Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

JSA Supported DSMs

 

JSA can collect events from your security products by using a plugin file that is called a Device Support Module (DSM).

What do you do if the product version or device you have is not listed in the DSM Configuration Guide?

Sometimes a version of a vendor product or a device is not listed as supported. If the product or device is not listed, follow these guidelines:

Version not listed

If the DSM for your product is officially supported by JSA, but your product version is not listed in the Juniper Secure Analytics Configuring DSMs Guide, you have the following options:

  • Try the DSM to see whether it works. The product versions that are listed in the guide are tested by Juniper, but newer untested versions can also work.

  • If you tried the DSM and it didn’t work, open a support ticket for a review of the log source to troubleshoot and rule out any potential issues.

    Tip

    In most cases, no changes are necessary, or perhaps a minor update to the QRadar Identifier (QID) Map might be all that is required. Software updates by vendors might on rare occasions add or change event formats that break the DSM, requiring an RFE for the development of a new integration. This is the only scenario where an RFE is required.

Device not listed

When a device is not officially supported, you have the following options:

  • Open a request for enhancement (RFE) to have your device become officially supported.

    • Go to the JSA.

    • Log in to the support portal page.

    • Click the Submit tab and type the necessary information.

      Tip

      If you have event logs from a device, attach the event information and include the product version of the device that generated the event log.

  • Write a log source extension to parse events for your device. For more information, see Log Source Extensions.

  • You can use content extensions for sending events to JSA that are provided by some third-party vendors.

The following table lists supported DSMs for third-party and JSA solutions.

Table 1: JSA Supported DSMs

Manufacturer

Device name and version

Protocol

Recorded events and formats

Auto discovered?

Includes identity?

Includes custom properties?

3Com

8800 Series Switch V3.01.30

Syslog

Status and network condition events

Yes

No

No

AhnLab

AhnLab Policy Center

AhnLabPolicy

CenterJdbc

Spyware detection

Virus detection

Audit

No

Yes

No

Akamai

Akamai KONA

HTTP Receiver

Akamai Kona REST API

Warn Rule Events

Deny Rule Events

Event format: JSON

Recorded event types: All security events

No

No

No

Amazon

Amazon AWS Network Firewall

Amazon AWS S3 REST API

Event format: JSON

Recorded event types: Firewall Alert logs, Firewall Flow logs

No

No

No

Amazon

Amazon AWS Security Hub

Amazon Web Services

Event format: JSON

Recorded event types: AWS Security Finding Format (ASFF)

No

No

No

Amazon

Amazon GuardDuty

Amazon GuardDuty

Amazon GuardDuty Findings

JSON

No

No

No

Amazon

Amazon AWS CloudTrail

Amazon AWS S3 REST API

All version 1.0, 1.02, 1.03, and 1.04 events.

No

No

No

Ambiron

TrustWave ipAngel V4.0

Syslog

Snort-based events

No

No

No

Apache

HTTP Server V1.3+

Syslog

HTTP status

Yes

No

No

APC

UPS

Syslog

Smart-UPS series events

No

No

No

Apple

Apple Mac OS X version 10.12

Syslog

Firewall, web server access, web server error, privilege, and informational events

No

Yes

No

Application Security, Inc.

DbProtect V6.2, V6.3, V6.3sp1, V6.3.1, and v6.4

Syslog

All events

Yes

No

No

Arbor Networks

Arbor Networks Pravail APS V3.1+

Syslog, TLS Syslog

All events

Yes

No

No

Arbor Networks

Arbor Networks Peakflow SP V5.8 to V8.12

Syslog, TLS Syslog

Denial of Service (DoS)

Authentication

Exploit

Suspicious activity

System

Yes

No

No

Arpeggio Software

SIFT-IT V3.1+

Syslog

All events configured in the SIFT-IT rule set

Yes

No

No

Array Networks

SSL VPN ArraySP V7.3

Syslog

All events

No

Yes

Yes

Aruba Networks

ClearPass Policy Manager V6.5.0.71095 and above

Syslog

LEEF

Yes

Yes

No

Aruba Networks

Mobility Controllers V2.5 +

Syslog

All events

Yes

No

No

Avaya Inc.

Avaya VPN Gateway V9.0.7.2

Syslog

All events

Yes

Yes

No

BalaBit IT Security

Microsoft Windows Security Event Log V4.x

Syslog

Microsoft Event Log Events

Yes

Yes

No

BalaBit IT Security

Microsoft ISA V4.x

Syslog

Microsoft Event Log Events

Yes

Yes

No

Barracuda Networks

Spam & Virus Firewall V5.x and later

Syslog

All events

Yes

No

No

Barracuda Networks

Web Application Firewall V7.0.x

Syslog

System, web firewall, access, and audit events

Yes

No

No

Barracuda Networks

Web Filter V6.0.x+

Syslog

Web traffic and web interface events

Yes

No

No

Bit9

Carbon Black V5.1 and later

Syslog

Watchlist hits

Yes

No

No

Bit9

Bit9 Parity

Syslog

LEEF

Yes

 

No

Bit9

Security Platform V6.0.2 and later

Syslog

All events

Yes

Yes

No

BlueCat Networks

Adonis V6.7.1-P2+

Syslog

DNS and DHCP events

Yes

No

No

Blue Coat

SG V4.x+

Syslog Log File Protocol

All events

No

No

Yes

Blue Coat

Web Security Service

 

Blue Coat ELFF, Access

No

No

No

Bridgewater Systems

AAA V8.2c1

Syslog

All events

Yes

Yes

No

Brocade

Fabric OS V7.x

Syslog

System and audit events

Yes

No

No

CA

Access Control Facility V12 to V15

Log File Protocol

All events

No

No

Yes

CA

SiteMinder

Syslog

All events

No

No

No

CA

Top Secret V12 to V15

Log File Protocol

All events

No

No

Yes

Centrify

Centrify Identity Platform

Centrify Redrock REST API

Event format: JSON

Event types: SaaS, Core, Internal and Mobile

No

No

No

Carbon Black

Carbon Black V5.1 and later

Syslog

Watchlist hits

Yes

No

No

Carbon Black

Carbon Black Bit9 Parity

Syslog

LEEF

Yes

No

Carbon Black

Carbon Black Bit9 Security Platform V6.0.2

Syslog

All events

Yes

Yes

No

Centrify

Centrify Identity Platform

Centrify Redrock REST API

Event format: JSON

Event types: SaaS, Core, Internal and Mobile

No

No

No

Centrify

Centrify Infrastructure Services 2017

Syslog and WinCollect

WinCollect logs, Audit events

Yes

No

No

Check Point

Check Point versions NG, FP1, FP2, FP3, AI R54, AI R55, R65, R70, R77, R80, NGX, and R75

