Supported third-party log sources for telemetry data ingestion
The following table lists the third-party products that can be integrated with
CylanceMDR
as a log source for telemetric data ingestion. Beside each log source is the port that needs to be opened in your organization's environment so that CylanceMDR
can collect and ingest the log data, and the data fields that will be collected and indexed in CylanceMDR
. Device | Port | Index |
|---|---|---|
HTTP JSON | 5200 (TCP only) | Syslog |
JSON | 5142 | Syslog |
(OpnSense) Zenarmor plugin logs | 5604 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
AAA - Core (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Accops | 5526 | Traffic (srcip), Syslog (otherwise) |
Ahnlab AIPS | 5647 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Ahnlab EMS | 5657 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Ahnlab EPP | 5640 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
AhnLab Policy Center | 5571 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
AhnLab TrusGuard | 5558 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
AirGap Ransomware Kill Switch | 5602 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
AIX | 5523 | Traffic (event_time: time format of hour:minute:second), Syslog (otherwise) |
Alcatel Lucent Switch | 5677 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Aliyun / AliCloud | 5545 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Android | 5605 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Apache HTTP Server (httpd) | 5663 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
AQTRONiX WebKnight | 5658 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Aqua Cloud Native Application Protection Platform (CNAPP 2022.4) | 5656 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Arbor Peakflow SP | 5598 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Array Networks APV Series Load Balancing & App Delivery | 5680 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Array Networks ASF 1800 | 5675 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Array Networks Secure Access Gateway | 5537 | Traffic (srcip), Syslog (otherwise) |
Aruba ClearPass Policy Manager (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Aruba Switch | 5577 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Automox | 5183 | Syslog |
Avanan | 5681 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Avanan (HTTP JSON) | 5200 (TCP only) | Syslog |
Avaya Switch | 5607 | Traffic (srcip, srcport, dstip, dstport, and proto) Syslog (otherwise) |
AWS WAF | 5200 (TCP only) | Syslog |
Azure ATP (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstports, and proto), Syslog (otherwise) |
Azure MFA | 5528 | Traffic (srcip), Syslog (otherwise) |
Barracuda email | 5559 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Barracuda firewall | 5524 | ML IDS/Malware (sub_dev_type: fw_threat or fw_av), Traffic (srcip), Syslog (otherwise) |
Barracuda WAF | 5524 | ML IDS/Malware (sub_dev_type: fw_threat or fw_av), Traffic (srcip), Syslog (otherwise) |
BeyondTrust BeyondInsight | 5621 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
BeyondTrust PasswordSafe | 5692 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Bitdefender (HTTP JSON) | 5200 (TCP only) | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
BlackBerry CylancePROTECT & CylanceOPTICS | 5177 | Traffic (srcip), Syslog (otherwise) |
BlueCoatProxySG | 5576 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Brocade switch (system & admin logs) | 5548 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Calyptix UTM | 5161 | ML IDS/Malware (ids.signature), Traffic (srcip), Syslog (otherwise) |
Centos Audit | 5673 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Centrify | 5165 | Syslog |
Cerberus FTP Logs | 5635 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Check Point - Application Control (CEF) | 5143 | ML IDS/Malware (threat, normalized from attack_information), Traffic (srcip, srcport,dstip,dstport, and proto), Syslog (otherwise) |
Check Point - URL Filtering (CEF) | 5143 | ML IDS/Malware (threat, normalized from attack_information), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
CheckPoint appliance | 5174 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
CheckPoint firewall | 5519 | Traffic (srcip), Syslog (otherwise) |
CheckPoint Harmony EP | 5618 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
CheckPoint VPN-1 & FireWall-1 (CEF) | 5143 | ML IDS/Malware (threat, normalized from attack_information), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Cisco ASA | 5518 | Traffic (srcip), Syslog (otherwise) |
Cisco CUCM | 5532 | Syslog |
Cisco ESA | 5562 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Cisco ESA | 5164 (deprecated) | Syslog |
Cisco Firepower | 5168 | Traffic (srcip), Syslog (otherwise) |
Cisco IKE | 5176 | Syslog |
Cisco IronPort | 5163 | Syslog |
Cisco ISE | 5157 | Syslog |
Cisco MDS | 5563 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Cisco Meraki | 5172 | Traffic (srcip), Syslog (otherwise) |
Cisco Netflow | 2055 (UDP only) | Traffic |
Cisco routers and switches | 5158 | Syslog |
Cisco UCS | 5579 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Cisco Umbrella | 5521 | Syslog |
Cisco VPN | 5156 | Syslog |
Cisco WLC | 5531 | Syslog |
