README.md

Mappings

You will find our complete list of mappers for content here.

• 1Password Item Audit Actions
• 1Password Item Usage Actions
• 1Password Item Usage C2C
• 1Password Signin C2C
• ADAuditPlus ADAPAlerts
• ADAuditPlus ADAPTechnicianAudit
• ADAuditPlus ADObjectsAuditReports
• ADAuditPlus ComputerMgmtReports
• ADAuditPlus DNSAuditReports
• ADAuditPlus GroupMgmtReports
• ADAuditPlus LDAPReports
• ADAuditPlus LocalLogonLogoffReports
• ADAuditPlus LogonReports
• ADAuditPlus ObjectCreationReports
• ADAuditPlus ServerAuditReports
• ADAuditPlus UserMgmtReports
• AWS - Application Load Balancer - ALB
• AWS - Application Load Balancer - Connection
• AWS - Application Load Balancer - JSON
• AWS API Gateway
• AWS CloudFront
• AWS CloudWatch Custom
• AWS Config - Custom Parser
• AWS EKS - Custom Parser
• AWS Elastic Load Balancer - Custom Parser
• AWS GuardDuty Alerts from Sumo CIP
• AWS Inspector - Custom Parser
• AWS Network Firewall Alerts
• AWS Network Firewall Flow
• AWS Network Firewall Netflow
• AWS Redshift - ACTIVITY_LOG
• AWS Redshift - Authentication Log
• AWS Redshift - Connection Log
• AWS Redshift - USER_LOG
• AWS Route 53 Logs
• AWS S3 Server Access Log
• AWS S3 Server Access Log - Custom Parser
• AWS Security Hub
• AWS Trusted Advisor
• AWS VPC Flow Logs - Default Format
• AWS VPC Flow Logs - JSON Format
• AWS WAF Allow Logs
• AWS WAF Block Logs
• AWSGuardDuty - Audit Events
• AWSGuardDuty - AwsServiceEvent-AWS API Call via CloudTrail
• AWSGuardDuty - Reconnaissance and malicious activity detection
• AWSGuardDuty - Tor Client and Relay
• AWSGuardDuty - UnauthorizedAccess_EC2_TorIPCaller
• AWSGuardDuty_Backdoor (Sumo Logic)
• AWSGuardDuty_Behavior (Sumo Logic)
• AWSGuardDuty_Catch_All
• AWSGuardDuty_CryptoCurrency (Sumo Logic)
• AWSGuardDuty_PenTest (Sumo Logic)
• AWSGuardDuty_Persistence (Sumo Logic)
• AWSGuardDuty_Policy (Sumo Logic)
• AWSGuardDuty_ResourceConsumption (Sumo Logic)
• AWSGuardDuty_Stealth (Sumo Logic)
• AWSGuardDuty_Trojan (Sumo Logic)
• Abnormal Security Threats
• Adaxes - Custom Parser
• Administrator Audit Trail
• Administrator Logon
• Airtable Audit C2C
• Akamai SIEM Logs
• Akamai WAF Logs
• Alert
• Alibaba ActionTrail Catch All Mapping
• Alibaba ActionTrail ConsoleSignin
• AlphaSOC
• Apache HTTP Server - Access log
• ApplicationGatewayAccessLog
• ApplicationGatewayFirewallLog
• Aqua Access Control
• Aqua Alert
• Aqua Runtime Policy Match
• Aruba ClearPass Guest Access
• Aruba ClearPass Syslog
• Aruba ClearPass User Authentication Failed
• Aruba ClearPass User Authentication Successful
• Aruba ClearPass WiFi Access Tracker
• Aruba ClearPass Wifi Failed Tracker
• Aruba SystemEvent Logs
• Atlassian Confluence Access Logs - Parser
• Auditd
• Auth0 Catch All
• Auth0 Failed Authentication
• Auth0 Successful Authentication
• Automox - Audit logs
• Automox - Audit logs - Logon
• Automox - Event logs
• AwsServiceEvent-AWS API Call via CloudTrail (Sumo Logic)
• Azure Access Logs
• Azure Action Logs
• Azure Administrative logs
• Azure Appplication Service Console Logs
• Azure AuditEvent logs
• Azure Backup Report logs
• Azure Backupjob Logs
• Azure Event Hub - Windows Defender Logs
• Azure Event Hub - Windows Defender Logs - DeviceAlertEvents
• Azure Firewall Application Rule
• Azure Firewall DNS Proxy
• Azure Firewall Network Rule
• Azure Firewall logs
• Azure ManagedIdentitySignInLogs
• Azure MySqlAudit logs
• Azure NSG Flows
• Azure Network Security Group Event Logs
• Azure Network Security Group Rule Logs
• Azure NonInteractiveUserSignInLogs
• Azure Policy Logs
• Azure Risky Users
• Azure ServicePrincipalSignInLogs
• Azure Storage Analytics
• Azure User Risk Events
• Azure Write and Delete Logs
• AzureActivityLog
• AzureActivityLog 01
• AzureActivityLog AuditLogs
• AzureDevOpsAuditing
• AzureDiagnosticLog
• BIOC-IOC Forwarder logs
• Bandura - Custom Parser
• BigQuery Gmail C2C - Catch All
• BigQuery Gmail C2C - Error in Delivery
• BigQuery Gmail C2C - Failed Delivery
• BigQuery Gmail C2C - Message was dropped by Gmail
• BigQuery Gmail C2C - Message was rejected by Google Groups
• Bitdefender - avc
• Bitdefender - fw
• Bitdefender - hd
• Bitdefender - network-monitor
• Bitdefender - new-incident
• Bitdefender Catch All
• BlackBerry Workspace
• Blue Coat Proxy 8
• Blue Coat ProxySG Custom Parser
• BlueCat DHCP USER Logs
• BlueCat DHCP Discover
• BlueCat DHCP Interface
• BlueCat DHCP Parser - Catch All
• BlueCat DHCP Request
• BlueCat DNS Parser - Catch All
• Box - ADD_LOGIN_ACTIVITY_DEVICE
• Box - ADMIN_LOGIN
• Box - All Activities
• Box - FAILED_LOGIN
• Box - FILE_MARKED_MALICIOUS
• Box - LOGIN
• Box - NEW_USER
• Box - SHIELD_ALERT
• Bromium
• CICSCOFW434004
• Carbon Black C2C Alert - DEVICE_CONTROL
• Carbon Black Cloud - CONTAINER_RUNTIME
• Carbon Black Cloud - FACET
• Carbon Black Cloud - Observation event
• Carbon Black Cloud API Call
• Carbon Black Cloud Alert - CB_ANALYTICS
• Carbon Black Cloud Alert - Tuned Activity
• Carbon Black Cloud Alert - WATCHLIST|DEVICE_CONTROL|HOST_BASED_FIREWALL|INTRUSION_DETECTION_SYSTEM
• Carbon Black Cloud C2C API Call
• Carbon Black Cloud C2C Cross Process Event
• Carbon Black Cloud C2C File Modification
• Carbon Black Cloud C2C Module Load
• Carbon Black Cloud C2C Network Connection
• Carbon Black Cloud C2C Process Auditing
• Carbon Black Cloud C2C Registry Modification
• Carbon Black Cloud C2C Script Load
• Carbon Black Cloud C2C Watchlist Hit
• Carbon Black Cloud Cross Process Event
• Carbon Black Cloud File Modification
• Carbon Black Cloud Module Load
• Carbon Black Cloud Network Connection
• Carbon Black Cloud Process Auditing
• Carbon Black Cloud Registry Modification
• Carbon Black Cloud Script Load
• Carbon Black Cloud Watchlist Hit
• CarbonBlack - Bit9 - Threats
• CarbonBlack - JSON Via Syslog
• CarbonBlack Bit9 LEEF Response
• CarbonBlack Bit9 LEEF Response 01
• CarbonBlack C2C Defense
• CarbonBlack C2C Response
• CarbonBlack Cloud C2C Catch All
• CarbonBlack Cloud C2C Defense
• CarbonBlack Cloud C2C Response
• CarbonBlack Defense Create Process Events
• CarbonBlack Defense Non-Threat Audit Events
• CarbonBlack Defense Threat Hunter Notifications
• CarbonBlack Defense Threat Notifications
• CarbonBlack LEEF Response - alert.watchlist.hit.ingress.binary
