| |
---|
auth.all | adn.f5.bigip.apm
adn.f5.bigip.audit
app.lastpass.events
auth.cisco.ise
auth.duo.administrator.login
auth.duo.authentication.events
auth.jumpcloud.all.events
auth.okta.events
auth.okta.system
auth.onelogin.events
auth.ping.federate.audit
auth.ping.federate.security_audit
auth.ping.id.mfa
auth.rsa.secureid.runtime
auth.securenvoy
auth.thycotic.secretserver
auth.unix
box.all.win
cef0.microsoft.microsoftWindows
cloud.aws.cloudtrail.events
cloud.aws.cloudtrail.signin
cloud.azure.ad.signin
cloud.azure.sql.audit
cloud.gsuite.reports.login
cloud.office365.management
crm.salesforceobjects.loginhistory
db.mssql.events
db.oracle.audit_trail
ddi.infoblox.audit
firewall.all.vpn.auth
firewall.cisco.asa
firewall.fortinet.event.system
firewall.juniper.srx.system
firewall.paloalto.globalprotect
firewall.paloalto.system
helpdesk.zendesk.audit.logs
network.cisco.switch
network.citrix.adc.sslvpn
siem.logtrust.web.connection
vpn.aws.client
vpn.cisco.asa.anyconnect
|
auth.jumpcloud.all.events | auth.jumpcloud.directory.events
auth.jumpcloud.ldap.events
auth.jumpcloud.mdm.events
auth.jumpcloud.radius.events
auth.jumpcloud.software.events
auth.jumpcloud.sso.events
auth.jumpcloud.systems.events
|
auth.unix | box.audit.unix
box.devo_ea.events_linux
box.unix
box.unix_cloudwatch
box.vmware.esx
cloud.azure.vm.unix
|
av.all.threats | av.mcafee.epo.threat
av.sophos.threats
av.symantec.sepc.events
|
box.all.win | box.devo_ea.events_windows
box.devo_ua.events_windows
box.win
box.win_classic
box.win_cloudwatch
box.win_hf
box.win_kinesis
box.win_nxlog
box.win_quest.change_auditor.leef
box.win_snare
box.win_solarwinds
box.win_winlogbeat
box.winNxlog
cloud.azure.vm.applicationevent
cloud.azure.vm.securityevent
cloud.azure.vm.systemevent
|
box.audit.unix | box.audit.unix.audispd
box.audit.unix.auditd
|
cdn.all.access | cdn.akamai.access
cdn.triton.access
|
cef0.fornitet.fortigateAll | cef0.fortinet.fortigate
cef0.fortinet.fortigate200e
cef0.fortinet.fortigate300d
cef0.fortinet.fortigate400e
cef0.fortinet.fortigate600e
cef0.fortinet.fortigate60e
|
cloud.office365.management | cloud.office365.management.aip
cloud.office365.management.airinvestigation
cloud.office365.management.azureactivedirectory
cloud.office365.management.cca
cloud.office365.management.compliance
cloud.office365.management.compliancemanager
cloud.office365.management.corereporting
cloud.office365.management.crm
cloud.office365.management.dlpsensitiveinformationtype
cloud.office365.management.endpoint
cloud.office365.management.exchange
cloud.office365.management.mcas
cloud.office365.management.microsoftflow
cloud.office365.management.microsoftforms
cloud.office365.management.microsoftstream
cloud.office365.management.microsoftteams
cloud.office365.management.mip
cloud.office365.management.myanalytics
cloud.office365.management.officeapps
cloud.office365.management.onedrive
cloud.office365.management.onedriveforbusiness
cloud.office365.management.powerapps
cloud.office365.management.powerbi
cloud.office365.management.powerplatformadmin
cloud.office365.management.project
cloud.office365.management.publicendpoint
cloud.office365.management.quarantine
cloud.office365.management.rdl
cloud.office365.management.securitycompliancecenter
cloud.office365.management.sharepoint
cloud.office365.management.skypeforbusiness
cloud.office365.management.threatintelligence
