Third Party Integrations
Browse the vast catalog of parsers, rules, feeds and more that can enhance your experience with the NetWitness Platform.
Integration Articles Available
| Vendor & Product | Version | Collection Method | Device Class | Category |
|---|---|---|---|---|
| Menlo Security Event Source Configuration Guide | 4 | Plugin | Cloud | Log Collection |
| Microsoft Dynamic Host Configuration Protocol Server | 1 | File | Host.Application Servers | Log Collection |
| Trend Micro TippingPoint (formerly HP TippingPoint) | 2 | Syslog | Security.IDS | Log Collection |
| Trend Micro Server Protect | 2 | SNMP | Security.Antivirus | Log Collection |
| Trend Micro ScanMail | 2 | CEF; SNMP | Firewall | Log Collection |
| Trend Micro OSSEC | 2 | Syslog | Security.Intrusion | Log Collection |
| Trend Micro OfficeScan / Control Manager | 2 | Syslog, SNMP | Security.Antivirus | Log Collection |
| Trend Micro InterScan Messaging Security Suite | 4 | Syslog; File; SNMP | Firewall | Log Collection |
| Trend Micro InterScan Web Security | 2 | File, ODBC (3.1 only), Syslog (5.6, 6.x) | Host.Web Logs | Log Collection |
| Trend Micro Deep Security | 3 | Syslog | Advanced Threat Detection | Log Collection |
| Trend Micro Deep Discovery Analyzer | 2 | Syslog | Advanced Threat Detection | Log Collection |
| VMware vSphere Event Source Log Configuration Guide | 7 | Plugin | Cloud | |
| Fortinet Forticlient Endpoint Security | 7 | Syslog | Firewall | Log Collection |
| Microsoft SQL (JDBC) | 4 | Logstash | Database | Log Collection |
| Microsoft SQL | 2 | File and Windows Event Logs | Database | Log Collection |
| Test Third Party Integration Article | 3 | Packet | Analysis | Network TAP |
| Absolute Data and Device Security (DDS) - Implementation Guide | 5 | Syslog | Analysis | Log Collection |
| A10 Networks Thunder Series - Implementation Guide | 6 | SSL Decryption | Analysis | SSL Decrypt |
| A10 Networks Thunder Series - Solutions Brief | 8 | SSL Decryption | Analysis | SSL Decrypt |
| Linux (AlmaLinux) | 5 | Syslog | UNIX | Log Collection |
| Linux (Red Hat/RHEL) | 5 | Syslog | UNIX | Log Collection |
| Microsoft Azure NSG | 7 | Plugin | Cloud | Log Collection |
| ArcSight ESM | 5 | Other | ||
| Microsoft Windows Server Update Service | 5 | ODBC & Logstash | Configuration Management | Log Collection |
| Microsoft Windows DNS | 5 | Syslog, File | Windows Hosts | Log Collection |
| Microsoft URL Scan | 5 | File | Web Logs | Log Collection |
| Microsoft System Center Operations Manager | 5 | Windows | Configuration Management | Log Collection |
| Microsoft System Center Configuration Manager | 5 | Windows | Configuration Management | Log Collection |
| Microsoft SQL Server | 6 | |||
| Microsoft SQL Server | 6 | File, Windows | Database | Log Collection |
| Microsoft SharePoint Server | 5 | Windows | Storage | Log Collection |
| Microsoft Office 365 | 5 | |||
| Microsoft Office 365 | 5 | Plugin | Cloud | Log Collection |
| Microsoft Network Policy Server (NPS) | 5 | File, Windows | Access Control | Log Collection |
| Microsoft Network Access Protection | 5 | ODBC & Logstash | Access Control | Log Collection |
| Microsoft Internet Security and Acceleration (ISA) Server | 5 | File, Windows | Web Logs | Log Collection |
| Microsoft Internet Information Services (IIS) | 5 | File | Web Logs | Log Collection |
| Microsoft Forefront Unified Access Gateway | 5 | Syslog, ODBC | VPN | Log Collection |
| Microsoft Forefront Threat Management Gateway | 5 | File, ODBC | Firewall | Log Collection |
| Microsoft Forefront Endpoint Protection | 5 | Windows, ODBC & Logstash (for Forefront Client Security only) | Antivirus | Log Collection |
| Microsoft Exchange Server | 5 | File, Windows | Mail Servers | Log Collection |
| CyberX Platform 2.0 | 5 | Syslog | ICS | Log Collection |
| Microsoft Azure Monitor | 5 | Plugin | Cloud | Log Collection |
| Microsoft Audit Collection Services | 5 | ODBC & Logstash | Windows Hosts | Log Collection |
| Microsoft Azure Graph Event Source Log Configuration Guide | 6 | Plugin | ||
| Trend Micro TippingPoint (formerly HP TippingPoint) | 5 | Syslog | IDS | Log Collection |
| Trend Micro Server Protect | 5 | SNMP | Antivirus | Log Collection |
| Trend Micro ScanMail | 5 | SNMP | Application Firewall | Log Collection |
| Trend Micro OSSEC | 5 | Syslog | Intrusion | Log Collection |
| Trend Micro OfficeScan / Control Manager | 5 | Syslog, SNMP | Antivirus | Log Collection |
| Trend Micro InterScan Web Security | 5 | File,ODBC (3.1 only), Syslog (5.6, 6.x) | Web Logs | Log Collection |
| Trend Micro InterScan Messaging Security Suite | 5 | File, SNMP (for 7.1)Syslog (for 9.1) | Application Firewall | Log Collection |
