Appendix 2 – SOCaaP Supported Logs
The following table provides the details of logs that SOCaaP supports and fetches the data to populate Events fields according to event queries.
|
S.No. |
Log Name |
Vendor Name |
Log Type |
|---|---|---|---|
|
1 |
Mysql |
Oracle |
Database |
|
2 |
Oracle |
Oracle |
Database |
|
3 |
Active Directory |
Unknown |
Audit |
|
4 |
Windows-Linux Audit |
ITarian Audit Parser |
Audit |
|
5 |
ITarian UTM |
ITarian |
Audit |
|
6 |
Juniper |
Juniper Networks |
Firewall |
|
7 |
IPtables |
Linux |
Firewall |
|
8 |
Sonicwall |
SonicWALL |
Firewall |
|
9 |
Cisco-fw |
CISCO |
Firewall |
|
10 |
Squid |
Squid |
Proxy |
|
11 |
Apache |
Apache |
Application |
|
12 |
ITarian Endpoint Security |
ITarian |
Content Security |
|
13 |
MyDLP |
ITarian |
Data Protection |
|
14 |
Snort |
CISCO |
Intrusion Detection |
|
15 |
Tipping Point |
HP |
Intrusion Detection |
|
16 |
Web Inspector |
ITarian |
Malware |
|
17 |
VPN |
Open VPN |
Access |
|
18 |
DHCP |
Linux |
Access |
|
19 |
Fortigate |
Fortinet |
Firewall |
|
20 |
ITarian DPI |
ITarian |
Access |
|
21 |
ITarian DPI Bro |
ITarian |
Access |
|
22 |
Snmp Trap Logs |
Snmp |
Audit |
|
23 |
Fortigate 5.0 |
Fortinet |
Firewall |
|
24 |
Sophos Ulogd |
Sophos |
Firewall |
|
25 |
Bro_HTTP |
BRO |
Access |
|
26 |
Bro_FTP |
BRO |
Access |
|
27 |
Bro_Weird |
BRO |
Network Monitoring |
|
28 |
Bro_Files |
BRO |
Access |
|
29 |
Bro_Conn |
BRO |
Firewall |
|
30 |
Bro_Dpd |
BRO |
Access |
|
31 |
Bro_Smtp |
BRO |
Access |
|
32 |
Bro_Dns |
BRO |
Access |
|
33 |
Windows Audit |
Windows |
Audit |
|
34 |
Alarms |
ITarian Alarm Producer |
Audit |
|
35 |
Cef |
Common Event Format |
Access |
|
36 |
Bro_Ssl |
BRO |
Network Monitoring |
|
37 |
Bro_Irc |
BRO |
Network Monitoring |
|
38 |
Bro_Dhcp |
BRO |
Network Monitoring |
|
39 |
Suricata |
OISF |
Intrusion Detection |
|
40 |
NxIDS |
ITarian |
Intrusion Detection |
|
41 |
NxSensor_HTTP |
ITarian |
Access |
|
42 |
NxSensor_FTP |
ITarian |
Access |
|
43 |
NxSensor_Files |
ITarian |
Access |
|
44 |
NxSensor_Conn |
ITarian |
Firewall |
|
45 |
NxSensor_Dpd |
ITarian |
Access |
|
46 |
NxSensor_Smtp |
ITarian |
Access |
|
47 |
NxSensor_Dns |
ITarian |
Access |
|
48 |
NxSensor_Ssl |
ITarian |
Network Monitoring |
|
49 |
NxSensor_Irc |
ITarian |
Network Monitoring |
|
50 |
NxSensor_Dhcp |
ITarian |
Network Monitoring |
|
51 |
NxSensor_Weird |
ITarian |
Network Monitoring |
|
52 |
analyser |
ITarian |
Audit |
|
53 |
dome-eapi |
ITarian |
Audit |
|
54 |
dome-vs |
ITarian |
Audit |
|
55 |
linux |
ITarian |
Audit |
|
56 |
JUNOS SYS |
Juniper |
Firewall |
|
57 |
ITarian -rdns |
ITarian |
Network Monitoring |
|
58 |
dome-cni |
ITarian |
Audit |
|
59 |
Bro_Tunnel |
BRO |
Network Monitoring |
|
60 |
Bro_Software |
BRO |
Network Monitoring |
|
61 |
Bro_Pe |
BRO |
Network Monitoring |
|
62 |
Bro_SSH |
BRO |
Network Monitoring |
|
63 |
Bro_MySQL |
BRO |
Network Monitoring |
|
64 |
Bro_Notice |
BRO |
Network Monitoring |
|
65 |
Bro_Fls |
BRO |
Network Monitoring |
|
66 |
NxSensor_Tunnel |
ITarian |
Network Monitoring |
|
67 |
NxSensor_Software |
ITarian |
Network Monitoring |
|
68 |
NxSensor_Pe |
ITarian |
Network Monitoring |
|
69 |
NxSensor_SSH |
ITarian |
Network Monitoring |
|
70 |
NxSensor_MySQL |
ITarian |
Network Monitoring |
|
71 |
NxSensor_Notice |
ITarian |
Network Monitoring |
|
72 |
NxSensor_Fls |
ITarian |
Network Monitoring |
|
73 |
modsecurity |
ITarian |
Mod Security Audit |
|
74 |
Bro_Syslog |
ITarian |
Network Monitoring |
|
75 |
NxSensor_Syslog |
ITarian |
Network Monitoring |
|
76 |
cpanelaccess |
CPanel Inc |
Audit |
|
77 |
cpanellogin |
CPanel Inc |
Audit |
|
78 |
Panos |
Palo Alto Inc. |
Firewall |
|
79 |
MySQL_Slow_Queries |
Oracle |
Database |
|
80 |
Apache-Error |
Apache |
Application |
|
81 |
MySQL_Error |
Oracle |
Database |
|
82 |
NxSensor_Fvs |
ITarian |
File Monitoring |
|
83 |
SOCaaP Endpoint |
ITarian |
Application |
|
84 |
modsecurity-java |
ITarian |
Audit |
|
85 |
Internal Events |
ITarian Internal Event Producer |
Audit |
|
86 |
DbCollector |
ITarian Db Collector |
Audit |