Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

Supported Devices and Applications by Vendor

Supported Devices and Applications by Vendor

Vendor Model Discovery Overview Performance Monitoring Overview Log Analysis Overview Config Change Monitoring Details
AirTight Networks SpectraGuard Discovered via LOG only Not natively supported - Custom monitoring needed CEF format: Over 125 event types parsed covering various Wireless suspicious activities Currently not natively supported AirTight Networks SpectraGuard
Alcatel TiMOS Routers and Switches SNMP: OS, Hardware SNMP: CPU, memory, interface utilization, hardware status Not natively supported - Custom parsing needed Currently not natively supported Alcatel TiMOS and AOS Switch Configuration
Alcatel AOS Routers and Switches SNMP: OS, Hardware SNMP: CPU, memory, interface utilization, hardware status Not natively supported - Custom parsing needed Currently not natively supported Alcatel TiMOS and AOS Switch Configuration
Alert Logic Intrusion Detection and Prevention Systems (IPS) Host name and Device type Not supported Not supported Alert Logic IPS
Alert Logic Iris API Host name and Device type Not supported Not supported Alert Logic IRIS API
Alcide.io KAudit Not natively supported Not natively supported Kubernetes Audit logs Not natively supported Alcide io KAudit
Amazon AWS Servers AWS API: Server Name, Access IP, Instance ID, Image Type, Availability Zone CloudWatch API: System Metrics: CPU, Disk I/O, Network CloudTrail API: Over 325 event types parsed covering various AWS activities CloudTrail API: various administrative changes on AWS systems and users AWS CloudWatchAWS CloudTrail
Amazon AWS Elastic Block Storage (EBS) CloudWatch API: Volume ID, Status, Attach Time CloudWatch API: Read/Write Bytes, Ops, Disk Queue AWS EBS and RDS
Amazon AWS EC2 AWS EC2

Amazon

AWS Elastic Load Balancer (ELB)

AWS ELB

Amazon AWS Kinesis

AWS Kinesis

Amazon AWS Relational Database Storage (RDS) CloudWatch API: CPU, Connections, Memory, Swap, Read/Write Latency and Ops AWS EBS and RDS
Amazon Security Hub

AWS Security Hub
Amazon Simple Queue Service

AWS Simple Queue Service
Amazon AWS S3 (Simple Storage Service)

AWS S3 (Simple Storage Service)
Apache Tomcat Application Server JMX: Version JMX: CPU, memory, servlet, session, database, threadpool, request processor metrics Currently not natively supported - Custom parsing needed Currently not natively supported Apache Tomcat
Apache Apache Web server SNMP: Process name SNMP: process level cpu, memory HTTPS via the mod-status module: Apache level metrics Syslog: W3C formatted access logs - per HTTP(S) connection: Sent Bytes, Received Bytes, Connection Duration Currently not natively supported Apache Web Server
APC NetBotz Environmental Monitor SNMP: Host name, Hardware model, Network interfaces SNMP: Temperature, Relative Humidity, Airflow, Dew point, Current, Door switch sensor etc. SNMP Trap: Over 125 SNMP Trap event types parsed covering various environmental exception conditions Currently not natively supported APC Netbotz
APC UPS SNMP: Host name, Hardware model, Network interfaces SNMP: UPS metrics SNMP Trap: Over 49 SNMP Trap event types parsed covering various environmental exception conditions Currently not natively supported APC UPS
Apple MacOS Servers and Workstations

Apple MacOS Servers and Workstations

Arista Networks Routers and Switches SNMP: OS, Hardwar; SSH: configuration, running processes SNMP: CPU, Memory, Interface utilization, Hardware Status Syslog and NetFlow SSH: Running config, Startup config Arista Router and Switch

Aruba Networks

CX Switching Platform

Syslog: Audit logs, General Performance and Availability logs

ArubaOS-CX Switching Platform

Aruba Networks Aruba Wireless LAN SNMP: Controller OS, hardware, Access Points SNMP: Controller CPU, Memory, Interface utilization, Hardware Status SNMP: Access Point Wireless Channel utilization, noise metrics, user count SNMP Trap: Over 165 event types covering Authentication, Association, Rogue detection, Wireless IPS events Currently not natively supported Aruba WLAN
Avaya Call Manager SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status CDR: Call Records Currently not natively supported Avaya Call Manager
Avaya Session Manager SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status Currently not natively supported
Barracuda Networks Spam Firewall Application type discovery via LOG Currently not natively supported Syslog: Over 20 event types covering mail scanning and filtering activity Currently not natively supported Barracuda Spam

Barracuda Networks

Web Application Firewall

Syslog: System logs, Web Firewall logs, Access logs, Audit logs and Network Firewall logs

Barracuda Web Application Firewall

Bit9 Security platform Application type discovery via LOG Currently not natively supported Syslog: Over 259 event types covering various file monitoring activities Currently not natively supported Bit9 Security Platform
Blue Coat Security Gateway Versions v4.x and later SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Proxy performance metrics Syslog: Admin access to Security Gateway ; SFTP: Proxy traffic analysis Currently not natively supported Blue Coat Web Proxy
Box.com Cloud Storage Currently not natively supported Currently not natively supported Box.com API: File creation, deletion, modify, file sharing Currently not natively supported Box.com
Brocade SAN Switch SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization Currently not natively supported Currently not natively supported Brocade SAN Switch
Brocade ServerIron ADX switch SNMP: Host name, serial number, hardware SNMP: Uptime, CPU, Memory, Interface Utilization, Hardware status, Real Server Statistics Brocade ADX
Carbon Black Security platform Application type discovery via LOG Currently not natively supported Syslog: Over 259 event types covering various file monitoring activities Currently not natively supported Carbon Black Security Platform
CentOS / Other Linux distributions Linux SNMP: OS, Hardware, Software, Processes, Open Ports SSH: Hardware details, Linux distribution SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down SSH: Disk I/O, Paging Syslog: Situations covering Authentication Success/Failure, Privileged logons, User/Group Modification; SSH: File integrity monitoring, Command output monitoring, Target file monitoring; FortiSIEM LinuxFileMon Agent: File integrity monitoring SSH: File integrity monitoring, Target file monitoring; Agent: File integrity monitoring Linux Server
CentOS / Other Linux distributions DHCP Server Currently not natively supported Currently not natively supported Syslog: DHCP activity (Discover, Offer, Request, Release etc) - Used in Identity and Location Not Applicable Linux DHCP
Checkpoint FireWall-1 versions NG, FP1, FP2, FP3, AI R54, AI R55, R65, R70, R77, NGX,R75, R80 SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization LEA from SmartCenter or Log Server: Firewall Log, Audit trail, over 940 IPS Signatures LEA: Firewall Audit trail Check Point Provider-1 Firewall
Checkpoint GAIA Host name and Device type Over 9 event types
Checkpoint Provider-1 versions NG, FP1, FP2, FP3, AI R54, AI R55, R65, R70, R77, NGX, and R75 Currently not natively supported Currently not natively supported LEA: Firewall Log, Audit trail LEA: Firewall Audit trail Check Point Provider-1
Checkpoint VSX SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization LEA from SmartCenter or Log Server: Firewall Log, Audit trail LEA: Firewall Audit trail Check Point Provider-1
Citrix NetScaler Application Delivery Controller SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status, Application Firewall metrics Syslog: Over 465 event types covering admin activity, application firewall events, health events Currently not natively supported Citrix Netscaler
Citrix ICA SNMP: Process Utilization SNMP: Process Utilization; WMI: ICA Session metrics Currently not natively supported Currently not natively supported Citrix ICA
Cisco ASA Firewall (single and multi-context) version 7.x and later SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration SNMP: CPU, Memory, Interface utilization, Firewall Connections, Hardware Status Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity; NetFlow V9: Traffic log SSH: Running config, Startup config Cisco ASA
Cisco AMP

Cisco AMP for Endpoints API V1 - Previously Cisco AMP
Cisco FireAMP

Cisco AMP for Endpoints API V0 - Previously Cisco FireAMP Cloud
Cisco ASA firepower SFR Module SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration SNMP: CPU, Memory, Interface utilization, Firewall Connections, Hardware Status Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity; NetFlow V9: Traffic log SSH: Running config, Startup config Cisco ASA

Cisco

Firepower Threat Defense

Cisco FTD

Cisco CatOS based Switches SNMP: OS, Hardware (Serial Number, Image file, Interfaces, Components); SSH: configuration running process SNMP: CPU, Memory, Interface utilization, Hardware Status Syslog: Over 700 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, IPS activity NetFlow V5, V9: Traffic logs SSH: Running config, Startup config Cisco IOS
Cisco Duo Not natively supported - Custom Monitoring needed Via API Not natively supported - Custom Custom Configuration collection needed

Cisco Duo

Cisco PIX Firewall SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration SNMP: CPU, Memory, Interface utilization, Connections, Hardware Status Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity SSH: Running config, Startup config Cisco ASA
Cisco FWSM SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration SNMP: CPU, Memory, Interface utilization, Connections, Hardware Status Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity SSH: Running config, Startup config Cisco ASA
Cisco Identity Services Engine (ISE) Host name and Device type Cisco ISE
Cisco IOS based Routers and Switches SNMP: OS, Hardware; SSH: configuration, running process, Layer 2 connectivity SNMP: CPU, Memory, Interface utilization, Hardware Status; SNMP: IP SLA metrics; SNMP: BGP metrics, OSPF metrics; SNMP: Class based QoS metrics; SNMP: NBAR metrics Syslog: Over 200 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, IPS activity; NetFlow V5, V9: Traffic logs SSH: Running config, Startup config Cisco IOS
Cisco Nexus OS based Routers and Switches SNMP: OS, Hardware; SSH: configuration running process, Layer 2 connectivity SNMP: CPU, Memory, Interface utilization, Hardware Status; SNMP: IP SLA metrics, BGP metrics, OSPF metrics, NBAR metrics; SNMP: Class based QoS metrics Syslog: Over 3500 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, hardware status, software and hardware errors; NetFlow V5, V9: Traffic logs SSH: Running config, Startup config Cisco NX-OS
Cisco ONS SNMP: OS, Hardware SNMP Trap: Availability and Performance Alerts Cisco NX-OS
Cisco ACE Application Firewall SNMP: OS, Hardware
Cisco UCS Server UCS API: Hardware components - processors, chassis, blades, board, cpu, memory, storage, power supply unit, fan unit UCS API: Chassis Status, Memory Status, Processor Status, Power Supply status, Fan status Syslog: Over 500 event types parsed for situations covering hardware errors, internal software errors etc Currently not natively supported Cisco UCS
Cisco WLAN Controller and Access Points SNMP: OS, Hardware, Access Points SNMP: Controller CPU, Memory, Interface utilization, Hardware Status; SNMP: Access Point Wireless Channel utilization, noise metrics, user count SNMP Trap: Over 88 event types parsed for situations covering Authentication, Association, Rogue detection, Wireless IPS events Currently not natively supported Cisco Wireless LAN
Cisco Call Manager SNMP: OS, Hardware, VoIP Phones SNMP: Call manager CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage; SNMP: VoIP phone count, Gateway count, Media Device count, Voice mail server count and SIP Trunks count; SNMP: SIP Trunk Info, Gateway Status Info, H323 Device Info, Voice Mail Device Info, Media Device Info, Computer Telephony Integration (CTI) Device Info Syslog: Over 950 messages from Cisco Call Manager as well as Cisco Unified Real Time Monitoring Tool (RTMT); CDR Records, CMR Records: Call Source and Destination, Time, Call Quality metrics (MOS Score, Jitter, latency) Currently not natively supported Cisco Call Manager
Cisco Contact Center SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Contact Center
Cisco Presence Server SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Presence Server
Cisco Tandeberg Tele-presence Video Communication Server (VCS) SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Tandeberg Telepresence VCS
Cisco Tandeberg Tele-presence Multiple Control Unit (MCU) SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Telepresence MCU
Cisco Unity Connection SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Unity
Cisco IronPort Mail Gateway SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Syslog: Over 45 event types covering mail scanning and forwarding status Currently not natively supported Cisco IronPort Mail
Cisco IronPort Web Gateway SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change W3C Access log (Syslog): Over 9 event types covering web request handling status Currently not natively supported Cisco IronPort Web
Cisco Cisco Network IPS Appliances SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status SDEE: Over 8000 IPS signatures Currently not natively supported Cisco NIPS
Cisco Sourcefire 3D and Defense Center SNMP: OS, Hardware Sourcefire 3D and Defense Center
Cisco Cisco Firepower Management Center (FMC) - Previously FireSIGHT Console eStreamer SDK: Intrusion events, Malware events, File events, Discovery events, User activity events, Impact flag events Cisco Firepower Management Center (FMC) - Previously Cisco FireSIGHT
Cisco Cisco Security Agent SNMP or WMI: OS, Hardware SNMP or WMI: Process CPU and memory utilization SNMP Trap: Over 25 event types covering Host IPS behavioral signatures. Currently not natively supported Cisco CSA
Cisco Cisco Access Control Server (ACS) SNMP or WMI: OS, Hardware SNMP or WMI: Process CPU and memory utilization Syslog: Passed and Failed authentications, Admin accesses Currently not natively supported Cisco ACS
Cisco VPN 3000 SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization Syslog: Successful and Failed Admin Authentication, VPN Authentication, IPSec Phase 1 and Phase 2 association, VPN statistics Currently not natively supported Cisco VPN 3000
Cisco Meraki Cloud Controllers SNMP: OS, Hardware, Meraki devices reporting to the Cloud Controller SNMP: Uptime, Network Interface Utilization; SNMP Trap: Various availability scenarios Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Meraki Cloud Controller and Network Devices
Cisco Meraki Firewalls SNMP: OS, Hardware SNMP: Uptime, Network Interface Utilization Syslog: Firewall log analysis Currently not natively supported Cisco Meraki Cloud Controller and Network Devices
Cisco Meraki Routers/Switches SNMP: OS, Hardware SNMP: Uptime, Network Interface Utilization Currently not natively supported Cisco Meraki Cloud Controller and Network Devices
Cisco Meraki WLAN Access Points SNMP: OS, Hardware SNMP: Uptime, Network Interface Utilization Currently not natively supported Cisco Meraki Cloud Controller and Network Devices
Cisco MDS Storage Switch SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status Currently not natively supported - Custom parsing needed Currently not natively supported
Cisco Network Control Manager (NCM) Syslog: Network device software update, configuration analysis for compliance, admin login Cisco Network Compliance Manager
Cisco Stealthwatch Host name and Device type Not supported Not supported Cisco Stealthwatch
Cisco Umbrella DNS logs, Proxy logs, IP logs, Admin Audit logs Cisco Umbrella
Cisco Viptela Discovered Via LOG only Not natively supported - Custom monitoring needed Over 289 Events Types parsed Not natively supported - Custom configuration collection needed Cisco Viptela SDWAN Router
Cisco Wide Area Application Services (WAAS) SNMP: Host name, Version, Hardware model, Network interfaces SNMP: CPU, Memory, Interface utilization, Disk utilization, Process cpu/memory utilization Cisco WAAS
Claroty Continuous Threat Detection (CTD) Claroty Continuous Threat Detection (CTD)
CloudPassage Halo Host name and Device type Not supported Not supported CloudPassage Halo
Corero Smartwall Threat Defense System Corero Smartwall Threat Defense System
CradlePoint CradlePoint Discovered via LOG only Not natively supported. Custom monitoring needed 29 Event types covering Security Violations, Config Changes, Authentications and informational events Not currently supported. CradlePoint
CrowdStrike Falcon Host name and Device type Not supported Not supported CrowdStrike Falcon
Cybereason Cybereason

