Note: This table shows the BlueApps that ship with USM Anywhere as of June 19, 2024. If you cannot find the BlueApp that you are looking for, submit a request so we can build one for you.
| Data Source | BlueApp | Log Format | Auto-Discovered |
|---|---|---|---|
| AdminbyRequest NXLog | AdminbyRequest NXLog | JSON | Yes |
| AdTran Switch | AdTran Switch | RegEx | No |
| Aerohive WAP | Aerohive Networks Aerohive WAP | RegEx | No |
| AIX Audit | IBM AIX Audit | RegEx | No |
| Akamai EAA | Akamai EAA | JSON | No |
| Akamai ETP | Akamai ETP | JSON | No |
| Alibaba Cloud | Alibaba Cloud | Key-Value | Yes |
| LevelBlue Agent | None. Data received through LevelBlue Agent | JSON | No |
| LevelBlue Agent - Windows EventLog | None. Data received through LevelBlue Agent | JSON | No |
| LevelBlue Cluster Management Application | LevelBlue Cluster Management Application | RegEx | No |
| LevelBlue Internal API | BlueApp for LevelBlue Forensics and Response | JSON | No |
| LevelBlue NIDS | None. Data received through a deployed sensor | JSON | Yes |
| Amazon Aurora | AWS Aurora | CSV | No |
| Amazon Aurora PostgrestSQL | AWS Aurora PostgrestSQL | RegEx | No |
| Amazon AWS CloudTrail | AWS CloudTrail | JSON | No |
| Amazon CloudFront Real Time Logs W3C | AWS CloudFront Real Time Logs W3C | W3C | No |
| Amazon EKS API Server | AWS EKS API Server | RegEx | No |
| Amazon EKS API Server Audit | AWS EKS API Server Audit | JSON | No |
| Amazon EKS Authenticator | AWS EKS Authenticator | Key-Value | No |
| Amazon Elasticsearch Service | AWS Elasticsearch Service | JSON | No |
| Amazon GuardDuty | AWS GuardDuty | JSON | No |
Amazon Macie | AWS Macie | JSON | No |
Amazon MSK | AWS MSK | JSON | Yes |
| Amazon Redshift | AWS Redshift | CSV | No |
| Amazon Redshift User Activity | AWS Redshift User Activity | RegEx | No |
| Amazon VPC Flow Logs | AWS VPC Flow Logs | CSV | No |
| Apache | Apache Web Server CLF | CLF | Yes |
| Apache Server | Apache Web Server | RegEx | No |
| Apple Airport Extreme | Apple Airport Extreme | RegEx | No |
| Arbor Networks Pravail APS | Arbor Networks Pravail APS | RegEx | Yes |
| Arista Networks Platform | Arista Networks Platform | RegEx | Yes |
| Armis Endpoint Security | Armis | JSON | No |
| Arpwatch | LBNL Arpwatch | RegEx | Yes |
| Array Networks APV Series | Array Networks APV Series | Key-Value | No |
| ArticaProxy | ArticaProxy | RegEx | No |
| Aruba | Aruba Networks Wireless | RegEx | No |
| Aruba ClearPass | Aruba Networks ClearPass | RegEx | No |
| Aruba ClearPass CEF | Aruba Networks ClearPass | CEF | Yes |
| Aruba Mobility Master | Aruba Networks Mobility Master | CEF | Yes |
| Aruba Switch | Aruba Networks Switch | RegEx | No |
| Asterisk VoIP | Asterisk VoIP | RegEx | No |
| LevelBlue Network-Based Firewall | LevelBlue Network-Based Firewall | JSON | No |
| LevelBlue VPN-RAS-GW | LevelBlue VPN-RAS-GW | Key-Value | No |
| Aunt Bertha Website Activity Plugin | Aunt Bertha Website Activity | JSON | No |
| Auth0 | Auth0 | JSON | Yes |
| Auth0 - EventBridge | Auth0 - EventBridge | JSON | Yes |
| Avanan Email Security | Avanan Email Security | JSON | No |
| Avaya Media Gateway | Avaya Media Gateway | RegEx | Yes |
| Avaya VSP Switches | Avaya VSP Switches | RegEx | No |
| Avaya Wireless LAN | Avaya Wireless LAN | RegEx | No |
| Aviatrix Cloud Gateway | Aviatrix Cloud Gateway | Key-Value | Yes |
| AWS API Gateway | AWS API Gateway | JSON | No |
| AWS Application Load Balancer | AWS Application Load Balancer | CSV | No |
| AWS Client VPN Endpoint | AWS Client VPN Endpoint | JSON | No |
| AWS Config | AWS Config | JSON | No |
| AWS Directory Service | AWS Directory Service | XML | No |
| AWS ECS | AWS ECS | JSON | No |
| AWS Health | AWS Health | JSON | Yes |
| AWS IoT | AWS IoT | JSON | No |
| AWS Kubernetes | AWS Kubernetes | RegEx | No |
| AWS Lambda | AWS Lambda | JSON | No |
| AWS Lambda@edge | AWS Lambda@edge | JSON | No |
| AWS Neptune | AWS Neptune | CSV | No |
| AWS Network Firewall | AWS Network Firewall | JSON | No |
| AWS RDS | AWS RDS | XML | No |
| AWS RDS MySQL | AWS RDS MySQL | RegEx | No |
| AWS RDS PostgreSQL | AWS RDS PostgreSQL | RegEx | No |
| AWS Route 53 Resolver Query Logs | AWS Route 53 Resolver Query Logs | JSON | No |
| AWS Step Functions | AWS Step Functions | JSON | No |
| AWS Storage Gateway | AWS Storage Gateway | JSON | No |
| AWS VPC Flow Logs | AWS VPC Flow Logs | JSON | No |
| AWS Web Application Firewall (WAF) | AWS Web Application Firewall | JSON | No |
| AWS Windows | AWS Windows | Split | No |
| Azure AD Audit Logs | Microsoft Azure AD Audit Logs | JSON | No |
