Supported sources and profiles for data collection

The table contains a list of event sources supported by MaxPatrol SIEM. The sources are shown with standard data collection profiles.

Supported sources and profiles for data collection

Source

Version

Profile

1C:Enterprise

8.2, 8.3

1CEnterprise8 (Thick client)

IT Bastion, IT provider supervision systems

5.0

SysLog

ES-prom, Hardware and Software Appliance "Bastion" (APK "Bastion")

1.7.4.10

Bastion (Firebird)

Security Code, Secret Net

7.6, 7.7

SecretNet_Universal_Mssql, SecretNetLog_Oracle

Security Code, Secret Net LSP

1.3.231, 1.6.253, 1.7.522

SysLog

Security Code, Secret Net Studio

8.2—8.5

SecretNet_Universal_Mssql

Security Code, TrustAccess

1.3

WinEventLogTrustAccess

Security Code, vGate

2.7, 2.8

SNMP Trap

Security Code, vGate

3.0

SysLog

Security Code, Hardware and Software Encryption Appliance "Continent" (APKSh "Continent")

3.7, 3.9

Kontinent_AlertLog, Kontinent_PacketLog, Kontinent_ServerAccessLog, Kontinent_SystemLog

Security Code, Hardware and Software Encryption Appliance "Continent" (APKSh "Continent")

4.0.2

SysLog

Confident, Dallas Lock

8.0.347.20

Dallas Lock 8 (network events), Dallas Lock 8 (user events), Dallas Lock 8 (system events)

Microlink, ML-IPSW

3300

SysLog

Factor-TS, Dionis-NX

2.0

SysLog, NetFlow

ELVIS-PLUS, ZASTAVA-Client

6.1

SysLog

ELVIS-PLUS, ZASTAVA-Office

6.1

SysLog

ELVIS-PLUS, ZASTAVA-Management

6.3

ZASTAVA MSSQL, ZASTAVA PostgreSQL

ELVIS-PLUS, ZASTAVA-Management

7

Zastava_Management_7

Acronis Backup

12.5

Acronis Backup activities (userscript)

ALT Linux

8

SysLog

Apache HTTP Server

2.4

SysLog

Astra Linux Special Edition

1.6, 1.7

SysLog

Atlassian Confluence Data Center

7.5–7.17

SysLog

Atlassian Confluence Server

7.5–7.17

SysLog, Confluence 7 Audit (MySQL)

Avaya ERS 5500

5.0.0.4, 6.0.0.18

SysLog

BIND

9.9.4, 9.11.6

SysLog

CentOS

7, 8

SysLog

Check Point GAiA OS

76, 77.10—81.10

CheckpointOpsecLog

Cisco ACS

5.4.x, 5.6.x

SysLog

Cisco ASA

8, 9

SysLog, NetFlow

Cisco IOS

12, 15

SysLog, NetFlow

Cisco IOS XE

2, 3

SysLog, NetFlow

Cisco IOS XR

4, 5, 6

SysLog

Cisco IPS

6.x

SNMPTrap

Cisco Identity Services Engine (ISE)

2.3

SysLog

Cisco NX-OS

4.x—7.x

SysLog

Cisco AireOS Wireless Controller

7

SysLog, SNMP Trap

Cloud Native Computing Foundation Kubernetes (K8S)

1.x

SysLog

Commvault Complete Backup & Recovery

11 SP17

Commvault Backup Recovery MSSQL

Debian

9, 10

SysLog

Dr.Web Enterprise Security Suite

6, 10

Dr Web v10 or earlier for MSSQL, Dr Web v10 or earlier for PostgreSQL

Dr.Web Enterprise Security Suite

11, 12

Dr Web v11 or later IT events detection for MSSQL,
Dr Web v11 or later Malware detection for MSSQL,
Dr Web v11 or later Preventive protection for MSSQL,
Dr Web v11 or later IT events detection for PostgreSQL,
Dr Web v11 or later Malware detection for PostgreSQL,
Dr Web v11 or later Preventive protection for PostgreSQL