Cybereason

Cyberoam Cyberoam Discovered via LOG only Not natively supported. Custom monitoring needed. Event, Security, and Traffic logs Connection - permit and deny, system events, maleware events Cyberoam Firewall
Cylance Cylance Protect Endpoint Protection Syslog: Endpoint protection alerts Cylance Protect
Cyphort Cyphort Cortex Endpoint Protection Syslog: Endpoint protection alerts Cyphort Cortex
Cyxtera AppGate SDP Host name and Device type Not supported Not supported Cyxtera AppGate SDP
Damballa Failsafe Damballa Failsafe
Darktrace CyberIntelligence Platform Discovered via LOG only Not natively supported - Custom monitoring needed Over 40 Events Types parsed Not Natively Supported - Custom Configuration collection needed Darktrace CyberIntelligence Platform
Dell SonicWall Firewall SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Firewall session count Syslog: Firewall log analysis (over 1000 event types) Currently not natively supported Dell SonicWALL
Dell Force10 Router and Switch SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Interface Status, Hardware Status SSH: Running config, Startup config Dell Force10
Dell NSeries Router and Switch SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status SSH: Startup config Dell NSeries
Dell PowerConnect Router and Switch SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status SSH: Startup config Dell PowerConnect
Dell Dell Hardware on Intel-based Servers SNMP: Hardware SNMP: Hardware Status: Battery, Disk, Memory, Power supply, Temperature, Fan, Amperage, Voltage Currently not natively supported.
Dell Compellent Storage SNMP: OS, Hardware SNMP: Network Interface utilization, Volume utilization, Hardware Status (Power, Temperature, Fan) Currently not natively supported. Dell Compellent
Dell EqualLogic Storage SNMP: OS, Hardware (Network interfaces, Physical Disks, Components) SNMP: Uptime, Network Interface utilization; SNMP: Hardware status: Disk, Power supply, Temperature, Fan, RAID health; SNMP: Overall Disk health metrics: Total disk count, Active disk count, Failed disk count, Spare disk count; SNMP: Connection metrics: IOPS, Throughput; SNMP: Disk performance metrics: IOPS, Throughput; SNMP: Group level performance metrics: Storage, Snapshot Currently not natively supported. Dell EqualLogic

Digital Defense

Frontline Vulnerability Manager

Frontline API: Host name, Vulnerability name, Vulnerability CVE ID, Vulnerability score, and operating system in event.

Digital Defense Frontline Vulnerability Manager

Digital Guardian Code Green DLP LOG Discovery Currently not natively supported 1 broad event Type Currently not natively supported Digital Guardian Code Green DLP
Dragos Platform - Industrial control systems (ICS) and OT (operational technology) Dragos Platform
EMC Clariion Storage Naviseccli: Host name, Operating system version, Hardware model, Serial number, Network interfaces, Installed Software, Storage Controller Ports;
Naviseccli: Hardware components, RAID Groups and assigned disks, LUNs and LUN -> RAID Group mappings, Storage Groups and memberships
Naviseccli: Storage Processor utilization, Storage Port I/O, RAID Group I/O, LUN I/O, Host HBA Connectivity, Host HBA Unregistered Host, Hardware component health, Overall Disk health, Storage Pool Utilization Currently not natively supported. EMC Clariion
EMC VNX Storage Naviseccli: Host name, Operating system version, Hardware model, Serial number, Network interfaces, Installed Software, Storage Controller Ports
Naviseccli: Hardware components, RAID Groups and assigned disks, LUNs and LUN -> RAID Group mappings, Storage Groups and memberships
Naviseccli: Storage Processor utilization, Storage Port I/O, RAID Group I/O, LUN I/O, Host HBA Connectivity, Host HBA Unregistered Host, Hardware component health, Overall Disk health, Storage Pool Utilization EMC VNX
EMC Isilon Storage SNMP: Host name, Operating system, Hardware (Model, Serial number, Network interfaces, Physical Disks, Components) SNMP: Uptime, Network Interface metrics; SNMP: Hardware component health: Disk, Power supply, Temperature, Fan, Voltage; SNMP: Cluster membership change, Node health and performance (CPU, I/O), Cluster health and performance, Cluster Snapshot, Storage Quota metrics, Disk performance, Protocol performance 5 event types EMC Isilon
Epic SecuritySIEM Discovered via LOG only Not natively supported. Custom monitoring needed. Authentication Query, Client login Query Currently not natively supported Epic EMR/EHR System
ESET Nod32 Anti-virus Application type discovery via LOG Syslog (CEF format): Virus found/cleaned type of events ESET NOD32
FireEye Malware Protection System (MPS) Application type discovery via LOG Syslog (CEF format): Malware found/cleaned type of events FireEye MPS
FireEye HX Appliances for Endpoint protection Application type discovery via LOG Syslog (CEF format): Malware Acquisition, Containment type of events
F5 Networks Application Security Manager Discovery via LOG Syslog (CEF Format); Various application level attack scenarios - invalid directory access, SQL injections, cross site exploits F5 Application Security Manager
F5 Networks Local Traffic Manager SNMP: Host name, Operating system, Hardware (Model, Serial number, Network interfaces, Physical Disks), Installed Software, Running Software SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start SNMP Trap: Exception situations including hardware failures, certain security attacks, Policy violations etc; Syslog: Permitted and Denied Traffic F5 Networks Local Traffic Manager
F5 Networks Web Accelerator Discovery via LOG Syslog: Permitted Traffic F5 Networks Web Accelerator
Fortinet FortiNDR (Formerly FortiAI)

Fortinet FortiNDR (Formerly FortiAI)

Fortinet

FortiAnalyzer

Fortinet FortiAnalyzer

Fortinet FortiAP Access point – Name, OS, Interfaces, Controller (FortiGate) FortiAP CPU, Memory, Clients, Sent/Received traffic Wireless events via FortiGate FortiAP
Fortinet FortiAuthenticator Vendor, OS, Model Interface Stat, Authentication Stat Over 150 event types Currently not natively supported. Fortinet FortiAuthenticator
Fortinet FortiCASB

Fortinet FortiCASB
Fortinet FortiClient Discovered via LOG only Syslog: Traffic logs, Event logs Not supported FortiClient
Fortinet FortiDeceptor Discovered via LOG only Not natively supported. Custom monitoring needed. Authentication logs, Decoy activity Currently not natively supported. Fortinet FortiDeceptor
Fortinet FortiEDR Discovered via LOG only Not natively supported. Custom monitoring needed. System and security events (e.g. file blocked) Currently not natively supported Fortinet FortiEDR
Fortinet FortiGate firewalls SNMP: OS, Host name, Hardware (Serial Number, Interfaces, Components) SNMP: Uptime, CPU and Memory utilization, Network Interface metrics Syslog: Over 11000 Traffic and system logs; Netflow: traffic flow, Application flow SSH: Running config, Startup config Fortinet FortiGate
Fortinet FortiInsight FortiInsight
Fortinet FortiManager SNMP: Host name, Hardware model, Network interfaces, Operating system version SNMP: Uptime, CPU and Memory utilization, Network Interface metrics FortiManager
Fortinet FortiNAC Discovered via LOG only Not natively supported. Custom monitoring needed Administrative and User Admission Control events Currently not natively supported Fortinet FortiNAC
Fortinet FortiProxy

Fortinet FortiProxy
Fortinet FortiWLC SNMP - Controller – Name, OS, Serial Number, Interfaces, Associated Access Points – name, OS, Interfaces Controller – CPU, Memory, Disk, Throughput, QoS statistics, Station count Hardware/Software errors, failures, logons, license expiry, Access Point Association / Disassociation Not supported FortiWLC
Fortinet FortiTester Discovered Via LOG only Not natively supported - Custom monitoring needed CEF format: Over 14 Event types parsed Not natively supported - Custom configuration collection needed Fortinet FortiTester
Foundry Networks IronWare Router and Switch SNMP: OS, Hardware SSH: configuration, running process SNMP: Uptime, CPU, Memory, Interface utilization, Hardware Status Syslog: Over 6000 event types parsed for situations covering admin access, configuration change, interface up/down SSH: Running config, Startup config Foundry Networks IronWare
FreeBSD
GitHub.com GitHub Host name and Device type Not supported Not supported GitHub
GitLab API GitLab Host name and Device type Not supported Not supported GitLab API
GitLab CLI GitLab Host name and Device type Not supported Not supported GitLab CLI
Google Google Cloud Platform

Google Cloud Platform - Pub/Sub Integration
Google Google Workspace (Formerly G Suite and Google Apps)

Google Workspace (Formerly G Suite and Google Apps)

Green League WVSS Green League WVSS
Hillstone Networks Firewall Hillstone Firewall
Hirschmann Switches Host Name, OS SNMP – Uptime, CPU, Memory, Interface utilization, hardware Status, OSPF metrics Not natively supported - Custom parsing needed Not natively supported - Custom configuration collection needed Hirschmann SCADA Firfewalls and Switches
HP BladeSystem SNMP: Host name, Access IP, Hardware components SNMP: hardware status HP BladeSystem
HP HP-UX servers SNMP: OS, Hardware SNMP: Uptime, CPU, Memory, Network Interface, Disk space utilization, Network Interface Errors, Running Process Count, Running process CPU/memory utilization, Running process start/stop; SNMP: Installed Software change; SSH : Memory paging rate, Disk I/O utilization HP UX Server
HP HP Hardware on Intel-based Servers SNMP: hardware model, hardware serial, hardware components (fan, power supply, battery, raid, disk, memory) SNMP: hardware status SNMP Trap: Over 100 traps covering hardware issues
HP TippingPoint UnityOne IPS SNMP: OS, Hardware SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors Syslog: Over 4900 IPS alerts directly or via NMS TippingPoint IPS
HP ProCurve Switches and Routers SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors; SNMP: hardware status SSH: Running config, Startup config HP ProCurve
HP Value Series (19xx) Switches and Routers SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors SSH: Startup config HP Value Series (19xx) and HP 3Com (29xx) Switch
HP 3Com (29xx) Switches and Routers SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors SSH: Startup config HP Value Series (19xx) and HP 3Com (29xx) Switch
HP HP/3Com Comware Switches and Routers SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors; SNMP: hardware status Syslog: Over 6000 vent types parsed for situations covering admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup config HP/3Com ComWare
HPE Integrated Lights-Out (iLO)

