Document toolboxDocument toolbox

Operating Systems

Owned by Juan Tomás Alonso Nieto (Deactivated)
Jul 06, 2022
2 min read

This group includes tags that start with the level box. These tags identify data generated by operating systems.

Company

Product/Service

Data tables

Company

Product/Service

Data tables

macOS X

Docker container logs 

  • box.docker.stats

z/OS for IBM mainframes

 

 

 

 

 

  • box.zos

 

 

  • box.as400.audit.type2

More info about this parser

go-audit Linux auditing 

 

 

Linux kernel firewall - iptables

  • box.audit.unix.go-audit

 

 

  • box.iptables

More info about this parser

Oracle VMware (ESX) Machine System Logs

This technology is also supported in CEF via syslog.+info

 

  • box.vmware.esx

  • box.vmware.vcenter

More info about these parsers

Unix-like System Logs 

Windows Event Logs

 

 

Windows logs via NXlog

 

 

 

 

 

 

 

 

 

 

 

Windows logs via Snare

 

 

Windows log via Quest Intrust

  • box.win

More info about this parser

 

  • box.win_nxlog.application

  • box.win_nxlog.group_policy

  • box.win_nxlog.invalid

  • box.win_nxlog.other

  • box.win_nxlog.powershell

  • box.win_nxlog.print

  • box.win_nxlog.remote_conn

  • box.win_nxlog.security

  • box.win_nxlog.smb

  • box.win_nxlog.sysmon

  • box.win_nxlog.system

  • box.win_nxlog.windows_powershell

More info about these parsers

 

  • box.win_snare

More info about this parser

 

  • box.win_intrust

  • box.win_intrust.application

  • box.win_intrust.security

  • box.win_intrust.system

  • box.win_intrust.other

  • box.win_intrust.invalid

More info about these parsers