| Trend Micro Deep Security Agent | 5 | Syslog | Application Firewall | Log Collection |
| Trend Micro Deep Discovery Analyser | 5 | Syslog | Advanced Threat Detection | Log Collection |
| Trend Micro Deep Security | 5 | Syslog | Application Firewall | Log Collection |
| Cylance Protect | 5 | Syslog | Antivirus | Log Collection |
| Citrix NetScaler | 5 | Syslog | Application Firewall | Log Collection |
| Juniper Networks NetScreen ScreenOS | 4 | Syslog | Firewall | Log Collection |
| Cisco ThreatGRID | 4 | Threat Intel | ||
| Radiator Radius Server | 4 | File | Access Control | Log Collection |
| Juniper Networks Wireless LAN Controller | 4 | Syslog | Wireless Devices | Log Collection |
| Kaspersky Anti-Virus | 4 | ODBC, File | Antivirus | Log Collection |
| Secdo Platform | 4 | Other | ||
| Extreme Networks Dragon IPS (formerly Enterasys Dragon) | 4 | SNMP | IDS | Log Collection |
| RSA Adaptive Authentication (OnPrem) | 4 | Syslog | Access Control | Log Collection |
| Cisco Aggregation Services Router | 4 | Syslog | Router | Log Collection |
| VMware View | 4 | File, ODBC, Syslog | Virtualization | Log Collection |
| VMware vCloud Director | 4 | Syslog | Configuration Management | Log Collection |
| Cisco Aironet AP (Wireless Access Point) | 4 | Syslog | Router | Log Collection |
| BeyondTrust PowerBroker Servers | 4 | Syslog | Access Control | Log Collection |
| RSA Adaptive Authentication (Hosted) | 4 | File | Access Control | Log Collection |
| Hewlett Packard OpenVMS | 4 | File | Midrange | Log Collection |
| Radware DDoS | 4 | Plugin | Cloud | Log Collection |
| Cisco Umbrella | 4 | Plugin | Cloud | Log Collection |
| Free BSD | 4 | Syslog | UNIX | Log Collection |
| Radware AppWall | 4 | Syslog | Application Firewall | Log Collection |
| BeyondTrust Powerbroker Endpoint Protection (formerly eEye Blink Endpoint Protection) | 4 | SNMP | Intrusion | Log Collection |
| Fox Technologies Server Control | 4 | |||
| Swimlane | 4 | Orchestration & Automation | ||
| Sybase ASE | 4 | ODBC | Database | Log Collection |
| VMware NSX | 4 | Syslog | Virtualization | Log Collection |
| Cisco ASA Security Services Module | 4 | SDEE | IDS | Log Collection |
| VMware ESX / ESXi | 4 | Plugin | Virtualization | Log Collection |
| Cisco Catalyst Switch | 4 | Syslog | Router | Log Collection |
| VMware vRealize Automation | 4 | ODBC | Virtualization | Log Collection |
| RSA Identity Governance & Lifecycle | 4 | Access Control | Log Collection | |
| Securaa | 4 | |||
| ServiceNow ITSM | 4 | Other | ||
| SECUDE Security Intelligence | 4 | File | Analysis | Log Collection |
| Salesforce | 4 | Plugin | Cloud | Log Collection |
| RSA SecurID Access Authentication Mgr | 4 | Syslog | Access Control | Log Collection |
| Juniper Networks NetScreen Firewall | 4 | Syslog | Firewall | Log Collection |
| Microdasys XML Security Gateway | 4 | File | Application Firewall | Log Collection |
| IBM Domino | 4 | SNMP | Mail Servers | Log Collection |
| MapR Converged Data Platform (part of Hewlett Packard Enterprise) | 4 | Other | ||
| CyberArk Account Security and Identity Management | 4 | Syslog | Access Control | Log Collection |
| OPSWAT MetaAccess Cloud | 4 | Plugin | Cloud | Log Collection |
| Juniper Networks Intrusion Detection and Prevention (IDP) | 4 | Syslog, File | IDP | Log Collection |
| CyberArk Privileged Threat Analytics | 4 | Syslog | Access Control | Log Collection |
| Nginx | 4 | Logstash | Web Logs | Log Collection |
| IPFIX | 4 | Logstash | Switch | Log Collection |
| Evidian Authentication Manager | 4 | ODBC | Access Control | Log Collection |
| Dell EMC Secure Remote Support (ESRS) | 4 | Syslog | Access Control | Log Collection |
| EMC Fabric OS | 4 | Syslog | Switch | Log Collection |
| Digital Guardian | 4 | Syslog | DLP | Log Collection |
| Forcepoint DLP (formerly Websense Data Security) | 4 | Syslog | DLP | Log Collection |
| Microsoft Windows (via WinRM) | 4 | Windows | Windows Hosts | Log Collection |
| Google Workspace (Formerly Google G Suite) | 4 | Plugin | Cloud | Log Collection |
| Barracuda Web Application Firewall | 4 | Syslog | Application Firewall | Log Collection |
| CryptoniteNXT | 4 | CEF | Log Collection | |
| Oracle Solaris (formerly Sun Solaris) | 4 | Syslog | UNIX | Log Collection |
| Exabeam Advanced Analytics | 4 | Syslog | Analysis | Log Collection |
| Sophos Enterprise Console | 4 | ODBC,SNMP | Antivirus | Log Collection |
| ThreatQuotient Threat Intelligence Platform | 4 | Threat Intel | ||
| Endgame | 4 | Syslog | System | Log Collection |
| Cisco Adaptive Security Appliance (ASA) | 4 | Syslog | Firewall | Log Collection |
| Dell EMC Celerra (also known as Dell EMC Control Station, Blades, DataMover, NSX) | 4 | SNMP | Storage | Log Collection |
