Supported Devices and Applications by Vendor
Vendor | Model | Discovery Overview | Performance Monitoring Overview | Log Analysis Overview | Config Change Monitoring | Details |
---|---|---|---|---|---|---|
AirTight Networks | SpectraGuard | Discovered via LOG only | Not natively supported - Custom monitoring needed | CEF format: Over 125 event types parsed covering various Wireless suspicious activities | Currently not natively supported | AirTight Networks SpectraGuard |
Alcatel | TiMOS Routers and Switches | SNMP: OS, Hardware | SNMP: CPU, memory, interface utilization, hardware status | Not natively supported - Custom parsing needed | Currently not natively supported | Alcatel TiMOS and AOS Switch Configuration |
Alcatel | AOS Routers and Switches | SNMP: OS, Hardware | SNMP: CPU, memory, interface utilization, hardware status | Not natively supported - Custom parsing needed | Currently not natively supported | Alcatel TiMOS and AOS Switch Configuration |
Alert Logic | Intrusion Detection and Prevention Systems (IPS) | Host name and Device type | Not supported | Not supported | Alert Logic IPS | |
Alert Logic | Iris API | Host name and Device type | Not supported | Not supported | Alert Logic IRIS API | |
Alcide.io | KAudit | Not natively supported | Not natively supported | Kubernetes Audit logs | Not natively supported | Alcide io KAudit |
Amazon | AWS Servers | AWS API: Server Name, Access IP, Instance ID, Image Type, Availability Zone | CloudWatch API: System Metrics: CPU, Disk I/O, Network | CloudTrail API: Over 325 event types parsed covering various AWS activities | CloudTrail API: various administrative changes on AWS systems and users | AWS CloudWatchAWS CloudTrail |
Amazon | AWS Elastic Block Storage (EBS) | CloudWatch API: Volume ID, Status, Attach Time | CloudWatch API: Read/Write Bytes, Ops, Disk Queue | AWS EBS and RDS | ||
Amazon | AWS EC2 | AWS EC2 | ||||
Amazon |
AWS Elastic Load Balancer (ELB) |
|
|
|
|
|
Amazon | AWS Kinesis |
|
|
|
|
|
Amazon | AWS Relational Database Storage (RDS) | CloudWatch API: CPU, Connections, Memory, Swap, Read/Write Latency and Ops | AWS EBS and RDS | |||
Amazon | Security Hub |
|
|
|
|
AWS Security Hub |
Apache | Tomcat Application Server | JMX: Version | JMX: CPU, memory, servlet, session, database, threadpool, request processor metrics | Currently not natively supported - Custom parsing needed | Currently not natively supported | Apache Tomcat |
Apache | Apache Web server | SNMP: Process name | SNMP: process level cpu, memory HTTPS via the mod-status module: Apache level metrics | Syslog: W3C formatted access logs - per HTTP(S) connection: Sent Bytes, Received Bytes, Connection Duration | Currently not natively supported | Apache Web Server |
APC | NetBotz Environmental Monitor | SNMP: Host name, Hardware model, Network interfaces | SNMP: Temperature, Relative Humidity, Airflow, Dew point, Current, Door switch sensor etc. | SNMP Trap: Over 125 SNMP Trap event types parsed covering various environmental exception conditions | Currently not natively supported | APC Netbotz |
APC | UPS | SNMP: Host name, Hardware model, Network interfaces | SNMP: UPS metrics | SNMP Trap: Over 49 SNMP Trap event types parsed covering various environmental exception conditions | Currently not natively supported | APC UPS |
Apple |
MacOS Servers and Workstations |
|
|
|
|
|
Arista Networks | Routers and Switches | SNMP: OS, Hardwar; SSH: configuration, running processes | SNMP: CPU, Memory, Interface utilization, Hardware Status | Syslog and NetFlow | SSH: Running config, Startup config | Arista Router and Switch |
Aruba Networks |
CX Switching Platform |
|
|
Syslog: Audit logs, General Performance and Availability logs |
|
|
Aruba Networks | Aruba Wireless LAN | SNMP: Controller OS, hardware, Access Points | SNMP: Controller CPU, Memory, Interface utilization, Hardware Status SNMP: Access Point Wireless Channel utilization, noise metrics, user count | SNMP Trap: Over 165 event types covering Authentication, Association, Rogue detection, Wireless IPS events | Currently not natively supported | Aruba WLAN |
Avaya | Call Manager | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization, Hardware Status | CDR: Call Records | Currently not natively supported | Avaya Call Manager |
Avaya | Session Manager | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization, Hardware Status | Currently not natively supported | ||
Barracuda Networks | Spam Firewall | Application type discovery via LOG | Currently not natively supported | Syslog: Over 20 event types covering mail scanning and filtering activity | Currently not natively supported | Barracuda Spam |
Barracuda Networks |
Web Application Firewall |
|
|
Syslog: System logs, Web Firewall logs, Access logs, Audit logs and Network Firewall logs |
|
|
Bit9 | Security platform | Application type discovery via LOG | Currently not natively supported | Syslog: Over 259 event types covering various file monitoring activities | Currently not natively supported | Bit9 Security Platform |
Blue Coat | Security Gateway Versions v4.x and later | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization, Proxy performance metrics | Syslog: Admin access to Security Gateway ; SFTP: Proxy traffic analysis | Currently not natively supported | Blue Coat Web Proxy |
Box.com | Cloud Storage | Currently not natively supported | Currently not natively supported | Box.com API: File creation, deletion, modify, file sharing | Currently not natively supported | Box.com |
Brocade | SAN Switch | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization | Currently not natively supported | Currently not natively supported | Brocade SAN Switch |
Brocade | ServerIron ADX switch | SNMP: Host name, serial number, hardware | SNMP: Uptime, CPU, Memory, Interface Utilization, Hardware status, Real Server Statistics | Brocade ADX | ||
Carbon Black | Security platform | Application type discovery via LOG | Currently not natively supported | Syslog: Over 259 event types covering various file monitoring activities | Currently not natively supported | Carbon Black Security Platform |
CentOS / Other Linux distributions | Linux | SNMP: OS, Hardware, Software, Processes, Open Ports SSH: Hardware details, Linux distribution | SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down SSH: Disk I/O, Paging | Syslog: Situations covering Authentication Success/Failure, Privileged logons, User/Group Modification; SSH: File integrity monitoring, Command output monitoring, Target file monitoring; FortiSIEM LinuxFileMon Agent: File integrity monitoring | SSH: File integrity monitoring, Target file monitoring; Agent: File integrity monitoring | Linux Server |
CentOS / Other Linux distributions | DHCP Server | Currently not natively supported | Currently not natively supported | Syslog: DHCP activity (Discover, Offer, Request, Release etc) - Used in Identity and Location | Not Applicable | Linux DHCP |