Syslog or OPSEC LEA

All events

Yes

Yes

Yes

Check Point

VPN-1 versions NG, FP1, FP2, FP3, AI R54, AI R55, R65, R70, R77 NGX

Syslog or OPSEC LEA

All events

Yes

Yes

No

Check Point

Check Point Multi-Domain Management (Provider-1) versions NG, FP1, FP2, FP3, AI R54, AI R55, R65, R70, R77, NGX

Syslog or OPSEC LEA

All events

Yes

Yes

No

Cilasoft

Cilasoft QJRN/400 V5.14.K+

Syslog

IBM audit events

Yes

Yes

No

Cisco

4400 Series Wireless LAN Controller V7.2

Syslog or SNMPv2

All events

No

No

No

Cisco

Cisco CallManager 8.x, 11.5

Syslog

Application events

Yes

No

No

Cisco

ACS V4.1 and later if directly from ACS V3.x and later if using ALE

Syslog

Failed Access Attempts

Yes

Yes

No

Cisco

Aironet V4.x+

Syslog

Cisco Emblem Format

Yes

No

No

Cisco

ACE Firewall V12.2

Syslog

All events

Yes

Yes

No

Cisco

Cisco AMP

Cisco AMP

All security events

Note: Network traffic is supported only for Data Flow Control (DCF) events.

Cisco

ASA V7.x and later

Syslog

All events

Yes

Yes

No

Cisco

ASA V7.x+

NSEL Protocol

All events

No

No

No

Cisco

CSA V4.x, V5.x and V6.x

Syslog SNMPv1 SNMPv2

All events

Yes

Yes

No

Cisco

CatOS for catalyst systems V7.3+

Syslog

All events

Yes

Yes

No

Cisco

Cloud Web Security (CWS)

Amazon AWS S3 REST API

W3C

All web usage logs

No

No

No

Cisco

Cisco Stealthwatch V6.8

Syslog

Event format: LEEF

Event types: Anomaly, Data Hoarding, Exploitation, High Concern, Index, High DDoS Source Index, High Target Index, Policy Violation, Recon, High DDoS Target Index, Data Exfilration, C&C

Yes

No

No

Cisco

IPS V7.1.10 and later, V7.2.x, V7.3.x

SDEE

All events

No

No

No

Cisco

Cisco IronPort V5.5, V6.5, V7.1, V7.5 (adds support for access logs)

Cisco IronPort ESA: V10.0

Cisco IronPort WSA: V10.0

Syslog, Log File protocol

Event format: All events

Recorded event types:

Mail (syslog)

System (syslog)

Access (syslog)

Web content filtering (Log File)

No

No

No

Cisco

IronPort V5.5, V6.5, V7.1, and V7.5

Syslog, Log File Protocol

All events

No

No

No

Cisco

FireSIGHT Management Center V4.8.0.2 to V6.0.0

(formerly known as Sourcefire Defense Center)

FireSIGHT Management Center

Intrusion events and extra data

Correlation events

Metadata events

Discovery events

Host events

User events

Malware events

File events

No

No

No

Cisco

Cisco Firepower Management Center V5.2 to V6.4

(formerly known as Cisco FireSIGHT Management Center)

Cisco Firepower eStreamer protocol

Discovery events

Correlation and White List events

Impact Flag alerts

User activity

Malware events

File events

Connection events

Intrusion events

Intrusion Event Packet Data

Intrustion Event Extra Data

No

No

No

Cisco

Cisco Firepower Threat Defense

Syslog

Event format: Syslog, Comma-separated values (CSV), Name-value pair (NVP)

Recorded event types: Intrusion, Connection

Yes

Yes

No

Cisco

Cisco Firewall Service Module (FWSM) v2.1+

Syslog

All events

Yes

Yes

Yes

Cisco

Cisco Catalyst Switch IOS, 12.2, 12.5+

Syslog

All events

Yes

Yes

No

Cisco

Cisco Meraki

Syslog

Event format: Syslog

Event types:

Events

Flows

security_event_ids_alerted

Cisco

Cisco NAC Appliance v4.x +

Syslog

Audit, error, failure, quarantine, and infected events

No

No

No

Cisco

Cisco Nexus v6.x

Syslog

Nexus-OS events

Yes

No

No

Cisco

Cisco PIX Firewall v5.x, v6.3+

Syslog

Cisco PIX events

Yes

Yes

Yes

Cisco

Cisco Identity Services Engine V1.1 to V2.2

UDP Multiline Syslog

Event format: Syslog

Event types: Device events

No

Yes

No

Cisco

Cisco IOS 12.2, 12.5+

Syslog

All events

Yes

Yes

No

Cisco

Cisco Umbrella

Amazon AWS S3 REST API

Event format: Cisco Umbrella CSV

Event types: Audit

No

No

No

Cisco

Cisco VPN 3000 Concentrator versions VPN 3005, 4.1.7.H

Syslog

All events

Yes

Yes

Yes

Cisco

Cisco Wireless Services Modules (WiSM) V 5.1+

Syslog

All events

Yes

No

No

Citrix

Citrix NetScaler V9.3 to V10.0

Syslog

All events

Yes

Yes

No

Citrix

Citrix Access Gateway V4.5

Syslog

Access, audit, and diagnostic events

Yes

No

No

Cloudera

Cloudera Navigator

Syslog

Audit events for HDFS, HBase, Hive, Hue, Cloudera Impala, Sentry

Yes

No

No

Cloudflare

Cloudflare Logs

Amazon AWS S3 REST API

Event format: JSON

Event types: HTTP events, Firewall events

Yes

No

No

CloudPassage

CloudPassage Halo

Syslog, Log file

All events

Yes

No

No

CrowdStrike

CrowdStrike Falcon

Syslog

LEEF

Incident summary, Detection summary, Authentication, Detection status update, Uploaded IoCs, Network containment, IP whitelisting, Policy management, CrowdStrike store, Falcon firewall management, Real time response, Event streams