| Gurucul Risk Analytics | 4 | Other | ||
| Cimcor CimTrak | 4 | Syslog | Intrusion | Log Collection |
| CiscoWorks LAN Management Solution | 4 | ODBC | Configuration Management | Log Collection |
| F5 Firepass SSL VPN | 4 | Syslog | VPN | Log Collection |
| Digital Guardian | 4 | |||
| McAfee Database Security | 4 | Syslog | Application Firewall | Log Collection |
| RSA NetWitness Platform Malware Analysis | 4 | Syslog | Antivirus | Log Collection |
| Motorola AirDefense Enterprise Console | 4 | Syslog | Wireless Devices | Log Collection |
| McAfee Network Security Platform | 4 | Syslog, ODBC (for version 5.1) | IDS | Log Collection |
| Palo Alto Enterprise Firewall | 4 | Syslog | Firewall | Log Collection |
| RSA NetWitness Endpoint (formerly ECAT) | 4 | Syslog | Antivirus | Log Collection |
| CyberSponse CyOps | 4 | Orchestration & Automation | ||
| Array Networks SPX Series Universal Access Controllers | 4 | Syslog | VPN | Log Collection |
| VMware vRealize Operations Manager | 4 | SNMP, Syslog | Virtualization | Log Collection |
| Symantec Zero Trust Network Access (ZTNA) | 4 | Plugin | Host.Cloud | Log Collection |
| Arbor Networks Peakflow X | 4 | Syslog | IPS | Log Collection |
| F5 SSL Orchestrator | 4 | SSL Decrypt | ||
| BeyondTrust PowerBroker Servers | 4 | |||
| Citrix Access Gateway | 4 | Syslog, File | VPN | Log Collection |
| Kaspersky Threat Intelligence Portal | 4 | Threat Intel | ||
| IBM Guardium SQL Guard | 4 | Syslog | Firewall | Log Collection |
| Acalvio ShadowPlex | 4 | Syslog | Advanced Threat Detection | Log Collection |
| CyberArk Account Security and Identity Management | 4 | |||
| Netskope | 4 | Plugin | Cloud | Log Collection |
| Kubernetes | 4 | Logstash | Configuration Management | Log Collection |
| McAfee VirusScan Enterprise | 4 | ODBC & Logstash | Antivirus | Log Collection |
| Pivotal HD | 4 | Other | ||
| cPacket Networks CVU Family | 4 | Network TAP | ||
| RSA Archer Suite | 4 | ODBC | Application Servers | Log Collection |
| ALTOR (A Juniper Networks Company) Security Suite | 4 | Syslog | Firewall | Log Collection |
| Bayshore Networks SingleKey | 4 | Syslog | Analysis | Log Collection |
| Carbon Black Cb Response | 4 | Syslog | System | Log Collection |
| Cisco Nexus | 4 | Syslog | Switch | Log Collection |
| Amazon AWS Cloudwatch | 4 | Plugin | Cloud | Log Collection |
| Amazon AWS AppFabric | 4 | Plugin | Cloud | Log Collection |
| BluVector Cortex | 4 | Syslog | Analysis | Log Collection |
| Radware DefensePro | 4 | Syslog, SNMP | IPS | Log Collection |
| Symantec Data Center Security | 4 | JDBC/Logstash | Security IDS | Log Collection |
| RSA Data Protection Manager (formerly RSA Key Manager) | 4 | Syslog | Access Control | Log Collection |
| LANDesk Management Suite | 4 | ODBC | Configuration Management | Log Collection |
| Siemplify ThreatNexus | 4 | Orchestration & Automation | ||
| Cisco Secure Access Control Server (ACS) | 4 | Syslog | Access Control | Log Collection |
| Cisco 3300 Series Mobility Services Engine | 4 | Syslog | Wireless Devices | Log Collection |
| Safestone DetectIT | 4 | Syslog | Analysis | Log Collection |
| Symantec Data Center Security | 4 | ODBC | Security.IDS | Log Collection |
| Cisco Prime Infrastructure & Wireless Control System | 4 | Configuration Management | Log Collection | |
| Symantec DLP (part of Broadcom Inc.) | 4 | Syslog | DLP | Log Collection |
| CA ACF2 (formerly IBM Mainframe ACF2) | 4 | |||
| Cloudera Navigator | 4 | Syslog | Access Control | Log Collection |
| Infoblox NIOS | 4 | Syslog | System | Log Collection |
| Cisco IronPort Email Security Appliance | 4 | File, Syslog | Application Firewall | Log Collection |
| Juniper Networks NetScreen-Security Manager | 4 | Syslog, File | Configuration Management | Log Collection |
| ALTOR (A Juniper Networks Company) Security Suite | 4 | Syslog | Firewall | Log Collection |
| IBM WebSphere DataPower | 4 | Syslog | System | Log Collection |
| Barracuda Spam Firewall | 4 | Syslog | Antivirus | Log Collection |
| McAfee Security for Microsoft Exchange | 4 | ODBC | Antivirus | Log Collection |
| Entrust Identity Guard | 4 | Syslog | Access Control | Log Collection |
| CorreLog, Inc. SIEM Agent for IBM z/OS (part of BMC Software, Inc.) | 4 | Syslog | Mainframe | Log Collection |
| Cisco Network Admission Control (NAC) | 4 | Syslog | Access Control | Log Collection |
| Dell EMC Symmetrix Solutions Enabler | 4 | Syslog, File | Storage | Log Collection |
| Universal REST API | 4 | Plugin | Cloud | Log Collection |
| Microsoft Windows (Legacy) | 4 | Windows Legacy | Windows Hosts | Log Collection |
| Brocade FastIron Switch | 4 | Syslog | Switch | Log Collection |
| Dell EMC VPLEX | 4 | File | Storage | Log Collection |