Checkpoint | FireWall-1 versions NG, FP1, FP2, FP3, AI R54, AI R55, R65, R70, R77, NGX,R75, R80 | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization | LEA from SmartCenter or Log Server: Firewall Log, Audit trail, over 940 IPS Signatures | LEA: Firewall Audit trail | Check Point Provider-1 Firewall |
Checkpoint | GAIA | Host name and Device type | Over 9 event types | |||
Checkpoint | Provider-1 versions NG, FP1, FP2, FP3, AI R54, AI R55, R65, R70, R77, NGX, and R75 | Currently not natively supported | Currently not natively supported | LEA: Firewall Log, Audit trail | LEA: Firewall Audit trail | Check Point Provider-1 |
Checkpoint | VSX | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization | LEA from SmartCenter or Log Server: Firewall Log, Audit trail | LEA: Firewall Audit trail | Check Point Provider-1 |
Citrix | NetScaler Application Delivery Controller | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization, Hardware Status, Application Firewall metrics | Syslog: Over 465 event types covering admin activity, application firewall events, health events | Currently not natively supported | Citrix Netscaler |
Citrix | ICA | SNMP: Process Utilization | SNMP: Process Utilization; WMI: ICA Session metrics | Currently not natively supported | Currently not natively supported | Citrix ICA |
Cisco | ASA Firewall (single and multi-context) version 7.x and later | SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration | SNMP: CPU, Memory, Interface utilization, Firewall Connections, Hardware Status | Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity; NetFlow V9: Traffic log | SSH: Running config, Startup config | Cisco ASA |
Cisco | AMP |
|
|
|
|
Cisco AMP for Endpoints API V1 - Previously Cisco AMP |
Cisco | FireAMP |
|
|
|
|
Cisco AMP for Endpoints API V0 - Previously Cisco FireAMP Cloud |
Cisco | ASA firepower SFR Module | SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration | SNMP: CPU, Memory, Interface utilization, Firewall Connections, Hardware Status | Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity; NetFlow V9: Traffic log | SSH: Running config, Startup config | Cisco ASA |
Cisco |
Firepower Threat Defense |
|
|
|
|
|
Cisco | CatOS based Switches | SNMP: OS, Hardware (Serial Number, Image file, Interfaces, Components); SSH: configuration running process | SNMP: CPU, Memory, Interface utilization, Hardware Status | Syslog: Over 700 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, IPS activity NetFlow V5, V9: Traffic logs | SSH: Running config, Startup config | Cisco IOS |
Cisco | Duo | Not natively supported - Custom Monitoring needed | Via API | Not natively supported - Custom Custom Configuration collection needed | ||
Cisco | PIX Firewall | SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration | SNMP: CPU, Memory, Interface utilization, Connections, Hardware Status | Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity | SSH: Running config, Startup config | Cisco ASA |
Cisco | FWSM | SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration | SNMP: CPU, Memory, Interface utilization, Connections, Hardware Status | Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity | SSH: Running config, Startup config | Cisco ASA |
Cisco | Identity Services Engine (ISE) | Host name and Device type | Cisco ISE | |||
Cisco | IOS based Routers and Switches | SNMP: OS, Hardware; SSH: configuration, running process, Layer 2 connectivity | SNMP: CPU, Memory, Interface utilization, Hardware Status; SNMP: IP SLA metrics; SNMP: BGP metrics, OSPF metrics; SNMP: Class based QoS metrics; SNMP: NBAR metrics | Syslog: Over 200 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, IPS activity; NetFlow V5, V9: Traffic logs | SSH: Running config, Startup config | Cisco IOS |
Cisco | Nexus OS based Routers and Switches | SNMP: OS, Hardware; SSH: configuration running process, Layer 2 connectivity | SNMP: CPU, Memory, Interface utilization, Hardware Status; SNMP: IP SLA metrics, BGP metrics, OSPF metrics, NBAR metrics; SNMP: Class based QoS metrics | Syslog: Over 3500 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, hardware status, software and hardware errors; NetFlow V5, V9: Traffic logs | SSH: Running config, Startup config | Cisco NX-OS |
Cisco | ONS | SNMP: OS, Hardware | SNMP Trap: Availability and Performance Alerts | Cisco NX-OS | ||
Cisco | ACE Application Firewall | SNMP: OS, Hardware | ||||
Cisco | UCS Server | UCS API: Hardware components - processors, chassis, blades, board, cpu, memory, storage, power supply unit, fan unit | UCS API: Chassis Status, Memory Status, Processor Status, Power Supply status, Fan status | Syslog: Over 500 event types parsed for situations covering hardware errors, internal software errors etc | Currently not natively supported | Cisco UCS |
Cisco | WLAN Controller and Access Points | SNMP: OS, Hardware, Access Points | SNMP: Controller CPU, Memory, Interface utilization, Hardware Status; SNMP: Access Point Wireless Channel utilization, noise metrics, user count | SNMP Trap: Over 88 event types parsed for situations covering Authentication, Association, Rogue detection, Wireless IPS events | Currently not natively supported | Cisco Wireless LAN |
Cisco | Call Manager | SNMP: OS, Hardware, VoIP Phones | SNMP: Call manager CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage; SNMP: VoIP phone count, Gateway count, Media Device count, Voice mail server count and SIP Trunks count; SNMP: SIP Trunk Info, Gateway Status Info, H323 Device Info, Voice Mail Device Info, Media Device Info, Computer Telephony Integration (CTI) Device Info | Syslog: Over 950 messages from Cisco Call Manager as well as Cisco Unified Real Time Monitoring Tool (RTMT); CDR Records, CMR Records: Call Source and Destination, Time, Call Quality metrics (MOS Score, Jitter, latency) | Currently not natively supported | Cisco Call Manager |
Cisco | Contact Center | SNMP: OS, Hardware | SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change | Currently not natively supported - Custom parsing needed | Currently not natively supported | Cisco Contact Center |
Cisco | Presence Server | SNMP: OS, Hardware | SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change | Currently not natively supported - Custom parsing needed | Currently not natively supported | Cisco Presence Server |
Cisco | Tandeberg Tele-presence Video Communication Server (VCS) | SNMP: OS, Hardware | SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change | Currently not natively supported - Custom parsing needed | Currently not natively supported | Cisco Tandeberg Telepresence VCS |
Cisco | Tandeberg Tele-presence Multiple Control Unit (MCU) | SNMP: OS, Hardware | SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change | Currently not natively supported - Custom parsing needed | Currently not natively supported | Cisco Telepresence MCU |
Cisco | Unity Connection | SNMP: OS, Hardware | SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change | Currently not natively supported - Custom parsing needed | Currently not natively supported | Cisco Unity |
