Plug and play extractors that convert different log events to a common DNIF Data Model (DDM)
As of 21-11-2022
This is available here : DNIF Supported Log Sources
Type | Vendor | Product | Integration | Stream |
---|---|---|---|---|
OS | Microsoft | Windows (OS, AD and Sysmon) | Winlogbeat | SYSMON-PROCESS, SYSMON-NETWORK, SYSMON-FILE, SYSMON-IMAGE-LOAD, SYSMON-REGISTRY, SYSMON-WMI, SYSMON-PIPE, SYSMON-SERVICE, SYSMON-DNS, SYSMON-DRIVER-LOAD, SYSMON-CONFIG, IAM, AUTHENTICATION, WIN-AUDIT, CONFIGURATION, THREAT |
OS | Microsoft | Windows (OS, AD and Sysmon) | NXLog | AUTHENTICATION, SYSMON-PROCESS, SYSMON-NETWORK, SYSMON-FILE, SYSMON-DNS, SYSMON-REGISTRY, SYSMON-IMAGE-LOAD, WIN-AUDIT, CONFIGURATION, THREAT, IAM, SYSMON-DRIVER-LOAD, SYSMON-SERVICE, SYSMON-WMI, SYSMON-PIPE, SYSMON-CONFIG, FIREWALL |
OS | Infoblox | NIOS (Advanced DNS Protection and DDI) | Syslog(CEF) | DNS, THREAT |
OS | Juniper Networks | JunOS | Syslog | AUTHENTICATION, FIREWALL, AUDITD |
OS | Linux | ALL | Syslog | AUTHENTICATION, AUDITD, IAM, CONFIGURATION, FIREWALL |
OS | Cisco | Cisco Air WLC | Syslog | AUTHENTICATION, IAM, THREAT |
OS | Cisco | Cisco (IOS and NX-OS) | Syslog | AUTHENTICATION, CONFIGURATION, FIREWALL, IAM |
OS | F5 | F5-BIGIP | Syslog | AUDITD, CONFIGURATION, AUTHENTICATION, FIREWALL |
OS | Broadcom | Brocade Fabric OS | Syslog | AUTHENTICATION |
OS | Citrix | XenServer | Syslog | AUTHENTICATION |
OS | Centrify | Centrify Infrastructure Services | Syslog(KV) | AUTHENTICATION, IAM, AUDITD, CONFIGURATION |
OS | Linux | ALL | Auditbeat | AUTHENTICATION, CONFIGURATION, AUDITD, IAM |
OS | Centrify | Centrify Infrastructure Services | Syslog(KV) | AUTHENTICATION, IAM, AUDITD, CONFIGURATION |
OS | VMWare | VMWare | Syslog | AUTHENTICATION, CONFIGURATION, AUDITD |
OS | Aruba | ArubaOS | Syslog | AUTHENTICATION, THREAT, IAM, CONFIGURATION |
FIREWALL | Netgate | pfSense | Syslog | FIREWALL |
FIREWALL | AlgoSec | AlgoSec Security Management Suite | Syslog(CEF) | AUTHENTICATION |
FIREWALL | PaloAlto | Palo Alto Networks | Syslog(LEEF) | FIREWALL, THREAT, AUTHENTICATION, CONFIGURATION |
FIREWALL | Zscaler | Zscaler Firewall | Syslog | FIREWALL, AUTHENTICATION, THREAT |
FIREWALL | Fortinet | FortiGate | Syslog(KV) | FIREWALL, THREAT, AUTHENTICATION, CONFIGURATION, IAM, WEBFILTER |
FIREWALL | Juniper | Juniper-Firewall | Syslog(KV) | FIREWALL, THREAT |
FIREWALL | Cisco | Cisco ASA | Syslog | AUTHENTICATION, THREAT, FIREWALL, CONFIGURATION, IAM |
FIREWALL | Ciena | Ciena (6500, 8700) | Syslog | AUTHENTICATION, IAM, THREAT |
