Device Configuration and Mapping Guides

API Log Sources

• Amazon Web Services (AWS) Log Collection
• API - AWS CloudTrail
• API - AWS CloudWatch Alarm
• API - AWS Config Event
• API - AWS S3 CloudTrail (via Flat File)
• API - AWS S3 Server Access Event
• API - BeyondTrust Retina Vulnerability Management
• API - Box Event
• API - Cisco IDS/IPS
• API - Cradlepoint ECM
• API - IP360 Vulnerability Scanner
• API - Metasploit Penetration Scanner
• API - Nessus Vulnerability Scanner
• API - NetApp CIFS Audit Event Log
• API - NeXpose Vulnerability Scanner
• API - Office 365 Management Activity (Microsoft)
• API - Office 365 Message Tracking (Microsoft)
• API - Okta Event
• API - Qualys Vulnerability Scanner
• API - Salesforce EventLogFile
• API - Sourcefire eStreamer
• API - Tenable SecurityCenter
• API - Tenable.io Scanner

Flat File Log Sources

• Flat File - Cisco Umbrella DNS
• Flat File - Anomali
• Flat File - Blue Coat Proxy BCREPORTERMAIN Format
• Flat File - Blue Coat Proxy SQUID-1 Format
• Flat File - Cisco AMP for Endpoints
• Flat File - Falco
• Flat File - HP-UX Audit Log
• Flat File - IBM Informix Application Log
• Flat File - IBM WebSphere App Server v7 Audit Log
• Flat File - IPSwitch WS-FTP
• Flat File - McAfee Proxy Cloud
• Flat File - Microsoft Exchange Tracking Logs
• Flat File - Microsoft IIS (IIS Format) File
• Flat File - Microsoft IIS FTP IIS Log File Format
• Flat File - Microsoft IIS FTP W3C Extended Format
• Flat File - Microsoft IIS NCSA Common Format File
• Flat File - Microsoft IIS W3C File
• Flat File - Mimecast Email
• Flat File - Mimecast Email (Log Source Optimization)
• Flat File - PeopleSoft
• Flat File - PureMessage For Exchange SMTP Log
• Flat File - PureMessage For UNIX Blocklist Log
• Flat File - PureMessage For UNIX Message Log
• Flat File - Snort IDS

MS Windows Event Log Sources

• MS Windows Event Logging XML - System
• MS Windows Event Logging - AppLockerApp
• MS Windows Event Logging - MSExchange Management
• MS Windows Event Logging XML - ADFS
• MS Windows Event Logging XML - Application
• MS Windows Event Logging XML - DNS Audit
• MS Windows Event Logging XML – Microsoft-Windows-NTLM/Operational
• MS Windows Event Logging XML - PowerShell
• V 2.0 : MS Windows Event Logging XML - Security (Configuration Guide)
• V 2.0 : MS Windows Event Logging XML - Sysmon (Configuration Guide)
• MS Windows Event Logging XML - Windows Defender
• MS Windows Event Logging XML - WMI