HPE Integrated Lights-Out (iLO)
Huawei VRP Router and Switch SNMP: OS, Hardware; SSH: configuration, running process, Layer 2 connectivity SNMP: Uptime, CPU, Memory, Interface utilization, Hardware Status Syslog: Over 30 event types parsed for situations covering admin access, configuration change, interface up/down SSH: Running config, Startup config

HyTrust CloudControl LOG Discovery Currently not natively supported Over 70 event types Currently not natively supported HyTrust CloudControl
IBM Websphere Application Server SNMP or WMI: Running processes HTTP(S): Generic Information, Availability metrics, CPU / Memory metrics, Servlet metrics, Database pool metrics, Thread pool metrics, Application level metrics, EJB metrics IBM WebSphere
IBM DB2 Database Server SNMP or WMI: Running processes JDBC: Database Audit trail: Log on, Database level and Table level CREATE/DELETE/MODIFY operations IBM DB2
IBM ISS Proventia IPS Appliances SNMP Trap: IPS Alerts: Over 3500 event types IBM ISS Proventia
IBM AIX Servers SNMP: OS, Hardware, Installed Software, Running Processes, Open Ports; SSH: Hardware details SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down ; SSH: Disk I/O, Paging Syslog: General logs including Authentication Success/Failure, Privileged logons, User/Group Modification IBM AIX
IBM OS 400 Syslog via PowerTech Agent: Over 560 event types IBM OS400
Imperva Securesphere DB Monitoring Gateway Imperva Securesphere DB Monitoring Gateway
Imperva Securesphere Security Gateway Syslog in CEF format Imperva Securesphere Security Gateway
Imperva Securesphere Web App Firewall Imperva SecureSphere Web App Firewall

Indegy

Security Platform

Discovered via LOG only Not natively supported - Custom monitoring needed Over 14 Events Types parsed Not natively supported - Custom configuration collection needed Indegy Security Platform
Intel/McAfee McAfee Sidewinder Firewall SNMP: OS, Hardware, Installed Software, Running Processes SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start Syslog: Firewall logs McAfee Firewall Enterprise (Sidewinder)
Intel/McAfee McAfee ePO SNMP: Related process name and parameters SNMP: Process resource utilization SNMP Trap: Over 170 event types McAfee ePolicy Orchestrator (ePO)
Intel/McAfee Intrushield IPS SNMP: OS, Hardware SNMP: Hardware status Syslog: IPS Alerts McAfee IntruShield
Intel/McAfee Stonesoft IPS Syslog: IPS Alerts McAfee Stonesoft
Intel/McAfee Web Gateway Syslog: Web server log McAfee Web Gateway
Intel/McAfee Foundstone Vulnerability Scanner JDBC: Vulnerability data McAfee Foundstone Vulnerability Scanner
Infoblox DNS/DHCP Appliance SNMP: OS, Hardware, Installed Software, Running Processes ; SNMP: Zone transfer metrics, DNS Cluster Replication metrics, DNS Performance metrics, DHCP Performance metrics, DDNS Update metrics, DHCP subnet usage metrics ; SNMP: Hardware Status ; SNMP Trap: Hardware/Software Errors Syslog: DNS logs - name resolution activity - success and failures Infoblox DNS/DHCP
ISC Bind DNS Syslog: DNS logs - name resolution activity - success and failures ISC BIND DNS
Juniper JunOS Router/Switch SNMP: OS, Hardware; SSH: Configuration SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status ; Syslog: Over 1420 event types parsed for situations covering admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper Networks JunOS
Juniper SRX Firewalls SNMP: OS, Hardware SSH: Configuration SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status Syslog: Over 700 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper Networks JunOS
Juniper SSG Firewall SNMP: OS, Hardware ; SSH: Configuration SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status Syslog: Over 40 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper Networks SSG Firewall
Juniper ISG Firewall SNMP: OS, Hardware ; SSH: Configuration SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status Syslog: Over 40 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper Networks SSG Firewall
Juniper Steel-belted Radius Discovered via LOG Syslog - 4 event types covering admin access and AAA authentication Juniper Networks Steel-Belted Radius
Juniper Secure Access Gateway SNMP: OS, Hardware SNMP: CPU, Memory, Disk, Interface utilization Syslog - Over 30 event types parsed for situations covering VPN login, Admin access, Configuration Change Juniper Networks SSL VPN Gateway
Juniper Netscreen IDP Syslog - directly from Firewall or via NSM - Over 5500 IPS Alert types parsed Juniper Networks IDP Series
Juniper DDoS Secure Syslog - DDoS Alerts Juniper DDoS

KVM

KVM

Lantronix SLC Console Manager Syslog - Admin access, Updates, Commands run Lantronix SLC Console Manager
LastLine Syslog in CEF format LastLine
Liebert HVAC SNMP: Host Name, Hardware model SNMP: HVAC metrics: Temperature: current value, upper threshold, lower threshold, Relative Humidity: current value, upper threshold, lower threshold, System state etc Liebert HVAC
Liebert FPC SNMP: Host Name, Hardware model SNMP: Output voltage (X-N, Y-N, Z-N), Output current (X, Y. Z), Neutral Current, Ground current, Output power, Power Factor etc Liebert FPC
Liebert UPS SNMP: Host Name, Hardware model SNMP: UPS metrics: Remaining battery charge, Battery status, Time on battery, Estimated Seconds Remaining, Output voltage etc Liebert UPS
Malwarebytes Malwarebytes Breach Remediation Malwarebytes Breach Remediation
Malwarebytes Malwarebytes Endpoint Protection

Malwarebytes Endpoint Protection
McAfee Vormetric Data Security Manager LOG Discovery Currently not natively supported 1 broad event Type Currently not natively supported McAfee Vormetric Data Security Manager
Microsoft ASP.NET SNMP: Running Processes SNMP or WMI: Process level resource usage ; WMI: Request Execution Time, Request Wait Time, Current Requests, Disconnected Requests etc Microsoft ASP.NET
Microsoft Microsoft Advanced Threat Analytics (ATA) On Premise Platform

Microsoft Advanced Threat Analytics (ATA) On Premise Platform

Microsoft Microsoft Defender for Identity/Azure Advanced Threat Protection (ATP) Host name and Device type Not supported Not supported Microsoft Defender for Identity/Microsoft Azure ATP
Microsoft Azure Compute Microsoft Azure Compute
Microsoft Azure Event Hub Microsoft Azure Event Hub
Microsoft Cloud App Security Host name and Device type Not supported Not supported Microsoft Cloud App Security
Microsoft DHCP Server - 2003, 2008 SNMP: Running Processes WMI: DHCP metrics: request rate, release rate, decline rate, Duplicate Drop rate etc FortiSIEM Windows Agent (HTTPS): DHCP logs - release, renew etc; Snare Agent (syslog): DHCP logs - release, renew etc; Correlog Agent (syslog): DHCP logs - release, renew etc Microsoft DHCP (2003, 2008)
Microsoft DNS Server - 2003, 2008 SNMP: Running Processes WMI: DNS metrics: Requests received, Responses sent, WINS requests received, WINS responses sent, Recursive DNS queries received etc FortiSIEM Windows Agent (HTTPS): DNS logs - name resolution activity; Snare Agent (syslog): DNS logs - name resolution activity; Correlog Agent (syslog): DNS logs - name resolution activity Microsoft DNS (2003, 2008)
Microsoft Domain Controller / Active Directory - 2003, 2008, 2012 SNMP: Running Processes; LDAP: Users WMI: Active Directory metrics: Directory Search Rate, Read Rate, Write Rate, Browse Rate, LDAP search rate, LDAP Bind Rate etc; WMI: "dcdiag -e" command output - detect successful and failed domain controller diagnostic tests; WMI: "repadmin /replsummary" command output - Replication statistics; LDAP: Users with stale passwords, insecure password settings Microsoft Active Directory
Microsoft Exchange Server SNMP: Running Processes SNMP or WMI: Process level resource usage; WMI: Exchange performance metrics, Exchange error metrics, Exchange mailbox metrics, Exchange SMTP metrics, Exchange ESE Database, Exchange Database Instances, Exchange Mail Submission Metrics, Exchange Store Interface Metrics etc Exchange Tracker Logs via FSM Advanced Windows Agent Microsoft Exchange
Microsoft Hyper-V Hypervisor Powershell over winexe: Guest/Host CPU usage, Memory usage, Page fault, Disk Latency, Network usage ; Hyper-V
Microsoft IIS versions SNMP: Running Processes SNMP or WMI: Process level resource usage WMI: IIS metrics: Current Connections, Max Connections, Sent Files, Received Files etc FortiSIEM Windows Agent (HTTPS): W3C Access logs - Per instance Per Connection - Sent Bytes, Received Bytes, Duration ; Snare Agent (syslog): W3C Access logs; Correlog Agent (syslog): W3C Access logs Microsoft IIS for Windows 2000 and 2003; Microsoft IIS for Windows 2008
Microsoft Internet Authentication Server (IAS) SNMP: Running Processes SNMP or WMI: Process level resource usage FortiSIEM Windows Agent (HTTPS): AAA logs - successful and failed authentication ; Snare Agent (syslog): AAA logs - successful and failed authentication ; Correlog Agent (syslog): AAA logs - successful and failed authentication Microsoft Internet Authentication Server (IAS)
Microsoft Network Policy Server Discovered via LOG only. Not natively supported. Custom monitoring needed. AAA-based login events Currently not natively supported Microsoft Network Policy Server
Microsoft PPTP VPN Gateway FortiSIEM Windows Agent (HTTPS): VPN Access - successful and failed Snare Agent (syslog): VPN Access - successful and failed ; Correlog Agent (syslog): VPN Access - successful and failed Microsoft PPTP
Microsoft SharePoint Server SNMP: Running Processes SNMP or WMI: Process level resource usage LOGBinder Agent: SharePoint logs - Audit trail integrity, Access control changes, Document updates, List updates, Container object updates, Object changes, Object Import/Exports, Document views, Information Management Policy changes etc Microsoft SharePoint
Microsoft SQL Server - 2014, 2016, 2017, 2019 SNMP: Running Processes SNMP or WMI: Process resource usage; JDBC: General database info, Configuration Info, Backup Info,; JDBC: Per-instance like Buffer cache hit ratio, Log cache hit ratio etc; JDBC: per-instance, per-database Performance metrics Data file size, Log file used, Log growths etc; JDBC: Locking info, Blocking info JDBC: database error log; JDBC: Database audit trail Microsoft SQL Server
Microsoft Microsoft Defender for Endpoint/Windows Defender Advanced Threat Protection (ATP) Host name and Device type Not supported Not supported Microsoft Defender for Endpoint/Windows Defender ATP
Microsoft Windows 2000, Windows 2003, Windows 2008, Windows 2008 R2, Windows 2012, Windows 2012 R2 SNMP: OS, Hardware (for Dell and HP), Installed Software, Running Processes; WMI: OS, Hardware (for Dell and HP), BIOS, Installed Software, Running Processes, Services, Installed Patches SNMP: CPU, Memory, Disk, Interface utilization, Process utilization ; WMI: SNMP: CPU, Memory, Disk, Interface utilization, Detailed CPU/Memory usage, Detailed Process utilization WMI pulling: Security, System and Application logs; FortiSIEM Windows Agent (HTTPS): Security, System and Application logs, File Content change; Snare Agent (syslog): Security, System and Application logs; Correlog Agent (syslog): Security, System and Application logs SNMP: Installed Software Change; FortiSIEM Windows Agent: Installed Software Change, Registry Change; FortiSIEM Windows Agent: File Integrity Monitoring Microsoft Windows Servers
MobileIron Sentry and Connector Sentry Discovered Via LOG only Not natively supported - Custom monitoring needed Over 18 Events Types parsed Not natively supported - Custom configuration collection needed MobileIron Sentry
Motorola AirDefense Wireless IDS Syslog: Wireless IDS logs Motorola AirDefense
Motorola WiNG WLAN Access Point Syslog: All system logs: User authentication, Admin authentication, WLAN attacks, Wireless link health Motorola WLAN
Mikrotek Mikrotech Switches and Routers Host name, OS, Hardware model, Serial number, Components SNMP: Uptime CPU utilization, Network Interface metrics Mikrotek Router
NetApp DataONTAP NetApp DataONTAP
NetApp DataONTAP based Filers SNMP: Host name, OS, Hardware model, Serial number, Network interfaces, Logical volumes, Physical Disks SNMP: CPU utilization, Network Interface metrics, Logical Disk Volume utilization; SNMP: Hardware component health, Disk health ONTAP API: Detailed NFS V3/V4, ISCSI, FCP storage IO metrics, Detailed LUN metrics, Aggregate metrics, Volume metrics, Disk performance metrics SNMP Trap: Over 150 alerts - hardware and software alerts NetApp Filer
Nessus Vulnerability Scanner Nessus API: Vulnerability Scan results - Scan name, Host, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulnerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence, etc Nessus Vulnerability Scanner
Netwrix Auditor Not natively supported Not natively supported 2 Event Types parsed (via Windows Correlog Agent) Not natively supported Netwrix Auditor
NGINX Web Server SNMP: Application name SNMP: Application Resource Usage Syslog: W3C access logs: per HTTP(S) connection: Sent Bytes, Received Bytes, Connection Duration NGINX Web Server
Nimble NimbleOS Storage Host name, Operating system version, Hardware model, Serial number, Network interfaces, Physical Disks, Components SNMP: Uptime, Network Interface metrics, Storage Disk Utilization SNMP: Storage Performance metrics: Read rate (IOPS), Sequential Read Rate (IOPS), Write rate (IOPS), Sequential Write Rate (IOPS), Read latency, etc Nimble Storage
Nortel ERS Switches and Routers SNMP: Host name, OS, Hardware model, Serial number, Components SNMP: Uptime CPU/memory utilization, Network Interface metrics/errors, Hardware Status Nortel ERS and Passport Switch
Nortel Passport Switches and Routers SNMP: Host name, OS, Hardware model, Serial number, Components SNMP: Uptime CPU/memory utilization, Network Interface metrics/errors, Hardware Status Nortel ERS and Passport Switch

