Справочный портал
MaxPatrol SIEM 7.2 (26.0) · Справка
Русский
Справочник по настройке источников
Под­дер­жи­ва­е­мые ис­точ­ни­ки и про­фи­ли для сбо­ра со­бы­тий

В таб­ли­це при­ве­ден спи­сок под­дер­жи­ва­е­мых MaxPatrol SIEM ис­точ­ни­ков со­бы­тий. Для ис­точ­ни­ков ука­за­ны стан­дарт­ные про­фи­ли для сбо­ра со­бы­тий.

Под­дер­жи­ва­е­мые ис­точ­ни­ки и про­фи­ли для сбо­ра со­бы­тий

Ис­точ­ник

Вер­сия

Про­филь

«1C:Пред­при­я­ти­е»

8.2, 8.3

1CEnterprise8 (Thick client)

«Ай­Ти Ба­сти­он», «Си­сте­мы кон­тро­ля дей­ствий по­став­щи­ков ИТ-услуг (СКД­ПУ)»

5.0

SysLog

«Бит­рикс24»

23.300.100

SSH, ODBC

«ЕС-про­м», АПК «Ба­сти­он»

1.7.4.10

Bastion (Firebird)

ЗАО «Топ Си­сте­мы», T-FLEX PLM

17

SMB

«ИВ­К», «Коль­чу­га-К»

ре­лиз 19.12.2019

WindowsFileLog

«Ин­фо­ТеКС» ViPNet TIAS

3.4—3.6

SysLog

«Ин­фо­ТеКС» ViPNet TIAS

3.8

SysLog, ViPNet TIAS API events collector

«Ки­бер­про­тек­т», «Ки­бер Бэка­п»

15

Syslog, Acronis Backup activities (userscript)

«Код без­опас­но­сти», Secret Net

7.6, 7.7

SecretNet_Universal_Mssql, SecretNetLog_Oracle

«Код без­опас­но­сти», Secret Net LSP

1.3.231, 1.6.253, 1.7.522

SysLog

«Код без­опас­но­сти», Secret Net Studio

8.2—8.10

SecretNet_Universal_Mssql

«Код без­опас­но­сти», TrustAccess

1.3

WinEventLogTrustAccess

«Код без­опас­но­сти», vGate

2.7, 2.8

SNMP Trap Collector

«Код без­опас­но­сти», vGate

3.0

SysLog

«Код без­опас­но­сти», АПКШ «Кон­ти­нен­т»

3.4—3.7, 3.9

Kontinent_AlertLog, Kontinent_PacketLog, Kontinent_ServerAccessLog, Kontinent_SystemLog

«Код без­опас­но­сти», АПКШ «Кон­ти­нен­т»

4.0.2

SysLog

«Кон­фи­ден­т», Dallas Lock

8.0.347.20

Dallas Lock events collector

«Мик­ро­лин­к», ML-IPSW

3300

SysLog

«М­СВ­Сфе­ра», «Сер­вер»

3.0

SysLog

«НИИ СОК­Б», UEM SafeMobile

7.1.2

SysLog, UEM SafeMobile 7 for PostgreSQL

«ООО ВК», VK Cloud

2023

customeventcollector

«ОКБ СА­ПР», «Ак­корд СУ­ЦУ»

1.0

AccordSucuCsvLog

«РЕД СОФ­Т», «РЕД ОС»

7.1—7.3

SysLog

«Ру­с­БИ­Тех», Astra Linux

1.4 SE—1.7 SE

SysLog, auditd

«С-Тер­ра Си­Эс­Пи». «С-Тер­ра Шлюз»

4.3

SysLog

«Фак­тор-ТС», Dionis-NX

2.0

SysLog, NetFlow

«ЭЛ­ВИС-ПЛЮС», «ЗА­СТА­ВА-Кли­ен­т»

6.1

SysLog

«ЭЛ­ВИС-ПЛЮС», «ЗА­СТА­ВА-Офис»

6.1

SysLog

«ЭЛ­ВИС-ПЛЮС», «ЗА­СТА­ВА-Управ­ле­ни­е»

6.3

ZASTAVA MSSQL, ZASTAVA PostgreSQL

«ЭЛ­ВИС-ПЛЮС», «ЗА­СТА­ВА-Управ­ле­ни­е»