Citrix Access Gateway | 5688 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Citrix NetScaler | 5166 | Syslog |
Citrix NetScaler (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Comodo- CIS CCS (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
CoreLight Sensor | 5575 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
CoSoSys Endpoint Protection | 5654 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Cribl / NXLog | 5142 | Windows Events |
Cribl default (Syslog JSON) | 5142 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
CrowdStrike (beats) | 5044 | Syslog |
CrowdStrike (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
CyberArk PTA (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Cynet (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
D-Link | 5189 | Traffic (srcip), Syslog (otherwise) |
DBSafer | 5181 | Syslog |
Deep Instinct | 5628 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Dell EMC Powerstore | 5683 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Dell iDRAC | 5566 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Dell Switch | 5578 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
DHCP (beats) | 5044 | Traffic (srcmac), Syslog (otherwise) |
DHCPD (IS DHCP) | 5554 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
DNSVault RPZdb | 5639 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Dragos (CEF) | 5539 | Traffic (srcip), Syslog (otherwise) |
DrayTek Firewall | 5593 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
eDictionary - eDictionary (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Egnyte (Syslog JSON) | 5142 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Ericom ZTEdge | 5603 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
ESET PROTECT | 5655 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
ExtraHop (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Extreme AirDefense | 5612 | Traffic (srcip, srcport, dstip, dstport, and proto) Syslog (otherwise) |
Extreme Controller | 5666 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
ExtremeCloud IQ Site Engine | 5614 | Traffic (srcip, srcport, dstip, dstport, and proto) Syslog (otherwise) |
F5 - ASM (CEF) | 5143 | ML IDS/Malware (threat, normalized from attack_type), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
F5 BIG-IP | 5162 | ML IDS/Malware (IDS signature), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
F5 BIG-IP Telemetry (HTTP JSON) | 5200 (TCP only) | Syslog |
F5 IPI | 5536 | ML IDS/Malware (dev_type: /threat/), Traffic (dstip), Syslog (otherwise) |
F5 iRule | 5536 | ML IDS/Malware (dev_type: /threat/), Traffic (dstip), Syslog (otherwise) |
F5 L7 DDOS | 5536 | ML IDS/Malware (dev_type: /threat/), Traffic (dstip), Syslog (otherwise) |
F5 Mitigation | 5536 | ML IDS/Malware (dev_type: /threat/), Traffic (dstip), Syslog (otherwise) |
F5 NGINX | 5151 | Syslog |
F5 Silverline | 5536 | ML IDS/Malware (dev_type: /threat/), Traffic (dstip), Syslog (otherwise) |
F5 VPN | 5187 | Syslog |
F5 WAF | 5536 | ML IDS/Malware (dev_type: /threat/), Traffic (dstip), Syslog (otherwise) |
FatPipe Networks SD-WAN | 5583 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
FluentD (HTTP JSON) | 5200 (TCP only) | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Forcepoint | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Forcepoint - Firewall (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Forcepoint -DLP (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Forcepoint -Firewall (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Forcepoint Web Security (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
ForeScout | 5154 | Syslog |
Fortinet FortiAnalyzer | 5542 | ML IDS/Malware (vendor.attack_name), Traffic (dstip), Syslog (otherwise) |
Fortinet FortiAuthenticator | 5671 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Fortinet Forticloud FortiClient EMS Cloud Endpoint Management Services | 5682 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Fortinet FortiEDR | 5661 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Fortinet FortiGate | 5517 | Traffic (action), Syslog (otherwise) |
Fortinet Fortigate (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Fortinet FortiMail | 5616 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Fortinet FortiSandbox | 5648 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Fortinet FortiWeb | 5642 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
FutureSystems WeGuardia SSL plus (SSL VPN) | 5651 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Graylog format | 5569 | Windows Events (winlogevent), ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Guardicore (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
HanDreamnet VIPM | 5676 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Hewlett Packard UNIX | 5585 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Hillstone | 5514 | ML IDS/Malware log_type: threat), Traffic (log_type: traffic), |
HPE Switch | 5595 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
IBM AS400 | 5632 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Impero ContentKeeper | 5670 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Imperva - SecureSphere (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Incapsula SIEM Integration (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Indusface Web Application Firewall | 5582 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Infoblox Data Connector (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Infoblox Network Identity OS (NIOS) | 5587 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Infocyte HUNT (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