Yes

No

No

CorreLog

CorreLog Agent for IBMz/OS

Syslog LEEF

All events

Yes

No

No

CRYPTOCard

CRYPTO- Shield V6.3

Syslog

All events

No

No

No

CyberArk

CyberArk Privileged Threat Analytics V3.1

Syslog

Detected security events

Yes

No

No

CyberArk

CyberArk Vault V6.x

Syslog

All events

Yes

Yes

No

CyberGuard

Firewall/VPN KS1000 V5.1

Syslog

CyberGuard events

Yes

No

No

Damballa

Failsafe V5.0.2+

Syslog

All events

Yes

No

No

Digital China Networks

DCS and DCRS Series switches V1.8.7

Syslog

DCS and DCRS IPv4 events

No

No

No

DG Technology

DG Technology MEAS

LEEF Syslog

Mainframe events

Yes

No

No

ESET

ESET Remote Administrator V6.4.270

Syslog

LEEF

Threat events

Firewall Aggregated Event

HIPS Aggregated Event

Audit events

Yes

No

No

Extreme

Dragon V5.0, V6.x, V7.1, V7.2, V7.3, and V7.4

Syslog SNMPv1 SNMPv3

All relevant Extreme Dragon events

Yes

No

No

Extreme

800-Series Switch

Syslog

All events

Yes

No

No

Extreme

Matrix Router V3.5

Syslog SNMPv1 SNMPv2 SNMPv3

SNMP and syslog login, logout, and login failed events

Yes

No

No

Extreme

NetSight Automatic Security Manager V3.1.2

Syslog

All events

Yes

No

No

Extreme

Matrix N/K/S Series Switch V6.x, V7.x

Syslog

All relevant Matrix K-Series, N-Series and S-Series device events

Yes

No

No

Extreme

Stackable and Standalone Switches

Syslog

All events

Yes

Yes

No

Extreme

XSR Security Router V7.6.14.0002

Syslog

All events

Yes

No

No

Extreme

HiGuard Wireless IPS 2R2.0.30

Syslog

All events

Yes

No

No

Extreme

HiPath Wireless Controller 2R2.0.30

Syslog

All events

Yes

No

No

Extreme

NAC 3.2 and 3.3

Syslog

All events

Yes

No

No

Enterprise-IT-

Security.com

SF-Sherlock 8.1 and later

LEEF

All_Checks, DB2_Security_Configuration, JES_Configuration, Job_Entry_System_Attack, Network_Parameter, Network_Security, No_Policy, Resource_Access_Viol, Resource_Allocation, Resource_Protection, Running_System_Change, Running_System_Security, Running_System_Status, Security_Dbase_Scan, Security_Dbase_Specialty, Security_Dbase_Status, Security_Parm_Change, Security_System_Attack, Security_System_Software, Security_System_Status, SF-Sherlock, Sherlock_Diverse, Sherlock_Diverse, Sherlock_Information, Sherlock_Specialties, Storage_Management, Subsystem_Scan, Sysplex_Security, Sysplex_Status, System_Catalog, System_File_Change, System_File_Security, System_File_Specialty, System_Log_Monitoring, System_Module_Security, System_Process_Security, System_Residence, System_Tampering, System_Volumes, TSO_Status, UNIX_OMVS_Security, UNIX_OMVS_System, User_Defined_Monitoring, xx_Resource_Prot_Templ

Yes

No

No

Epic

Epic SIEM, version Epic 2014, Epic 2015, and Epic 2017

LEEF

Audit, Authentication

Yes

Yes

No

Exabeam

Exabeam 1.7 and 2.0

not applicable

Critical, Anomalous

Yes

No

No

Extreme Networks

Extreme Ware 7.7 and XOS 12.4.1.x

Syslog

All events

No

Yes

No

F5 Networks

F5 Networks BIG-IP AFM 11.3 and 12.x to 14.x

Syslog

Network, network DoS, protocol security, DNS, and DNS DoS events

Yes

No

No

F5 Networks

F5 Networks BIG-IP LTM 9.42 to 14.x

Syslog, CSV

All events

No

Yes

No

F5 Networks

F5 Networks BIG-IP ASM 10.1 to 14.x

Syslog

Event format: CEF (CEF:0 is supported)

Recorded event types: All security events

No

Yes

No

F5 Networks

F5 Networks BIG-IP APM 10.x to 14.x

Syslog

All events

Yes

No

No

F5 Networks

FirePass 7.0

Syslog

All events

Yes

Yes

No

Fair Warning

Fair Warning 2.9.2

Log File Protocol

All events

No

No

No

Fasoo

Fasoo Enterprise DRM 5.0

JDBC

NVP event format

Usage events

No

No

No

Fidelis Security Systems

Fidelis XPS 7.3.x

Syslog

Alert events

Yes

No

No

FireEye

FireEye CMS, MPS, EX, AX, NX, FX, and HX

Syslog, TLS Syslog

All relevant events

Common Event Format (CEF) formatted messages

Log Event Extended Format (LEEF)

Yes

No

No

FreeRADIUS

FreeRADIUS 2.x

Syslog

All events

Yes

Yes

No

Forcepoint

Forcepoint Sidewinder 6.1

(formerly known as McAfee Firewall Enterprise 6.1)

Syslog

Forcepoint Sidewinder audit events

Yes

No

No

Forcepoint

Stonesoft Management Center 5.4 to 6.1

Stonesoft Management Center V5.4 to 6.1

Event format: LEEF

Event types: Management Center, IPS, Firewall, and VPN events

Yes

No

No

Forcepoint

(formerly known as Websense)

TRITON 7.7, and 8.2

Syslog

All events

Yes

No

No

Forcepoint

(formerly known as Websense)

V-Series Data Security Suite (DSS) 7.1x

Syslog

All events

Yes

Yes

Yes

Forcepoint

(formerly known as Websense)

V-Series Content Gateway V7.1x

Log File Protocol

All events

No

No

No

ForeScout

CounterACT 7.x and later

Syslog

Denial of Service, system, exploit, authentication, and suspicious events

No

No

No

Fortinet

Fortinet FortiGate Security Gateway FortiOS 6.4 and earlier

Syslog

Syslog Redirect

All events

Yes

Yes

Yes

Foundry

FastIron 3.x.x and 4.x.x

Syslog

All events

Yes

Yes

No

genua

genugate 8.2+

Syslog

General error messages

High availability

General relay messages

Relay-specific messages

genua programs/daemons

EPSI Accounting Daemon - gg/src/acctd

Configfw FWConfig

ROFWConfig

User-Interface

Webserver

Yes

Yes

No

Google

Google Cloud Platform Firewall

Google Cloud Pub/Sub

Event format: JSON

Event types: Firewall Allow, Firewall Deny

No

No

No

Google

Google G Suite Activity Reports

Google G Suite Activity Reports REST API

Event format: JSON

Recorded event types: Admin, drive, login, user accounts

No

No

No

Great Bay

Beacon

Syslog

All events

Yes

Yes

No

H3C Technologies

H3C Comware Platform, H3C Switches, H3C Routers, H3C Wireless LAN Devices, and H3C IP Security Devices

version 7 is supported

Syslog

NVP

System

No

No

No

HBGary

Active Defense 1.2 and later

Syslog

All events

Yes

No

No

HP

Network Automation 10.11

Syslog

LEEF

All operational and configuration network events.