7

Zastava_Management_7

«Ян­декс 360»

2024

Yandex360 audit api connector disk, Yandex360 audit api connector mail

Acronis Backup

12.5

Syslog, Acronis Backup activities (userscript)

Acronis Cyber Backup

12.5

Syslog, Acronis Backup activities (userscript)

ALT Linux

8

SysLog

Apache Cassandra

4.1.3

SysLog

Apache HTTP Server

2.4

SysLog

Apache Kafka

3.6

SysLog

Arista EOS

SysLog

Astra Linux Special Edition

1.6, 1.7

SysLog

Atlassian Confluence Data Center

7.5—7.17

SysLog

Atlassian Confluence Server

7.5—7.17

SysLog, Confluence 7 Audit (MySQL)

Automiq Soft Alpha.Platfrom

WinEventLog, auditd

Avanpost IDM

6

SysLog

Avaya ERS 5500

5.0.0.4, 6.0.0.18

SysLog

BIND

9.9.4, 9.11.6

SysLog

CentOS

7

SysLog

Check Point GAiA OS

76, 77.10—80.10

CheckpointOpsecLog

Cisco ACS

5.4.x, 5.6.x

SysLog

Cisco ASA

8, 9

SysLog, NetFlow

Cisco IOS

12, 15

SysLog, NetFlow

Cisco IOS XE

2, 3

SysLog, NetFlow

Cisco IOS XR

4, 5, 6

SysLog

Cisco IPS

6.x

SNMP Trap Collector

Cisco Identity Services Engine (ISE)

2.3

SysLog

Cisco NetFlow

5, 9

SysLog, NetFlow

Cisco NX-OS

4.x—7.x

SysLog

Cisco AireOS Wireless Controller

7

SysLog, SNMP Trap Collector

Cloud Native Computing Foundation Kubernetes (K8S)

1.x

SysLog

Commvault Complete Backup & Recovery

11 SP17

Commvault Backup Recovery MSSQL

Debian

9—12

SysLog

Dnsmasq

2.89

SysLog

Dr.Web Enterprise Security Suite

6, 10

Dr Web v10 or earlier for MSSQL, Dr Web v10 or earlier for PostgreSQL

Dr.Web Enterprise Security Suite

11, 12, 13

Dr Web v11 or later IT events detection for MSSQL,
Dr Web v11 or later Malware detection for MSSQL,
Dr Web v11 or later Preventive protection for MSSQL,
Dr Web v11 or later App control detection for MSSQL,
Dr Web v11 or later clients connect status for MSSQL,
Dr Web v11 or later IT events detection for PostgreSQL,
Dr Web v11 or later Malware detection for PostgreSQL,
Dr Web v11 or later Preventive protection for PostgreSQL,
Dr Web v11 or later App control detection for PostgreSQL,
Dr Web v11 or later clients connect status for PostgreSQL

Eltex FastPath

8.4

SysLog

Eltex ROS

4

SysLog

Entensys UserGate Proxy&Firewall

6.5

EntensysUserGate6_firebird_appfw, EntensysUserGate6_firebird_sov, EntensysUserGate6_mysql_appfw, EntensysUserGate6_mysql_sov

Entensys UserGate UTM

6

SysLog

Entensys UserGate UTM

5.0

SysLog

ESET Remote Administrator

5.3.3

SysLog, EsetEraFirewall, EsetEraAntivirus

ESET Security Management Center

7.0

SysLog

Fortinet FortiGate

4.0, 5.4.2

SysLog

GitLab

13.0—14.9

SysLog

Grafana

9.4—10.4.2

SysLog

HAProxy

1, 2

SysLog

HashiCorp Vault

1.15.4

SysLog

HPE iLO

4

SysLog

HPE VSR

7.1

SysLog

Huawei VRP S5700 (V200R001C00)

5.110

SysLog

IBM AIX

5.3, 6.1, 7.1

SysLog

IBM InfoSphere Guardium

9.1

SysLog

IBM Internet Security Systems SiteProtector

3.1

IBM_ISS_SiteProtector,
WinEventLogSiteProtectorApplicationServer

Imperva Incapsula

2017-04-02

Imperva Incapsula

Infotecs ViPNet Administrator

4.6.2

ViPNet_Administrator

Infotecs ViPNet Policy Manager

4.5

VipNet Policy Manager

Infotecs ViPNet StateWatcher

3.2.5

Vipnet_StateWatcher

Infotecs ViPNet StateWatcher

4.3.0

Vipnet_StateWatcher 4.3

InfoWatch Device Monitor

6.10, 7.0.5

InfoWatchDeviceMonitor_v6.10_or_later_MSSQL, InfoWatchDeviceMonitor_v6.10_or_later_PostgreSQL

