Skip to content

Plug and play extractors that convert different log events to a common DNIF Data Model (DDM)

License

Notifications You must be signed in to change notification settings

xuruoyu/extractors

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

dnif-extractors

Plug and play extractors that convert different log events to a common DNIF Data Model (DDM)

Extractors (Beta)

As of 21-11-2022

This is available here : DNIF Supported Log Sources

Type Vendor Product Integration Stream
OS Microsoft Windows (OS, AD and Sysmon) Winlogbeat SYSMON-PROCESS, SYSMON-NETWORK, SYSMON-FILE, SYSMON-IMAGE-LOAD, SYSMON-REGISTRY, SYSMON-WMI, SYSMON-PIPE, SYSMON-SERVICE, SYSMON-DNS, SYSMON-DRIVER-LOAD, SYSMON-CONFIG, IAM, AUTHENTICATION, WIN-AUDIT, CONFIGURATION, THREAT
OS Microsoft Windows (OS, AD and Sysmon) NXLog AUTHENTICATION, SYSMON-PROCESS, SYSMON-NETWORK, SYSMON-FILE, SYSMON-DNS, SYSMON-REGISTRY, SYSMON-IMAGE-LOAD, WIN-AUDIT, CONFIGURATION, THREAT, IAM, SYSMON-DRIVER-LOAD, SYSMON-SERVICE, SYSMON-WMI, SYSMON-PIPE, SYSMON-CONFIG, FIREWALL
OS Infoblox NIOS (Advanced DNS Protection and DDI) Syslog(CEF) DNS, THREAT
OS Juniper Networks JunOS Syslog AUTHENTICATION, FIREWALL, AUDITD
OS Linux ALL Syslog AUTHENTICATION, AUDITD, IAM, CONFIGURATION, FIREWALL
OS Cisco Cisco Air WLC Syslog AUTHENTICATION, IAM, THREAT
OS Cisco Cisco (IOS and NX-OS) Syslog AUTHENTICATION, CONFIGURATION, FIREWALL, IAM
OS F5 F5-BIGIP Syslog AUDITD, CONFIGURATION, AUTHENTICATION, FIREWALL
OS Broadcom Brocade Fabric OS Syslog AUTHENTICATION
OS Citrix XenServer Syslog AUTHENTICATION
OS Centrify Centrify Infrastructure Services Syslog(KV) AUTHENTICATION, IAM, AUDITD, CONFIGURATION
OS Linux ALL Auditbeat AUTHENTICATION, CONFIGURATION, AUDITD, IAM
OS Centrify Centrify Infrastructure Services Syslog(KV) AUTHENTICATION, IAM, AUDITD, CONFIGURATION
OS VMWare VMWare Syslog AUTHENTICATION, CONFIGURATION, AUDITD
OS Aruba ArubaOS Syslog AUTHENTICATION, THREAT, IAM, CONFIGURATION
FIREWALL Netgate pfSense Syslog FIREWALL
FIREWALL AlgoSec AlgoSec Security Management Suite Syslog(CEF) AUTHENTICATION
FIREWALL PaloAlto Palo Alto Networks Syslog(LEEF) FIREWALL, THREAT, AUTHENTICATION, CONFIGURATION
FIREWALL Zscaler Zscaler Firewall Syslog FIREWALL, AUTHENTICATION, THREAT
FIREWALL Fortinet FortiGate Syslog(KV) FIREWALL, THREAT, AUTHENTICATION, CONFIGURATION, IAM, WEBFILTER
FIREWALL Juniper Juniper-Firewall Syslog(KV) FIREWALL, THREAT
FIREWALL Cisco Cisco ASA Syslog AUTHENTICATION, THREAT, FIREWALL, CONFIGURATION, IAM
FIREWALL Ciena Ciena (6500, 8700) Syslog AUTHENTICATION, IAM, THREAT
FIREWALL Cisco Cisco FMC Syslog AUTHENTICATION, FIREWALL, THREAT, CONFIGURATION
FIREWALL Fortinet FortiManager Syslog(KV) AUTHENTICATION, CONFIGURATION
FIREWALL Cisco Cisco FTD Syslog FIREWALL, THREAT, AUTHENTICATION
FIREWALL WatchGuard WatchGuard Firewall Syslog FIREWALL, THREAT, AUTHENTICATION, CONFIGURATION