Nozomi

Central Management Control (CMC)

Nozomi Central Management Control
Nozomi Guardian No No Yes No Nozomi SCADAguardian
Nutanix Controller VM SNMP: Host name, OS, Hardware model, Serial number, Network interfaces, Physical Disks, Components SNMP: Uptime CPU/memory utilization, Network Interface metrics/errors, Disk Status, Cluster Status, Service Status, Storage Pool Info, Container Info Nutanix
Nutanix

Nutanix Prism

API Audit, Audit, Security Policy Hitlogs, and Flow Service Logs

Nutanix Prism
Okta.com SSO Okta API: Users Okta API: Over 90 event types covering user activity in Okta website Okta Configuration
One Identity Safeguard Not supported One Identity Safeguard
OpenLDAP OpenLDAP LDAP: Users
Oracle Cloud Access Security Broker (CASB) Oracle Cloud Access Security Broker
Oracle Cloud Infrastructure

Oracle Cloud Infrastructure
Oracle Enterprise Database Server - 10g, 11g, 12c, 18/19c, 21c SNMP or WMI: Process resource usage ; JDBC: Database performance metrics: Buffer cache hit ratio, Row cache hit ratio, Library cache hit ratio, Shared pool free ratio, Wait time ratio, Memory Sorts ratio etc ; JDBC: Database Table space information: able space name, table space type, table space usage, table space free space, table space next extent etc; JDBC: Database audit trail: Database logon, Database operations including CREATE/ALTER/DROP/TRUNCATE operations on tables, table spaces, databases, clusters, users, roles, views, table indices, triggers etc. Syslog: Listener log, Alert log, Audit Log Oracle Database
Oracle MySQL Server SNMP or WMI: Process resource usage JDBC: User Connections, Table Updates, table Selects, Table Inserts, Table Deletes, Temp Table Creates, Slow Queries etc; JDBC: Table space performance metrics: Table space name, table space type, Character set and Collation, table space usage, table space free space etc; JDBC: Database audit trail: Database log on, Database/Table CREATE/DELETE/MODIFY operations MySQL Server
Oracle WebLogic Application Server SNMP or WMI: Process resource usage JMX: Availability metrics, Memory metrics, Servlet metrics, Database metrics, Thread pool metrics, EJB metrics, Application level metrics Oracle WebLogic
Oracle Glassfish Application Server SNMP or WMI: Process resource usage JMX: Availability metrics, Memory metrics, Servlet metrics, Session metrics, Database metrics, Request processor metrics, Thread pool metrics, EJB metrics, Application level metrics, Connection metrics Oracle GlassFish Server
Oracle Sun SunOS and Solaris SNMP: OS, Hardware, Software, Processes, Open Ports ; SSH: Hardware details SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down ; SSH: Disk I/O, Paging Syslog: Situations covering Authentication Success/Failure, Privileged logons, User/Group Modification Sun Solaris Server
OTORIO RAM2 (Risk Assessment, Monitoring and Management)

OTORIO RAM2 (Risk Assessment, Monitoring and Management)

PacketFence Network Access Control Host name and Device type Not supported Not supported PacketFence Network Access Control
Palo Alto Networks Palo Alto Cortex XDR

Palo Alto Cortex XDR

Palo Alto Networks Palo Alto Traps Endpoint Security Manager LOG Discovery Currently not natively supported Over 80 event types Currently not natively supported Palo Alto Traps Endpoint Security Manager
Palo Alto Networks PAN-OS based Firewall SNMP: Host name, OS, Hardware, Network interfaces; SSH: Configuration SNMP: Uptime, CPU utilization, Network Interface metrics, Firewall connection count Syslog: Traffic log, Threat log (URL, Virus, Spyware, Vulnerability, File, Scan, Flood and data subtypes), config and system logs, wildfire logs SSH: Configuration Change Palo Alto Firewall
Proofpoint Proofpoint

Proofpoint
PulseSecure PulseSecure VPN Syslog: VPN events, Traffic events, Admin events PulseSecure
QNAP Turbo NAS QNAP Turbo NAS
Qualys QualysGuard Scanner Qualys QualysGuard Scanner
Qualys Vulnerability Scanner Qualys API: Vulnerability Scan results - Scan name, Host, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulnerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence etc Qualys Vulnerability Scanner
Qualys Web Application Firewall syslog (JSON formatted): web log analysis Qualys Web Application Firewall
Radware DefensePro LOG Discovery Currently not natively supported Over 120 event types Currently not natively supported Radware DefensePro
Rapid7 InsightVM (Platform Based Vulnerability Management) Host name and Device type Not supported Rapid7 InsightVM (Vulnerability Management On-Premises)
Rapid7 NeXpose Vulnerability Scanner (Vulnerability Management On-Premises) Rapid7 NeXpose API: Vulnerability Scan results - Scan name, Host, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulnerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence etc Rapid7 NeXpose Vulnerability Scanner (Platform Based Vulnerability Management)
Red Hat Linux SNMP: OS, Hardware, Software, Processes, Open Ports ; SSH: Hardware details, Linux distribution SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down ; SSH: Disk I/O, Paging Syslog: Situations covering Authentication Success/Failure, Privileged logons, User/Group Modification SSH: File integrity monitoring, Command output monitoring, Target file monitoring Agent: File integrity monitoring SSH: File integrity monitoring, Target file monitoring Agent: File integrity monitoring Linux Server
Red Hat JBoss Application Server SNMP: Process level CPU/Memory usage JMX: CPU metrics, Memory metrics, Servlet metrics, Database pool metrics, Thread pool metrics, Application level metrics, EJB metrics ; Red Hat JBoss
Red Hat DHCP Server SNMP: Process level CPU/Memory usage Syslog: DHCP address release/renew events Linux DHCP
Riverbed Steelhead WAN Accelerators SNMP: Host name, Software version, Hardware model, Network interfaces SNMP: Uptime, CPU / Memory / Network Interface / Disk space metrics, Process cpu/memory utilization; SNMP: Hardware Status SNMP: Bandwidth metrics: (Inbound/Outbound Optimized Bytes - LAN side, WAN side; Connection metrics: Optimized/Pass through / Half-open optimized connections etc); SNMP: Top Usage metrics: Top source, Top destination, Top Application, Top Talker; SNMP: Peer status: For every peer: State, Connection failures, Request timeouts, Max latency SNMP Trap: About 115 event types covering software errors, hardware errors, admin login, performance issues - cpu, memory, peer latency issues ; Netflow: Connection statistics Riverbed SteelHead WAN Accelerator
Ruckus Wireless LAN SNMP: Controller host name, Controller hardware model, Controller network interfaces, Associated WLAN Access Points SNMP: Controller Uptime, Controller Network Interface metrics, Controller WLAN Statistics, Access Point Statistics, SSID performance Stats Ruckus WLAN
SAP

SAP Enterprise Threat Detection (ETD)

SAP Enterprise Threat Detection (ETD)

Security Onion Zeek (Bro) Discovered via LOG only Not natively supported - Custom monitoring needed Syslog JSON format: 6 event types parsed Currently not natively supported Zeek (Bro) Installed on Security Onion
SentinelOne SentinelOne Discovered via LOG only Not natively supported. Custom monitoring needed. System and security events (e.g. file blocked) Currently not natively supported SentinelOne
Snort IPS SNMP: Process level CPU/Memory usage Syslog: Over 40K IPS Alerts DBC: Over 40K IPS Alerts - additional details including TCP/UDP/ICMP header and payload in the attack packet Snort IPS
Sophos Central Host name and Device type Not supported Not supported Sophos Central
Sophos Sophos Endpoint Security and Control SNMP Trap: Endpoint events including Malware found/deleted, DLP events Sophos Endpoint Security and Control
Squid Web Proxy SNMP: Process level CPU/Memory usage Syslog: W3C formatted access logs - per HTTP(S) connection: Sent Bytes, Received Bytes, Connection Duration Squid Web Proxy
SSH Com Security CryptoAuditor LOG Discovery Currently not natively supported Many event types Currently not natively supported SSH Com Security CryptoAuditor
Stormshield Network Security Not natively supported Not natively supported Firewall logs Not natively supported Stormshield Network Security
Symantec Symantec Endpoint Protection Syslog: Over 5000 event types covering end point protection events - malware/spyware/adware, malicious events Symantec Endpoint Protection
Tanium Connect Host name and Device type Not supported Not supported Tanium Connect
Tenable Tenable.io Host name and Device type Not supported Not supported Tenable.io
Tigera Calico Not natively supported Not natively supported Flow, Audit and DNS logs Not natively supported Tigera Calico
TrendMicro Deep Discovery Discovered via LOG only Not natively supportedCustom monitoring needed. Malicious file detection Currently not natively supported TrendMicro Deep Discovery
TrendMicro Deep Security Manager Syslog: Over 10 event types covering end point protection events Not supported
TrendMicro Interscan Web Filter LOG Discovery Currently not natively supported 15 event Types Currently not natively supported TrendMicro Interscan Web Filter
TrendMicro Intrusion Defense Firewall (IDF) Syslog: Over 10 event types covering end point firewall events Trend Micro IDF
TrendMicro Office scan SNMP Trap: Over 30 event types covering end point protection events - malware/spyware/adware, malicious events Trend Micro OfficeScan
Ubiquiti

Wireless LAN

Ubiquiti Wireless LAN

UserGate

UTM Firewall

UserGate UTM Firewall

Vasco DigiPass Syslog - Successful and Failed Authentications, Successful and Failed administrative logons Vasco DigiPass
VMware VMware ESX and VCenter VMWare SDK: Entire VMware hierarchy and dependencies - Data Center, Resource Pool, Cluster, ESX and VMs VMWare SDK: VM level: CPU, Memory, Disk, Network, VMware tool status VMWare SDK: ESX level: CPU, Memory, Disk, Network, Data store VMWare SDK: ESX level: Hardware Status VMWare SDK: Cluster level: CPU, Memory, Data store, Cluster Status VMWare SDK: Resource pool level: CPU, Memory VMWare SDK: Over 800 VCenter events covering account creation, VM creation, DRS events, hardware/software errors
VMware

NSX for vSphere

VMware NSX for vSphere

VMware vShield Syslog: Over 10 events covering permitted and denied connections, detected attacks
VMware VCloud Network and Security (vCNS) Manager Syslog: Over 10 events covering various activities
WatchGuard Firebox Firewall Syslog: Over 20 firewall event types WatchGuard Firebox Firewall
Websense Web Filter Syslog: Over 50 web filtering events and web traffic logs Websense Web Filter
YXLink Vulnerability Scanner YX Link Vulnerability Scanner
Zeek Network Security Monitor (Previously known as Bro)

Zeek Network Security Monitor (Previously known as Bro)
Zscaler

Zscaler Cloud Firewall

Zscaler Cloud Firewall

Zscaler

Zscaler Nanolog Streaming Service (NSS)

Zscaler Nanolog Streaming Service (NSS)