InfoWatch Traffic Monitor

6.7

InfoWatchTrafficMonitor6_Audit_PostgreSQL, InfoWatchTrafficMonitor6_Sensors, InfoWatchTrafficMonitor6_Sensors_PostgreSQL, SysLog

InfoWatch Traffic Monitor

6.10, 6.11

InfoWatch Traffic Monitor — Data Export API, InfoWatchTrafficMonitor6_Audit_PostgreSQL, InfoWatchTrafficMonitor6_Sensors_2, InfoWatchTrafficMonitor6_Sensors_PostgreSQL_2, SysLog

InfoWatch Traffic Monitor

7.1, 7.5—7.9

InfoWatch Traffic Monitor — Audit API

InfoWatch Person Monitor

8.33

Infowatch Person Monitor alerts by PC, Infowatch Person Monitor alerts by user, Infowatch Person Monitor IT events

Iptables

1.4.8

SysLog

Juniper JunOS

11—14

SysLog

JetBrains TeamCity

2018—2022

SysLog

JetBrains YouTrack

2022

SysLog

JFrog Artifactory

6, 7

SysLog

Kaspersky Anti Targeted Attack Platform (KATA)

2.0.0—5.1

SysLog

Kaspersky Endpoint Security

10

KasperskyEventLog

Kaspersky Endpoint Security

11

KasperskyEndpointSecurity11

Kaspersky Secure Mail Gateway

1.1.0—2.0.0

SysLog

Kaspersky Security Center

10—11, 13—14.2

KasperskySecurityCenter_Events_Microsoft_SQL,
KasperskySecurityCenter_Hosts_Microsoft_SQL,
KasperskySecurityCenter_Executables_Microsoft_SQL,
KasperskySecurityCenter_Products_Microsoft_SQL,
KasperskySecurityCenter_Events_MySQL,
KasperskySecurityCenter_Hosts_MySQL,
KasperskySecurityCenter_Executables_MySQL,
KasperskySecurityCenter_Products_MySQL,
KasperskySecurityCenter_14_Events_MySQL,
KasperskySecurityCenter_14_Executables_MySQL,
KasperskySecurityCenter_14_Hosts_MySQL,
KasperskySecurityCenter_14_Products_MySQL,
Syslog

Kaspersky Security для Linux Mail Server

8.0

SysLog

Kaspersky Security для Microsoft Exchange Servers

9.4, 9.5

WinEventLogKasperskySecurityforExchange_v9_5_or_earlier

Kaspersky Security для Microsoft Exchange Servers

9.6

WinEventLogKasperskySecurityforExchange_V9_6_onwards

Kaspersky Security для Microsoft SharePoint Server

9.3.58811

WinEventLogKasperskySecurityforSharePoint

Kerio Control

9.0

SysLog

Keycloak

21.1.1

SysLog

KVM

2.5

SysLog

libvirt

1.3.1

SysLog

Lumension Endpoint Security

4.4

LumensionEndpointSecurity

LXD

2.x

SysLog

McAfee ePolicy Orchestrator VirusScan Enterprise

5.1.0

McAfeeEpoLog

McAfee (Forcepoint) Next Generation Firewall

5.3.3, 5.8.3

SysLog

MDaemon Technologies MDaemon

23.0.0

Mdaemon_DynScrn, MDaemon_HTTP, Mdaemon_SMTP

Microsoft Active Directory Federation Services

2.0—5.0

WinEventLogMSADFS20

Microsoft Active Directory в Windows Server 2008 — 2022

WinEventLogMSAD

Microsoft Certification Authority (CA)