Cisco | IronPort Mail Gateway | SNMP: OS, Hardware | SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change | Syslog: Over 45 event types covering mail scanning and forwarding status | Currently not natively supported | Cisco IronPort Mail |
Cisco | IronPort Web Gateway | SNMP: OS, Hardware | SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change | W3C Access log (Syslog): Over 9 event types covering web request handling status | Currently not natively supported | Cisco IronPort Web |
Cisco | Cisco Network IPS Appliances | SNMP: OS, Hardware | SNMP: CPU, Memory, Disk Interface utilization, Hardware Status | SDEE: Over 8000 IPS signatures | Currently not natively supported | Cisco NIPS |
Cisco | Sourcefire 3D and Defense Center | SNMP: OS, Hardware | Sourcefire 3D and Defense Center | |||
Cisco | Cisco Firepower Management Center (FMC) - Previously FireSIGHT Console | eStreamer SDK: Intrusion events, Malware events, File events, Discovery events, User activity events, Impact flag events | Cisco Firepower Management Center (FMC) - Previously Cisco FireSIGHT | |||
Cisco | Cisco Security Agent | SNMP or WMI: OS, Hardware | SNMP or WMI: Process CPU and memory utilization | SNMP Trap: Over 25 event types covering Host IPS behavioral signatures. | Currently not natively supported | Cisco CSA |
Cisco | Cisco Access Control Server (ACS) | SNMP or WMI: OS, Hardware | SNMP or WMI: Process CPU and memory utilization | Syslog: Passed and Failed authentications, Admin accesses | Currently not natively supported | Cisco ACS |
Cisco | VPN 3000 | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization | Syslog: Successful and Failed Admin Authentication, VPN Authentication, IPSec Phase 1 and Phase 2 association, VPN statistics | Currently not natively supported | Cisco VPN 3000 |
Cisco | Meraki Cloud Controllers | SNMP: OS, Hardware, Meraki devices reporting to the Cloud Controller | SNMP: Uptime, Network Interface Utilization; SNMP Trap: Various availability scenarios | Currently not natively supported - Custom parsing needed | Currently not natively supported | Cisco Meraki Cloud Controller and Network Devices |
Cisco | Meraki Firewalls | SNMP: OS, Hardware | SNMP: Uptime, Network Interface Utilization | Syslog: Firewall log analysis | Currently not natively supported | Cisco Meraki Cloud Controller and Network Devices |
Cisco | Meraki Routers/Switches | SNMP: OS, Hardware | SNMP: Uptime, Network Interface Utilization | Currently not natively supported | Cisco Meraki Cloud Controller and Network Devices | |
Cisco | Meraki WLAN Access Points | SNMP: OS, Hardware | SNMP: Uptime, Network Interface Utilization | Currently not natively supported | Cisco Meraki Cloud Controller and Network Devices | |
Cisco | MDS Storage Switch | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization, Hardware Status | Currently not natively supported - Custom parsing needed | Currently not natively supported | |
Cisco | Network Control Manager (NCM) | Syslog: Network device software update, configuration analysis for compliance, admin login | Cisco Network Compliance Manager | |||
Cisco | Stealthwatch | Host name and Device type | Not supported | Not supported | Cisco Stealthwatch | |
Cisco | Umbrella | DNS logs, Proxy logs, IP logs, Admin Audit logs | Cisco Umbrella | |||
Cisco | Viptela | Discovered Via LOG only | Not natively supported - Custom monitoring needed | Over 289 Events Types parsed | Not natively supported - Custom configuration collection needed | Cisco Viptela SDWAN Router |
Cisco | Wide Area Application Services (WAAS) | SNMP: Host name, Version, Hardware model, Network interfaces | SNMP: CPU, Memory, Interface utilization, Disk utilization, Process cpu/memory utilization | Cisco WAAS | ||
Claroty | Continuous Threat Detection (CTD) | Claroty Continuous Threat Detection (CTD) | ||||
CloudPassage | Halo | Host name and Device type | Not supported | Not supported | CloudPassage Halo | |
Corero | Smartwall Threat Defense System | Corero Smartwall Threat Defense System | ||||
CradlePoint | CradlePoint | Discovered via LOG only | Not natively supported. Custom monitoring needed | 29 Event types covering Security Violations, Config Changes, Authentications and informational events | Not currently supported. | CradlePoint |
CrowdStrike | Falcon | Host name and Device type | Not supported | Not supported | CrowdStrike Falcon | |
Cyberoam | Cyberoam | Discovered via LOG only | Not natively supported. Custom monitoring needed. | Event, Security, and Traffic logs | Connection - permit and deny, system events, maleware events | Cyberoam Firewall |
Cylance | Cylance Protect Endpoint Protection | Syslog: Endpoint protection alerts | Cylance Protect | |||
Cyphort | Cyphort Cortex Endpoint Protection | Syslog: Endpoint protection alerts | Cyphort Cortex | |||
Cyxtera | AppGate SDP | Host name and Device type | Not supported | Not supported | Cyxtera AppGate SDP | |
Damballa | Failsafe | Damballa Failsafe | ||||
Darktrace | CyberIntelligence Platform | Discovered via LOG only | Not natively supported - Custom monitoring needed | Over 40 Events Types parsed | Not Natively Supported - Custom Configuration collection needed | Darktrace CyberIntelligence Platform |
Dell | SonicWall Firewall | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization, Firewall session count | Syslog: Firewall log analysis (over 1000 event types) | Currently not natively supported | Dell SonicWALL |
Dell | Force10 Router and Switch | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization, Interface Status, Hardware Status | SSH: Running config, Startup config | Dell Force10 | |
Dell | NSeries Router and Switch | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization, Hardware Status | SSH: Startup config | Dell NSeries | |
Dell | PowerConnect Router and Switch | SNMP: OS, Hardware | SNMP: CPU, Memory, Interface utilization, Hardware Status | SSH: Startup config | Dell PowerConnect | |
Dell | Dell Hardware on Intel-based Servers | SNMP: Hardware | SNMP: Hardware Status: Battery, Disk, Memory, Power supply, Temperature, Fan, Amperage, Voltage | Currently not natively supported. | ||
Dell | Compellent Storage | SNMP: OS, Hardware | SNMP: Network Interface utilization, Volume utilization, Hardware Status (Power, Temperature, Fan) | Currently not natively supported. | Dell Compellent | |
Dell | EqualLogic Storage | SNMP: OS, Hardware (Network interfaces, Physical Disks, Components) | SNMP: Uptime, Network Interface utilization; SNMP: Hardware status: Disk, Power supply, Temperature, Fan, RAID health; SNMP: Overall Disk health metrics: Total disk count, Active disk count, Failed disk count, Spare disk count; SNMP: Connection metrics: IOPS, Throughput; SNMP: Disk performance metrics: IOPS, Throughput; SNMP: Group level performance metrics: Storage, Snapshot | Currently not natively supported. | Dell EqualLogic | |