Syslog Log Sources

• Syslog - A10 Networks Web Application Firewall
• Syslog - Adiscon EventReporter
• Syslog - Akamai CEF
• Syslog - Alcatel-Lucent Switch
• Syslog - Alert Logic
• Syslog - Anomali Threatstream
• Syslog - Apache Access Log
• Syslog - Apex One
• Syslog - Aruba Clear Pass
• Syslog - Aruba Switch
• Syslog - Avatier Identity Management Suite (AIMS)
• Syslog - Aviatrix
• Syslog - BeyondTrust BeyondInsight LEEF
• Syslog - BlueCedar
• Syslog - BluVector
• Syslog - Broadcomm ProxySG
• Syslog - CA Privileged Access Manager (PAM)
• Syslog - CB Response LEEF
• Syslog - Check Point Log Exporter
• Syslog - Check Point Log Exporter V2.0
• Cisco Devices (syslog)
• Syslog - Claroty CTD CEF
• Syslog - Clearswift Secure Email Gateway
• Syslog - CyberArk
• Syslog - Cylance CEF
• Syslog - Cylance Optics Detection\Protect Events
• Syslog - Dell Remote Access Controller
• Syslog - Digital Guardian
• Syslog - Dragos Platform CEF
• Syslog - EMC Unity Array
• Syslog - enSilo NGAV (FortiEDR)
• Syslog - Epic Hyperspace CEF
• Syslog - ESET Remote Administrator (ERA) LEEF
• Syslog - ExtraHop
• Syslog - F5 BIG-IP ASM
• Syslog - F5 BIG-IP ASM CEF
• Syslog - F5 BIG-IP ASM Key-Value Pairs
• Syslog - F5 BIG-IP LTM
• Syslog - F5 BIG-IP System
• Syslog - F5 Silverline DDoS Protection
• Syslog - Fat Pipe Load Balancer
• Syslog - FireEye EX
• Syslog - FireEye MPS
• Syslog - Forcepoint CASB CEF
• Syslog - Forcepoint Stonesoft NGFW
• Syslog - Forcepoint Web Security V2.0
• Syslog - Forescout eyeInspect CEF
• Syslog - Fortinet FortiADC
• Syslog - Fortinet FortiAnalyzer
• Syslog - Fortinet FortiAuthenticator
• Syslog - Fortinet FortiDDoS
• Syslog - Fortinet FortiGate (Log Source Optimization)
• Syslog - Fortinet FortiGate v4.0+
• Syslog - Fortinet FortiGate v5.4/v5.6
• Syslog - Fortinet FortiGate v6.0
• Syslog - Fortinet FortiGate v5.6 CEF
• Syslog - Fortinet FortiNAC
• Syslog - Fortinet FortiSwitch
• Syslog - Generic Linux OS
• Syslog - Guardium CEF
• Syslog - HPE OneView
• Syslog - IBM QRadar Network Security XGS
• Syslog - Imperva Data Risk Analytics CEF
• Syslog - Imperva Incapsula CEF
• Syslog - Imperva Securesphere
• Syslog - Juniper Junos
• Syslog - Juniper SSL VPN
• Syslog - Lancope StealthWatch CEF
• Syslog - Lepide Data Security Platform
• Syslog - LinkShadow CEF
• Syslog - Linux Audit
• Syslog - Linux Host
• Syslog - LogRhythm Log Distribution Services
• Syslog - LogRhythm Network Monitor (NetMon)
• Syslog - Malwarebytes Endpoint Security CEF
• Syslog - ManageEngine ADAudit Plus
• Syslog - ManageEngine AD Self Service Plus
• Syslog - ManageEngine PAM360
• Syslog - ManageEngine Password Manager Pro
• Syslog - McAfee Database Security CEF
• Syslog - McAfee ePO
• Syslog - McAfee Network Security Manager
• Syslog - Microsoft Azure Log Integration
• Syslog - Mimecast Email
• Syslog - MistNet NDR
• Syslog - NetApp ONTAP Audit Log
• Syslog - NetScout Arbor Edge Defense CEF
• Syslog - NetScout OCI CEF
• Syslog - Netskope
• Syslog - Netskope CEF
• Syslog - Nozomi Networks Guardian CEF
• Syslog - Palo Alto Cortex Data Lake CEF
• Syslog - Palo Alto Cortex XDR
• Syslog - Palo Alto Firewall
• Syslog - pfSense Firewall
• Syslog - Powertech CEF
• Syslog - Pulse Secure
• Syslog - Pure Storage
• Syslog - Rubrik
• Syslog - SAP HANA
• Syslog - SecureLink
• Syslog - SentinelOne CEF
• Syslog - Skyhigh Cloud Access Security Broker CEF
• Syslog - Skyhigh Secure Web Gateway
• Syslog - SonicWall SonicOS/X
• Syslog - Splunk
• Syslog - Stealthbits Activity Monitor
• Syslog - StrongSwan VPN Event
• Syslog - Symantec Advanced Threat Protection (ATP) CEF
• Syslog - Symantec DLP CEF
• Syslog - Symantec Endpoint Server
• Syslog - Symantec Endpoint Threat Defense for AD
• Syslog - Symantec ICDX CEF
• Syslog - Symantec Messaging Gateway
• Syslog - Sysmon for Linux (XML)
• Syslog - Tanium LEEF
• Syslog - Tenable.ot Security
• Syslog - threatER
• Syslog - Tipping Point IPS
• Syslog - Trend Micro Apex One
• Syslog - Trend Micro Control Manager CEF
• Syslog - Trend Micro Deep Discovery Director
• Syslog - Trend Micro Deep Security LEEF
• Syslog - Trend Micro Email Security
• Syslog - Trend Micro Vision One CEF
• Syslog - Trend Micro Vulnerability Protection Manager
• Syslog - TXOne StellarProtect
• Syslog - Ubiquiti UniFi Security Gateway
• Syslog - Ubiquiti UniFi Switch
• Syslog - Vectra Networks
• Syslog - Versa Networks SD-WAN
• Syslog - VMware Carbon Black App Control
• Syslog - VMWare vSphere 8.0 (formerly ESX/ESXi Server)
• Syslog - VMware NSX/NSX-T
• Syslog - VMware vCenter Server
• Syslog - VMware Unified Access Gateway
• Syslog - VMWare vRealize Operations
• Syslog - Zscaler Nano Streaming Service