FIREWALL CheckPoint CheckPoint Firewall Syslog(KV) THREAT, FIREWALL, AUTHENTICATION, CONFIGURATION, IAM
FIREWALL Cisco Cisco Meraki Syslog FIREWALL, THREAT, WEBFILTER
FIREWALL Sophos Cyberoam Firewall Syslog(KV) AUTHENTICATION, THREAT, FIREWALL, CONFIGURATION
WAF Citrix Citrix ADC Syslog AUTHENTICATION, FIREWALL
WAF Citrix NetScaler WAF Syslog(CEF) THREAT
WAF Akamai Akamai WAF Syslog(CEF) THREAT
WAF Fortinet FortiWeb WAF Syslog(CEF) AUTHENTICATION, THREAT, IAM, CONFIGURATION, FIREWALL
WAF Indusface Indusface AppTrana WAF Indusface AppTrana THREAT
WAF Imperva Imperva WAF Syslog(CEF) THREAT
WAF Imperva Incapsula WAF Syslog(CEF) THREAT
WAF Radware Radware Syslog(KV) THREAT, AUTHENTICATION
WAF F5 BIG-IP F5 BIG-IP Syslog(CEF) THREAT
ENDPOINT-SECURITY CrowdStrike CrowdStrike Falcon Syslog(CEF) THREAT, AUTHENTICATION, IAM
ENDPOINT-SECURITY Forcepoint Forcepoint DLP Syslog(CEF) THREAT
ENDPOINT-SECURITY Broadcom Symantec ATP Syslog(KV) THREAT
ENDPOINT-SECURITY PaloAlto Cortex Syslog(CEF) CONFIGURATION, THREAT
ENDPOINT-SECURITY VMWare Carbon Black Response Syslog THREAT
ENDPOINT-SECURITY VMWare Carbon Black EPP Syslog THREAT, IAM, AUTHENTICATION, CONFIGURATION
ENDPOINT-SECURITY Morphisec Morphisec Guard Syslog(CEF) THREAT
ENDPOINT-SECURITY Trend Micro Trend-Micro Network Syslog(CEF) THREAT, AUTHENTICATION, CONFIGURATION
ENDPOINT-SECURITY Trend Micro Trend-Micro Endpoint Syslog(CEF) THREAT
ENDPOINT-SECURITY Dell Dell Cylance Syslog(KV) THREAT, IAM, AUTHENTICATION
ENDPOINT-SECURITY SentinelOne SentinelOne Endpoint Protection Syslog(CEF) AUTHENTICATION, CONFIGURATION, THREAT, IAM
ENDPOINT-SECURITY PaloAlto Networks PaloAlto Traps ESM Syslog(LEEF) AUTHENTICATION, IAM, CONFIGURATION, THREAT
ENDPOINT-SECURITY Sophos Sophos Endpoint Syslog(KV) THREAT, IAM
ENDPOINT-SECURITY Fortinet FortiEDR Syslog(KV) THREAT
ENDPOINT-SECURITY McAfee McAfee DLP Syslog(XML) THREAT, AUTHENTICATION, CONFIGURATION
ENDPOINT-SECURITY McAfee McAfee IPS Syslog THREAT
ENDPOINT-SECURITY McAfee McAfee EPO RDBMS-Log-Shipper THREAT
ENDPOINT-SECURITY VMWare Carbon Black Defense Syslog THREAT, AUTHENTICATION
ENDPOINT-SECURITY Netskope Netskope DLP Syslog(CEF) THREAT, AUTHENTICATION
ENDPOINT-SECURITY Broadcom Symantec Endpoint Security Syslog(KV) THREAT, AUTHENTICATION, CONFIGURATION
ENDPOINT-SECURITY Trendmicro Trendmicro Officescan Syslog(KV) THREAT
ENDPOINT-SECURITY Trend Micro InterScan VirusWall Syslog(KV) THREAT
ENDPOINT-SECURITY Kaspersky Kaspersky Endpoint Security Cloud Syslog(CEF) THREAT
ENDPOINT-SECURITY Trend Micro Trend-Micro Cloud Syslog(CEF) AUTHENTICATION, THREAT, IAM, CONFIGURATION
THREAT Kaspersky Lab Kaspersky CyberTrace Syslog(LEEF) THREAT
THREAT Trend Micro Trend Micro Vision One Trend Micro Audit Logs AUTHENTICATION, IAM, CONFIGURATION
THREAT SAP SAP Enterprise Threat Detection Syslog(LEEF) THREAT, AUTHENTICATION, IAM, CONFIGURATION
THREAT Darktrace DCIP Syslog(CEF) IAM, AUTHENTICATION, THREAT