• CarbonBlack LEEF Response - alert.watchlist.hit.ingress.process
• CarbonBlack LEEF Response - feed.ingress.hit.host,binary
• CarbonBlack LEEF Response - feed.ingress.hit.process
• CarbonBlack LEEF Response - feed.query.hit.binary
• CarbonBlack LEEF Response - feed.query.hit.process
• CarbonBlack LEEF Response - watchlist.hit.process
• CarbonBlack PolicyAction
• CarbonBlack file/process created - LEEF
• Cato Networks Audits
• Cato Networks Security Events
• Cato Networks Security Events - Catch All
• Check Point ACCEPT
• Check Point Allow
• Check Point Application Control
• Check Point Authorize Logs
• Check Point Avanan
• Check Point Block
• Check Point Bypass
• Check Point Catch All
• Check Point Deauthorize Logs
• Check Point Decrypt Logs
• Check Point Detect
• Check Point Drop
• Check Point Encrypt Logs
• Check Point Failed Log In
• Check Point HTTPS Bypass Logs
• Check Point HTTPS Logs
• Check Point Key Install
• Check Point Log In
• Check Point Log Out
• Check Point Prevent
• Check Point REJECT
• Check Point Redirect
• Check Point SmartDefense
• Check Point SmartDefenseIPS
• Check Point URL Filtering
• Check Point Update
• Check Point VPN Routing
• Cisco AMP Cloud IOC Events - Malware
• Cisco AMP Events - Direct
• Cisco AMP Events - Malware
• Cisco AMP Events Catch All
• Cisco ASA 103001 JSON
• Cisco ASA 103004 JSON
• Cisco ASA 106001 JSON
• Cisco ASA 106002 JSON
• Cisco ASA 106006 JSON
• Cisco ASA 106007 JSON
• Cisco ASA 106010 JSON
• Cisco ASA 106012 JSON
• Cisco ASA 106014 JSON
• Cisco ASA 106015 JSON
• Cisco ASA 106016
• Cisco ASA 106017
• Cisco ASA 106020
• Cisco ASA 106021 JSON
• Cisco ASA 106023 JSON
• Cisco ASA 106027 JSON
• Cisco ASA 106100 JSON
• Cisco ASA 106102-3 JSON
• Cisco ASA 106103
• Cisco ASA 109005-8 JSON
• Cisco ASA 110002 JSON
• Cisco ASA 111008-9 JSON
• Cisco ASA 111010 JSON
• Cisco ASA 113003 JSON
• Cisco ASA 113004 JSON
• Cisco ASA 113005
• Cisco ASA 113005 JSON
• Cisco ASA 113006 JSON
• Cisco ASA 113007 JSON
• Cisco ASA 113008 JSON
• Cisco ASA 113009 JSON
• Cisco ASA 113012-17 JSON
• Cisco ASA 113019
• Cisco ASA 113019 JSON
• Cisco ASA 113021 JSON
• Cisco ASA 113039 JSON
• Cisco ASA 209004 JSON
• Cisco ASA 302010 JSON
• Cisco ASA 302014
• Cisco ASA 302016
• Cisco ASA 302020-1 JSON
• Cisco ASA 303002 JSON
• Cisco ASA 304001 JSON
• Cisco ASA 304002 JSON
• Cisco ASA 305011-12 JSON
• Cisco ASA 313001 JSON
• Cisco ASA 313004 JSON
• Cisco ASA 313005 JSON
• Cisco ASA 314003 JSON
• Cisco ASA 315011 JSON
• Cisco ASA 322001 JSON
• Cisco ASA 322003 JSON
• Cisco ASA 338001-8+338201-4 JSON
• Cisco ASA 4000nn JSON
• Cisco ASA 402117 JSON
• Cisco ASA 402119 JSON
• Cisco ASA 405001 JSON
• Cisco ASA 405002 JSON
• Cisco ASA 406001 JSON
• Cisco ASA 406002 JSON
• Cisco ASA 419001 JSON
• Cisco ASA 419002 JSON
• Cisco ASA 500004 JSON
• Cisco ASA 502101-2 JSON
• Cisco ASA 502103 JSON
• Cisco ASA 602303-4 JSON
• Cisco ASA 605004-5 JSON
• Cisco ASA 609001
• Cisco ASA 609002
• Cisco ASA 609002 JSON
• Cisco ASA 611101-2 JSON
• Cisco ASA 611103 JSON
• Cisco ASA 710002-3 JSON
• Cisco ASA 710005 JSON
• Cisco ASA 713052 JSON
• Cisco ASA 713172 JSON
• Cisco ASA 713228 JSON
• Cisco ASA 713905
• Cisco ASA 716014-7-8 JSON
• Cisco ASA 716038 JSON
• Cisco ASA 716039 JSON
• Cisco ASA 716058
• Cisco ASA 716059
• Cisco ASA 716059 JSON
• Cisco ASA 719022-3 JSON
• Cisco ASA 721016 or 721018
• Cisco ASA 721016-8 JSON
• Cisco ASA 722011
• Cisco ASA 722034 JSON
• Cisco ASA 722041
• Cisco ASA 722051 JSON
• Cisco ASA 722055
• Cisco ASA 722055 JSON
• Cisco ASA 725001
• Cisco ASA 725002
• Cisco ASA 725003
• Cisco ASA 725007
• Cisco ASA 725016
• Cisco ASA 733100 JSON
• Cisco ASA 737006
• Cisco ASA 751011 JSON
• Cisco ASA 751023 JSON
• Cisco ASA 751025 JSON
• Cisco ASA tcp_udp_sctp_builds JSON
• Cisco ASA tcp_udp_sctp_teardowns JSON
• Cisco Firepower CEF Alerts
• Cisco Firepower CEF File
• Cisco Firepower CEF FireAMP
• Cisco Firepower CEF Packets
• Cisco Firepower CEF Traffic
• Cisco Firepower CEF unknown ips-event
• Cisco Firepower Intrusion Event 430001
• Cisco IOS Authentication Logs - Custom Parser
• Cisco IOS Catch All - Custom Parser
• Cisco ISE Authentication Failure
• Cisco ISE Authentication Success
• Cisco ISE Catch All
• Cisco ISE Events
• Cisco Ironport MID - Custom Parser
• Cisco Ironport SFIMS - Custom Parser
• Cisco Ironport WSA - Custom Parser
• Cisco Meraki 8021x
• Cisco Meraki Catch All - Custom Parser
• Cisco Meraki Client Association
• Cisco Meraki Content Filtering Block - Custom Parser
• Cisco Meraki Failed WPA Authentication Attempt
• Cisco Meraki File Scanned - C2C
• Cisco Meraki Firewall - Custom Parser
• Cisco Meraki Flow End
• Cisco Meraki Flow Start
• Cisco Meraki Flow Start_End - Custom Parser
• Cisco Meraki Flows
• Cisco Meraki Flows - Custom Parser
• Cisco Meraki IDS - Custom Parser
• Cisco Meraki IDS Alert - C2C
• Cisco Meraki IDS Alerted
• Cisco Meraki L7 Firewall - Custom Parser
• Cisco Meraki Organization Configuration Change - C2C
• Cisco Meraki Security Filtering Disposition Change - Custom Parser
• Cisco Meraki Security Filtering File Scanned
• Cisco Meraki Security Filtering File Scanned - Custom Parser
• Cisco Meraki URLS
• Cisco Meraki URLS - Custom Parser
• Cisco Meraki WPA - Custom Parser
• Cisco Meraki WPA Authentication
• Cisco Meraki WPA Deauthentication
• Cisco Meraki Wireless Air Marshall - C2C
• Cisco SIP Logs
• Cisco Secure Email Parser - Catch All
• Cisco StealthWatch
• Cisco Umbrella DNS Logs
• Cisco Umbrella DNS Logs Custom
• Cisco Umbrella IP Logs
• Cisco Umbrella Proxy Logs
• Cisco Umbrella Proxy Logs Custom
• Citrix Cloud Operation Logs
• Citrix Cloud System Logs
• Citrix NetScaler - AAA-LOGIN_FAILED
• Citrix NetScaler - Command Executed
• Citrix NetScaler - MESSAGE
• Citrix NetScaler - SSL Handshake Success
• Citrix NetScaler - SSLVPN-HTTPREQUEST
• Citrix NetScaler - SSLVPN-ICA Events
• Citrix NetScaler - SSLVPN-LOGIN
• Citrix NetScaler - SSLVPN-LOGOUT
• Citrix NetScaler - SSLVPN-TCPCONNSTAT
• Citrix NetScaler - TCP-CONN_TERMINATE
• CloudTrail - application-insights.amazonaws.com - ListApplications
• CloudTrail - cloudtrail.amazonaws.com - Trail Change|Logging
• CloudTrail - cognito-idp.amazonaws.com - CreateUserPoolClient
• CloudTrail - controltower.amazonaws.com - CreateManagedAccount