Yes

Yes

No

HP

ProCurve K.14.52

Syslog

All events

Yes

No

No

HP

Tandem

Log File Protocol

Safe Guard Audit file events

No

No

No

HP

UX V11.x and later

Syslog

All events

No

Yes

No

Honeycomb Technologies

Lexicon File Integrity Monitor mesh service V3.1 and later

Syslog

integrity events

Yes

No

No

Huawei

S Series Switch S5700, S7700, and S9700 using V200R001C00

Syslog

IPv4 events from S5700, S7700, and S9700 Switches

No

No

No

Huawei

AR Series Router (AR150, AR200, AR1200, AR2200, and AR3200 routers using V200R002C00)

Syslog

IPv4 events

No

No

No

IBM

IBM AIX V6.1 and V7.1

Syslog, Log File Protocol

Configured audit events

Yes

No

No

IBM

IBM AIX 5.x, 6.x, and v7.x

Syslog

Authentication and operating system events

Yes

Yes

No

IBM

IBM BigFixV8.2.x to 9.5.2

(formerly known as Tivoli EndPoint Manager)

IBM BigFix SOAP Protocol

Server events

No

No

No

IBM

IBM BigFix Detect

Note: The IBM BigFix Detect DSM for JSA is deprecated.

     

IBM

IBM Bluemix Platform

Syslog, TLS Syslog

All System (Cloud Foundry) events, some application events

Yes

No

No

IBM

IBM DLC Metrics

Syslog, Forwarded

Event format: LEEF

Recorded event types: All DLC Metrics event types

Yes

No

No

IBM

IBM Federated Directory Server V7.2.0.2 and later

LEEF

FDS Audit

Yes

No

No

IBM

IBM InfoSphere 8.2p45

Syslog

Policy builder events

No

No

No

IBM

IBM i DSM V5R4 and later

(formerly known as AS/400iSeries)

Log File Protocol

Event format: CEF (CEF:0 is supported)

Recorded event types: All security events

No

Yes

No

IBM

IBM i - Robert Townsend Security Solutions V5R1 and later

(formerly known as AS/400iSeries)

Syslog

Event format: CEF (CEF:0 is supported)

Yes

Yes

No

IBM

IBM i - Powertech Interact V5R1 and later

(formerly known as AS/400iSeries)

Syslog

Event format: CEF (CEF:0 is supported)

Yes

Yes

No

IBM

ISS Proventia M10 v2.1_2004.1122_15.13.53

SNMP

All events

No

No

No

IBM

Lotus Domino v8.5

SNMP

All events

No

No

No

IBM

Proventia Management SiteProtector v2.0 and v2.9

JDBC

IPS and audit events

No

No

No

IBM

RACF v1.9 to v1.13

Log File Protocol

All events

No

No

Yes

IBM

CICS v3.1 to v4.2

Log File Protocol

All events

No

No

Yes

IBM

DB2 v8.1 to v10.1

Log File Protocol

All events

No

No

Yes

IBM

IBM DataPower FirmwareV6 and V7

(formerly known as WebSphere DataPower)

Syslog

All events

Yes

No

No

IBM

IBM Fiberlink MaaS360

LEEF

Compliance rule events

Device enrollment events

Action history events

No

Yes

No

IBM

IBM JSA Packet Capture

IBM JSA Packet Capture 2014.3 to 2014.8

Syslog, LEEF

All events

Yes

No

No

IBM

IBM SAN Volume Controller

Syslog

CADF event format

Yes

No

No

IBM

z/OS v1.9 to v1.13

Log File Protocol

All events

No

No

Yes

IBM

Informix v11

Log File Protocol

All events

No

No

No

IBM

IMS

Log File Protocol

All events

No

No

No

IBM

Security Identity Governance (ISIG)

JDBC

NVP event format

Audit event type

No

No

No

IBM

Security Network Protection (XGS) v5.0 with fixpack 7 to v5.4

Syslog

System, access, and security events

Yes

No

No

IBM

Security Network IPS v4.6 and later

Syslog

Security, health, and system events

Yes

No

No

IBM

Security Identity Manager 6.0.x and later

JDBC

Audit and recertification events

No

Yes

No

IBM

IBM Security Trusteer

HTTP Receiver

Event format: JSON

Event types: Trusteer alerts

Yes

No

No

IBM

IBM Security Trusteer Apex Advanced Malware Protection

Syslog/LEEF

Log File Protocol

Malware Detection

Exploit Detection

Data Exfiltration Detection

Lockdown for Java Event

File Inspection Event

Apex Stopped Event

Apex Uninstalled Event

Policy Changed Event

ASLR Violation Event

ASLR Enforcement Event

Password Protection Event

Yes

Yes

No

IBM

IBM Sense v1

Syslog

LEEF

Yes

No

No

IBM

IBM SmartCloud Orchestrator v2.3 FP1 and later

IBM SmartCloud Orchestrator REST API

Audit Records

No

Yes

No

IBM

Tivoli Access Manager IBM Web Security Gateway v7.x

Syslog

audit, access, and HTTP events

Yes

Yes

No

IBM

Tivoli Endpoint Manager v8.2.x and later

IBM Tivoli Endpoint Manager SOAP Protocol

Server events

No

Yes

No

IBM

WebSphere Application Server v5.0 to v8.5

Log File Protocol

All events

No

Yes

No

IBM

WebSphere DataPower

(now known as DataPower)

WebSphere DataPower

     

IBM

zSecure Alert v1.13.x and later

UNIX syslog

Alert events

Yes

Yes

No

IBM

Security Directory v6.3.1 and later

Syslog LEEF

All events

Yes

Yes

No

Illumio

Illumio Adaptive Security Platform

Syslog

LEEF

Audit

Traffic

Yes

No

No

Imperva

Incapsula

LEEF

Access events and Security alerts

Yes

No

No

Imperva

SecureSphere v6.2 and v7.x Release Enterprise Edition (Syslog)

SecureSphere v9.5 to v11.5 (LEEF)

Syslog

LEEF

Firewall policy events

Yes

No

No

Infoblox NIOS

Infoblox NIOS 6.x to 8.x

Syslog

ISC Blind

Linux DHCP

Linux Server

Apache

No

Yes

No

Internet Systems Consortium (ISC)

ISC BIND 9.9, 9.11, 9.12

Syslog

All events

Yes

No

No

Intersect Alliance

SNARE Enterprise Windows Agent

Syslog

Microsoft Event Logs

Yes

Yes

No

iT-CUBE

agileSI 1.x

SMB Tail

AgileSI SAP events

No

Yes

No

Itron

Openway Smart Meter

Syslog

All events

Yes

No

No

Juniper Networks

AVT

JDBC

All events

No

No

Yes

Juniper Networks

DDoS Secure

Juniper Networks DDoS Secure is now known as NCC Group DDoS Secure.