UDLA Log Sources

• UDLA - Forcepoint
• UDLA - Gallagher Command Centre
• UDLA - iManage Worksite
• UDLA - ISS Proventia SiteProtector - IPS
• UDLA - McAfee ePolicy Orchestrator 3.6 - Events
• UDLA - McAfee ePolicy Orchestrator 4.0 - ePOEvents
• UDLA - McAfee ePolicy Orchestrator 4.5 - ePOEvents
• UDLA - McAfee ePolicy Orchestrator 5.0 - ePOEvents
• UDLA - McAfee ePolicy Orchestrator 5.1 - ePOEvents
• UDLA - McAfee ePolicy Orchestrator 5.3 - ePOEvents
• UDLA - McAfee ePolicy Orchestrator 5.9 - ePOEvents
• UDLA - McAfee ePolicy Orchestrator - Universal ePOEvents
• UDLA - McAfee Network Access Control
• UDLA - Microsoft System Center 2012 Endpoint Protection
• UDLA - Oracle 9i Audit Trail
• UDLA - Oracle 10g Audit Trail
• UDLA - Oracle 11g Audit Trail
• UDLA - Oracle 12c Unified Audit
• UDLA - SharePoint 2007 AuditData
• UDLA - SharePoint 2010 EventData
• UDLA - SharePoint 2013 EventData
• UDLA - Sophos Anti-Virus
• UDLA - Sophos Endpoint Security and Control
• UDLA - Symantec CSP
• UDLA - Symantec EP
• UDLA - Symmetry Access Control
• UDLA - VMware vCenter Server - Events
• UDLA - VMware vCenter Server - Tasks

Log Source Optimization

• LSO Overview
• KB Synchronization Settings for LSO
• Apply LogRhythm Default v2.0 on a Log Source
• Roll Back LogRhythm Default v2.0
• LSO: Syslog - Check Point Log Exporter (Mapping Doc)
• LSO : Syslog - Cisco ISE (Mapping Doc)
• LSO : Syslog - Cisco Meraki (Mapping Doc)
• LSO : Flat File - Cisco Umbrella DNS (Mapping Doc)
• LSO : Syslog - CyberArk (Mapping Doc)
• LSO: Syslog - Cylance (Mapping Doc)
• LSO : Syslog - FireEye MPS (Mapping Doc)
• LSO : Syslog - Forcepoint Web Security (Mapping Doc)
• LSO : Syslog - Fortinet FortiAnalyzer (Mapping Doc)
• LSO : Syslog - Fortinet FortiGate (Mapping Doc)
• LSO : Syslog - Imperva Incapsula CEF (Mapping Doc)
• LSO : Syslog - Imperva Securesphere (Mapping Doc)
• LSO: Syslog - LogRhythm Network Monitor (Mapping Doc)
• LSO : Flat File - Mimecast Email (Mapping Doc)
• LSO : Flat File - Microsoft IIS W3C File (Mapping Doc)
• LSO : MS Windows Event Logging - MSExchange Management (Mapping Doc)
• LSO: MS Windows Event Logging XML - System (Mapping Doc)
• LSO: Syslog - Palo Alto Firewall (Mapping Doc)
• LSO : Syslog - Symantec DLP CEF (Mapping Doc)
• LSO: Syslog - Symantec Endpoint Server (Mapping Doc)
• LSO : Syslog - Tanium LEEF (Mapping Doc)
• LSO: Syslog - Trend Micro Apex One (Mapping Doc)
• LSO : Syslog - Zscaler Nano Streaming Service (Mapping Doc)
• Microsoft Sysmon
• Windows Security Events