Versions Compared

Old Version 15

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rw ui tabs macro
Rw tab
titleA

  • dsp.accellion.sft.events

more info about this parser

  • directory.msad.health

  • directory.msad.netlogon

  • directory.msad.siteinfo

  • directory.msad.snapshot

  • directory.msad.update

  • mail.agari.phishing_defense.policy_events

  • mail.agari.phishing_defense.messages

more info about these parsers

  • cdn.akamai.access

  • cdn.akamai.audit

  • cdn.akamai.audit-extended

  • cdn.akamai.cloudmonitor

more info about these parsers

  • ddos.arbor.peakflow.dos

  • ddos.arbor.peakflow.sp

  • ddos.arbor.pravail.aps

  • app.atlassian.confluence.audit

  • app.atlassian.jira.audit

  • ids.attivo.botsink

more info about this parser

  • cloud.aws.cloudtrail.*

more info about these parsers

  • cloud.aws.cloudwatch.events

more info about this parser

  • cloud.aws.securityhub

more info about this parser

  • cloud.aws.sqs.audit

  • cloud.aws.waf.logs

more info about this parser

Rw tab
titleB

  • firewall.barracuda.audit

  • dns.bind.info

  • dns.bind.query

more info about these parsers

  • endpoint.bitdefender.*

more info about these parsers

  • dns.bluecat.named

more info about this parser

  • dhcp.bluecat.dhcpd

  • cloud.box.events

more info about this parser

  • ids.bricata.broall

  • ids.bricata.brocata

  • ids.bricata.broconn

  • ids.bricata.burocata

  • ids.bricata.suricata

Rw tab
titleC

  • edr.carbonblack.alert

  • edr.carbonblack.binary

  • edr.carbonblack.feed

  • edr.carbonblack.ingress

  • edr.carbonblack.watchlist

more info about these parsers

  • endpoint.vmware.cbc_defender.audit_logs

  • endpoint.vmware.cbc_api.alerts

more info about these parsers

  • endpoint.carbonblack.protection

more info about this parser

  • av.checkpoint.mtp.audit

  • av.checkpoint.mtp.event

  • firewall.checkpoint.fw

  • firewall.checkpoint.gaia

  • firewall.checkpoint.lea

  • firewall.checkpoint.log_exporter

check more info about this parser

  • ap.cisco.wlc

more info about this parser

  • auth.cisco.ise 

more info about this parser

  • mail.cisco.esa.stdout

  • firewall.cisco.asa

  • firewall.cisco.fmc

  • firewall.cisco.ftd

  • firewall.cisco.fwsm

  • firewall.cisco.pix

more info about these parsers

  • ips.cisco.sdee.alerts

  • ips.cisco.sdee.sdee-collector

  • ips.cisco.sourcefire.network

  • cloud.meraki.api.changelog

more info about this parser

  • firewall.meraki.events

  • firewall.meraki.flows

  • firewall.meraki.idsAlerts

  • firewall.meraki.urls

  • cloud.cloudflare.logpush

  • cloud.cloudflare.logpush.http

more info about these parsers

  • cloud.cloud_foundry.application

  • cloud.cloud_foundry.uaa

  • cloud.cloud_foundry.credhub

  • cloud.cloud_foundry.bosh

more info about these parsers

  • ips.corero.common

  • ips.toplayer.common

  • edr.crowdstrike.cannon

  • edr.crowdstrike.cannon.asepvalueupdate

  • edr.crowdstrike.cannon.channelversionrequired

  • edr.crowdstrike.cannon.dnsrequest

  • edr.crowdstrike.cannon.endofprocess

  • edr.crowdstrike.cannon.neighborlistip4

  • edr.crowdstrike.cannon.networkconnectip4

  • edr.crowdstrike.cannon.other