Supported Devices and Applications by Vendor

Supported Devices and Applications by Vendor

Vendor Model Discovery Overview Performance Monitoring Overview Log Analysis Overview Config Change Monitoring Details
AirTight Networks SpectraGuard Discovered via LOG only Not natively supported - Custom monitoring needed CEF format: Over 125 event types parsed covering various Wireless suspicious activities Currently not natively supported AirTight Networks SpectraGuard
Alcatel TiMOS Routers and Switches SNMP: OS, Hardware SNMP: CPU, memory, interface utilization, hardware status Not natively supported - Custom parsing needed Currently not natively supported Alcatel TiMOS and AOS Switch Configuration
Alcatel AOS Routers and Switches SNMP: OS, Hardware SNMP: CPU, memory, interface utilization, hardware status Not natively supported - Custom parsing needed Currently not natively supported Alcatel TiMOS and AOS Switch Configuration
Alert Logic Intrusion Detection and Prevention Systems (IPS) Host name and Device type Not supported Not supported Alert Logic IPS
Alert Logic Iris API Host name and Device type Not supported Not supported Alert Logic IRIS API
Alcide.io KAudit Not natively supported Not natively supported Kubernetes Audit logs Not natively supported Alcide io KAudit
Amazon AWS Servers AWS API: Server Name, Access IP, Instance ID, Image Type, Availability Zone CloudWatch API: System Metrics: CPU, Disk I/O, Network CloudTrail API: Over 325 event types parsed covering various AWS activities CloudTrail API: various administrative changes on AWS systems and users AWS CloudWatchAWS CloudTrail
Amazon AWS Elastic Block Storage (EBS) CloudWatch API: Volume ID, Status, Attach Time CloudWatch API: Read/Write Bytes, Ops, Disk Queue AWS EBS and RDS
Amazon AWS EC2 AWS EC2

Amazon

AWS Elastic Load Balancer (ELB)

AWS ELB

Amazon AWS Kinesis

AWS Kinesis

Amazon AWS Relational Database Storage (RDS) CloudWatch API: CPU, Connections, Memory, Swap, Read/Write Latency and Ops AWS EBS and RDS
Amazon Security Hub

AWS Security Hub
Amazon Simple Queue Service

AWS Simple Queue Service
Amazon AWS S3 (Simple Storage Service)

AWS S3 (Simple Storage Service)
Apache Tomcat Application Server JMX: Version JMX: CPU, memory, servlet, session, database, threadpool, request processor metrics Currently not natively supported - Custom parsing needed Currently not natively supported Apache Tomcat
Apache Apache Web server SNMP: Process name SNMP: process level cpu, memory HTTPS via the mod-status module: Apache level metrics Syslog: W3C formatted access logs - per HTTP(S) connection: Sent Bytes, Received Bytes, Connection Duration Currently not natively supported Apache Web Server
APC NetBotz Environmental Monitor SNMP: Host name, Hardware model, Network interfaces SNMP: Temperature, Relative Humidity, Airflow, Dew point, Current, Door switch sensor etc. SNMP Trap: Over 125 SNMP Trap event types parsed covering various environmental exception conditions Currently not natively supported APC Netbotz
APC UPS SNMP: Host name, Hardware model, Network interfaces SNMP: UPS metrics SNMP Trap: Over 49 SNMP Trap event types parsed covering various environmental exception conditions Currently not natively supported APC UPS
Apple MacOS Servers and Workstations

Apple MacOS Servers and Workstations

Arista Networks Routers and Switches SNMP: OS, Hardwar; SSH: configuration, running processes SNMP: CPU, Memory, Interface utilization, Hardware Status Syslog and NetFlow SSH: Running config, Startup config Arista Router and Switch

Aruba Networks

CX Switching Platform

Syslog: Audit logs, General Performance and Availability logs

ArubaOS-CX Switching Platform

Aruba Networks Aruba Wireless LAN SNMP: Controller OS, hardware, Access Points SNMP: Controller CPU, Memory, Interface utilization, Hardware Status SNMP: Access Point Wireless Channel utilization, noise metrics, user count SNMP Trap: Over 165 event types covering Authentication, Association, Rogue detection, Wireless IPS events Currently not natively supported Aruba WLAN
Avaya Call Manager SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status CDR: Call Records Currently not natively supported Avaya Call Manager
Avaya Session Manager SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status Currently not natively supported
Barracuda Networks Spam Firewall Application type discovery via LOG Currently not natively supported Syslog: Over 20 event types covering mail scanning and filtering activity Currently not natively supported Barracuda Spam

Barracuda Networks

Web Application Firewall

Syslog: System logs, Web Firewall logs, Access logs, Audit logs and Network Firewall logs

Barracuda Web Application Firewall

Bit9 Security platform Application type discovery via LOG Currently not natively supported Syslog: Over 259 event types covering various file monitoring activities Currently not natively supported Bit9 Security Platform
Blue Coat Security Gateway Versions v4.x and later SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Proxy performance metrics Syslog: Admin access to Security Gateway ; SFTP: Proxy traffic analysis Currently not natively supported Blue Coat Web Proxy
Box.com Cloud Storage Currently not natively supported Currently not natively supported Box.com API: File creation, deletion, modify, file sharing Currently not natively supported Box.com
Brocade SAN Switch SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization Currently not natively supported Currently not natively supported Brocade SAN Switch
Brocade ServerIron ADX switch SNMP: Host name, serial number, hardware SNMP: Uptime, CPU, Memory, Interface Utilization, Hardware status, Real Server Statistics Brocade ADX
Carbon Black Security platform Application type discovery via LOG Currently not natively supported Syslog: Over 259 event types covering various file monitoring activities Currently not natively supported Carbon Black Security Platform
CentOS / Other Linux distributions Linux SNMP: OS, Hardware, Software, Processes, Open Ports SSH: Hardware details, Linux distribution SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down SSH: Disk I/O, Paging Syslog: Situations covering Authentication Success/Failure, Privileged logons, User/Group Modification; SSH: File integrity monitoring, Command output monitoring, Target file monitoring; FortiSIEM LinuxFileMon Agent: File integrity monitoring SSH: File integrity monitoring, Target file monitoring; Agent: File integrity monitoring Linux Server
CentOS / Other Linux distributions DHCP Server Currently not natively supported Currently not natively supported Syslog: DHCP activity (Discover, Offer, Request, Release etc) - Used in Identity and Location Not Applicable Linux DHCP
Checkpoint FireWall-1 versions NG, FP1, FP2, FP3, AI R54, AI R55, R65, R70, R77, NGX,R75, R80 SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization LEA from SmartCenter or Log Server: Firewall Log, Audit trail, over 940 IPS Signatures LEA: Firewall Audit trail Check Point Provider-1 Firewall
Checkpoint GAIA Host name and Device type Over 9 event types
Checkpoint Provider-1 versions NG, FP1, FP2, FP3, AI R54, AI R55, R65, R70, R77, NGX, and R75 Currently not natively supported Currently not natively supported LEA: Firewall Log, Audit trail LEA: Firewall Audit trail Check Point Provider-1
Checkpoint VSX SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization LEA from SmartCenter or Log Server: Firewall Log, Audit trail LEA: Firewall Audit trail Check Point Provider-1
Citrix NetScaler Application Delivery Controller SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status, Application Firewall metrics Syslog: Over 465 event types covering admin activity, application firewall events, health events Currently not natively supported Citrix Netscaler
Citrix ICA SNMP: Process Utilization SNMP: Process Utilization; WMI: ICA Session metrics Currently not natively supported Currently not natively supported Citrix ICA
Cisco ASA Firewall (single and multi-context) version 7.x and later SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration SNMP: CPU, Memory, Interface utilization, Firewall Connections, Hardware Status Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity; NetFlow V9: Traffic log SSH: Running config, Startup config Cisco ASA
Cisco AMP

Cisco AMP for Endpoints API V1 - Previously Cisco AMP
Cisco FireAMP

Cisco AMP for Endpoints API V0 - Previously Cisco FireAMP Cloud
Cisco ASA firepower SFR Module SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration SNMP: CPU, Memory, Interface utilization, Firewall Connections, Hardware Status Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity; NetFlow V9: Traffic log SSH: Running config, Startup config Cisco ASA

Cisco

Firepower Threat Defense

Cisco FTD

Cisco CatOS based Switches SNMP: OS, Hardware (Serial Number, Image file, Interfaces, Components); SSH: configuration running process SNMP: CPU, Memory, Interface utilization, Hardware Status Syslog: Over 700 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, IPS activity NetFlow V5, V9: Traffic logs SSH: Running config, Startup config Cisco IOS
Cisco Duo Not natively supported - Custom Monitoring needed Via API Not natively supported - Custom Custom Configuration collection needed

Cisco Duo

Cisco PIX Firewall SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration SNMP: CPU, Memory, Interface utilization, Connections, Hardware Status Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity SSH: Running config, Startup config Cisco ASA
Cisco FWSM SNMP: OS, Hardware SSH: interface security level needed for parsing traffic logs, Configuration SNMP: CPU, Memory, Interface utilization, Connections, Hardware Status Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity SSH: Running config, Startup config Cisco ASA
Cisco Identity Services Engine (ISE) Host name and Device type Cisco ISE
Cisco IOS based Routers and Switches SNMP: OS, Hardware; SSH: configuration, running process, Layer 2 connectivity SNMP: CPU, Memory, Interface utilization, Hardware Status; SNMP: IP SLA metrics; SNMP: BGP metrics, OSPF metrics; SNMP: Class based QoS metrics; SNMP: NBAR metrics Syslog: Over 200 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, IPS activity; NetFlow V5, V9: Traffic logs SSH: Running config, Startup config Cisco IOS
Cisco Nexus OS based Routers and Switches SNMP: OS, Hardware; SSH: configuration running process, Layer 2 connectivity SNMP: CPU, Memory, Interface utilization, Hardware Status; SNMP: IP SLA metrics, BGP metrics, OSPF metrics, NBAR metrics; SNMP: Class based QoS metrics Syslog: Over 3500 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, hardware status, software and hardware errors; NetFlow V5, V9: Traffic logs SSH: Running config, Startup config Cisco NX-OS
Cisco ONS SNMP: OS, Hardware SNMP Trap: Availability and Performance Alerts Cisco NX-OS
Cisco ACE Application Firewall SNMP: OS, Hardware
Cisco UCS Server UCS API: Hardware components - processors, chassis, blades, board, cpu, memory, storage, power supply unit, fan unit UCS API: Chassis Status, Memory Status, Processor Status, Power Supply status, Fan status Syslog: Over 500 event types parsed for situations covering hardware errors, internal software errors etc Currently not natively supported Cisco UCS
Cisco WLAN Controller and Access Points SNMP: OS, Hardware, Access Points SNMP: Controller CPU, Memory, Interface utilization, Hardware Status; SNMP: Access Point Wireless Channel utilization, noise metrics, user count SNMP Trap: Over 88 event types parsed for situations covering Authentication, Association, Rogue detection, Wireless IPS events Currently not natively supported Cisco Wireless LAN
Cisco Call Manager SNMP: OS, Hardware, VoIP Phones SNMP: Call manager CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage; SNMP: VoIP phone count, Gateway count, Media Device count, Voice mail server count and SIP Trunks count; SNMP: SIP Trunk Info, Gateway Status Info, H323 Device Info, Voice Mail Device Info, Media Device Info, Computer Telephony Integration (CTI) Device Info Syslog: Over 950 messages from Cisco Call Manager as well as Cisco Unified Real Time Monitoring Tool (RTMT); CDR Records, CMR Records: Call Source and Destination, Time, Call Quality metrics (MOS Score, Jitter, latency) Currently not natively supported Cisco Call Manager
Cisco Contact Center SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Contact Center
Cisco Presence Server SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Presence Server
Cisco Tandeberg Tele-presence Video Communication Server (VCS) SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Tandeberg Telepresence VCS
Cisco Tandeberg Tele-presence Multiple Control Unit (MCU) SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Telepresence MCU
Cisco Unity Connection SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Unity
Cisco IronPort Mail Gateway SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change Syslog: Over 45 event types covering mail scanning and forwarding status Currently not natively supported Cisco IronPort Mail
Cisco IronPort Web Gateway SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process level resource usage, Install software change W3C Access log (Syslog): Over 9 event types covering web request handling status Currently not natively supported Cisco IronPort Web
Cisco Cisco Network IPS Appliances SNMP: OS, Hardware SNMP: CPU, Memory, Disk Interface utilization, Hardware Status SDEE: Over 8000 IPS signatures Currently not natively supported Cisco NIPS
Cisco Sourcefire 3D and Defense Center SNMP: OS, Hardware Sourcefire 3D and Defense Center
Cisco Cisco Firepower Management Center (FMC) - Previously FireSIGHT Console eStreamer SDK: Intrusion events, Malware events, File events, Discovery events, User activity events, Impact flag events Cisco Firepower Management Center (FMC) - Previously Cisco FireSIGHT
Cisco Cisco Security Agent SNMP or WMI: OS, Hardware SNMP or WMI: Process CPU and memory utilization SNMP Trap: Over 25 event types covering Host IPS behavioral signatures. Currently not natively supported Cisco CSA
Cisco Cisco Access Control Server (ACS) SNMP or WMI: OS, Hardware SNMP or WMI: Process CPU and memory utilization Syslog: Passed and Failed authentications, Admin accesses Currently not natively supported Cisco ACS
Cisco VPN 3000 SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization Syslog: Successful and Failed Admin Authentication, VPN Authentication, IPSec Phase 1 and Phase 2 association, VPN statistics Currently not natively supported Cisco VPN 3000
Cisco Meraki Cloud Controllers SNMP: OS, Hardware, Meraki devices reporting to the Cloud Controller SNMP: Uptime, Network Interface Utilization; SNMP Trap: Various availability scenarios Currently not natively supported - Custom parsing needed Currently not natively supported Cisco Meraki Cloud Controller and Network Devices
Cisco Meraki Firewalls SNMP: OS, Hardware SNMP: Uptime, Network Interface Utilization Syslog: Firewall log analysis Currently not natively supported Cisco Meraki Cloud Controller and Network Devices
Cisco Meraki Routers/Switches SNMP: OS, Hardware SNMP: Uptime, Network Interface Utilization Currently not natively supported Cisco Meraki Cloud Controller and Network Devices
Cisco Meraki WLAN Access Points SNMP: OS, Hardware SNMP: Uptime, Network Interface Utilization Currently not natively supported Cisco Meraki Cloud Controller and Network Devices
Cisco MDS Storage Switch SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status Currently not natively supported - Custom parsing needed Currently not natively supported
Cisco Network Control Manager (NCM) Syslog: Network device software update, configuration analysis for compliance, admin login Cisco Network Compliance Manager
Cisco Stealthwatch Host name and Device type Not supported Not supported Cisco Stealthwatch
Cisco Umbrella DNS logs, Proxy logs, IP logs, Admin Audit logs Cisco Umbrella
Cisco Viptela Discovered Via LOG only Not natively supported - Custom monitoring needed Over 289 Events Types parsed Not natively supported - Custom configuration collection needed Cisco Viptela SDWAN Router
Cisco Wide Area Application Services (WAAS) SNMP: Host name, Version, Hardware model, Network interfaces SNMP: CPU, Memory, Interface utilization, Disk utilization, Process cpu/memory utilization Cisco WAAS
Claroty Continuous Threat Detection (CTD) Claroty Continuous Threat Detection (CTD)
CloudPassage Halo Host name and Device type Not supported Not supported CloudPassage Halo
Corero Smartwall Threat Defense System Corero Smartwall Threat Defense System
CradlePoint CradlePoint Discovered via LOG only Not natively supported. Custom monitoring needed 29 Event types covering Security Violations, Config Changes, Authentications and informational events Not currently supported. CradlePoint
CrowdStrike Falcon Host name and Device type Not supported Not supported CrowdStrike Falcon
Cybereason Cybereason

