 View Change |
|
Pharos
|
NA | PHAROS
|
JSON | 2025-02-18 |
| Server Management | HPE_ILO
|
SYSLOG | 2023-11-27 View Change |
|
|
Squid Web Proxy
|
Web Proxy | SQUID_WEBPROXY
|
SYSLOG | 2026-04-23 View Change |
| EDR logs | SOPHOS_EDR
|
JSON | 2024-07-31 View Change |
|
|
Azure Cosmos DB
|
Database | AZURE_COSMOS_DB
|
JSON | 2025-01-16 View Change |
|
Cimcor | File Integrity Monitoring
|
Monitoring | CIMCOR
|
SYSLOG + KV | 2024-06-18 View Change |
|
DigitalArts i-Filter
|
Web Proxy | DIGITALARTS_IFILTER
|
SYSLOG | 2025-10-16 View Change |
|
Salesforce Commerce Cloud
|
SaaS Application | SALESFORCE_COMMERCE_CLOUD
|
SYSLOG, JSON | 2024-10-03 View Change |
| IT infrastructure | DIGICERT
|
JSON | 2025-02-13 View Change |
|
| Security log | CB_APP_CONTROL
|
CEF, JSON | 2025-08-28 View Change |
|
| Switches | IPSWITCH_MOVEIT_TRANSFER
|
SYSLOG + CSV | 2025-11-04 View Change |
|
| SOAR | CHRONICLE_SOAR_AUDIT
|
JSON | 2026-04-20 View Change |
|
|
Cisco Secure Workload
|
AV and Endpoint | CISCO_SECURE_WORKLOAD
|
JSON, KV, SYSLOG | 2026-04-14 View Change |
|
WindChill
|
Lifecycle Management Software | WINDCHILL
|
SYSLOG | 2024-11-21 View Change |
|
Microsoft CASB
|
CASB | MICROSOFT_CASB
|
SYSLOG + KV (CEF) | 2025-03-26 View Change |
|
Netfilter IPtables
|
Firewall | NETFILTER_IPTABLES
|
SYSLOG + KV | 2025-11-17 View Change |
|
Bindplane Agent
|
Log Aggregation and SIEM Systems | BINDPLANE_AGENT
|
JSON | 2025-11-26 View Change |
| Systems Management Application | DELL_OPENMANAGE
|
SYSLOG + KV | 2025-05-14 View Change |
|
|
FireEye PX
|
Firewall | FIREEYE_PX
|
JSON | 2024-01-05 View Change |
|
LogonBox
|
Authentication | LOGONBOX
|
SYSLOG + KV | 2024-02-05 View Change |
| Cloud Security | NETSKOPE_ALERT_V2
|
JSON, CSV | 2026-02-12 View Change |
|
| DNS | BRO_JSON
|
JSON | 2026-03-26 View Change |
|
| AWS Specific | AWS_EC2_INSTANCES
|
JSON | 2024-01-31 View Change |
|
| Identity and Access Management | CLEARPASS
|
SYSLOG + KV | 2026-04-02 View Change |
|
| IDS/IPS | VMWARE_TANZU
|
JSON + SYSLOG+JSON | 2023-09-08 View Change |
|
| Vulnerability Scanner | QUALYS_ASSET_CONTEXT
|
JSON | 2023-08-01 View Change |
|
| Cloud App & Network Security | IMPERVA_FLEXPROTECT
|
CEF + KV | 2023-08-28 View Change |
|
|
OpenVPN
|
Network | OPEN_VPN
|
SYSLOG + KV + JSON | 2024-11-27 View Change |
|
SOTI MobiControl
|
Mobile Device Management | SOTI_MOBICONTROL
|
SYSLOG | 2023-09-08 View Change |
| Data Security | DELL_CYBERSENSE
|
SYSLOG | 2025-02-13 View Change |
|
| Identity and Access Management | MANAGE_ENGINE_AD360
|
SYSLOG + KV | 2025-08-05 View Change |
|
| DATA SECURITY | FORGEROCK_OPENIDM
|
JSON | 2025-02-13 View Change |
|
| Email Server | MIMECAST_MAIL
|
KV,KV+JSON | 2025-07-01 View Change |
|
|
Trend Micro Vision One Endpoint Vulnerabilities
|
schema | TRENDMICRO_VISION_ONE_ENDPOINT_VULNERABILITIES
|
JSON | 2026-03-14 View Change |
| Log Aggregator | FLUENTD
|
SYSLOG + JSON | 2025-10-31 View Change |
|
|
Red Hat Directory Server LDAP
|
Identity and Access Management | REDHAT_DIRECTORY_SERVER
|
JSON + SYSLOG + KV | 2024-10-24 View Change |
|
Oracle Cloud Infrastructure
|
Oracle Cloud Infrastructure | ORACLE_CLOUD_AUDIT
|
JSON | 2025-05-21 View Change |
|
McAfee MVISION CASB
|
CLOUD SECURITY | MCAFEE_MVISION_CASB
|
KV | 2023-06-22 View Change |
|
Tenable Active Directory Security
|
Tenable Active Directory Security | TENABLE_ADS
|
SYSLOG + KV | 2026-03-19 View Change |
|
Juniper MX Router
|
Routers and Switches | JUNIPER_MX
|
SYSLOG + KV | 2025-11-18 View Change |
| Log Aggregator | ELASTIC_PACKETBEATS
|
SYSLOG + JSON , JSON | 2025-02-13 View Change |
|
|
Trustwave SEC MailMarshal
|
Email server | MAILMARSHAL
|
SYSLOG | 2023-04-06 View Change |
| Firewall | F5_AFM
|
SYSLOG + CSV, SYSLOG + KV | 2026-01-13 View Change |
|
| WAF | AKAMAI_WAF
|
SYSLOG, JSON | 2026-02-12 View Change |
|
|
TrendMicro Apex Central
|
Endpoint | TRENDMICRO_APEX_CENTRAL
|
CEF | 2026-03-25 View Change |
| Switches | BROCADE_SWITCH
|
SYSLOG, CSV | 2025-06-03 View Change |
|
| Telephone Software | CISCO_CTS
|
SYSLOG + KV | 2021-05-20 | |
| WAF | IBM_SAM
|
SYSLOG | 2025-04-02 View Change |
|
|
Ipswitch SFTP
|
Data Transfer | IPSWITCH_SFTP
|
SYSLOG+KV, JSON | 2025-05-14 View Change |
| Audit | AZURE_AD_AUDIT
|
JSON, Syslog+JSON | 2026-03-06 View Change |
|
|
Opengear Remote Management
|
Secure Remote Access | OPENGEAR
|
SYSLOG | 2024-09-13 View Change |
|
IBM DataPower Gateway
|
API Gateway | IBM_DATAPOWER
|
JSON, SYSLOG, SYSLOG+JSON | 2026-03-12 View Change |
|
NetDocuments Solutions
|
Threat Management Firewall | NETDOCUMENTS
|
Cloud-Based Document Management System | 2024-05-06 View Change |
| AV and endpoint logs | TRENDMICRO_VISION_ONE
|
SYSLOG + KV, CEF, JSON | 2026-01-08 View Change |
|
| Web Browser | ISLAND_BROWSER
|
JSON, SYSLOG + KV (CEF), SYSLOG + KV(CEF) + JSON | 2026-02-12 View Change |
|
| DevOps | JFROG_ARTIFACTORY
|
SYSLOG | 2025-10-24 View Change |
|
|
CommVault Commcell
|
Alert System | COMMVAULT_COMMCELL
|
KV , SYSLOG | 2024-01-24 View Change |
|
Thales MFA
|
Authentication | THALES_MFA
|
SYSLOG + KV (CEF) | 2025-11-07 View Change |
| Identity and Access Management | CISCO_ISE
|
SYSLOG , CSV | 2026-04-09 View Change |
|
|
Juniper IPS
|
IDS/IPS | JUNIPER_IPS
|
SYSLOG + KV | 2022-05-26 View Change |
| Email Server | PROOFPOINT_ON_DEMAND
|
JSON | 2026-04-16 View Change |
|
| Vulnerability Scanner | QUALYS_VIRTUAL_SCANNER
|
JSON | 2023-08-21 View Change |
|
|
Sap Business Technology Platform
|
SaaS Applications | SAP_BTP
|
JSON | 2024-07-19 View Change |
|
Absolute Mobile Device Management
|
Mobile Device Management | ABSOLUTE
|
SYSLOG + KV (CEF) | 2024-12-03 View Change |
| Vulnerability Scanners | SNYK_SDLC
|
JSON | 2026-03-13 View Change |
|
|
Saviynt Enterprise Identity Cloud
|
Endpoints | SAVIYNT_EIP
|
JSON, JSON+KV | 2023-06-05 View Change |
| EDR | FIREEYE_HX
|
JSON | 2025-05-14 View Change |
|
| AV / Endpoint | SEP
|
SYSLOG, KV, JSON, SYSLOG + JSON | 2026-02-05 View Change |
|
|
IBM Security Verify
|
Endpoint Security | IBM_SECURITY_VERIFY
|
SYSLOG,SYSLOG+XML | 2024-05-13 View Change |
|
Cisco TACACS+
|
Authentication | CISCO_TACACS
|
SYSLOG + KV | 2026-01-29 View Change |
|
Infoblox
|
DHCP, DNS | INFOBLOX
|
SYSLOG | 2026-04-16 View Change |
|
Infoblox DHCP
|
DHCP | INFOBLOX_DHCP
|
SYSLOG | 2025-09-01 View Change |
| Network infrastructure | ZYWALL
|
KV | 2025-12-08 View Change |
|
| Hypervisor | VMWARE_ESX
|
SYSLOG, JSON, SYSLOG+KV | 2026-04-20 View Change |
|
|
Nucleus Asset Metadata
|
Nucleus Specific | NUCLEUS_ASSET
|
JSON | 2021-08-05 |
|
Red Hat OpenShift
|
Kubernetes Container | REDHAT_OPENSHIFT
|
SYSLOG, JSON, SYSLOG+KV+JSON | 2026-03-12 View Change |
| WAF | FASTLY_CDN
|
JSON | 2026-01-02 View Change |
|
| NA | BROADCOM_CA_PAM
|
SYSLOG | 2024-11-07 View Change |
|
|
Kolide Endpoint Security
|
Security | KOLIDE
|
JSON | 2026-02-27 View Change |
| Rest api | NETAPP_ONTAP
|
SYSLOG, XML, JSON, SYSLOG+XML, SYSLOG+KV | 2026-03-30 View Change |
|
|
Stealthbits Defend
|
Security System for Active Directory and File Systems. | STEALTHBITS_DEFEND
|
SYSLOG + KV (LEEF, CEF) | 2022-11-17 View Change |
| TANIUM Logs | TANIUM_QUESTION
|
JSON | 2025-05-21 View Change |
|
| Mobile Device Management | AZURE_MDM_INTUNE_CONTEXT
|
Json | 2024-09-19 View Change |
|
| Monitoring | ARBOR_SIGHTLINE
|
SYSLOG + JSON | 2025-04-22 View Change |
|
| Backup software | VEEAM
|
SYSLOG | 2024-10-24 View Change |
|
| NDR | NTOPNG
|
SYSLOG + JSON | 2024-02-01 View Change |
|
|
VPC Flow Logs
|
Google Cloud Specific | GCP_VPC_FLOW
|
JSON | 2025-07-31 View Change |
CIPHERTRUST_MANAGER
|
SYSLOG + CEF + JSON | 2025-11-20 View Change |
||
|
Cloud Run
|
Google Cloud Specific | GCP_RUN
|
JSON | 2024-01-22 View Change |
| SaaS Application | WORKDAY
|
JSON, CSV | 2025-06-05 View Change |
|
| Remote Support | TEAMVIEWER
|
JSON | 2025-12-01 View Change |
|
| NDR | CATO_NETWORKS
|
JSON | 2026-01-09 View Change |
|
| Identity and Access Management | WIZ_IO
|
JSON | 2026-04-24 View Change |
|
| EDR | MALWAREBYTES_EDR
|
JSON | 2024-08-14 View Change |
|
| AWS Specific | AWS_SESSION_MANAGER
|
SYSLOG/JSON | 2025-04-30 View Change |
|
| WAF | F5_ASM
|
SYSLOG, CSV, JSON | 2026-04-14 View Change |
|
| SSL Visibility | BROADCOM_SSL_VA
|
SYSLOG | 2024-06-25 View Change |
|
|
BigQuery
|
Google Cloud Resources Contexts | N/A
|
JSON | 2024-04-24 View Change |
| EDR | LIMACHARLIE_EDR
|
JSON | 2023-08-07 | |
|
Mongo Database
|
DATABASE | MONGO_DB
|
JSON | 2025-03-12 View Change |
|
Infoblox RPZ
|
RPZ | INFOBLOX_RPZ
|
SYSLOG | 2024-02-13 View Change |
|
Asset Panda
|
SaaS Applications | ASSET_PANDA
|
JSON | 2025-02-04 View Change |
| Email Security | FORTINET_FORTIMAIL
|
KV | 2025-02-25 View Change |
|
|
Snoopy Logger
|
Log Aggregator | SNOOPY_LOGGER
|
SYSLOG | 2022-08-10 View Change |
| Authentication log types. | LUCID
|
JSON | 2024-06-19 View Change |
|
|
Sonrai Enterprise Cloud Security Solution
|
Cloud Security Solution | SONRAI
|
JSON | 2024-06-13 View Change |
|
Cloudflare Warp
|
Data Security | CLOUDFLARE_WARP
|
JSON | 2026-04-08 View Change |
|
Google Threat Intelligence IOC
|
IOC | GTI_IOC
|
JSON | 2026-04-02 View Change |
|
Cloud Functions Context
|
Google Cloud Specific | GCP_CLOUD_FUNCTIONS_CONTEXT
|
JSON | 2023-07-26 View Change |
| IOC | CSV_CUSTOM_IOC
|
CSV | 2025-08-01 View Change |
|
| N/A | SAP_SECURITY_AUDIT
|
JSON | 2026-03-26 View Change |
|
|
Phishlabs
|
Digital Risk Protection | PHISHLABS
|
JSON | 2024-03-22 View Change |
| Wireless | AIRWATCH
|
SYSLOG + KV | 2025-06-05 View Change |
|
| Firewall | RADWARE_FIREWALL
|
SYSLOG, JSON, SYSLOG+KV | 2026-04-24 View Change |
|
| DATA STORAGE | DELL_EMC_POWERSTORE
|
SYSLOG + KV | 2024-11-07 View Change |
|
| Endpoint Security | MICROSOFT_IAS
|
CSV + KV | 2024-04-25 | |
| IDS/IPS | SNORT_IDS
|
SYSLOG + JSON | 2024-12-04 View Change |
|
| Identity & Access Management | CYBERARK_PRIVILEGE_CLOUD
|
SYSLOG + KV | 2025-09-30 View Change |
|
| SSO | ONELOGIN_SSO
|
JSON | 2026-01-01 View Change |
|
| Database | ZEROFOX_PLATFORM
|
JSON | 2025-03-21 View Change |
|
| DDI (DNS, DHCP, IPAM) | BLUECAT_DDI
|
SYSLOG | 2022-11-08 View Change |
|
|
TACACS Plus
|
Authentication log types | TACACS_PLUS
|
SYSLOG | 2025-03-13 View Change |
|
Recordia
|
Telephone software | RECORDIA
|
JSON | 2024-01-30 View Change |
| Firewall | CISCO_FWSM
|
SYSLOG | 2025-10-17 View Change |
|
|
Qumulo FS
|
File System | QUMULO_FS
|
SYSLOG | 2024-05-09 View Change |
|
Ordr IoT
|
IoT | ORDR_IOT
|
SYSLOG + JSON | 2024-03-05 View Change |
|
Stealthbits PAM
|
Privileged Access Management Solution | STEALTHBITS_PAM
|
CEF + KV | 2023-11-07 View Change |
|
JAMF CMDB
|
Computer Inventory | JAMF
|
JSON | 2024-05-28 View Change |
| Email Server | FORCEPOINT_EMAILSECURITY
|
JSON | 2025-12-23 View Change |
|
| Audits | FIREEYE_HX_AUDIT
|
XML | 2022-11-04 View Change |
|
| Privileged Account Activity | WALLIX_BASTION
|
SYSLOG, SYSLOG + KV | 2026-04-13 View Change |
|
|
Armis Alerts
|
ALERTS | ARMIS_ALERTS
|
JSON | 2023-02-07 View Change |
| Network and Security Virtualization | VMWARE_NSX
|
KV | 2026-01-01 View Change |
|
| SECURITY | IONIX
|
JSON | 2025-10-22 View Change |
|
| Firewall | JUNIPER_FIREWALL
|
SYSLOG + KV + JSON, SYSLOG + KV | 2026-04-10 View Change |
|
| Wireless | ARUBA_WIRELESS
|
SYSLOG | 2026-04-03 View Change |
|
| Log Aggregation and SIEM Systems | CRIBL_STREAM
|
JSON | 2024-06-05 View Change |
|
| ACTIVITY_LOGS | RIPPLING_ACTIVITYLOGS
|
JSON | 2024-08-01 View Change |
|
|
Vmware Avinetworks iWAF
|
Server | VMWARE_AVINETWORKS_IWAF
|
SYSLOG, SYSLOG+JSON | 2026-03-10 View Change |
|
Unbound DNS
|
DNS | UNBOUND_DNS
|
SYSLOG | 2020-06-09 |
|
Microstrategy
|
Application server logs | MICROSTRATEGY
|
SYSLOG | 2025-03-21 View Change |
| CISCO_WSM | CISCO_WSM
|
SYSLOG | 2023-10-05 View Change |
|
| DNS | UMBRELLA_DNS
|
CSV, JSON | 2026-03-17 View Change |
|
| Alert System | COMMVAULT
|
KV , SYSLOG | 2025-02-20 View Change |
|
| WEB | FORTINET_FORTIWEB
|
KV | 2026-01-05 View Change |
|
| Alert | AI_HUNTER
|
SYSLOG | 2026-03-02 View Change |
|
| Mainframe | BMC_AMI_DEFENDER
|
SYSLOG | 2024-05-27 View Change |
|
| Security | NETAPP_BLUEXP
|
JSON | 2024-10-23 View Change |
|
| SaaS Applications | F5_DCS
|
JSON | 2026-04-01 View Change |
|
|
Workspace Privileges
|
Google Cloud Specific | WORKSPACE_PRIVILEGES
|
JSON | 2023-11-29 View Change |
| Automation and DevOps Tools | ANSIBLE_AWX
|
JSON | 2024-06-25 View Change |
|
|
tenable.io
|
Vulnerability Scanner | TENABLE_IO
|
JSON | 2026-01-19 View Change |
| Cloud | OCI_CLOUDGUARD
|
JSON | 2025-02-06 View Change |
|
|
Samba SMBD
|
Privileged Account Activity | SMBD
|
Syslog | 2023-03-09 View Change |
| Network | FORTINET_FORTIDDOS
|
KV | 2025-01-10 View Change |
|
|
Security Command Center Sensitive Data Risk
|
Google Cloud Specific | GCP_SECURITYCENTER_SENSITIVE_DATA_RISK
|
JSON | 2025-12-04 View Change |
| CASB | TAILSCALE
|
JSON | 2024-11-21 View Change |
|
| DDI (DNS, DHCP, IPAM) | VITALQIP
|
SYSLOG | 2022-03-01 | |
| AV / Endpoint | TRENDMICRO_DEEP_SECURITY
|
LEEF + CEF | 2025-04-16 View Change |
|
|
Thales Luna Hardware Security Module
|
THALES_LUNA_HSM specific | THALES_LUNA_HSM
|
JSON/SYSLOG | 2025-09-12 View Change |
| Firewall | ZSCALER_FIREWALL
|
JSON | 2026-01-07 View Change |
|
| VPN | TWINGATE
|
JSON | 2024-12-11 View Change |
|
|
Colinet Trotta GAUS SEGUROS
|
Alert | CT_GAUS_SEGUROS
|
CSV | 2024-12-06 View Change |
| Security | CUSTOM_APPLICATION_ACCESS
|
JSON | 2025-02-07 View Change |
|
|
ISC DHCP
|
DHCP | ISC_DHCP
|
JSON + SYSLOG + KV | 2024-11-27 View Change |
| DATABASE | INFORMIX
|
JSON + SYSLOG | 2022-02-18 | |
|
Neosec
|
Security | NEOSEC
|
JSON | 2023-07-31 View Change |
TRELLIX_HX_AUDIT