| Azure AD Monitoring | Microsoft Azure AD Monitoring | JSON | No |
| Azure AD Sign In | Microsoft Azure AD Sign In | JSON | No |
| Azure AKS BLOB storage | Microsoft Azure AKS BLOB storage | JSON | No |
| Azure App Service | Microsoft Azure App Service | JSON | No |
| Azure Application Gateway | Microsoft Azure Application Gateway | JSON | Yes |
| Azure IIS | Microsoft Azure IIS | W3C | No |
| Azure Insight | Microsoft Azure Insight | JSON | No |
| Azure Multifactor Authentication | Microsoft Azure Multifactor Authentication | RegEx | No |
| Azure Security Center | Microsoft Azure Security Center | JSON | No |
| Azure SQL Database | Microsoft Azure SQL Database | JSON | No |
| Azure SQL Server | Microsoft Azure SQL Server | JSON | No |
| Azure VPN Gateway | Azure VPN Gateway | JSON | No |
| Azure Web App | Microsoft Azure Web App | W3C | No |
| Azure Windows Events | Microsoft Azure Windows Events | JSON | No |
| Barracuda CloudGen Firewall | Barracuda CloudGen Firewall | RegEx | Yes |
| Barracuda Content Shield | Barracuda Content Shield | RegEx | Yes |
| Barracuda Email Security Service | Barracuda Email Security Service | JSON | No |
| Barracuda Load Balancer ADC | Barracuda Load Balancer ADC | Key-Value | No |
| Barracuda NextGen Firewall | Barracuda NextGen Firewall | RegEx | Yes |
| Barracuda NextGen Firewall Traffic | Barracuda NextGen Firewall | Traffic Key-Value | Yes |
| Barracuda Spam Firewall | Barracuda Spam Firewall | CSV | Yes |
| Barracuda Web Application Firewall | Barracuda Web Application Firewall | RegEx | Yes |
| Barracuda Web Application Firewall CEF | Barracuda Web Application Firewall | CEF | Yes |
| Barracuda Web Filter | Barracuda Web Filter | RegEx | Yes |
| Bayshore | Bayshore | Key-Value | No |
| BeyondTrust BeyondInsight | BeyondTrust BeyondInsight | Key-Value | No |
| BeyondTrust Privilege Management Console | BeyondTrust Privilege Management Console | JSONbeyond | No |
| Bitdefender GravityZone | Bitdefender GravityZone | JSON | Yes |
| Bitvise SSH Server NXLog | Bitvise SSH Server NXLog | JSON | Yes |
| BlackBerry UEM | BlackBerry UEM | RegEx | No |
| Bluecoat W3C | Bluecoat | W3C | No |
| Box Events | Box | JSON | No |
| Bricata | Bricata | LEEF | Yes |
| Bro IDS | Bro IDS | JSON | Yes |
| Brocade | Brocade | RegEx | No |
| Buffalo TeraStation | Buffalo TeraStation | RegEx | Yes |
| Business Intelligence Analytics | Looker Business Intelligence Analytics | RegEx | No |
| Cambium Networks Xirrus | Cambium Networks Xirrus | RegEx | No |
| Capsule8 Linux Detection | Capsule8 Linux Detection | JSON | No |
| Cato Networks Cloud-based NGFW | Cato Networks Cloud-based NGFW | CEF | Yes |
| Carbon Black Defense | Carbon Black Endpoint Standard | CEF | Yes |
| Carbon Black Defense JSON | Carbon Black Endpoint Standard | JSON | No |
| Carbon Black Protection | Carbon Black App Control | Key-Value | No |
| Carbon Black Protection CEF | Carbon Black App Control | CEF | Yes |
| Carbon Black EDR JSON | Carbon Black EDR | JSON | No |
| Carbon Black EDR LEEF | Carbon Black EDR | Key-Value | No |
| Centrify Cloud IdM | Centrify Cloud IdM | Key-Value | Yes |
| Centrify Server Suite | Centrify Server Suite | RegEx | Yes |
| Check Point CloudGuard Dome9 | Check Point CloudGuard Dome9 | JSON | Yes |
Check Point FW1 | Check Point | Key-Value | No |
| Check Point FW1 Generic | Check Point FW1 | RegEx | No |
| Check Point FW1 Loggrabber | Check Point FW1 | Loggrabber | Yes |
| Check Point FW1 R77.30 | Check Point FW1 | R77.30 Key-Value | No |
| Check Point FW1 R80 CEF | Check Point FW1 | R80 CEF | Yes |
| Check Point SandBlast Agent | Check Point SandBlast Agent | Key-Value | No |
| Cisco ACE | Cisco ACE | RegEx | Yes |
| Cisco ACS | Cisco ACS | Key-Value | Yes |
| Cisco AMP for Endpoints | Cisco Secure Endpoint | JSON | No |
| Cisco ASA | Cisco Secure Firewall ASA | RegEx | Yes |
| Cisco ASR | Cisco ASR | RegEx | Yes |
| Cisco Email Security | Cisco Secure Email | CEF | Yes |
| Cisco ESA | Cisco ESA | Key-Value | No |
| Cisco Expressway | Cisco Expressway | RegEx | No |
| Cisco Firepower Management Center | Cisco Secure Firewall Threat Defense Manager | RegEx | Yes |
| Cisco Firepower NGIPS | Cisco Firepower NGIPS | RegEx | Yes |
| Cisco Firepower NGFW | Cisco Firepower NGFW | Key-Value | No |
| Cisco Firepower Threat Defense | Cisco Firepower Threat Defense | RegEx | Yes |
| Cisco HyperFlex | Cisco HyperFlex | RegEx | No |
| Cisco Ironport | Cisco Ironport | RegEx | No |
| Cisco ISE | Cisco ISE | Key-Value | Yes |
| Cisco Lancope StealthWatch | Cisco Lancope StealthWatch | CEF | Yes |
| Cisco Meraki | Cisco Meraki | Key-Value | No |
| Cisco Nexus | Cisco Nexus | RegEx | Yes |