Digital Defense |
Frontline Vulnerability Manager |
|
|
Frontline API: Host name, Vulnerability name, Vulnerability CVE ID, Vulnerability score, and operating system in event. |
|
|
Digital Guardian | Code Green DLP | LOG Discovery | Currently not natively supported | 1 broad event Type | Currently not natively supported | Digital Guardian Code Green DLP |
Dragos | Platform - Industrial control systems (ICS) and OT (operational technology) | Dragos Platform | ||||
EMC | Clariion Storage | Naviseccli: Host name, Operating system version, Hardware model, Serial number, Network interfaces, Installed Software, Storage Controller Ports;
Naviseccli: Hardware components, RAID Groups and assigned disks, LUNs and LUN -> RAID Group mappings, Storage Groups and memberships |
Naviseccli: Storage Processor utilization, Storage Port I/O, RAID Group I/O, LUN I/O, Host HBA Connectivity, Host HBA Unregistered Host, Hardware component health, Overall Disk health, Storage Pool Utilization | Currently not natively supported. | EMC Clariion | |
EMC | VNX Storage | Naviseccli: Host name, Operating system version, Hardware model, Serial number, Network interfaces, Installed Software, Storage Controller Ports
Naviseccli: Hardware components, RAID Groups and assigned disks, LUNs and LUN -> RAID Group mappings, Storage Groups and memberships |
Naviseccli: Storage Processor utilization, Storage Port I/O, RAID Group I/O, LUN I/O, Host HBA Connectivity, Host HBA Unregistered Host, Hardware component health, Overall Disk health, Storage Pool Utilization | EMC VNX | ||
EMC | Isilon Storage | SNMP: Host name, Operating system, Hardware (Model, Serial number, Network interfaces, Physical Disks, Components) | SNMP: Uptime, Network Interface metrics; SNMP: Hardware component health: Disk, Power supply, Temperature, Fan, Voltage; SNMP: Cluster membership change, Node health and performance (CPU, I/O), Cluster health and performance, Cluster Snapshot, Storage Quota metrics, Disk performance, Protocol performance | 5 event types | EMC Isilon | |
Epic | SecuritySIEM | Discovered via LOG only | Not natively supported. Custom monitoring needed. | Authentication Query, Client login Query | Currently not natively supported | Epic EMR/EHR System |
ESET | Nod32 Anti-virus | Application type discovery via LOG | Syslog (CEF format): Virus found/cleaned type of events | ESET NOD32 | ||
FireEye | Malware Protection System (MPS) | Application type discovery via LOG | Syslog (CEF format): Malware found/cleaned type of events | FireEye MPS | ||
FireEye | HX Appliances for Endpoint protection | Application type discovery via LOG | Syslog (CEF format): Malware Acquisition, Containment type of events | |||
F5 Networks | Application Security Manager | Discovery via LOG | Syslog (CEF Format); Various application level attack scenarios - invalid directory access, SQL injections, cross site exploits | F5 Application Security Manager | ||
F5 Networks | Local Traffic Manager | SNMP: Host name, Operating system, Hardware (Model, Serial number, Network interfaces, Physical Disks), Installed Software, Running Software | SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start | SNMP Trap: Exception situations including hardware failures, certain security attacks, Policy violations etc; Syslog: Permitted and Denied Traffic | F5 Networks Local Traffic Manager | |
F5 Networks | Web Accelerator | Discovery via LOG | Syslog: Permitted Traffic | F5 Networks Web Accelerator | ||
Fortinet | FortiNDR (Formerly FortiAI) |
|
|
|
|
|
Fortinet |
FortiAnalyzer |
|
|
|
|
|
Fortinet | FortiAP | Access point – Name, OS, Interfaces, Controller (FortiGate) | FortiAP CPU, Memory, Clients, Sent/Received traffic | Wireless events via FortiGate | FortiAP | |
Fortinet | FortiAuthenticator | Vendor, OS, Model | Interface Stat, Authentication Stat | Over 150 event types | Currently not natively supported. | Fortinet FortiAuthenticator |
Fortinet | FortiCASB |
|
|
|
|
Fortinet FortiCASB |
Fortinet | FortiClient | Discovered via LOG only | Syslog: Traffic logs, Event logs | Not supported | FortiClient | |
Fortinet | FortiDeceptor | Discovered via LOG only | Not natively supported. Custom monitoring needed. | Authentication logs, Decoy activity | Currently not natively supported. | Fortinet FortiDeceptor |
Fortinet | FortiEDR | Discovered via LOG only | Not natively supported. Custom monitoring needed. | System and security events (e.g. file blocked) | Currently not natively supported | Fortinet FortiEDR |
Fortinet | FortiGate firewalls | SNMP: OS, Host name, Hardware (Serial Number, Interfaces, Components) | SNMP: Uptime, CPU and Memory utilization, Network Interface metrics | Syslog: Over 11000 Traffic and system logs; Netflow: traffic flow, Application flow | SSH: Running config, Startup config | Fortinet FortiGate |
Fortinet | FortiInsight | FortiInsight | ||||
Fortinet | FortiManager | SNMP: Host name, Hardware model, Network interfaces, Operating system version | SNMP: Uptime, CPU and Memory utilization, Network Interface metrics | FortiManager | ||
Fortinet | FortiNAC | Discovered via LOG only | Not natively supported. Custom monitoring needed | Administrative and User Admission Control events | Currently not natively supported | Fortinet FortiNAC |
Fortinet | FortiProxy |
|
|
|
|
|
Fortinet | FortiWLC | SNMP - Controller – Name, OS, Serial Number, Interfaces, Associated Access Points – name, OS, Interfaces | Controller – CPU, Memory, Disk, Throughput, QoS statistics, Station count | Hardware/Software errors, failures, logons, license expiry, Access Point Association / Disassociation | Not supported | FortiWLC |
Fortinet | FortiTester | Discovered Via LOG only | Not natively supported - Custom monitoring needed | CEF format: Over 14 Event types parsed | Not natively supported - Custom configuration collection needed | Fortinet FortiTester |
Foundry Networks | IronWare Router and Switch | SNMP: OS, Hardware SSH: configuration, running process | SNMP: Uptime, CPU, Memory, Interface utilization, Hardware Status | Syslog: Over 6000 event types parsed for situations covering admin access, configuration change, interface up/down | SSH: Running config, Startup config | Foundry Networks IronWare |
FreeBSD | ||||||
GitHub.com | GitHub | Host name and Device type | Not supported | Not supported | GitHub | |
GitLab API | GitLab | Host name and Device type | Not supported | Not supported | GitLab API | |
GitLab CLI | GitLab | Host name and Device type | Not supported | Not supported | GitLab CLI | |
Google Cloud Platform (GCP) |
|
|
|
|
Google Cloud Platform (GCP)- Pub/Sub Integration | |
|
Google Workspace (Formerly G Suite and Google Apps) |
|
|
|
|
|
Green League | WVSS | Green League WVSS | ||||
Huawei | VRP Router and Switch | SNMP: OS, Hardware; SSH: configuration, running process, Layer 2 connectivity | SNMP: Uptime, CPU, Memory, Interface utilization, Hardware Status | Syslog: Over 30 event types parsed for situations covering admin access, configuration change, interface up/down | SSH: Running config, Startup config | |