|
2026-02-20 View Change |
|||
| Log Aggregator | AZURE_WAF
|
JSON | 2024-08-22 View Change |
|
| Identity and Access Management | OKTA_SCALEFT
|
JSON | 2025-08-18 View Change |
|
|
Cisco Unity Connection
|
Administration and Management | CISCO_UNITY_CONNECTION
|
SYSLOG + KV | 2025-05-15 View Change |
|
Netwrix StealthAudit
|
N/A | NETWRIX_STEALTHAUDIT
|
SYSLOG + KV | 2025-01-20 View Change |
|
AWS Redshift
|
AWS | AWS_REDSHIFT
|
JSON + CSV + SYSLOG | 2025-04-16 View Change |
| DHCP | WINDOWS_DHCP
|
JSON, SYSLOG, CSV | 2025-06-10 View Change |
|
|
Proofpoint Email Filter
|
Email Server | PROOFPOINT_MAIL_FILTER
|
SYSLOG + KV, SYSLOG + JSON | 2025-12-02 View Change |
| Data Security | IMPERVA_DRA
|
SYSLOG,json | 2026-01-16 View Change |
|
| Privileged Account Activity | DELINEA_SECRET_SERVER
|
KV | 2025-12-10 View Change |
|
| Web Proxy | SYMANTEC_WSS
|
JSON | 2025-07-11 View Change |
|
|
Skybox Firewall Assurance
|
Firewall | SKYBOX_FIREWALL_ASSURANCE
|
SYSLOG + KV | 2023-09-07 View Change |
| VPN | SYMANTEC_VIP_AUTHHUB
|
JSON | 2025-03-11 View Change |
|
| LDAP | AZURE_AD_CONTEXT
|
JSON | 2025-10-03 View Change |
|
|
IBM Security QRadar SOAR
|
Security | IBM_SOAR
|
SYSLOG + KV | 2024-10-08 View Change |
| Tanium Specific | TANIUM_INTEGRITY_MONITOR
|
JSON | 2025-10-28 View Change |
|
|
Cyware Threat Intelligence Exchange
|
Threat Intelligence | CTIX
|
JSON | 2026-02-27 View Change |
| SCAN NETWORK | TANIUM_AUDIT
|
JSON | 2025-11-13 View Change |
|
|
Trend Micro
|
SMS, UNITY_ONE | TIPPING_POINT
|
SYSLOG | 2026-02-23 View Change |
|
Men and Mice DNS
|
DNS | MENANDMICE_DNS
|
SYSLOG | 2021-11-12 |
| Database | MYSQL
|
SYSLOG, JSON, CSV | 2026-04-20 View Change |
|
| EDR | DEEP_INSTINCT_EDR
|
LEEF | 2023-12-27 View Change |
|
|
Google Cloud IAM Analysis
|
Google Cloud Resources Contexts | N/A
|
JSON | 2023-02-27 View Change |
| Web Proxy | ZSCALER_WEBPROXY
|
JSON | 2026-03-27 View Change |
|
| IoT | MEDIGATE_IOT
|
SYSLOG + JSON | 2025-08-08 View Change |
|
|
Armis Devices
|
DEVICES | ARMIS_DEVICES
|
JSON | 2023-03-02 View Change |
| Tanium Specific | TANIUM_PATCH
|
JSON | 2022-02-08 | |
| Data Security | INTEL471_WATCHER_ALERTS
|
JSON | 2025-04-03 View Change |
|
|
Armis Activities
|
ACTIVITIES | ARMIS_ACTIVITIES
|
JSON | 2025-10-23 View Change |
| Endpoint Detection | ENDPOINT_PROTECTOR_DLP
|
SYSLOG + KV | 2025-09-26 View Change |
|
| EDR | CYBEREASON_EDR
|
JSON | 2026-02-24 View Change |
|
| DLP | DIGITALGUARDIAN_DLP
|
JSON,SYSLOG+XML | 2025-03-27 View Change |
|
|
JumpCloud Directory Insights
|
CLOUD | JUMPCLOUD_DIRECTORY_INSIGHTS
|
JSON | 2026-01-27 View Change |
| Avaya Aura Experience Portal | AVAYA_AURA
|
SYSLOG | 2022-12-30 View Change |
|
| NETWORK | ATTIVO
|
SYSLOG + KV (CEF) | 2026-01-29 View Change |
|
|
macOS Endpoint Security
|
AV and endpoint logs | MACOS_ENDPOINT_SECURITY
|
SYSLOG + KV | 2023-07-17 View Change |
|
Red Canary
|
EDR | REDCANARY_EDR
|
JSON | 2022-09-15 View Change |
|
Resource Manager Context
|
Google Cloud Specific | GCP_RESOURCE_MANAGER_CONTEXT
|
JSON | 2023-07-26 View Change |
|
DMP
|
Physical Security | DMP_ENTRE
|
SYSLOG | 2020-09-23 |
| Authentication | ONFIDO
|
SYSLOG + JSON | 2023-03-10 View Change |
|
|
Ping Federate
|
Authentication | PING_FEDERATE
|
CSV | 2025-10-15 View Change |
|
Cloud Storage Context
|
Google Cloud Specific | N/A
|
JSON | 2024-05-28 View Change |
| Audit event | YUBICO_OTP
|
SYSLOG, JSON, CSV | 2023-02-20 View Change |
|
| SAAS Security Application | DATAMINR_ALERT
|
JSON | 2024-02-14 View Change |
|
| Email Server | PROOFPOINT_MAIL
|
SYSLOG+KV, JSON, SYSLOG+JSON | 2026-04-09 View Change |
|
|
Cisco NX-OS
|
OS | CISCO_NX_OS
|
SYSLOG | 2025-07-02 View Change |
| Nucleus Specific | NUCLEUS_VULNERABILITY
|
JSON | 2021-06-30 | |
|
ThreatLocker Platform
|
THREATLOCKER | THREATLOCKER
|
JSON | 2023-06-18 View Change |
| Storage system | DELL_EMC_DATA_DOMAIN
|
SYSLOG + KV | 2026-02-12 View Change |
|
|
PingIdentity Directory Server Logs
|
Security | PING_DIRECTORY
|
SYSLOG + KV, JSON | 2026-02-24 View Change |
| Switches and Routers | CISCO_SDWAN
|
JSON, SYSLOG | 2025-11-18 View Change |
|
|
Windows Firewall
|
Firewall | WINDOWS_FIREWALL
|
Space Separated Value | 2021-08-26 |
|
Silverfort Authentication Platform
|
Identity and Access Management | SILVERFORT
|
CEF SYSLOG + KV, SYSLOG + JSON | 2026-04-06 View Change |
|
Tenable Security Center
|
Vulnerability Scanner | TENABLE_SC
|
SYSLOG, JSON+SYSLOG | 2025-08-11 View Change |
| Log Aggregation and SIEM Systems | AKAMAI_SIEM_CONNECTOR
|
JSON | 2025-10-24 View Change |
|
| Database | AWS_RDS
|
SYSLOG,JSON | 2025-12-30 View Change |
|
| AWS Specific | AWS_S3_SERVER_ACCESS
|
SYSLOG | 2025-06-11 View Change |
|
|
Ingrian Networks DataSecure Appliance
|
System and Audit Logs | INGRIAN_NETWORKS_DATASECURE_APPLIANCE
|
Syslog | 2024-10-31 View Change |
| Firewall | CISCO_FIREPOWER_FIREWALL
|
SYSLOG + KV, SYSLOG + JSON, JSON, SYSLOG | 2026-02-19 View Change |
|
|
GitHub Dependabot
|
Application server logs | GITHUB_DEPENDABOT
|
JSON | 2025-12-17 View Change |
|
Netscout OCI
|
Alert log | NETSCOUT_OCI
|
SYSLOG + KV | 2024-02-21 View Change |
| Database DLP | GUARDIUM
|
CSV, CEF, LEEF | 2025-01-28 View Change |
|
| Automation and DevOps Tools | MICROSOFT_DEFENDER_CLOUD_ALERTS
|
JSON | 2026-04-09 View Change |
|
| OFFICE_365 Specific | OFFICE_365_MESSAGETRACE
|
JSON | 2025-08-21 View Change |
|
| FIREWALL | FORTINET_FIREWALL
|
SYSLOG+KV, CEF | 2026-04-16 View Change |
|
| Mobile Device Management | JAMF_PRO_CONTEXT
|
JSON | 2025-11-28 View Change |
|
| VPN | ZSCALER_VPN
|
SYSLOG + CSV, JSON | 2026-02-10 View Change |
|
| AUDIT | FIREEYE_NX_AUDIT
|
Syslog | 2024-05-01 View Change |
|
| Data loss prevention (DLP) | CODE42_INCYDR
|
JSON | 2026-03-13 View Change |
|
|
Workspace ChromeOS Devices
|
Google Cloud Specific | WORKSPACE_CHROMEOS
|
JSON | 2024-12-03 View Change |
|
D3 Banking
|
BANKING | D3_BANKING
|
JSON | 2022-03-23 View Change |
| Application System | IBM_AS400
|
SYSLOG + KV, SYSLOG + JSON | 2025-11-07 View Change |
|
| Identity and Access Management | SAILPOINT_IAM
|
JSON | 2025-08-29 View Change |
|
| Productivity | SLACK_AUDIT
|
JSON | 2025-03-28 View Change |
|
| Tanium Specific | TANIUM_ASSET
|
JSON, SYSLOG + KV | 2025-01-08 View Change |
|
|
COVID-19 Cyber Threat Coalition
|
IOC | COVID_CTC_IOC
|
Value Entry | 2020-06-02 |
|
Openpath
|
AV / Endpoint | OPENPATH
|
SYSLOG | 2025-06-10 View Change |
| Identity and Access Management | OKTA
|
JSON | 2026-04-02 View Change |
|
| Authentication | DUO_ADMIN
|
JSON | 2025-01-02 View Change |
|
|
Clearswift
|
Information Security | CLEARSWIFT
|
SYSLOG | 2023-11-22 View Change |
|
SAP Sybase Adaptive Server Enterprise Database
|
Database | SAP_ASE
|
SYSLOG+KV, SYSLOG + CSV | 2026-01-22 View Change |
|
SailPoint IdentityIQ
|
Identity and Access Management | SAILPOINT_IIQ
|
SYSLOG, KV+XML, KV | 2026-02-17 View Change |
| AV / Endpoint | COMODO_AV
|
SYSLOG + KV (CEF) | 2021-04-09 | |
| Policy Management | ALGOSEC
|
SYSLOG + KV (CEF) | 2025-12-05 View Change |
|
| DNS | BLUECAT_EDGE
|
JSON, KV, SYSLOG | 2022-01-18 | |
|
Quest File Access Audit
|
Alert | QUEST_FILE_AUDIT
|
JSON | 2024-01-13 View Change |
|
JAMF Security Cloud
|
Automation and DevOps Tools | JAMF_SECURITY_CLOUD
|
JSON | 2025-03-23 View Change |
| Firewall IDS/IPS | EXTRAHOP
|
JSON, SYSLOG | 2025-12-26 View Change |
|
|
Cisco UCM
|
Communication Manager | CISCO_UCM
|
SYSLOG + KV | 2026-02-24 View Change |
| Cybersecurity | MISP_IOC
|
JSON, CSV | 2026-01-22 View Change |
|
| Identity and Access Management | AWS_CONTROL_TOWER
|
JSON | 2024-03-17 View Change |
|
| Firewall | CHECKPOINT_FIREWALL
|
SYSLOG + KV, JSON | 2026-04-16 View Change |
|
| EDR | OSQUERY_EDR
|
SYSLOG + JSON | 2024-05-01 View Change |
|
| Application | F5_SILVERLINE
|
SYSLOG, SYSLOG + KV , JSON | 2025-11-04 View Change |
|
|
Claroty Enterprise Management Console
|
Cyber Security | CLAROTY_EMC
|
SYSLOG+KV | 2026-02-17 View Change |
|
Passwordstate
|
below is a catch all for tokens, phones, groups, and endpoints | PASSWORDSTATE
|
SYSLOG | 2025-10-10 View Change |
| Network Monitoring | ELASTIC_DEFEND
|
JSON | 2026-03-02 View Change |
|
| Data Transfer | WINSCP
|
SYSLOG, CSV | 2024-05-22 View Change |
|
|
Comforte SecurDPS
|
Data loss prevention | COMFORTE_SECURDPS
|
SYSLOG + KV, JSON | 2024-06-10 View Change |
| Privileged Account Activity | BEYONDTRUST_BEYONDINSIGHT
|
KV , SYSLOG + JSON | 2026-03-19 View Change |
|
|
SAP Netweaver
|
Database | SAP_NETWEAVER
|
JSON | 2023-05-03 View Change |
| ALERTING | ELASTIC_AUDITBEAT
|
JSON | 2024-12-10 View Change |
|
| Unified Threat Management | SOPHOS_UTM
|
KV | 2025-07-25 View Change |
|
| Web Proxy | MENLO_SECURITY
|
JSON | 2025-07-29 View Change |
|
| BladeSystem C7000 | HPE_BLADESYSTEM_C7000
|
SYSLOG | 2024-04-08 View Change |
|
|
Solarwinds Kiwi Syslog Server
|
Security Log | SOLARWINDS_KSS
|
SYSLOG + KV | 2024-06-11 View Change |
|
Kea DHCP
|
DHCP | KEA_DHCP
|
SYSLOG | 2022-03-22 View Change |
| Web Proxy | MCAFEE_WEBPROXY
|
SYSLOG + KV (CEF), JSON, JSON + CEF | 2026-04-23 View Change |
|
| Security log | SPLUNK
|
JSON | 2024-05-01 View Change |
|
| CASB | FORCEPOINT_CASB
|
SYSLOG + CEF | 2022-08-23 View Change |
|
|
Suricata IDS
|
IDS/IPS | SURICATA_IDS
|
JSON | 2024-12-03 View Change |
|
ReviveSec
|
Application server logs | REVIVESEC
|
SYSLOG | 2025-02-25 View Change |
| NDR | VECTRA_DETECT
|
JSON + SYSLOG + CEF | 2025-12-30 View Change |
|
| Automation and DevOps Tools | CIRCLECI
|
CSV + JSON | 2025-05-15 View Change |
|
| SaaS Applications | AKAMAI_DATASTREAM_2
|
JSON | 2025-04-10 View Change |
|
| NDR | VECTRA_XDR
|
JSON | 2026-04-24 View Change |
|
| Identity and Access Management | ONEPASSWORD_AUDIT_EVENTS
|
JSON | 2025-02-17 View Change |
|
| Switches and Routers | DIGI_MODEMS
|
SYSLOG | 2023-06-26 View Change |
|
| CLOUD | GCP_SWP
|
JSON | 2024-04-15 View Change |
|
| SaaS Application | SALESFORCE
|
KV (LEEF), CSV | 2026-03-30 View Change |
|
| Tanium Specific | TANIUM_DISCOVER
|
JSON | 2022-11-24 View Change |
|
|
Cequence Bot Defense
|
Log Aggregator | CEQUENCE_BOT_DEFENSE
|
JSON | 2025-08-26 View Change |
|
Windows Hyper-V
|
Virtualization Software | WINDOWS_HYPERV
|
JSON | 2025-06-17 View Change |
| Atlassian Bitbucket | ATLASSIAN_BITBUCKET
|
JSON | 2023-06-12 View Change |
|
|
Google Cloud Identity Context
|
Identity and Access Management | CLOUD_IDENTITY_CONTEXT
|
JSON | 2024-12-06 View Change |
| Threat Events Stream | JAMF_THREAT_EVENTS
|
JSON | 2023-03-27 View Change |
|
| Data Security | SENTRY
|
JSON | 2025-01-16 View Change |
|
| Identity and Access Management | DUO_USER_CONTEXT
|
JSON | 2024-05-31 View Change |
|
|
CrowdStrike Detection Monitoring
|
EDR | CS_DETECTS
|
JSON | 2026-02-18 View Change |
| IOC | PAN_IOC
|
JSON | 2021-08-09 | |
| Google Cloud Specific | FORSETI
|
JSON | 2021-12-23 | |
| Endpoint Security | TRENDMICRO_APEX_ONE
|
SYSLOG + KV | 2026-04-02 View Change |
|
| AWS Specific | AWS_WAF
|
JSON | 2026-03-30 View Change |
|
|
Netscope Client
|
CASB | NETSKOPE_CLIENT
|
JSON | 2024-10-16 View Change |
|
Nozomi Networks Scada Guardian
|
Network Monitoring | NOZOMI_GUARDIAN
|
CEF and JSON, SYSLOG | 2026-01-29 View Change |
| Vulnerability scanners | URLSCAN_IO
|
JSON | 2024-10-25 View Change |
|
| ECS | DELL_ECS
|
SYSLOG | 2026-01-12 View Change |
|
|
Windows Network Policy Server
|
Authentication | WINDOWS_NET_POLICY_SERVER
|
SYSLOG, JSON, SYSLOG + XML | 2024-12-26 View Change |
|
Cybergatekeeper NAC
|
Security | CYBERGATEKEEPER_NAC
|
SYSLOG + KV | 2024-04-23 View Change |
| DATA STORAGE | SYNOLOGY
|
SYSLOG | 2024-01-16 View Change |
|
|
Windows Defender ATP
|
AV / Endpoint | WINDOWS_DEFENDER_ATP
|
SYSLOG + JSON, XML, JSON | 2024-10-15 View Change |
|
Azure Front Door
|
Web server logs | AZURE_FRONT_DOOR
|
JSON | 2026-04-16 View Change |
| Google Cloud Specific | GCP_CLOUDSQL
|
JSON | 2026-03-19 View Change |
|
| ENDPOINT MANAGEMENT | MOBILEIRON
|
JSON , SYSLOG | 2026-04-24 View Change |
|
| Data Loss Prevention | ZSCALER_DLP
|
JSON | 2026-01-07 View Change |
|
| IoT | NYANSA_EVENTS
|
SYSLOG + KV | 2023-03-01 View Change |
|
|
InterSystems Cache
|
Database | INTERSYSTEMS_CACHE
|
SYSLOG + KV | 2022-10-19 View Change |
| Cloud Computing | GCP_APP_ENGINE
|
JSON and KV | 2025-12-29 View Change |
|
| Network Device | JUNIPER_JUNOS
|
SYSLOG + KV | 2025-10-10 View Change |
|
| Authentication | CISCO_ACS
|
SYSLOG + KV | 2024-11-14 View Change |
|
| CASB | SYMANTEC_CASB
|
SYSLOG + JSON, JSON | 2024-10-25 View Change |
|
|
Kaspersky Endpoint
|
Security | KASPERSKY_ENDPOINT
|
SYSLOG | 2025-09-18 View Change |
|
Ops Genie
|
Web Proxy log types | OPS_GENIE
|
JSON | 2025-02-19 View Change |
| DNS | BLOXONE
|
SYSLOG + JSON | 2025-01-07 View Change |
|
| Network Management and Optimization software. | FORTINET_FORTIMANAGER
|
KV + SYSLOG | 2026-01-16 View Change |
|
| SaaS Application | AVATIER
|
SYSLOG + KV | 2021-08-05 | |
|
IBM Websphere Application Server
|
Web server | IBM_WEBSPHERE_APP_SERVER
|
JSON, SYSLOG | 2026-04-23 View Change |
| SaaS Application | CLOUDFLARE
|
JSON | 2026-03-05 View Change |
|
| Google Cloud Specific | N/A
|
JSON | 2024-05-01 View Change |
|
| EDR | CHECKPOINT_EDR
|
SYSLOG + KV and SYSLOG + CEF | 2026-04-14 View Change |
|
| Web Server | NETWRIX
|
JSON | 2024-05-23 View Change |
|
|
Micro Focus iManager
|
Network Management and Optimization | MICROFOCUS_IMANAGER
|
SYSLOG | 2025-01-02 View Change |
| AV / Endpoint | SOPHOS_CENTRAL
|
JSON | 2026-02-03 View Change |
|
|
Kubernetes Audit
|
K8s cluster audit logs | KUBERNETES_AUDIT
|
JSON,JSON+KV,JSON+SYSLOG | 2026-03-30 View Change |
|
ManageEngine Log360
|
Alert Log | MANAGE_ENGINE_LOG360
