McAfee SIEM Supported Devices
Transcription
McAfee SIEM Supported Devices
McAfee SIEM Supported Devices Last Updated 5/2/2017 McAfee Enterprise Security Manager Data Sources Configuration Reference Vendor A10 Networks Accellion Access Layers Name Device Type Version(s) Supported Parser Method of Collection ESM Version Notes P P P Load Balancer Secure File Transfer Portnox Load Balancer Application NAC All All 2.x ASP ASP ASP Syslog Syslog Syslog 9.1 and above 9.1 and above 9.1 and above Bluesocket Wireless Access Point All ASP Syslog 9.1.1 and above P NetVanta SpectraGuard NGN Switch Network Switches & Routers Application Switch All All All ASP ASP ASP Syslog Syslog Syslog 9.1 and above 9.1 and above 9.2 and above P P P VitalQIP Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP Syslog 9.1 and above P Amazon CloudTrail Generic N/A ASP API 9.5.1 and above P American Power Conversion Uninterruptible Power Supply Power Supplies All ASP Syslog 9.1 and above Apache HTTP Server Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies 1.x, 2.x Code Based Syslog 9.1 to 9.3.2 Apache Web Server Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies 1.x, 2.x ASP Syslog 9.1 and above Mac OS X Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP Syslog 9.1 and above Attivo Networks Avecto Peakflow SP Peakflow X Peakflow X Pravail Common Event Format Aruba OS ClearPass BOTsink Privilege Guard (ePO) Network Switches & Routers Network Switches & Routers Network Switches & Routers IDS / IPS Event Format Wireless Access Point Wireless Access Point Generic IAM / IDM 2.x and above 2.x All All All N/A 5.x 3.3 and above 3.x ASP Code Based ASP ASP ASP Code Based ASP ASP ASP Syslog Syslog Syslog Syslog Syslog Syslog Syslog Syslog ePO - SQL 9.2 and above 9.1 to 9.3.2 9.1 and above 9.1 and above 9.2 and above 9.1 and above 9.1 and above 9.5.0 and above 9.2 and above Axway SecureTransport Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP Syslog 9.1 and above P Spam Firewall Web Application Firewall Web Filter BeyondInsight BeyondTrust REM BeyondTrust Retina Bit9 Security Platform / Parity Suite CEF Bit9 Security Platform / Parity Suite Carbon Black Security Appliances / UTMs Security Appliances / UTMs Security Appliances / UTMs Auditing Vulnerability Systems Vulnerability Systems 3.x, 4.x All All 6.0 and above All All ASP ASP ASP ASP N/A N/A Syslog Syslog Syslog Syslog N/A N/A 9.1 and above 9.1 and above 9.1 and above 9.6.0 and above 9.1 and above 9.1 and above P P P Application All ASP Syslog 9.2 and above P Application IDS / IPS All All ASP ASP Syslog Syslog 9.1 and above 9.2 and above P Director Web Content / Filtering / Proxies All ASP Syslog 9.2 and above P ProxySG Web Content / Filtering / Proxies 4.x-6.x ASP Syslog 9.1 and above Blue Lance, Inc. Blue Ridge Networks BlueCat Networks Reporter LT Auditor+ for Novell NetWare BorderGuard BlueCat DNS/DHCP Server 9.5.1 9.x 5000, 6000 All ASP Code Based ASP ASP Syslog SQL Syslog Syslog Bradford Networks Campus Manager Application Application Firewall Application NAC / Network Switches & Routers All ASP Syslog 9.1 and above Bro Network Security Monitor Bro Network Security Monitor Network Security BigIron, FastIron and NetIron VDX Switch DataMinder - CEF SiteMinder Network Switches & Routers NAC / Network Switches & Routers Network Switches & Routers DLP Web Access Cerner P2 Sentinel Adtran AirTight Networks Alcatel-Lucent Apache Software Foundation Apple Inc. Arbor Networks ArcSight Aruba Barracuda Networks BeyondTrust Bit9 Blue Coat Brocade CA Technologies Cerner Check Point Cimcor P P P P P Access Log 9.5.0 and above Cloud Access Log 9.1 to 9.3.2 9.1 and above 9.1 and above All ASP Syslog 9.4 and above 7.5 and above ASP Syslog 9.1 and above All ASP Syslog 9.1 and above All All All ASP ASP ASP 9.2 and