cloud.office365.management.workplaceanalytics
cloud.office365.management.yammer
cloud.office365.oldmanagement
|
ddi.infoblox.dns.queries_responses | |
dhcp.all | ddi.infoblox.dhcp.dhcpd
dhcp.bluecat.dhcpd
dhcp.infoblox.stdout
dhcp.microsoft.ip4
dhcp.microsoft.ip6
dhcp.unix.stdout
firewall.paloalto.system
|
domains.all | ddi.infoblox.dns.queries
dns.bind.query
dns.bluecat.named
dns.bluecat.stats
dns.infoblox.response
dns.windows
edr.crowdstrike.cannon.dnsrequest
firewall.fortinet.event.dns
ids.bro.dns
ids.bro.http
proxy.all.access
proxy.zscaler.umbrella.dns
sig.cisco.umbrella.dns
web.all.access
|
edr.all.threats | av.sentinelone.rfc_5424
cef0.bit9CarbonblackJson.cbResponse
edr.carbonblack.alert
edr.cbef.alert.cb_analytics
edr.cbef.alert.watchlist
edr.crowdstrike.cannon
edr.crowdstrike.falcon
edr.crowdstrike.falconstreaming.detection_summary
edr.cylance.threats
edr.cylance.device
edr.fireeye.alerts
edr.minervalabs.events
edr.sentinelone.agent.threats
edr.symantec.events
edr.tanium.events
edr.tanium.threats
endpoint.carbonblack.protection
xdr.cynet.alerts.events
|
edr.carbonblack.all | |
edr.crowdstrike.falconstreaming.user_activity_all | edr.crowdstrike.falconstreaming.user_activity_detections
edr.crowdstrike.falconstreaming.user_activity_device_control_policy
edr.crowdstrike.falconstreaming.user_activity_devices
edr.crowdstrike.falconstreaming.user_activity_groups
edr.crowdstrike.falconstreaming.user_activity_ip_whitelist
edr.crowdstrike.falconstreaming.user_activity_other
edr.crowdstrike.falconstreaming.user_activity_prevention_policy
edr.crowdstrike.falconstreaming.user_activity_quarantined_files
edr.crowdstrike.falconstreaming.user_activity_sensor_update_policy
|
firewall.all.cpu | |
firewall.all.ips | |
firewall.all.mem | |
firewall.all.traffic | adn.f5.bigip.afm
adn.f5.bigip.asm
box.iptables
cef0.checkPoint.vpn1Firewall1
cef0.cisco.firepower
cef0.forcepoint.firewall
cef0.fortinet.fortigateAll
cef0.paloAltoNetworks.lf
cef0.paloAltoNetworks.panOs
cef0.stonesoft.firewall
cef0.stonesoft.stonegate
cef0.zscaler.nssfwlog
cloud.azure.firewall.application_rule
cloud.azure.firewall.network_rule
cloud.cloudflare.logpush.http
edr.crowdstrike.falconstreaming.firewall_match
firewall.checkpoint.fw
firewall.checkpoint.gaia
firewall.checkpoint.lea
firewall.checkpoint.log_exporter
firewall.cisco.asa
firewall.cisco.fmc
firewall.cisco.fmc_estreamer
firewall.cisco.ftd
firewall.cisco.fwsm
firewall.cisco.pix
firewall.fortinet.traffic
firewall.juniper.isg.traffic
firewall.juniper.nsm.traffic
firewall.juniper.srx.traffic
firewall.juniper.ssg.traffic
firewall.meraki.flows
firewall.paloalto.traffic
firewall.pfsense.filterlog
firewall.pfsense.firewall
firewall.sonicwall.genv58
firewall.sophos.securenet.packetfilter
firewall.sophos.xgfirewall.firewall
firewall.stonegate.leef
firewall.stonegate.xml
firewall.velocloud.traffic
firewall.vyatta.traffic
firewall.watchguard.traffic
proxy.zscaler.nss_firewall
proxy.zscaler.zia.firewall
|
firewall.all.virus | |
firewall.all.vpn.auth | |
firewall.all.vpn.traffic | |
firewall.all.webfilter | firewall.fortinet.utm.webfilter
firewall.sonicwall.genv58
firewall.sophos.xgfirewall.contentfiltering
|
firewall.paloalto.all | firewall.paloalto.config
firewall.paloalto.correlation
firewall.paloalto.globalprotect
firewall.paloalto.hipmatch
firewall.paloalto.system