HP | BladeSystem | SNMP: Host name, Access IP, Hardware components | SNMP: hardware status | HP BladeSystem | ||
HP | HP-UX servers | SNMP: OS, Hardware | SNMP: Uptime, CPU, Memory, Network Interface, Disk space utilization, Network Interface Errors, Running Process Count, Running process CPU/memory utilization, Running process start/stop; SNMP: Installed Software change; SSH : Memory paging rate, Disk I/O utilization | HP UX Server | ||
HP | HP Hardware on Intel-based Servers | SNMP: hardware model, hardware serial, hardware components (fan, power supply, battery, raid, disk, memory) | SNMP: hardware status | SNMP Trap: Over 100 traps covering hardware issues | ||
HP | TippingPoint UnityOne IPS | SNMP: OS, Hardware | SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors | Syslog: Over 4900 IPS alerts directly or via NMS | TippingPoint IPS | |
HP | ProCurve Switches and Routers | SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration | SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors; SNMP: hardware status | SSH: Running config, Startup config | HP ProCurve | |
HP | Value Series (19xx) Switches and Routers | SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration | SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors | SSH: Startup config | HP Value Series (19xx) and HP 3Com (29xx) Switch | |
HP | 3Com (29xx) Switches and Routers | SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration | SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors | SSH: Startup config | HP Value Series (19xx) and HP 3Com (29xx) Switch | |
HP | HP/3Com Comware Switches and Routers | SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration | SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors; SNMP: hardware status | Syslog: Over 6000 vent types parsed for situations covering admin access, configuration change, interface up/down and other hardware issues and internal errors | SSH: Startup config | HP/3Com ComWare |
HPE | Integrated Lights-Out (iLO) |
|
|
|
|
|
Hirschmann | Switches | Host Name, OS | SNMP – Uptime, CPU, Memory, Interface utilization, hardware Status, OSPF metrics | Not natively supported - Custom parsing needed | Not natively supported - Custom configuration collection needed | Hirschmann SCADA Firfewalls and Switches |
HyTrust | CloudControl | LOG Discovery | Currently not natively supported | Over 70 event types | Currently not natively supported | HyTrust CloudControl |
IBM | Websphere Application Server | SNMP or WMI: Running processes | HTTP(S): Generic Information, Availability metrics, CPU / Memory metrics, Servlet metrics, Database pool metrics, Thread pool metrics, Application level metrics, EJB metrics | IBM WebSphere | ||
IBM | DB2 Database Server | SNMP or WMI: Running processes | JDBC: Database Audit trail: Log on, Database level and Table level CREATE/DELETE/MODIFY operations | IBM DB2 | ||
IBM | ISS Proventia IPS Appliances | SNMP Trap: IPS Alerts: Over 3500 event types | IBM ISS Proventia | |||
IBM | AIX Servers | SNMP: OS, Hardware, Installed Software, Running Processes, Open Ports; SSH: Hardware details | SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down ; SSH: Disk I/O, Paging | Syslog: General logs including Authentication Success/Failure, Privileged logons, User/Group Modification | IBM AIX | |
IBM | OS 400 | Syslog via PowerTech Agent: Over 560 event types | IBM OS400 | |||
Imperva | Securesphere DB Monitoring Gateway | Imperva Securesphere DB Monitoring Gateway | ||||
Imperva | Securesphere Security Gateway | Syslog in CEF format | Imperva Securesphere Security Gateway | |||
Imperva | Securesphere Web App Firewall | Imperva SecureSphere Web App Firewall | ||||
Indegy |
Security Platform |
Discovered via LOG only | Not natively supported - Custom monitoring needed | Over 14 Events Types parsed | Not natively supported - Custom configuration collection needed | Indegy Security Platform |
Intel/McAfee | McAfee Sidewinder Firewall | SNMP: OS, Hardware, Installed Software, Running Processes | SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start | Syslog: Firewall logs | McAfee Firewall Enterprise (Sidewinder) | |
Intel/McAfee | McAfee ePO | SNMP: Related process name and parameters | SNMP: Process resource utilization | SNMP Trap: Over 170 event types | McAfee ePolicy Orchestrator (ePO) | |
Intel/McAfee | Intrushield IPS | SNMP: OS, Hardware | SNMP: Hardware status | Syslog: IPS Alerts | McAfee IntruShield | |
Intel/McAfee | Stonesoft IPS | Syslog: IPS Alerts | McAfee Stonesoft | |||
Intel/McAfee | Web Gateway | Syslog: Web server log | McAfee Web Gateway | |||
Intel/McAfee | Foundstone Vulnerability Scanner | JDBC: Vulnerability data | McAfee Foundstone Vulnerability Scanner | |||
Infoblox | DNS/DHCP Appliance | SNMP: OS, Hardware, Installed Software, Running Processes | ; SNMP: Zone transfer metrics, DNS Cluster Replication metrics, DNS Performance metrics, DHCP Performance metrics, DDNS Update metrics, DHCP subnet usage metrics ; SNMP: Hardware Status ; SNMP Trap: Hardware/Software Errors | Syslog: DNS logs - name resolution activity - success and failures | Infoblox DNS/DHCP | |
ISC | Bind DNS | Syslog: DNS logs - name resolution activity - success and failures | ISC BIND DNS | |||
Juniper | JunOS Router/Switch | SNMP: OS, Hardware; SSH: Configuration | SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status ; | Syslog: Over 1420 event types parsed for situations covering admin access, configuration change, interface up/down and other hardware issues and internal errors | SSH: Startup configuration | Juniper Networks JunOS |
Juniper | SRX Firewalls | SNMP: OS, Hardware SSH: Configuration | SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status | Syslog: Over 700 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors | SSH: Startup configuration | Juniper Networks JunOS |
Juniper | SSG Firewall | SNMP: OS, Hardware ; SSH: Configuration | SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status | Syslog: Over 40 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors | SSH: Startup configuration | Juniper Networks SSG Firewall |
Juniper | ISG Firewall | SNMP: OS, Hardware ; SSH: Configuration | SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status | Syslog: Over 40 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors | SSH: Startup configuration | Juniper Networks SSG Firewall |
Juniper | Steel-belted Radius | Discovered via LOG | Syslog - 4 event types covering admin access and AAA authentication | Juniper Networks Steel-Belted Radius | ||
Juniper | Secure Access Gateway | SNMP: OS, Hardware | SNMP: CPU, Memory, Disk, Interface utilization | Syslog - Over 30 event types parsed for situations covering VPN login, Admin access, Configuration Change | Juniper Networks SSL VPN Gateway | |
Juniper | Netscreen IDP | Syslog - directly from Firewall or via NSM - Over 5500 IPS Alert types parsed | Juniper Networks IDP Series | |||