| Cisco Pix | Cisco Pix | RegEx | Yes |
| Cisco Router | Cisco Router | RegEx | Yes |
| Cisco RV Series Router | Cisco RV Series Router | RegEx | No |
| Cisco SD-WAN by Viptela | Cisco SD-WAN by Viptela | RegEx | Yes |
| Cisco Stealth Watch Cloud | Cisco Stealth Watch Cloud | JSON | No |
| Cisco UCS Manager | Cisco UCS Manager | RegEx | Yes |
| Cisco Umbrella | Cisco Umbrella | CSV | No |
| Cisco Umbrella Proxy | Cisco Umbrella Proxy | CSV | No |
| Cisco Unified Communications Manager | Cisco Unified Communications Manager | Key-Value | No |
| Cisco VPN | Cisco VPN | RegEx | No |
| Cisco WLC | Cisco WLC | RegEx | No |
| Citrix NetScaler | Citrix NetScaler | Key-Value | No |
| Citrix NetScaler Application Firewall CEF | Citrix NetScaler Application Firewall | CEF | Yes |
| Citrix XenServer | Citrix XenServer | RegEx | Yes |
| Claroty | Claroty | CEF | Yes |
| Clavister Firewall | Clavister Firewall | Key-Value | No |
| Clearswift SECURE Email Gateway | Clearswift SECURE Email Gateway | RegEx | No |
| Clearswift SECURE Web Gateway | Clearswift SECURE Web Gateway | Split | No |
| Cloudflare Enterprise Log Share | Cloudflare | JSON | No |
| Cloudflare Enterprise Log Share Audit | Cloudflare | JSON | No |
| Cloudflare Enterprise Log Share Received | Cloudflare | JSON | No |
| CloudFront RTMP distribution W3C | AWS CloudFront RTMP distribution W3C | W3C | No |
| CloudFront Web distribution W3C | AWS CloudFront Web distribution W3C | W3C | No |
| CloudPassage CEF | CloudPassage | CEF | Yes |
| ConnectWise API | ConnectWise | JSON | No |
| Corelight | Corelight | JSON | No |
| Cowrite Honeypot | Cowrite Honeypot | JSON | Yes |
| Cradlepoint AER | Cradlepoint AER | RegEx | No |
| CrowdStrike | CrowdStrike | JSON | No |
| CrowdStrike Falcon | CrowdStrike Falcon | CEF | Yes |
| CyberArk Enterprise Password Vault | CyberArk Enterprise Password Vault | CEF | Yes |
| CyberHound | CyberHound | RegEx | No |
| CyberX Platform | CyberX Platform | CEF | Yes |
| Cylance CylancePROTECT | Cylance CylancePROTECT | Key-Value | Yes |
| Cylance CylancePROTECT - Logstash | Cylance CylancePROTECT | JSON | Yes |
| Cylance CylanceSVC | Cylance CylanceSVC | Key-Value | Yes |
| Cylance Optics | Cylance Optics | Key-Value | Yes |
| Cynet 360 | Cyphort 360 | CEF | Yes |
| Cyphort CEF | Cyphort | CEF | Yes |
| D-Link UTM Firewall | D-Link UTM Firewall | Key-Value | Yes |
| Darktrace Cyber Intelligence Platform | Darktrace Cyber Intelligence Platform | CEF | Yes |
| Darktrace Cyber Intelligence Platform - JSON | Darktrace Cyber Intelligence Platform | JSON | Yes |
| DataSunrise Database Firewall | DataSunrise Database Firewall | CEF | Yes |
| DB CyberTech | DB CyberTech | CEF | Yes |
| Deep Instinct Advanced Endpoint Security | Deep Instinct Advanced Endpoint Security | CEF | Yes |
| Dell Boomi Atom | Dell Boomi Atom | JSON | Yes |
| Dell Compellent SC | Dell Compellent SC | RegEx | No |
| Dell EMC DNOS | Dell EMC DNOS | RegEx | No |
| Dell EMC Isilon | Dell EMC Isilon | RegEx | No |
| Dell Force10 Switch | Dell Force10 Switch | RegEx | No |
| Dell IDRAC | Dell IDRAC | RegEx | No |
| Dell Networking X-Series | Dell X-Series | RegEx | No |
| Dell SecureWorks | Dell SecureWorks | RegEx | No |
| Dell SonicWall UTM | SonicWall UTM | Key-Value | No |
| Dell SonicWall UTM - Logstash | Dell SonicWall UTM | JSON | Yes |
| DenyAll WAF | DenyAll WAF | CSV | No |
| DenyAll WAF JSON | DenyAll WAF | JSON | No |
| Devolutions Password Server | Devolutions Password Server | RegEx | No |
| Digital Guardian DLP | Digital Guardian DLP | CEF | Yes |
| Digital Shadows Searchlight | Digital Shadows Searchlight | JSON | No |
| Docker | Docker | JSON | No |
| Docker Dockerd | Docker Dockerd | Key-Value | Yes |
| DrayTek Vigor | DrayTek Vigor | RegEx | No |
| Dropbox | Dropbox | JSON | No |
| Dtex | Dtex Systems | CEF | Yes |
| Duo Authentication Proxy NXLog | Duo Authentication Proxy NXLog | JSON | Yes |
| Duo Log Sync | Duo Log Sync | JSON | No |
| Duo Security - Logstash | Duo Security | JSON | Yes |
| Duo Two-Factor Authentication CEF | Duo Two-Factor Authentication | CEF | Yes |
| EclecticIQ Endpoint Response | EclecticIQ Endpoint Response | JSON | No |
| EdgeWave | EdgeWave | RegEx | No |
| Egnyte Audits | Egnyte Audits | Key-Value | Yes |
| Elastic Packetbeat - Logstash | Elastic Packetbeat | JSON | Yes |
| Elastic Winlogbeat - Logstash | Elastic Winlogbeat | JSON | Yes |
| ELBAccess | AWS ELBAccess | CSV | No |
| Endpoint Protector | CoSoSys Endpoint Protector | Key-Value | Yes |
| Epic EHR | Epic EHR | CEF | Yes |
| Eset | Eset | JSON | Yes |
| ExtraHop Reveal | ExtraHop Reveal | Key-Value | No |