Syslog

All events

Yes

No

No

Juniper Networks

DX

The Juniper Networks DX Platform product is end of life (EOL), and is no longer supported by Juniper.

Syslog

Status and network condition events

Yes

No

Yes

Juniper Networks

Infranet Controller

The Juniper Networks Infranet Controller DSM for JSA is now known as Pulse Secure Infranet Controller.

     

Juniper Networks

Firewall and VPN v5.5r3 and later

Syslog

Juniper Firewall events

Yes

Yes

Yes

Juniper Networks

Junos OS WebApp Secure v4.2.x

Syslog

Incident and access events

Yes

No

No

Juniper Networks

IDP v4.0, v4.1 & v5.0

Syslog

Juniper IDP events

Yes

No

Yes

Juniper Networks

Network and Security Manager (NSM) and Juniper SSG v2007.1r2 to 2007.2r2, 2008.r1, 2009r1.1, 2010.x

Syslog

Juniper NSM events

Yes

No

Yes

Juniper Networks

Junos OS 7.x to 10.x Ex Series

Ethernet Switch DSM only supports 9.0 to 10.x

Syslog or PCAP Syslog***

All events

Yes**

Yes

Yes

Juniper Networks

Secure Access RA

Juniper Networks Secure Access is now known as Pulse Secure Pulse Connect Secure.

     

Juniper Networks

Juniper Security Binary Log Collector

SRX or J Series appliances at 12.1 or above

Binary

Audit, system, firewall, and IPS events

No

No

Yes

Juniper Networks

Steel-Belted Radius 5.x and later

Syslog

All events

Yes

Yes

Yes

Juniper Networks

vGW Virtual Gateway 4.5

The Juniper Networks vGW Virtual Gateway product is end of life (EOL), and is no longer supported by Juniper.

Syslog

Firewall, admin, policy and IDS Log events

Yes

No

No

Juniper Networks

Wireless LAN Controller

Wireless LAN devices with Mobility System Software (MSS) V7.6 and later

Syslog

All events

Yes

No

No

Kaspersky

Security Center 9.2 and later

JDBC, LEEF

Antivirus, server, and audit events

No

Yes

No

Kaspersky

Kaspersky CyberTrace

Syslog

Detect, Status, Evaluation

Yes

No

No

Kubernetes

Kubernetes Auditing

Supported version: Kubernetes API 1.16

Syslog

Event format: JSON

Event types: RequestReceived, ResponseStarted, ResponseComplete

Yes

No

Yes

Kisco

Kisco Information Systems SafeNet/i 10.11

Log File

All events

No

No

No

Lastline

Lastline Enterprise 6.0

LEEF

Anti-malware

Yes

No

No

Lieberman

Random Password Manager 4.8x

Syslog

All events

Yes

No

No

LightCyber

LightCyber Magna 3.9

Syslog, LEEF

C&C, exfilt, lateral, malware and recon

Yes

No

No

Linux

Open Source Linux OS 2.4 and later

Syslog

Operating system events

Yes

Yes

No

Linux

DHCP Server 2.4 and later

Syslog

All events from a DHCP server

Yes

Yes

No

Linux

IPtables kernel 2.4 and later

Syslog

Accept, Drop, or Reject events

Yes

No

No

McAfee

McAfee Application / Change Control v4.5.x

JDBC

Change management events

No

Yes

No

McAfee

McAfee ePolicy Orchestrator 3.5 to 5.10

JDBC: 3.5 to 5.9

SNMPv1, SNMPv2, SNMPv3: 3.5 to 5.9

TLS Syslog: 5.10

AntiVirus events

No

No

No

McAfee

McAfee MVISION Cloud 2.4 and 3.3 (formerly known as Skyhigh Networks Cloud Security Platform

Syslog

Event format:

Log Event Extended Format (LEEF)

Recorded event types:

Privilege Access, Insider Threat, Compromised Account, Access, Admin, Data, Policy, and Audit

Yes

No

No

McAfee

McAfee Network Security Platform 2.x - 5.x

Formerly known as McAfee Intrushield)

Syslog

Alert notification events

Yes

No

No

McAfee

McAfee Network Security Platform 6.x - 7.x and 8.x - 10.x

Formerly known as McAfee Intrushield)

Syslog

Alert and fault notification events

Yes

No

No

McAfee

McAfee Web 6.0.0 and later

Syslog, Log File Protocol

All events

Yes

No

No

MetaInfo

MetaIP 5.7.00-6059 and later

Syslog

All events

Yes

Yes

No

Microsoft

Microsoft Azure Active Directory

Microsoft Azure Event Hubs

Event format: JSON

Recorded event types:

Sign-In logs, Audit logs

Yes

No

No

Microsoft

Microsoft Azure Platform

Microsoft Azure Event Hubs

Event format: JSON

Recorded event types: Platform level activity logs

Yes

Note: This DSM automatically discovers only Activity Log Events that are forwarded directly from the Activity Log to the Event Hub.