| Git | 4 | File | CMS | Log Collection |
| Dell iDRAC | 4 | SNMP, Syslog | Access Control | Log Collection |
| CoreTrace Bouncer | 4 | |||
| Trellix ePolicy Orchestrator (formerly McAfee ePolicy Orchestrator) | 4 | ODBC, Syslog | Antivirus | Log Collection |
| Palo Alto Enterprise Firewall | 4 | SSL Decrypt | ||
| Dell EMC Voyence | 4 | SNMP | Access Control | Log Collection |
| Trellix ePolicy Orchestrator | 4 | JDBC/ Logstash | Security | Log Collection |
| Cyberoam UTM | 4 | Syslog | Firewall | Log Collection |
| Fortinet FortiGate | 4 | Syslog | Firewall | Log Collection |
| Oracle iPlanet Web Server | 4 | File | Web Logs | Log Collection |
| CoreTrace Bouncer | 4 | Syslog | Application Firewall | Log Collection |
| Fortinet FortiMail | 4 | Syslog | Application Firewall | Log Collection |
| Dell EMC VNX (formerly Clariion Navisphere) | 4 | SNMP | Storage | Log Collection |
| Akamai Kona Site Defender | 4 | Syslog | Application Firewall | Log Collection |
| Microsoft Windows (via Adiscon Event Reporter, Intersect Alliance SNARE) | 4 | Syslog | Windows Hosts | Log Collection |
| FireEye Web Malware Protection System | 4 | Syslog | Malware | Log Collection |
| Pulse Connect Secure (formerly Juniper SSL VPN) | 4 | Syslog | VPN | Log Collection |
| HelpSystems PowerTech Interact | 4 | Syslog | Analysis | Log Collection |
| IBM Mainframe ICSF | 4 | File | Mainframe | Log Collection |
| Interface Masters Niagara 4272 | 4 | Network TAP | ||
| DFLabs IncMan | 4 | Orchestration & Automation | ||
| IBM Mainframe IPSec | 4 | File | Mainframe | Log Collection |
| IBM Mainframe IMS | 4 | File | Mainframe | Log Collection |
| Gigamon SSL Solution | 4 | SSL Decrypt | ||
| Amazon S3 Universal Connector | 4 | Plugin | Cloud | Log Collection |
| Safend Protector | 4 | Syslog | Configuration Management | Log Collection |
| SonicWall E-Class SRA / Aventail SSL VPN | 4 | Syslog, File | VPN | Log Collection |
| AirTight Networks SpectraGuard Enterprise | 4 | Syslog | IPS | Log Collection |
| AirTight Networks SpectraGuard Enterprise | 4 | Syslog | IPS | Log Collection |
| Arbor Networks Peakflow SP5 | 4 | Syslog | IPS | Log Collection |
| Radiflow iSID | 4 | Syslog | ICS | Log Collection |
| PAS Global ICS | 4 | |||
| Nominum Vantio (part of Akamai) | 4 | Syslog | Application Servers | Log Collection |
| Avecto Privilege Guard | 4 | Windows | Access Control | Log Collection |
| Dell EMC Avamar | 4 | ODBC, Syslog | Storage | Log Collection |
| CA ACF2 (formerly IBM Mainframe ACF2) | 4 | FIle | Mainframe | Log Collection |
| AirMagnet Enterprise | 4 | Syslog | Wireless Devices | Log Collection |
| Cisco Secure IDS or IPS | 4 | SDEE | IDS | Log Collection |
| F-Secure | 4 | Syslog, Windows | Antivirus | Log Collection |
| HelpSystems PowerTech Interact | 4 | |||
| Microsoft Windows (via NetWitness Endpoint) | 4 | Syslog (via Agent) | Windows Hosts | Log Collection |
| Symantec Web Security Services (part of Broadcom Inc.) | 4 | Plugin | Host.Cloud | Log Collection |
| Custom JDBC | 4 | Logstash | Database | Log Collection |
| Extreme Networks Switch (formerly Enterasys Switch | 4 | Syslog | Switch | Log Collection |
| GlobalSCAPE Enhanced File Transfer (EFT) Server | 4 | File | Web Logs | Log Collection |
| Hewlett Packard Integrity NonStop Server | 4 | Syslog | Analysis | Log Collection |
| Blue Coat Systems Inc. Director (part of Broadcom Inc.) | 4 | Syslog | Configuration Management | Log Collection |
| Linux (Novell SuSE) | 4 | Syslog | UNIX | Log Collection |
| DataSunrise Database Security Suite | 4 | Syslog | Analysis | Log Collection |
| VMware Workspace ONE UEM | 4 | Syslog | Configuration Management | Log Collection |
| Oracle Database Vault | 4 | ODBC, Logstash | Access Control | Log Collection |
| Interface Masters Niagara 2299 | 4 | Network TAP | ||
| Juniper Steel-Belted Radius | 4 | File | Access Control | Log Collection |
| IBM DB2 Universal Database | 4 | File, ODBC | Database | Log Collection |
| Trustwave DbProtect (formerly Application Security; part of Singtel) | 4 | ODBC | Database | Log Collection |
| Linux (Debian GNU) | 4 | Syslog | UNIX | Log Collection |
| Kernel Based Virtual Machine (KVM) | 4 | File | Virtualization | Log Collection |
| Cofense Intelligence (formerly PhishMe) | 4 | Threat Intel | ||
| PostgreSQL | 4 | Syslog | Database | Log Collection |
| STEALTHbits StealthINTERCEPT | 4 | Syslog | Access Control | Log Collection |
| Oracle Solaris Basic Security Model (BSM) | 4 | Syslog, File | UNIX | Log Collection |
| AttackIQ Platform | 4 | Analysis | Log Collection | |
| Palo Alto Prisma Access | 4 | Syslog | Cloud | Log Collection |
| Oracle MySQL Enterprise | 4 | SNMP | Database | Log Collection |