above 9.1 and above 9.1 and above Healthcare Auditing All Code Based Syslog Syslog Syslog McAfee Event Format Check Point Firewall All ASP OPSEC 9.3 and above Check Point via Splunk Firewall All ASP Configuration Management All Code Based Syslog McAfee Event Format 9.2 and above CimTrak Management Console IronView Network Manager AX Series Data Source Configuration Guide P P P P P P CEF Format 9.1 and above 9.1 and above Firewall 1, Edge, Enterprise, Express, NG, NGX, SmartEvent and VPN Using Splunk app P Vendor Name ASA NSEL CATOS v7xxx Content Services Switches CSA Console Guard DDoS Mitigator Identity Services Engine IDS (4.x+ RDEP protocol) IOS Network Switches & Routers IOS EAP IDS / IPS / Network Switches & Routers IOS Firewall Firewall / Network Switches & Routers IOS IPS (SDEE protocol) IronPort Email Security IronPort Web Security Appliance Meraki MDS NAC Appliance Citrix Cluster Labs Code Green Cooper Power Systems Corero Corvil Critical Watch CyberArk CyberGuard Cyberoam Cylance Cyrus D-Link Damballa Dell DenyAll Firewall / Flow Host / Server / Operating Systems / Network Switches & Routers Other Host / Server / Operating Systems / IDS / IPS IDS / IPS Other IDS / IPS IDS / IPS / Network Switches & Routers IOS ACL IOS IDS Cisco Device Type IDS / IPS / Network Switches & Routers Application Protocol Email Security Web Content / Filtering / Proxies Wireless Network Switches & Routers NAC / Network Switches & Routers Version(s) Supported Parser Method of Collection ESM Version All Netflow Netflow 9.1 and above 6.x, 7.x ASP Syslog 9.1 and above All ASP Syslog 9.1 and above 5.x, 6.x Code Based SQL 9.1 and above All All 4.x and above ASP ASP SDEE Syslog Syslog 9.1 and above 9.1 and above 9.1 and above 12.x and above ASP Syslog 9.1 and above Data Source Configuration Guide ACL, IOS FW, IOS IDS and DSP Use Cisco IOS data source P 12.x and above Use Cisco IOS data source P 12.x and above Use Cisco IOS data source P 12.x and above Use Cisco IOS data source P 12.x and above All 6.x, 7.x 6.x, 7.x All All SDEE ASP ASP ASP ASP HTTP Syslog Syslog Syslog Syslog 9.1 and above 9.1 and above 9.1 and above 9.4.1 and above 9.1 and above All ASP Syslog 9.1 and above 4.x Code Based HTTP 9.1 to 9.3.2 4.x, 5.x ASP Syslog 9.1 and above All ASP Syslog 9.1 and above P P P Formerly Clean Access NAC Appliance (Clean Access) NAC / Network Switches & Routers NX-OS IDS / IPS / Network Switches & Routers Open TACACS+ Authentication PIX IDS IDS / IPS / Network Switches & Routers 12.x and above PIX/ASA/FWSM Secure ACS Unified Communications Firewall / IDS / IPS IDS / IPS Applications 5.x and above 3.x, 4.x All ASP ASP ASP Syslog Syslog Syslog 9.1 and above 9.1 and above 9.2 and above P Unified Computing System Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP Syslog 9.1 and above P VSM/VPN Concentrator Virtual Private Network 2.x - 4.x Code Based Syslog 9.1 to 9.3.2 WAAS Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP Syslog 9.1 and above WAP200 Wireless Control System Wireless Lan Controller NetScaler (AppFlow) Wireless Access Point Network Switches & Routers Network Switches & Routers Flow All All All All ASP ASP ASP IPFix Syslog Syslog Syslog IPFix 9.1 and above 9.1 and above 9.1 and above 9.2 and above P Use Cisco PIX/ASA/FWSM data source P P Secure Gateway & NetScaler Web also supported P NetScaler Web Content / Filtering / Proxies All ASP Syslog 9.1 and above Secure Gateway Pacemaker Data Loss Prevention Cybectec RTU Yukon IED Manager Suite Corero IPS Security Analytics Critical Watch FusionVM Enterprise Password Vault Privileged Identity Management Suite CEF Web Content / Filtering / Proxies Application DLP Network Switches & Routers Application IDS / IPS Security Management Vulnerability Systems Application All 1.x 8.x 5.x, 6.x All All 9.1.1 and