The table contains a list of event sources supported by MaxPatrol SIEM. The sources are shown with standard data collection profiles.
Source | Version | Profile |
---|---|---|
1C:Enterprise | 8.2, 8.3 | 1CEnterprise8 (Thick client) |
IT Bastion, IT provider supervision systems | 5.0 | SysLog |
ES-prom, Hardware and Software Appliance "Bastion" (APK "Bastion") | 1.7.4.10 | Bastion (Firebird) |
Security Code, Secret Net | 7.6, 7.7 | SecretNet_Universal_Mssql, SecretNetLog_Oracle |
Security Code, Secret Net LSP | 1.3.231, 1.6.253, 1.7.522 | SysLog |
Security Code, Secret Net Studio | 8.2—8.5 | SecretNet_Universal_Mssql |
Security Code, TrustAccess | 1.3 | WinEventLogTrustAccess |
Security Code, vGate | 2.7, 2.8 | SNMP Trap |
Security Code, vGate | 3.0 | SysLog |
Security Code, Hardware and Software Encryption Appliance "Continent" (APKSh "Continent") | 3.7, 3.9 | Kontinent_AlertLog, Kontinent_PacketLog, Kontinent_ServerAccessLog, Kontinent_SystemLog |
Security Code, Hardware and Software Encryption Appliance "Continent" (APKSh "Continent") | 4.0.2 | SysLog |
Confident, Dallas Lock | 8.0.347.20 | Dallas Lock 8 (network events), Dallas Lock 8 (user events), Dallas Lock 8 (system events) |
Microlink, ML-IPSW | 3300 | SysLog |
Factor-TS, Dionis-NX | 2.0 | SysLog, NetFlow |
ELVIS-PLUS, ZASTAVA-Client | 6.1 | SysLog |
ELVIS-PLUS, ZASTAVA-Office | 6.1 | SysLog |
ELVIS-PLUS, ZASTAVA-Management | 6.3 | ZASTAVA MSSQL, ZASTAVA PostgreSQL |
ELVIS-PLUS, ZASTAVA-Management | 7 | Zastava_Management_7 |
Acronis Backup | 12.5 | Acronis Backup activities (userscript) |
ALT Linux | 8 | SysLog |
Apache HTTP Server | 2.4 | SysLog |
Astra Linux Special Edition | 1.6, 1.7 | SysLog |
Atlassian Confluence Data Center | 7.5–7.17 | SysLog |
Atlassian Confluence Server | 7.5–7.17 | SysLog, Confluence 7 Audit (MySQL) |
Avaya ERS 5500 | 5.0.0.4, 6.0.0.18 | SysLog |
BIND | 9.9.4, 9.11.6 | SysLog |
CentOS | 7, 8 | SysLog |
Check Point GAiA OS | 76, 77.10—81.10 | CheckpointOpsecLog |
Cisco ACS | 5.4.x, 5.6.x | SysLog |
Cisco ASA | 8, 9 | SysLog, NetFlow |
Cisco IOS | 12, 15 | SysLog, NetFlow |
Cisco IOS XE | 2, 3 | SysLog, NetFlow |
Cisco IOS XR | 4, 5, 6 | SysLog |
Cisco IPS | 6.x | SNMPTrap |
Cisco Identity Services Engine (ISE) | 2.3 | SysLog |
Cisco NX-OS | 4.x—7.x | SysLog |
Cisco AireOS Wireless Controller | 7 | SysLog, SNMP Trap |
Cloud Native Computing Foundation Kubernetes (K8S) | 1.x | SysLog |
Commvault Complete Backup & Recovery | 11 SP17 | Commvault Backup Recovery MSSQL |
Debian | 9, 10 | SysLog |
Dr.Web Enterprise Security Suite | 6, 10 | Dr Web v10 or earlier for MSSQL, Dr Web v10 or earlier for PostgreSQL |
Dr.Web Enterprise Security Suite | 11, 12 | Dr Web v11 or later IT events detection for MSSQL, |
Entensys UserGate Proxy&Firewall | 6.5 | EntensysUserGate6_firebird_appfw, EntensysUserGate6_firebird_sov, EntensysUserGate6_mysql_appfw, EntensysUserGate6_mysql_sov |
Entensys UserGate UTM | 5.0 | SysLog |
ESET Remote Administrator | 5.3.3 | SysLog, EsetEraFirewall, EsetEraAntivirus |
ESET Security Management Center | 7.0 | SysLog |
FortiNet FortiGate | 4.0, 5.4.2 | SysLog |
GitLab | 13.0–14.9 | SysLog |
HAProxy | 1, 2 | SysLog |
HPE iLO | 4 | SysLog |
Huawei VRP S5700 (V200R001C00) | 5.110 | SysLog |
IBM AIX | 5.3, 6.1, 7.1 | SysLog |
IBM Internet Security Systems SiteProtector | 3.1 | IBM_ISS_SiteProtector, |
Imperva Incapsula | 2017-04-02 | Imperva Incapsula |
Infotecs ViPNet Administrator | 4.6.2 | ViPNet_Administrator |
Infotecs ViPNet StateWatcher | 3.2.5 | Vipnet_StateWatcher_PostgreSQL |