| Symantec DeepSight Intelligence (part of Broadcom Inc.) | 4 | Threat Intel | ||
| Symantec Endpoint Protection (part of Broadcom Inc.) | 4 | Sylog, ODBC, SNMP | Antivirus | Log Collection |
| Tenable Nessus | 4 | |||
| ESET Remote Administrator | 4 | |||
| SSH Communications Security CryptoAuditor | 4 | SSL Decrypt | ||
| Network Critical SmartNAx Series | 4 | Network TAP | ||
| Cimcor CimTrak | 4 | |||
| BigFix Enterprise Suite | 4 | JDBC/Logstash | Configuration Management | Log Collection |
| Check Point Security Suite (IPS-1) | 4 | Check Point, Syslog | Firewall | Log Collection |
| BigFix Enterprise Suite | 4 | ODBC | Configuration Management | Log Collection |
| CA Top Secret | 4 | File | Mainframe | Log Collection |
| Huawei VRP | 4 | Syslog | Router | Log Collection |
| Check Point GAiA | 4 | Syslog | UNIX | Log Collection |
| Nozomi Networks | 4 | Syslog | Cloud | Log Collection |
| Array Networks SPX Series Universal Access Controllers | 4 | Syslog | VPN | Log Collection |
| ESET Remote Administrator | 4 | ODBC | Antivirus | Log Collection |
| Ixia Vision ONE (part of Keysight) | 4 | Network TAP | ||
| Check Point IPSO (formerly Nokia IPSO) | 4 | Syslog | UNIX | Log Collection |
| Blackberry Ltd Enterprise Server | 4 | File | Messaging | Log Collection |
| Picus | 4 | |||
| IBM WebSphere | 4 | File | Application Servers | Log Collection |
| Gigamon GigaSECURE OpenStack | 4 | Network TAP | ||
| RSA Access Manager | 4 | File | Access Control | Log Collection |
| CrowdStrike Falcon | 4 | Syslog | Endpoint | Log Collection |
| Soltra Edge | 4 | Threat Intel | ||
| ManageEngine Netflow Analyzer | 4 | ODBC | Analysis | Log Collection |
| Riverbed Cascade Profiler (formerly known as mazu Profiler) | 4 | SNMP | IPS | Log Collection |
| Cisco Unified Computing System Manager | 4 | Syslog | Configuration Management | Log Collection |
| J4Care Healthcare Connector | 4 | Syslog | Document | Log Collection |
| F5 BIG-IP Advanced Firewall Manager | 4 | Syslog | Firewall | Log Collection |
| Apcon IntellaPatch Series 3000 Network Monitoring Switch | 4 | Syslog | Switch | Log Collection |
| Sendmail | 4 | Syslog | UNIX | Log Collection |
| Lieberman Enterprise Random Password Manager (ERPM) | 4 | Syslog | Application Servers | Log Collection |
| Radware AppWall | 4 | |||
| Raz-Lee iSecurity for IBM iSeries | 4 | Syslog | Application Firewall | Log Collection |
| Bind DNS | 4 | Syslog | UNIX | Log Collection |
| STEALTHbits StealthINTERCEPT | 4 | |||
| M86 Secure Web Gateway (part of Trustwave) | 4 | |||
| Dell EMC NetWorker | 4 | File | Storage | Log Collection |
| McAfee Endpoint Encryption | 4 | File | Access Control | Log Collection |
| McAfee Endpoint Security | 4 | JDBC/Logstash | Antivirus | Log Collection |
| Qualys Vulnerability Management | 4 | Plugin | Cloud | Log Collection |
| Jamf Protect | 4 | Plugin | Cloud | Log Collection |
| Intersect Alliance Snare for Linux | 4 | Syslog | UNIX | Log Collection |
| BeyondTrust Retina Network Security Scanner (formerly eEye Retina Network Security Scanner) | 4 | Syslog, SNMP | IDS | Log Collection |
| RSA SecurID Access Cloud Authentication Service | 4 | Plugin | Access Control | Log Collection |
| Attivo ThreatMatrix Platform | 4 | Syslog | Analysis | Log Collection |
| nCircle Configuration Compliance Manager | 4 | Syslog | Configuration Management | Log Collection |
| IBM AIX | 4 | Syslog | UNIX | Log Collection |
| IBM DB2 | 4 | Logstash | Database | Log Collection |
| RSA Web Threat Detection (formerly Silver Tail System Forensics and Mitigator) | 4 | Syslog | Analysis | Log Collection |
| Ixia CloudLens (part of Keysight) | 4 | Network TAP | ||
| Slack | 4 | Other | ||
| IBM Tivoli Access Manager WebSEAL | 4 | File, Syslog | Access Control | Log Collection |
| VMware vCenter Server | 4 | Plugin | Virtualization | Log Collection |
| Imperva SecureSphere | 4 | Syslog | Application Firewall | Log Collection |
| IBM Mainframe Syslog and Hardcopy Log Facility | 4 | File | Mainframe | Log Collection |
| Squid | 4 | File | Web Logs | Log Collection |
| RSA Federated Identity Manager | 4 | File | Access Control | Log Collection |
| RSA Data Loss Prevention Suite | 4 | Syslog | DLP | Log Collection |
| McAfee Firewall Enterprise | 4 | Syslog | Firewall | Log Collection |
| Citrix XenApp | 4 | ODBC | Virtualization | Log Collection |
| Bit9 Security Platform | 4 | Syslog, ODBC | Application Firewall | Log Collection |
| Proofpoint Email Security | 4 | Syslog | Application Firewall | Log Collection |
| Avocent IP KVM | 4 | SNMP | Network | Log Collection |
| HyTrust CloudControl (formerly HyTrust Appliance) | 4 | Syslog | Access Control | Log Collection |
| RSA SecurID Access Identity Router (formerly Via Access) | 4 | Syslog | Access Control | Log Collection |