above All 5.x ASP ASP ASP ASP ASP ASP ASP N/A ASP Syslog Syslog Syslog Syslog Syslog Syslog Syslog N/A Syslog 9.2 and above 9.1 and above 9.1 and above 9.1 and above 9.1 and above 9.1 and above 9.6 and above 9.1 and above 9.1 and above P P P P P P All ASP Syslog 9.1 and above P Application Privileged Threat Analytics UEBA CyberGuard Cyberoam UTM and NGFW CylancePROTECT Cyrus IMAP & SASL NetDefend UTM Firewall Failsafe SonicWALL Aventail SonicWALL SonicOS PowerConnect Switches Firewall UTM / Firewall Antivirus Messaging UTM Anti-Malware Virtual Private Network Firewall Network Switches & Routers rWeb Firewall / DoS 3.1 ASP Syslog 5.x 10.0 and above 1.4.2 and above 2.x All All 10.x All All rweb 4.1, 4.1.1.1, 4.1.3.2 Code Based ASP ASP ASP ASP ASP ASP ASP ASP Syslog Syslog Syslog Syslog Syslog Syslog Syslog Syslog Syslog ASP Syslog 9.4.1 and above Mainframe Event Acquisition System MainFrame Digital Defense Digital Defense Frontline Vulnerability Systems All Econet Sentinel IPS IDS / IPS All EdgeWave iPrism Web Security Web Content / Filtering / Proxies All ASP System z SMF DB2 MainFrame P CEF format is 9.5.0 and above supported 9.1 to 9.3.2 Includes FS, SG, SL 9.2 and above 9.6 and above 9.1 and above 9.2 and above 9.1.1 and above 9.1 and above 9.1 and above 9.1 and above DG Technology - InfoSec Enforcive Notes 5.x, 6.x All ASP Syslog 9.1 and above N/A N/A 9.1.4 and above ASP Syslog 9.2 and above Syslog 9.1 and above ASP Syslog 9.1 and above DG Technology MEAS agent, DB2/IMS/Datacom/ID MS, CICS, FTP, MasterConsole, RACF/Top Secret/ACF2, Telnet, VSAM/BDAM/PDS, TCP/IP, SMP/E, P P P P P P P Formerly Bsafe, AS/400, DB2/IMS/Datacom/ID MS, FTP, RACF/Top Secret/ACF2, Telnet, VSAM/BDAM/PDS Vendor Enterasys Networks Entrust Epic Name Device Type Version(s) Supported Parser Method of Collection ESM Version Syslog SQL SQL Syslog Syslog Syslog Syslog 9.4 and above 9.1 to 9.3.2 9.1 to 9.3.2 9.1 and above 9.1 and above 9.1 and above 9.6 and above Dragon IPS Dragon Sensor Dragon Squire Enterasys N and S Switches Enterasys Network Access Control IdentityGuard Clarity - CEF IDS / IPS IDS / IPS IDS / IPS Network Switches & Routers Network Switches & Routers Application Healthcare Application 1.x-7.x 1.x-7.x 1.x-7.x 7.x 7.x All 2015 and above ASP Code Based Code Based ASP ASP ASP ASP 2010, 2012, 2014 ASP SQL 2.8 and above ASP Syslog 9.6 and above Notes Specific auditing 9.4.0 and above events Data Source Configuration Guide P P P Clarity - SQL Pull Healthcare Application Exabeam Exabeam UEBA UEBA Extreme Networks ExtremeWare XOS Network Switches & Routers 7.x, 8.x ASP Syslog 9.1 and above Network Switches & Routers All ASP Syslog 9.1 and above F5 Networks BIG-IP Access Policy Manager BIG-IP Application Security Manager CEF Firepass SSL VPN Local Traffic Manager - LTM Web Content / Filtering / Proxies All ASP Syslog 9.2 and above Virtual Private Network Web Content / Filtering / Proxies All All ASP ASP 9.1 and above 9.1 and above FairWarning Patient Privacy Monitoring Application Security 2.9.x Code Based Fidelis Fidelis XPS FireEye Malware Protection System CEF AirMagnet Enterprise FTOS CounterACT CounterACT CEF FortiAuthenticator FortiGate Antivirus FortiGate Firewall FortiGate IDS FortiGate UTM - Comma Delimited FortiGate UTM - Space Delimited FortiMail FortiManager FortiWeb Web Application Firewall Fortscale UEBA FreeRADIUS IPCOM Advanced Syslog Parser CIFS/SMB File Source FTP/FTPS File Source HTTP/HTTPS File Source Network Security Applicance All ASP Syslog Syslog McAfee Event Format Syslog 9.1 and above P Antivirus/Malware 5.x and above ASP Syslog 9.1 and above P Network Switches & Routers Network Switches & Routers Network Switches & Routers Network Switches & Routers Authentication Antivirus Firewall IDS / IPS Firewall Firewall 8.x All 5.x and 6.x 