| ExtraHop Reveal CEF | ExtraHop Reveal | CEF | Yes |
| ExtraHop Reveal JSON | ExtraHop Reveal | JSON | No |
| Extreme Networks SummitX and Black Diamond Switches | Extreme Networks SummitX/Black Diamond Switches | RegEx | No |
| F-Secure Policy Manager | F-Secure Policy Manager | Key-Value | No |
| F5 Application Security Manager CEF | F5 BIG-IP ASM | CEF | No |
| F5 BIG-IP | F5 BIG-IP | RegEx | No |
| F5 BIG-IP Access Policy Manager | F5 BIG-IP Access Policy Manager | RegEx | No |
| F5 BIG-IP ASM | F5 BIG-IP ASM | CSV | Yes |
| Fail2ban | Fail2ban | Rgex | Yes |
| FiberStore Switches | FiberStore Switches | RegEx | No |
| FireEye Central Management System | FireEye Central Management | CEF | Yes |
| FireEye Endpoint Security HX Series | FireEye Endpoint Security | CEF | Yes |
| FireEye Malware Protection Systems | FireEye Malware Protection | CEF | Yes |
| Fluentd | Fluentd | RegEx | Yes |
| Forcepoint CASB | Forcepoint CASB | CEF | Yes |
| Forcepoint DLP | Forcepoint DLP | CEF | Yes |
| Forcepoint Email Security | Forcepoint Email Security | CEF | Yes |
| Forcepoint NGFW | Forcepoint NGFW | CEF | Yes |
| Forcepoint Triton AP-Web | Forcepoint Triton AP-Web | CEF | Yes |
| Forcepoint Web Security Cloud NXLog | Forcepoint Web Security Cloud | JSON | Yes |
| ForeScout NAC | ForeScout NAC | RegEx | Yes |
| FortiGate Single Sign-On | FortiGate Single Sign-On | RegEx | No |
| Fortinet FortiAnalyzer - Logstash | Fortinet FortiAnalyzer | JSON | Yes |
| Fortinet FortiClient | Fortinet FortiClient | Key-Value | Yes |
| Fortinet FortiClient CEF | Fortinet FortiClient | CEF | Yes |
| Fortinet FortiDDoS | Fortinet FortiDDoS | Key-Value | No |
| Fortinet FortiGate | Fortinet FortiGate | Key-Value | Yes |
| Fortinet FortiManager | Fortinet FortiManager | Key-Value | Yes |
| Fortinet FortiNAC | Fortinet FortiNAC | CSV | No |
| Fortinet FortiWAN | Fortinet FortiWAN | RegEx | No |
| Fortinet FortiWeb | Fortinet FortiWeb | Key-Value | Yes |
| Fortinet Menu Networks MC | Fortinet Menu Networks MC | RegEx | No |
| FreeRadius | FreeRADIUS | RegEx | Yes |
| FutureX Guardian | FutureX Guardian | Split | No |
| G Suite Audit | Google G Suite | JSON | No |
| G Suite Drive | Google G Suite | JSON | No |
| G Suite Mail | Google G Suite | JSON | No |
| GitHub | GitHub | JSON | No |
| GitLab | GitLab | RegEx | Yes |
| Google Cloud Audit | Google Cloud Audit | JSON | No |
| Google Cloud Firewall Logs | Google Cloud Firewall Logs | JSON | No |
| Google Cloud Kubernetes Engine | Google Cloud Kubernetes Engine | JSON | No |
| Google Cloud Platform - Compute Engine | Google Cloud Platform - Compute Engine | JSON | No |
| Google Cloud Platform Audit | Google Cloud Platform Audit | JSON | No |
| Google Cloud VPC FlowLogs | Google Cloud VPC FlowLogs | JSON | No |
| Graphus | Graphus | JSON | Yes |
| GTA Firewall | GTA Firewall | Key-Value | No |
| GTB Technologies | GTB Technologies | CEF | Yes |
| H3C Switch | H3C Switch | RegEx | No |
| HAProxy | HAProxy | CSV | Yes |
| HelpSystems GoAnywhere | HelpSystems GoAnywhere | Key-Value | Yes |
| Heroku Dynos | Heroku Dynos | RegEx | No |
| HP Storage Area Network Switch | HP SAN Switch | RegEx | No |
| HP Switch | HP Switch | RegEx | No |
| HPE Integrated Lights Out | HPE Integrated Lights Out | RegEx | No |
| HPE MSM Controller | HPE MSM Controller | RegEx | No |
| HPE OfficeConnect | HPE OfficeConnect | RegEx | No |
| HPE StoreOnce | HPE StoreOnce | RegEx | Yes |
| Huawei NGFW | Huawei NGFW | Key-Value | No |
| IBM IHS | IBM IHS | RegEx | No |
| IBM Maximo | IBM Maximo | RegEx | Yes |
| IBM QRadar Network Security | IBM QRadar | LEEF | Yes |
| IBM QRadar WinCollect | IBM QRadar WinCollect | Key-Value | Yes |
| IBM Security Directory | IBM Security Directory | Key-Value | Yes |
| IBM Security Guardium | IBM Security Guardium | CEF | Yes |
| IBM Tivoli Access Manager WebSEAL | IBM Tivoli Access Manager WebSEAL | CSV | Yes |
| iboss Cloud Platform | iboss Cloud Platform | JSON | No |
| Illumio Policy Compute Engine | Illumio Policy Compute Engine | RegEx | Yes |
| Illusive Networks Honeypot | Illusive Networks Honeypot | CEF | Yes |
| Imperva SecureSphere | Imperva SecureSphere | Key-Value | No |
| Imperva SecureSphere CEF | Imperva SecureSphere | CEF | Yes |
| Incapsula CEF | Incapsula | CEF | Yes |
| Infoblox Data Connector | Infoblox Data Connector | CEF | Yes |
| Infoblox DDI | Infoblox | RegEx | No |
| Infocyte | Infocyte | CEF | Yes |
| Ipswitch WS_FTP | Ipswitch | RegEx | No |
| Ironscales IronTraps | Ironscales IronTraps | CEF | Yes |
| JAMF Protect | JAMF Protect | JSON | No |
| Jenkins | Jenkins | RegEx | Yes |