• CloudTrail - ec2.amazonaws.com - All Network Events
• CloudTrail - ec2.amazonaws.com - BidEvictedEvent
• CloudTrail - ecr.amazonaws.com - PolicyExecutionEvent
• CloudTrail - ecs.amazonaws.com - AwsApiCall-ExecuteCommand
• CloudTrail - elasticfilesystem.amazonaws.com - NewClientConnection
• CloudTrail - iam.amazonaws.com - Policy Change
• CloudTrail - kms.amazonaws.com - DisableKey|ScheduleKeyDeletion
• CloudTrail - kms.amazonaws.com - RotateKey
• CloudTrail - lambda.amazonaws.com - Audit Change
• CloudTrail - lambda.amazonaws.com - DeleteEventSourceMapping|DeleteFunction
• CloudTrail - lambda.amazonaws.com - DeleteFunctionUrlConfig
• CloudTrail - lambda.amazonaws.com - GetFunction
• CloudTrail - lambda.amazonaws.com - GetLayerVersionPolicy
• CloudTrail - lambda.amazonaws.com - GetPolicy|GetLayerVersionPolicy
• CloudTrail - lambda.amazonaws.com - ListEventSourceMappings
• CloudTrail - lambda.amazonaws.com - ListFunctions
• CloudTrail - lambda.amazonaws.com - Resource Access
• CloudTrail - logs.amazonaws.com - DeleteDestination|DeleteLogGroup|DeleteLogStream
• CloudTrail - organizations.amazonaws.com - CreateAccountResult
• CloudTrail - s3.amazonaws.com - Bucket Change
• CloudTrail - s3.amazonaws.com - GetBucketAcl
• CloudTrail - secretsmanager.amazonaws.com - RotationSucceeded|RotationStarted
• CloudTrail - secretsmanager.amazonaws.com - SecretVersionDeletion
• CloudTrail - signin.amazonaws.com - All AwsConsoleSignIn events
• CloudTrail - sso.amazonaws.com - Federate|ListProfilesForApplication
• CloudTrail Default Mapping
• Cloudflare - Logpush
• Code42 Custom Parser
• Code42 Incydr Alerts C2C
• Code42 Incydr Audits C2C
• Code42 Incydr FileEvents C2C
• Communications Events
• Corelight NSM
• CrowdStrike Audit Logs
• CrowdStrike Audit Logs (CNC)
• CrowdStrike FDR - Catch All
• CrowdStrike FDR - CriticalFileAccessed
• CrowdStrike FDR - NetworkConnectIP4
• CrowdStrike FDR - NetworkConnectIP6
• CrowdStrike FDR - ProcessRollup2
• CrowdStrike FDR - SuspiciousDnsRequest
• CrowdStrike Falcon - All Detection Events
• CrowdStrike Falcon - All Detection Events - Custom Parser
• CrowdStrike Falcon - Catch All - Custom Parser
• CrowdStrike Falcon - Catch All CEF
• CrowdStrike Falcon - Two-Factor Authentication - Custom Parser
• CrowdStrike Falcon - Two-Factor Authentication CEF
• CrowdStrike Falcon - User Authentication - Custom Parser
• CrowdStrike Falcon - User Authentication CEF
• CrowdStrike Falcon CustomerIOCEvent (CNC)
• CrowdStrike Falcon Host API DetectionSummaryEvent
• CrowdStrike Falcon Host API DetectionSummaryEvent (CNC)
• CrowdStrike Falcon Host API IdpDetectionSummaryEvent (CNC)
• CrowdStrike Falcon Identity Protection (CNC)
• CrowdStrike FirewallMatchEvent (CNC)
• CrowdStrike Remote Response Session (CNC)
• CrowdStrike Spotlight - Vulnerability
• CrowdStrike UserActivity Logs
• CrowdStrike UserActivity Logs (CNC)
• Cyber Ark 01
• Cyber Ark EPM AggregateEvent
• Cyber Ark EPM AuditAdmin
• Cyber Ark EPM GetComputer
• Cyber Ark EPM Policy
• Cyber Ark EPM RawDetails
• Cyber Ark EPM RawEvents
• Cyber Ark Vault JSON
• Cybereason C2C - Direct
• Cybereason C2C - Malware
• Cylance Audit 3
• Cylance Audit 4
• Cylance Device1
• Cylance Script 1
• CylancePROTECT AuditLog
• CylancePROTECT Device
• CylancePROTECT DeviceControl
• CylancePROTECT ExploitAttempt
• CylancePROTECT ScriptControl
• CylancePROTECT Threats
• Cylance_Threat
• Cylance_Threat2
• Cylance_Threat3
• Cylance_Threat4
• DENIED
• Darktrace Parser - Anomalous Connection
• Darktrace Parser - Brute Force Attempt
• Darktrace Parser - Catch All
• Darktrace Parser - New Device
• Darktrace Parser Events
• Dataminr Alerts
• Datto Asset Info Logs
• Datto Asset Info Logs 1
• Demisto Logs
• Digital Guardian ARC - Audit Events
• Digital Guardian ARC - Mail
• Digital Guardian ARC - Network
• Digital Guardian ARC - User Login|Logoff
• Digital_Guardian
• Docker Daemon Event
• DocuSign Monitor - Alert
• DocuSign Monitor - Catch All
• Dropbox - Authentication
• Dropbox - Catch All
• Druva Cyber Resilience - Admin Logon
• Druva Cyber Resilience - Catch All
• Druva inSync - Catch All
• Duo Authentication via CEF
• Duo Security Admin API - Audit
• Duo Security Admin API - Authentication
• Duo Security Admin API - Non-User Audit Changes
• Duo Security Admin API - Targeted User Audit Changes
• Duo Security Authentication API
• EPO_THREATS_HIP
• ESET - Custom Parser
• Egnyte DLP Parser - Catch All
• Endgame CEF mapping
• Endgame JSON
• Endgame Protect JSON
• Endgame Protect JSON Catch All
• Exabeam Parser - Catch All
• Extrahop-CEF
• F5 HTTP Request
• F5 HTTPd Audit - Custom Parser
• F5 SSHD - Custom Parser
• F5 SSL Request - Custom Parser
• Failed_SU
• Falco Detection JSON
• FireEye CMS DM
• FireEye CMS IM
• FireEye CMS IPS-Event
• FireEye CMS Malware Callback
• FireEye CMS RC
• FireEye CMS RO
• FireEye CMS WI
• FireEye HX Quarantine Messages
• FireEye HX Quarantine Request
• FireEye HX Security Content Updated
• FireEye MPS Malware Object
• FireEye Web MPS Event
• FireEye hx Acquisition Started
• FireEye hx IOC Hit Found
• FireEye hx Malware Hit Found
• FireEye hx Malware Scan
• Firepower Access Control Events
• Firepower Alerts2
• Firepower Catch All
• Firepower File Malware Events
• Firepower Intrusion Events
• Firepower Primary Detection Engine Intrusion Events
• Firepower Snort Alerts
• Forcepoint WSG Logs
• Forcepoint Web Security Gateway
• Forcepoint Web Security Logs
• Forescout CounterACT - NAC Policy Log
• Fortinet Anomaly Logs
• Fortinet App Control Logs
• Fortinet Appctrl1
• Fortinet Appctrl2
• Fortinet Authentication
• Fortinet DLP Logs
• Fortinet DNS Logs
• Fortinet DNS Query
• Fortinet DNS Response
• Fortinet Endpoint
• Fortinet Event Logs
• Fortinet FortiGate-200D Auth CEF
• Fortinet FortiGate-200D Endpoint CEF
• Fortinet FortiGate-200D Flow CEF
• Fortinet IPS Logs
• Fortinet Traffic Logs
• Fortinet Traffic Master
• Fortinet Traffic Syslog 1
• Fortinet Traffic Syslog 2
• Fortinet Traffic1
• Fortinet Traffic2
• Fortinet UTM IDS1
• Fortinet VOIP Logs
• Fortinet VPN
• Fortinet Virus
• Fortinet Virus Logs
• Fortinet Webfilter Logs
• Fortinet dns Logs
• Fortinet ha Logs
• Fortinet perf-stats pba-close Systems Logs
• Fortinet security-rating Logs
• Fortinet ssl Logs
• Fortinet utm-ssl Logs