|
SYSLOG+KV | 2024-10-28 View Change |
|
Precisely Ironstream IBM z/OS
|
ZOS | IRONSTREAM_ZOS
|
JSON | 2024-11-27 View Change |
| Microsoft Sentinel | MICROSOFT_SENTINEL
|
JSON | 2025-10-16 View Change |
|
| SaaS Applications | SAP_ICM
|
SYSLOG | 2026-02-03 View Change |
|
|
GCP_MODEL_ARMOR
|
GCP-specific log types | GCP_MODEL_ARMOR
|
JSON | 2026-04-20 View Change |
| CASB | ORACLE_NETSUITE
|
JSON | 2026-04-06 View Change |
|
|
Velo Firewall
|
FIREWALL | VELO_FIREWALL
|
SYSLOG + KV, SYSLOG | 2026-02-12 View Change |
| SaaS Applications | GITGUARDIAN_ENTERPRISE
|
JSON | 2024-10-16 View Change |
|
| Email Security | TRENDMICRO_EMAIL_SECURITY
|
CEF | 2025-02-20 View Change |
|
| Oracle Cloud Infrastructure | OCI_AUDIT
|
JSON | 2026-04-15 View Change |
|
| AWS-specific logs | AWS_MACIE
|
JSON | 2025-05-15 View Change |
|
| SaaS Application | SERVICENOW_SECURITY
|
JSON | 2021-05-24 | |
| NDR | DATADOG
|
JSON | 2025-08-25 View Change |
|
| Automation Tools | AUTOMATION_ANYWHERE
|
SYSLOG + KV, JSON | 2026-01-09 View Change |
|
|
Apigee
|
Google Cloud Specific | GCP_APIGEE
|
JSON | 2025-10-23 View Change |
| NDR | CENSYS
|
SYSLOG + KV | 2024-02-03 View Change |
|
|
Symantec Messaging Gateway
|
Email server log types. | SYMANTEC_MAIL
|
JSON | 2025-12-22 View Change |
|
GCP_KUBERNETES_CONTEXT
|
Computer Inventory | GCP_KUBERNETES_CONTEXT
|
JSON | 2023-11-01 View Change |
| NETWORK | ARBOR_EDGE_DEFENSE
|
SYSLOG + KV | 2025-10-16 View Change |
|
| NAC | FORESCOUT_NAC
|
SYSLOG, CEF, JSON | 2026-03-27 View Change |
|
| Network Flow | AZURE_NSG_FLOW
|
JSON | 2025-05-20 View Change |
|
| Log Aggregator | ELASTIC_SEARCH
|
JSON | 2023-11-02 View Change |
|
| Data Security | OPENCANARY
|
SYSLOG + JSON | 2024-03-11 View Change |
|
| Network Management and Optimization | CISCO_DNAC
|
SYSLOG+JSON | 2025-08-14 View Change |
|
| Network Security | ARUBA_EDGECONNECT_SDWAN
|
SYSLOG + CSV, JSON | 2026-04-17 View Change |
|
|
Thycotic
|
Identity and Access Management | THYCOTIC
|
SYSLOG + KV (CEF) | 2024-10-08 View Change |
| AV / Endpoint | SOPHOS_AV
|
CSV, JSON | 2024-08-22 View Change |
|
| AWS Specific | AWS_CONFIG
|
JSON | 2025-09-26 View Change |
|
|
Sourcefire
|
IDS/IPS | SOURCEFIRE_IDS
|
JSON, CEF | 2024-12-23 View Change |
| IT infrastructure | IMPERVA_AUDIT_TRAIL
|
JSON, SYSLOG | 2025-04-03 View Change |
|
| Schema | AZURE_API_MANAGEMENT
|
JSON | 2025-01-21 View Change |
|
| Cloud Security | FORGEROCK_IDENTITY_CLOUD
|
JSON | 2026-03-30 View Change |
|
| Google Cloud Specific | GCP_COMPUTE
|
JSON | 2026-01-16 View Change |
|
|
Fortinet Proxy
|
Web Proxy | FORTINET_WEBPROXY
|
SYSLOG + KV | 2026-04-14 View Change |
| NDR | CORELIGHT
|
JSON | 2026-02-12 View Change |
|
| AWS | AWS_AURORA
|
JSON, SYSLOG | 2026-04-17 View Change |
|
| Collaboration log types | APPIAN_CLOUD
|
SYSLOG | 2025-05-06 View Change |
|
| Data Security | ARUBA_CENTRAL
|
SYSLOG , JSON | 2025-03-24 View Change |
|
|
Citrix Receiver
|
Application Server Logs | CSG_CITRIX_RX
|
CSV | 2025-03-26 View Change |
| AV / Endpoint | BITDEFENDER
|
CSV, SYSLOG | 2025-10-30 View Change |
|
| SSO | CA_SSO_WEB
|
JSON, SYSLOG + KV | 2026-04-17 View Change |
|
| Google Cloud Specific | N/A
|
JSON | 2026-03-17 View Change |
|
| Google Cloud Specific | GCP_SECURITYCENTER_POSTURE_VIOLATION
|
JSON | 2025-12-04 View Change |
|
|
Zeek TSV
|
Format Specific | BRO_TSV
|
SYSLOG + TSV | 2024-05-17 View Change |
| NDR | CORTEX_XDR
|
JSON, SYSLOG + KV | 2025-10-08 View Change |
|
|
Quest Change Auditor for EMC
|
Alert | QUEST_CHANGE_AUDITOR_EMC
|
JSON | 2024-06-18 View Change |
| Email Server | FORCEPOINT_MAIL_RELAY
|
JSON | 2025-04-09 View Change |
|
| Alert | ASOC_ALERT
|
JSON | 2021-06-21 | |
|
SAP SuccessFactors
|
Audit Log | SAP_SUCCESSFACTORS
|
CSV | 2024-05-22 View Change |
| Web server | CASSANDRA
|
JSON,SYSLOG+JSON | 2026-03-27 View Change |
|
|
Mikrotik Router
|
Router | MIKROTIK_ROUTER
|
SYSLOG + Grok | 2025-09-09 View Change |
| Google Cloud Specific | WORKSPACE_ACTIVITY
|
JSON | 2025-12-24 View Change |
|
| Switches, Routers | BIGSWITCH_BCF
|
SYSLOG | 2021-04-20 | |
| Load Balancer | BROCADE_SERVERIRON
|
SYSLOG | 2022-01-13 | |
| Switches and Routers | FORTINET_SWITCH
|
KV | 2024-11-11 View Change |
|
|
Preempt Alert
|
Identity and Access Management | PREEMPT
|
SYSLOG + KV (CEF) | 2022-06-22 View Change |
| Access Control System | LENEL_ONGUARD
|
JSON | 2024-11-14 View Change |
|
| IDS | CYBER_2_IDS
|
SYSLOG+JSON | 2025-09-04 View Change |
|
| Storage | DELL_EMC_NAS
|
SYSLOG | 2023-07-21 View Change |
|
| Tanium Specific | TANIUM_TH
|
JSON | 2023-12-18 View Change |
|
| AWS Specific | AWS_EMR
|
SYSLOG, SYSLOG+JSON, JSON | 2024-09-05 View Change |
|
| File scanning | FILE_SCANNING_FRAMEWORK
|
JSON | 2021-09-27 | |
| Threat Intelligence | DIGITAL_SHADOWS_SEARCHLIGHT
|
JSON | 2022-05-02 | |
|
Fortinet
|
DHCP | FORTINET_DHCP
|
KV | 2022-11-21 View Change |
|
Vercel WAF
|
Firewall log | VERCEL_WAF
|
JSON | 2024-12-20 |
| Identity and Access Management | CLOUDM
|
JSON | 2022-06-09 View Change |
|
|
Palantir
|
Foundry SaaS | PALANTIR
|
JSON | 2024-12-12 View Change |
| CASB | ZSCALER_CASB
|
JSON | 2026-01-06 View Change |
|
| SSO | SECUREAUTH_SSO
|
SYSLOG, XML, JSON+KV | 2026-04-20 View Change |
|
|
Ubika WAAP
|
WAF | UBIKA_WAAP
|
SYSLOG | 2024-06-03 View Change |
| Data Transfer | NASUNI_FILE_SERVICES
|
SYSLOG + JSON , CSV | 2025-03-24 View Change |
|
| IaaS Applications | AVIGILON_ACCESS_LOGS
|
XML | 2024-12-18 View Change |
|
|
RSA NetWitness
|
PLATFORM CONFIGURATION | RSA_NETWITNESS
|
SYSLOG | 2022-10-18 View Change |
| IT infrastructure | CS_FILEVANTAGE
|
JSON | 2025-04-16 View Change |
|
| DNS | WINDOWS_DNS
|
JSON, XML, SYSLOG + KV | 2026-04-01 View Change |
|
|
Pulse Secure Virtual Traffic Manager
|
Traffic Shapers | PULSE_SECURE_VTM
|
SYSLOG | 2023-11-03 View Change |
|
Keeper Enterprise Security
|
Security | KEEPER
|
JSON | 2024-12-12 View Change |
| DATABASE | ORACLE_DB
|
SYSLOG + KV, SYSLOG, JSON | 2026-03-12 View Change |
|
| Cloud Application and Edge Security | IMPERVA_DB
|
SYSLOG, SYSLOG+JSON | 2025-02-19 View Change |
|
| EDR | FORTINET_FORTIEDR
|
SYSLOG + KV | 2026-04-01 View Change |
|
| Knowledge base | ATLASSIAN_CONFLUENCE
|
SYSLOG, JSON | 2024-07-05 View Change |
|
|
SpyCloud
|
AV / Endpoint | SPYCLOUD
|
SYSLOG + JSON , JSON | 2025-02-27 View Change |
|
Linkshadow NDR
|
NDR | LINKSHADOW_NDR
|
SYSLOG + KV | 2025-01-16 View Change |
|
McAfee Unified Cloud Edge
|
SaaS Application | MCAFEE_UCE
|
JSON | 2021-07-20 |
|
Swift Alliance Messaging Hub
|
Finance | SWIFT_AMH
|
JSON | 2025-11-26 View Change |
|
ProFTPD
|
Web Server | PROFTPD
|
SYSLOG | 2025-01-12 View Change |
| Rest api | NETAPP_SAN
|
SYSLOG | 2023-04-25 View Change |
|
|
One Identity Identity Manager
|
unified identity security | ONE_IDENTITY_IDENTITY_MANAGER
|
kv , SYSLOG + JSON | 2025-07-08 View Change |
|
GMV Checker ATM Security
|
ATM Audit | GMV_CHECKER
|
SYSLOG, SYSLOG + KV | 2025-11-07 View Change |
| OS | AIX_SYSTEM
|
SYSLOG | 2026-03-10 View Change |
|
| DNS | EXTRAHOP_DNS
|
JSON | 2021-12-13 | |
|
Open Policy Agent
|
NA | OPA
|
JSON | 2025-01-16 View Change |
| Web Proxy | BLUECOAT_WEBPROXY
|
SYSLOG + JSON, SYSLOG + KV, KV, SYSLOG | 2026-04-20 View Change |
|
| Monitoring and Threat Detection | PAN_CORTEX_XDR_EVENTS
|
JSON | 2026-02-26 View Change |
|
| AV / Endpoint | CLAM_AV
|
JSON | 2022-02-07 | |
| AWS Specific | AWS_VPC_FLOW_CSV
|
CSV | 2025-05-26 View Change |
|
| Email Server | COFENSE_TRIAGE
|
SYSLOG + KV (CEF) | 2024-06-18 View Change |
|
|
Riverbed Steelhead
|
Network Management and Optimization | STEELHEAD
|
JSON , SYSLOG | 2025-06-16 View Change |
|
Custom DNS
|
DNS | CUSTOM_DNS
|
JSON | 2022-08-05 View Change |
| Privilege Account Activity | BOMGAR
|
SYSLOG | 2026-03-13 View Change |
|
| Switches and Routers | ADVA_FSP
|
SYSLOG+KV | 2023-12-18 View Change |
|
|
Smartsheet
|
CASB | SMARTSHEET
|
JSON | 2024-12-16 View Change |
| Privileged Account Activity | BEYONDTRUST_ENDPOINT
|
JSON | 2026-01-22 View Change |
|
|
Windows Defender AV
|
AV / Endpoint | WINDOWS_DEFENDER_AV
|
JSON, XML | 2026-04-06 View Change |
|
Teleport Access Plane
|
Remote Access | TELEPORT_ACCESS_PLANE
|
SYSLOG, JSON, SYSLOG+JSON | 2026-02-12 View Change |
| Data Security | OKERA_DAP
|
JSON | 2023-01-29 View Change |
|
| Web Server | IIS
|
SYSLOG + KV, JSON , XML | 2026-04-07 View Change |
|
|
Kubernetes Audit Azure
|
Log Aggregator | KUBERNETES_AUDIT_AZURE
|
JSON | 2024-12-11 View Change |
|
Thales Digital Identity and Security
|
Digital Identity & Security | THALES_DIS
|
SYSLOG | 2022-03-17 |
| EDR | DIGITALGUARDIAN_EDR
|
KV | 2025-11-13 View Change |
|
| Identity and Access Management | OPENAM
|
CSV, SYSLOG + KV | 2024-11-28 View Change |
|
|
Evision FircoSoft
|
Infrastructure | EVISION_FIRCOSOFT
|
SYSLOG | 2023-11-22 View Change |
| Google Cloud Specific | GCP_APIGEE_X
|
JSON | 2024-10-16 View Change |
|
| IoT | CYBERX
|
SYSLOG+KV | 2025-04-14 View Change |
|
| WAF | IMPERVA_ATTACK_ANALYTICS
|
KV | 2024-11-07 View Change |
|
| Load Balancer, Traffic Shaper, ADC | F5_BIGIP_LTM
|
SYSLOG, KV, CSV | 2026-04-10 View Change |
|
| Security Service Edge (SSE) | ZSCALER_INTERNET_ACCESS
|
JSON | 2026-01-09 View Change |
|
| Monitoring of DaaS | CITRIX_MONITOR
|
JSON | 2022-12-06 View Change |
|
|
Virtru Email Encryption
|
EMAIL SERVER | VIRTRU_EMAIL_ENCRYPTION
|
JSON | 2024-12-19 View Change |
| IOC | ET_PRO_IOC
|
CSV | 2022-11-28 View Change |
|
|
UberAgent
|
Security | UBERAGENT
|
CSV | 2024-12-29 View Change |
| AUDIT | CHECKPOINT_AUDIT
|
SYSLOG + KV (CEF) | 2024-10-01 View Change |
|
|
Linux DHCP
|
DHCP | LINUX_DHCP
|
SYSLOG | 2024-09-05 View Change |
| Security | SNYK_ISSUES
|
JSON | 2025-12-22 View Change |
|
| Kubernetes Specific | KUBERNETES_AUTH_PROXY
|
JSON | 2022-09-08 View Change |
|
|
NXLog Manager
|
Log Aggregator | NXLOG_MANAGER
|
SYSLOG | 2022-01-13 |
| AWS Specific | AWS_KMS
|
JSON | 2022-05-27 View Change |
|
| Email server log types. | FIREEYE_EMPS
|
JSON, CEF, SYSLOG+KV | 2026-04-15 View Change |
|
|
Centripetal Networks IOC
|
IOC | CENTRIPETAL_IOC
|
SYSLOG + KV | 2022-01-06 |
| Application server logs | AWARE_AUDIT
|
JSON | 2025-02-10 View Change |
|
|
Ruckus Networks
|
Wireless | RUCKUS_WIRELESS
|
SYSLOG + KV | 2025-10-31 View Change |
| AV / Endpoint | WINEVTLOG_XML
|
SYSLOG + XML, KV, SYSLOG + JSON, SYSLOG + CSV | 2026-04-23 View Change |
|
| VPN | ZSCALER_DECEPTION
|
SYSLOG+JSON | 2025-08-12 View Change |
|
|
Sangfor Next Generation Firewall
|
Firewall | SANGFOR_NGAF
|
SYSLOG + KV | 2025-10-17 View Change |
|
UpGuard
|
Vulnerability scanners | UPGUARD
|
JSON | 2024-11-13 View Change |
| DLP | ACCELLION
|
SYSLOG | 2022-09-30 View Change |
|
|
Palo Alto Networks IoT Security
|
IoT | PAN_IOT
|
SYSLOG | 2025-01-09 View Change |
| Schema | TRENDMICRO_VISION_ONE_AUDIT
|
JSON | 2025-09-29 View Change |
|
|
QNAP Systems NAS
|
Storage solutions | QNAP_NAS
|
SYSLOG, KV | 2025-12-11 View Change |
| Discovery and Monitoring | EPIC
|
LEEF + KV | 2026-04-07 View Change |
|
|
Proofpoint Sendmail Sentrion
|
Email server | PROOFPOINT_SENDMAIL_SENTRION
|
SYSLOG | 2024-06-05 View Change |
|
Noname API Security
|
Security | NONAME_API_SECURITY
|
JSON | 2026-04-23 View Change |
| Google Cloud Specific | N/A
|
JSON | 2024-05-01 View Change |
|
|
Cloudflare Network Analytics
|
SaaS Application | CLOUDFLARE_NETWORK_ANALYTICS
|
JSON | 2025-09-11 View Change |
|
Aware Signals
|
SaaS Applications | AWARE_SIGNALS
|
JSON | 2025-02-07 View Change |
| Tanium Specific | TANIUM_COMPLY
|
JSON | 2022-08-18 View Change |
|
| CISCO ACI | CISCO_ACI
|
JSON, SYSLOG | 2026-04-15 View Change |
|
| Server Management | NGINX
|
JSON + SYSLOG | 2026-01-30 View Change |
|
| Miscellaneous Windows-specific log types. | ADMANAGER_PLUS
|
KV, SYSLOG + KV | 2026-04-24 View Change |
|
| Cloud Log | CLOUDFLARE_WAF
|
JSON | 2026-01-27 View Change |
|
|
AWS ECS Metrics
|
Security | AWS_ECS_METRICS
|
SYSLOG + KV | 2025-02-06 View Change |
| IaaS Applications | AQUA_SECURITY
|
JSON | 2025-07-03 View Change |
|
| AV / Endpoint | CISCO_AMP
|
JSON | 2025-10-06 View Change |
|
| Web Proxy | UMBRELLA_IP
|
SYSLOG | 2025-10-07 View Change |
|
| EDR | CB_EDR
|
JSON, SYSLOG | 2025-12-18 View Change |
|
| Microservice management | KONG_GATEWAY
|
SYSLOG + JSON | 2022-09-23 View Change |
|
| Data Transfer | VANDYKE_SFTP
|
JSON, SYSLOG | 2025-05-15 View Change |
|
| Log Aggregator | WAZUH
|
SYSLOG + JSON | 2025-03-21 View Change |
|
| Application server logs | DELINEA_DISTRIBUTED_ENGINE
|
SYSLOG | 2024-12-06 View Change |
|
| Akeyless Vault Platform | AKEYLESS_VAULT
|
KV + JSON, Syslog + JSON | 2026-04-20 View Change |
|
| Email Server | ZIX_EMAIL_ENCRYPTION
|
SYSLOG | 2024-05-10 View Change |
|
| AUDIT | CYBERARK_PTA
|
SYSLOG + KV (CEF) | 2024-08-13 View Change |
|
| Load Balancer, Traffic Shaper, ADC | KEMP_LOADBALANCER
|
SYSLOG + KV | 2025-08-25 View Change |
|
| EVENTS | SENTINELONE_CF
|
JSON | 2026-04-16 View Change |
|
|
Maria Database
|
Database | MARIA_DB
|
SYSLOG | 2026-03-13 View Change |
| Security | EXTREME_SWITCH
|
SYSLOG | 2025-09-01 View Change |
|
| Webfilter | BARRACUDA_WEBFILTER
|
SYSLOG | 2024-11-14 View Change |
|
| Wireless | CISCO_MERAKI
|
SYSLOG, JSON | 2026-04-16 View Change |
|
| Automation and DevOps | JENKINS
|
JSON, SYSLOG | 2024-11-19 View Change |
|
|
Awake NDR
|
NDR | AWAKE_NDR
|
JSON | 2024-01-11 View Change |
| IPS | ARUBA_IPS
|
JSON | 2022-06-16 View Change |
|
| Backup Software | COHESITY
|
SYSLOG | 2024-09-24 View Change |
|
| Hardware Security Module | ENTRUST_HSM
|
SYSLOG | 2024-10-15 View Change |
|
|
Aruba Airwave
|
Wireless | ARUBA_AIRWAVE
|
XML | 2025-12-11 View Change |