Infotecs ViPNet StateWatcher | 4.3.0 | Vipnet_StateWatcher_PostgreSQL4.3 |
InfoWatch Device Monitor | 6.10, 7.0.5 | InfoWatchDeviceMonitor_v6.10_or_later_MSSQL, InfoWatchDeviceMonitor_v6.10_or_later_PostgreSQL |
InfoWatch Traffic Monitor | 6.7 | InfoWatchTrafficMonitor6_Audit_PostgreSQL, InfoWatchTrafficMonitor6_Sensors, InfoWatchTrafficMonitor6_Sensors_PostgreSQL, SysLog |
InfoWatch Traffic Monitor | 6.10, 6.11 | InfoWatch Traffic Monitor — Data Export API, InfoWatchTrafficMonitor6_Audit_PostgreSQL, InfoWatchTrafficMonitor6_Sensors_2, InfoWatchTrafficMonitor6_Sensors_PostgreSQL_2, SysLog |
InfoWatch Traffic Monitor | 7.1 | InfoWatch Traffic Monitor — Audit API |
InfoWatch Person Monitor | 8.33 | Infowatch Person Monitor alerts by PC, Infowatch Person Monitor alerts by user, Infowatch Person Monitor IT events |
Iptables | 1.4.8 | SysLog |
Juniper JunOS | 11—14 | SysLog |
JetBrains TeamCity | 2021 | SysLog |
JFrog Artifactory | 6, 7 | SysLog |
Kaspersky Anti Targeted Attack Platform (KATA) | 2.0.0, 3.0.0 | SysLog |
Kaspersky Endpoint Security | 10 | KasperskyEventLog |
Kaspersky Endpoint Security | 11 | KasperskyEndpointSecurity11 |
Kaspersky Secure Mail Gateway | 1.1.0 | SysLog |
Kaspersky Security Center | 8–11, 13 | KasperskySecurityCenter_Events_Microsoft_SQL, |
Kaspersky Security for Linux Mail Server | 8.0 | SysLog |
Kaspersky Security for Microsoft Exchange Servers | 9.4.189 | WinEventLogKasperskySecurityforExchange |
Kaspersky Security for Microsoft SharePoint Server | 9.3.58811 | WinEventLogKasperskySecurityforSharePoint |
Kerio Control | 9.0 | SysLog |
KVM | 2.5 | SysLog |
libvirt | 1.3.1 | SysLog |
Lumension Endpoint Security | 4.4 | LumensionEndpointSecurity |
LXD | 2.x | SysLog |
McAfee (Forcepoint) Next Generation Firewall | 5.3.3, 5.8.3 | SysLog |
Microsoft Active Directory Federation Services | 2.0, 3.0 | WinEventLogMSADFS20 |
Microsoft Active Directory in Windows Server 2008, 2008 R2, 2012, 2012 R2 | — | WinEventLogMSAD |
Microsoft Certification Authority (CA) | Windows Server 2008, 2008 R2, 2012, 2012 R2 | WinEventLog |
Microsoft DHCP client | Windows Server 2008, 2012 | WinEventLog |
Microsoft DHCP server | Windows Server 2003, 2003 R2 | EventLog via WMI, Microsoft_DHCP_Server_Log |
Microsoft DHCP server | Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016 | WinEventLog, Microsoft_DHCP_Server_Log |
Microsoft DNS server | Windows Server 2008, 2012 | WinEventLog |
Microsoft DNS server | Windows 2008 R2, 2012 R2 | Microsoft_DNS_Server_Debug_log |
Microsoft Exchange Server | 2003 | EventLog via WMI, Microsoft_Exchange_2003 |
Microsoft Exchange Server | 2007 | WinEventLog, Microsoft_Exchange_2007 |
Microsoft Exchange Server | 2010 | WinEventLog, |
Microsoft Exchange Server | 2013 | WinEventLog, |
Microsoft Exchange Server | 2016 | WinEventLog, |
Microsoft Forefront TMG | 7.0 | ForefrontTMG_Firewall_Filemonitor, ForefrontTMG_Proxy_Filemonitor, Forefront_TMG_Firewall_MSSQL, Forefront_TMG_Proxy_MSSQL |
Microsoft Internet Information Services | 6.0, 7.5, 8.5 | InternetInformationServices |
Microsoft SharePoint Server | 2013 | SharePointServer |
Microsoft SQL Server | 2005 | EventLog via WMI |
Microsoft SQL Server | 2008, 2012, 2014 | WinEventLog |
Microsoft Sysmon | 8–14 | WinEventLogSysmon |
Microsoft System Center Configuration Manager (SCCM) | 2007 | SCCMEvents, SCCMDetectSoftware, SCCMDetectUSBDevices |
Microsoft System Center Operations Manager (SCOM) | 2012 R2 | SystemCenterOperationsManager |
Microsoft Windows | XP, Server 2003, Server 2003 R2 | WindowsFileLog, EventLog via WMI, WMI Notification |