• Fortinet voip Logs
• Fortinet wad Logs
• Fortinet waf Logs
• Fortinet wireless Logs
• GCP App Engine Logs
• GCP Audit Logs
• GCP Firewall
• GCP IDS
• GCP Parser - Load Balancer
• GCP VPC Flows
• Gigamon Threat Insight - Catch All
• Gigamon Threat Insight - Suricata
• GitHub Enterprise Audit - Access Events
• GitHub Enterprise Audit - Authentication Events
• GitHub Enterprise Audit - Create Events
• GitHub Enterprise Audit - Modify Events
• GitHub Enterprise Audit - Remove Events
• GitHub Enterprise Audit - Restore Events
• GitHub Enterprise Audit - Transfer Events
• GitHub Enterprise Audit Catch All
• Github JSON
• Google G Suite - access_transparency/GSUITE_RESOURCE/ACCESS
• Google G Suite - admin
• Google G Suite - calendar
• Google G Suite - drive.access
• Google G Suite - drive.acl_change
• Google G Suite - gcp
• Google G Suite - gplus
• Google G Suite - groups
• Google G Suite - groups_enterprise
• Google G Suite - login - password_change/recovery_info_change
• Google G Suite - login-blocked_sender_change
• Google G Suite - login-email_forwarding_change
• Google G Suite - login.account_warning
• Google G Suite - login.gov_attack_warning
• Google G Suite - login.login
• Google G Suite - logout
• Google G Suite - meet
• Google G Suite - mobile
• Google G Suite - rules
• Google G Suite - saml
• Google G Suite - token
• Google G Suite - user_accounts
• Google G Suite Alert Center - AppMaker Editor
• Google G Suite Alert Center - Data Loss Prevention
• Google G Suite Alert Center - Domain wide takeout
• Google G Suite Alert Center - Gmail phishing
• Google G Suite Alert Center - Gmail phishing (Misconfigured whitelist)
• Google G Suite Alert Center - Google Operations
• Google G Suite Alert Center - Google identity
• Google G Suite Alert Center - Mobile device management (Device compromised)
• Google G Suite Alert Center - Mobile device management (Suspicious activity)
• Google G Suite Alert Center - Security Center rules
• Google G Suite Alert Center - Sensitive Admin Action
• Google G Suite Alert Center - State Sponsored Attack
• Google Security Command Center
• Guest Auth Logs
• Honeywell Pro-Watch Catch All
• IBM Guardium Logs
• ISC BIND - DNS
• Illumio Adaptive Security Protection
• Imperva Incapsula Logs
• Imperva SecureSphere Logs
• Infoblox DDI - Catch All
• Infoblox DDI - DHCP
• Infoblox DDI - DNS
• Infoblox DHCPACK
• Infoblox NIOS - Catch All
• Infoblox NIOS - DHCP
• Infoblox NIOS - DNS
• Intersect Alliance Logs - Authentication
• Intersect Alliance Logs Catch All
• Invalid SSH Login
• JFrog Artifactory - Access logs
• JFrog Artifactory - Login Access logs
• JFrog Artifactory - Request Logs
• Jamf Audit User - Audit
• Jamf Audit User - Authentication
• Jamf Audit User - Endpoint
• Jamf Audit User - Network
• Jamf Parser - Alert
• Jamf Parser - Catch All
• Jamf Parser - Network
• Jamf Protect Analytics - Events
• Jira Catch All
• JumpCloud Directory Insights - Admin Logon
• JumpCloud Directory Insights - Catch All
• JumpCloud IdP - Catch All
• JumpCloud IdP Authentication
• Juniper Flow Session Logs
• Juniper SRX Series Firewall - Parser
• Juniper SSG Series Firewall - Audit Messaging
• Juniper SSG Series Firewall - Traffic Messaging
• Juniper Session Create Close Logs
• Kaltura Audits
• Kandji EDR - catch all
• Kaspersky Catch All
• Kaspersky Endpoint Security Catch All
• Kemp Load Balancer Catch All
• Kemp WAF Message
• Kubernetes
• Lacework Alert
• LastPass - Account Created
• LastPass - Failed Login
• LastPass - Folder Permissions Updated
• LastPass - Login
• LastPass - Master Password Changed
• LastPass - Password Changed
• LastPass - Personal Share
• LastPass - Policy Modifications
• LastPass - Shared Folder Created
• LastPass - Super Admin Password Reset
• LastPass Catch All
• LastPass Failed Login Attempt
• LastPass Reporting
• Laurel Linux Audit - Catch All
• Laurel Linux Audit - System Call
• Laurel Linux Audit - User Logon
• Libraesva Email Security Parser - Catch All
• Linux Access Vector Cache logs
• Linux Authentication Attempts
• Linux CRON Logs
• Linux Closing a Session
• Linux Connection Closed
• Linux Connection Closed - Invalid User
• Linux Connection Disconnected
• Linux Connection Disconnected - Invalid User
• Linux Connection Established
• Linux New User/Group Added
• Linux OS Syslog - Cron - Generic
• Linux OS Syslog - Cron - Session Closed
• Linux OS Syslog - Cron - Session Opened
• Linux OS Syslog - Dropping Connection
• Linux OS Syslog - Process Cron - Command Execution
• Linux OS Syslog - Process Cron - LIST, BEGIN EDIT, REPLACE, END EDIT
• Linux OS Syslog - Process adclient - Audit Failure
• Linux OS Syslog - Process adclient - Audit Success
• Linux OS Syslog - Process dhclient - DHCP Events
• Linux OS Syslog - Process fw - iptables Events
• Linux OS Syslog - Process gpasswd - User Added and Removed from Groups
• Linux OS Syslog - Process groupadd and groupdel - Group Add and Delete
• Linux OS Syslog - Process groupmod - Group Rename
• Linux OS Syslog - Process kernel - Promiscuous Mode Change
• Linux OS Syslog - Process omiserver - Omiserver Session Closed
• Linux OS Syslog - Process omiserver - Omiserver Unexpected Response
• Linux OS Syslog - Process passwd - User Password Change Failed
• Linux OS Syslog - Process passwd - User Password Changed
• Linux OS Syslog - Process pkexec - Execution events
• Linux OS Syslog - Process sshd - SSH Auth Failure
• Linux OS Syslog - Process sshd - SSH Auth Failure Invalid Password
• Linux OS Syslog - Process sshd - SSH Auth Failure Invalid User
• Linux OS Syslog - Process sshd - SSH Auth Failure No ID String
• Linux OS Syslog - Process sshd - SSH Auth Failure Preauth
• Linux OS Syslog - Process sshd - SSH Auth Success
• Linux OS Syslog - Process sshd - SSH Bind Listening
• Linux OS Syslog - Process sshd - SSH Check
• Linux OS Syslog - Process sshd - SSH Public Key Not Allowed
• Linux OS Syslog - Process sshd - SSH Session Closed|disconnect
• Linux OS Syslog - Process sshd - SSH Session Disconnected
• Linux OS Syslog - Process sshd - SSH Session Opened
• Linux OS Syslog - Process sshd - SSH Session Starting
• Linux OS Syslog - Process su - Failed No User Info
• Linux OS Syslog - Process su - Switch User
• Linux OS Syslog - Process su - Switch User Failed