| DATTO_FILE_PROTECTION | DATTO_FILE_PROTECTION
|
SYSLOG | 2022-08-22 View Change |
|
| SaaS Application | CISCO_FIRESIGHT
|
KV, SYSLOG+KV,SYSLOG | 2026-04-14 View Change |
|
| SIEM Systems | FIVETRAN
|
JSON | 2024-06-24 View Change |
|
| Endpoint Security | JAMF_PROTECT
|
JSON | 2024-10-08 View Change |
|
|
NIMBLE OS
|
OS | NIMBLE_OS
|
SYSLOG | 2022-07-21 View Change |
|
Huawei Switches
|
Switches and Routers | HUAWEI_SWITCH
|
JSON+SYSLOG, JSON+KV, SYSLOG+KV | 2026-04-16 View Change |
|
Workspace Mobile Devices
|
Google Cloud Specific | WORKSPACE_MOBILE
|
JSON | 2023-11-29 View Change |
| Google Cloud Specific | GMAIL_LOGS
|
JSON | 2024-05-10 View Change |
|
| Firewall | AMD_DSS_FIREWALL
|
SYSLOG + CSV | 2023-05-08 View Change |
|
| IDS/IPS | FALCO_IDS
|
JSON | 2024-03-06 View Change |
|
|
Fortinet FortiSandbox
|
AV and endpoint logs | FORTINET_SANDBOX
|
SYSLOG + KV | 2025-02-26 View Change |
| Data Security / Insider Threat | VARONIS
|
SYSLOG + KV (CEF), LEEF | 2026-03-18 View Change |
|
| Switches and Routers | NOKIA_ROUTER
|
SYSLOG + KV | 2025-05-15 View Change |
|
|
Microsoft Netlogon
|
Authentication | MICROSOFT_NETLOGON
|
SYSLOG | 2024-12-24 View Change |
|
Microsoft Defender for Office 365
|
Email server log types. | MICROSOFT_DEFENDER_MAIL
|
JSON | 2025-09-19 View Change |
| Forcepoint DLP | FORCEPOINT_DLP
|
CEF | 2025-11-05 View Change |
|
| N/A | ZSCALER_TUNNEL
|
JSON | 2026-01-06 View Change |
|
|
FireEye
|
Alerts | FIREEYE_ALERT
|
SYSLOG + JSON, JSON, KV, SYSLOG | 2025-08-12 View Change |
|
Ribbon Analytics Platform
|
Telephone Software | RIBBON_ANALYTICS_PLATFORM
|
SYSLOG | 2022-09-09 View Change |
| EDR | MICROSOFT_DEFENDER_IDENTITY
|
JSON | 2026-04-15 View Change |
|
| Firewall | AZION
|
JSON | 2023-09-30 View Change |
|
|
Netapp Storagegrid
|
Security | NETAPP_STORAGEGRID
|
SYSLOG + KV | 2024-06-15 View Change |
|
Trend Micro Vision One Observerd Attack Techniques
|
Schema | TRENDMICRO_VISION_ONE_OBSERVERD_ATTACK_TECHNIQUES
|
JSON | 2026-03-26 View Change |
|
Pure Storage
|
Data Storage | PURE_STORAGE
|
SYSLOG + KV | 2024-10-01 View Change |
| virtualization | VMWARE_VSPHERE
|
SYSLOG + CSV | 2025-05-15 View Change |
|
| IOC | RH_ISAC_IOC
|
JSON | 2024-03-07 View Change |
|
| EDR | SENTINEL_DV
|
JSON | 2026-04-23 View Change |
|
| Schema | TRENDMICRO_VISION_ONE_DETECTIONS
|
JSON | 2025-11-04 View Change |
|
|
Oracle Unified Directory
|
ORACLE OUD | ORACLE_OUD
|
SYSLOG | 2023-09-11 View Change |
|
Oracle WebLogic Server
|
Web server logs | ORACLE_WEBLOGIC
|
SYSLOG | 2024-10-30 View Change |
| WAF | NET_SUITE
|
kv | 2023-08-02 View Change |
|
| Security log | F5_SHAPE
|
JSON | 2024-08-20 View Change |
|
|
Windows Applocker
|
Application Locker | WINDOWS_APPLOCKER
|
SYSLOG + KV + JSON + XML | 2023-10-17 View Change |
|
Static IP
|
DHCP | ASSET_STATIC_IP
|
CSV | 2023-06-16 View Change |
| OpenTelemetry Netflow Receiver | NETFLOW_OTEL
|
JSON | 2025-04-23 View Change |
|
| Data Security / Insider Threat | IMPERVA_SECURESPHERE
|
SYSLOG + KV (CEF) | 2026-04-16 View Change |
|
|
Thales Vormetric
|
Encryption | VORMETRIC
|
SYSLOG | 2024-08-05 View Change |
| SAAS | AZURE_APP_SERVICE
|
JSON | 2024-10-18 View Change |
|
|
Preempt Auth
|
Identity and Access Management | PREEMPT_AUTH
|
SYSLOG + JSON | 2021-06-16 |
| firewall | CISCO_ASA_FIREWALL
|
SYSLOG | 2026-04-21 View Change |
|
| Security | DRUVA_BACKUP
|
JSON | 2024-12-05 View Change |
|
| IOC | THREATCONNECT_IOC_V3
|
JSON | 2026-03-02 View Change |
|
| Policy Management | ILLUMIO_CORE
|
JSON, SYSLOG, SYSLOG+JSON, SYSLOG+CEF and SYSLOG+KV+JSON. | 2025-12-29 View Change |
|
| LDAP | AZURE_AD
|
JSON | 2026-03-25 View Change |
|
|
Orca Cloud Security Platform
|
IDS/IPS log types | ORCA
|
JSON | 2026-03-24 View Change |
| Privilege Account Activity | BEYONDTRUST_PI
|
SYSLOG | 2024-08-19 View Change |
|
| Ticketing Application | ATLASSIAN_JIRA
|
SYSLOG, JSON | 2023-12-12 View Change |
|
| SAAS | GITLAB
|
JSON,SYSLOG + JSON | 2025-05-19 View Change |
|
| EDR | CS_EDR
|
JSON | 2026-04-09 View Change |
|
|
Radware Alteon
|
Load Balancer | RADWARE_ALTEON
|
SYSLOG | 2024-06-21 View Change |
|
Saiwall VPN
|
VPN | SAIWALL_VPN
|
KV | 2024-08-27 View Change |
|
ProofPoint Secure Email Relay
|
Email server | PROOFPOINT_SER
|
JSON | 2025-01-02 View Change |
|
ION Spectrum
|
Automation | ION_SPECTRUM
|
CSV | 2025-10-10 View Change |
| Google Cloud Specific | GCP_CLOUDIOT
|
JSON | 2022-06-06 View Change |
|
| Remote Access Tools | CHECKPOINT_HARMONY
|
SYSLOG+KV, JSON | 2026-03-19 View Change |
|
|
SAP SAST Suite
|
Security | SAP_SAST
|
SYSLOG | 2023-12-28 View Change |
| Firewall | CISCO_PIX_FIREWALL
|
SYSLOG | 2025-12-23 View Change |
|
|
TINTRI
|
Data Security | TINTRI
|
syslog | 2024-09-17 View Change |
| OS Logs | CLOUDFLARE_PAGESHIELD
|
JSON | 2025-03-05 View Change |
|
|
Workspace Groups
|
Google Cloud Specific | WORKSPACE_GROUPS
|
JSON | 2023-11-29 View Change |
| Endpoint Security | SENTINELONE_ALERT
|
JSON, CEF | 2024-12-09 View Change |
|
|
IBM WebSEAL
|
Web server | IBM_WEBSEAL
|
JSON, SYSLOG | 2025-10-08 View Change |
|
Linux Sysmon
|
DNS | LINUX_SYSMON
|
XML | 2026-02-18 View Change |
|
UKG
|
NA | UKG
|
JSON | 2025-02-12 View Change |
|
IBM Tape Storages
|
Monitoring | IBM_LTO
|
Syslog | 2024-05-02 View Change |
| Load balancing | HAPROXY
|
SYSLOG | 2025-07-30 View Change |
|
|
Palo Alto Panorama
|
Firewall | PAN_PANORAMA
|
CSV | 2026-04-21 View Change |
|
Journald
|
Log Aggregation and SIEM Systems | JOURNALD
|
JSON | 2025-10-03 View Change |
| Switches AND Routers | YAMAHA_ROUTER
|
SYSLOG | 2024-04-19 View Change |
|
| NDR | VECTRA_STREAM
|
JSON + SYSLOG + CEF | 2025-08-28 View Change |
|
|
OpenSSH
|
Logging and Troubleshooting | OPENSSH
|
SYSLOG | 2024-01-23 View Change |
| Access Policy Manager | F5_BIGIP_APM
|
SYSLOG, JSON | 2026-04-09 View Change |
|
|
JAMF Pro
|
Mac Endpoint Management System | JAMF_PRO
|
SYSLOG + KV, JSON | 2025-10-20 View Change |
| AWS-specific log types | AWS_API_GATEWAY
|
JSON | 2026-01-22 View Change |
|
| SSO | CENTRIFY_SSO
|
JSON | 2022-08-10 View Change |
|
| IoT | CLAROTY_CTD
|
KV, SYSLOG | 2026-02-05 View Change |
|
| NETWORKING | CISCO_CALL_MANAGER
|
SYSLOG | 2024-10-23 View Change |
|
| Data Security | METABASE
|
JSON | 2025-02-05 View Change |
|
| Vulnerability scanner | QUALYS_SCAN
|
JSON | 2023-04-21 View Change |
|
| Security log | ARCSIGHT_CEF
|
CEF Syslog | 2026-02-24 View Change |
|
| AWS Specific | AWS_ELB
|
SYSLOG, JSON | 2026-01-23 View Change |
|
|
Shibboleth IDP
|
Identity and Access Management | SHIBBOLETH_IDP
|
SYSLOG, JSON | 2024-11-14 View Change |
| SECURITY PLATFORM | PAN_PRISMA_CLOUD
|
JSON | 2024-11-18 View Change |
|
|
Unifi AP
|
Switches and Routers | UNIFI_AP
|
SYSLOG + KV, SYSLOG + JSON | 2025-11-24 View Change |
| Firewall log types | WPENGINE
|
SYSLOG | 2025-02-11 View Change |
|
| WSA | CISCO_WSA
|
SYSLOG, SYSLOG+CSV, JSON | 2026-03-12 View Change |
|
| Firewall | UMBRELLA_FIREWALL
|
CSV | 2025-10-06 View Change |
|
| STATUS_UPDATE | FORTRA_POWERTECH_SIEM_AGENT
|
SYSLOG, CEF | 2024-04-30 View Change |
|
| Alert | AIDE
|
SYSLOG | 2025-03-10 View Change |
|
|
Ping One
|
NA | PING_ONE
|
JSON | 2026-01-29 View Change |
|
BeyondTrust Secure Remote Access
|
Remote Access Tools | BEYONDTRUST_REMOTE_ACCESS
|
SYSLOG + KV | 2025-12-04 View Change |
| SEP | SYMANTEC_EVENT_EXPORT
|
JSON, SYSLOG | 2025-03-06 View Change |
|
| Alert log types | ZSCALER_NSS_FEEDS
|
JSON | 2024-10-21 View Change |
|
|
AppOmni
|
SAAS Security Application | APPOMNI
|
JSON | 2025-11-24 View Change |
| Threat Intel | TEAM_CYMRU_SCOUT_THREATINTEL
|
JSON | 2024-08-22 View Change |
|
|
CYJAX Threat Intelligence
|
Threat Intelligence | CYJAX_THREAT_INTELLIGENCE
|
JSON | 2026-03-11 View Change |
|
KerioControl Firewall
|
Threat Management Firewall | KERIOCONTROL
|
SYSLOG | 2024-02-28 View Change |
|
Sublime Security
|
Vulnerability scanners | SUBLIMESECURITY
|
JSON | 2025-12-22 View Change |
| Firewall | AWS_NETWORK_FIREWALL
|
JSON | 2026-02-05 View Change |
|
| Firewall | PAN_FIREWALL
|
CSV + CEF + LEEF + JSON | 2026-04-21 View Change |
|
| Backup software | VERITAS_NETBACKUP
|
SYSLOG | 2026-02-06 View Change |
|
| Schema | TRENDMICRO_VISION_ONE_ACTIVITY
|
JSON | 2025-08-08 View Change |
|
| Application server | CRUSHFTP
|
SYSLOG+KV | 2025-01-23 View Change |
|
| Database | DB2_DB
|
LEEF,Syslog+KV | 2025-12-04 View Change |
|
| Network | FORCEPOINT_FIREWALL
|
SYSLOG+JSON, SYSLOG+KV | 2026-02-23 View Change |
|
|
Sierra Wireless
|
IOT Devices | SIERRA_WIRELESS
|
SYSLOG | 2023-11-23 View Change |
| AWS Specific | AWS_VPC_FLOW
|
SYSLOG, JSON | 2026-03-02 View Change |
|
|
Solaris system
|
OS | SOLARIS_SYSTEM
|
SYSLOG | 2025-12-10 View Change |
|
IBM DS8000 Storage
|
Audit Logs | IBM_DS8000
|
Syslog, CSV | 2024-07-24 View Change |
|
Seqrite Endpoint Security (EPS)
|
AV and endpoint logs | SEQRITE_ENDPOINT
|
LEEF | 2023-03-24 View Change |
| DNS | AKAMAI_DNS
|
CSV, JSON | 2024-11-25 View Change |
|
| Network Monitoring | CISCO_ESTREAMER
|
SYSLOG + KV | 2025-03-17 View Change |
|
|
McAfee IPS
|
IDS/IPS | MCAFEE_IPS
|
SYSLOG | 2025-08-13 View Change |
| Firewall and Security Management | CISCO_UMBRELLA_AUDIT
|
CSV | 2025-09-30 View Change |
|
| Audit Log | HID_DIGITALPERSONA
|
JSON, SYSLOG + KV | 2024-05-23 View Change |
|
| Configuration Management | WORDPRESS_CMS
|
JSON | 2024-05-07 View Change |
|
| IOC | THREATCONNECT_IOC
|
JSON | 2022-01-13 | |
| GATEWAY | AZURE_GATEWAY
|
JSON | 2025-06-05 View Change |
|
| Vulnerability Scanner | QUALYS_VM
|
KV + JSON | 2025-07-03 View Change |
|
|
NetIQ eDirectory
|
Identity management deployments | NETIQ_EDIRECTORY
|
Syslog, CEF | 2025-02-17 View Change |
| ESET_AV | ESET_AV
|
SYSLOG + JSON | 2026-03-30 View Change |
|
| Browser | N/A
|
JSON | 2025-11-11 View Change |
|
| Switches, Routers | CISCO_ROUTER
|
SYSLOG, SYSLOG+KV | 2026-02-03 View Change |
|
| SaaS Applications | BARRACUDA_CLOUDGEN_FIREWALL
|
Syslog | 2026-04-16 View Change |
|
|
Agiloft
|
SAAS Application | AGILOFT
|
JSON, Syslog | 2025-02-27 View Change |
|
LastPass Password Management
|
Identity and Access Management | LASTPASS
|
JSON | 2025-05-29 View Change |
|
SAP SM20
|
Security Audit Log | SAP_SM20
|
JSON | 2025-07-07 View Change |
| WAF | FASTLY_WAF
|
JSON | 2025-05-08 View Change |
|
| IDS/IPS | GUARDDUTY
|
JSON | 2026-01-29 View Change |
|
|
Snare System Diagnostic Logs
|
Security | SNARE_SOLUTIONS
|
SYSLOG + KV , SYSLOG + JSON | 2025-11-21 View Change |
|
Mattermost
|
Alerts | MATTERMOST
|
JSON , SYSLOG | 2023-12-15 View Change |
| Log Aggregation | CUSTOM_SECURITY_DATA_ANALYTICS
|
JSON | 2025-05-30 View Change |
|
| N/A | WORKDAY_USER_ACTIVITY
|
SYSLOG + JSON , JSON | 2025-10-03 View Change |
|
| NDR | FIREEYE_NX
|
JSON, SYSLOG+KV | 2026-04-20 View Change |
|
| IOC | ESET_IOC
|
JSON | 2023-10-05 View Change |
|
|
Google Threat Intelligence
|
Threat Intel | GCP_THREATINTEL
|
JSON | 2025-11-25 View Change |
| Deception Software | THINKST_CANARY
|
JSON | 2026-04-07 View Change |
|
|
Rubrik Polaris
|
Data Security | RUBRIK_POLARIS
|
JSON | 2024-05-27 View Change |
| Remote Access Tools | CITRIX_STOREFRONT
|
JSON | 2025-02-12 View Change |
|
| Cisco Wips | CISCO_WIPS
|
SYSLOG + KV | 2023-11-17 View Change |
|
|
Workspace Users
|
Google Cloud Specific | WORKSPACE_USERS
|
JSON | 2025-08-27 View Change |
|
Trellix HX Event Streamer
|
Cybersecurity | TRELLIX_HX_ES
|
SYSLOG + KV | 2026-02-27 View Change |
| Firewall and Routing Platform | OPNSENSE
|
Syslog, Syslog + CSV | 2025-09-17 View Change |
|
| Google Cloud Specific | N/A
|
JSON | 2026-04-02 View Change |
|
| IPS IDS | SURICATA_EVE
|
JSON | 2026-04-21 View Change |
|
| Endpoint detection and response | UPTYCS_EDR
|
JSON | 2022-07-08 View Change |
|
| Vulnerability Scanner | RAPID7_INSIGHT
|
SYSLOG, JSON | 2026-04-09 View Change |
|
| Logging and Troubleshooting | VMWARE_WORKSPACE_ONE
|
SYSLOG | 2023-08-04 View Change |
|
|
Security Command Center Toxic Combination
|
Google Cloud Specific | GCP_SECURITYCENTER_TOXIC_COMBINATION
|
JSON | 2026-02-24 View Change |
| LOAD BALANCER | A10_LOAD_BALANCER
|
SYSLOG | 2025-12-17 View Change |
|
| Identity and Access Management | DUO_CONTEXT
|
JSON | 2022-03-14 | |
| Security SSO | HYPR_MFA
|
CSV | 2024-04-26 View Change |
|
| Collaboration | BOX
|
JSON | 2026-01-12 View Change |
|
|
TXOne Stellar
|
AV and Endpoint logs | TRENDMICRO_STELLAR
|
SYSLOG , JSON, SYSLOG+KV | 2026-03-02 View Change |
| Switches | HP_PROCURVE
|
SYSLOG | 2025-11-12 View Change |
|
| Identity and Access Management | ONEPASSWORD
|
JSON | 2025-10-01 View Change |
|
|
Cloud Data Loss Prevention
|
Google Cloud Specific | N/A
|
JSON | 2025-01-29 View Change |
| Secure Access Service Edge | SYMANTEC_WEB_ISOLATION
|
JSON | 2022-07-08 View Change |
|
| Remote Access Tools | CYOLO_OT
|
SYSLOG + KV , SYSLOG + KV + JSON | 2025-12-22 View Change |
|
| Bot Protection | IMPERVA_ABP
|
JSON | 2026-02-26 View Change |
|
| AV and endpoint logs | CYNET_360_AUTOXDR
|
JSON / CEF | 2025-10-01 View Change |
|
| Database | MICROSOFT_SQL
|
SYSLOG + KV, JSON, SYSLOG + JSON, CSV, XML, SYSLOG + XML, SYSLOG | 2026-03-12 View Change |
|
| Network Management and Optimization software | EXTREME_WIRELESS
|
SYSLOG | 2025-11-20 View Change |
|
|
StackHawk
|
Vulnerability scanners | STACKHAWK
|
JSON | 2025-02-18 View Change |
Supported log types without a default parser
Google Security Operations SIEM does not provide a default parser for these log types. You can ingest raw logs from these devices using the Google Security Operations SIEM Ingestion API or the Google Security Operations SIEM forwarder. Google Security Operations SIEM will not normalize the data to structured Unified Data Model format.
