Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This group includes tags tables that start with the level av. These tags identify tables receive data generated by antivirus and protection software.

Company Product / service Valid tagsData tables

Mobile Threat Prevention 

  • av.checkpoint.mtp.audit
  • av.checkpoint.mtp.event

F-Secure Internet Gatekeeper

  • av.fsecure.igk.access

McAfee ePolicy Orchestrator (McAfee ePO)

  • av.mcafee.epo.agent
  • av.mcafee.epo.eventsendpointsecurity
  • av.mcafee.epo.threatvirusscan

Check more info about these parsers

SentinelOne Endpoint Protection Platform (EPP)

  • av.sentinelone.events

Sophos AntiVirus

  • av.sophos.applicationcontrol
  • av.sophos.devicecontroldevicecontrol 
  • av.sophos.enterprise
  • av.sophos.events
  • av.sophos.tamperprotectiontamperprotection 
  • av.sophos.threatinstancesthreatinstances 
  • av.sophos.threatsthreats 

Check more info about these parsers


Symantec Endpoint Protection

  • av.symantec.sep.mail

Symantec Endpoint Protection Cloud

  • av.symantec.sepc.events

Deep Security Software

  • av.trendmicro.deepsec.agent
  • av.trendmicro.deepsec.console
  • av.trendmicro.deepsec.manager

InterScan Web Security Virtual Appliance

  • av.trendmicro.iwsva.event

...