Cybereason

Cyberoam Cyberoam Discovered via LOG only Not natively supported. Custom monitoring needed. Event, Security, and Traffic logs Connection - permit and deny, system events, maleware events Cyberoam Firewall
Cylance Cylance Protect Endpoint Protection Syslog: Endpoint protection alerts Cylance Protect
Cyphort Cyphort Cortex Endpoint Protection Syslog: Endpoint protection alerts Cyphort Cortex
Cyxtera AppGate SDP Host name and Device type Not supported Not supported Cyxtera AppGate SDP
Damballa Failsafe Damballa Failsafe
Darktrace CyberIntelligence Platform Discovered via LOG only Not natively supported - Custom monitoring needed Over 40 Events Types parsed Not Natively Supported - Custom Configuration collection needed Darktrace CyberIntelligence Platform
Dell SonicWall Firewall SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Firewall session count Syslog: Firewall log analysis (over 1000 event types) Currently not natively supported Dell SonicWALL
Dell Force10 Router and Switch SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Interface Status, Hardware Status SSH: Running config, Startup config Dell Force10
Dell NSeries Router and Switch SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status SSH: Startup config Dell NSeries
Dell PowerConnect Router and Switch SNMP: OS, Hardware SNMP: CPU, Memory, Interface utilization, Hardware Status SSH: Startup config Dell PowerConnect
Dell Dell Hardware on Intel-based Servers SNMP: Hardware SNMP: Hardware Status: Battery, Disk, Memory, Power supply, Temperature, Fan, Amperage, Voltage Currently not natively supported.
Dell Compellent Storage SNMP: OS, Hardware SNMP: Network Interface utilization, Volume utilization, Hardware Status (Power, Temperature, Fan) Currently not natively supported. Dell Compellent
Dell EqualLogic Storage SNMP: OS, Hardware (Network interfaces, Physical Disks, Components) SNMP: Uptime, Network Interface utilization; SNMP: Hardware status: Disk, Power supply, Temperature, Fan, RAID health; SNMP: Overall Disk health metrics: Total disk count, Active disk count, Failed disk count, Spare disk count; SNMP: Connection metrics: IOPS, Throughput; SNMP: Disk performance metrics: IOPS, Throughput; SNMP: Group level performance metrics: Storage, Snapshot Currently not natively supported. Dell EqualLogic

Digital Defense

Frontline Vulnerability Manager

Frontline API: Host name, Vulnerability name, Vulnerability CVE ID, Vulnerability score, and operating system in event.

Digital Defense Frontline Vulnerability Manager

Digital Guardian Code Green DLP LOG Discovery Currently not natively supported 1 broad event Type Currently not natively supported Digital Guardian Code Green DLP
Dragos Platform - Industrial control systems (ICS) and OT (operational technology) Dragos Platform
EMC Clariion Storage Naviseccli: Host name, Operating system version, Hardware model, Serial number, Network interfaces, Installed Software, Storage Controller Ports;
Naviseccli: Hardware components, RAID Groups and assigned disks, LUNs and LUN -> RAID Group mappings, Storage Groups and memberships
Naviseccli: Storage Processor utilization, Storage Port I/O, RAID Group I/O, LUN I/O, Host HBA Connectivity, Host HBA Unregistered Host, Hardware component health, Overall Disk health, Storage Pool Utilization Currently not natively supported. EMC Clariion
EMC VNX Storage Naviseccli: Host name, Operating system version, Hardware model, Serial number, Network interfaces, Installed Software, Storage Controller Ports
Naviseccli: Hardware components, RAID Groups and assigned disks, LUNs and LUN -> RAID Group mappings, Storage Groups and memberships
Naviseccli: Storage Processor utilization, Storage Port I/O, RAID Group I/O, LUN I/O, Host HBA Connectivity, Host HBA Unregistered Host, Hardware component health, Overall Disk health, Storage Pool Utilization EMC VNX
EMC Isilon Storage SNMP: Host name, Operating system, Hardware (Model, Serial number, Network interfaces, Physical Disks, Components) SNMP: Uptime, Network Interface metrics; SNMP: Hardware component health: Disk, Power supply, Temperature, Fan, Voltage; SNMP: Cluster membership change, Node health and performance (CPU, I/O), Cluster health and performance, Cluster Snapshot, Storage Quota metrics, Disk performance, Protocol performance 5 event types EMC Isilon
Epic SecuritySIEM Discovered via LOG only Not natively supported. Custom monitoring needed. Authentication Query, Client login Query Currently not natively supported Epic EMR/EHR System
ESET Nod32 Anti-virus Application type discovery via LOG Syslog (CEF format): Virus found/cleaned type of events ESET NOD32
FireEye Malware Protection System (MPS) Application type discovery via LOG Syslog (CEF format): Malware found/cleaned type of events FireEye MPS
FireEye HX Appliances for Endpoint protection Application type discovery via LOG Syslog (CEF format): Malware Acquisition, Containment type of events
F5 Networks Application Security Manager Discovery via LOG Syslog (CEF Format); Various application level attack scenarios - invalid directory access, SQL injections, cross site exploits F5 Application Security Manager
F5 Networks Local Traffic Manager SNMP: Host name, Operating system, Hardware (Model, Serial number, Network interfaces, Physical Disks), Installed Software, Running Software SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start SNMP Trap: Exception situations including hardware failures, certain security attacks, Policy violations etc; Syslog: Permitted and Denied Traffic F5 Networks Local Traffic Manager
F5 Networks Web Accelerator Discovery via LOG Syslog: Permitted Traffic F5 Networks Web Accelerator
Fortinet FortiNDR (Formerly FortiAI)

Fortinet FortiNDR (Formerly FortiAI)

Fortinet

FortiAnalyzer

Fortinet FortiAnalyzer

Fortinet FortiAP Access point – Name, OS, Interfaces, Controller (FortiGate) FortiAP CPU, Memory, Clients, Sent/Received traffic Wireless events via FortiGate FortiAP
Fortinet FortiAuthenticator Vendor, OS, Model Interface Stat, Authentication Stat Over 150 event types Currently not natively supported. Fortinet FortiAuthenticator
Fortinet FortiCASB

Fortinet FortiCASB
Fortinet FortiClient Discovered via LOG only Syslog: Traffic logs, Event logs Not supported FortiClient
Fortinet FortiDeceptor Discovered via LOG only Not natively supported. Custom monitoring needed. Authentication logs, Decoy activity Currently not natively supported. Fortinet FortiDeceptor
Fortinet FortiEDR Discovered via LOG only Not natively supported. Custom monitoring needed. System and security events (e.g. file blocked) Currently not natively supported Fortinet FortiEDR
Fortinet FortiGate firewalls SNMP: OS, Host name, Hardware (Serial Number, Interfaces, Components) SNMP: Uptime, CPU and Memory utilization, Network Interface metrics Syslog: Over 11000 Traffic and system logs; Netflow: traffic flow, Application flow SSH: Running config, Startup config Fortinet FortiGate
Fortinet FortiInsight FortiInsight
Fortinet FortiManager SNMP: Host name, Hardware model, Network interfaces, Operating system version SNMP: Uptime, CPU and Memory utilization, Network Interface metrics FortiManager
Fortinet FortiNAC Discovered via LOG only Not natively supported. Custom monitoring needed Administrative and User Admission Control events Currently not natively supported Fortinet FortiNAC
Fortinet FortiProxy

Fortinet FortiProxy
Fortinet FortiWLC SNMP - Controller – Name, OS, Serial Number, Interfaces, Associated Access Points – name, OS, Interfaces Controller – CPU, Memory, Disk, Throughput, QoS statistics, Station count Hardware/Software errors, failures, logons, license expiry, Access Point Association / Disassociation Not supported FortiWLC
Fortinet FortiTester Discovered Via LOG only Not natively supported - Custom monitoring needed CEF format: Over 14 Event types parsed Not natively supported - Custom configuration collection needed Fortinet FortiTester
Foundry Networks IronWare Router and Switch SNMP: OS, Hardware SSH: configuration, running process SNMP: Uptime, CPU, Memory, Interface utilization, Hardware Status Syslog: Over 6000 event types parsed for situations covering admin access, configuration change, interface up/down SSH: Running config, Startup config Foundry Networks IronWare
FreeBSD
GitHub.com GitHub Host name and Device type Not supported Not supported GitHub
GitLab API GitLab Host name and Device type Not supported Not supported GitLab API
GitLab CLI GitLab Host name and Device type Not supported Not supported GitLab CLI
Google Google Cloud Platform

Google Cloud Platform - Pub/Sub Integration
Google Google Workspace (Formerly G Suite and Google Apps)

Google Workspace (Formerly G Suite and Google Apps)

Green League WVSS Green League WVSS
Hillstone Networks Firewall Hillstone Firewall
Hirschmann Switches Host Name, OS SNMP – Uptime, CPU, Memory, Interface utilization, hardware Status, OSPF metrics Not natively supported - Custom parsing needed Not natively supported - Custom configuration collection needed Hirschmann SCADA Firfewalls and Switches
HP BladeSystem SNMP: Host name, Access IP, Hardware components SNMP: hardware status HP BladeSystem
HP HP-UX servers SNMP: OS, Hardware SNMP: Uptime, CPU, Memory, Network Interface, Disk space utilization, Network Interface Errors, Running Process Count, Running process CPU/memory utilization, Running process start/stop; SNMP: Installed Software change; SSH : Memory paging rate, Disk I/O utilization HP UX Server
HP HP Hardware on Intel-based Servers SNMP: hardware model, hardware serial, hardware components (fan, power supply, battery, raid, disk, memory) SNMP: hardware status SNMP Trap: Over 100 traps covering hardware issues
HP TippingPoint UnityOne IPS SNMP: OS, Hardware SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors Syslog: Over 4900 IPS alerts directly or via NMS TippingPoint IPS
HP ProCurve Switches and Routers SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors; SNMP: hardware status SSH: Running config, Startup config HP ProCurve
HP Value Series (19xx) Switches and Routers SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors SSH: Startup config HP Value Series (19xx) and HP 3Com (29xx) Switch
HP 3Com (29xx) Switches and Routers SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors SSH: Startup config HP Value Series (19xx) and HP 3Com (29xx) Switch
HP HP/3Com Comware Switches and Routers SNMP: OS, hardware model, hardware serial, hardware components; SSH: configuration SNMP: Uptime, CPU, Memory, Network Interface, Network Interface Errors; SNMP: hardware status Syslog: Over 6000 vent types parsed for situations covering admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup config HP/3Com ComWare
HPE Integrated Lights-Out (iLO)