THREAT Arbor Arbor Networks Pravail Syslog THREAT
THREAT Orca Orca Security Orca THREAT
THREAT Cisco Cisco AMP NXLog THREAT
THREAT FireEye Inc. FireEye Threat Syslog(CEF) THREAT
THREAT Juniper Cortex Syslog(CEF) AUTHENTICATION, CONFIGURATION, THREAT, IAM
OFFICE Microsoft MS O365 Office 365 EMAIL-GATEWAY, AUTHENTICATION, IAM, DOCUMENTS, CONFIGURATION, THREAT
OFFICE Google Workspace G Suite G-Suite AUTHENTICATION, IAM, CALENDAR, THREAT, DOCUMENTS
WEBFILTER HAProxy HAProxy Syslog WEBFILTER
WEBFILTER McAfee McAfee Web Gateway Syslog(CEF) AUTHENTICATION, THREAT, WEBFILTER
WEBFILTER ZScaler ZScaler WebFilter Syslog(LEEF) WEBFILTER
WEBFILTER SafeSquid SafeSquid Secure Web Gateway Syslog WEBFILTER, CONFIGURATION
WEBFILTER Symantec Blue Coat ProxySG Syslog(KV) WEBFILTER, AUTHENTICATION, THREAT
WEBFILTER Forcepoint Websense WebFilter Syslog(CEF) WEBFILTER
IPS Trend Micro TippingPoint Syslog AUTHENTICATION, THREAT
IPS Radware DefensePro Syslog THREAT
IPS Cisco Cisco FirePOWER Syslog(KV) THREAT
MAILSERVER Zimbra Zimbra Collaboration Syslog AUTHENTICATION, EMAIL-GATEWAY, THREAT, CONFIGURATION
MAILSERVER Microsoft Microsoft Exchange Server Syslog EMAIL-GATEWAY
WEBSERVER Microsoft IIS Webserver NXLog WEBSERVER
WEBSERVER Red Hat JBoss WebServer Syslog(Json) WEBSERVER
WEBSERVER Apache Tomcat Webserver Syslog WEBSERVER
WEBSERVER Apache Apache Webserver Syslog WEBSERVER, AUTHENTICATION
WEBSERVER F5 Nginx Webserver Syslog WEBSERVER
DNS ZScaler ZScaler DNS Syslog DNS
DHCP Microsoft Windows Syslog DHCP
DECOY Smokescreen Smokescreen Decoy Syslog(CEF) THREAT, AUTHENTICATION
ZERO-TRUST Haltdos Haltdos Haltdos WEBFILTER
ZERO-TRUST Accops HySecure Syslog AUTHENTICATION
ZERO-TRUST Versa Networks Versa Networks Zero Trust Syslog(KV) FIREWALL, WEBFILTER, THREAT
CLOUD Microsoft Azure Azure Azure AZURE, FIREWALL
CLOUD McAfee McAfee MVISION Cloud Syslog(LEEF) THREAT
CLOUD Amazon Redshift AWS S3 AUTHENTICATION
CLOUD Google Google Cloud Platform NXLog WEBFILTER
CLOUD Amazon Amazon Simple Storage Service AWS S3 S3-ACCESS
CLOUD Amazon Route 53 AWS S3 DNS
CLOUD Amazon Amazon VPC AWS S3 FIREWALL
CLOUD Amazon AWS WAF AWS S3 THREAT
CLOUD Amazon AWS Security Hub AWS S3 COMPLIANCE, SECURITY-HUB, CONFIGURATION, THREAT
CLOUD Amazon AWS CloudTrail AWS S3 AUTHENTICATION, CONFIGURATION, CLOUDTRAIL, IAM
ACCESS-GATEWAY Okta Okta Okta AUTHENTICATION, CONFIGURATION, IAM, THREAT
ACCESS-GATEWAY Array Networks SSL VPN Syslog(KV) AUTHENTICATION
ACCESS-GATEWAY Microsoft Windows ADFS NXLog IAM, AUTHENTICATION
ACCESS-GATEWAY Cisco Cisco ACS Syslog(KV) AUTHENTICATION
ACCESS-GATEWAY IBM IBM DataPower Gateway Syslog AUTHENTICATION
ACCESS-GATEWAY PaloAlto Prisma Cloud Prisma Alerts CONFIGURATION, PRISMA
ACCESS-GATEWAY Broadcom Symantec Siteminder Syslog AUTHENTICATION
MANAGEMENT-SERVER Radware AlteonOS Syslog AUTHENTICATION, CONFIGURATION
MANAGEMENT-SERVER Thales Thales Luna Networks HSMs Syslog AUTHENTICATION