firewall.paloalto.traffic
firewall.paloalto.threat
firewall.paloalto.url
firewall.paloalto.userid
|
ftp.all.access | |
ids.bricata.alerts.all | ids.bricata.brocata
ids.bricata.burocata
|
ids.rscope | ids.rscope.communication
ids.rscope.conn
ids.rscope.dce_rpc
ids.rscope.dhcp
ids.rscope.dns
ids.rscope.dpd
ids.rscope.files
ids.rscope.ftp
ids.rscope.http
ids.rscope.intel
ids.rscope.irc
ids.rscope.kerberos
ids.rscope.known_hosts
ids.rscope.known_services
ids.rscope.modbus
ids.rscope.mysql
ids.rscope.notice
ids.rscope.ntlm
ids.rscope.pe
ids.rscope.protocolstats_orig
ids.rscope.protocolstats_resp
ids.rscope.radius
ids.rscope.rdp
ids.rscope.removed_files
ids.rscope.reporter
ids.rscope.rfb
ids.rscope.rscopestats_byte
ids.rscope.rscopestats_core
ids.rscope.rscopestats_misc
ids.rscope.rscopestats_pckt
ids.rscope.rscopestats_port
ids.rscope.rscopestats_sys
ids.rscope.sip
ids.rscope.smb_files
ids.rscope.smb_mapping
ids.rscope.smtp
ids.rscope.snmp
ids.rscope.socks
ids.rscope.software
ids.rscope.ssh
ids.rscope.ssl
ids.rscope.stats
ids.rscope.stderr
ids.rscope.stdout
ids.rscope.syslog
ids.rscope.tunnel
ids.rscope.weird
ids.rscope.x509
|
ips.all.alerts | firewall.fortinet.utm.ips
firewall.fortinet.ips.anomaly
firewall.sophos.securenet.ips
firewall.stonegate.ips
ips.cisco.sdee.alerts
ips.corero.common
ips.proventia.siteprotector.leef
ips.toplayer.common
|
mail.proofpoint.pod | mail.proofpoint.pod.events
mail.proofpoint.pod.isolation
mail.proofpoint.pod.maillog
mail.proofpoint.pod.message
|
nac.aruba.sessions | nac.aruba.sessions.common
nac.aruba.sessions.failed_authentications
nac.aruba.sessions.radius
|
netstat.netflow.all | |
network.dns | box.devo_ea.files.dns_windows
cloud.azure.firewall.dns_proxy
ddi.infoblox.dns.queries_responses
dns.bind.query
dns.bluecat.named
dns.bluecat.stats
dns.infoblox.bloxonethreatdefense.threats
dns.infoblox.response
dns.windows
edr.crowdstrike.cannon.dnsrequest
firewall.paloalto.traffic
ids.bro.dns
ids.corelight.dns
|
proxy.all.access | cef0.zscaler.nssweblog
firewall.sophos.xgfirewall.contentfiltering
proxy.bluecoat.proxysg.bcreportermain_v1
proxy.bluecoat.proxysg.main
proxy.forcepoint.access
proxy.haproxy.all
proxy.ironport.access.squid
proxy.isaserver.accessW3cAb
proxy.mcafee.webgw.accessAb
proxy.mcafee.webgw.default
proxy.squid.accessClf
proxy.squid.accessCombined
proxy.squid.accessLt
proxy.squid.accessSquid
proxy.squid.accessSquidMime
proxy.varnish.accessCombined
proxy.varnish.accessCombinedXff
proxy.zscaler.access
proxy.zscaler.nss
proxy.zscaler.nss_web
proxy.zscaler.zia.web
sig.cisco.umbrella.proxy
utm.cisco.wsa.accessStd
|
proxy.haproxy.all | proxy.haproxy.clf
proxy.haproxy.http
proxy.haproxy.tcp
|
syslog.all.stats | syslog.alcohol.stats
syslog.hybrid.stats
syslog.scoja.stats
|
web.all.access | cloud.aws.cloudfront.web_1
cloud.azure.appgateway.access_log
web.apache.accessClf
web.apache.accessCombined
web.apache.accessLt
web.apache.accessLtXff
web.apache.accessVhc
web.aws.alb.access
web.aws.cloudfront.accessW3c
web.aws.elb.access
web.aws.s3.access
web.iis.accessNcsa
web.iis.accessW3c
web.iis.accessW3cAll
web.iplanet.accessClf2
web.jboss.accessClf
web.jboss.accessCombined
web.jboss.accessLt
web.nginx.accessCombined
web.nginx.accessLt
web.nginx.accessLtXff
web.nginx.accessMain
web.tomcat.accessClf
web.tomcat.accessCombined
web.tomcat.accessLt
web.webseal.accessCombined
|