No

No

Microsoft

Microsoft Azure Security Center

Microsoft Graph Security API

Event format: JSON

Recorded event types: Security alert

No

No

No

Microsoft

DNS Debug

Supported versions:

Windows Server 2016, Windows Server 2012 R2, Windows Server 2008 R2

WinCollect Microsoft DNS Debug

LEEF

Yes

Yes

No

Microsoft

IIS 6.0, 7.0 and 8.x

Syslog and Wincollect

HTTP status code events

Yes

No

No

Microsoft

Internet and Acceleration (ISA) Server or Threat Management Gateway 2006

Syslog and Wincollect

ISA or TMG events

Yes

No

No

Microsoft

Exchange Server 2003, 2007, 2010, 2013, and 2016

Windows Exchange Protocol

Outlook Web Access events (OWA)

Simple Mail Transfer Protocol events (SMTP

Message Tracking Protocol events (MSGTRK)

No

No

No

Microsoft

Endpoint Protection 2012

JDBC

Malware detection events

No

No

No

Microsoft

Hyper V

supported versions:

Windows Server 2016

Windows Server 2012 (most recent)

Windows Server 2012 Core

Windows Server 2008 (most recent)

Windows Server 2008 Core

Windows 10 (most recent)

Windows 8 (most recent)

Windows 7 (most recent)

Windows Vista (most recent)

WinCollect

All events

No

No

No

Microsoft

IAS Server

v2000, 2003, and 2008

Syslog

All events

Yes

No

No

Microsoft

Microsoft Office 365

Office 365 REST API

JSON

No

No

No

Microsoft

Microsoft Office 365 Message Trace

Office 365 Message Trace REST API

Event format: JSON

Event types: Email security threat classification

No

No

No

Microsoft

Microsoft Windows Defender ATP

Windows Defender ATP REST API

Event format: JSON

Event types:

Windows Defender ATP

Windows Defender AV

Third Party TI

Customer TI

Bitdefender

No

No

No

Microsoft

Microsoft Windows Event Security Log v2000, 2003, 2008, XP, Vista, and Windows 7 (32 or 64-bit systems supported)

supported versions:

Windows Server 2016

Windows Server 2012 (most recent)

Windows Server 2012 Core

Windows Server 2008 (most recent)

Windows 10 (most recent)

Windows 8 (most recent)

Windows 7 (most recent)

Windows Vista (most recent)

Syslog

Forwarded

TLS Syslog

TCP Multiline Syslog

Windows Event Log (WMI)

Windows Event Log Custom (WMI)

MSRPC

WinCollect

WinCollect NetApp Data ONTAP

All events, including Sysmon winlogbeats.json

Yes

Yes

Yes

Microsoft

SQL Server 2008, 2012, 2014 (Enterprise editions only), and 2016

Syslog, JDBC and Wincollect

SQL Audit events

No

No

No

Microsoft

SharePoint 2010 and 2013

JDBC

SharePoint audit, site, and file events

No

No

No

Microsoft

DHCP Server 2000/2003

Syslog and Wincollect

All events

Yes

Yes

No

Microsoft

Operations Manager 2005

JDBC

All events

No

No

No

Microsoft

System Center Operations Manager 2007

JDBC

All events

No

No

No

Motorola

Symbol AP firmware 1.1 to 2.1

Syslog

All events

No

No

No

NCC Group

NCC Group DDos 5.13.1-2s to 516.1-0

Syslog

Event format: LEEF

Event types: All events

Yes

No

No

Niara

Niara 1.6

Syslog

Security

System

Internal Activity

Exfiltration

Exfiltration

Command & Control

Yes

No

Yes

NetApp

Data ONTAP

Syslog

CIFS events

Yes

Yes

No

Netgate

Netgate pfSense

Syslog

System

Firewall

DNS

DHCP (when you use the Linux DHCP DSM)

Yes

Yes

No

Netskope

Netskope Active

Netskope Active REST API

Alert, All events

No

Yes

No

NGINX

NGINX HTTP Server 1.15.5

Syslog

Syslog, Standard syslog

Yes

No

No

Niksun

NetVCR 2005 v3.x

Syslog

Niksun events

No

No

No

Nokia

Firewall NG FP1, FP2, FP3, AI R54, AI R55, NGX on IPSO v3.8 and later

Syslog or OPSEC LEA

All events

Yes

Yes

No

Nokia

VPN-1 NG FP1, FP2, FP3, AI R54, AI R55, NGX on IPSO v3.8 and later

Syslog or OPSEC LEA

All events

Yes

Yes

No

Nominum

Note: The Nominum Vantio DSM for JSA is deprecated

Vantio v5.3

Syslog

All events

Yes

No

No

Nortel

Contivity

Syslog

All events

Yes

No

No

Nortel

Application Switch v3.2 and later

Syslog

Status and network condition events

No

Yes

No

Nortel

ARN v15.5

Syslog

All events

Yes

No

No

Nortel*

Ethernet Routing Switch 2500 v4.1

Syslog

All events

No

Yes

No

Nortel*

Ethernet Routing Switch 4500 v5.1

Syslog

All events

No

Yes

No

Nortel*

Ethernet Routing Switch 5500 v5.1

Syslog

All events

No

Yes

No

Nortel

Ethernet Routing Switch 8300 v4.1

Syslog

All events

No

Yes

No

Nortel

Ethernet Routing Switch 8600 v5.0

Syslog

All events

No

Yes

No

Nortel

VPN Gateway v6.0, 7.0.1 and later, v8.x

Syslog

All events

Yes

Yes

No

Nortel

Secure Router v9.3, v10.1

Syslog

All events

Yes

Yes

No

Nortel

Secure Network Access Switch v1.6 and v2.0

Syslog

All events

Yes

Yes

No

Nortel

Switched Firewall 5100 v2.4

Syslog or OPSEC

All events

Yes

Yes

No

Nortel

Switched Firewall 6000 v4.2

Syslog or OPSEC

All events

Yes

Yes

No

Nortel

Threat Protection System v4.6 and v4.7

Syslog

All events

No

No

No

Novell

eDirectory v2.7

Syslog

All events

Yes

No

No

ObserveIT

ObserveIT 5.7.x and later

JDBC

Alerts

User Activity

System Events

Session Activity

DBA Activity

No

Yes

No

Okta

Okta Identity Management

Okta REST API

JSON

No

Yes

No

Onapsis

Onapsis Security Platform v1.5.8 and later

Log Event Extended Format (LEEF)

Assessment

Attack signature

Correlation

Compliance

Yes

No

No

OpenBSD Project

OpenBSD v4.2 and later

Syslog

All events

No

Yes

No

Open LDAP Foundation

Open LDAP 2.4.x

UDP Multiline Syslog

All events

No

No

No

Open Source

SNORT v2.x

Syslog

All events

Yes

No

No

OpenStack

OpenStack v2015.1

HTTP Reciever

Audit events

No

No

No

Oracle

Oracle DB Audit Records v9i, v10g, v11g, v12c

(includes unified auditing)

136787

Syslog JDBC

Event format: Name-Value Pair

Recorded event types: Audit records

No

Yes

No

Oracle

Audit Vault v10.2.3.2 and V12.2

JDBC

All audit records from the AVSYS.AV$ALERT_STORE table for V10.3, or from the custom AVSYS.AV_ALERT_STORE_V view for V12.2.