MANAGEMENT-SERVER Siemens Teamcenter Enterprise PLM Syslog AUTHENTICATION
MANAGEMENT-SERVER IBM IBM API Management Syslog AUTHENTICATION
MANAGEMENT-SERVER SafeNet Inc. SafeNet KeySecure HSM Syslog AUTHENTICATION
MANAGEMENT-SERVER Snowflake Snowflake Snowflake AUTHENTICATION
MANAGEMENT-SERVER Fortinet FortiAuthenticator Syslog(KV) AUTHENTICATION
MANAGEMENT-SERVER Accops HyWorks Controller Syslog AUTHENTICATION
MANAGEMENT-SERVER FireEye Inc. FireEye Audit Syslog AUTHENTICATION, CONFIGURATION
MANAGEMENT-SERVER NetApp ONTAP Syslog AUTHENTICATION
MANAGEMENT-SERVER Check Point Check Point Software Technologies Syslog IAM, AUTHENTICATION
MANAGEMENT-SERVER Google Google Apps Audit Syslog(KV) AUTHENTICATION, IAM
MANAGEMENT-SERVER Avaya Avaya VPN Gateway Syslog(KV) AUTHENTICATION
MANAGEMENT-SERVER F5 BIG-IP Access Policy Manager Syslog(KV) AUTHENTICATION
CLOUD-STORAGE Box Box Cloud Storage Box DOCUMENTS, AUTHENTICATION, CONFIGURATION
PIM CyberArk CyberArk PIM Syslog(CEF) AUTHENTICATION, THREAT, IAM
NAC Cisco Cisco ISE Syslog(KV) AUTHENTICATION, IAM, THREAT, CONFIGURATION, COMPLIANCE
NAC ForeScout Technologies CounterAct Syslog(CEF) COMPLIANCE
NAC Aruba Networks ClearPass Syslog(CEF) IAM, AUTHENTICATION
NTA Network Traffic Analysis (NTA) NTA Network Traffic Analysis NTA-CONNECTION, NTA-DHCP, NTA-DNS, NTA-DPD, NTA-FILES, NTA-FTP, NTA-HTTP, NTA-IRC, NTA-KERBEROS, NTA-MODBUS, NTA-MYSQL, NTA-AUTHENTICATION-NTLM, NTA-NTP, NTA-AUTHENTICATION-RADIUS, NTA-RDP, NTA-AUTHENTICATION-RFB, NTA-SIP, NTA-SNMP, NTA-SSH, NTA-SSL, NTA-TUNNEL, NTA-CERTIFICATE, NTA-SMB, NTA-DCE-RPC, NTA-DNP3, NTA-SMTP
EMAIL-GATEWAY Mimecast Mimecast Secure Email Gateway Syslog(KV) EMAIL-GATEWAY, THREAT, AUTHENTICATION, IAM, CONFIGURATION
EMAIL-GATEWAY Cisco Cisco IronPort Syslog(CEF) EMAIL-GATEWAY, THREAT
EMAIL-GATEWAY Trend Micro Deep Discovery Email Inspector Syslog(CEF) EMAIL-GATEWAY, CONFIGURATION, AUTHENTICATION, THREAT
DATABASE Oracle Oracle Syslog AUTHENTICATION, IAM
DATABASE Oracle Oracle NXLog AUTHENTICATION
DATABASE Microsoft SQL Server NXLog AUTHENTICATION, CONFIGURATION
STORAGE Hitachi Hitachi Vantara Syslog AUTHENTICATION
STORAGE Dell EMC PowerMax Syslog(KV) CONFIGURATION, AUTHENTICATION
DAM Oracle Oracle Audit Vault Syslog(KV) AUTHENTICATION, CONFIGURATION
DAM IBM IBM Guardium Syslog(KV) AUTHENTICATION, IAM
DAM Imperva Imperva DAM Syslog(CEF) AUTHENTICATION
PAM Arcon Arcos RDBMS-Log-Shipper AUTHENTICATION
UTM Sophos Sophos UTM Syslog(KV) WEBFILTER, THREAT, FIREWALL, AUTHENTICATION

The DDM repository can be found here : Blueprint

Note - The above list of Extractors are DNIF's Supported Beta Extractors. DNIF brings improvements into these from performance and efficiency angle on continuous basis.

About

Plug and play extractors that convert different log events to a common DNIF Data Model (DDM)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 93.8%
  • Dockerfile 6.2%