FIREWALL | Cisco | Cisco FMC | Syslog | AUTHENTICATION, FIREWALL, THREAT, CONFIGURATION |
FIREWALL | Fortinet | FortiManager | Syslog(KV) | AUTHENTICATION, CONFIGURATION |
FIREWALL | Cisco | Cisco FTD | Syslog | FIREWALL, THREAT, AUTHENTICATION |
FIREWALL | WatchGuard | WatchGuard Firewall | Syslog | FIREWALL, THREAT, AUTHENTICATION, CONFIGURATION |
FIREWALL | CheckPoint | CheckPoint Firewall | Syslog(KV) | THREAT, FIREWALL, AUTHENTICATION, CONFIGURATION, IAM |
FIREWALL | Cisco | Cisco Meraki | Syslog | FIREWALL, THREAT, WEBFILTER |
FIREWALL | Sophos | Cyberoam Firewall | Syslog(KV) | AUTHENTICATION, THREAT, FIREWALL, CONFIGURATION |
WAF | Citrix | Citrix ADC | Syslog | AUTHENTICATION, FIREWALL |
WAF | Citrix | NetScaler WAF | Syslog(CEF) | THREAT |
WAF | Akamai | Akamai WAF | Syslog(CEF) | THREAT |
WAF | Fortinet | FortiWeb WAF | Syslog(CEF) | AUTHENTICATION, THREAT, IAM, CONFIGURATION, FIREWALL |
WAF | Indusface | Indusface AppTrana WAF | Indusface AppTrana | THREAT |
WAF | Imperva | Imperva WAF | Syslog(CEF) | THREAT |
WAF | Imperva | Incapsula WAF | Syslog(CEF) | THREAT |
WAF | Radware | Radware | Syslog(KV) | THREAT, AUTHENTICATION |
WAF | F5 BIG-IP | F5 BIG-IP | Syslog(CEF) | THREAT |
ENDPOINT-SECURITY | CrowdStrike | CrowdStrike Falcon | Syslog(CEF) | THREAT, AUTHENTICATION, IAM |
ENDPOINT-SECURITY | Forcepoint | Forcepoint DLP | Syslog(CEF) | THREAT |
ENDPOINT-SECURITY | Broadcom | Symantec ATP | Syslog(KV) | THREAT |
ENDPOINT-SECURITY | PaloAlto | Cortex | Syslog(CEF) | CONFIGURATION, THREAT |
ENDPOINT-SECURITY | VMWare | Carbon Black Response | Syslog | THREAT |
ENDPOINT-SECURITY | VMWare | Carbon Black EPP | Syslog | THREAT, IAM, AUTHENTICATION, CONFIGURATION |
ENDPOINT-SECURITY | Morphisec | Morphisec Guard | Syslog(CEF) | THREAT |
ENDPOINT-SECURITY | Trend Micro | Trend-Micro Network | Syslog(CEF) | THREAT, AUTHENTICATION, CONFIGURATION |
ENDPOINT-SECURITY | Trend Micro | Trend-Micro Endpoint | Syslog(CEF) | THREAT |
ENDPOINT-SECURITY | Dell | Dell Cylance | Syslog(KV) | THREAT, IAM, AUTHENTICATION |
ENDPOINT-SECURITY | SentinelOne | SentinelOne Endpoint Protection | Syslog(CEF) | AUTHENTICATION, CONFIGURATION, THREAT, IAM |
ENDPOINT-SECURITY | PaloAlto Networks | PaloAlto Traps ESM | Syslog(LEEF) | AUTHENTICATION, IAM, CONFIGURATION, THREAT |
ENDPOINT-SECURITY | Sophos | Sophos Endpoint | Syslog(KV) | THREAT, IAM |
ENDPOINT-SECURITY | Fortinet | FortiEDR | Syslog(KV) | THREAT |
ENDPOINT-SECURITY | McAfee | McAfee DLP | Syslog(XML) | THREAT, AUTHENTICATION, CONFIGURATION |