  • edr.crowdstrike.cannon.processrollup2

  • edr.crowdstrike.cannon.processrollup2stats

  • edr.crowdstrike.cannon.sensorheartbeat

  • edr.crowdstrike.cannon.syntheticprocessrollup2

more info about these parsers

  • iam.cyberark.vault

  • edr.cylance.app

  • edr.cylance.audit

  • edr.cylance.device

  • edr.cylance.memory

  • edr.cylance.script

  • edr.cylance.threats

more info about these parsers

  • xdr.cynet.alerts.events

  • xdr.cynet.audit.events

  • xdr.cynet.va.patch_validation

  • xdr.cynet.va.installed_softwares

  • xdr.cynet.va.patches.existing

  • xdr.cynet.va.patches.missing

  • xdr.cynet.va.agents

  • xdr.cynet.va.risky_apps

more info about these parsers

Rw tab
titleD

  • ids.darktrace.threats

  • dlp.digitalguardian.endpointdlp.alerts

  • dlp.digitalguardian.endpointdlp.audit

  • dlp.digitalguardian.endpointdlp.classification

  • dlp.digitalguardian.networkdlp

  • dlp.digitalguardian.arc.events

more info about these parsers

  • mail.dovecot.audit

  • auth.duo.administrator.login

  • auth.duo.administrator.events

  • auth.duo.authentication.events

  • auth.duo.authentication-proxy.events

  • auth.duo.telephony.events

more info about this parsers

Rw tab
titleE

  • ids.extrahop.audit

  • ids.extrahop.detections

  • ids.extrahop.cifs

  • ids.extrahop.crwd

  • ids.extrahop.dhcp

  • ids.extrahop.dns

  • ids.extrahop.ftp

  • ids.extrahop.http

  • ids.extrahop.kerberos

  • ids.extrahop.ldap

  • ids.extrahop.llmnr

  • ids.extrahop.mongodb

  • ids.extrahop.nfs

  • ids.extrahop.ntlm

  • ids.extrahop.rdp

  • ids.extrahop.rfb

  • ids.extrahop.rpc

  • ids.extrahop.ssh

  • ids.extrahop.ssl

  • ids.extrahop.telnet

  • ids.extrahop.flow

more info about these parsers

Rw tab
titleF

  • adn.f5.bigip.afm

  • adn.f5.bigip.afm.nf

  • adn.f5.bigip.apm

  • adn.f5.bigip.asm

  • adn.f5.bigip.audit

  • adn.f5.bigip.dns

  • adn.f5.bigip.ltm

  • adn.f5.bigip.pktfilter

more info about these parsers

  • edr.fireeye.alerts

more info about this parser

  • firewall.stonegate.ips

  • firewall.stonegate.leef

  • firewall.stonegate.xml

more info about these parsers

  • mail.fortinet.event.admin

  • mail.fortinet.event.config

  • mail.fortinet.event.ha

  • mail.fortinet.event.smtp

  • mail.fortinet.event.update

  • mail.fortinet.spam

  • mail.fortinet.statistics

  • mail.fortinet.virus.infected

  • firewall.fortinet.*

more info about these parsers

  • av.fsecure.igk.access

Rw tab
titleG

  • cloud.gcp.*

more info about these parsers

Rw tab
titleH

  • iam.hitachi.password.events

more info about this parser

  • ddos.huawei.antiddos

  • ddos.huawei.antiddos.sec

  • firewall.huawei.ngfw.aaa

  • firewall.huawei.ngfw.cm

  • firewall.huawei.ngfw.fw-log

  • firewall.huawei.ngfw.ifnet

  • firewall.huawei.ngfw.ifpdt

  • firewall.huawei.ngfw.info

  • firewall.huawei.ngfw.module

  • firewall.huawei.ngfw.mstp

  • firewall.huawei.ngfw.ntp

  • firewall.huawei.ngfw.sec

  • firewall.huawei.ngfw.shell

  • firewall.huawei.ngfw.spr

  • firewall.huawei.ngfw.ssh

more info about these parsers

  • ids.huawei.nip.assoc

  • ids.huawei.nip.atk

  • ids.huawei.nip.iprpu

Rw tab
titleI