You can create a custom parser to normalize these logs. You can also search raw logs .
| Vendor / Product | Ingestion label |
|---|---|
| Absolute Secure Endpoint | ABSOLUTE_SECURE_ENDPOINT
|
| Accenture Synthetic | ACCENTURE_SYNTHETIC
|
| Accops Hysecure VPN | ACCOPS_HYSECURE_VPN
|
| Acquia Cloud Platform | ACQUIA_CLOUD_PLATFORM
|
| Acronis Backup | ACRONIS
|
| Action1 | ACTION1
|
| Active Identity HID | ACTIVE_IDENTITY_HID
|
| Microsoft ActiveSync | ACTIVE_SYNC
|
| Adaptive Shield | ADAPTIVE_SHIELD
|
| Adaxes | ADAXES
|
| Addigy MDM | ADDIGY_MDM
|
| Admin by request PAM | ADMIN_BY_REQUEST
|
| Adobe Commerce | ADOBE_COMMERCE
|
| Adobe Experience Manager | ADOBE_EXPERIENCE_MANAGER
|
| Adobe I/O Runtime | ADOBE_IO_RUNTIME
|
| ManageEngine ADSelfService Plus | ADSELFSERVICE_PLUS
|
| ADTRAN NetVanta router | ADTRAN_NETVANTA
|
| Adyen Platform | ADYEN
|
| Agari Phishing Defense | AGARI_PHISHING_DEFENSE
|
| Aikido | AIKIDO
|
| Airbus Security Logging (ACD AISD) | AIRBUS_SECURITY_LOG
|
| Extreme Networks AirDefense | AIRDEFENSE
|
| Airwatch Context | AIRWATCH_CONTEXT
|
| Air Table | AIR_TABLE
|
| Akamai API Security | AKAMAI_API_SECURITY
|
| Akamai Prolexic | AKAMAI_DDOS
|
| Akamai DHCP | AKAMAI_DHCP
|
| Akamai Enterprise Threat Protector | AKAMAI_ETP
|
| Akamai Event Viewer | AKAMAI_EVT_VWR
|
| Akamai Guardicore | AKAMAI_GUARDICORE
|
| Akamai Kona Edge Grid | AKAMAI_KONA_EDGE_GRID
|
| Akamai Log Delivery Service | AKAMAI_LDS
|
| Akamai MFA | AKAMAI_MFA
|
| AlertLogic Notifications | ALERTLOGIC_NOTIFICATIONS
|
| Alert Enterprise Guardian | ALERT_GUARDIAN
|
| Alibaba Security Center | ALIBABA_SECURITY_CENTER
|
| AliCloud ActionTrail | ALICLOUD_ACTIONTRAIL
|
| AliCloud Anti DDos | ALICLOUD_ANTI_DDOS
|
| Alicloud ApsaraDB | ALICLOUD_APSARADB
|
| AliCloud Firewall | ALICLOUD_FIREWALL
|
| AliCloud WAF | ALICLOUD_WAF
|
| AlienVault Open Threat Exchange | ALIENVAULT_OTX
|
| Alkira IP Flow | ALKIRA_IP_FLOW
|
| Allot NetEnforcer | ALLOT_NETENFORCER
|
| Altiris Logs | ALTIRIS_LOGS
|
| Amavis | AMAVIS
|
| Analyst1 IOC | ANALYST1_IOC
|
| Anzenna | ANZENNA
|
| Apache Airflow | APACHE_AIRFLOW
|
| Apache Kafka Audit | APACHE_KAFKA_AUDIT
|
| Apache SpamAssassin | APACHE_SPAMASSASSIN
|
| APC Automatic Transfer Switch | APC_ATS
|
| APC Netbotz | APC_NETBOTZ
|
| APC Power Distribution Unit | APC_PDU
|
| APC Smart-UPS | APC_SMART_UPS
|
| APC StruxureWare Portal | APC_STRUXUREWARE
|
| Apiiro Cloud Application Security Platform | APIIRO
|
| Appgate Software-defined Perimeter | APPGATE_SDP
|
| Appsentinels | APPSENTINELS
|
| AppSmith Audit | APPSMITH_AUDIT
|
| AppViewX | APPVIEWX
|
| Aptos Enterprise Order Management | APTOS_EOM
|
| Arcon PAM | ARCON_PAM
|
| Arctic Security Arctic Node | ARCTIC_NODE
|
| Argo CD | ARGO_CD
|
| Argo Workflows | ARGO_WORKFLOWS
|
| Arista Guardian For Network Identity | ARISTA_AGNI
|
| Arista CorvilNet DANZ Integration | ARISTA_CORVILNET
|
| Arista CloudVision Portal | ARISTA_CVP
|
| Arista Extensible Operating System | ARISTA_EOS
|
| Arista NDR | ARISTA_NDR
|
| Arize Cloud | ARIZE_CLOUD
|
| Arkime Packet Capture | ARKIME_PCAP
|
| Armis | ARMIS
|
| Armorblox Email Security | ARMORBLOX_ESC
|
| Armor Anywhere | ARMOR_ANYWHERE
|
| Array Networks WAF | ARRAY_NETWORKS_WAF
|
| Aruba Access Point | ARUBA_AP
|
| Aruba Orchestrator | ARUBA_ORCHESTRATOR
|
| Aruba Switches | ARUBA_SWT
|
| Arxan Threat Analytics | ARXAN_THREAT_ANALYTICS
|
| Asana | ASANA
|
| Ascertia | ASCERTIA
|
| Asimily | ASIMILY
|
| AssetNote | ASSETNOTE
|
| AstriX | ASTRIX
|
| Atlan | ATLAN
|
| Atlassian Beacon | ATLASSIAN_BEACON
|
| Atlassian Jira Confluence Json | ATLASSIAN_CONFLUENCE_JSON
|
| Atlassian Guard Detect | ATLASSIAN_GUARD_DETECT
|
| Atlassian Jira Json | ATLASSIAN_JIRA_JSON
|
| Attack IQ | ATTACK_IQ
|
| AT&T Netbond | ATT_NETBOND
|
| AudioCodes Voice DNA | AUDIOCODES
|
| Authentic8 Silo | AUTHENTIC8_SILO
|
| AuthMind | AUTHMIND
|
| Authx Identity Management | AUTHX
|
| Authx User Context | AUTHX_USER_CONTEXT
|
| Autodesk Cad Cam | AUTODESK_CAD_CAM
|
| Autodesk Vault | AUTODESK_VAULT
|
| Automox | AUTOMOX_EPM
|
| Avast Business | AVAST_HUB
|
| Avaya Aura Session Manager | AVAYA_AURA_SESSION_MANAGER
|
| Avaya Session Border Controller | AVAYA_BORDER
|
| Avaya Interactive Voice Response | AVAYA_IVR
|
| Avaya VSP Switch | AVAYA_VSP
|
| Avaya Wireless | AVAYA_WIRELESS
|
| Avaza | AVAZA
|
| AvePoint EnPower | AVEPOINT_ENPOWER
|
| Aviatrix Cloud Network Platform | AVIATRIX
|
| Avigilon Alta Cloud Security | AVIGILON_ALTA_CLOUD_SECURITY
|
| Avigilon Ava Security Camera | AVIGILON_AVA_SECURITY_CAMERA
|
| AWS Dasha | AWS_DASHA
|
| AWS Dynamo DB | AWS_DYNAMO_DB
|
| AWS Elastic Kubernetes Service | AWS_EKS
|
| Amazon ElastiCache | AWS_ELASTI_CACHE
|
| Amazon FSx for Windows File Server | AWS_FSX
|
| AWS Inspector2 | AWS_INSPECTOR2
|
| AWS NGINX | AWS_NGINX
|
| AWS PY Tools | AWS_PY_TOOLS
|
| AWS Simple Email Service | AWS_SES
|
| AWS Shield | AWS_SHIELD
|
| Axis Atmos | AXIS_ATMOS
|
| Axis Camera | AXIS_CAMERA
|
| Axis License Plate Reader | AXIS_LPR
|
| Axis Security Audit | AXIS_OS
|
| Axonius Cybersecurity Asset Management | AXONIUS
|
| Axway | AXWAY
|
| Microsoft Azure | AZURE
|
| Azure AD Password Protection | AZURE_AD_PASSWORD_PROTECTION
|
| Azure AD Provisioning | AZURE_AD_PROVISIONING
|
| Azure App Configuration | AZURE_APPCONFIGURATION
|
| Azure App Platform | AZURE_APPPLATFORM
|
| Azure ArcData | AZURE_ARCDATA
|
| Azure ATP | AZURE_ATP
|
| Azure Authorization | AZURE_AUTHORIZATION
|
| Azure Bastion | AZURE_BASTION
|
| Azure Change Analysis | AZURE_CHANGEANALYSIS
|
| Azure Compute | AZURE_COMPUTE
|
| Azure Container Registry | AZURE_CONTAINER_REGISTRY
|
| Azure DataFactory | AZURE_DATAFACTORY
|
| Azure DNS logs | AZURE_DNS
|
| Azure DocumentDB | AZURE_DOCUMENTDB
|
| Azure Event Grid | AZURE_EVENTGRID
|
| Azure Event Hub | AZURE_EVENTHUB
|
| Azure Hybrid Compute | AZURE_HYBRIDCOMPUTE
|
| Azure Log Analytics Workspace | AZURE_LOG_ANALYTICS_WORKSPACE
|
| Azure Nix System | AZURE_NIX_SYSTEM
|
| Azure Network Security Group Event | AZURE_NSG_EVENT
|
| Azure Org Context | AZURE_ORG_CONTEXT
|
| Azure PostgreSQL | AZURE_POSTGRESQL
|
| Azure Recovery Services Vaults | AZURE_RECOVERY_SERVICES_VAULTS
|
| Azure Risky Users | AZURE_RISKY_USERS
|
| Azure Risk Events | AZURE_RISK_EVENTS
|
| Azure Security Center | AZURE_SECURITY_CENTER
|
| Azure Service Principal Logins | AZURE_SERVICE_PRINCIPAL_LOGINS
|
| Azure Windows Virtual Desktop Connections Logs | AZURE_WVD_CONNECTIONS
|
| Azure Windows Virtual Desktop Management Logs | AZURE_WVD_MANAGEMENT
|
| Babelforce | BABELFORCE
|
| Backbase Engagement Banking Platform | BACKBASE
|
| Backbox | BACKBOX
|
| Backstage | BACKSTAGE
|
| OneIdentity Balabit | BALABIT
|
| BambooHR | BAMBOO_HR
|
| Banner dd | BANNER_DD
|
| Baramundi | BARAMUNDI
|
| Barracuda CloudGen Access | BARRACUDA_CLOUDGEN_ACCESS
|
| Barracuda Impersonation Protection | BARRACUDA_IMPERSONATION
|
| Barracuda Incident Response | BARRACUDA_INCIDENTRESPONSE
|
| Barracuda Load Balancer ADC | BARRACUDA_LOAD_BALANCER
|
| Barracuda Content Shield | BARRACUDA_SHIELD
|
| Belden Switch | BELDEN_SWITCH
|
| Bettercloud | BETTERCLOUD
|
| BetterStack Uptime | BETTERSTACK_UPTIME
|
| BeyondTrust Cloud Privilege Broker | BEYONDTRUST_CPB
|
| BeyondTrust Management console | BEYONDTRUST_MC
|
| Beyond Identity | BEYOND_IDENTITY
|
| BindPlane Audit Logs | BINDPLANE
|
| Bitsight | BITSIGHT
|
| Bitvise SFTP | BITVISE_SFTP
|
| Bitvise SSHd | BITVISE_SSHD
|
| Bitwarden Password Manager User Context | BITWARDEN_USER_CONTEXT
|
| Biztalk | BIZTALK
|
| Blackberry Workspaces | BLACKBERRY_WORKSPACES
|
| BlinkOps | BLINKOPS
|
| Blockdaemon API | BLOCKDAEMON_API
|
| BloodHound | BLOODHOUND
|
| BloxOne Threat Defense DHCP | BLOXONE_DHCP
|
| Bluecat Address Manager | BLUECAT_AM
|
| Bluecat Micetro IP Address Management | BLUECAT_MICETRO_IPAM
|
| Blue Prism | BLUE_PRISM
|
| Blue Voyant | BLUE_VOYANT
|
| BMC Control-M | BMC_CONTROL_M
|
| Boeing Onboard Network System Logging | BOEING_ONS
|
| Core Privileged Access Manager (BoKS) | BOKS
|
| Boomi App | BOOMI
|
| Bravura Security | BRAVURA
|
| Bricata NDR | BRICATA_NDR
|
| Britive Audit API | BRITIVE_AUDIT_API
|
| BRIVO | BRIVO
|
| Broadcom Compliance Event Manager | BROADCOM_CEM
|
| Broadcom Edge Secure Web Gateway | BROADCOM_EDGE_SWG
|
| Brocade Fabric OS | BROCADE_FOS
|
| Brocade SANnav Management Portal | BROCADE_SANNAV
|
| Zeek DHCP | BRO_DHCP
|
| Zeek HTTP | BRO_HTTP
|
| BT IPControl | BT_IPCONTROL
|
| Buildkite Audit | BUILDKITE_AUDIT
|
| Burpsuite Application Security testing tool | BURPSUITE
|
| CallTower Audio Conferencing | CALLTOWER_AUDIO
|
| Cameyo Activity Logs | CAMEYO_ACTIVITY_LOGS
|
| Cameyo Bring Your Own Cloud | CAMEYO_BYO_CLOUD
|
| Canary Audit Trail | CANARY_AUDIT_TRAIL
|
| Canon Printers | CANON_PRINTERS
|
| Canvas LMS | CANVAS_LMS
|
| CATO SD-WAN | CATO_SDWAN
|
| CDNetworks Cloud Security | CDNETWORKS_CLOUD_SECURITY
|
| Celonis Audit Logs | CELONIS
|
| Censornet CASB | CENSORNET_CASB
|
| Cerberus FTP Server | CERBERUS_FTP
|
| ChatGPT Audit Logs | CHATGPT_AUDIT_LOGS
|
| Checkmarx One | CHECKMARX_ONE
|
| Check Point CloudGuard | CHECKPOINT_CLOUDGUARD
|
| Check Point Email | CHECKPOINT_EMAIL
|
| Check Point FDE | CHECKPOINT_FDE
|
| Checkpoint Gaia | CHECKPOINT_GAIA
|
| Chopin PrePay Solutions | CHOPIN_PPS
|
| Chronicle Feed | CHRONICLE_FEED
|
| Cilium | CILIUM
|
| Cisco Aironet | CISCO_AIRONET
|
| Cisco Cyber Vision | CISCO_CYBER_VISION
|
| Cisco DNS | CISCO_DNS
|
| Cisco Firepower Threat Defense | CISCO_FIREPOWER_THREAT_DEFENSE
|
| Cisco Meraki Camera | CISCO_MERAKI_CAMERA
|
| Cisco Nexus Dashboard Orchestrator | CISCO_NDO
|
| Cisco NetFlow | CISCO_NETFLOW
|
| Cisco Remote Access VPN | CISCO_RAVPN
|
| Cisco Secure Access Zero Trust Access Flow | CISCO_SECURE_ACCESS_FLOW
|
| Cisco Secure Email Threat Defense | CISCO_SECURE_EMAIL_THREAT_DEFENSE
|
| Cisco Secure Endpoint | CISCO_SECURE_ENDPOINT
|
| Cisco Secure Malware Analytics | CISCO_SECURE_MALWARE_ANALYTICS
|
| Cisco Security Cloud Control | CISCO_SECURITY_CLOUD_CONTROL
|
| Cisco Content Security Management Appliance | CISCO_SMA
|
| Cisco SNMP Trapd | CISCO_SNMP
|
| Cisco StarOS | CISCO_STAR_OS
|
| Cisco Umbrella Firewall | CISCO_UMBRELLA_FIREWALL
|
| Cisco Umbrella IPS | CISCO_UMBRELLA_IPS
|
| Cisco Viptela | CISCO_VIPTELA
|
| Cisco Vulnerability Management | CISCO_VULNERABILITY_MANAGEMENT
|
| CiscoXDR | CISCO_XDR
|
| Citadel Identity360 | CITADEL_IDENTITY360
|
| Citrix Netscaler Web Logs | CITRIX_NETSCALER_WEB_LOGS
|
| Citrix SD-WAN | CITRIX_SDWAN
|
| Citrix Session Metadata | CITRIX_SESSION_METADATA
|
| Citrix Virtual Desktop Infrastructure | CITRIX_VDI
|
| Citrix WAF | CITRIX_WAF
|
| Citrix Web Gateway | CITRIX_WEB_GATEWAY
|
| Citrix Workspace | CITRIX_WORKSPACE
|
| Citrix XenCenter | CITRIX_XENCENTER
|
| Claroty xDome Secure Access | CLAROTY_XDOME_SECURE_ACCESS
|
| Claude Compliance Logs | CLAUDE_COMPLIANCE_LOGS
|
| Clavistier Firewall | CLAVISTER_FIREWALL
|
| Cleafy | CLEAFY
|
| Clear Bank Portal Audit | CLEARBANK_PORTAL
|
| Clearsense Healthcare Analytics | CLEARSENSE
|
| ClickHouse | CLICKHOUSE
|
| Click Studios Passwordstate | CLICK_STUDIOS_PASSWORDSTATE
|
| Cloudaware | CLOUDAWARE
|
| CloudBees | CLOUDBEES
|
| CloudBolt | CLOUDBOLT
|
| Cloudera Ranger | CLOUDERA_RANGER
|
| Cloudflare Access | CLOUDFLARE_ACCESS
|
| Cloudflare Bot Management | CLOUDFLARE_BOT_MANAGEMENT
|
| CloudFlare CASB Findings | CLOUDFLARE_CASB_FINDINGS
|
| Cloudflare Device posture results | CLOUDFLARE_DEVICE_POSTURE_RESULTS
|
| Cloudflare DLP Forensic Copies | CLOUDFLARE_DLP_FORENSIC_COPIES
|
| Cloudflare DNS Firewall Logs | CLOUDFLARE_DNS_FIREWALL_LOGS
|
| Cloudflare DNS logs | CLOUDFLARE_DNS_LOGS
|
| CloudFlare Email Security Alerts | CLOUDFLARE_EMAIL_SECURITY_ALERTS
|
| Cloudflare Firewall Events | CLOUDFLARE_FIREWALL_EVENTS
|
| Cloudflare Gateway DNS | CLOUDFLARE_GATEWAY_DNS
|
| Cloudflare Gateway HTTP | CLOUDFLARE_GATEWAY_HTTP
|
| Cloudflare Gateway Network | CLOUDFLARE_GATEWAY_NETWORK
|
| Cloudflare HTTP requests | CLOUDFLARE_HTTP_REQUESTS
|
| Cloudflare Magic IDS Detections | CLOUDFLARE_MAGIC_IDS_DETECTIONS
|
| Cloudflare NEL reports | CLOUDFLARE_NEL_REPORTS
|
| Cloudflare Sinkhole HTTP Logs | CLOUDFLARE_SINKHOLE_HTTP_LOGS
|
| Cloudflare Spectrum | CLOUDFLARE_SPECTRUM
|
| Cloudflare SSH Logs | CLOUDFLARE_SSH_LOGS
|
| Cloudflare Workers Trace Events | CLOUDFLARE_WORKERS_TRACE_EVENTS
|
| Cloudflare Zero Trust Network Session | CLOUDFLARE_ZERO_TRUST_NETWORK_SESSION
|
| Cloud Passage (CSM) | CLOUDPASSAGE_CSM
|
| Cloud Passage (FIM) | CLOUDPASSAGE_FIM
|
| Cloud Passage (LIDS) | CLOUDPASSAGE_LIDS
|
| Cloud Passage (SVM) | CLOUDPASSAGE_SVM
|
| Cloudsek Alerts | CLOUDSEK_ALERTS
|
| CloudWave Honeypot | CLOUDWAVE_HONEYPOT
|
| cmd.com | CMD
|
| Coalition Control API | COALITION
|
| Cockroach DB | COCKROACH_DB
|
| Coda Io | CODA_IO
|
| Code42 CrashPlan | CODE42
|
| Code Worldwide | CODE_WORLDWIDE
|
| Cofense Vision | COFENSE_VISION
|
| Cohesity Helios | COHESITY_HELIOS
|
| Cohesity Smartfiles | COHESITY_SMARTFILES
|
| ColorTokens | COLORTOKENS
|
| Commvault Metallic | COMMVAULT_METALLIC
|
| Conductor One | CONDUCTOR_ONE
|
| Confluent Audit | CONFLUENT_AUDIT
|
| ConnectWise Automate | CONNECTWISE_AUTOMATE
|
| ConnectWise Control | CONNECTWISE_CONTROL
|
| Contrast Security | CONTRAST_SECURITY
|
| Control D DNS | CONTROL_D
|
| Control Plane | CONTROL_PLANE
|
| Control UP | CONTROL_UP
|
| Conversational Agents and Dialogflow | CONVERSATIONAL_AGENT
|
| Corero SmartWall One | CORERO_SMARTWALL_ONE
|
| CoreView Audit-log SIEM integration | COREVIEW
|
| Corrata | CORRATA
|
| Palo Alto Cortex Xpanse | CORTEX_XPANSE
|
| Pico Corvilnet Engine | CORVILNET_ENGINE
|
| Cradlepoint Router Logs | CRADLEPOINT
|
| Cradlepoint NetCloud | CRADLEPOINT_NETCLOUD
|
| Cribl AppScope | CRIBL_APPSCOPE
|
| Cribl Cloud | CRIBL_CLOUD
|
| Cribl Edge | CRIBL_EDGE