No

Yes

No

Oracle

Oracle OS Audit 9i, 10g, and 11g

Syslog

Event format: name-value pair (NVP)

Event types: Oracle events

Yes

Yes

No

Oracle

Oracle BEA WebLogic 12.2.1.3.0

Log File

Oracle events

No

No

No

Oracle

Oracle Database Listener 9i, 10g, and 11g

Syslog

Oracle events

Yes

No

No

Oracle

Oracle Directory Server

(Formerly known as Sun ONE LDAP).

Oracle

Oracle Fine Grained Auditing 9i and 10g

JDBC

Select, insert, delete, or update events for tables configured with a policy

No

No

No

N/A

osquery 3.3.2

Syslog

TCP Multiline Syslog

Event format: JSON

Event type: Access Audit Authentication System

No

No

Yes

OSSEC

OSSEC 2.6 and later

Syslog

All relevant

Yes

No

No

Palo Alto Networks

Palo Alto PA Series PanOS 3.0 to 9.1

 

Traffic

Threat

URL Filtering

Data

WildFire

Config

System

HIP Match

Authentication

User-ID

Tunnel Inspection

Correlation

SCTP

IP-Tag

Event formats: CEF for PAN-OS v4.0 to v6.1 (CEF:0 is supported)

LEEF for PAN-OS v3.0 to v9.1

Yes

Yes

No

Palo Alto Networks

Palo Alto Endpoint Security Manager 3.4.2.17401

Syslog

Agent

Config

Policy

Policy

Threat

Event formats: CEF (CEF:0 is supported), LEEF

Yes

No

No

Pirean

Access: One 2.2 with DB2 9.7

JDBC

Access management and authentication events

No

No

No

PostFix

Mail Transfer Agent 2.6.6 and later

UDP Multiline Protocol or Syslog

Mail events

No

No

No

ProFTPd

ProFTPd 1.2.x, 1.3.x

Syslog

All events

Yes

Yes

No

Proofpoint

Proofpoint Enterprise Protection and Enterprise Privacy versions 7.0.2, 7.1, or 7.2

Syslog

System, email audit, email encryption, and email security threat classification events

No

No

No

Pulse Secure

Pulse Secure Infranet Controller 2.1, 3.1 and 4.0

Syslog

All Events

No

Yes

Yes

Pulse Secure

Pulse Secure Pulse Connect Secure 8.2R5

Syslog

TLS Syslog

Event formats:

Admin, Authentication, System, Network, Error

Event types:

All events

Yes

Yes

Yes

Radware

AppWall 6.5.2 and 8.2

Syslog

Event format: Vision Log

Recorded event types:

Administration

Audit

Learning

Security

System

Yes

No

No

Radware

DefensePro 4.23, 5.01, 6.x and 7.x

Syslog

All events

Yes

No

No

Raz-Lee iSecurity

AS/400 iSeries Firewall 15.7 and Audit 11.7

Syslog

Security compliance, firewall, and audit events

Yes

Yes

No

Redback Networks

ASE 6.1.5

Syslog

All events

Yes

No

No

Resolution1

Resolution1 CyberSecurity

Formerly known as AccessData InSight

Resolution1 CyberSecurity.

Log file

Volatile Data, Memory Analysis Data, Memory Acquisition Data, Collection Data, Software Inventory, Process Dump Data, Threat Scan Data, Agent Remediation Data

No

No

No

Riverbed

SteelCentral NetProfiler

JDBC

Alert events

No

No

No

Riverbed

SteelCentral NetProfiler Audit

Log file protocol

Audit events

No

Yes

No

RSA

Authentication Manager 6.x, 7.x, and 8.x

v6.x and v7.x use Syslog or Log File Protocol

v8.x uses Syslog only

All events

No

No

No

SafeNet

DataSecure 6.3.0 and later

Syslog

All events

Yes

No

No

Salesforce

Security Auditing

Log File

Setup Audit Records

No

No

No

Salesforce

Security Monitoring

Salesforce REST API Protocol

Login History

Account History

Case History

Entitlement History

Service Contract History

Contract Line Item History

Contract History

Contact History

Lead History

Opportunity History

Solution History

No

Yes

No

Samhain Labs

HIDS 2.4

Syslog

JDBC

All events

Yes

No

No

SAP

SAP Enterprise Threat Detection sp6

SAP Enterprise Threat Detection Alert API

LEEF

No

No

No

Seculert

Seculert v1

Seculert Protection REST API Protocol

All malware communication events

No

No

No

Seculert

Seculert

Seculert protection REST API Protoco

All malware communication events

No

No

No

Sentrigo

Hedgehog 2.5.3

Syslog

All events

Yes

No

No

Skyhigh Networks

(now known as McAfee)

Skyhigh Networks Cloud Security Platform 2.4 and 3.3

(now known as McAfee MVISION Cloud 2.4 and 3.3)

     

SolarWinds

SolarWinds Orion 2011.2

Syslog

All events

Yes

No

No

SonicWALL

UTM/Firewall/VPN Appliance 3.x and later

Syslog

All events

Yes

No

No

Sophos

Astaro 8.x

Syslog

All events

Yes

No

No

Sophos

Enterprise Console 4.5.1 and 5.1

Sophos Enterprise Console protocol

JDBC

All events

No

No

No

Sophos

PureMessage 3.1.0.0 and later for Microsoft Exchange 5.6.0 for Linux

JDBC

Quarantined email events

No

No

No

Sophos

Web Security Appliance 3.x

Syslog

Transaction log events

Yes

No

No

Sourcefire

Intrusion Sensor IS 500, 2.x, 3.x, 4.x

Syslog

All events

Yes

No

No

Sourcefire

Defense Center

(Now known as Cisco FireSIGHT Mangement Center)

Sourcefire Defense Center

All events

No

No

No

Splunk

Microsoft Windows Security Event Log

Windows-based event provided by Splunk Forwarders

All events

No

Yes

No

Squid

Web Proxy 2.5 and later

Syslog

All cache and access log events

Yes

No

No

Startent Networks

Startent Networks

Syslog

All events

Yes

No

No

STEALTHbits Technologies

STEALTHbits File Activity Monitor

Syslog LEEF

File Activity Monitor Events

   