Entensys UserGate Proxy&Firewall

6.5

EntensysUserGate6_firebird_appfw, EntensysUserGate6_firebird_sov, EntensysUserGate6_mysql_appfw, EntensysUserGate6_mysql_sov

Entensys UserGate UTM

5.0

SysLog

ESET Remote Administrator

5.3.3

SysLog, EsetEraFirewall, EsetEraAntivirus

ESET Security Management Center

7.0

SysLog

FortiNet FortiGate

4.0, 5.4.2

SysLog

GitLab

13.0–14.9

SysLog

HAProxy

1, 2

SysLog

HPE iLO

4

SysLog

Huawei VRP S5700 (V200R001C00)

5.110

SysLog

IBM AIX

5.3, 6.1, 7.1

SysLog

IBM Internet Security Systems SiteProtector

3.1

IBM_ISS_SiteProtector,
WinEventLogSiteProtectorApplicationServer

Imperva Incapsula

2017-04-02

Imperva Incapsula

Infotecs ViPNet Administrator

4.6.2

ViPNet_Administrator

Infotecs ViPNet StateWatcher

3.2.5

Vipnet_StateWatcher_PostgreSQL

Infotecs ViPNet StateWatcher

4.3.0

Vipnet_StateWatcher_PostgreSQL4.3

InfoWatch Device Monitor

6.10, 7.0.5

InfoWatchDeviceMonitor_v6.10_or_later_MSSQL, InfoWatchDeviceMonitor_v6.10_or_later_PostgreSQL

InfoWatch Traffic Monitor

6.7

InfoWatchTrafficMonitor6_Audit_PostgreSQL, InfoWatchTrafficMonitor6_Sensors, InfoWatchTrafficMonitor6_Sensors_PostgreSQL, SysLog

InfoWatch Traffic Monitor

6.10, 6.11

InfoWatch Traffic Monitor — Data Export API, InfoWatchTrafficMonitor6_Audit_PostgreSQL, InfoWatchTrafficMonitor6_Sensors_2, InfoWatchTrafficMonitor6_Sensors_PostgreSQL_2, SysLog

InfoWatch Traffic Monitor

7.1

InfoWatch Traffic Monitor — Audit API

InfoWatch Person Monitor

8.33

Infowatch Person Monitor alerts by PC, Infowatch Person Monitor alerts by user, Infowatch Person Monitor IT events

Iptables

1.4.8

SysLog

Juniper JunOS

11—14

SysLog

JetBrains TeamCity

2021

SysLog

JFrog Artifactory

6, 7

SysLog

Kaspersky Anti Targeted Attack Platform (KATA)

2.0.0, 3.0.0

SysLog

Kaspersky Endpoint Security

10

KasperskyEventLog

Kaspersky Endpoint Security

11

KasperskyEndpointSecurity11

Kaspersky Secure Mail Gateway

1.1.0

SysLog

Kaspersky Security Center

8–11, 13

KasperskySecurityCenter_Events_Microsoft_SQL,
KasperskySecurityCenter_Hosts_Microsoft_SQL,
KasperskySecurityCenter_Executables_Microsoft_SQL,
KasperskySecurityCenter_Products_Microsoft_SQL,
KasperskySecurityCenter_Events_MySQL,
KasperskySecurityCenter_Hosts_MySQL,
KasperskySecurityCenter_Executables_MySQL,
KasperskySecurityCenter_Products_MySQL,
Syslog