|
| Cribl Search | CRIBL_SEARCH
|
| CrowdStrike Cloud Security | CROWDSTRIKE_CSPM
|
| CrowdStrike DLP | CROWDSTRIKE_DLP
|
| CrowdStrike Falcon Shield | CROWDSTRIKE_FALCON_SHIELD
|
| Crowdstrike Recon (TI) | CROWDSTRIKE_RECON
|
| Crowdstrike Spotlight | CROWDSTRIKE_SPOTLIGHT
|
| ProLion CryptoSpike | CRYPTOSPIKE
|
| CSG Custom Rules Engine | CSG_CUSTOMENGINE
|
| CSG Singleview | CSG_SINGLEVIEW
|
| CSV Custom CMDB | CSV_CUSTOM_CMDB
|
| CrowdStrike Falcon CEF | CS_CEF_EDR
|
| Crowdstrike Endpoint Security API | CS_ENDPOINT_SECURITY_API
|
| CTERA Drive | CTERA_DRIVE
|
| Cubist Audit | CUBIST_AUDIT
|
| Culture AI | CULTURE_AI
|
| Customer Alerts | CUSTOMER_ALERT
|
| Custom CSV Log | CUSTOM_CSV_LOG
|
| Custom Host Forensics | CUSTOM_HOST_FORENSICS
|
| Cyberark Identity | CYBERARK_IDENTITY
|
| Cyberark Identity Audit | CYBERARK_IDENTITY_AUDIT
|
| CyberArk Secure Cloud Access | CYBERARK_SCA
|
| CyberArk Identity Single Sign-On | CYBERARK_SSO
|
| Connectsecure | CYBERCNS
|
| Cyberhaven Data Detection and Response | CYBERHAVEN_DDR
|
| Cyberhaven | CYBERHAVEN_EVENTS
|
| Cyberint | CYBERINT
|
| Cybersixgill | CYBERSIXGILL
|
| Cycode Platform | CYCODE
|
| CyCognito ASM | CYCOGNITO_ASM
|
| Insider threat detection and response | CYDERES_INSIDER
|
| Cyderes IOC | CYDERES_IOC
|
| Cyfirma DeCYFIR ServiceNow | CYFIRMA_DECYFIR
|
| Cylance | CYLANCE
|
| Cylera IOT | CYLERA_IOT
|
| Cymulate | CYMULATE
|
| Cynerio Healthcare NDR | CYNERIO_NDR_H
|
| Cyolo Zero Trust | CYOLO_ZTNA
|
| Cyral | CYRAL
|
| Cytracom Control One | CYTRACOM_CONTROL_ONE
|
| C Zentrix | C_ZENTRIX
|
| D3 Security | D3_SECURITY
|
| Datadog Application Security Management | DATADOG_ASM
|
| Dataiku DSS Logging | DATAIKU_DSS_LOGS
|
| DataLocker SafeConsole | DATALOCKER_SAFECONSOLE
|
| Datalust | DATALUST
|
| Datasunrise Dam | DATASUNRISE_DAM
|
| Datawatch | DATAWATCH
|
| DATEV | DATEV
|
| DBT Cloud | DBT_CLOUD
|
| DealCloud | DEAL_CLOUD
|
| Deepfence Network Monitoring | DEEPFENCE
|
| DefectDojo | DEFECTDOJO
|
| Delinea PBA | DELINEA_PBA
|
| Delinea Privilege Manager | DELINEA_PRIVILEGE_MANAGER
|
| Delinea Server Suite | DELINEA_SERVER_SUITE
|
| Dell Compellent | DELL_COMPELLENT
|
| Dell Cyber Recovery Manager | DELL_CRM
|
| Dell EMC Avamar | DELL_EMC_AVAMAR
|
| Dell EMC Cloudlink | DELL_EMC_CLOUDLINK
|
| Dell Core Switch | DELL_EMC_NETWORKING
|
| Dell EMC Unity | DELL_EMC_UNITY
|
| Dell EMC UnityVSA | DELL_EMC_UNITY_VSA
|
| Dell RecoverPoint | DELL_RECOVERPOINT
|
| Dell VxRail | DELL_VXRAIL
|
| Dell SonicWALL WAF | DELL_WAF
|
| Design Profit Central Server | DESIGN_PROFIT_CENTRAL_SERVER
|
| Device 42 | DEVICE_42
|
| Devolutions Remote Desktop Manager | DEVOLUTIONS_RDM
|
| Divvy Cloud | DIVVY_CLOUD
|
| DLink Switch | DLINK_SWITCH
|
| Dmarcian | DMARCIAN
|
| Docker | DOCKER
|
| Docker Hub Activity | DOCKER_HUB_ACTIVITY
|
| DocuSign | DOCUSIGN
|
| DOMO Business Cloud | DOMO
|
| Doppel | DOPPEL
|
| Dragos | DRAGOS
|
| Draytek Firewall | DRAYTEK
|
| Draytek Router | DRAYTEK_ROUTER
|
| Dremio Data Lakehouse | DREMIO_DATA_LAKEHOUSE
|
| Dropbox | DROPBOX
|
| Drupal Logging | DRUPAL
|
| Druva | DRUVA
|
| DSP Toolkit audit | DSP_AUDIT
|
| Dtex Audit | DTEX_AUDIT
|
| Dtex Intercept | DTEX_INTERCEPT
|
| Cisco Duo Authentication Proxy | DUO_AUTH_PROXY
|
| Duo Access Gateway | DUO_CASB
|
| Duo Network Gateway | DUO_NETWORK_GATEWAY
|
| Duo Trust Monitor | DUO_TRUST_MONITOR
|
| Dynatrace | DYNATRACE
|
| E2 Guardian | E2_GUARDIAN
|
| CWT SatoTravel | E2_SOLUTIONS
|
| Easy NAC | EASY_NAC
|
| Eaton UPS | EATON_UPS
|
| eCAR | ECAR
|
| eCAR Bro | ECAR_BRO
|
| Edgecore Networks | EDGECORE_NETWORKS
|
| Edgio CDN | EDGIO_CDN
|
| Edgio Rate Limiting | EDGIO_RL
|
| Efax | EFAX
|
| Egnyte | EGNYTE
|
| Egress Defend | EGRESS_DEFEND
|
| Egress Prevent | EGRESS_PREVENT
|
| EclecticIQ EDR | EIQ_EDR
|
| Elastic Security | ELASTIC_EDR
|
| Elastic File Beats | ELASTIC_FILEBEAT
|
| Elastic Metric Beats | ELASTIC_METRICBEAT
|
| ELO | ELO
|
| Emerson Smart Firewall | EMERSON_FIREWALL
|
| Emsisoft AntiVirus | EMSISOFT_ANTIVIRUS
|
| Endgame | ENDGAME_EDR
|
| Ensono Cloud Mainframe Solution | ENSONO
|
| Entrust NTP Server | ENTRUST_NTP_SERVER
|
| Entrust Secrets Vault | ENTRUST_SECRETS_VAULT
|
| Entrust DataControl Audit | ENTR_DATACTRL_AUDIT
|
| Erlang Shell Logs | ERLANG_SHELL
|
| Ermes Web Protection | ERMES
|
| Ermetic | ERMETIC
|
| Eset Protect Platform | ESET_PROTECT_PLATFORM
|
| E-Share platform | ESHARE_PLATFORM
|
| Estar | ESTAR
|
| ETQ Reliance | ETQ_RELIANCE
|
| Evidos Firewall | EVIDOS_FIREWALL
|
| Exabeam Fusion XDR | EXABEAM_FUSION_XDR
|
| Exim Internet Mailer | EXIM_INTERNET_MAILER
|
| Express NodeJS | EXPRESS_NODEJS
|
| Exterro FTK Central | EXTERRO_FTK_CENTRAL
|
| ExtraHop DHCP | EXTRAHOP_DHCP
|
| ExtremeWare Operating System (OS) | EXTREMEWARE_NETWORKS
|
| xtreme Networks ExtremeControl NAC Solution | EXTREME_CONTROL
|
| Extreme Management Center | EXTREME_MANAGEMENT
|
| EzProxy | EZPROXY
|
| F5 Bot | F5_BOT
|
| F5 Distributed Cloud WAF | F5_DCS_WAF
|
| F5 F5OS-A Logging | F5_F5OS_A
|
| F5 IP Intelligence | F5_IP_INTELLIGENCE
|
| F5 System Logs | F5_SYSTEM_LOGS
|
| Fail2Ban Scan | FAIL2BAN
|
| FairXchange Horizon | FAIRXCHANGE_HORIZON
|
| Farsight DNSDB | FARSIGHT_DNSDB
|
| FA Solutions | FA_SOLUTIONS
|
| Featurespace Aric | FEATURESPACE_ARIC
|
| Feenics Access Control | FEENICS_ACCESS_CONTROL
|
| Fidelis Endpoint | FIDELIS_ENDPOINT
|
| Figma Developers | FIGMA
|
| FileMage SFTP | FILEMAGE_SFTP
|
| Files dot com | FILES_DOT_COM
|
| Firebase | FIREBASE
|
| Fireblocks | FIREBLOCKS
|
| FireEye CMS | FIREEYE_CMS
|
| FireEye Helix | FIREEYE_HELIX
|
| FireMon Firewall | FIREMON_FIREWALL
|
| Fisglobal Quantum | FISGLOBAL_QUANTUM
|
| Flashpoint IOC | FLASHPOINT_IOC
|
| Fleet DM | FLEET_DM
|
| FM Systems Workplace Management | FM_SYSTEMS
|
| Forcepoint Insider Threat | FORCEPOINT_FIT
|
| Forcepoint One | FORCEPOINT_ONE
|
| Forcepoint Secure Web Gateway | FORCEPOINT_SWG
|
| Forcepoint V Series | FORCEPOINT_VSERIES
|
| Fortanix Data Security Manager | FORTANIX_DSM
|
| Fortinet ADC | FORTINET_ADC
|
| Fortinet Wireless Access Point | FORTINET_AP
|
| Fortinet FortiDeceptor | FORTINET_FORTIDECEPTOR
|
| Fortinet FortiDLP | FORTINET_FORTIDLP
|
| Fortinet Network Detection and Response | FORTINET_FORTINDR
|
| Fortinet FortiSASE | FORTINET_FORTISASE
|
| Fortinet FortiGate IPS | FORTINET_IPS
|
| Fortra Vulnerability Management | FORTRA_VM
|
| Foundry Fastiron | FOUNDRY_FASTIRON
|
| FoxPass Audit Logs | FOXPASS_AUDIT_LOGS
|
| Fox-IT | FOX_IT_STIX
|
| FreeIPA | FREEIPA
|
| FreeRADIUS | FREERADIUS
|
| Front | FRONT
|
| Digital Defense Frontline VM | FRONTLINE_VM
|
| FS-ISAC IOC | FS_ISAC_IOC
|
| Fusion Auth | FUSION_AUTH
|
| Futurex HSM | FUTUREX_HSM
|
| GateWatcher NDR | GATEWATCHER_NDR
|
| GCP Artifact Registry | GCP_ARTIFACT_REGISTRY
|
| GCP Cloud Asset Inventory | GCP_CLOUD_ASSET_INVENTORY
|
| GCP Identity Toolkit | GCP_IDENTITYTOOLKIT
|
| GCP Google Kubernetes Container Security | GCP_KUBERNETES_CONTAINER_SECURITY
|
| GCP Threat Detection | GCP_THREAT_DETECTION
|
| Gemini Code Assist | GEMINI_CODE_ASSIST
|
| Gene6 FTP Server | GENE6_FTP
|
| Genea Access Control | GENEA_ACCESS_CONTROL
|
| Genesys Audit | GENESYS_AUDIT
|
| Genetec Audit | GENETEC_AUDIT
|
| Genetec Synergis | GENETEC_SYNERGIS
|
| Genian NAC | GENIAN_NAC
|
| Ghangor DLP | GHANGOR_DLP
|
| Gigamon | GIGAMON
|
| Gigya CIAM | GIGYA_CIAM
|
| Github Events | GITHUB_EVENTS
|
| Glean | GLEAN
|
| Globalscape SFTP | GLOBALSCAPE_SFTP
|
| GlusterFS | GLUSTER_FS
|
| GluWare Network Automation | GLUWARE_NETWORK_AUTOMATION
|
| GL TRADE | GL_TRADE
|
| GMV Checker User Context | GMV_CHECKER_CONTEXT
|
| GoAnywhere MFT | GOANYWHERE_MFT
|
| GoDaddy DNS | GODADDY_DNS
|
| GoldiLock | GOLDILOCK
|
| Gong | GONG
|
| Google Ads | GOOGLE_ADS
|
| Grafana | GRAFANA
|
| GrayhatWarfare | GRAYHATWARFARE
|
| Graylog Operations | GRAYLOG
|
| GreatHorn Email Security | GREATHORN
|
| Greenhouse Harvest | GREENHOUSE_HARVEST
|
| Group-IB Threat Intelligence | GROUP_IB
|
| Guidewire Billing Center | GUIDEWIRE_BILLING_CENTER
|
| Guidewire Claim Center | GUIDEWIRE_CLAIM_CENTER
|
| Guidewire Policy Center | GUIDEWIRE_POLICY_CENTER
|
| Gurucul Risk Analytics | GURUCUL
|
| H3C Router | H3C_ROUTER
|
| Halo | HALO
|
| Halo Sensor | HALO_SENSOR
|
| HaProxy LoadBalancer | HAPROXY_LOADBALANCER
|
| Harbor | HARBOR
|
| Harfanglab EDR | HARFANGLAB_EDR
|
| Hashcast | HASHCAST
|
| Hashicorp Boundary | HASHICORP_BOUNDARY
|
| Hashicorp Nomad | HASHICORP_NOMAD
|
| Hashicorp Terraform | HASHICORP_TERRAFORM
|
| HAVI Connect | HAVI_CONNECT
|
| Perforce Helix Core | HELIX_CORE
|
| Heroku | HEROKU
|
| Hex | HEX
|
| HiBob | HIBOB
|
| HaveIBeenPwned | HIBP
|
| Hillstone NDR | HILLSTONE_NDR
|
| Hirschmann Switch | HIRSCHMANN_SWITCH
|
| Hitachi PAM | HITACHI_ID_PAM
|
| HL7 | HL7
|
| Honeywell Cyber Insights | HONEYWELL_CYBERINSIGHTS
|
| HoopDev | HOOPDEV
|
| Hornet Email Security | HORNET_SECURITY
|
| Hoxhunt | HOXHUNT
|
| HPE Alletra | HPE_ALLETRA
|
| Hewlett Packard Enterprise SAN | HPE_SAN
|
| HP Inc MFP | HP_INC_MFP
|
| HPE Oneview | HP_ONEVIEW
|
| HP Poly | HP_POLY
|
| HP Printer logs | HP_PRINTER
|
| HP Router | HP_ROUTER
|
| HP Tandem | HP_TANDEM
|
| HP Wolf Pro Security | HP_WOLF
|
| Huawei Campus Switch | HUAWEI_CAMPUS_SWITCH
|
| Huawei CloudEngine | HUAWEI_CLOUDENGINE
|
| Huawei Cloud Trace Service Audit | HUAWEI_CTS_AUDIT
|
| Huawei NextGen Firewall | HUAWEI_FIREWALL
|
| Huawei Fusion Sphere Hypervisor | HUAWEI_FUSIONSPHERE
|
| Huawei NAC | HUAWEI_NAC
|
| Huawei SecMaster | HUAWEI_SECMASTER
|
| Huawei Versatile Routing Platform | HUAWEI_VRP
|
| Huawei Wireless | HUAWEI_WIRELESS
|
| HubSpot Activity Logs | HUBSPOT_ACTIVITY
|
| HubSpot CRM Platform | HUBSPOT_CRM
|
| HubSpot Authentication Logs | HUBSPOT_LOGIN
|
| Human Security | HUMAN_SECURITY
|
| Health ISAC | H_ISAC
|
| 3Com 8800 Series Switch | IBM_3COM
|
| IBM Cleversafe Object Storage | IBM_CLEVERSAFE
|
| IBM Cloud System | IBM_CLOUD_SYSTEM
|
| IBM Cognos Analytics | IBM_COGNOS
|
| IBM Copy Services Manager | IBM_CSM
|
| IBM ILO | IBM_ILO
|
| IBM Security Guardium Insights | IBM_INSIGHTS
|
| IBM KNS | IBM_KNS
|
| IBM MQ File Transfer | IBM_MQ_FILE_TRANSFER
|
| IBM NS1 | IBM_NS1
|
| IBM Planning Analytics | IBM_PA
|
| IBM Sense | IBM_SENSE
|
| IBM Spectrum Protect | IBM_SPECTRUM_PROTECT
|
| IBM Storwize | IBM_STORWIZE
|
| IBM Switch | IBM_SWITCH
|
| IBM Tririga | IBM_TRIRIGA
|
| IBM WinCollect | IBM_WINCOLLECT
|
| Idecsi | IDECSI
|
| Identity Security Cloud | IDENTITY_SECURITY_CLOUD
|
| Dell iDRAC | IDRAC
|
| IIJ_LanScope | IIJ_LANSCOPE
|
| ImageNow | IMAGENOW
|
| iManage Cloud Platform | IMANAGE_CLOUD
|
| iManage Threat Manager | IMANAGE_THREAT_MANAGER
|
| Imperva Cloud WAF | IMPERVA_CLOUD_WAF
|
| Imperva Data Risk Analytics | IMPERVA_DATA_ANALYTICS
|
| Imperva Sonar | IMPERVA_SONAR
|
| Imprivata Confirm ID | IMPRIVATA_CONFIRM_ID
|
| Imprivata Identity Governance | IMPRIVATA_IDG
|
| Imprivata OneSign | IMPRIVATA_ONESIGN
|
| IM Express | IM_EXPRESS
|
| Incident Io | INCIDENT_IO
|
| Indefend DLP | INDEFEND_DLP
|
| Indusface WAF | INDUSFACE_WAF
|
| INFINICO NetWyvern Series Appliance | INFINICO_NETWYVERN
|
| Infinidat | INFINIDAT
|
| Infisical | INFISICAL
|
| Infoblox Loadbalancer | INFOBLOX_LOADBALANCER
|
| Infoblox NetMRI | INFOBLOX_NETMRI
|
| Informatica | INFORMATICA
|
| Informatica Powercenter | INFORMATICA_POWERCENTER
|
| INKY Secure Email | INKY
|
| Intezer | INTEZER
|
| Intruder.IO | INTRUDER_IO
|
| Invicti | INVICTI
|
| inWebo MFA | INWEBO_MFA
|
| IPFire | IPFIRE
|
| Ipswitch MOVEit Automation | IPSWITCH_MOVEIT_AUTOMATION
|
| Ironclad | IRONCLAD
|
| Ironscales | IRONSCALES
|
| iSecurity | Security Services and Remediation | ISECURITY
|
| Isonline ISL Light | ISL_LIGHT
|
| Itential Pronghorn | ITENTIAL_PRONGHORN
|
| iTop | ITOP
|
| Ivanti Application Control | IVANTI_APP_CONTROL
|
| Ivanti Connect Secure | IVANTI_CONNECT_SECURE
|
| Ivanti Device Control | IVANTI_DEVICE_CONTROL
|
| Ivanti Endpoint Manager Mobile | IVANTI_ENDPOINT_MANAGER_MOBILE
|
| ISM Xtraction | IVANTI_XTRACTION
|
| iverify | IVERIFY
|
| Jamf Compliance Reporter | JAMF_COMPLIANCE_REPORTER
|
| Jamf Connect | JAMF_CONNECT
|
| Jamf Protect Network Traffic | JAMF_NETWORK_TRAFFIC
|
| Jamf Protect Alerts V2 | JAMF_PROTECT_V2
|
| Jamf Pro MDM | JAMF_PRO_MDM
|
| JBoss Web | JBOSS_WEB
|
| IBM JDE | JDE
|
| JiranSecurity MailScreen | JIRANSECURITY_MAILSCREEN
|
| Jit | JIT
|
| Joblogic | JOBLOGIC
|
| JSCAPE SFTP | JSCAPE_SFTP
|
| JumpCloud Directory as a Service | JUMPCLOUD_DAAS
|
| JumpCloud Desktop | JUMPCLOUD_DESKTOP
|
| Jumpcloud IAM | JUMPCLOUD_IAM
|
| JumpServer PAM | JUMPSERVER_PAM
|
| Juniper Edge | JUNIPER_EDGE
|
| Juniper SSR Conductor | JUNIPER_SSR_CONDUCTOR
|
| Juniper Secure Connect VPN | JUNIPER_VPN
|
| Jupiter One | JUPITER_ONE
|
| KACE Service Desk | KACE_SERVICE_DESK
|
| KACE Systems Management Appliance | KACE_SMA
|
| Kamailio | KAMAILIO
|
| Kandji | KANDJI
|
| Kandji Context | KANDJI_CONTEXT
|
| Kaseya IT Management | KASEYA
|
| Kaspersky for Microsoft Office 365 | KASPERSKY_O365_EVENTS
|
| Keepalived Routing software | KEEPALIVED
|
| Keep Aware | KEEP_AWARE
|
| Kentik DDoS Detection | KENTIK_ALERTS
|
| Keyfactor | KEYFACTOR
|
| Keysight Packet Brokers | KEYSIGHT
|
| Kibana audit logs | KIBANA
|
| Kion | KION
|
| KnowBe4 Audit Log | KNOWBE4
|
| Kodem Security | KODEM_SECURITY
|
| Kustomer CRM | KUSTOMER_CRM
|
| Kyverno | KYVERNO
|
| LangSmith Audit | LANGSMITH_AUDIT
|
| Lansweeper Asset Management | LANSWEEPER
|
| Lark Suite | LARK_SUITE
|
| LaunchDarkly | LAUNCH_DARKLY
|
| LayerX | LAYERX
|
| LOAD_BALANCER_ADC | LB_ADC
|
| LeanIX Enterprise | LEANIX
|
| Leanix CMDB | LEANIX_CMDB
|
| LeapXpert Audit Logs | LEAPXPERT_AUDIT
|
| Lenels2 Elements Secure | LENELS2_ELEMENTS_SECURE
|
| Lepide | LEPIDE
|
| Lexmark Printer logs | LEXMARK_PRINTER
|
| Liaison NuBridges Platform | LIAISON_NUBRIDGES