Windows Server 2008—2022

WinEventLog

Microsoft Defender

4.x

WinEventLogWindowsDefender

Microsoft DHCP-кли­ент

Windows Server 2008, 2012

WinEventLog

Microsoft DHCP-сер­вер

Windows Server 2003, 2003 R2

EventLog via WMI, Microsoft_DHCP_Server_Log

Microsoft DHCP-сер­вер

Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016

WinEventLog, Microsoft_DHCP_Server_Log

Microsoft DNS-сер­вер

Windows Server 2008, 2012

WinEventLog

Microsoft DNS-сер­вер

Windows 2008 R2, 2012 R2

Microsoft_DNS_Server_Debug_log

Microsoft Endpoint Configuration Manager

2303

MicrosoftEndpointConfigurationManagerEvents

Microsoft Exchange Server

2003

EventLog via WMI, Microsoft_Exchange_2003

Microsoft Exchange Server

2007

WinEventLog, Microsoft_Exchange_2007

Microsoft Exchange Server

2010

WinEventLog,
Microsoft_Exchange_2010,
Microsoft Exchange 2010 or later (mailbox audit),
Microsoft Exchange 2010 or later (SmtpReceive)

Microsoft Exchange Server

2013

WinEventLog,
Microsoft_Exchange_2013,
Microsoft Exchange 2013 or later (mailbox logon),
Microsoft Exchange 2010 or later (mailbox audit)

Microsoft Exchange Server

2016

WinEventLog,
Microsoft_Exchange_2016,
Microsoft Exchange 2013 or later (mailbox logon),
Microsoft Exchange 2010 or later (mailbox audit)

Microsoft Forefront TMG

7.0

ForefrontTMG_Firewall_Filemonitor, ForefrontTMG_Proxy_Filemonitor, Forefront_TMG_Firewall_MSSQL, Forefront_TMG_Proxy_MSSQL

Microsoft Internet Information Services

6.0, 7.5, 8.5, 10.0

InternetInformationServices

Microsoft PowerShell

5 и выше

WinEventLog

Microsoft SharePoint Server

2013

SharePointServer

Microsoft SQL Server

2005

EventLog via WMI

Microsoft SQL Server

2008, 2012, 2014, 2022

WinEventLog

Microsoft Sysmon

8—15

WinEventLogSysmon

Microsoft System Center Configuration Manager (SCCM)

2007

SCCMEvents, SCCMDetectSoftware, SCCMDetectUSBDevices

Microsoft System Center Operations Manager (SCOM)

2012 R2

SystemCenterOperationsManager

Microsoft Windows

XP (толь­ко WMI), Vista+, 7, 8, 8.1, 10, 2003 (толь­ко WMI), 2008, 2008R2, 2012, 2012R2

WindowsFileLog, EventLog via WMI, WMI Notification

Microsoft Windows

Vista, 7, 8, 8.1, 10, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Server 2016, Server 2019

WinEventLog, WindowsFileLog, EventLog via WMI, WMI Notification

Microsoft Windows Local Administrator Password Solution (LASP)

Windows 10, 11, Windows Server  2019, 2022

WinEventLog

Microsoft Windows Server Update Services (WSUS)

Windows Server 2008, 2008 R2, 2012, 2012 R2

WinEventLog

Microsoft Windows Sysinternals Sysmon

8.0

WinEventLogSysmon

Microsoft Windows Terminal Services

6.3

WinEventLogMSTS

Mikrotik RouterOS

7

SysLog

Multifactor Multifactor

1.0.197, 1.0.134

Multifactor_RADIUS, SysLog

Netwrix Auditor

9.6

Netwrix_Auditor_Wineventlog, Netwrix_Auditor_odbc_alerts, Netwrix_Auditor_API_CEF

Nextcloud

13

SysLog

NFS-сер­вер в ОС се­мей­ства Unix

1.2.8

SysLog

Nginx

1.2, 1.8, 1.9

SysLog

NLnet Labs NSD

4.x

SysLog

NLnet Labs Unbound

1.4.x

SysLog

OpenBSD

7.4

SysLog

OpenConnect VPN Server

0.10.11, 1.1.0

SysLog

OpenVPN Inc. OpenVPN

2.4

SysLog

Oracle Net Listener

11, 12, 18

Oracle Listener Log (windows)

Oracle Database

10, 11, 12, 18

Oracle Listener log (windows), Oracle Audit Trail XML (windows), Oracle Audit Trail XML (unix), OracleAuditTrail