Kaspersky Security for Linux Mail Server

8.0

SysLog

Kaspersky Security for Microsoft Exchange Servers

9.4.189

WinEventLogKasperskySecurityforExchange

Kaspersky Security for Microsoft SharePoint Server

9.3.58811

WinEventLogKasperskySecurityforSharePoint

Kerio Control

9.0

SysLog

KVM

2.5

SysLog

libvirt

1.3.1

SysLog

Lumension Endpoint Security

4.4

LumensionEndpointSecurity

LXD

2.x

SysLog

McAfee (Forcepoint) Next Generation Firewall

5.3.3, 5.8.3

SysLog

Microsoft Active Directory Federation Services

2.0, 3.0

WinEventLogMSADFS20

Microsoft Active Directory in Windows Server 2008, 2008 R2, 2012, 2012 R2

WinEventLogMSAD

Microsoft Certification Authority (CA)

Windows Server 2008, 2008 R2, 2012, 2012 R2

WinEventLog

Microsoft DHCP client

Windows Server 2008, 2012

WinEventLog

Microsoft DHCP server

Windows Server 2003, 2003 R2

EventLog via WMI, Microsoft_DHCP_Server_Log

Microsoft DHCP server

Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016

WinEventLog, Microsoft_DHCP_Server_Log

Microsoft DNS server

Windows Server 2008, 2012

WinEventLog

Microsoft DNS server

Windows 2008 R2, 2012 R2

Microsoft_DNS_Server_Debug_log

Microsoft Exchange Server

2003

EventLog via WMI, Microsoft_Exchange_2003

Microsoft Exchange Server

2007

WinEventLog, Microsoft_Exchange_2007

Microsoft Exchange Server

2010

WinEventLog,
Microsoft_Exchange_2010,
Microsoft Exchange 2010 or later (mailbox audit),
Microsoft Exchange 2010 or later (SmtpReceive)

Microsoft Exchange Server

2013

WinEventLog,
Microsoft_Exchange_2013,
Microsoft Exchange 2013 or later (mailbox logon),
Microsoft Exchange 2010 or later (mailbox audit)

Microsoft Exchange Server

2016

WinEventLog,
Microsoft_Exchange_2016,
Microsoft Exchange 2013 or later (mailbox logon),
Microsoft Exchange 2010 or later (mailbox audit)

Microsoft Forefront TMG

7.0

ForefrontTMG_Firewall_Filemonitor, ForefrontTMG_Proxy_Filemonitor, Forefront_TMG_Firewall_MSSQL, Forefront_TMG_Proxy_MSSQL

Microsoft Internet Information Services

6.0, 7.5, 8.5

InternetInformationServices

Microsoft SharePoint Server

2013

SharePointServer

Microsoft SQL Server

2005

EventLog via WMI

Microsoft SQL Server

2008, 2012, 2014

WinEventLog

Microsoft Sysmon

8–14

WinEventLogSysmon

Microsoft System Center Configuration Manager (SCCM)

2007

SCCMEvents, SCCMDetectSoftware, SCCMDetectUSBDevices

Microsoft System Center Operations Manager (SCOM)

2012 R2

SystemCenterOperationsManager

Microsoft Windows

XP, Server 2003, Server 2003 R2

WindowsFileLog, EventLog via WMI, WMI Notification

Microsoft Windows

Vista, 7, 8, 8.1, 10, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Server 2016, Server 2019

WinEventLog, WindowsFileLog, EventLog via WMI, WMI Notification

Microsoft Windows Defender

4.x

WinEventLogWindowsDefender

Microsoft Windows Server Update Services (WSUS)

Windows Server 2008, 2008 R2, 2012, 2012 R2

WinEventLog

Microsoft Windows Terminal Services

6.3

WinEventLogMSTS

Netwrix Auditor

9.6

Netwrix_Auditor_Wineventlog, Netwrix_Auditor_odbc_alerts, Netwrix_Auditor_API_CEF

Nextcloud

13

SysLog

NFS server in Unix-family OSs

1.2.8

SysLog

Nginx

1.2, 1.8, 1.9

SysLog

NLnet Labs NSD

4.x

SysLog

NLnet Labs Unbound

1.4.x

SysLog

OpenConnect VPN Server

0.10.11, 1.1.0

SysLog

Oracle Net Listener

11, 12, 18

Oracle Listener Log (windows)