| Cymulate Integration | 4 | |||
| LogRhythm Platform | 4 | Other | ||
| Cyware Integration | 4 | |||
| Anomali ThreatStream Intelligence Platform | 4 | Threat Intel | ||
| Senrio Insight | 4 | Syslog | Analysis | Log Collection |
| CA SiteMinder | 4 | |||
| Symantec Endpoint Security Incidents | 4 | Plugin | Host.Cloud | Log Collection |
| CA Top Secret | 4 | |||
| Damballa Failsafe | 4 | Syslog | Antivirus | Log Collection |
| NetApp Data ONTAP | 4 | Syslog, Windows Legacy | Storage | Log Collection |
| M86 Secure Web Gateway (part of Trustwave) | 4 | Syslog | Application Firewall | Log Collection |
| IBM MQ (formerly branded as WebSphere MQ) | 4 | File | Messaging | Log Collection |
| IBM Tivoli Access Manager ESSO | 4 | ODBC | Access Control | Log Collection |
| Cisco Virtual Security Gateway | 4 | Syslog | Switch | Log Collection |
| Jenkins | 4 | Syslog | Application Servers | Log Collection |
| DenyAll WAF (formerly Bee Ware Web Application Firewall) | 4 | Syslog | Application Firewall | Log Collection |
| Gigamon GigaVUE FM Series | 4 | Network TAP | ||
| Linux (CentOS) | 4 | Syslog | UNIX | Log Collection |
| Absolute Data and Device Security (DDS) | 4 | Syslog | Analysis | Log Collection |
| General Electric (GE) Centricity PACS-IW | 4 | ODBC | Document | Log Collection |
| CyberArk Account Security and Identity Management | 4 | |||
| Carbon Black Cb Response | 4 | |||
| OpenText Documentum | 4 | ODBC | Database | Log Collection |
| Stonesoft StoneGate Management Center (part of Forcepoint LLC.) | 4 | Syslog | Firewall | Log Collection |
| Novell eDirectory | 4 | SNMP | Router | Log Collection |
| Stonesoft StoneGate Management Center (part of Forcepoint LLC.) | 4 | |||
| Cisco Application Control Engine | 4 | Syslog | Application Delivery | Log Collection |
| F5 BIG-IP Application Security Manager | 4 | Syslog | Application Firewall | Log Collection |
| Microsoft Team Foundation Server (TFS) | 4 | ODBC & Logstash | CMS | Log Collection |
| FireEye Mandiant Security Validation (formerly Verodin) | 4 | Other | ||
| Cisco Advanced Malware Protection (AMP) for Endpoints | 4 | Plugin | Cloud | Log Collection |
| Solarwinds IPAM | 4 | Syslog | Configuration Management | Log Collection |
| Google Cloud Platform (GCP) | 4 | Plugin | Cloud | Log Collection |
| IBM Mainframe RACF | 4 | File | Mainframe | Log Collection |
| Splunk Phantom RSA NetWitness Logs & Network App | 4 | Orchestration & Automation | ||
| APCON Inc. IntellaFlex Series 3000 | 4 | Network TAP | ||
| Gigamon GigaSECURE | 4 | Network TAP | ||
| McAfee Vulnerability Manager | 4 | ODBC & Logstash | IDS | Log Collection |
| Dell EMC Isilon | 4 | File, Syslog | Storage | Log Collection |
| Dell EMC Ionix Unified Infrastructure Manager | 4 | Syslog, File, ODBC | Configuration Management | Log Collection |
| Anomali Link | 4 | Plugin | Cloud | Log Collection |
| Tripwire Enterprise | 4 | Syslog,File | Configuration Management | Log Collection |
| Dell EMC Greenplum HD | 4 | File | Storage | Log Collection |
| Preempt Security Behavioral Firewall | 4 | Syslog | Analysis | Log Collection |
| Microsoft Azure Log Analytics Workspace | 4 | Plugin | Cloud | Log Collection |
| McAfee Integrity Control | 4 | ODBC | Configuration Management | Log Collection |
| Oracle Access Manager | 4 | File,ODBC (for v11g R2) | Access Control | Log Collection |
| OPSWAT MetaDefender | 4 | REST | Endpoint | Log Collection |
| McAfee Network Access Control | 4 | ODBC | Access Control | Log Collection |
| McAfee Network Data Loss Prevention (Reconnex) | 4 | ODBC, Syslog | DLP | Log Collection |
| VMware AppDefense | 4 | Plugin | Cloud | Log Collection |
| Clearswift SECURE Gateway Suite | 4 | Syslog | Application Servers | Log Collection |
| Tenable Nessus | 4 | File | Vulnerability | Log Collection |
| IBM Tivoli Identity Manager | 4 | ODBC | Access Control | Log Collection |
| Fox Technologies Server Control | 4 | Syslog | Access Control | Log Collection |
| FairWarning Privacy Monitoring | 4 | File | Analysis | Log Collection |
| F5 BIG-IP Access Policy Manager | 4 | Syslog | Access Control | Log Collection |
| NXLog | 4 | Syslog | Access Control | Log Collection |
| Cisco Security Agent | 4 | ODBC, SNMP | IDS | Log Collection |
| Tufin SecureTrack | 4 | Syslog | Configuration Management | Log Collection |
| SECUDE Halocore | 4 | Syslog | Document | Log Collection |
| Dell PowerConnect 5324 Switch | 4 | Syslog | Switch | Log Collection |
| Clearswift SECURE Gateway Suite | 4 | |||
| Skyhigh Web Gateway (previously known as McAfee Web Gateway) | 4 | File, Syslog | Web Logs | Log Collection |
| Amazon AWS Security Hub | 4 | Plugin | Cloud | Log Collection |