ENDPOINT-SECURITY | McAfee | McAfee IPS | Syslog | THREAT |
ENDPOINT-SECURITY | McAfee | McAfee EPO | RDBMS-Log-Shipper | THREAT |
ENDPOINT-SECURITY | VMWare | Carbon Black Defense | Syslog | THREAT, AUTHENTICATION |
ENDPOINT-SECURITY | Netskope | Netskope DLP | Syslog(CEF) | THREAT, AUTHENTICATION |
ENDPOINT-SECURITY | Broadcom | Symantec Endpoint Security | Syslog(KV) | THREAT, AUTHENTICATION, CONFIGURATION |
ENDPOINT-SECURITY | Trendmicro | Trendmicro Officescan | Syslog(KV) | THREAT |
ENDPOINT-SECURITY | Trend Micro | InterScan VirusWall | Syslog(KV) | THREAT |
ENDPOINT-SECURITY | Kaspersky | Kaspersky Endpoint Security Cloud | Syslog(CEF) | THREAT |
ENDPOINT-SECURITY | Trend Micro | Trend-Micro Cloud | Syslog(CEF) | AUTHENTICATION, THREAT, IAM, CONFIGURATION |
THREAT | Kaspersky Lab | Kaspersky CyberTrace | Syslog(LEEF) | THREAT |
THREAT | Trend Micro | Trend Micro Vision One | Trend Micro Audit Logs | AUTHENTICATION, IAM, CONFIGURATION |
THREAT | SAP | SAP Enterprise Threat Detection | Syslog(LEEF) | THREAT, AUTHENTICATION, IAM, CONFIGURATION |
THREAT | Darktrace | DCIP | Syslog(CEF) | IAM, AUTHENTICATION, THREAT |
THREAT | Arbor | Arbor Networks Pravail | Syslog | THREAT |
THREAT | Orca | Orca Security | Orca | THREAT |
THREAT | Cisco | Cisco AMP | NXLog | THREAT |
THREAT | FireEye Inc. | FireEye Threat | Syslog(CEF) | THREAT |
THREAT | Juniper | Cortex | Syslog(CEF) | AUTHENTICATION, CONFIGURATION, THREAT, IAM |
OFFICE | Microsoft | MS O365 | Office 365 | EMAIL-GATEWAY, AUTHENTICATION, IAM, DOCUMENTS, CONFIGURATION, THREAT |
OFFICE | Google Workspace | G Suite | G-Suite | AUTHENTICATION, IAM, CALENDAR, THREAT, DOCUMENTS |
WEBFILTER | HAProxy | HAProxy | Syslog | WEBFILTER |
WEBFILTER | McAfee | McAfee Web Gateway | Syslog(CEF) | AUTHENTICATION, THREAT, WEBFILTER |
WEBFILTER | ZScaler | ZScaler WebFilter | Syslog(LEEF) | WEBFILTER |
WEBFILTER | SafeSquid | SafeSquid Secure Web Gateway | Syslog | WEBFILTER, CONFIGURATION |
WEBFILTER | Symantec | Blue Coat ProxySG | Syslog(KV) | WEBFILTER, AUTHENTICATION, THREAT |
WEBFILTER | Forcepoint | Websense WebFilter | Syslog(CEF) | WEBFILTER |
IPS | Trend Micro | TippingPoint | Syslog | AUTHENTICATION, THREAT |
IPS | Radware | DefensePro | Syslog | THREAT |
IPS | Cisco | Cisco FirePOWER | Syslog(KV) | THREAT |
MAILSERVER | Zimbra | Zimbra Collaboration | Syslog | AUTHENTICATION, EMAIL-GATEWAY, THREAT, CONFIGURATION |
MAILSERVER | Microsoft | Microsoft Exchange Server | Syslog | EMAIL-GATEWAY |