Juniper | DDoS Secure | Syslog - DDoS Alerts | Juniper DDoS | |||
KVM |
|
|
|
|
|
KVM |
Lantronix | SLC Console Manager | Syslog - Admin access, Updates, Commands run | Lantronix SLC Console Manager | |||
LastLine | Syslog in CEF format | LastLine | ||||
Liebert | HVAC | SNMP: Host Name, Hardware model | SNMP: HVAC metrics: Temperature: current value, upper threshold, lower threshold, Relative Humidity: current value, upper threshold, lower threshold, System state etc | Liebert HVAC | ||
Liebert | FPC | SNMP: Host Name, Hardware model | SNMP: Output voltage (X-N, Y-N, Z-N), Output current (X, Y. Z), Neutral Current, Ground current, Output power, Power Factor etc | Liebert FPC | ||
Liebert | UPS | SNMP: Host Name, Hardware model | SNMP: UPS metrics: Remaining battery charge, Battery status, Time on battery, Estimated Seconds Remaining, Output voltage etc | Liebert UPS | ||
Malwarebytes | Malwarebytes Breach Remediation | Malwarebytes Breach Remediation | ||||
Malwarebytes | Malwarebytes Endpoint Protection |
|
|
|
|
Malwarebytes Endpoint Protection |
McAfee | Vormetric Data Security Manager | LOG Discovery | Currently not natively supported | 1 broad event Type | Currently not natively supported | McAfee Vormetric Data Security Manager |
Microsoft | Microsoft Advanced Threat Analytics (ATA) On Premise Platform |
|
|
|
|
Microsoft Advanced Threat Analytics (ATA) On Premise Platform |
Microsoft | ASP.NET | SNMP: Running Processes | SNMP or WMI: Process level resource usage ; WMI: Request Execution Time, Request Wait Time, Current Requests, Disconnected Requests etc | Microsoft ASP.NET | ||
Microsoft | Microsoft Defender for Identity/Azure Advanced Threat Protection (ATP) | Host name and Device type | Not supported | Not supported | Microsoft Defender for Identity/Microsoft Azure ATP | |
Microsoft |
Microsoft Defender for IoT (Was CyberX OT/IoT Security) |
|
|
|
|
|
Microsoft | Azure Compute | Microsoft Azure Compute | ||||
Microsoft | Azure Event Hub | Microsoft Azure Event Hub | ||||
Microsoft | Cloud App Security | Host name and Device type | Not supported | Not supported | Microsoft Cloud App Security | |
Microsoft | DHCP Server - 2003, 2008 | SNMP: Running Processes | WMI: DHCP metrics: request rate, release rate, decline rate, Duplicate Drop rate etc | FortiSIEM Windows Agent (HTTPS): DHCP logs - release, renew etc; Snare Agent (syslog): DHCP logs - release, renew etc; Correlog Agent (syslog): DHCP logs - release, renew etc | Microsoft DHCP (2003, 2008) | |
Microsoft | DNS Server - 2003, 2008 | SNMP: Running Processes | WMI: DNS metrics: Requests received, Responses sent, WINS requests received, WINS responses sent, Recursive DNS queries received etc | FortiSIEM Windows Agent (HTTPS): DNS logs - name resolution activity; Snare Agent (syslog): DNS logs - name resolution activity; Correlog Agent (syslog): DNS logs - name resolution activity | Microsoft DNS (2003, 2008) | |
Microsoft | Domain Controller / Active Directory - 2003, 2008, 2012 | SNMP: Running Processes; LDAP: Users | WMI: Active Directory metrics: Directory Search Rate, Read Rate, Write Rate, Browse Rate, LDAP search rate, LDAP Bind Rate etc; WMI: "dcdiag -e" command output - detect successful and failed domain controller diagnostic tests; WMI: "repadmin /replsummary" command output - Replication statistics; LDAP: Users with stale passwords, insecure password settings | Microsoft Active Directory | ||
Microsoft | Exchange Server | SNMP: Running Processes | SNMP or WMI: Process level resource usage; WMI: Exchange performance metrics, Exchange error metrics, Exchange mailbox metrics, Exchange SMTP metrics, Exchange ESE Database, Exchange Database Instances, Exchange Mail Submission Metrics, Exchange Store Interface Metrics etc | Exchange Tracker Logs via FSM Advanced Windows Agent | Microsoft Exchange | |
Microsoft | Hyper-V Hypervisor | Powershell over winexe: Guest/Host CPU usage, Memory usage, Page fault, Disk Latency, Network usage ; | Hyper-V | |||
Microsoft | IIS versions | SNMP: Running Processes | SNMP or WMI: Process level resource usage WMI: IIS metrics: Current Connections, Max Connections, Sent Files, Received Files etc | FortiSIEM Windows Agent (HTTPS): W3C Access logs - Per instance Per Connection - Sent Bytes, Received Bytes, Duration ; Snare Agent (syslog): W3C Access logs; Correlog Agent (syslog): W3C Access logs | Microsoft IIS for Windows 2000 and 2003; Microsoft IIS for Windows 2008 | |
Microsoft | Internet Authentication Server (IAS) | SNMP: Running Processes | SNMP or WMI: Process level resource usage | FortiSIEM Windows Agent (HTTPS): AAA logs - successful and failed authentication ; Snare Agent (syslog): AAA logs - successful and failed authentication ; Correlog Agent (syslog): AAA logs - successful and failed authentication | Microsoft Internet Authentication Server (IAS) | |
Microsoft | Network Policy Server | Discovered via LOG only. | Not natively supported. Custom monitoring needed. | AAA-based login events | Currently not natively supported | Microsoft Network Policy Server |
Microsoft | PPTP VPN Gateway | FortiSIEM Windows Agent (HTTPS): VPN Access - successful and failed Snare Agent (syslog): VPN Access - successful and failed ; Correlog Agent (syslog): VPN Access - successful and failed | Microsoft PPTP | |||
Microsoft | SharePoint Server | SNMP: Running Processes | SNMP or WMI: Process level resource usage | LOGBinder Agent: SharePoint logs - Audit trail integrity, Access control changes, Document updates, List updates, Container object updates, Object changes, Object Import/Exports, Document views, Information Management Policy changes etc | Microsoft SharePoint | |
Microsoft | SQL Server - 2014, 2016, 2017, 2019 | SNMP: Running Processes | SNMP or WMI: Process resource usage; JDBC: General database info, Configuration Info, Backup Info,; JDBC: Per-instance like Buffer cache hit ratio, Log cache hit ratio etc; JDBC: per-instance, per-database Performance metrics Data file size, Log file used, Log growths etc; JDBC: Locking info, Blocking info | JDBC: database error log; JDBC: Database audit trail | Microsoft SQL Server | |
Microsoft | Microsoft Defender for Endpoint/Windows Defender Advanced Threat Protection (ATP) | Host name and Device type | Not supported | Not supported | Microsoft Defender for Endpoint/Windows Defender ATP | |
Microsoft | Windows 2000, Windows 2003, Windows 2008, Windows 2008 R2, Windows 2012, Windows 2012 R2 | SNMP: OS, Hardware (for Dell and HP), Installed Software, Running Processes; WMI: OS, Hardware (for Dell and HP), BIOS, Installed Software, Running Processes, Services, Installed Patches | SNMP: CPU, Memory, Disk, Interface utilization, Process utilization ; WMI: SNMP: CPU, Memory, Disk, Interface utilization, Detailed CPU/Memory usage, Detailed Process utilization | WMI pulling: Security, System and Application logs; FortiSIEM Windows Agent (HTTPS): Security, System and Application logs, File Content change; Snare Agent (syslog): Security, System and Application logs; Correlog Agent (syslog): Security, System and Application logs | SNMP: Installed Software Change; FortiSIEM Windows Agent: Installed Software Change, Registry Change; FortiSIEM Windows Agent: File Integrity Monitoring | Microsoft Windows Servers |