• Linux OS Syslog - Process su - Switch User Session Opened and Closed
• Linux OS Syslog - Process sudo - Authentication Failure
• Linux OS Syslog - Process sudo - Superuser Do Command Execution
• Linux OS Syslog - Process sudo - Superuser Do Session Opened and Closed
• Linux OS Syslog - Process systemd - Systemd Session Start
• Linux OS Syslog - Process useradd - Add User to Group
• Linux OS Syslog - Process useradd - New Group
• Linux OS Syslog - Process useradd - New User
• Linux OS Syslog - Process userdel - Delete User
• Linux OS Syslog - Process userdel - Delete User and Remove Group
• Linux OS Syslog - Process usermod - Add User to Group
• Linux OS Syslog - Process usermod - Change User Home Directory
• Linux OS Syslog - Process usermod - Change User ID
• Linux OS Syslog - Process usermod - Change Username
• Linux OS Syslog - Systemd-user Session Open|Closed
• Linux OS Syslog - sshd - Command Execution
• Linux OS Syslog - sshd - Postponed publickey
• Linux OS Syslog - sshd - Subsystem Request
• Linux OS Syslog - sshd - User not allowed
• Linux OS Syslog - sshd - connectioin
• Linux OS Syslog - sshd - session timeout
• Linux OS Systemd Journal - Audit Events
• Linux OS Systemd Journal - Login Events
• Linux OS Systemd Journal - User Command Events
• Linux Password Failed
• Linux Password Success
• Linux Public Keys Status
• Linux SU Switch Failed
• Linux SUDO Status
• Linux Starting New Session
• Linux Sudo Pam Error Logs
• Linux Sudo command Execution logs
• Linux Super User Switch Success
• Linux User Changes
• Linux User/Group Membership edits
• Linux command execution logs
• Linux-Sysmon/Operational - 1
• Linux-Sysmon/Operational - 10
• Linux-Sysmon/Operational - 11
• Linux-Sysmon/Operational - 15
• Linux-Sysmon/Operational - 16
• Linux-Sysmon/Operational - 17
• Linux-Sysmon/Operational - 18
• Linux-Sysmon/Operational - 2
• Linux-Sysmon/Operational - 23
• Linux-Sysmon/Operational - 3
• Linux-Sysmon/Operational - 4
• Linux-Sysmon/Operational - 5
• Linux-Sysmon/Operational - 6
• Linux-Sysmon/Operational - 7
• Linux-Sysmon/Operational - 8
• Linux-Sysmon/Operational - 9
• LinuxServer Log 10
• LinuxServer Log 13
• LinuxServer Log 8
• Malwarebytes Endpoint Software
• Manageengine ADAuditPlus Logs
• McAfee Agent Custom Parser
• McAfee Avecto Defendpoint
• McAfee Data Loss Prevention
• McAfee Drive Encryption Custom Parser
• McAfee Endpoint EE Event Logs
• McAfee Endpoint EPO Event Logs
• McAfee Endpoint EPOevent
• McAfee Endpoint GenericEvent
• McAfee Endpoint Logs
• McAfee Endpoint MSMERoot
• McAfee Endpoint PortBlockEvent
• McAfee Endpoint SCORData
• McAfee Endpoint Security
• McAfee Endpoint Security Custom Parser
• McAfee Endpoint TaskStatusEvent
• McAfee Endpoint Update Event Logs
• McAfee Endpoint Upgrade Assistant Custom Parser
• McAfee Endpoint VSAS120PerformanceEvent
• McAfee Endpoint VSAS130PerformanceEvent
• McAfee MVISION Endpoint
• McAfee Management of Native Encryption
• McAfee Mvision ENS incidents - Parser
• McAfee Mvision ENS threats - Parser
• McAfee Network Intrusion Logs
• McAfee Network Security Parser - Catch All
• McAfee Privilege Logs
• McAfee Security Platform
• McAfee Solidifier
• McAfee Solidifier Custom Parser
• McAfee System Prep Tool
• McAfee Upgrade Assistant Logs
• McAfee VirusScan Enterprise
• McAfee VirusScan Enterprise 2
• McAfee VirusScan Enterprise Custom Parser
• McAfee Web Gateway - LEEF
• McAfee WebGateway - CEF - Backup Triggered
• McAfee WebGateway - CEF - File Download
• McAfee WebGateway - CEF - Rule Changes
• McAfee WebGateway - CEF - System List Update
• McAfee WebGateway - CEF - Traffic Logs
• McAfee WebGateway - CEF - Trigger Action
• McAfee WebGateway - CEF - User Login
• McAfee WebGateway - CEF - User Login Failed
• McAfee WebGateway - CEF - User Logout
• McAfee WebGateway - CEF - User Timed-out
• McAfee WebGateway - JSON
• McAfee WebGateway - Parser
• McAfee WebGateway Proxy - Audit
• McAfee ePO Events
• Microsoft ATA Logs Abnormal and Suspicious
• Microsoft Cloud App Security
• Microsoft Cloud App Security - Direct
• Microsoft Defender for Cloud - Security Alerts
• Microsoft Exchange Catch All
• Microsoft Exchange HTTP Error
• Microsoft Exchange IIS
• Microsoft Graph AD Reporting API C2C - DirectoryAudits
• Microsoft Graph AD Reporting API C2C - Provisioning
• Microsoft Graph AD Reporting API C2C - Signin
• Microsoft Graph Identity Protection API C2C - riskDetections
• Microsoft Graph Identity Protection API C2C - riskyUsers
• Microsoft Graph Security API C2C
• Microsoft Graph Security API C2C - Dynamic Vendor/Product - Azure Advanced Threat Protection
• Microsoft Graph Security API C2C - Dynamic Vendor/Product - Microsoft 365 Defender
• Microsoft Graph Security API C2C - Dynamic Vendor/Product - Microsoft Defender for Cloud Apps
• Microsoft Graph Security API C2C - Dynamic Vendor/Product - Microsoft IPC
• Microsoft Graph Security API C2C - Dynamic Vendor/Product - Microsoft Office 365 Security and Compliance
• Microsoft Graph Security Alert API C2C
• Microsoft IIS Parser - Catch All
• Microsoft O365 Exchange Message Trace C2C
• Microsoft Office 365 64 Events
• Microsoft Office 365 Active Directory Authentication Events
• Microsoft Office 365 AzureActiveDirectory Events
• Microsoft Office 365 CRM Events
• Microsoft Office 365 DataInsights Events
• Microsoft Office 365 Discovery Events
• Microsoft Office 365 Events
• Microsoft Office 365 Exchange Mailbox Audit Events
• Microsoft Office 365 Exchange Mailbox Authentication Events
• Microsoft Office 365 ExchangeCommunicationComplianceEvents
• Microsoft Office 365 ExchangeItem Events
• Microsoft Office 365 ExchangeItemGroup Events
• Microsoft Office 365 MailItemsAccessed
• Microsoft Office 365 MicrosoftForms
• Microsoft Office 365 MicrosoftStream Events
• Microsoft Office 365 PowerApps Events
• Microsoft Office 365 PowerBI Audit Events
• Microsoft Office 365 Quarantine
• Microsoft Office 365 RecordType 105
• Microsoft Office 365 RecordType 35
• Microsoft Office 365 RecordType 37
• Microsoft Office 365 RecordType 52
• Microsoft Office 365 RecordType 57
• Microsoft Office 365 RecordType29 Events
• Microsoft Office 365 RecordType56 Events
• Microsoft Office 365 RecordType64 Events
• Microsoft Office 365 RecordType65 Events