IPFIX | 4739 (UDP only) | Traffic (srcip, srcport, dstip, dstport, and proto) |
IronScales (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Jsonar Database Security Tool | 5586 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Juniper SRX | 5173 | Traffic (srcip), Syslog (otherwise) |
Juniper SSG | 5516 | Traffic (srcip), Syslog (otherwise) |
Juniper Switch | 5591 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
KasperskyLab (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Kemp Technologies Load Master LB | 5695 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Keycloak | 5653 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Lancope - StealthWatch (LEEF) | 5522 | Traffic (srcip), Syslog (otherwise) |
LanScope Cat | 5588 | Syslog |
Lepide | 5607 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Linux Syslog | 5555 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Logstash Suricata | 5629 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Mailboarder Agent | 5580 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Mako Networks firewall | 5547 | Traffic (dstip), Syslog (otherwise) |
ManageEngine ADAudit Plus | 5679 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
ManageEngine ADAuditPlus (CEF) | 5143 | Windows Events |
McAfee (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
McAfee Advanced Threat Defense | 5584 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
McAfee ePolicy Orchestrator | 5533 | Traffic (srcip), Syslog (otherwise) |
McAfee Firewall | 5169 | Traffic (srcip), Syslog (otherwise) |
McAfee Network Security | 5527 | Traffic (srcip), Syslog (otherwise) |
MCAS SIEM Agent (CEF) | 5143 | Windows Events |
Medigate | 5631 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Menlo Security MS-XL50M | 5630 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Microsoft IIS | 5636 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Microsoft IIS (Syslog JSON) | 5142 | Syslog |
Microsoft Office 365 | 5627 | Windows Events |
Microsoft Windows Event | 5646 | Windows Events (winlogevent), Syslog (otherwise) |
Microsoft Windows via Graylog | 5569 | Windows Events (winlogevent) |
MicroWorld eScan | 5645 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
MikroTik firewall and router | 5553 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
MONITORAPP AI WAF 4.1 | 5613 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
MONITORAPP WAF 1.0 | 5535 | Traffic (srcip), Syslog (otherwise) |
Nasuni | 5592 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
NetApp | 5608 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Netfilter | 5544 | Traffic (dstip), Syslog (otherwise) |
NetIQ - Identity Manager (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
NetIQ Access Manager | 5167 | Syslog |
NetIQ SSO | 5171 | Syslog |
Netman Smart NAC | 5650 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
NetMotion | 5641 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
NXLog | 5601 | Windows Events (winlogevent), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
OneLogin | 5581 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Open LDAP | 5164 | Syslog |
OpenCanary | 5638 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
OpenShift | 5573 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
OpenVPN | 5643 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
OPNsense | 5660 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Oracle DB | 5170 | Traffic (srcip), Syslog (otherwise) |
Oracle Solaris | 5664 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Ordr Connected Device Security | 5622 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
PacketFence | 5686 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Palo Alto Networks - Next Generation Firewall (LEEF) | 5522 | Traffic (srcip), Syslog (otherwise) |
Palo Alto Networks - Traps Agent (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Palo Alto Networks firewall | 5515 | Traffic (type: traffic), ML IDS/Malware (type: threat), Syslog (otherwise) |
Palo Alto Networks Firewall via Graylog | 5569 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Penta Security WAPPLES WAF | 5560 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Peplink XDR | 5665 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Perception Point X-Ray | 5667 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
pfSense Firewall | 5543 | Syslog |
PIOLINK WEBFRONT-K | 5617 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
PrintChaser | 5179 | Syslog |
Privacy-i | 5178 | Syslog |
Proofpoint | 5596 | Syslog |
Pulse Secure | 5534 | Syslog |
Radware DefensePro | 5619 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Rapid7 | 5153 | Syslog |
RazLeeSecurity - Audit (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
RSA Authentication Manager | 5184 | Syslog |
Ruckus ZoneDirector | 5662 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
RuiJie Switch | 5689 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
SafePC | 5180 | Syslog |
Sangfor NGAF | 5637 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