| Jira API | Jira | JSON | No |
| JSCAPE MFT Server | JSCAPE MFT Server | CSV | No |
| Juniper EX Series | Juniper EX Series | RegEx | Yes |
| Juniper MX Series | Juniper MX Series | RegEx | Yes |
| Juniper NetScreen ScreenOS | Juniper NetScreen ScreenOS | RegEx | No |
| Juniper NetScreen ScreenOS Traffic | Juniper NetScreen ScreenOS | Traffic Key-Value | Yes |
| Juniper Network Security Manager | Juniper Network Security | CSV | No |
| Juniper QFX Series | Juniper QFX Series | RegEx | No |
| Juniper Secure Access VPN | Juniper Secure Access VPN | RegEx | No |
| Juniper SRX - Logstash | Juniper SRX | JSON | Yes |
| Juniper SRX Junos | Juniper SRX | RegEx | No |
| Kaspersky Security | Kaspersky Security Center | JSON | No |
| Kaspersky Security Center | Kaspersky Security Center | RegEx | Yes |
| Kaspersky Security Center CEF | Kaspersky Security Center | CEF | Yes |
| Kerio Connect | GFI Software Kerio Connect | RegEx | Yes |
| Keycloak | Keycloak | Key-Value | Yes |
| Keycloak JSON | Keycloak | JSON | Yes |
| Keyfactor Cloud PKlaaS | Keyfactor Cloud PKlaaS | RegEx | No |
| KeyFocus KFSensor | KeyFocus KFSensor | Key-Value | Yes |
| Kiteworks Accellion | Kiteworks Accellion | JSON | Yes |
| Lacework Cloud Security | Lacework Cloud Security | JSON | No |
| Libra Esva Email Security | Libra Esva Email Security | RegEx | No |
| Lightning ADC | A10 Networks Lightning ADC | RegEx | No |
| Linux Auditd | Linux Auditd | Fullmessage | Yes |
| Linux BIND | ISC Linux BIND | RegEx | Yes |
| Linux ClamAV | Linux ClamAV | Fullmessage | Yes |
| Linux CRON | Linux CRON | RegEx | Yes |
| Linux DHCP Client | Linux DHCP Client | RegEx | Yes |
| Linux DHCPD | Linux DHCPD | RegEx | Yes |
| Linux DNSMASQ | Linux DNSMASQ | RegEx | Yes |
| Linux IPTables | Linux IPTables | Key-Value | No |
| Linux Kernel | Linux Kernel | RegEx | Yes |
| Linux NXLog | Linux NXLog | JSON | Yes |
| Linux Process | Linux Process | RegEx | Yes |
| Linux Services | Linux Services | RegEx | No |
| Linux SSH | Linux SSH | RegEx | Yes |
| Linux SUDO | Linux SUDO | RegEx | Yes |
| Linux Systemd | Linux Systemd | RegEx | Yes |
| Linux Useradd/Groupadd | Linux Useradd/Groupadd | RegEx | Yes |
| LogMeIn LastPass | LogMeIn LastPass | JSON | Yes |
| Lookout JSON | Lookout | JSON | No |
| Lookout | Lookout | Key-Value | Yes |
| Malwarebytes Breach Remediation | Malwarebytes Breach Remediation | CEF | Yes |
| Malwarebytes Endpoint Protection | Malwarebytes Endpoint Protection | CEF | Yes |
| Malwarebytes Endpoint Security | Malwarebytes Endpoint Security | JSON | Yes |
| Malwarebytes Management Console | Malwarebytes Management Console | CEF | Yes |
| ManageEngine ADAudit Plus | ManageEngine | Key-Value | Yes |
| ManageEngine Data Security | ManageEngine Data Security | Key-Value | No |
| ManageEngine PAM360 | ManageEngine | RegEx | No |
| ManageEngine Password Manager Pro | ManageEngine Password Manager Pro | CSV | No |
| McAfee Database Security | McAfee Database Security | CEF | Yes |
| McAfee EPO | McAfee | JSON | No |
| McAfee EPO - Logstash | McAfee EPO Logstash | JSON | Yes |
| McAfee Network Security Platform | McAfee Network Security Platform | RegEx | Yes |
| McAfee Web Gateway | McAfee Web Gateway | CEF | Yes |
| Microsoft Advanced Threat Analytics | Microsoft Advanced Threat Analytics | CEF | Yes |
| Microsoft Advanced Threat Protection CEF | Microsoft Advanced Threat Protection | CEF | Yes |
| Microsoft Advanced Threat Protection JSON | Azure Log Collection | JSON | No |
| Microsoft Azure Automation | Microsoft Azure Automation | JSON | Yes |
| Microsoft Azure Firewall | Microsoft Azure Firewall | JSON | Yes |
| Microsoft Azure Network Security Group | Microsoft Azure Network Security Group | JSON | Yes |
| Microsoft Cloud App Security | Microsoft Cloud App Security | CEF | Yes |
| Microsoft Defender for Cloud | Microsoft Defender for Cloud | CSV | No |
| Microsoft HTTP API 2.0 NXLog | Microsoft HTTP API 2.0 NXLog | CSV | Yes |
| Microsoft IIS 8.0+ Plugin | Microsoft IIS | Pre-8.0 CSV | No |
| Microsoft IIS pre-8.0 Plugin | Microsoft IIS | 8.0+ CSV | No |
| Microsoft IIS Regex | Microsoft IIS | RegEx | No |
| Microsoft Intune | Microsoft Intune | JSON | No |
| Microsoft OmiServer | Microsoft OmiServer | RegEx | Yes |
| MikroTik Router | MikroTik Router | RegEx | No |
| Mimecast | Mimecast | Key-Value | No |
| MNP LLP Web App | MNP LLP Web App | RegEx | No |
| MobileIron Core | MobileIron Core | RegEx | No |
| MobileIron Threat Defense | MobileIron Threat Defense | JSON | No |
| ModSecurity Nginx | ModSecurity Nginx | RegEx | No |