|
| Libraesva Email Security | LIBRAESVA_EMAIL
|
| LinOTP | LIN_OTP
|
| Lira | LIRA
|
| Lockself Lockpass | LOCKSELF_LOCKPASS
|
| Apache LOG4J Java Application Log | LOG4J
|
| LogicGate | LOGICGATE
|
| Logic Monitor | LOGICMONITOR
|
| LookingGlass Aenoik IDPS | LOOKINGGLASS_IPS
|
| Looking Glass | LOOKING_GLASS_IOC
|
| LSI Badge Management System | LSI_BMS
|
| Lumen DDoS Hyper | LUMEN_DDOS_HYPER
|
| Lumeta Spectre | LUMETA
|
| Lumos | LUMOS
|
| Lumu Universal SIEM | LUMU
|
| Lenovo XClarity Orchestrator | LXC_ORCHESTRATOR
|
| Macmon | MACMON
|
| MacStadium | MACSTADIUM
|
| Magento Cloud | MAGENTO_CLOUD
|
| Magic Collaboration Studio | MAGIC_CS
|
| MailScanner | MAILSCANNER
|
| Maltiverse IOC | MALTIVERSE_IOC
|
| Mambu | MAMBU
|
| Mamori Database Activity Monitoring | MAMORI_DAM
|
| Manage Engine Endpoint | MANAGEENGINE_ENDPOINT
|
| ManageEngine NCM | MANAGEENGINE_NCM
|
| ManageEngine Remote Access Plus | MANAGEENGINE_RAP
|
| ManageEngine Asset Explorer | MANAGE_ENGINE_ASSET_EXPLR
|
| ManageEngine Endpoint Central | MANAGE_ENGINE_ENDPT_CNTRL
|
| ManageEngine OpUtils | MANAGE_ENGINE_OPUTILS
|
| ManageEngine PAM360 | MANAGE_ENGINE_PAM360
|
| ManageEngine Password Manager Pro | MANAGE_ENGINE_PASSWORD_MANAGER
|
| Mandiant Attack Surface Management Entity | MANDIANT_ASM_ENTITY
|
| Mandiant Attack Surface Management Discovered Issue | MANDIANT_ASM_ISSUE
|
| Mandiant Attack Surface Management Technology | MANDIANT_ASM_TECHNOLOGY
|
| Mandiant Digital Threat Monitoring | MANDIANT_DTM_ALERTS
|
| Mango Apps | MANGOAPPS
|
| Manhattan Warehouse Management System | MANHATTAN_WMS
|
| Material Security | MATERIAL_SECURITY
|
| Matrix Frontier Badge Management | MATRIX_FRONTIER
|
| Mandiant Advantage Security Validation | MA_SV
|
| McAfee Application Control | MCAFEE_APP_CONTROL
|
| McAfee Advanced Threat Defense | MCAFEE_ATD
|
| McAfee MVISION EDR | MCAFEE_EDR
|
| McAfee Network Security Platform | MCAFEE_NSP
|
| McAfee Solid Core | MCAFEE_SOLID_CORE
|
| Medigate CMDB | MEDIGATE_CMDB
|
| Melissa | MELISSA
|
| Mellanox Switch | MELLANOX_SWITCH
|
| Mend IO | MEND_IO
|
| Metaswitch Perimeta | METASWITCH_PERIMETA
|
| Meta Marketing | META_MARKETING
|
| Miasma SecretScanner | MIASMA_SECRETSCANNER
|
| MicroSemi NTP | MICROSEMI_NTP
|
| Microsoft Ads | MICROSOFT_ADS
|
| Microsoft CASB Files & Entities | MICROSOFT_CASB_CONTEXT
|
| Microsoft Azure Databricks | MICROSOFT_DATABRICKS_WORKSPACES
|
| Microsoft Defender for Cloud Apps | MICROSOFT_DEFENDER_CLOUD_APPS
|
| Microsoft Dotnet Log Files | MICROSOFT_DOTNET
|
| Microsoft Defender External Attack Surface Management | MICROSOFT_EASM
|
| Microsoft Entra ID Protection | MICROSOFT_ENTRA_ID_PROTECTION
|
| Microsoft Graph Incident | MICROSOFT_GRAPH_INCIDENT
|
| Microsoft Graph Risky Users | MICROSOFT_GRAPH_RISKY_USERS
|
| Microsoft Identity Protection | MICROSOFT_IDENTITY_PROTECTION
|
| Microsoft Insights/Components | MICROSOFT_INSIGHTS_COMPONENTS
|
| Power BI Activity Log | MICROSOFT_POWERBI_ACTIVITY_LOG
|
| Microsoft Purview | MICROSOFT_PURVIEW
|
| Microsoft Azure AD Risk Detections | MICROSOFT_RISK_DETECTIONS
|
| Microsoft Security Actions | MICROSOFT_SECURITY_ACTIONS
|
| Microsoft Security Advisories Alerts | MICROSOFT_SECURITY_ALERTS
|
| Microsoft ServiceBus/Namespaces | MICROSOFT_SERVICEBUS_NAMESPACES
|
| Microsoft Azure SQL Managed Instances | MICROSOFT_SQL_MANAGED_INSTANCES
|
| Microsoft SSTP VPN | MICROSOFT_SSTP
|
| Microsoft Threat Indicators | MICROSOFT_THREAT_INDICATORS
|
| Mimecast Attachment Logs | MIMECAST_ATTACHMENT_LOGS
|
| Mimecast Audit Logs | MIMECAST_AUDIT_LOGS
|
| Mimecast DLP Logs | MIMECAST_DLP_LOGS
|
| Mimecast impersonation Logs | MIMECAST_IMPERSONATION_LOGS
|
| Mimecast Web Security | MIMECAST_WEBPROXY
|
| Minerva AV | MINERVA_AV
|
| Minsait Sigefi | MINSAIT_SIGEFI
|
| Miro | MIRO
|
| Miro Cloud | MIRO_CLOUD
|
| Mirth OnPrem Appliances NextGen | MIRTH_NEXTGEN
|
| Mitel Communications Director | MITEL_MCD
|
| Mode Analytics | MODE_ANALYTICS
|
| ModSecurity | MODSECURITY
|
| Monday | MONDAY
|
| Mongo Atlas Audit | MONGO_ATLAS_AUDIT
|
| Mosyle | MOSYLE
|
| Moveworks | MOVEWORKS
|
| Microsoft Entra Recommendations | MS_ENTRA_RECOMMENDATIONS
|
| Windows Performance Monitor | MS_PERFMON
|
| Mulesoft | MULESOFT
|
| Multicom Switch | MULTICOM_SWITCH
|
| MultiPay | MULTIPAY
|
| N8N Security Audit Logs | N8N_SECURITY_AUDIT_LOGS
|
| NCC Scout Suite | NCC_SCOUTSUITE
|
| NCR Digital Insight FSG | NCR_DIGITAL_INSIGHT_FSG
|
| NCR Digital Insight Global Logging | NCR_DIGITAL_INSIGHT_GL
|
| Nessus | NESSUS
|
| Nessus Network Monitor | NESSUS_NETWORK_MONITOR
|
| NetApp ONTAP Audit | NETAPP_ONTAP_AUDIT
|
| NetBrain | NETBRAIN
|
| NetDisco | NETDISCO
|
| Netenrich Entity Behaviour | NETENRICH_ENTITY_BEHAVIOR
|
| Netenrich Entity Context | NETENRICH_ENTITY_CONTEXT
|
| Netgate Firewall | NETGATE_FIREWALL
|
| Netgear Switch | NETGEAR_SWITCH
|
| Netlify Log Drains | NETLIFY_LOGDRAINS
|
| Netmotion | NETMOTION
|
| Netography Fusion | NETOGRAPHY_FUSION
|
| Netscout Arbor Threat Mitigation System | NETSCOUT_TMS
|
| Netskope One Secure SD-WAN | NETSKOPE_SDWAN
|
| Netsurion ProtectWise | NETSURION_PROTECTWISE
|
| Network Box Unified Threat Management+ | NETWORKBOX_UTM
|
| Netwrix Activity Monitor | NETWRIX_ACTIVITY_MONITOR
|
| Netwrix Privilege Secure | NETWRIX_PRIVILEGE_SECURE
|
| Netwrix Stealth Intercept | NETWRIX_STEALTH_INTERCEPT
|
| Netwrix Threat Manager | NETWRIX_THREAT_MANAGER
|
| Neustar SiteProtect | NEUSTAR_SITEPROTECT
|
| NeuVector SUSE | NEUVECTOR
|
| New Relic Platform | NEW_RELIC
|
| Nextcloud Hub | NEXTCLOUD_HUB
|
| Nextthink Finder | NEXTTHINK_FINDER
|
| Ne Silent Log | NE_SILENT_LOG
|
| Nightfall DLP | NIGHTFALL
|
| Ninja One | NINJAONE
|
| NIST National Vulnerability Database | NIST_NVD
|
| NNT File Integrity monitoring | NNT_FIM
|
| Nokia Home Device Manager | NOKIA_HDM
|
| NordLayer VPN | NORD_LAYER
|
| Nortel Secure Router | NORTEL_SR
|
| Nortel Contivity VPN Switch | NORTEL_SWITCH
|
| Notion | NOTION
|
| Novidea Insurance Management System | NOVIDEA_CLAIM_HISTORY
|
| NSFOCUS Next Generation Intrusion Prevention System | NSFOCUS_NGIPS
|
| Nucleus Vulnerability Scan Delta | NUCLEUS_VULNERABILITY_DELTA
|
| Nutanix Frame | NUTANIX_FRAME
|
| Nxlog Agent | NXLOG_AGENT
|
| Nxlog Fim | NXLOG_FIM
|
| N-Able N-Central RMM | N_ABLE_N_CENTRAL_RMM
|
| Oracle Cloud Infrastructure API Gateway | OCI_APIGATEWAY
|
| Oracle Cloud Infrastructure Network Firewall | OCI_FIREWALL
|
| Oracle Cloud Infrastructure Identity Cloud Service | OCI_IDENTITY_CLOUD_SERVICE
|
| Oracle Cloud Infrastructure LoadBalancer | OCI_LOADBALANCER
|
| Oracle Cloud Infrastructure Web Application Firewall | OCI_WAF
|
| Okta RADIUS | OKTA_RADIUS
|
| Okta Workflows | OKTA_WORKFLOWS
|
| OnBase CMS | ONBASE_CMS
|
| One Identity Active Role Service | ONEIDENTITY_ARS
|
| One Identity Change Auditor | ONEIDENTITY_CHANGE_AUDITOR
|
| One Identity Defender | ONEIDENTITY_DEFENDER
|
| OneIdentity Safeguard | ONEIDENTITY_SAFEGUARD
|
| 1KOSMOS | Identity and Authentication | ONEKOSMOS
|
| OneLogin User Context | ONELOGIN_USER_CONTEXT
|
| OneTrust | ONETRUST
|
| Oomnitza | OOMNITZA
|
| Open CTI Platform | OPENCTI
|
| Openpath Context | OPENPATH_CONTEXT
|
| Opentelemetry | OPENTELEMETRY
|
| OpenText Cordy | OPENTEXT_CORDY
|
| Opentext Exstream | OPENTEXT_EXSTREAM
|
| OpenText Fax2Mail | OPENTEXT_FAX2MAIL
|
| OpenText Self Service Password Reset | OPENTEXT_SSPR
|
| IDnomic Public Key Infrastructure | OPENTRUST
|
| OpenVAS | OPENVAS
|
| OpsRamp | OPSRAMP
|
| Opswat Kiosk | OPSWAT_KIOSK
|
| Opus Codec | OPUS
|
| Oracle Access Manager | ORACLE_AM
|
| Oracle Audit Vault Database Firewall | ORACLE_AVDF
|
| Oracle CPQ | ORACLE_CPQ
|
| Oracle EBS | ORACLE_EBS
|
| Oracle Exadata Database Machine | ORACLE_EXADATA
|
| Oracle HCM Human resources platform solution | ORACLE_HCM
|
| Oracle Key Vault Audit Logs | ORACLE_KEY_VAULT_AUDIT_LOGS
|
| Oracle Enterprise Manager | ORACLE_OEM
|
| Oracle SSO Audit Logging | ORACLE_SSO_AUDIT
|
| Oracle Zero Data Loss Recovery Appliance | ORACLE_ZDLRA
|
| Oscar Claims | OSCAR_CLAIMS
|
| Open Source Intelligence | OSINT_IOC
|
| Osirium PAM | OSIRIUM_PAM
|
| Outline Activity Logs | OUTLINE_ACTIVITY_LOGS
|
| Outpost24 | OUTPOST24
|
| OVHcloud | OVHCLOUD
|
| OX Security | OX_SECURITY
|
| Packetlight Dwdm | PACKETLIGHT_DWDM
|
| Packet Viper | PACKET_VIPER
|
| PACOM Systems | PACOM_SYSTEMS
|
| PAGELY | PAGELY
|
| PagerDuty | PAGERDUTY
|
| Pagerduty Audit | PAGERDUTY_AUDIT
|
| Panorays | PANORAYS
|
| Palo Alto Cortex IIS | PAN_CORTEX_XDR_IIS
|
| Palo Alto DNS Security | PAN_DNS_SECURITY
|
| Palo Alto Networks Global Protect | PAN_GLOBAL_PROTECT
|
| Palo Alto Global Protect SVC | PAN_GPSVC
|
| Palo Alto Networks Prisma Access | PAN_PRISMA_ACCESS
|
| Palo Alto Prisma Cloud Workload Protection | PAN_PRISMA_CWP
|
| Palo Alto Prisma Dig Cloud DSPM | PAN_PRISMA_DIG_CLOUD_DSPM
|
| Palo Alto SSLVPN Access | PAN_SSLVPN_ACCESS
|
| Palo Alto Telemetry | PAN_TELEMETRY
|
| Palo Alto Cortex XDR Management Audit | PAN_XDR_MGMT_AUDIT
|
| Palo Alto Networks XSOAR Audit | PAN_XSOAR
|
| PaperCut Printing Management System | PAPER_CUT
|
| Passfort | PASSFORT
|
| Pathlock Identity Security Platform | PATHLOCK
|
| Pave | PAVE
|
| Paxton Access Control Systems | PAXTON_ACS
|
| SSL pcap | PCAP_SSL_CLIENT_HELLO
|
| Pega Automation | PEGA
|
| Penta Security Wapples | PENTA_WAPPLES
|
| Pentera | PENTERA
|
| Pentera ASV | PENTERA_ASV
|
| Pentera Leef | PENTERA_LEEF
|
| PeopleSoft | PEOPLESOFT
|
| People Strong | PEOPLE_STRONG
|
| Peplink Loadbalancer | PEPLINK_LOADBALANCER
|
| Peplink Router | PEPLINK_ROUTER
|
| Peplink Switch | PEPLINK_SWITCH
|
| Perception Point XRay | PERCEPTION_POINT_XRAY
|
| Perimeter 81 | PERIMETER_81
|
| Perplexity | PERPLEXITY
|
| PhishAlarm | PHISHALARM
|
| Domain Tools Phisheye | PHISHEYE_ALERT
|
| Phosphorus | PHOSPHORUS
|
| Pingcap TIDB | PINGCAP_TIDB
|
| Pingdom | PINGDOM
|
| PingOne Advanced Identity Cloud | PINGONE_AIC
|
| PingOne Protect | PINGONE_PROTECT
|
| Pingsafe | PINGSAFE
|
| Ping Access | PING_ACCESS
|
| Ping SDK | PING_SDK
|
| Plaso Super Timeline | PLASO
|
| Pleasant Password Server | PLEASANT_PASSWORD_SERVER
|
| Plixer Scrutinizer | PLIXER_SCRUTINIZER
|
| Pomerium | POMERIUM
|
| Portnox Audit | PORTNOX_AUDIT
|
| MS PowerShell Transcript | POWERSHELL_TRANSCRIPT
|
| Power DNS | POWER_DNS
|
| Preveil Enterprise | PREVEIL_ENTERPRISE
|
| Prismatic IO | PRISMATIC_IO
|
| Prisma SD-WAN | PRISMA_SD_WAN
|
| Procore | PROCORE
|
| Prompt Security | PROMPT_SECURITY
|
| ProofID | PROOFID
|
| Proofpoint DLP | PROOFPOINT_DLP
|
| ProofPoint Email Protection | PROOFPOINT_EMAIL_PROTECTION
|
| Proofpoint Endpoint Data Loss Prevention | PROOFPOINT_ENDPOINT_DLP
|
| Proofpoint Identity Threat Platform | PROOFPOINT_IDENTITY_THREAT_PLATFORM
|
| Proofpoint Meta | PROOFPOINT_META
|
| Proofpoint Secure Share | PROOFPOINT_SECURE_SHARE
|
| Proofpoint Security Awareness Training | PROOFPOINT_SECURITY_AWARENESS_TRAINING
|
| Proofpoint Tap Campaign | PROOFPOINT_TAP_CAMPAIGN
|
| Proofpoint Tap People | PROOFPOINT_TAP_PEOPLE
|
| Proofpoint Tis IOC | PROOFPOINT_TIS_IOC
|
| Protegrity Defiance | PROTEGRITY_DEFIANCE
|
| Provision Asset Context | PROVISION_ASSET_CONTEXT
|
| Honeywell Pro-Watch | PROWATCH
|
| ProxMax | PROXMAX
|
| Proxmox | PROXMOX
|
| PRTG Network Monitor | PRTG_NETWORKMONITOR
|
| Puppet | PUPPET
|
| Push Security | PUSH_SECURITY
|
| QLIK Audit | QLIK_AUDIT
|
| Qualtrics Audit | QUALTRICS_AUDIT
|
| Qualys User Activity | QUALYS_ACTIVITY
|
| Qualys File Integrity Monitoring | QUALYS_FIM
|
| Qualys Knowledgebase | QUALYS_KNOWLEDGEBASE
|
| Quest CA Audit | QUEST_CA_AUDIT
|
| Rabbit MQ | RABBITMQ
|
| Rackspace | RACKSPACE
|
| Radiantone | RADIANTONE
|
| RadiFlow IDS | RADIFLOW_IDS
|
| RSA RADIUS | RADIUS
|
| Radware Cloud WAF Service Access | RADWARE_ACCESS
|
| Radware Bot | RADWARE_BOT
|
| Radware DDoS Protection | RADWARE_DDOS
|
| RAD ETX | RAD_ETX
|
| Rancher API Audit Log | RANCHER_API_AUDIT_LOG
|
| Ransomcare | RANSOMCARE
|
| Rapid7 Cloud Security | RAPID7_CLOUDSEC
|
| Rapid7 Insights Threat Command | RAPID7_INSIGHTS_THREAT_COMMAND
|
| Rapid7 Security Onion | RAPID7_SECURITY_ONION
|
| Rapid Identity | RAPID_IDENTITY
|
| Raritan Dominion SX II | RARITAN_DOMINION
|
| Raven DB | RAVEN_DB
|
| RealiteQ | REALITEQ
|
| Reblaze Web Application Firewall | REBLAZE_WAF
|
| Recordedfuture Alerts | RECORDEDFUTURE_ALERTS
|
| Red Canary Cloud Protection | REDCANARY_CLOUD_PROTECTION_RAW
|
| Red Hat Identity Management | REDHAT_IM
|
| Redhat Jboss | REDHAT_JBOSS
|
| Red Hat Keycloak | REDHAT_KEYCLOAK
|
| RedHat Satellite Server | REDHAT_SATELLITE
|
| RedHat StackRox | REDHAT_STACKROX
|
| Redis | REDIS
|
| Redmine | REDMINE
|
| RedSift BrandTrust | REDSIFT_BRANDTRUST
|
| Red Access Browsing Security | RED_ACCESS
|
| Relativity | RELATIVITY
|
| ReliaQuest | RELIAQUEST
|
| Research and Education Networks Information Sharing and Analysis Center | REN_ISAC
|
| Reserved LogType1 | RESERVED_LOG_TYPE_1
|
| Reserved LogType10 | RESERVED_LOG_TYPE_10
|
| Reserved LogType11 | RESERVED_LOG_TYPE_11
|
| Reserved LogType12 | RESERVED_LOG_TYPE_12
|
| Reserved LogType13 | RESERVED_LOG_TYPE_13
|
| Reserved LogType14 | RESERVED_LOG_TYPE_14
|
| Reserved LogType15 | RESERVED_LOG_TYPE_15
|
| Reserved LogType16 | RESERVED_LOG_TYPE_16
|
| Reserved LogType17 | RESERVED_LOG_TYPE_17
|
| Reserved LogType18 | RESERVED_LOG_TYPE_18
|
| Reserved LogType19 | RESERVED_LOG_TYPE_19
|
| Reserved LogType20 | RESERVED_LOG_TYPE_20
|
| Reserved LogType21 | RESERVED_LOG_TYPE_21
|
| Reserved LogType22 | RESERVED_LOG_TYPE_22
|
| Reserved LogType23 | RESERVED_LOG_TYPE_23
|
| Reserved LogType24 | RESERVED_LOG_TYPE_24
|
| Reserved LogType25 | RESERVED_LOG_TYPE_25
|
| Reserved LogType26 | RESERVED_LOG_TYPE_26
|
| Reserved LogType27 | RESERVED_LOG_TYPE_27
|
| Reserved LogType28 | RESERVED_LOG_TYPE_28
|