Oracle Database

10, 11, 12, 18

Oracle Listener log (windows), Oracle Audit Trail XML (windows), Oracle Audit Trail XML (unix), OracleAuditTrail

Oracle Linux

7, 8

SysLog

Oracle MySQL

5.7.10

SysLog

oVirt Engine

4.3.0–4.4.9

SysLog

Palo Alto Networks PAN-OS

6–10

SysLog

Parsec ParsecNET 3

3.7

Parsec3Events

Passwork

4.7–4.10

SysLog

Positive Technologies Application Firewall (PT AF)

3.7.1, 4

SysLog

Positive Technologies Industrial Security Incident Manager (ISIM) netView Sensor

1.6, 2, 3

SysLog

Positive Technologies Management and Configuration

24.1

WindowsFileLog

Positive Technologies MaxPatrol

8

WindowsFileLog

Positive Technologies MultiScanner

2.9

SysLog

Positive Technologies NAD

1, 2, 7–10.3

NAD Sensor

Positive Technologies Sandbox

4

SysLog

Positive Technologies XDR

3

SysLog

Postfix

2, 3

SysLog

PostgreSQL

9.5, 9.6, 10–13

SysLog, WinEventLog

PowerDNS Authoritative Server

3, 4

SysLog

ProFTPD

1.3.7

SysLog

Red Hat Enterprise Linux

7, 8

SysLog

Red Hat Virtualization Manager

4.3.0–4.4.9

SysLog

SAP HANA

1.x

SysLog

SAP Mobile Platform

2.0

SapMobilePlatformLog

SAP NetWeaver ABAP

6.4, 7

SAP RFC Event Collector, SapAbapSecurityAudit_win, SapAbapSecurityAudit_nix, SapAbapTransportLogALOG

SAP NetWeaver AS JAVA

7.x

SapAsJavaLog_win, SapAsJavaLog_nix

SAP SAProuter

38

SapRouterLog

Sendmail

8.x

SysLog

SmartLine DeviceLock DLP

7.3, 8.1, 8.2, 8.3

DeviceLockLog, SysLog

Snort

2.9

SysLog

S-Terra VPN Gate

4.1

SysLog

Suricata

3.1

SysLog

SUSE Linux Enterprise Server

12, 15

SysLog

Symantec Endpoint Protection

12.1

SymantecEPMSecurityEvents, SymantecEPMSystemEvents, SymantecEPMVirusAlert

Symantec Endpoint Protection

14.0, 14.3

SysLog

TACACS+

F4.0.4.19

SysLog

TeamPass

2.1.26

TeamPass_user_events_MySQL

Umbraco CMS

7.7.1

WindowsFileLog

Vaultize Virtual Data Room

18.07.09

SysLog

Veeam Backup & Replication

11.0.0

WinEventLog

Veritas (Symantec) NetBackup

8.1.1

Veritas NetBackup jobs, Veritas NetBackup audit

VMware vCenter Server

5.5–7.0

vSphereEventLog, SysLog

VMware vSphere Hypervisor (ESXi)

5.5–7.0

SysLog

Wallarm

2.14

wallarm api events collector

WatchGuard FireWare

XTMv 11.12.2

SysLog

Yandex Cloud

2022

Yandex Data Stream

Zabbix

4.0, 5.0, 5.4, 6.0

Zabbix 4 Audit (MySQL), Zabbix 4 Audit (PostgreSQL), Zabbix 5.0 Audit (MySQL), Zabbix 5.0 Audit (PostgreSQL), Zabbix 5.4 Audit (MySQL), Zabbix 5.4 Audit (PostgreSQL), Zabbix 6.0 Audit (MySQL), Zabbix 6.0 Audit (PostgreSQL)

Zecurion zGate

7.0

ZecurionZGate7Journal, ZecurionZGate7Proxy

The website uses cookies according to the cookie policy.