WEBSERVER | Microsoft | IIS Webserver | NXLog | WEBSERVER |
WEBSERVER | Red Hat | JBoss WebServer | Syslog(Json) | WEBSERVER |
WEBSERVER | Apache | Tomcat Webserver | Syslog | WEBSERVER |
WEBSERVER | Apache | Apache Webserver | Syslog | WEBSERVER, AUTHENTICATION |
WEBSERVER | F5 | Nginx Webserver | Syslog | WEBSERVER |
DNS | ZScaler | ZScaler DNS | Syslog | DNS |
DHCP | Microsoft | Windows | Syslog | DHCP |
DECOY | Smokescreen | Smokescreen Decoy | Syslog(CEF) | THREAT, AUTHENTICATION |
ZERO-TRUST | Haltdos | Haltdos | Haltdos | WEBFILTER |
ZERO-TRUST | Accops | HySecure | Syslog | AUTHENTICATION |
ZERO-TRUST | Versa Networks | Versa Networks Zero Trust | Syslog(KV) | FIREWALL, WEBFILTER, THREAT |
CLOUD | Microsoft Azure | Azure | Azure | AZURE, FIREWALL |
CLOUD | McAfee | McAfee MVISION Cloud | Syslog(LEEF) | THREAT |
CLOUD | Amazon | Redshift | AWS S3 | AUTHENTICATION |
CLOUD | Google Cloud Platform | NXLog | WEBFILTER | |
CLOUD | Amazon | Amazon Simple Storage Service | AWS S3 | S3-ACCESS |
CLOUD | Amazon | Route 53 | AWS S3 | DNS |
CLOUD | Amazon | Amazon VPC | AWS S3 | FIREWALL |
CLOUD | Amazon | AWS WAF | AWS S3 | THREAT |
CLOUD | Amazon | AWS Security Hub | AWS S3 | COMPLIANCE, SECURITY-HUB, CONFIGURATION, THREAT |
CLOUD | Amazon | AWS CloudTrail | AWS S3 | AUTHENTICATION, CONFIGURATION, CLOUDTRAIL, IAM |
ACCESS-GATEWAY | Okta | Okta | Okta | AUTHENTICATION, CONFIGURATION, IAM, THREAT |
ACCESS-GATEWAY | Array Networks | SSL VPN | Syslog(KV) | AUTHENTICATION |
ACCESS-GATEWAY | Microsoft | Windows ADFS | NXLog | IAM, AUTHENTICATION |
ACCESS-GATEWAY | Cisco | Cisco ACS | Syslog(KV) | AUTHENTICATION |
ACCESS-GATEWAY | IBM | IBM DataPower Gateway | Syslog | AUTHENTICATION |
ACCESS-GATEWAY | PaloAlto | Prisma Cloud | Prisma Alerts | CONFIGURATION, PRISMA |
ACCESS-GATEWAY | Broadcom | Symantec Siteminder | Syslog | AUTHENTICATION |
MANAGEMENT-SERVER | Radware | AlteonOS | Syslog | AUTHENTICATION, CONFIGURATION |
MANAGEMENT-SERVER | Thales | Thales Luna Networks HSMs | Syslog | AUTHENTICATION |
MANAGEMENT-SERVER | Siemens | Teamcenter Enterprise PLM | Syslog | AUTHENTICATION |
MANAGEMENT-SERVER | IBM | IBM API Management | Syslog | AUTHENTICATION |
MANAGEMENT-SERVER | SafeNet Inc. | SafeNet KeySecure HSM | Syslog | AUTHENTICATION |
MANAGEMENT-SERVER | Snowflake | Snowflake | Snowflake | AUTHENTICATION |
MANAGEMENT-SERVER | Fortinet | FortiAuthenticator | Syslog(KV) | AUTHENTICATION |
MANAGEMENT-SERVER | Accops | HyWorks Controller | Syslog | AUTHENTICATION |