| Amazon AWS GuardDuty | 4 | Plugin | Cloud | Log Collection |
| Alcatel-Lucent OmniSwitch | 4 | Syslog, SNMP | Switch | Log Collection |
| Oracle Audit Vault | 4 | ODBC & Logstash | Database | Log Collection |
| SkyHigh Networks Enterprise Connector | 4 | Syslog | Analysis | Log Collection |
| AirTight Management Console | 4 | Syslog | Intrusion | Log Collection |
| Aruba Networks AirWave | 4 | Syslog | Wireless Devices | Log Collection |
| Aruba Networks Mobility Controller | 4 | Syslog | Wireless Devices | Log Collection |
| Symantec Brightmail (part of Broadcom Inc.) | 4 | Syslog | Application Firewall | Log Collection |
| Oracle Identity Manager | 4 | ODBC, Logstash | Access Control | Log Collection |
| Okta Workforce Identity Cloud | 4 | Plugin | Cloud | Log Collection |
| Enforcive Enterprise Security (part of Precisely) | 4 | Syslog | Access Control | Log Collection |
| Hewlett Packard UNIX | 4 | Syslog | UNIX | Log Collection |
| Hewlett Packard ProCurve Switch | 4 | Syslog | Switch | Log Collection |
| Fortinet Manager | 4 | Syslog | Firewall | Log Collection |
| ThreatConnect Threat Intelligence Platform | 4 | Threat Intel | ||
| DeepInspect | 4 | Syslog | ICS | Log Collection |
| Claroty Platform | 4 | Syslog | Analysis | Log Collection |
| Symantec Endpoint Security Events | 4 | Plugin | Host.Cloud | Log Collection |
| Syncurity IR Flow | 4 | Orchestration & Automation | ||
| Ixia Phantom vTap (part of Keysight) | 4 | Network TAP | ||
| Demisto Enterprise | 4 | Orchestration & Automation | ||
| BMC Remedy IT Service Management | 4 | ODBC | Configuration Management | Log Collection |
| General Electric (GE) Centricity Enterprise Archive | 4 | ODBC | Document | Log Collection |
| FluentD | 4 | Log Collection | ||
| Oracle WebLogic Server | 4 | File | Application Servers | Log Collection |
| Varonis DatAdvantage | 4 | ODBC for 5.5Syslog for 5.9 | Access Control | Log Collection |
| Dell EMC Data Protection Advisor | 4 | ODBC | Analysis | Log Collection |
| Dell EMC Greenplum Database | 4 | FIle | Database | Log Collection |
| Anomali STAXX | 4 | Threat Intel | ||
| Dell EMC Data Domain | 4 | Syslog | Storage | Log Collection |
| UnboundID Identity Data Store | 4 | Syslog | Access Control | Log Collection |
| Blue Coat Systems Inc. ProxyAV (part of Broadcom Inc.) | 4 | Syslog, SNMP | Antivirus | Log Collection |
| IBM Mainframe IDMS | 4 | File | Mainframe | Log Collection |
| ForeScout CounterACT | 4 | Syslog | Access Control | Log Collection |
| Crossbeam C-Series | 4 | Syslog | UNIX | Log Collection |
| Lumension Endpoint Management and Security Suite | 4 | ODBC | Configuration Management | Log Collection |
| McAfee Data Loss Prevention Endpoint | 4 | JDBC/Logstash | DLP | Log Collection |
| McAfee Data Loss Prevention Endpoint | 4 | ODBC | DLP | Log Collection |
| Actiance Vantage | 4 | ODBC | Analysis | Log Collection |
| Forcepoint Email Security) | 4 | Syslog | Antivirus | Log Collection |
| McAfee Host Intrusion Prevention (aka Entercept) | 4 | ODBC | IDS | Log Collection |
| Forcepoint Web Security (formerly Websense Web Security) | 4 | SNMP, ODBC (7.5, 7.6, 7.7), (Syslog for 7.7 and later) | Web Logs | Log Collection |
| Blue Coat Systems Inc. ProxySG SGOS (part of Broadcom Inc.) | 4 | Syslog, File | Web Logs | Log Collection |
| Nominum Vantio (part of Akamai) | 4 | |||
| Netflow | 4 | Netflow | Analysis | Log Collection |
| Morphisec Endpoint Threat Prevention | 4 | Syslog | Analysis | Log Collection |
| NETASQ Unified Manager | 4 | Syslog | Firewall | Log Collection |
| Cuckoo Sandbox | 4 | Other | ||
| Cisco Sourcefire Defense Center / SNORT | 4 | Syslog | IDS | Log Collection |
| SafeNet Hardware Security Module | 4 | Syslog | Access Control | Log Collection |
| Blue Coat Systems Inc. SSL Visibility Appliance (part of Broadcom Inc.) | 4 | SSL Decrypt | ||
| BlueCat | 4 | Syslog | System | Log Collection |
| Kaspersky CyberTrace (formerly Threat Feed Service) | 4 | Threat Intel | ||
| Riverbed Steelhead | 4 | Syslog, SNMP | Router | Log Collection |
| Amazon AWS Detective | 4 | Plugin | Cloud | Log Collection |
| Cisco Firepower System Event Streamer ( eStreamer) | 4 | Syslog | access control | Log Collection |
| SonicWALL Email Security | 4 | Syslog | VPN | Log Collection |
| Microsoft Azure via Azure Audit | 4 | Plugin | Cloud | Log Collection |
| SonicWALL Firewall | 4 | Syslog | Firewall | Log Collection |
| Oracle Database | 4 | Syslog, ODBC, File, Logstash | Database | Log Collection |
| EOL Third Party Integrations : azure_ad_signin | 2 | EOL_Third_Party_Integrations | ||
| Tenable.ot powered by Indegy | 4 | Syslog | Analysis | Log Collection |
| McAfee Endpoint Security | 4 | ODBC | Antivirus | Log Collection |