HPE Integrated Lights-Out (iLO)
Huawei VRP Router and Switch SNMP: OS, Hardware; SSH: configuration, running process, Layer 2 connectivity SNMP: Uptime, CPU, Memory, Interface utilization, Hardware Status Syslog: Over 30 event types parsed for situations covering admin access, configuration change, interface up/down SSH: Running config, Startup config

HyTrust CloudControl LOG Discovery Currently not natively supported Over 70 event types Currently not natively supported HyTrust CloudControl
IBM Websphere Application Server SNMP or WMI: Running processes HTTP(S): Generic Information, Availability metrics, CPU / Memory metrics, Servlet metrics, Database pool metrics, Thread pool metrics, Application level metrics, EJB metrics IBM WebSphere
IBM DB2 Database Server SNMP or WMI: Running processes JDBC: Database Audit trail: Log on, Database level and Table level CREATE/DELETE/MODIFY operations IBM DB2
IBM ISS Proventia IPS Appliances SNMP Trap: IPS Alerts: Over 3500 event types IBM ISS Proventia
IBM AIX Servers SNMP: OS, Hardware, Installed Software, Running Processes, Open Ports; SSH: Hardware details SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down ; SSH: Disk I/O, Paging Syslog: General logs including Authentication Success/Failure, Privileged logons, User/Group Modification IBM AIX
IBM OS 400 Syslog via PowerTech Agent: Over 560 event types IBM OS400
Imperva Securesphere DB Monitoring Gateway Imperva Securesphere DB Monitoring Gateway
Imperva Securesphere Security Gateway Syslog in CEF format Imperva Securesphere Security Gateway
Imperva Securesphere Web App Firewall Imperva SecureSphere Web App Firewall

Indegy

Security Platform

Discovered via LOG only Not natively supported - Custom monitoring needed Over 14 Events Types parsed Not natively supported - Custom configuration collection needed Indegy Security Platform
Intel/McAfee McAfee Sidewinder Firewall SNMP: OS, Hardware, Installed Software, Running Processes SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start Syslog: Firewall logs McAfee Firewall Enterprise (Sidewinder)
Intel/McAfee McAfee ePO SNMP: Related process name and parameters SNMP: Process resource utilization SNMP Trap: Over 170 event types McAfee ePolicy Orchestrator (ePO)
Intel/McAfee Intrushield IPS SNMP: OS, Hardware SNMP: Hardware status Syslog: IPS Alerts McAfee IntruShield
Intel/McAfee Stonesoft IPS Syslog: IPS Alerts McAfee Stonesoft
Intel/McAfee Web Gateway Syslog: Web server log McAfee Web Gateway
Intel/McAfee Foundstone Vulnerability Scanner JDBC: Vulnerability data McAfee Foundstone Vulnerability Scanner
Infoblox DNS/DHCP Appliance SNMP: OS, Hardware, Installed Software, Running Processes ; SNMP: Zone transfer metrics, DNS Cluster Replication metrics, DNS Performance metrics, DHCP Performance metrics, DDNS Update metrics, DHCP subnet usage metrics ; SNMP: Hardware Status ; SNMP Trap: Hardware/Software Errors Syslog: DNS logs - name resolution activity - success and failures Infoblox DNS/DHCP
ISC Bind DNS Syslog: DNS logs - name resolution activity - success and failures ISC BIND DNS
Juniper JunOS Router/Switch SNMP: OS, Hardware; SSH: Configuration SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status ; Syslog: Over 1420 event types parsed for situations covering admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper Networks JunOS
Juniper SRX Firewalls SNMP: OS, Hardware SSH: Configuration SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status Syslog: Over 700 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper Networks JunOS
Juniper SSG Firewall SNMP: OS, Hardware ; SSH: Configuration SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status Syslog: Over 40 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper Networks SSG Firewall
Juniper ISG Firewall SNMP: OS, Hardware ; SSH: Configuration SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status Syslog: Over 40 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper Networks SSG Firewall
Juniper Steel-belted Radius Discovered via LOG Syslog - 4 event types covering admin access and AAA authentication Juniper Networks Steel-Belted Radius
Juniper Secure Access Gateway SNMP: OS, Hardware SNMP: CPU, Memory, Disk, Interface utilization Syslog - Over 30 event types parsed for situations covering VPN login, Admin access, Configuration Change Juniper Networks SSL VPN Gateway
Juniper Netscreen IDP Syslog - directly from Firewall or via NSM - Over 5500 IPS Alert types parsed Juniper Networks IDP Series
Juniper DDoS Secure Syslog - DDoS Alerts Juniper DDoS

KVM

KVM

Lantronix SLC Console Manager Syslog - Admin access, Updates, Commands run Lantronix SLC Console Manager
LastLine Syslog in CEF format LastLine
Liebert HVAC SNMP: Host Name, Hardware model SNMP: HVAC metrics: Temperature: current value, upper threshold, lower threshold, Relative Humidity: current value, upper threshold, lower threshold, System state etc Liebert HVAC
Liebert FPC SNMP: Host Name, Hardware model SNMP: Output voltage (X-N, Y-N, Z-N), Output current (X, Y. Z), Neutral Current, Ground current, Output power, Power Factor etc Liebert FPC
Liebert UPS SNMP: Host Name, Hardware model SNMP: UPS metrics: Remaining battery charge, Battery status, Time on battery, Estimated Seconds Remaining, Output voltage etc Liebert UPS
Malwarebytes Malwarebytes Breach Remediation Malwarebytes Breach Remediation
Malwarebytes Malwarebytes Endpoint Protection

Malwarebytes Endpoint Protection
McAfee Vormetric Data Security Manager LOG Discovery Currently not natively supported 1 broad event Type Currently not natively supported McAfee Vormetric Data Security Manager
Microsoft ASP.NET SNMP: Running Processes SNMP or WMI: Process level resource usage ; WMI: Request Execution Time, Request Wait Time, Current Requests, Disconnected Requests etc Microsoft ASP.NET
Microsoft Microsoft Advanced Threat Analytics (ATA) On Premise Platform

Microsoft Advanced Threat Analytics (ATA) On Premise Platform

Microsoft Microsoft Defender for Identity/Azure Advanced Threat Protection (ATP) Host name and Device type Not supported Not supported Microsoft Defender for Identity/Microsoft Azure ATP
Microsoft Azure Compute Microsoft Azure Compute
Microsoft Azure Event Hub Microsoft Azure Event Hub
Microsoft Cloud App Security Host name and Device type Not supported Not supported Microsoft Cloud App Security
Microsoft DHCP Server - 2003, 2008 SNMP: Running Processes WMI: DHCP metrics: request rate, release rate, decline rate, Duplicate Drop rate etc FortiSIEM Windows Agent (HTTPS): DHCP logs - release, renew etc; Snare Agent (syslog): DHCP logs - release, renew etc; Correlog Agent (syslog): DHCP logs - release, renew etc Microsoft DHCP (2003, 2008)
Microsoft DNS Server - 2003, 2008 SNMP: Running Processes WMI: DNS metrics: Requests received, Responses sent, WINS requests received, WINS responses sent, Recursive DNS queries received etc FortiSIEM Windows Agent (HTTPS): DNS logs - name resolution activity; Snare Agent (syslog): DNS logs - name resolution activity; Correlog Agent (syslog): DNS logs - name resolution activity Microsoft DNS (2003, 2008)
Microsoft Domain Controller / Active Directory - 2003, 2008, 2012 SNMP: Running Processes; LDAP: Users WMI: Active Directory metrics: Directory Search Rate, Read Rate, Write Rate, Browse Rate, LDAP search rate, LDAP Bind Rate etc; WMI: "dcdiag -e" command output - detect successful and failed domain controller diagnostic tests; WMI: "repadmin /replsummary" command output - Replication statistics; LDAP: Users with stale passwords, insecure password settings Microsoft Active Directory
Microsoft Exchange Server SNMP: Running Processes SNMP or WMI: Process level resource usage; WMI: Exchange performance metrics, Exchange error metrics, Exchange mailbox metrics, Exchange SMTP metrics, Exchange ESE Database, Exchange Database Instances, Exchange Mail Submission Metrics, Exchange Store Interface Metrics etc Exchange Tracker Logs via FSM Advanced Windows Agent Microsoft Exchange
Microsoft Hyper-V Hypervisor Powershell over winexe: Guest/Host CPU usage, Memory usage, Page fault, Disk Latency, Network usage ; Hyper-V
Microsoft IIS versions SNMP: Running Processes SNMP or WMI: Process level resource usage WMI: IIS metrics: Current Connections, Max Connections, Sent Files, Received Files etc FortiSIEM Windows Agent (HTTPS): W3C Access logs - Per instance Per Connection - Sent Bytes, Received Bytes, Duration ; Snare Agent (syslog): W3C Access logs; Correlog Agent (syslog): W3C Access logs Microsoft IIS for Windows 2000 and 2003; Microsoft IIS for Windows 2008
Microsoft Internet Authentication Server (IAS) SNMP: Running Processes SNMP or WMI: Process level resource usage FortiSIEM Windows Agent (HTTPS): AAA logs - successful and failed authentication ; Snare Agent (syslog): AAA logs - successful and failed authentication ; Correlog Agent (syslog): AAA logs - successful and failed authentication Microsoft Internet Authentication Server (IAS)
Microsoft Network Policy Server Discovered via LOG only. Not natively supported. Custom monitoring needed. AAA-based login events Currently not natively supported Microsoft Network Policy Server
Microsoft PPTP VPN Gateway FortiSIEM Windows Agent (HTTPS): VPN Access - successful and failed Snare Agent (syslog): VPN Access - successful and failed ; Correlog Agent (syslog): VPN Access - successful and failed Microsoft PPTP
Microsoft SharePoint Server SNMP: Running Processes SNMP or WMI: Process level resource usage LOGBinder Agent: SharePoint logs - Audit trail integrity, Access control changes, Document updates, List updates, Container object updates, Object changes, Object Import/Exports, Document views, Information Management Policy changes etc Microsoft SharePoint
Microsoft SQL Server - 2014, 2016, 2017, 2019 SNMP: Running Processes SNMP or WMI: Process resource usage; JDBC: General database info, Configuration Info, Backup Info,; JDBC: Per-instance like Buffer cache hit ratio, Log cache hit ratio etc; JDBC: per-instance, per-database Performance metrics Data file size, Log file used, Log growths etc; JDBC: Locking info, Blocking info JDBC: database error log; JDBC: Database audit trail Microsoft SQL Server
Microsoft Microsoft Defender for Endpoint/Windows Defender Advanced Threat Protection (ATP) Host name and Device type Not supported Not supported Microsoft Defender for Endpoint/Windows Defender ATP
Microsoft Windows 2000, Windows 2003, Windows 2008, Windows 2008 R2, Windows 2012, Windows 2012 R2 SNMP: OS, Hardware (for Dell and HP), Installed Software, Running Processes; WMI: OS, Hardware (for Dell and HP), BIOS, Installed Software, Running Processes, Services, Installed Patches SNMP: CPU, Memory, Disk, Interface utilization, Process utilization ; WMI: SNMP: CPU, Memory, Disk, Interface utilization, Detailed CPU/Memory usage, Detailed Process utilization WMI pulling: Security, System and Application logs; FortiSIEM Windows Agent (HTTPS): Security, System and Application logs, File Content change; Snare Agent (syslog): Security, System and Application logs; Correlog Agent (syslog): Security, System and Application logs SNMP: Installed Software Change; FortiSIEM Windows Agent: Installed Software Change, Registry Change; FortiSIEM Windows Agent: File Integrity Monitoring Microsoft Windows Servers
MobileIron Sentry and Connector Sentry Discovered Via LOG only Not natively supported - Custom monitoring needed Over 18 Events Types parsed Not natively supported - Custom configuration collection needed MobileIron Sentry
Motorola AirDefense Wireless IDS Syslog: Wireless IDS logs Motorola AirDefense
Motorola WiNG WLAN Access Point Syslog: All system logs: User authentication, Admin authentication, WLAN attacks, Wireless link health Motorola WLAN
Mikrotek Mikrotech Switches and Routers Host name, OS, Hardware model, Serial number, Components SNMP: Uptime CPU utilization, Network Interface metrics Mikrotek Router
NetApp DataONTAP NetApp DataONTAP
NetApp DataONTAP based Filers SNMP: Host name, OS, Hardware model, Serial number, Network interfaces, Logical volumes, Physical Disks SNMP: CPU utilization, Network Interface metrics, Logical Disk Volume utilization; SNMP: Hardware component health, Disk health ONTAP API: Detailed NFS V3/V4, ISCSI, FCP storage IO metrics, Detailed LUN metrics, Aggregate metrics, Volume metrics, Disk performance metrics SNMP Trap: Over 150 alerts - hardware and software alerts NetApp Filer
Nessus Vulnerability Scanner Nessus API: Vulnerability Scan results - Scan name, Host, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulnerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence, etc Nessus Vulnerability Scanner
Netwrix Auditor Not natively supported Not natively supported 2 Event Types parsed (via Windows Correlog Agent) Not natively supported Netwrix Auditor
NGINX Web Server SNMP: Application name SNMP: Application Resource Usage Syslog: W3C access logs: per HTTP(S) connection: Sent Bytes, Received Bytes, Connection Duration NGINX Web Server
Nimble NimbleOS Storage Host name, Operating system version, Hardware model, Serial number, Network interfaces, Physical Disks, Components SNMP: Uptime, Network Interface metrics, Storage Disk Utilization SNMP: Storage Performance metrics: Read rate (IOPS), Sequential Read Rate (IOPS), Write rate (IOPS), Sequential Write Rate (IOPS), Read latency, etc Nimble Storage
Nortel ERS Switches and Routers SNMP: Host name, OS, Hardware model, Serial number, Components SNMP: Uptime CPU/memory utilization, Network Interface metrics/errors, Hardware Status Nortel ERS and Passport Switch
Nortel Passport Switches and Routers SNMP: Host name, OS, Hardware model, Serial number, Components SNMP: Uptime CPU/memory utilization, Network Interface metrics/errors, Hardware Status Nortel ERS and Passport Switch