SECUI Firewall | 5561 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
SECUI MF2 Firewall | 5570 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
SECUI MFD | 5611 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Secureki APPM 6 | 5693 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Security Strategy Research (SSR) Metieye | 5572 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Secuway SSLVPN | 5652 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
SentinelOne (CEF2) | 5175 | Traffic (srcip), Syslog (otherwise) |
SentinelOne Mgmt (CEF) | 5143 | ML IDS/Malware (threat, normalized from classification), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
SentinelOne Security Center (CEF) | 5143 | ML IDS/Malware (threat, normalized from classification), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
SentinelOne Singularity Mobile | 5623 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
ServiceNow Now Platform | 5668 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
ShareTech Firewall | 5609 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Snare Agent | 5590 | Windows Events (winlogevent), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Sniper IPS | 5182 | Traffic (srcip), Syslog (otherwise) |
SonicWall - NSA 2400 (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
SonicWall (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
SonicWall Firewall | 5152 | ML IDS/Malware (IDS signature), Traffic (srcip), Syslog (otherwise) |
SonicWall VPN | 5556 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Sophos (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Sophos (JSON) | 5530 | Traffic (endpoint_type: traffic), ML IDS/Malware (endpoint_type: threat), Syslog (endpoint_type: computer) |
Sophos endpoint | 5565 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Sophos endpoint (beats) | 5044 | Traffic (srcip), Syslog (otherwise) |
Sophos firewall | 5520 | Data goes to the indicated index based on the log_type: |
Sophos Web Appliance | 5626 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Splunk Heavy Forwarder | 5188 | Syslog |
Stormshield Net Security Firewall | 5625 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Symantec (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Symantec Endpoint Protection | 5525 | Traffic (dstip), Syslog (otherwise) |
Symantec Firewall | 5155 | Syslog |
Symantec Messaging Gateway | 5567 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Synology Directory Server | 5597 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Thales Group CipherTrust Manager | 5674 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Trellix FireEye HX | 5644 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Trend Micro - Deep Security Agent (LEEF) | 5522 | Traffic (srcip), Syslog (otherwise) |
Trend Micro (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Trend Micro Apex Central (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Trend Micro Interscan Messaging | 5678 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Trend Micro Proxy | 5540 | Traffic (dstip), Syslog (otherwise) |
Trend Micro TippingPoint Intrusion Prevention System (IPS) | 5672 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Tripwire Enterprise | 5186 | Syslog |
Ubiquiti | 5552 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Unix | 5633 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Untangle Firewall (Syslog JSON) | 5142 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Varonis DatAdvantage (CEF) | 5143 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Versa Networks Firewall | 5568 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
VMware - Carbon Black (LEEF) | 5522 | Traffic (srcip), Syslog (otherwise) |
VMware ESXi | 5600 | Syslog |
VMWare Horizon | 5687 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
VMware NSX-T Data Center | 5574 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
VMware UAG | 5620 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
VMware Vcenter | 5615 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
VMWare VeloCloud SD-WAN | 5685 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
WatchGuard - XTM (LEEF) | 5522 | Traffic (srcip), Syslog (otherwise) |
WatchGuard firewall security appliance | 5557 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Wazuh | 5634 | Windows Events (winlogevent) , Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Windows DNS Server | 5599 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Windows Event NXLog | 5601 | Windows Events (winlogevent), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Windows System Security | 5610 | Windows Events (winlogevent), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Wins IPS ONE-1 / Wins DDX | 5538 | ML IDS/Malware (vendor.attack_name), Syslog (otherwise) |
WINS Sniper NGFW | 5649 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Zix Mail | 5185 | Traffic (srcip), Syslog (otherwise) |
Zscaler NSSWeblog (CEF) | 5143 | Syslog |
Zscaler ZIA Firewall | 5549 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Zscaler ZIA Web | 5550 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Zscaler ZPA | 5551 | ML IDS/Malware (threat), Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |
Zyxel Firewall | 5594 | Traffic (srcip, srcport, dstip, dstport, and proto), Syslog (otherwise) |