MANAGEMENT-SERVER | FireEye Inc. | FireEye Audit | Syslog | AUTHENTICATION, CONFIGURATION |
MANAGEMENT-SERVER | NetApp | ONTAP | Syslog | AUTHENTICATION |
MANAGEMENT-SERVER | Check Point | Check Point Software Technologies | Syslog | IAM, AUTHENTICATION |
MANAGEMENT-SERVER | Google Apps Audit | Syslog(KV) | AUTHENTICATION, IAM | |
MANAGEMENT-SERVER | Avaya | Avaya VPN Gateway | Syslog(KV) | AUTHENTICATION |
MANAGEMENT-SERVER | F5 | BIG-IP Access Policy Manager | Syslog(KV) | AUTHENTICATION |
CLOUD-STORAGE | Box | Box Cloud Storage | Box | DOCUMENTS, AUTHENTICATION, CONFIGURATION |
PIM | CyberArk | CyberArk PIM | Syslog(CEF) | AUTHENTICATION, THREAT, IAM |
NAC | Cisco | Cisco ISE | Syslog(KV) | AUTHENTICATION, IAM, THREAT, CONFIGURATION, COMPLIANCE |
NAC | ForeScout Technologies | CounterAct | Syslog(CEF) | COMPLIANCE |
NAC | Aruba Networks | ClearPass | Syslog(CEF) | IAM, AUTHENTICATION |
NTA | Network Traffic Analysis (NTA) | NTA | Network Traffic Analysis | NTA-CONNECTION, NTA-DHCP, NTA-DNS, NTA-DPD, NTA-FILES, NTA-FTP, NTA-HTTP, NTA-IRC, NTA-KERBEROS, NTA-MODBUS, NTA-MYSQL, NTA-AUTHENTICATION-NTLM, NTA-NTP, NTA-AUTHENTICATION-RADIUS, NTA-RDP, NTA-AUTHENTICATION-RFB, NTA-SIP, NTA-SNMP, NTA-SSH, NTA-SSL, NTA-TUNNEL, NTA-CERTIFICATE, NTA-SMB, NTA-DCE-RPC, NTA-DNP3, NTA-SMTP |
EMAIL-GATEWAY | Mimecast | Mimecast Secure Email Gateway | Syslog(KV) | EMAIL-GATEWAY, THREAT, AUTHENTICATION, IAM, CONFIGURATION |
EMAIL-GATEWAY | Cisco | Cisco IronPort | Syslog(CEF) | EMAIL-GATEWAY, THREAT |
EMAIL-GATEWAY | Trend Micro | Deep Discovery Email Inspector | Syslog(CEF) | EMAIL-GATEWAY, CONFIGURATION, AUTHENTICATION, THREAT |
DATABASE | Oracle | Oracle | Syslog | AUTHENTICATION, IAM |
DATABASE | Oracle | Oracle | NXLog | AUTHENTICATION |
DATABASE | Microsoft | SQL Server | NXLog | AUTHENTICATION, CONFIGURATION |
STORAGE | Hitachi | Hitachi Vantara | Syslog | AUTHENTICATION |
STORAGE | Dell EMC | PowerMax | Syslog(KV) | CONFIGURATION, AUTHENTICATION |
DAM | Oracle | Oracle Audit Vault | Syslog(KV) | AUTHENTICATION, CONFIGURATION |
DAM | IBM | IBM Guardium | Syslog(KV) | AUTHENTICATION, IAM |
DAM | Imperva | Imperva DAM | Syslog(CEF) | AUTHENTICATION |
PAM | Arcon | Arcos | RDBMS-Log-Shipper | AUTHENTICATION |
UTM | Sophos | Sophos UTM | Syslog(KV) | WEBFILTER, THREAT, FIREWALL, AUTHENTICATION |
The DDM repository can be found here : Blueprint
Note - The above list of Extractors are DNIF's Supported Beta Extractors. DNIF brings improvements into these from performance and efficiency angle on continuous basis.