Nozomi

Central Management Control (CMC)

Nozomi Central Management Control
Nozomi Guardian No No Yes No Nozomi SCADAguardian
Nutanix Controller VM SNMP: Host name, OS, Hardware model, Serial number, Network interfaces, Physical Disks, Components SNMP: Uptime CPU/memory utilization, Network Interface metrics/errors, Disk Status, Cluster Status, Service Status, Storage Pool Info, Container Info Nutanix
Nutanix

Nutanix Prism

API Audit, Audit, Security Policy Hitlogs, and Flow Service Logs

Nutanix Prism
Okta.com SSO Okta API: Users Okta API: Over 90 event types covering user activity in Okta website Okta Configuration
One Identity Safeguard Not supported One Identity Safeguard
OpenLDAP OpenLDAP LDAP: Users
Oracle Cloud Access Security Broker (CASB) Oracle Cloud Access Security Broker
Oracle Cloud Infrastructure

Oracle Cloud Infrastructure
Oracle Enterprise Database Server - 10g, 11g, 12c, 18/19c, 21c SNMP or WMI: Process resource usage ; JDBC: Database performance metrics: Buffer cache hit ratio, Row cache hit ratio, Library cache hit ratio, Shared pool free ratio, Wait time ratio, Memory Sorts ratio etc ; JDBC: Database Table space information: able space name, table space type, table space usage, table space free space, table space next extent etc; JDBC: Database audit trail: Database logon, Database operations including CREATE/ALTER/DROP/TRUNCATE operations on tables, table spaces, databases, clusters, users, roles, views, table indices, triggers etc. Syslog: Listener log, Alert log, Audit Log Oracle Database
Oracle MySQL Server SNMP or WMI: Process resource usage JDBC: User Connections, Table Updates, table Selects, Table Inserts, Table Deletes, Temp Table Creates, Slow Queries etc; JDBC: Table space performance metrics: Table space name, table space type, Character set and Collation, table space usage, table space free space etc; JDBC: Database audit trail: Database log on, Database/Table CREATE/DELETE/MODIFY operations MySQL Server
Oracle WebLogic Application Server SNMP or WMI: Process resource usage JMX: Availability metrics, Memory metrics, Servlet metrics, Database metrics, Thread pool metrics, EJB metrics, Application level metrics Oracle WebLogic
Oracle Glassfish Application Server SNMP or WMI: Process resource usage JMX: Availability metrics, Memory metrics, Servlet metrics, Session metrics, Database metrics, Request processor metrics, Thread pool metrics, EJB metrics, Application level metrics, Connection metrics Oracle GlassFish Server
Oracle Sun SunOS and Solaris SNMP: OS, Hardware, Software, Processes, Open Ports ; SSH: Hardware details SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down ; SSH: Disk I/O, Paging Syslog: Situations covering Authentication Success/Failure, Privileged logons, User/Group Modification Sun Solaris Server
OTORIO RAM2 (Risk Assessment, Monitoring and Management)

OTORIO RAM2 (Risk Assessment, Monitoring and Management)

PacketFence Network Access Control Host name and Device type Not supported Not supported PacketFence Network Access Control
Palo Alto Networks Palo Alto Cortex XDR

Palo Alto Cortex XDR

Palo Alto Networks Palo Alto Traps Endpoint Security Manager LOG Discovery Currently not natively supported Over 80 event types Currently not natively supported Palo Alto Traps Endpoint Security Manager
Palo Alto Networks PAN-OS based Firewall SNMP: Host name, OS, Hardware, Network interfaces; SSH: Configuration SNMP: Uptime, CPU utilization, Network Interface metrics, Firewall connection count Syslog: Traffic log, Threat log (URL, Virus, Spyware, Vulnerability, File, Scan, Flood and data subtypes), config and system logs, wildfire logs SSH: Configuration Change Palo Alto Firewall
Proofpoint Proofpoint

Proofpoint
PulseSecure PulseSecure VPN Syslog: VPN events, Traffic events, Admin events PulseSecure
QNAP Turbo NAS QNAP Turbo NAS
Qualys QualysGuard Scanner Qualys QualysGuard Scanner
Qualys Vulnerability Scanner Qualys API: Vulnerability Scan results - Scan name, Host, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulnerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence etc Qualys Vulnerability Scanner
Qualys Web Application Firewall syslog (JSON formatted): web log analysis Qualys Web Application Firewall
Radware DefensePro LOG Discovery Currently not natively supported Over 120 event types Currently not natively supported Radware DefensePro
Rapid7 InsightVM (Platform Based Vulnerability Management) Host name and Device type Not supported Rapid7 InsightVM (Vulnerability Management On-Premises)
Rapid7 NeXpose Vulnerability Scanner (Vulnerability Management On-Premises) Rapid7 NeXpose API: Vulnerability Scan results - Scan name, Host, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulnerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence etc Rapid7 NeXpose Vulnerability Scanner (Platform Based Vulnerability Management)
Red Hat Linux SNMP: OS, Hardware, Software, Processes, Open Ports ; SSH: Hardware details, Linux distribution SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down ; SSH: Disk I/O, Paging Syslog: Situations covering Authentication Success/Failure, Privileged logons, User/Group Modification SSH: File integrity monitoring, Command output monitoring, Target file monitoring Agent: File integrity monitoring SSH: File integrity monitoring, Target file monitoring Agent: File integrity monitoring Linux Server
Red Hat JBoss Application Server SNMP: Process level CPU/Memory usage JMX: CPU metrics, Memory metrics, Servlet metrics, Database pool metrics, Thread pool metrics, Application level metrics, EJB metrics ; Red Hat JBoss
Red Hat DHCP Server SNMP: Process level CPU/Memory usage Syslog: DHCP address release/renew events Linux DHCP
Riverbed Steelhead WAN Accelerators SNMP: Host name, Software version, Hardware model, Network interfaces SNMP: Uptime, CPU / Memory / Network Interface / Disk space metrics, Process cpu/memory utilization; SNMP: Hardware Status SNMP: Bandwidth metrics: (Inbound/Outbound Optimized Bytes - LAN side, WAN side; Connection metrics: Optimized/Pass through / Half-open optimized connections etc); SNMP: Top Usage metrics: Top source, Top destination, Top Application, Top Talker; SNMP: Peer status: For every peer: State, Connection failures, Request timeouts, Max latency SNMP Trap: About 115 event types covering software errors, hardware errors, admin login, performance issues - cpu, memory, peer latency issues ; Netflow: Connection statistics Riverbed SteelHead WAN Accelerator
Ruckus Wireless LAN SNMP: Controller host name, Controller hardware model, Controller network interfaces, Associated WLAN Access Points SNMP: Controller Uptime, Controller Network Interface metrics, Controller WLAN Statistics, Access Point Statistics, SSID performance Stats Ruckus WLAN
SAP

SAP Enterprise Threat Detection (ETD)

SAP Enterprise Threat Detection (ETD)

Security Onion Zeek (Bro) Discovered via LOG only Not natively supported - Custom monitoring needed Syslog JSON format: 6 event types parsed Currently not natively supported Zeek (Bro) Installed on Security Onion
SentinelOne SentinelOne Discovered via LOG only Not natively supported. Custom monitoring needed. System and security events (e.g. file blocked) Currently not natively supported SentinelOne
Snort IPS SNMP: Process level CPU/Memory usage Syslog: Over 40K IPS Alerts DBC: Over 40K IPS Alerts - additional details including TCP/UDP/ICMP header and payload in the attack packet Snort IPS
Sophos Central Host name and Device type Not supported Not supported Sophos Central
Sophos Sophos Endpoint Security and Control SNMP Trap: Endpoint events including Malware found/deleted, DLP events Sophos Endpoint Security and Control
Squid Web Proxy SNMP: Process level CPU/Memory usage Syslog: W3C formatted access logs - per HTTP(S) connection: Sent Bytes, Received Bytes, Connection Duration Squid Web Proxy
SSH Com Security CryptoAuditor LOG Discovery Currently not natively supported Many event types Currently not natively supported SSH Com Security CryptoAuditor
Stormshield Network Security Not natively supported Not natively supported Firewall logs Not natively supported Stormshield Network Security
Symantec Symantec Endpoint Protection Syslog: Over 5000 event types covering end point protection events - malware/spyware/adware, malicious events Symantec Endpoint Protection
Tanium Connect Host name and Device type Not supported Not supported Tanium Connect
Tenable Tenable.io Host name and Device type Not supported Not supported Tenable.io
Tigera Calico Not natively supported Not natively supported Flow, Audit and DNS logs Not natively supported Tigera Calico
TrendMicro Deep Discovery Discovered via LOG only Not natively supportedCustom monitoring needed. Malicious file detection Currently not natively supported TrendMicro Deep Discovery
TrendMicro Deep Security Manager Syslog: Over 10 event types covering end point protection events Not supported
TrendMicro Interscan Web Filter LOG Discovery Currently not natively supported 15 event Types Currently not natively supported TrendMicro Interscan Web Filter
TrendMicro Intrusion Defense Firewall (IDF) Syslog: Over 10 event types covering end point firewall events Trend Micro IDF
TrendMicro Office scan SNMP Trap: Over 30 event types covering end point protection events - malware/spyware/adware, malicious events Trend Micro OfficeScan
Ubiquiti

Wireless LAN

Ubiquiti Wireless LAN

UserGate

UTM Firewall

UserGate UTM Firewall

Vasco DigiPass Syslog - Successful and Failed Authentications, Successful and Failed administrative logons Vasco DigiPass
VMware VMware ESX and VCenter VMWare SDK: Entire VMware hierarchy and dependencies - Data Center, Resource Pool, Cluster, ESX and VMs VMWare SDK: VM level: CPU, Memory, Disk, Network, VMware tool status VMWare SDK: ESX level: CPU, Memory, Disk, Network, Data store VMWare SDK: ESX level: Hardware Status VMWare SDK: Cluster level: CPU, Memory, Data store, Cluster Status VMWare SDK: Resource pool level: CPU, Memory VMWare SDK: Over 800 VCenter events covering account creation, VM creation, DRS events, hardware/software errors
VMware

NSX for vSphere

VMware NSX for vSphere

VMware vShield Syslog: Over 10 events covering permitted and denied connections, detected attacks
VMware VCloud Network and Security (vCNS) Manager Syslog: Over 10 events covering various activities
WatchGuard Firebox Firewall Syslog: Over 20 firewall event types WatchGuard Firebox Firewall
Websense Web Filter Syslog: Over 50 web filtering events and web traffic logs Websense Web Filter
YXLink Vulnerability Scanner YX Link Vulnerability Scanner
Zeek Network Security Monitor (Previously known as Bro)

Zeek Network Security Monitor (Previously known as Bro)
Zscaler

Zscaler Cloud Firewall

Zscaler Cloud Firewall

Zscaler

Zscaler Nanolog Streaming Service (NSS)

Zscaler Nanolog Streaming Service (NSS)