• Microsoft Office 365 RecordType66 Events
• Microsoft Office 365 RecordType68 Events
• Microsoft Office 365 Security Compliance Center EOPCmdlet Events
• Microsoft Office 365 SharePoint Events
• Microsoft Office 365 SharePointFieldOperation
• Microsoft Office 365 SkypeForBusinessCmdlets Events
• Microsoft Office 365 Sway Events
• Microsoft Office 365 Teams Events
• Microsoft Office 365 Threat Intelligence Atp Content Events
• Microsoft Office 365 Threat Intelligence Events
• Microsoft Office 365 Threat Intelligence Url Events
• Microsoft Office 365 Yammer Events
• Microsoft SQL Server Parser - Authentication
• Microsoft SQL Server Parser - Catch All
• Microsoft Windows DNS - Custom Parser
• MicrosoftGraphActivityLogs
• Mimecast AV Event
• Mimecast Audit Authentication Logs
• Mimecast Audit Hold Messages
• Mimecast Audit Logs
• Mimecast DLP Logs
• Mimecast Email logs
• Mimecast Impersonation Event
• Mimecast Spam Event
• Mimecast Targeted Threat Protection Logs
• Miro Audit C2C
• Netskope - Alerts
• Netskope - Anomaly - Bulk Download
• Netskope - Anomaly - User Shared Credentials
• Netskope - Application Events
• Netskope - Audit Authentication Events - Logoff
• Netskope - Audit Authentication Events - Logon
• Netskope - Audit Events
• Netskope - Catch All
• Netskope - Infrastructure Events
• Netskope - Login
• Netskope - Network Events
• Netskope - Page Events
• Netskope - WebTx Events
• Netskope - nspolicy
• Nginx Access Logs
• OSSEC Alert
• ObserveIT UserActivity Logs
• Office 365 - Compliance DLP Exchange Item Events
• Office 365 - Compliance DLP SharePoint
• Office 365 - Exchange Admin Events
• Office 365 - MicrosoftFlow
• Office 365 - Security Compliance Alerts
• Office 365 - Security Compliance Insights
• Okta Authentication - auth_via_AD_agent
• Okta Authentication - auth_via_mfa
• Okta Authentication - auth_via_radius
• Okta Authentication - sso
• Okta Authentication Events
• Okta Catch All
• Okta Security Threat Events
• OneLogin SSO Audit Logs
• OneLogin SSO Authentication Logs
• OpenVPN Audit Event
• OpenVPN Authentication Attempt
• OpenVPN Logon Attempt
• OpenVPN Network Event
• Orca Security Parser - Catch All
• Osquery Catchall
• Osquery FIM
• Osquery Process Auditing
• Osquery Socket Events
• Osquery Startup Items
• PAN CEF Threat - vulnerability
• PAN Cef Traffic
• PAN Threat
• Palo Alto Config - Custom Parser
• Palo Alto Correlation
• Palo Alto Correlation - Custom Parser
• Palo Alto Cortex - C2C
• Palo Alto GlobalProtect - Custom Parser
• Palo Alto GlobalProtect Auth - Custom Parser
• Palo Alto GlobalProtect Client VPN
• Palo Alto GlobalProtect Client VPN Login
• Palo Alto HIP Match - Custom Parser
• Palo Alto HipMatch
• Palo Alto Prisma Cloud - Parser
• Palo Alto System
• Palo Alto System - Custom Parser
• Palo Alto System Auth - Custom Parser
• Palo Alto System Auth Failure Variant 1
• Palo Alto System Auth Failure Variant 2
• Palo Alto System Auth Failure Variant 3
• Palo Alto System Auth Failure Variant 4
• Palo Alto System Auth Failure Variant 5
• Palo Alto System Auth Failure Variant 6
• Palo Alto System Auth Success Variant 1
• Palo Alto System Auth Success Variant 2
• Palo Alto System Auth Success Variant 3
• Palo Alto System Auth Success Variant 4
• Palo Alto System Auth Success Variant 5
• Palo Alto Threat
• Palo Alto Threat Data - Custom Parser
• Palo Alto Threat File - Custom Parser
• Palo Alto Threat Flood - Custom Parser
• Palo Alto Threat Packet - Custom Parser
• Palo Alto Threat Scan - Custom Parser
• Palo Alto Threat Spyware - Custom Parser
• Palo Alto Threat URL Filtering - Custom Parser
• Palo Alto Threat Virus - Custom Parser
• Palo Alto Threat Vulnerability - Custom Parser
• Palo Alto Threat Wildfire - Custom Parser
• Palo Alto Threat Wildfire Virus - Custom Parser
• Palo Alto Traffic
• Palo Alto Traffic - Custom Parser
• Palo Alto Traps - Custom Parser
• Palo Alto User Config
• Palo Alto User ID
• Palo Alto UserID Login - Custom Parser
• Palo Alto UserID Logout - Custom Parser
• PingFederate - Authentication Event
• PingFederate Event
• Preempt Appliance Alerts
• Preempt Domain DNS Failure
• Preempt Firewall Config Change
• Preempt Firewall Traffic Loss
• Preempt Firewall Unhealthy
• Preempt License Changed
• Preempt Suspicious Activity
• Preempt System User Alerts
• Preempt Uncovered Domain Controller
• Preempt Unusual Activity
• Pritunl Auth VPN Logs
• Pritunl Connect VPN Logs
• Pritunl Profile Connect Cache Logs
• Pritunl Profile Connect Network Logs
• Pritunl Profile Success VPN Logs
• Pritunl User Profile Delete
• Proofpoint Targeted Attack Protection C2C - Click Blocked
• Proofpoint Targeted Attack Protection C2C - Click Permitted
• Proofpoint Targeted Attack Protection C2C - Message Blocked
• Proofpoint Targeted Attack Protection C2C - Message Delivered
• Proofpoint Targeted Attack Protection C2C - Message Permitted
• Proofpoint on Demand C2C - Catch All
• Pulse Secure CEF
• Pulse Secure Custom Parser - AGU30457
• Pulse Secure Custom Parser - AUT22673
• Pulse Secure Custom Parser - AUT23278
• Pulse Secure Custom Parser - AUT24326
• Pulse Secure Custom Parser - AUT24414
• Pulse Secure Custom Parser - AUT24803
• Pulse Secure Custom Parser - AUT30970
• Pulse Secure Custom Parser - Catch All
• Pulse Secure Custom Parser - EAM24460
• Pulse Secure Custom Parser - NWC23464-5
• Pulse Secure Custom Parser - NWC23508
• Pulse Secure Custom Parser - NWC30477
• Pulse Secure Domain Logs
• Qualys Vulnerability
• Qualys Vulnerability Data
• RSA SecurID Runtime Authn Login
• RSA SecurID Runtime Authn Logout
• RSA SecurID Runtime Bad Tokencode
• RSA SecurID Runtime Catchall
• RSA SecurID Runtime Passcode Reuse
• RSA SecurID SinglePoint Audit
• RSA SecurID SinglePoint Authentication
• Radiant Logic VDS LDAP Message
• Recon_EC2_PortProbeUnprotectedPort (Sumo Logic)
• Recon_EC2_Portscan (Sumo Logic)
• Recon_IAMUser (Sumo Logic)
• RedLock AWS Instance Alert
• RedLock AWS Managed Load Balancer Alert
• RedLock AWS-Managed Storage Bucket
• RedLock AWS-Security Group Alert
• RedLock GCP-Instance
• RedLock IAM User Alert
• RedLock Report
• RedLock managed db
• SailPoint C2C Authentication Mapping
• SailPoint C2C Default Mapping
• Salesforce Catch All
• Salesforce Login
• Salesforce Login History
• Salesforce LoginAs Mapping