MobileIron Sentry and Connector | Sentry | Discovered Via LOG only | Not natively supported - Custom monitoring needed | Over 18 Events Types parsed | Not natively supported - Custom configuration collection needed | MobileIron Sentry |
Motorola | AirDefense Wireless IDS | Syslog: Wireless IDS logs | Motorola AirDefense | |||
Motorola | WiNG WLAN Access Point | Syslog: All system logs: User authentication, Admin authentication, WLAN attacks, Wireless link health | Motorola WLAN | |||
Mikrotek | Mikrotech Switches and Routers | Host name, OS, Hardware model, Serial number, Components | SNMP: Uptime CPU utilization, Network Interface metrics | Mikrotek Router | ||
NetApp | DataONTAP | NetApp DataONTAP | ||||
NetApp | DataONTAP based Filers | SNMP: Host name, OS, Hardware model, Serial number, Network interfaces, Logical volumes, Physical Disks | SNMP: CPU utilization, Network Interface metrics, Logical Disk Volume utilization; SNMP: Hardware component health, Disk health ONTAP API: Detailed NFS V3/V4, ISCSI, FCP storage IO metrics, Detailed LUN metrics, Aggregate metrics, Volume metrics, Disk performance metrics | SNMP Trap: Over 150 alerts - hardware and software alerts | NetApp Filer | |
Nessus | Vulnerability Scanner | Nessus API: Vulnerability Scan results - Scan name, Host, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulnerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence, etc | Nessus Vulnerability Scanner | |||
Netwrix | Auditor | Not natively supported | Not natively supported | 2 Event Types parsed (via Windows Correlog Agent) | Not natively supported | Netwrix Auditor |
NGINX | Web Server | SNMP: Application name | SNMP: Application Resource Usage | Syslog: W3C access logs: per HTTP(S) connection: Sent Bytes, Received Bytes, Connection Duration | NGINX Web Server | |
Nimble | NimbleOS Storage | Host name, Operating system version, Hardware model, Serial number, Network interfaces, Physical Disks, Components | SNMP: Uptime, Network Interface metrics, Storage Disk Utilization SNMP: Storage Performance metrics: Read rate (IOPS), Sequential Read Rate (IOPS), Write rate (IOPS), Sequential Write Rate (IOPS), Read latency, etc | Nimble Storage | ||
Nortel | ERS Switches and Routers | SNMP: Host name, OS, Hardware model, Serial number, Components | SNMP: Uptime CPU/memory utilization, Network Interface metrics/errors, Hardware Status | Nortel ERS and Passport Switch | ||
Nortel | Passport Switches and Routers | SNMP: Host name, OS, Hardware model, Serial number, Components | SNMP: Uptime CPU/memory utilization, Network Interface metrics/errors, Hardware Status | Nortel ERS and Passport Switch | ||
Nozomi | Guardian | No | No | Yes | No | Nozomi |
Nutanix | Controller VM | SNMP: Host name, OS, Hardware model, Serial number, Network interfaces, Physical Disks, Components | SNMP: Uptime CPU/memory utilization, Network Interface metrics/errors, Disk Status, Cluster Status, Service Status, Storage Pool Info, Container Info | Nutanix | ||
Okta.com | SSO | Okta API: Users | Okta API: Over 90 event types covering user activity in Okta website | Okta Configuration | ||
One Identity | Safeguard | Not supported | One Identity Safeguard | |||
OpenLDAP | OpenLDAP | LDAP: Users | ||||
Oracle | Cloud Access Security Broker (CASB) | Oracle Cloud Access Security Broker | ||||
Oracle | Cloud Infrastructure |
|
|
|
|
Oracle Cloud Infrastructure |
Oracle | Enterprise Database Server - 10g, 11g, 12c, 18/19c, 21c | SNMP or WMI: Process resource usage ; | JDBC: Database performance metrics: Buffer cache hit ratio, Row cache hit ratio, Library cache hit ratio, Shared pool free ratio, Wait time ratio, Memory Sorts ratio etc ; JDBC: Database Table space information: able space name, table space type, table space usage, table space free space, table space next extent etc; JDBC: Database audit trail: Database logon, Database operations including CREATE/ALTER/DROP/TRUNCATE operations on tables, table spaces, databases, clusters, users, roles, views, table indices, triggers etc. | Syslog: Listener log, Alert log, Audit Log | Oracle Database | |
Oracle | MySQL Server | SNMP or WMI: Process resource usage | JDBC: User Connections, Table Updates, table Selects, Table Inserts, Table Deletes, Temp Table Creates, Slow Queries etc; JDBC: Table space performance metrics: Table space name, table space type, Character set and Collation, table space usage, table space free space etc; JDBC: Database audit trail: Database log on, Database/Table CREATE/DELETE/MODIFY operations | MySQL Server | ||
Oracle | WebLogic Application Server | SNMP or WMI: Process resource usage | JMX: Availability metrics, Memory metrics, Servlet metrics, Database metrics, Thread pool metrics, EJB metrics, Application level metrics | Oracle WebLogic | ||
Oracle | Glassfish Application Server | SNMP or WMI: Process resource usage | JMX: Availability metrics, Memory metrics, Servlet metrics, Session metrics, Database metrics, Request processor metrics, Thread pool metrics, EJB metrics, Application level metrics, Connection metrics | Oracle GlassFish Server | ||
Oracle | Sun SunOS and Solaris | SNMP: OS, Hardware, Software, Processes, Open Ports ; SSH: Hardware details | SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down ; SSH: Disk I/O, Paging | Syslog: Situations covering Authentication Success/Failure, Privileged logons, User/Group Modification | Sun Solaris Server | |
OTORIO |
RAM2 (Risk Assessment, Monitoring and Management) |
|
|
|
|
|
PacketFence | Network Access Control | Host name and Device type | Not supported | Not supported | PacketFence Network Access Control | |
Palo Alto Networks | Cortex XDR |
|
|
|
|
Palo Alto Cortex XDR |
Palo Alto Networks | Palo Alto Traps Endpoint Security Manager | LOG Discovery | Currently not natively supported | Over 80 event types | Currently not natively supported | Palo Alto Traps Endpoint Security Manager |
Palo Alto Networks | PAN-OS based Firewall | SNMP: Host name, OS, Hardware, Network interfaces; SSH: Configuration | SNMP: Uptime, CPU utilization, Network Interface metrics, Firewall connection count | Syslog: Traffic log, Threat log (URL, Virus, Spyware, Vulnerability, File, Scan, Flood and data subtypes), config and system logs, wildfire logs | SSH: Configuration Change | Palo Alto Firewall |
Proofpoint | Proofpoint |
|
|
|
|
Proofpoint |
PulseSecure | PulseSecure VPN | Syslog: VPN events, Traffic events, Admin events | PulseSecure | |||
QNAP | Turbo NAS | QNAP Turbo NAS | ||||
Qualys | QualysGuard Scanner | Qualys QualysGuard Scanner | ||||