  • api.ibm.connect.audit

  • api.ibm.connect.event

  • db.db2.audit

more info about this parser

  • ddi.infoblox.*

more info about these parsers

Rw tab
titleJ

  • firewall.juniper.isg.system

  • firewall.juniper.isg.traffic

  • firewall.juniper.srx.idp

  • firewall.juniper.srx.probe

  • firewall.juniper.srx.system

  • firewall.juniper.srx.traffic

  • firewall.juniper.srx.utm

  • firewall.juniper.ssg.system

  • firewall.juniper.ssg.traffic

more info about these parsers

  • ids.juniper.srx

Rw tab
titleK

  • auth.keepersecurity.audit.events

more info about this parser

  • mail.knowbe4.phisher.webhooks

more info about this parser

Rw tab
titleL

  • auth.unix

  • firewall.iptables.std

Rw tab
titleM

  • av.mcafee.epo.agent

  • av.mcafee.epo.endpointsecurity

  • av.mcafee.epo.virusscan

more info about these parsers

  • dhcp.microsoft.ip4

  • dhcp.microsoft.ip6

  • ftp.iis.access-w3c-all

more info about this parser

  • cloud.azure.*

more info about these parsers

  • mail.exchange.messagetracking

  • mail.exchange.ncsa

  • mail.exchange.w3c

  • db.mssql.audit

  • db.mssql.error

  • mail.mimecast.archive

  • mail.mimecast.archive.messageview

  • mail.mimecast.archive.search

  • mail.mimecast.audit.events

  • mail.mimecast.siem

  • mail.mimecast.siem.delivery

  • mail.mimecast.siem.jrnl

  • mail.mimecast.siem.process

  • mail.mimecast.siem.receipt

  • mail.mimecast.ttp

  • mail.mimecast.ttp.attachment

  • mail.mimecast.ttp.impersonation

  • mail.mimecast.ttp.url

  • mail.mimecast.message.list

  • mail.mimecast.message.summary

  • mail.mimecast.threat.feed

  • mail.mimecast.account.dashboard

more info about these parsers

  • edr.minervalabs

more info about this parser

  • db.mongodb.out

more info about this parser

  • db.mysql.error

  • db.mysql.out

  • db.mysql.slow

more info about these parsers

Rw tab
titleN

  • db.netezza.out 

more info about this parser

  • cloud.netskope.events

  • casb.netskope.alert

  • casb.netskope.application

  • casb.netskope.audit

  • casb.netskope.client

  • casb.netskope.infrastructure

  • casb.netskope.network

  • casb.netskope.page

more info about these parsers

Rw tab
titleO

  • edr.observeit.events

  • cloud.office365.exchange

  • cloud.office365.management

  • cloud.office365.messagetracing

  • cloud.office365.siem_agent_event

  • cloud.office365.siem_agent_alert

more info about these parsers

  • auth.okta.events

  • auth.okta.system

  • auth.okta.apps

  • auth.okta.groups

  • auth.okta.policies

  • auth.okta.users

more info about these parsers

  • gateway.okta.oag.access

  • gateway.okta.oag.audit

  • gateway.okta.oag.monitor

more info about these parsers

  • db.oracle.audit_trail

more info about this parser

  • directory.oracle.sun_one.ldap_access

more info about this parser

Rw tab
titleP

  • casb.paloalto.prisma.activity_monitoring

  • casb.paloalto.prisma.admin_audit

  • casb.paloalto.prisma.incident

  • casb.paloalto.prisma.invalid

  • casb.paloalto.prisma.other

  • casb.paloalto.prisma.policy_violation

  • casb.paloalto.prisma.remediation

  • casb.paloalto.prismaBasic

more info about these parsers

  • edr.paloalto.cortex_xdr