• Salesforce Normalized Security Signal Passthrough
• SecureAuth Events
• SentinelOne Logs - C2C activities
• SentinelOne Logs - C2C agents
• SentinelOne Logs - C2C alerts
• SentinelOne Logs - C2C threats
• SentinelOne Logs - C2C users
• SentinelOne Logs - Syslog Custom Parser
• Sequr Access Control JSON
• Signal Sciences WAF Logs
• Slack Catch All
• Slack Login
• Snowflake Catch All
• Snowflake Login
• SonicWall Firewall - Custom Parser
• SonicWall Flows
• Sophos - Alerts
• Sophos - C2C Alerts
• Sophos - C2C Event Threat Detections
• Sophos - CNC Catch All
• Sophos - Events
• Sophos - Masters
• Sophos - Masters - Threat Events
• Sophos UTM 9 Firewall
• Sophos UTM 9 Firewall - Custom Parser
• Squid
• Squid Proxy - Parser
• Sucuri WAF - Parser
• Sumo Logic Scheduled Searches
• Suricata - JSON
• Suricata IDS
• Suricata alerts
• Symantec Agent Behavior Logs
• Symantec Agent Risk Logs
• Symantec Agent Risk SONAR Logs
• Symantec Agent Scan Logs
• Symantec Agent Security Logs
• Symantec Agent System Logs
• Symantec Agent Traffic Logs - Custom Parser
• Symantec Blocked
• Symantec Catch All
• Symantec DLP Logs
• Symantec Endpoint Protection
• Symantec Endpoint Protection CEF via ICDX
• Symantec Endpoint Protection CEF via ICDX Audit Info
• Symantec Endpoint Security - All
• Symantec SEP Compressed File 02
• Symantec SEP Scan Logs
• Symantec SEP Security Risk Found 03
• Symantec SEP Site Logs
• Symantec SEP Site Logs 02
• Symantec SEP Traffic Action for Application
• Symantec System Logs
• Symantec Virus Found 2
• Symantec Web Security Service C2C
• Synergis Genetec - all
• Sysdig Audit Trail JSON
• Sysdig Benchmark JSON
• Sysdig Command JSON
• Sysdig Connection JSON
• Sysdig File Access JSON
• Sysdig Kubernetes JSON
• Sysdig Policy Detection JSON
• Sysdig Scanning JSON
• TCP_DENIED
• TCP_ERR_MISS
• TCP_HIT
• TCP_MISS
• TCP_NC_MISS
• TCP_REFRESH_MISS
• TCP_RESCAN_HIT
• TUNNELED
• Tanium Application Server
• Tanium Application Server - CEF Custom Parser
• Tanium Application Server Logs
• Tanium Asset-General logs
• Tanium Asset-General logs - CEF Custom Parser
• Tanium Detect Event
• Tanium Detect Event - CEF Custom Parser
• Tanium ES Logs
• Tanium ES Logs - CEF Custom Parser
• Tanium Event 1
• Tanium Event 1 - CEF Custom Parser
• Tanium IOC Event
• Tanium IOC Event (Unknown)
• Tanium IOC Event (Unknown) - CEF Custom Parser
• Tanium IOC Event - CEF Custom Parser
• Tanium Reputation Event
• Tanium Syslog Question
• Tanium Syslog Question - CEF Custom Parser
• Tanium System-Status
• Tanium System-Status - CEF Custom Parser
• Tanium custom-question
• Tenable.io Authentication
• Tenable.io Catch All
• Tenable.io Vulnerability
• Thinkst Canary Parser - Catch All
• Thycotic Software
• Trellix mVision ePO Threats
• Trend Micro
• Trend Micro Agent CEF logs
• Trend Micro Apex Central
• Trend Micro Apex Central CEF Spyware Detected
• Trend Micro Apex Central PML logs
• Trend Micro Attack Discovery Detection Logs
• Trend Micro Behavior Monitoring Logs
• Trend Micro CEF logs
• Trend Micro CEF logs - Integrity Monitoring
• Trend Micro Control Manager CEF 700107
• Trend Micro Control Manager CEF AV
• Trend Micro Control Manager CEF BM
• Trend Micro Control Manager CEF CnC
• Trend Micro Control Manager CEF NCIE
• Trend Micro Control Manager CEF Spyware Detected
• Trend Micro Control Manager CEF WB:36
• Trend Micro Device Access Control Logs
• Trend Micro LEEF logs
• Trend Micro Vision One Custom Parser
• Twistlock Container Runtime Audit
• Twistlock Logs
• Twistlock Syslog Catch All
• UnauthorizedAccess_EC2_SSHBruteForce
• UnauthorizedAccess_EC2_SSHBruteForce (Sumo Logic)
• UnauthorizedAccess_EC2_TorClient (Sumo Logic)
• UnauthorizedAccess_EC2_TorIPCaller (Sumo Logic)
• UnauthorizedAccess_EC2_TorRelay (Sumo Logic)
• UnauthorizedAccess_IAMUser (Sumo Logic)
• VLT Log Secure
• VLT Log Secure HASH
• VLT Message Stop
• VLT the Message
• VMware Horizon - ADMIN
• VMware Horizon - AGENT
• VMware Horizon - BROKER
• VMware Horizon - VLSI
• VMware NSX - Firewall
• Varonis DatAdvantage - CEF
• Varonis DatAlert - Parser
• Vectra Cognito Catch All
• Voltage Console
• Voltage KeyServer
• Voltage SOA
• Vulnerability
• Watchguard Fireware - Firewall
• Watchguard Fireware - http/https-proxy
• Webseal
• Windows - Firewall - 2004
• Windows - Firewall - 2005
• Windows - Firewall - 2006
• Windows - Firewall - Custom Parser
• Windows - Microsoft-Windows-CodeIntegrity/Operational - 3065
• Windows - Microsoft-Windows-CodeIntegrity/Operational - 3066
• Windows - Microsoft-Windows-PowerShell/Operational - 4103
• Windows - Microsoft-Windows-PowerShell/Operational - 4104
• Windows - Microsoft-Windows-PowerShell/Operational - 4105
• Windows - Microsoft-Windows-PowerShell/Operational - 4106
• Windows - Microsoft-Windows-Sysmon/Operational - 1
• Windows - Microsoft-Windows-Sysmon/Operational - 10
• Windows - Microsoft-Windows-Sysmon/Operational - 11
• Windows - Microsoft-Windows-Sysmon/Operational - 12, 13, and 14
• Windows - Microsoft-Windows-Sysmon/Operational - 15
• Windows - Microsoft-Windows-Sysmon/Operational - 17
• Windows - Microsoft-Windows-Sysmon/Operational - 18
• Windows - Microsoft-Windows-Sysmon/Operational - 2
• Windows - Microsoft-Windows-Sysmon/Operational - 21
• Windows - Microsoft-Windows-Sysmon/Operational - 22
• Windows - Microsoft-Windows-Sysmon/Operational - 23
• Windows - Microsoft-Windows-Sysmon/Operational - 24
• Windows - Microsoft-Windows-Sysmon/Operational - 25
• Windows - Microsoft-Windows-Sysmon/Operational - 26
• Windows - Microsoft-Windows-Sysmon/Operational - 27
• Windows - Microsoft-Windows-Sysmon/Operational - 28
• Windows - Microsoft-Windows-Sysmon/Operational - 3
• Windows - Microsoft-Windows-Sysmon/Operational - 4
• Windows - Microsoft-Windows-Sysmon/Operational - 5
• Windows - Microsoft-Windows-Sysmon/Operational - 6
• Windows - Microsoft-Windows-Sysmon/Operational - 7
• Windows - Microsoft-Windows-Sysmon/Operational - 8
• Windows - Microsoft-Windows-Sysmon/Operational - 9
• Windows - Security - 1100
• Windows - Security - 1102
• Windows - Security - 1102 - AD FS Auditing
• Windows - Security - 4610
• Windows - Security - 4611
• Windows - Security - 4614
• Windows - Security - 4616
• Windows - Security - 4618
• Windows - Security - 4622
• Windows - Security - 4624