Oracle Database

19, 21

Oracle Listener log (windows), OracleUnifiedAuditTrail

Oracle Linux

7, 8

SysLog

Oracle MySQL

5.7.10, 8

SysLog

Orion Soft zVirt

3.0, 3.1

SysLog

oVirt Engine

4.3.0—4.4.9

SysLog

Palo Alto Networks PAN-OS

6—10

SysLog

Parsec ParsecNET 3

3.7

Parsec3Events

Passwork

4.7—4.10, 6.2

SysLog

Positive Technologies Application Firewall

3.7.1, 4

SysLog

Positive Technologies Industrial Security Incident Manager (PT ISIM) netView Sensor

1.6, 2, 3

SysLog

Positive Technologies Management and Configuration

24.1

WindowsFileLog

Positive Technologies MaxPatrol 8

8

WindowsFileLog

Positive Technologies MultiScanner

лю­бая

SysLog

nad_full_name

10.1—11

NAD Sensor

Positive Technologies Sandbox

лю­бая

SysLog

Positive Technologies Extended Detection and Response

3

SysLog

Postfix

2, 3

SysLog

PostgreSQL

9.5, 9.6, 10—13

SysLog, WinEventLog

PowerDNS Authoritative Server

3, 4

SysLog

ProFTPD

1.3.7

SysLog

Prosoft Redkit SCADA

2.0

WinEventLog, WmiLog, WinEventLogSysmon, SysLog, OdbcLog PostgreSQL

Red Hat Enterprise Linux

7, 8

SysLog

Red Hat Virtualization Manager

4.3.0—4.4.9

SysLog

SaltStack

3005.1

SysLog

SAP HANA

1.x

SysLog

SAP Mobile Platform

2.0

SapMobilePlatformLog

SAP NetWeaver ABAP

6.4, 7.0, 7.02, 7.10, 7.20, 7.30, 7.40, 7.42

SAP RFC Event Collector, SapAbapSecurityAudit_win, SapAbapSecurityAudit_nix, SapAbapTransportLogALOG

SAP NetWeaver AS JAVA

7.x

SapAsJavaLog_win, SapAsJavaLog_nix

SAP SAProuter

38

SapRouterLog

Sendmail

8.x

SysLog

SmartLine DeviceLock DLP

7.3, 8.1, 8.2, 8.3

DeviceLockLog, SysLog

Snort

2.9

SysLog

S-Terra VPN Gate

4.1

SysLog

Suricata

3.1

SysLog

SUSE Linux Enterprise Server

12, 15

SysLog

Symantec Endpoint Protection

12.1

SymantecEPMSecurityEvents, SymantecEPMSystemEvents, SymantecEPMVirusAlert

Symantec Endpoint Protection

14.0, 14.3

SysLog

TACACS+

F4.0.4.19

SysLog

TeamPass

2.1.26

TeamPass_user_events_MySQL

Ubuntu

12.04, 14.10, 18.04, 20.04

SysLog, auditd

Umbraco CMS

7.7.1

WindowsFileLog

Vaultize Virtual Data Room

18.07.09

SysLog

Veeam Backup & Replication

11.0.0

WinEventLog

Veritas (Symantec) NetBackup

8.1.1

Veritas NetBackup jobs, Veritas NetBackup audit

VMware Aria Operations

8.14

SysLog

VMware Aria Operations for Logs

8.12

SysLog

VMware Photon OS

3.0

SysLog

VMware vCenter Server

5.5—7.0

vSphereEventLog, SysLog

VMware vSphere Hypervisor (ESXi)

5.5— 7.0

SysLog

Wallarm

2.14

wallarm api events collector

WatchGuard FireWare

XTMv 11.12.2

SysLog

Yandex Cloud

2022

Yandex Data Stream

Zabbix

4.0, 5.0, 5.4, 6.0

Zabbix 4 Audit (MySQL), Zabbix 4 Audit (PostgreSQL), Zabbix 5.0 Audit (MySQL), Zabbix 5.0 Audit (PostgreSQL), Zabbix 5.4 Audit (MySQL), Zabbix 5.4 Audit (PostgreSQL), Zabbix 6.0 Audit (MySQL), Zabbix 6.0 Audit (PostgreSQL)

Zecurion zGate

7.0

ZecurionZGate7Journal, ZecurionZGate7Proxy

Поддерживаемые события журнала Windows
Источники с частичной поддержкой