  • edr.paloalto.cortex_xdr_agent

more info about these parsers

  • firewall.paloalto.config

  • firewall.paloalto.system

  • firewall.paloalto.threat

  • firewall.paloalto.traffic

  • firewall.paloalto.correlation

  • firewall.paloalto.hipmatch

  • firewall.paloalto.url

  • firewall.paloalto.userid

more info about these parsers

  • erp.peoplesoft.info

  • firewall.pfsense.everything

  • firewall.pfsense.filterlog

  • firewall.pfsense.firewall

  • firewall.pfsense.system

more info about these parsers

  • auth.ping.federate.audit

  • auth.ping.federate.server

  • mail.postfix.error

  • mail.postfix.info

  • db.postgresql.out

  • mail.proofpoint.tapsiem_v2

  • mail.proofpoint.sendmail

  • mail.proofpoint.stdout

  • mail.proofpoint.trap

  • mail.proofpoint.tapsiem_v2.clicksblocked

  • mail.proofpoint.tapsiem_v2.clickspermitted

  • mail.proofpoint.tapsiem_v2.messagesblocked

  • mail.proofpoint.tapsiem_v2.messagesdelivered

more info about these parsers

  • ips.proventia.siteprotector.leef

Rw tab
titleQ

Rw tab
titleR

  • ids.rscope.communication

  • ids.rscope.conn

  • ids.rscope.dce_rpc

  • ids.rscope.dhcp

  • ids.rscope.dns

  • ids.rscope.dpd

  • ids.rscope.files

  • ids.rscope.ftp

  • ids.rscope.http

  • ids.rscope.intel

  • ids.rscope.irc

  • ids.rscope.kerberos

  • ids.rscope.known_hosts

  • ids.rscope.known_services

  • ids.rscope.modbus

  • ids.rscope.mysql

  • ids.rscope.notice

  • ids.rscope.ntlm

  • ids.rscope.pe

  • ids.rscope.protocolstats_orig

  • ids.rscope.protocolstats_resp

  • ids.rscope.radius

  • ids.rscope.rdp

  • ids.rscope.removed_files

  • ids.rscope.reporter

  • ids.rscope.rfb

  • ids.rscope.rscopestats-byte

  • ids.rscope.rscopestats-core

  • ids.rscope.rscopestats-misc

  • ids.rscope.rscopestats-pckt

  • ids.rscope.rscopestats-port

  • ids.rscope.rscopestats-sys

  • ids.rscope.sip

  • ids.rscope.smb_files

  • ids.rscope.smb_mapping

  • ids.rscope.smtp

  • ids.rscope.snmp

  • ids.rscope.socks

  • ids.rscope.software

  • ids.rscope.ssh

  • ids.rscope.ssl

  • ids.rscope.stats

  • ids.rscope.stderr

  • ids.rscope.stdout

  • ids.rscope.syslog

  • ids.rscope.tunnel

  • ids.rscope.weird

  • ids.rscope.x509

  • cloud.rubrik.events

Rw tab
titleS

  • iam.sailpoint.events

  • crm.salesforce.admin

  • crm.salesforce.apexcallout

  • crm.salesforce.apexexecution

  • crm.salesforce.apexsoap

  • crm.salesforce.apextrigger

  • crm.salesforce.apexunexpectedexception

  • crm.salesforce.api

  • crm.salesforce.asyncreportrun

  • crm.salesforce.audit

  • crm.salesforce.contenttransfer

  • crm.salesforce.documentattachmentdownloads

  • crm.salesforce.login

  • crm.salesforce.logout

  • crm.salesforce.metadataapioperation

  • crm.salesforce.queuedexecution

  • crm.salesforce.report

  • crm.salesforce.reportexport

  • crm.salesforce.restapi

  • crm.salesforce.search

  • crm.salesforce.searchclick

  • crm.salesforce.timebasedworkflow

  • crm.salesforce.uri

  • crm.salesforce.visualforcerequest

  • auth.secureauth.events

more info about this parser

  • auth.securenvoy.admin

  • auth.securenvoy.batch

  • auth.securenvoy.enrol

  • auth.securenvoy.radius