• Windows - Security - 4625
• Windows - Security - 4627
• Windows - Security - 4634
• Windows - Security - 4648
• Windows - Security - 4649
• Windows - Security - 4656
• Windows - Security - 4657
• Windows - Security - 4658
• Windows - Security - 4661
• Windows - Security - 4662
• Windows - Security - 4663
• Windows - Security - 4670
• Windows - Security - 4672
• Windows - Security - 4673
• Windows - Security - 4674
• Windows - Security - 4688
• Windows - Security - 4689
• Windows - Security - 4692
• Windows - Security - 4694
• Windows - Security - 4697
• Windows - Security - 4698
• Windows - Security - 4699
• Windows - Security - 4702
• Windows - Security - 4703
• Windows - Security - 4704
• Windows - Security - 4706
• Windows - Security - 4707
• Windows - Security - 4713
• Windows - Security - 4714
• Windows - Security - 4716
• Windows - Security - 4719
• Windows - Security - 4720
• Windows - Security - 4722
• Windows - Security - 4723
• Windows - Security - 4724
• Windows - Security - 4725
• Windows - Security - 4726
• Windows - Security - 4727
• Windows - Security - 4728
• Windows - Security - 4729
• Windows - Security - 4730
• Windows - Security - 4731
• Windows - Security - 4732
• Windows - Security - 4733
• Windows - Security - 4735
• Windows - Security - 4737
• Windows - Security - 4738
• Windows - Security - 4739
• Windows - Security - 4740
• Windows - Security - 4741
• Windows - Security - 4742
• Windows - Security - 4754
• Windows - Security - 4755
• Windows - Security - 4756
• Windows - Security - 4764
• Windows - Security - 4765
• Windows - Security - 4766
• Windows - Security - 4767
• Windows - Security - 4768
• Windows - Security - 4769
• Windows - Security - 4770
• Windows - Security - 4771
• Windows - Security - 4776
• Windows - Security - 4778
• Windows - Security - 4779
• Windows - Security - 4780
• Windows - Security - 4781
• Windows - Security - 4782
• Windows - Security - 4793
• Windows - Security - 4794
• Windows - Security - 4798
• Windows - Security - 4799
• Windows - Security - 4820
• Windows - Security - 4825
• Windows - Security - 4870
• Windows - Security - 4873
• Windows - Security - 4874
• Windows - Security - 4880
• Windows - Security - 4881
• Windows - Security - 4882
• Windows - Security - 4885
• Windows - Security - 4886
• Windows - Security - 4887
• Windows - Security - 4888
• Windows - Security - 4890
• Windows - Security - 4891
• Windows - Security - 4896
• Windows - Security - 4897
• Windows - Security - 4898
• Windows - Security - 4899
• Windows - Security - 4900
• Windows - Security - 4946
• Windows - Security - 4947
• Windows - Security - 4948
• Windows - Security - 4964
• Windows - Security - 4977
• Windows - Security - 4978
• Windows - Security - 4983
• Windows - Security - 4984
• Windows - Security - 5025
• Windows - Security - 5030
• Windows - Security - 5034
• Windows - Security - 5037
• Windows - Security - 5038
• Windows - Security - 5058
• Windows - Security - 5059
• Windows - Security - 5061
• Windows - Security - 5136
• Windows - Security - 5137
• Windows - Security - 5138
• Windows - Security - 5139
• Windows - Security - 5140
• Windows - Security - 5141
• Windows - Security - 5142
• Windows - Security - 5144
• Windows - Security - 5145
• Windows - Security - 5152
• Windows - Security - 5156
• Windows - Security - 5376
• Windows - Security - 5377
• Windows - Security - 5379
• Windows - Security - 5453
• Windows - Security - 5480
• Windows - Security - 5483
• Windows - Security - 5484
• Windows - Security - 5485
• Windows - Security - 5632
• Windows - Security - 5805
• Windows - Security - 6272
• Windows - Security - 6273
• Windows - Security - 6274
• Windows - Security - 6275
• Windows - Security - 6276
• Windows - Security - 6277
• Windows - Security - 6278
• Windows - Security - 6279
• Windows - Security - 6280
• Windows - Security - 6416
• Windows - Security - 6423
• Windows - Security - 6424
• Windows - Security - Default
• Windows - System - 5138
• Windows - System - 6005
• Windows - System - 6006
• Windows - System - 7045
• Windows - WMI - 5680
• Windows - WMI - 5681
• Windows Defender ATP Alert
• Windows Defender Custom
• Windows Defender JSON
• Windows Defender SCCM DB CSV
• Wiz Catch All
• Workday - Catch All
• Workday - Sign On
• Zeek CustomCrypto Logs
• Zeek DNS Activity
• Zeek HTTP Activity
• Zeek HTTP SQL Injection Attacker Logs
• Zeek HTTP SQL Injection Victim Logs
• Zeek SSH Authentication Bypass
• Zeek SSH Bruteforce Auth Success
• Zeek SSH Password Guessing
• Zeek Software Activity
• Zeek Syslog Logs
• Zeek Traceroute Logs
• Zeek Traceroute Logs 01
• Zeek Tunnel Logs
• Zeek Unencrypted Logs
• Zeek Weird Activity
• Zeek Weird Logs
• Zeek conn Activity
• Zeek conn_red
• Zeek dns_red Activity
• Zeek dpd Logs
• Zeek etc_viz Logs
• Zeek http_red Activity
• Zeek notice-ATTACK::Credential_Access
• Zeek notice-ATTACK::Discovery
• Zeek notice-ATTACK::Execution
• Zeek notice-LongConnection::found
• Zeek notice-SSH::Interactive_Keystrokes
• Zeek notice-SSL::Certificate_Expired
• Zeek notice-SSL::Certificate_Expired_Soon
• Zeek notice-SSL::Certificate_Is_New
• Zeek notice-SSL::Certificate_Not_Valid_Yet
• Zeek notice-SSL::Invalid_Server_Cert
• Zeek notice-SSL::Weak_Key
• Zeek pe Activity
• Zeek reporter Activity
• Zeek ssl_red Activity
• Zeek weird_red Activity
• Zeek x509 Activity
• Zendesk Catch All
• Zero Networks Segment Audit Activity
• Zero Networks Segment Network Activity
• Zoom - Account Creations or Deletions
• Zoom - Catch All
• Zoom - Group Modifications
• Zoom - Information Barrier Policy Modifications
• Zoom - Meeting Risk Alert
• Zoom - Recording Deleted or Trashed
• Zscaler - Nanolog Streaming Service - CEF Logs
• Zscaler - Nanolog Streaming Service - JSON
• Zscaler Firewall
• Zscaler Firewall Log
• Zscaler Private Access
• Zscaler Workload Segmentation Catch All - Parser
• cisco1
• cisco10
• cisco11
• cisco12
• cisco13
• cisco14
• cisco15
• cisco16
• cisco18
• cisco19
• cisco2
• cisco21
• cisco22
• cisco22b
• cisco23
• cisco24
• cisco25
• cisco26
• cisco27
• cisco28
• cisco29
• cisco3
• cisco30
• cisco31
• cisco32
• cisco4
• cisco5
• cisco6
• cisco7
• cisco8
• cisco9
• passivedns
• syslog-ng error log
• syslog-ng warning log
• vSentry Bromium Events