Qualys | Vulnerability Scanner | Qualys API: Vulnerability Scan results - Scan name, Host, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulnerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence etc | Qualys Vulnerability Scanner | |||
Qualys | Web Application Firewall | syslog (JSON formatted): web log analysis | Qualys Web Application Firewall | |||
Radware | DefensePro | LOG Discovery | Currently not natively supported | Over 120 event types | Currently not natively supported | Radware DefensePro |
Rapid7 | InsightVM (Platform Based Vulnerability Management) | Host name and Device type | Not supported | Rapid7 InsightVM (Vulnerability Management On-Premises) | ||
Rapid7 | NeXpose Vulnerability Scanner (Vulnerability Management On-Premises) | Rapid7 NeXpose API: Vulnerability Scan results - Scan name, Host, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulnerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence etc | Rapid7 NeXpose Vulnerability Scanner (Platform Based Vulnerability Management) | |||
Red Hat | Linux | SNMP: OS, Hardware, Software, Processes, Open Ports ; SSH: Hardware details, Linux distribution | SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down ; SSH: Disk I/O, Paging | Syslog: Situations covering Authentication Success/Failure, Privileged logons, User/Group Modification SSH: File integrity monitoring, Command output monitoring, Target file monitoring Agent: File integrity monitoring | SSH: File integrity monitoring, Target file monitoring Agent: File integrity monitoring | Linux Server |
Red Hat | JBoss Application Server | SNMP: Process level CPU/Memory usage | JMX: CPU metrics, Memory metrics, Servlet metrics, Database pool metrics, Thread pool metrics, Application level metrics, EJB metrics | ; | Red Hat JBoss | |
Red Hat | DHCP Server | SNMP: Process level CPU/Memory usage | Syslog: DHCP address release/renew events | Linux DHCP | ||
Riverbed | Steelhead WAN Accelerators | SNMP: Host name, Software version, Hardware model, Network interfaces | SNMP: Uptime, CPU / Memory / Network Interface / Disk space metrics, Process cpu/memory utilization; SNMP: Hardware Status SNMP: Bandwidth metrics: (Inbound/Outbound Optimized Bytes - LAN side, WAN side; Connection metrics: Optimized/Pass through / Half-open optimized connections etc); SNMP: Top Usage metrics: Top source, Top destination, Top Application, Top Talker; SNMP: Peer status: For every peer: State, Connection failures, Request timeouts, Max latency | SNMP Trap: About 115 event types covering software errors, hardware errors, admin login, performance issues - cpu, memory, peer latency issues ; Netflow: Connection statistics | Riverbed SteelHead WAN Accelerator | |
Ruckus | Wireless LAN | SNMP: Controller host name, Controller hardware model, Controller network interfaces, Associated WLAN Access Points | SNMP: Controller Uptime, Controller Network Interface metrics, Controller WLAN Statistics, Access Point Statistics, SSID performance Stats | Ruckus WLAN | ||
Security Onion | Zeek (Bro) | Discovered via LOG only | Not natively supported - Custom monitoring needed | Syslog JSON format: 6 event types parsed | Currently not natively supported | Zeek (Bro) Installed on Security Onion |
SentinelOne | SentinelOne | Discovered via LOG only | Not natively supported. Custom monitoring needed. | System and security events (e.g. file blocked) | Currently not natively supported | SentinelOne |
Snort | IPS | SNMP: Process level CPU/Memory usage | Syslog: Over 40K IPS Alerts DBC: Over 40K IPS Alerts - additional details including TCP/UDP/ICMP header and payload in the attack packet | Snort IPS | ||
Sophos | Central | Host name and Device type | Not supported | Not supported | Sophos Central | |
Sophos | Sophos Endpoint Security and Control | SNMP Trap: Endpoint events including Malware found/deleted, DLP events | Sophos Endpoint Security and Control | |||
Squid | Web Proxy | SNMP: Process level CPU/Memory usage | Syslog: W3C formatted access logs - per HTTP(S) connection: Sent Bytes, Received Bytes, Connection Duration | Squid Web Proxy | ||
SSH Com Security | CryptoAuditor | LOG Discovery | Currently not natively supported | Many event types | Currently not natively supported | SSH Com Security CryptoAuditor |
Stormshield | Network Security | Not natively supported | Not natively supported | Firewall logs | Not natively supported | Stormshield Network Security |
Symantec | Symantec Endpoint Protection | Syslog: Over 5000 event types covering end point protection events - malware/spyware/adware, malicious events | Symantec Endpoint Protection | |||
Tanium | Connect | Host name and Device type | Not supported | Not supported | Tanium Connect | |
Tenable | Tenable.io | Host name and Device type | Not supported | Not supported | Tenable.io | |
Tigera | Calico | Not natively supported | Not natively supported | Flow, Audit and DNS logs | Not natively supported | Tigera Calico |
TrendMicro | Deep Discovery | Discovered via LOG only | Not natively supportedCustom monitoring needed. | Malicious file detection | Currently not natively supported | TrendMicro Deep Discovery |
TrendMicro | Deep Security Manager | Syslog: Over 10 event types covering end point protection events | Not supported | |||
TrendMicro | Interscan Web Filter | LOG Discovery | Currently not natively supported | 15 event Types | Currently not natively supported | TrendMicro Interscan Web Filter |
TrendMicro | Intrusion Defense Firewall (IDF) | Syslog: Over 10 event types covering end point firewall events | Trend Micro IDF | |||
TrendMicro | Office scan | SNMP Trap: Over 30 event types covering end point protection events - malware/spyware/adware, malicious events | Trend Micro OfficeScan | |||
UserGate | UTM Firewall |
|
|
|
|
|
Vasco | DigiPass | Syslog - Successful and Failed Authentications, Successful and Failed administrative logons | Vasco DigiPass | |||
VMware | VMware ESX and VCenter | VMWare SDK: Entire VMware hierarchy and dependencies - Data Center, Resource Pool, Cluster, ESX and VMs | VMWare SDK: VM level: CPU, Memory, Disk, Network, VMware tool status VMWare SDK: ESX level: CPU, Memory, Disk, Network, Data store VMWare SDK: ESX level: Hardware Status VMWare SDK: Cluster level: CPU, Memory, Data store, Cluster Status VMWare SDK: Resource pool level: CPU, Memory | VMWare SDK: Over 800 VCenter events covering account creation, VM creation, DRS events, hardware/software errors | ||
VMware | vShield | Syslog: Over 10 events covering permitted and denied connections, detected attacks | ||||
VMware | VCloud Network and Security (vCNS) Manager | Syslog: Over 10 events covering various activities | ||||
WatchGuard | Firebox Firewall | Syslog: Over 20 firewall event types | WatchGuard Firebox Firewall | |||
Websense | Web Filter | Syslog: Over 50 web filtering events and web traffic logs | Websense Web Filter | |||
YXLink | Vulnerability Scanner | YX Link Vulnerability Scanner | ||||
Zeek |
Network Security Monitor (Previously known as Bro) |
|
|
|
|
|
Zscaler | Cloud Firewall |
|
|
|
|