| Reserved LogType29 | RESERVED_LOG_TYPE_29
|
| Reserved LogType3 | RESERVED_LOG_TYPE_3
|
| Reserved LogType30 | RESERVED_LOG_TYPE_30
|
| Reserved LogType31 | RESERVED_LOG_TYPE_31
|
| Reserved LogType32 | RESERVED_LOG_TYPE_32
|
| Reserved LogType33 | RESERVED_LOG_TYPE_33
|
| Reserved LogType34 | RESERVED_LOG_TYPE_34
|
| Reserved LogType35 | RESERVED_LOG_TYPE_35
|
| Reserved LogType36 | RESERVED_LOG_TYPE_36
|
| Reserved LogType37 | RESERVED_LOG_TYPE_37
|
| Reserved LogType38 | RESERVED_LOG_TYPE_38
|
| Reserved LogType39 | RESERVED_LOG_TYPE_39
|
| Reserved LogType4 | RESERVED_LOG_TYPE_4
|
| Reserved LogType40 | RESERVED_LOG_TYPE_40
|
| Reserved LogType41 | RESERVED_LOG_TYPE_41
|
| Reserved LogType42 | RESERVED_LOG_TYPE_42
|
| Reserved LogType43 | RESERVED_LOG_TYPE_43
|
| Reserved LogType44 | RESERVED_LOG_TYPE_44
|
| Reserved LogType45 | RESERVED_LOG_TYPE_45
|
| Reserved LogType46 | RESERVED_LOG_TYPE_46
|
| Reserved LogType47 | RESERVED_LOG_TYPE_47
|
| Reserved LogType48 | RESERVED_LOG_TYPE_48
|
| Reserved LogType49 | RESERVED_LOG_TYPE_49
|
| Reserved LogType5 | RESERVED_LOG_TYPE_5
|
| Reserved LogType50 | RESERVED_LOG_TYPE_50
|
| Reserved LogType6 | RESERVED_LOG_TYPE_6
|
| Reserved LogType7 | RESERVED_LOG_TYPE_7
|
| Reserved LogType8 | RESERVED_LOG_TYPE_8
|
| Reserved LogType9 | RESERVED_LOG_TYPE_9
|
| Retool | RETOOL
|
| Ribbon Session Border Controller | RIBBON_SBC
|
| Ring Central | RING_CENTRAL
|
| RiskIQ Digital Footprint | RISKIQ_DIGITAL_FOOTPRINT
|
| Risk Resecurity | RISK_RESECURITY
|
| Riverbed | RIVERBED
|
| RSA Cloud | RSA_CLOUD
|
| Rublon | RUBLON
|
| Rumble Network Discovery | RUMBLE_NETWORK_DISCOVERY
|
| S2W Quaxar | S2W_QUAXAR
|
| SafeBreach | SAFEBREACH
|
| SafeConnect NAC | SAFECONNECT_NAC
|
| SafeNet Network HSM | SAFENET_HSM
|
| SailPoint IdentityNow | SAILPOINT_IDENTITYNOW
|
| Salesforce Context | SALESFORCE_CONTEXT
|
| Salesforce Marketing Cloud Audit | SALESFORCE_MARKETING_CLOUD_AUDIT
|
| Salesforce Shield | SALESFORCE_SHIELD
|
| Sangfor IAG | SANGFOR_IAG
|
| Sangfor Network Detection and Response | SANGFOR_NDR
|
| Saporo | SAPORO
|
| SAP Business Warehouse | SAP_BW
|
| SAP Cloud for Customer | SAP_C4C
|
| SAP ERP | SAP_ERP
|
| SAP Enterprise Threat Detection | SAP_ETD
|
| SAP Commerce Cloud | SAP_HAC
|
| SAP IAS Context | SAP_IAS_CONTEXT
|
| SAP Identity Management | SAP_IDM
|
| SAP Insurance | SAP_INSURANCE
|
| SAP Leasing | SAP_LEASING
|
| SAS Institute | SAS_INSTITUTE
|
| SAS Metadata Server log | SAS_METADATA_SERVER_LOG
|
| Saturn Cloud | SATURN_CLOUD
|
| Savvy Security | SAVVY_SECURITY
|
| ScaleFusion for Windows MDM | SCALEFUSION
|
| Scale Computing | SCALE_COMPUTING
|
| Scality Ring Audit | SCALITY_RING_AUDIT
|
| Microsoft System Center Configuration Manager | SCCM
|
| Scylla | SCYLLA
|
| Secberus Cloud Security Governance | SECBERUS
|
| Sectigo SCM | SECTIGO_SCM
|
| Secui Bluemax NGF | SECUI_BLUEMAX_NGF
|
| Securden | SECURDEN
|
| SecurEnvoy SecurAccess | SECURENVOY_MFA
|
| Securesoft Sniper IPS | SECURESOFT_SNIPER_IPS
|
| Fiserv SecureNow | SECURE_NOW
|
| SecurityBridge Dev | SECURITYBRIDGE_DEV
|
| SecurityScorecard Platform | SECURITYSCORECARD
|
| SecurityBridge | SECURITY_BRIDGE
|
| Sekoia Ioc | SEKOIA_IOC
|
| Schweitzer Engineering Laboratories Port Server | SEL_PORT_SERVER
|
| Semperis ADFR | SEMPERIS_ADFR
|
| Sendgrid Api | SENDGRID
|
| Sendsafely | SENDSAFELY
|
| Senhasegura PAM | SENHASEGURA_PAM
|
| CloudWaves Sensato Nightingale Honeypot | SENSATO_HONEYPOT
|
| Senseon Alerts | SENSEON_ALERTS
|
| SensorFu Beacon | SENSORFU_BEACON
|
| Sentra Data Loss Prevention | SENTRA_DLP
|
| Sentrigo | SENTRIGO
|
| Serpico | SERPICO
|
| Servertech PDUs | SERVERTECH_PDUS
|
| ServiceNow Antivirus Activity | SERVICENOW_ANTIVIRUS_ACTIVITY
|
| ServiceNow Attachment | SERVICENOW_ATTACHMENT
|
| ServiceNow Certificate Logs | SERVICENOW_CERTIFICATE
|
| ServiceNow Email | SERVICENOW_EMAIL
|
| ServiceNow Node | SERVICENOW_NODE
|
| ServiceNow Outbound HTTP | SERVICENOW_OUTBOUNDHTTP
|
| ServiceNow Roles | SERVICENOW_ROLES
|
| ServiceNow System log | SERVICENOW_SYSLOG
|
| ServiceNow Transaction | SERVICENOW_TRANSACTION
|
| ServiceNow User Logs | SERVICENOW_USER
|
| ServiceNow User Login History | SERVICENOW_USER_LOGIN_HISTORY
|
| Seti S4 | SETI_S4
|
| Sevco Security CMDB | SEVCO_CMDB
|
| Sharefile Logs | SHAREFILE_LOGS
|
| Sharepoint Unified Logging Service (ULS) | SHAREPOINT_ULS
|
| Shield IoT | SHIELD_IOT
|
| shodan.io | SHODAN_IO
|
| Siebel Monitoring | SIEBEL
|
| Siemens Simatic S7 PLC SNMP | SIEMENS_S7_PLC_SNMP
|
| Siemens Simatic S7 PLC SYSLOG | SIEMENS_S7_PLC_SYSLOG
|
| Siemens SiPass | SIEMENS_SIPASS
|
| Siga Level Zero OT Resilience | SIGA
|
| Silver Peak Firewall | SILVERPEAK_FIREWALL
|
| Single Store | SINGLE_STORE
|
| Site24x7 | SITE24X7
|
| SiteGuard Server | SITEGUARD_SERVER
|
| SKYSEA Client View | SKYSEA
|
| Slack API | SLACK_API
|
| Smartsheet User Context | SMARTSHEET_USER_CONTEXT
|
| Smart Simple | SMART_SIMPLE
|
| Snapattack | SNAPATTACK
|
| Winevtlog Snare | SNARE_WINEVTLOG
|
| Snowflake Access | SNOWFLAKE_ACCESS
|
| Snowplow | SNOWPLOW
|
| Socomec UPS | SOCOMEC_UPS
|
| SOCRadar Incidents | SOCRADAR_INCIDENTS
|
| SoftEther VPN | SOFTETHER_VPN
|
| Software House Access Control | SOFTWARE_HOUSE_ACS
|
| Software House Ccure9000 | SOFTWARE_HOUSE_CCURE9000
|
| Solace PubSub Cloud | SOLACE_AUDIT
|
| SolarWinds Network Performance Monitor | SOLARWINDS_NPM
|
| SolarWinds Serv-U | SOLARWINDS_SERV_U
|
| Solar System | SOLAR_SYSTEM
|
| SolidServer | SOLIDSERVER
|
| SonarQube | SONARQUBE
|
| Sonatype Lifecycle | SONATYPE_LIFECYCLE
|
| Sonic Switch | SONIC_SWITCH
|
| Sophos Email Appliance | SOPHOS_EMAIL
|
| Sophos URL filtering | SOPHOS_URL
|
| Spacelift | SPACELIFT
|
| Spamhaus | SPAMHAUS
|
| Symantec Protection Engine | SPE
|
| SpecterX | SPECTERX
|
| Spirion | SPIRION
|
| Splashtop Remote Access and Support software | SPLASHTOP
|
| Splunk DNS | SPLUNK_DNS
|
| Splunk Phantom | SPLUNK_PHANTOM
|
| Splunk Intel Management | SPLUNK_TRUSTAR
|
| Sprinkledata(DWH) | SPRINKLEDATA_DWH
|
| Stairwell Inception | STAIRWELL_INCEPTION
|
| Statusgator | STATUSGATOR
|
| Stealthbits DLP | STEALTHBITS_DLP
|
| Stellar Cyber | STELLAR_CYBER
|
| Sterling Order Management System Data | STERLING_OMS_DATA
|
| Strata Maverics Identity Orchestration Platform | STRATA_MAVERICKS
|
| Stream Alert | STREAMALERT
|
| Stripe Payments | STRIPE
|
| Strivacity | STRIVACITY
|
| StrongDM | STRONGDM
|
| Supermicro IPMI | SUPERMICRO_IPMI
|
| Superna Eyeglass | SUPERNA_EYEGLASS
|
| SureView Systems Activity | SUREVIEW_SYSTEMS
|
| Suridata | SURIDATA
|
| Swift | SWIFT
|
| Symantec Advanced Threat Protection | SYMANTEC_ATP
|
| Symantec Data Center Security | SYMANTEC_DCS
|
| Symphony Summit AI | SYMPHONYAI
|
| Syncplify SFTP 2 Events | SYNCPLIFY_SFTP
|
| Syxsense | SYXSENSE
|
| Tanium Deploy | TANIUM_DEPLOY
|
| Tanium TanOS | TANIUM_TANOS
|
| TeamT5 ThreatSonar EDR | TEAMT5_THREATSONAR_EDR
|
| TeamViewer Tensor | TEAMVIEWER_TENSOR
|
| Technitium DNS | TECHNITIUM_DNS
|
| Tehtris EDR | TEHTRIS_EDR
|
| Temenos Journey Manager System Event Publisher | TEMENOS_MANAGER_SYSTEMEVENT
|
| Tenable Vulnerabilities Management | TENABLE_VMGNT
|
| Tenable Web App Scanning | TENABLE_WAS
|
| Tencent CloudAudit | TENCENT_CLOUD_AUDIT
|
| Tencent Cloud Firewall | TENCENT_CLOUD_FIREWALL
|
| Tencent Cloud Waf | TENCENT_CLOUD_WAF
|
| Tencent Cloud Workload Protection | TENCENT_CLOUD_WORKLOAD_PROTECTION
|
| Teqtivity Assets | TEQTIVITY_ASSETS
|
| Teradata Access | TERADATA_ACCESS
|
| Teradata Aster | TERADATA_ASTER
|
| Teradici PCoIP | TERADICI_PCOIP
|
| Teramind | TERAMIND
|
| Tessian Cloud Email Security Platform | TESSIAN_PLATFORM
|
| TGDetect | TGDETECT
|
| Thales payShield 10K HSM | THALES_PS10K_HSM
|
| ThousandEyes | THOUSAND_EYES
|
| ThreatQuotient | THREATQ_IOC
|
| Thycotic devops secret vault | THYCOTIC_DEVOPS_SECRETVAULT
|
| Tiktok for Developers | TIKTOK
|
| Titan MFT | TITAN_MFT
|
| Titan SFTP Server | TITAN_SFTP
|
| Torq Audit Logs | TORQ_AUDIT_LOGS
|
| Tosi Hub | TOSI_HUB
|
| TP Link Network Switches | TPLINK_SWITCH
|
| Traceable API Security | TRACEABLE_PLATFORM
|
| Traefik Labs | TRAEFIK
|
| Transmit BindID | TRANSMIT_BINDID
|
| Transmit Security FlexID | TRANSMIT_FLEXID
|
| Transmit Security Mosaic CIAM | TRANSMIT_MOSAIC_CIAM
|
| Transmit Security Mosaic Fraud Prevention | TRANSMIT_MOSAIC_FRAUD_PREVENTION
|
| Transmit Security Mosaic Identity Verification | TRANSMIT_MOSAIC_IDENTITY_VERIFICATION
|
| Transmit Security Mosaic Management | TRANSMIT_MOSAIC_MANAGEMENT
|
| FIS Trax Payment Factory | TRAX
|
| Trellix Malware Analysis | TRELLIX_AX
|
| Trellix EDRF Trace Data and Telemetry | TRELLIX_EDRF
|
| Trellix EX | TRELLIX_EX
|
| Trellix Network Detection and Response | TRELLIX_NDR
|
| Trend Micro Cloud App Security | TRENDMICRO_CLOUDAPPSECURITY
|
| TrendMicro Cloud Email Gateway Protection | TRENDMICRO_CLOUD_EMAIL_GATEWAY_PROTECTION
|
| Trend Micro EdgeIPS | TRENDMICRO_EDGEIPS
|
| TrendMicro EDR | TRENDMICRO_EDR
|
| Trend Micro Server Protect | TRENDMICRO_SERVER_PROTECT
|
| TrendMicro Webproxy DSM | TRENDMICRO_WEBPROXY_DSM
|
| Trend Micro TippingPoint Security Management System | TREND_MICRO_TIPPING_POINT
|
| Tridium Niagara Framework | TRIDIUM_NIAGARA_FRAMEWORK
|
| Tripp Lite | TRIPP_LITE
|
| Tripwire Security Configuration Management | TRIPWIRE_SCM
|
| TrueFort Platform | TRUEFORT
|
| TrueNAS | TRUENAS
|
| E-Motional Transparent Screen Lock TSL RFID | TSL_PRO
|
| TT D365 | TT_D365
|
| TT MSAN DSLAM | TT_MSAN_DSLAM
|
| TT Trio Chordiant | TT_TRIO_CHORDIANT
|
| Tufin | TUFIN
|
| Tufin Secure Track | TUFIN_SECURE_TRACK
|
| Twilio Audit | TWILIO_AUDIT
|
| Twilio Authy | TWILIO_AUTHY
|
| Tyk IO | TYK_IO
|
| Ubiquiti Accesspoint | UBIQUITI_ACCESSPOINT
|
| Ubiquiti UDM Firewall | UBIQUITI_FIREWALL
|
| UDM | UDM
|
| Uipath | UIPATH
|
| Everfox ULTRA | ULTRA
|
| UltraDNS | ULTRADNS
|
| Ultra Electronics CyberFence | ULTRA_CYBERFENCE
|
| Unifi Router | UNIFI_ROUTER
|
| Unifi Switch | UNIFI_SWITCH
|
| Unifi System | UNIFI_SYSTEM
|
| Unit 21 | UNIT21
|
| Uptivity | UPTIVITY
|
| Upwind | UPWIND
|
| USBAV Koramis | USBAV_KORAMIS
|
| Valence Security | VALENCE
|
| Valimail | VALIMAIL
|
| Vanguard Active Alerts | VANGUARD
|
| Vanta Context | VANTA_CONTEXT
|
| Varnish Cache | VARNISH_CACHE
|
| Vector Dev | VECTOR_DEV
|
| Vectra AI | VECTRA_AI
|
| Vectra Protect | VECTRA_PROTECT
|
| Velociraptor - digital forensic & incident response tool | VELOCIRAPTOR
|
| VMware VeloCloud SD-WAN | VELOCLOUD_SDWAN
|
| Venafi | VENAFI
|
| Vercara | VERCARA
|
| Veriato Cerebral | VERIATO_CEREBRAL
|
| Verizon Network Detection and Response | VERIZON_NDR
|
| Verkada | VERKADA
|
| Versa Director | VERSA_DIRECTOR
|
| Vertica Audit | VERTICA_AUDIT
|
| Vertiv UPS | VERTIV_UPS
|
| Very Good Security | VERY_GOOD_SECURITY
|
| Veza Access Control Platform | VEZA
|
| ViaControl Server Application | VIACONTROL
|
| Vicarious VRX Events | VICARIUS_VRX_EVENTS
|
| Virsec Event Logs | VIRSEC_EVENT
|
| Virsec Attack and Threat Logs | VIRSEC_THREAT
|
| Virtual Browser | VIRTUAL_BROWSER
|
| Virtual Network Flow Logs | VIRTUAL_NETWORK_FLOW_LOGS
|
| VirusTotal Threat Hunter | VIRUSTOTAL_THREAT_HUNTER
|
| VMRay Analyzer | VMRAY_FLOG_XML
|
| VMware Aria Logs | VMWARE_ARIA_LOGS
|
| VMware Avi Vantage Platform | VMWARE_AVI_VANTAGE
|
| VMware Cloud Director | VMWARE_CD
|
| VMware HCX | VMWARE_HCX
|
| VMware NSX AVI | VMWARE_NSX_AVI
|
| VMware SDDC | VMWARE_SDDC
|
| VMware SDWN Events | VMWARE_SDWN_EVENTS
|
| VMware Unified Access Gateway | VMWARE_UNIFIED_ACCESS_GATEWAY
|
| VMware vShield | VMWARE_VSHIELD
|
| Vonage | VONAGE
|
| VSFTPD Audit | VSFTPD_AUDIT
|
| Wallarm Webhook Notifications | WALLARM_NOTIFICATIONS
|
| Wallix Endpoint Privilege Management | WALLIX_EPM
|
| Wallix Privileged Access Management | WALLIX_PAM
|
| Waterfall Data Security Manager | WATERFALL_DSM
|
| WebEx | WEBEX_SAAS
|
| Web Methods Api Gateway | WEBMETHODS_API_GATEWAY
|
| Webroot Endpoint Protection | WEBROOT
|
| Webroot Identity Protection | WEBROOT_IDENTITY_PROTECTION
|
| White Cloud | WHITECLOUD_EDR
|
| WideField | WIDEFIELD_SECURITY
|
| Windows Bindplane | WINDOWS_BINDPLANE
|
| Windows NTP | WINDOWS_NTP
|
| Windows Filtering Platform | WINDOWS_WFP
|
| Winget Autoupdate | WINGET_AUTOUPDATE
|
| Wing Security | WING_SECURITY
|
| WireGuard VPN Logs | WIREGUARD_VPN
|
| WithSecure Cloud Protection | WITHSECURE_CLOUD
|
| WithSecure Elements Connector | WITHSECURE_ELEMENTS
|
| Witness AI Control | WITNESS_AI_CONTROL
|
| Wiz Audit | WIZ_AUDIT
|
| Wiz Runtime Execution Data | WIZ_RUNTIME_EXECUTION_DATA
|
| Wolters Kluwer Teammate | WOLTERS_KLUWER_TEAMMATE
|
| Wordpress Simple History | WORDPRESS_SIMPLE_HISTORY
|
| Workato Audit Logs | WORKATO
|
| WorkDay User Sign In | WORKDAY_USER_SIGNIN
|
| Workiva Wdesk | WORKIVA_WDESK
|
| Workspot Control | WORKSPOT_CONTROL
|
| WPass | WPASS
|
| WP Engine | WP_ENGINE
|
| WSO2 IS AM | WSO2_IS_AM
|
| WS Ftp | WS_FTP
|
| Western Telematic Inc Console Servers | WTI_CONSOLE_SERVERS
|
| XDR.Net Digital Twin | XDRNET_DIGITALTWIN
|
| Xirrus Wireless Controller | XIRRUS
|
| XL Release | XLR
|
| XM Cyber | XM_CYBER
|
| Ysoft Data Security Manager | YSOFT_DSM
|
| Konica Minolta YSoft SafeQ | YSOFT_SAFEQ
|
| Yugabyte Database | YUGABYTE_DATABASE
|
| Zabbix | ZABBIX
|
| Zafran | ZAFRAN
|
| Zendesk Advanced Data Privacy and Protection | ZENDESK_ADPP
|
| Zimbra Mail | ZIMBRA_MAIL
|
| Zoho Assist | ZOHO_ASSIST
|
| Zoho Analytics Audits | ZOHO_AUDIT
|
| ZoomInfo | ZOOMINFO
|
| Zoom Activity Logs | ZOOM_ACTIVITY
|
| ZPE Systems NodeGrid | ZPE_SYSTEMS_NODEGRID
|
| Zscaler Digital Experience | ZSCALER_DIGITAL_EXPERIENCE
|
| Zscaler Email DLP Insights | ZSCALER_EMAIL_DLP_INSIGHTS
|
| ZScaler NSS VM | ZSCALER_NSS_VM
|
| Zscaler Sandbox | ZSCALER_SANDBOX
|
| Zscaler Client Connector | ZSCALER_ZCC
|
| Zscaler ZDX | ZSCALER_ZDX
|
| Zuora App Logs | ZUORA_APP_LOGS
|