| MySQL Community Edition | System Software MySQL Community Edition | RegEx | No |
| Nasuni Edge Appliance | Nasuni Edge Appliance | JSON | No |
| Nasuni Edge Appliance Audit | Nasuni Edge Appliance Audit | RegEx | Yes |
| NetApp Hybrid-Flash Storage System | NetApp Hybrid-Flash Storage System | RegEx | No |
| Netgate | Linux Netgate | Key-Value | Yes |
| Netgear Access Point | Netgear Access Point | RegEx | No |
| Netgear Firewall | Netgear Firewall | RegEx | No |
| Netgear Switch | Netgear Switch | RegEx | No |
| NetMotion Mobility Server | NetMotion Mobility Server | RegEx | No |
| Netskope | Netskope | JSON | No |
| Netskope CEF | Netskope | CEF | Yes |
| Netskope - Logstash | Netskope | JSON | Yes |
| Netwrix Auditor NXLog | Netwrix Auditor | JSON | Yes |
| NGINX | NGINX | CLF | Yes |
| NGINX Error | NGINX Error | RegEx | Yes |
| NGINX NAXSI | NBS NGINX NAXSI | RegEx | Yes |
| Nimble Storage | Nimble Storage | RegEx | Yes |
| NLnet Labs Unbound | NLnet Labs Unbound | Split | Yes |
| Northwave Gateway | Northwave Gateway | Key-Value | No |
| ObserveIT | ObserveIT | CEF | Yes |
| Office 365 Audit | Microsoft Office 365 Audit | JSON | No |
| Office 365 Azure AD | Microsoft Office 365 Azure AD | JSON | No |
| Office 365 Exchange | Microsoft Office 365 Exchange | JSON | No |
| Office 365 SharePoint | Microsoft Office 365 SharePoint | JSON | No |
| Office 365 SharePoint NXLog | Office 365 SharePoint NXLog | JSON | Yes |
| Okta | Okta | JSON | No |
| Olfeo Proxy | Olfeo Proxy | RegEx | Yes |
| OneLogin | OneLogin | Key-Value | No |
| OpenGear Out-of-Band Management | OpenGear Out-of-Band Management | RegEx | No |
| OpenVPN Syslog | OpenVPN Technologies | RegEx | Yes |
| Oracle Audit Syslog | Oracle Audit Syslog | RegEx | Yes |
| Oracle BART | Oracle BART | RegEx | Yes |
| Oracle Cloud Infrastructure Audit | Oracle Cloud Infrastructure Audit | JSON | Yes |
| Oracle DB | Oracle DB | JSON | No |
| Oracle MySQL Enterprise | Oracle MySQL Enterprise | JSON | Yes |
| Osquery | Osquery | JSON | Yes |
| Osquery Error | Osquery Error | Key-Value | Yes |
| OSSEC Daemon | Trend Micro OSSEC Daemon | RegEx | Yes |
| OSSEC JSON | Trend Micro OSSEC | JSON | Yes |
| OSSEC v2.5 | Trend Micro OSSEC | Key-Value | Yes |
| PA File Sight | Power Admin PA File Sight | RegEx | No |
| Packet Viper | Packet Viper | Key-Value | No |
| PacketFence | Inverse PacketFence | RegEx | No |
| Palo Alto Cortex Data Lake | Palo Alto Cortex Data Lake | CEF | Yes |
| Palo Alto Cortex XDR | Palo Alto Cortex XDR | CEF | Yes |
| Palo Alto Networks CloudGenix ION | Palo Alto Networks CloudGenix ION | CSV | Yes |
| Palo Alto Traps | Palo Alto Networks Traps | CEF | Yes |
| Palo Alto Traps Management Service | Palo Alto Networks Traps Management | CSV | Yes |
| Palo Alto PAN-OS | Palo Alto Networks PAN-OS | CSV | Yes |
| Palo Alto PAN-OS - Logstash | Palo Alto Networks PAN-OS | JSON | Yes |
| Palo Alto PAN-OS CEF | Palo Alto Networks PAN-OS | CEF | Yes |
| Panda SIEM Feeder | Panda SIEM Feeder | Key-Value | Yes |
| Passwordstate | Click Studios Passwordstate | CSV | No |
| Passwordstate Syslog | Click Studios Passwordstate Syslog | RegEx | No |
| Percona Audit Log | Percona Audit Log | JSON | Yes |
| Perimeter81 | Perimeter81 | RegEx | Yes |
| pfSense Filter | pfSense Filter | CSV | Yes |
| pfSense System | pfSense System | RegEx | No |
| pfSense VPN | pfSense VPN | RegEx | Yes |
| phpIPAM | phpIPAM | RegEx | Yes |
| Pleasant Password Server | Pleasant Password Server | RegEx | Yes |
| Plixer Scrutinizer | Plixer Scrutinizer | JSON | Yes |
| Postfix | Postfix | RegEx | Yes |
| PostgreSQL | PostgreSQL | RegEx | No |
| Power Admin PA File Sight | Power Admin PA File Sight | RegEx | No |
| Power Admin PA Sever Monitor | Power Admin PA Sever Monitor | JSON | Yes |
| PowerDNS | Open-XChange PowerDNS | RegEx | Yes |
| Preempt Security Behavioral Firewall | Preempt Security Behavioral Firewall | CEF | Yes |
| Preempt Security Behavioral Firewall - Logstash | Preempt Security Behavioral Firewall | JSON | Yes |
| ProFTPD | ProFTPD | RegEx | Yes |
| Proofpoint Targeted Attack Protection (TAP) | Proofpoint Targeted Attack Protection | Key-Value | No |
| Proofpoint Targeted Attack Protection - Logstash | Proofpoint Targeted Attack Protection | JSON | Yes |
| Proofpoint Targeted Attack Protection Syslog | Proofpoint Targeted Attack Protection Syslog | Key-Value | No |
| Proxmox Virtual Environment | Proxmox Virtual Environment | RegEx | Yes |
| PRTG Network Monitor | Paessler PRTG Network Monitor | RegEx | Yes |
| Pulse Connect Secure | Pulse Connect Secure | RegEx | Yes |
| Pure-FTPd | Pure-FTPd | RegEx | Yes |
| Qnap NAS | Qnap NAS | RegEx | Yes |