| Oracle Database (JDBC) | 4 | Logstash | Database | Log Collection |
| Check Point SPLAT OS | 4 | Syslog | UNIX | Log Collection |
| McAfee Email Gateway (formerly CipherTrust IronMail) | 4 | Syslog, SNMP | Antivirus | Log Collection |
| Juniper Networks JUNOS | 4 | Syslog | Router | Log Collection |
| Aruba Networks ClearPass Policy Manager | 4 | Syslog | Access Control | Log Collection |
| Symantec Critical Systems Protection (part of Broadcom Inc.) | 4 | ODBC, SNMP | IPS | Log Collection |
| Splunk Phantom RSA Security Analytics App | 4 | Orchestration & Automation | ||
| Lancope StealthWatch | 4 | Syslog | IDS | Log Collection |
| Lieberman Enterprise Random Password Manager (ERPM) | 4 | |||
| EOL Third Party Integrations : msazuregraph_security | 2 | EOL_Third_Party_Integrations | ||
| EOL Third Party Integrations : ciscoumbrella | 2 | EOL_Third_Party_Integrations | ||
| Securonix SNYPR | 4 | Syslog | Analysis | Log Collection |
| EOL Third Party Integrations : netskope | 2 | EOL_Third_Party_Integrations | ||
| GitHub Enterprise | 4 | Syslog | CMS | Log Collection |
| Palo Alto Prisma Cloud | 4 | Syslog | Cloud | Log Collection |
| Cisco Secure Access Control Server (ACS) Express | 4 | Syslog | Access Control | Log Collection |
| Cisco Meraki | 4 | Syslog | Configuration Management | Log Collection |
| EOL Third Party Integrations : azure_ad_audit | 2 | EOL_Third_Party_Integrations | ||
| Fortinet FortiAnalyzer | 4 | Syslog | Firewall | Log Collection |
| Sentryo ICS CyberVision (part of Cisco Systems) | 4 | Syslog | Analysis | Log Collection |
| EOL Third Party Integrations : awscloudtrail | 2 | EOL_Third_Party_Integrations | ||
| VMware Unified Access Gateway (UAG) | 4 | Syslog | Access Control | Log Collection |
| VMware Orchestrator | 4 | ODBC | Virtualization | Log Collection |
| Oracle Internet Directory | 4 | ODBC, Logstash | Access Control | Log Collection |
| F5 BIG-IP Local Traffic Manager | 4 | Syslog | Switch | Log Collection |
| Progress WhatsUp Gold | 4 | ODBC | Configuration Management | Log Collection |
| SafeBreach | 4 | N/A | N/A | Log Collection |
| Invincea Threat Data Server | 4 | Syslog | Antivirus | Log Collection |
| CA Integrated Threat Management | 4 | SNMP | Antivirus | Log Collection |
| SkyFormation | 4 | Syslog | Analysis | Log Collection |
| NetClarity NACwall | 4 | |||
| McKesson Horizon Patient Folder | 4 | ODBC & Logstash | Document | Log Collection |
| ActivIdentity 4TRESS AAA Server | 4 | ODBC | Access Control | Log Collection |
| Proofpoint ObserveIT User Activity Monitoring | 4 | Syslog | Access Control | Log Collection |
| CA SiteMinder | 4 | File | Access Control | Log Collection |
| Zscaler Deception Implementation Guide | 7 | Syslog | ||
| Oracle Directory Server / Sun ONE | 4 | File | Access Control | Log Collection |
| Apache Tomcat Server Event Source Configuration Guide | 6 | |||
| Enterprise IT-Security SF-NoEvasion | 4 | Syslog | Mainframe | Log Collection |
| Dropbox | 4 | |||
| PAS Global ICS | 4 | File | ICS | Log Collection |
| Palo Alto Panorama Management Server | 4 | Syslog | Firewall | Log Collection |
| Symantec Endpoint Security Events Plugin Event Source Log Configuration Guide | 5 | |||
| EOL Third Party Integrations : amazonkinesis | 2 | EOL_Third_Party_Integrations | ||
| Cisco Identity Services Engine (ISE) | 4 | Syslog | Access Control | Log Collection |
| Cisco IOS | 4 | Syslog | Router | Log Collection |
| NetClarity NACwall | 4 | Syslog | Access Control | Log Collection |
| McAfee Policy Auditor | 4 | ODBC & Logstash | Configuration Management | Log Collection |
| Citrix XenMobile MDM (formerly Zenprise MobileManager) | 4 | Syslog, File | Configuration Management | Log Collection |
| Cisco Wireless LAN Controller (WLC) (2100 Series, 4400 Series, and 9800 Series) | 4 | Syslog, SNMP | Wireless Devices | Log Collection |
| Cisco Firewall Service Module | 4 | Syslog | Firewall | Log Collection |
| Dropbox | 4 | Plugin | Cloud | Log Collection |
| EclecticIQ Threat Intelligence Platform | 4 | Threat Intel | ||
| Juniper Networks Unified Access Control | 4 | Syslog | Access Control | Log Collection |
| CrowdStrike Falcon | 4 | |||
| EOL Third Party Integrations : amazonvpc | 4 | EOL_Third_Party_Integrations | ||
| Silver Peak WAN | 4 | Syslog | Router | Log Collection |
| Proofpoint Targeted Attack Protection | 4 | Plugin | Cloud | Log Collection |
| FireEye Endpoint Security (FireEye HX) | 6 | Logstash | IPS | Log Collection |
| CloudLink SecureVSA | 4 | Syslog | Access Control | Log Collection |
| IBM ISS SiteProtector | 4 | ODBC | IDS | Log Collection |
| NFR NIDS | 4 | Syslog | IDS | Log Collection |
| JBoss Application Server | 4 | File, Syslog | Application Servers | Log Collection |