STEALTHbits Technologies

StealthINTERCEPT

Syslog LEEF

Active Directory Audit Events

Yes

No

No

STEALTHbits Technologies

STEALTHbits StealthINTERCEPT Alerts

Syslog LEEF

Active Directory Alerts Events

Yes

No

No

STEALTHbits Technologies

STEALTHbits StealthINTERCEPT Analytics

Syslog LEEF

Active Directory Analytics Events

Yes

No

No

Stonesoft

Management Center v5.4

Syslog

Management Center, IPS, Firewall, and VPN Events

Yes

No

No

Sun

Solaris 5.8, 5.9, Sun OS 5.8, 5.9

Syslog

All events

Yes

Yes

No

Sun

Solaris DHCP 2.8

Syslog

All events

Yes

Yes

No

Sun

Solaris Sendmail 2.x

Syslog

Log File Protocol

Proofpoint 7.5 and 8.0 Sendmail log

All events

Yes

No

No

Sun

Solaris Basic Security Mode (BSM) 5.10 and 5.11

Log File Protocol

All events

No

Yes

No

Sun

ONE LDAP v11.1

(Known as Oracle Directory Server)

Log File Protocol

UDP Multiline Syslog

All relevant access and LDAP events

No

No

No

Sybase

ASE 15.0 and later

JDBC

All events

No

No

No

Symantec

Endpoint Protection 11, 12, and 14

Syslog

All Audit and Security Logs

Yes

No

Yes

Symantec

SGS Appliance 3.x and later

Syslog

All events

Yes

No

Yes

Symantec

SSC 10.1

JDBC

All events

Yes

No

No

Symantec

Data Loss Prevention (DLP) 8.x and later

Syslog

All events

No

No

No

Symantec

PGP Universal Server 3.0.x

Syslog

All events

Yes

No

No

Symark

PowerBroker 4.0

Syslog

All events

Yes

No

No

SysFlow is an open source project initiated by IBM.

SysFlow 1.0

Syslog

Event format: JSON Recorded event types: SysFlow

Yes

No

No

ThreatGRID

Malware Threat Intelligence Platform v2.0

Log file protocol

Syslog

Malware events

No

No

No

TippingPoint

Intrusion Prevention System (IPS) 1.4.2 to 3.2.x

TippingPoint SMS 5.2.0

Syslog

All events

No

No

No

TippingPoint

X505/X506 2.5 and later

Syslog

All events

Yes

Yes

No

Top Layer

IPS 5500 4.1 and later

Syslog

All events

Yes

No

No

Trend Micro

Trend Micro Apex Central (version 1)

Syslog, TLS syslog

Event format: CEF

Event types:

Attack discovery detection logs

Behavior monitoring logs

C&C callback logs

Content security logs

Data loss prevention logs

Device access control logs

Endpoint application control logs

Engine update status log

Network content inspection logs

Pattern Update Status Logs

Predictive machine learning logs

Sandbox detection logs

Spyware/Grayware logs

Suspicious file logs

Virus/Malware logs

Web security logs

Yes

No

No

Trend Micro

Trend Micro Control Manager 5.0 or 5.5 with hotfix 1697 or hotfix 1713 after SP1 Patch 1

SNMPv1

SNMPv2

SNMPv3

All events

Yes

No

No

Trend Micro

Trend Micro Deep Discovery Analyzer 5.0, 5.5, 5.8 and 6.0

LEEF

All events

Yes

No

No

Trend Micro

Trend Micro Deep Discovery Email Inspector 3.0

Log Event Extended Format (LEEF)

Detections, Virtual Analyzer Analysis logs, System events, Alert events

Yes

No

No

Trend Micro

Trend Micro Deep Discovery Inspector 3.0 to 3.8, 5.0 and 5.1

Log Event Extended Format (LEEF)

Malicious content

Malicious behavior

Suspicious behavior

Exploit

Grayware

Web reputation

Disruptive application

Sandbox

Correlation

System

Update

Yes

No

No

Trend Micro

Trend Micro Deep Security 9.6.1532, 10.0.1962 and 10.1

Log Event Extended Format (LEEF)

Anti-Malware

Deep Security

Firewall

Integrity Monitor

Intrusion Prevention

Log Inspection

System

Web Reputation

Yes

No

No

Trend Micro

Trend Micro Office Scan 8.x and 10.x

SNMPv2

All events

No

No

No

Tripwire

Enterprise Manager 5.2 and later

Syslog

Event format: CEF (CEF:0 is supported)

Event types: Resource additions, removal, and modification events

Yes

No

No

Tropos Networks

Tropos Control 7.7

Syslog

Fault management, login/logout, provision, and device image upload events

No

No

No

Trusteer

Apex Local Event Aggregator 1304.x and later

Syslog

Malware, exploit, and data exfiltration detection events

Yes

No

No

Vectra Networks

Vectra Networks Vectra 2.2

Syslog

Host scoring, command and control, botnet activity, reconaissance, lateral movement, exfiltration

Event format: CEF (CEF:0 is supported)

Yes

No

No

Verdasys

Digital Guardian 6.0.x (Syslog only)

Digital Guardian 6.1.1 and 7.2 (LEEF only)

Syslog

Event format: LEEF

Events: All events

Yes

No

No

Vericept

Content 360 up to 8.0

Syslog

All events

Yes

No

No

VMware

VMware AppDefense 1.0

JSON

VMWare AppDefense API protocol

All events

No

No

No

VMware

Carbon Black App Control 8.0.x to 8.5.x

(Formerly known as Carbon Black Protection)

Syslog

Event format: LEEF

Event types: computer management, server management, session management, policy management, policy enforcement, internal events, general management, discovery

Yes

Yes

No

VMware

VMware ESX or ESXi 3.5.x, 4.x, 5.x and 6.x

Syslog

VMWare protocol

Account Information

Notice

Warning

Error

System Informational

System Configuration

System Error

User Login

Misc Suspicious Event

Access Denied

License Expired

Information

Authentication

Session Tracking

Yes if syslog

No

No

VMware

VMware vCenter 5.x

VMWare protocol

Account Information

Notice

Warning

Error

System Informational

System Configuration

System Error

User Login

Misc Suspicious Event

Access Denied

License Expired

Information

Authentication

Session Tracking

No

No

No

VMware

VMware vCloud Director 5.1- 10.0

vCloud Director protocol

All events

No

Yes

No

VMWare

VMware vShield

Syslog

All events

Yes

No

No

Vormetric, Inc.

Vormetric Data Security

Syslog (LEEF)

Audit

Alarm

Warn

Learn Mode

System

Yes

No

No

Watchguard

WatchGuard Fireware OS

Syslog

All events

Yes

No

No

Websense

(now known as Forcepoint)

      

Zscaler

Zscaler

Nanolog Streaming Service (Zscaler NSS) 6.0

Syslog

Event format: LEEF Event types: Web log events, Firewall

Event types: Web log events, Firewall events

Yes

No

No