Microsoft Windows | Vista, 7, 8, 8.1, 10, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Server 2016, Server 2019 | WinEventLog, WindowsFileLog, EventLog via WMI, WMI Notification |
Microsoft Windows Defender | 4.x | WinEventLogWindowsDefender |
Microsoft Windows Server Update Services (WSUS) | Windows Server 2008, 2008 R2, 2012, 2012 R2 | WinEventLog |
Microsoft Windows Terminal Services | 6.3 | WinEventLogMSTS |
Netwrix Auditor | 9.6 | Netwrix_Auditor_Wineventlog, Netwrix_Auditor_odbc_alerts, Netwrix_Auditor_API_CEF |
Nextcloud | 13 | SysLog |
NFS server in Unix-family OSs | 1.2.8 | SysLog |
Nginx | 1.2, 1.8, 1.9 | SysLog |
NLnet Labs NSD | 4.x | SysLog |
NLnet Labs Unbound | 1.4.x | SysLog |
OpenConnect VPN Server | 0.10.11, 1.1.0 | SysLog |
Oracle Net Listener | 11, 12, 18 | Oracle Listener Log (windows) |
Oracle Database | 10, 11, 12, 18 | Oracle Listener log (windows), Oracle Audit Trail XML (windows), Oracle Audit Trail XML (unix), OracleAuditTrail |
Oracle Linux | 7, 8 | SysLog |
Oracle MySQL | 5.7.10 | SysLog |
oVirt Engine | 4.3.0–4.4.9 | SysLog |
Palo Alto Networks PAN-OS | 6–10 | SysLog |
Parsec ParsecNET 3 | 3.7 | Parsec3Events |
Passwork | 4.7–4.10 | SysLog |
Positive Technologies Application Firewall (PT AF) | 3.7.1, 4 | SysLog |
Positive Technologies Industrial Security Incident Manager (ISIM) netView Sensor | 1.6, 2, 3 | SysLog |
Positive Technologies Management and Configuration | 24.1 | WindowsFileLog |
Positive Technologies MaxPatrol | 8 | WindowsFileLog |
Positive Technologies MultiScanner | 2.9 | SysLog |
Positive Technologies NAD | 1, 2, 7–10.3 | NAD Sensor |
Positive Technologies Sandbox | 4 | SysLog |
Positive Technologies XDR | 3 | SysLog |
Postfix | 2, 3 | SysLog |
PostgreSQL | 9.5, 9.6, 10–13 | SysLog, WinEventLog |
PowerDNS Authoritative Server | 3, 4 | SysLog |
ProFTPD | 1.3.7 | SysLog |
Red Hat Enterprise Linux | 7, 8 | SysLog |
Red Hat Virtualization Manager | 4.3.0–4.4.9 | SysLog |
SAP HANA | 1.x | SysLog |
SAP Mobile Platform | 2.0 | SapMobilePlatformLog |
SAP NetWeaver ABAP | 6.4, 7 | SAP RFC Event Collector, SapAbapSecurityAudit_win, SapAbapSecurityAudit_nix, SapAbapTransportLogALOG |
SAP NetWeaver AS JAVA | 7.x | SapAsJavaLog_win, SapAsJavaLog_nix |
SAP SAProuter | 38 | SapRouterLog |
Sendmail | 8.x | SysLog |
SmartLine DeviceLock DLP | 7.3, 8.1, 8.2, 8.3 | DeviceLockLog, SysLog |
Snort | 2.9 | SysLog |
S-Terra VPN Gate | 4.1 | SysLog |
Suricata | 3.1 | SysLog |
SUSE Linux Enterprise Server | 12, 15 | SysLog |
Symantec Endpoint Protection | 12.1 | SymantecEPMSecurityEvents, SymantecEPMSystemEvents, SymantecEPMVirusAlert |
Symantec Endpoint Protection | 14.0, 14.3 | SysLog |
TACACS+ | F4.0.4.19 | SysLog |
TeamPass | 2.1.26 | TeamPass_user_events_MySQL |
Umbraco CMS | 7.7.1 | WindowsFileLog |
Vaultize Virtual Data Room | 18.07.09 | SysLog |
Veeam Backup & Replication | 11.0.0 | WinEventLog |
Veritas (Symantec) NetBackup | 8.1.1 | Veritas NetBackup jobs, Veritas NetBackup audit |
VMware vCenter Server | 5.5–7.0 | vSphereEventLog, SysLog |
VMware vSphere Hypervisor (ESXi) | 5.5–7.0 | SysLog |
Wallarm | 2.14 | wallarm api events collector |
WatchGuard FireWare | XTMv 11.12.2 | SysLog |
Yandex Cloud | 2022 | Yandex Data Stream |
Zabbix | 4.0, 5.0, 5.4, 6.0 | Zabbix 4 Audit (MySQL), Zabbix 4 Audit (PostgreSQL), Zabbix 5.0 Audit (MySQL), Zabbix 5.0 Audit (PostgreSQL), Zabbix 5.4 Audit (MySQL), Zabbix 5.4 Audit (PostgreSQL), Zabbix 6.0 Audit (MySQL), Zabbix 6.0 Audit (PostgreSQL) |
Zecurion zGate | 7.0 | ZecurionZGate7Journal, ZecurionZGate7Proxy |