  • auth.securenvoy.syslog

  • auth.securenvoy.websms

more info about these parsers

  • av.sentinelone.events

  • edr.sentinelone.agent.threats

  • edr.sentinelone.agent.agents

  • edr.sentinelone.management.activities

more info about these parsers

  • itsm.servicenow.login

  • app.slack.audit

  • ids.snort.unified2

  • firewall.sonicwall.general

  • firewall.sonicwall.genv58

more info about these parsers

  • av.sophos.applicationcontrol

  • av.sophos.devicecontrol

  • av.sophos.enterprise

  • av.sophos.events

  • av.sophos.tamperprotection

  • av.sophos.threatinstances

  • av.sophos.threats

more info about these parsers

  • firewall.sophos.*

more info about these parsers

  • ids.suricata.dns

  • ids.suricata.events

  • ids.suricata.fast

  • ids.suricata.files

  • ids.suricata.http

  • ids.suricata.stdout

  • av.symantec.sep.mail

  • av.symantec.sepc.events

  • edr.symantec.events

  • endpoint.symantec.sepm.agent_behavior

  • endpoint.symantec.sepm.agent_risk

  • endpoint.symantec.sepm.agent_scan

  • endpoint.symantec.sepm.agent_security

  • endpoint.symantec.sepm.agent_system

  • endpoint.symantec.sepm.others

more info about these parsers

Rw tab
titleT

  • edr.tanium.action_history

  • edr.tanium.applicable_patches

  • edr.tanium.asset_report

  • edr.tanium.audit

  • edr.tanium.basic_asset

  • edr.tanium.client_status

  • edr.tanium.detect

  • edr.tanium.discover_lost

  • edr.tanium.discover

  • edr.tanium.events

  • edr.tanium.installedapps

  • edr.tanium.patch_list

  • edr.tanium.question

  • edr.tanium.threat_response

  • edr.tanium.threats

more info about these parsers

  • db.teradata.out

  • infra.terraform.app.archivist

  • infra.terraform.app.atlas

  • infra.terraform.app.build_manager

  • infra.terraform.app.build_worker

  • infra.terraform.app.other

  • infra.terraform.app.sidekiq 

  • infra.terraform.app.slug_ingress 

  • infra.terraform.audit.atlas 

  • infra.terraform.audit.sidekiq

more info about these parsers

  • av.trendmicro.deepsec.agent

  • av.trendmicro.deepsec.manager

more info about these parsers

  • mail.smtp.as400alerts

  • mail.smtp.dlp

  • mail.smtp.general

  • mail.smtp.imss-polevt

  • mail.smtp.spam-eti

  • mail.smtp.spam-spain

  • mail.smtp.spam-tis

  • mail.smtp.spam-trap

  • ips.tippingpoint.sms

  • cdn.triton.access

Rw tab
titleU

  • dhcp.unix.stdout

Rw tab
titleV

  • cloud.vmware_tanmzu.opsmanager.audit

more info about this parser

  • dsp.vormetric.dsm.events

more info about this parser

Rw tab
titleW

  • firewall.watchguard.traffic

  • dns.windows

more info about this parser

  • firewall.windows.stdout

more info about this parser

  • cspm.wiz.issues.default

more info about this parser

  • cms.wordpress.stdout

Rw tab
titleZ

  • ids.bro.captureloss

  • ids.bro.communication

  • ids.bro.conn

  • ids.bro.dhcp

  • ids.bro.dns

  • ids.bro.dpd

  • ids.bro.files

  • ids.bro.ftp

  • ids.bro.http

  • ids.bro.knownhosts

  • ids.bro.knownservices

  • ids.bro.notice

  • ids.bro.reporter

  • ids.bro.snmp

  • ids.bro.software

  • ids.bro.ssh

  • ids.bro.ssl

  • ids.bro.stats

  • ids.bro.weird

  • ids.bro.x509

...