| Radware AppWall | Radware Cloud Services | Key-Value | No |
| Radware Cloud Services | Radware Cloud Services | Key-Value | No |
| Radware Defense Pro | Radware Defense Pro | RegEx | No |
| Raritan Dominion KX II KVM | Raritan Dominion KX II KVM | RegEx | No |
| Red Hat Ansible | Red Hat Ansible | Key-Value | Yes |
| Red Hat Directory Server | Red Hat Directory Server | RegEx | Yes |
| Red Hat Single Sign-On | Red Hat Single Sign-On | RegEx | Yes |
| Red Hat WildFly | Red Hat WildFly | JSON | No |
| Riverbed SteelCentral | Riverbed SteelCentral | RegEx | No |
| Riverbed SteelConnect | Riverbed SteelConnect | RegEx | No |
| Riverbed STM | Riverbed STM | CLF | No |
| Route 53 DNS Queries | AWS Route 53 DNS Queries | CSV | No |
| RSA Authentication Manager | RSA Authentication Manager | CSV | No |
| Ruckus SmartCell Gateway | Ruckus SmartCell Gateway | Key-Value | No |
| Ruckus Virtual SmartZone | Ruckus Virtual SmartZone | RegEx | No |
| Ruckus Wireless ZoneDirector | Ruckus Wireless ZoneDirector | RegEx | No |
| Rumble Network Discovery | Rumble Network Discovery | Key-Value | Yes |
| Salesforce Activity | Salesforce | JSON | No |
| Salesforce LoginHistory | Salesforce | JSON | No |
| Salesforce Mulesoft | Salesforce Mulesoft | JSON | No |
| Salesforce SetupAuditTrail | Salesforce SetupAuditTrail | JSON | No |
| Samba | Samba | Split | Yes |
| Sangfor Next-Generation Firewall | Sangfor Next-Generation Firewall | Key-Value | Yes |
| SAST Security Radar | SAST Security Radar | CEF | Yes |
| SecureAuth | SecureAuth | XML | Yes |
| SEL-3620 | SEL-3620 | RegEx | No |
| SEL RTAC | SEL RTAC | CSV | Yes |
| SendMail | SendMail | Key-Value | Yes |
| SentinelOne | SentinelOne Syslog | CEF | Yes |
| SentinelOneAPI | SentinelOne | JSON | No |
| SentinelOneSTAR | SentinelOne | JSON | No |
| SentryWire Packet Capture | Alliance SentryWire Packet Capture | RegEx | Yes |
| ServerAccess | AWS ServerAccess | CSV | No |
| ServiceNow API | ServiceNow | JSON | No |
| Shrubbery Tacacs | Shrubbery Networks Tacacs | RegEx | No |
| Signal Sciences Cloud WAF | Signal Sciences Cloud WAF | JSON | No |
| Silver Peak Unity Orchestrator | Silver Peak Unity Orchestrator | Key-Value | No |
| Silver Peak Unity Orchestrator RegEx | Silver Peak Unity Orchestrator | RegEx | No |
| Silver Peak WAN Optimization | Silver Peak WAN Optimization | RegEx | No |
| SinfoniaRx RxCompanion | SinfoniaRx RxCompanion | RegEx | Yes |
| Slack | Slack | JSON | No |
| Slapd | OpenLDAP Slapd | RegEx | Yes |
| Smoothwall Express | Smoothwall Express | RegEx | No |
| Snort Syslog | Cisco Snort | RegEx | Yes |
| Snowflake | Snowflake Snowflake | JSON | No |
| SoftEther VPN | SoftEther VPN | RegEx | No |
| SonicWall SSL VPN | SonicWall SSL VPN | Key-Value | Yes |
| Sophos Central | Sophos | CEF | Yes |
| Sophos Central JSON | Sophos | JSON | No |
| Sophos Cyberoam | Sophos Cyberoam | Key-Value | No |
| Sophos Email Appliance | Sophos Email Appliance | RegEx | No |
| Sophos Enterprise Console | Sophos Enterprise Console | Key-Value | Yes |
| Sophos UTM | Sophos UTM | Key-Value | No |
| Sophos UTM & UTM VPN - Logstash | Sophos UTM & UTM VPN | JSON | Yes |
| Sophos UTM WAF | Sophos UTM WAF | RegEx | Yes |
| Sophos Web Security | Sophos Web Security | Key-Value | Yes |
| Sophos XG | Sophos XG | Key-Value | Yes |
| SourceFire IDS | Cisco SourceFire IDS | RegEx | No |
| South River Technologies Titan FTP Server | South River Technologies Titan FTP Server | W3C | No |
| SpyCloud API | SpyCloud Dark Web Monitoring | JSON | No |
| Squid | Squid | RegEx | Yes |
| SSH.COM PrivX | SSH.COM PrivX | JSON | No |
| STEALTHbits File Activity Monitor | STEALTHbits | CEF | Yes |
| Stormshield SN | Stormshield SN | Key-Value | No |
| StrongSwan VPN | StrongSwan VPN | RegEx | Yes |
| SWIFT NXLog | SWIFT NXLog | JSON | Yes |
| Symantec ATP | Symantec ATP | CEF | Yes |
| Symantec DLP | Symantec DLP | CEF | Yes |
| Symantec Encryption | Symantec Encryption | RegEx | No |
| Symantec Endpoint Threat Defense for Active Directory | Symantec Endpoint Threat Defense for Active Directory | Key-Value | Yes |
| Symantec EPM | Symantec EPM | RegEx | No |
| Syncplify.me | Syncplify | RegEx | No |
| Synology NAS | Synology NAS | RegEx | No |
| Tanium Threat Response | Tanium Threat Response | JSON | No |
| Tenable Nessus Network Monitor | Tenable Nessus Network Monitor | Split | Yes |
| Tenable Tenable.io | Tenable Tenable.io | JSON | No |
| Tesserent Next Gen Firewall | Tesserent Next Gen Firewall | Key-Value | No |
| Thinkst Canary | Thinkst Canary | Key-Value | Yes |
| Thycotic Secret Server | Thycotic Secret Server | CEF | Yes |
| Trend Micro Control Manager | Trend Micro Control Manager | Key-Value | Yes |
| Trend Micro Control Manager CEF | Trend Micro Apex Central | CEF | Yes |
| Trend Micro Deep Discovery Inspector | Trend Micro Deep Discovery Inspector | CEF | Yes |
| Trend Micro Deep Security | Trend Micro Deep Security | CEF | Yes |
| Trend Micro InterScan | Trend Micro InterScan Messaging Security Virtual Appliance | RegEx | No |
| Trend Micro InterScan Web Security Virtual Appliance | Trend Micro InterScan Web Security Virtual Appliance | RegEx | No |
| Trend Micro TippingPoint | Trend Micro TippingPoint | RegEx | No |
| Trend Micro TippingPoint CEF | Trend Micro TippingPoint | CEF | Yes |
| Trend Micro Vulnerability Protection | Trend Micro Vulnerability Protection | CEF | Yes |
| Trend Micro Worry-Free Business Security Services | Trend Micro Worry-Free Business Security Services | Key-Value | Yes |
| Trustwave ModSecurity | Trustwave ModSecurity | Key-Value | No |
| Trustwave Secure Web Gateway | Trustwave Secure Web Gateway | RegEx | Yes |
| Trustwave Secure Web Gateway Traffic | Trustwave Secure Web Gateway | Key-Value | Yes |
| Twistlock | Twistlock | Key-Value | Yes |
| Ubiquiti airMAX CPE | Ubiquiti airMAX CPE | RegEx | No |
| Ubiquiti EdgeRouter | Ubiquiti EdgeRouter | RegEx | No |
| Ubiquiti Unifi | Ubiquiti Unifi | RegEx | No |
| UFW | Linux UFW | Key-Value | Yes |
| Untangle NGFW | Untangle NGFW | JSON | No |
| User and Entity Behavior Analytics | User and Entity Behavior Analytics | JSON | Yes |
| Varonis DatAdvantage | Varonis DatAdvantage | CEF | Yes |
| Vectra | Vectra | CEF | Yes |
| Venafi Trust Protection Platform | Venafi Trust Protection Platform | JSON | No |
| Versa Director | Versa Director | RegEx | No |
| Versa FlexVNF | Versa FlexVNF | Key-Value | No |
| Virtual LoadMaster | KEMP Virtual LoadMaster | RegEx | No |
| VMRay Analyzer | VMRay Analyzer | CEF | Yes |
| VMware AirWatch | VMware AirWatch | RegEx | Yes |
| VMware ESXi | VMware ESXi | RegEx | No |
| VMware ESXi Agent Manager | VMware ESXi Agent Manager | CSV | No |
| VMware Horizon 7 | VMware Horizon 7 | Key-Value | No |
| VMware NSX | VMware NSX | RegEx | No |
| VMware SD-WAN by VeloCloud | VMware SD-WAN by VeloCloud | RegEx | Yes |
| VMware SSO | VMware SSO | RegEx | No |
| VMware vCenter | VMware vCenter | RegEx | No |
| VMware vCenter Server Appliance | VMware vCenter Server Appliance | RegEx | No |
| VMware vRealize | VMware vRealize | RegEx | No |
| VMware vSAN | VMware vSAN | RegEx | No |
| VMware vShield | VMware vShield | Key-Value | No |
| VMwareAPI | VMware Sensor | JSON | No |
| Vormetric Data Security Manager | Vormetric Data Security Manager | CEF | Yes |
| Wallix Baston | Wallis Baston | Key-Value | No |
| Watchguard Firebox | Watchguard Firebox | RegEx | No |
| Watchguard Firebox - Logstash | Watchguard Firebox | Logstash | Yes |
| Watchguard XTM | Watchguard XTM | Key-Value | No |
| Wazuh | Wazuh | JSON | No |
| Webmin | Webmin | RegEx | No |
| Webroot FlowScape | Webroot FlowScape | CEF | Yes |
| Websense Email Security Gateway | Websense Email Security | CEF | Yes |
| Websense Web Security Gateway | Websense Web Security | Key-Value | No |
| Windows DHCP NXLog | Microsoft Windows DHCP NXLog | CSV | Yes |
| Windows DNS Server | Microsoft Windows DNS Server | RegEx | Yes |
| Windows Exchange NXLog | Microsoft Windows Exchange NXLog | JSON | Yes |
| Windows Firewall NXLog | Microsoft Windows Firewall NXLog | JSON | Yes |
| Windows FTP Server NXLog | Microsoft Windows FTP Server NXLog | JSON | Yes |
| Windows IIS NXLog | Microsoft Windows IIS | NXLog JSON | Yes |
| Windows NPS NXLog | Microsoft Windows NPS NXLog | JSON | Yes |
| Windows NXLog | Microsoft Windows NXLog | JSON | Yes |
| Windows PowerShell NXLog | Microsoft Windows PowerShell NXLog | JSON | Yes |
| Windows Snare | Microsoft Windows Snare | RegEx | No |
| Windows SQL NXLog | Microsoft Windows SQL NXLog | JSON | Yes |
| Windows Winlogbeat | Microsoft Windows Winlogbeat | JSON | Yes |
| ZenDesk CRM | ZenDesk CRM | JSON | No |
| ZeroFOX | ZeroFOX | JSON | Yes |
| Zimbra Collaboration | Zimbra Collaboration | RegEx | No |
| Zimperium Mobile Device Security - zIPS | Zimperium Mobile Device Security - zIPS | JSON | No |
| ZingBox IoT Guardian | ZingBox | CEF | Yes |
| Zscaler NSS | Zscaler | CSV | No |
| Zscaler NSS Firewall Logs | Zscaler NSS Firewall Logs | CEF | Yes |
| Zscaler NSS Web Logs CEF | Zscaler NSS Web Logs | CEF | Yes |
| Zscaler ZPA | Zscaler ZPA | CSV | No |
| ZyXEL Wireless LAN Controller | ZyXEL Wireless LAN Controller | CEF | Yes |
| ZyXEL ZyWALL | ZyXEL ZyWALL | CEF | Yes |