7.x and above 3.x All 3.x All All All ASP ASP ASP ASP ASP Code Based Code Based Code Based ASP ASP Syslog Syslog Syslog Syslog Syslog Syslog Syslog Syslog Syslog Syslog 9.1 and above 9.1 and above 9.1 and above 9.1 and above 9.2 and above 9.1 to 9.3.2 9.1 to 9.3.2 9.1 to 9.3.2 9.1 and above 9.1 and above P P P P Firewall Firewall UEBA Authentication Firewall / IDS / IPS Other Other Other Other All All 2.7 and above All All All N/A N/A N/A ASP ASP ASP ASP ASP ASP Code Based Code Based Code Based McAfee Event Format Other N/A Code Based GFI NFS File Source SCP File Source SFTP File Source GFI LanGuard Other Other Other VA Scanner N/A N/A N/A All Code Based Code Based Code Based Code Based Syslog Syslog Syslog Syslog Syslog Syslog File pull File pull File pull McAfee Event Format File pull File pull File pull File pull Gigamon GigaVUE Switches & Routers All ASP Syslog 9.1.1 and above Global Technology Associates GNAT Box Firewall 5.3.x ASP Syslog 9.1 and above FireEye Fluke Networks Force10 Networks ForeScout Fortinet Fortscale FreeRADIUS Fujitsu Generic 9.2 and above 9.2 and above 9.2 and above 9.1 and above Globalscape EFT File Transfer 7.x ASP Good Mobile Control Search Appliance Active Defense 3Com Switches LaserJet Printers Application Application UTM Switches & Routers Printers All All All All All ASP ASP ASP ASP ASP Hewlett-Packard OpenVMS Operating Systems SYSLOG Client for OpenVMS 1.x ASP Syslog 9.1 and above ProCurve Virtual Connect Network Switches & Routers Applicaton Devices All 4.4x ASP ASP Syslog Syslog 9.1 and above 9.4.1 and above ASP Syslog 9.2 and above ASP Syslog 9.2 and above HyTrust CloudControl NAC DB2 LUW 9.5 and above, DB2 for Z/OS with CorreLog, DB2 for iSeries Database (AS/400) with Raz-Lee Guardium ISS SiteProtector MainFrame MainFrame All Proventia GX Other All System Z DB2 Database All Tivoli Endpoint Manager - BigFix Tivoli Identity Manager - SQL Pull WebSphere Application Server WebSphere DataPower SOA Appliances Imperva Infoblox InfoExpress InterSect Alliance Interset 8.x, 9.x, 10.x Database Activity Monitoring Host / Server / Operating Systems Security Management ISS Real Secure Server Sensor IBM 3.x, 4.x Host / Server / Operating Systems / Other IAM / IDM Application Application z/OS, z/VM MainFrame WAF/DAM - CEF NIOS CyberGatekeeper LAN Snare for AIX Snare for Solaris Snare for Windows Interset Database Application Network Switches & Routers Other Other Other UEBA P P P P P P 9.2 and above Good Technology Google HBGary Identity and Access Management Suite Authentication P P 9.1 and above 9.1 and above 9.5.0 and above 9.1 and above 9.4 and above 9.1 and above 9.2 and above ELM only 9.2 and above ELM only 9.2 and above ELM only Globalscape HyTrust P 9.1 and above McAfee Event Format Syslog Syslog Syslog Syslog Syslog Hitachi ID Systems Alpine, BlackDiamond and Summit ELM only ELM only ELM only P 9.4.1 and above P 9.2 and above 9.2 and above 9.1 and above 9.1 and above 9.1 and above P P P 9.1 and above 6.x, 7.x ASP Syslog 9.2 and above 5.5 - 7.x Code Based SQL 9.1 to 9.3.2 All Code Based SQL 9.1 and above Supported through "SYSLOG Client for OpenVMS", by Framework Solutions LLC P P P Supported through McAfee Data Center Security Suite for Databases P Use DG Technoloty MEAS Parser ASP Syslog 9.1 and above Use DG Technoloty MEAS Parser All ASP Syslog 9.1 and above All 7.0 and above ASP ASP SQL File pull 9.2 and above 9.4.1 and above 4.x ASP Syslog 9.4.0 and above All All All All All All 4.1 ASP ASP Code Based ASP ASP ASP ASP Syslog Syslog Syslog Syslog Syslog Syslog Syslog 9.2 and above 9.1 and above 9.1 to 9.3.1 9.1 and above 9.1 and above 9.1 and above 9.5.1 and above Linux Agent Required P Use DG Technoloty MEAS Parser P P P Vendor Name Device Type Secure Access version 7 Steel Belted Radius Host / Server / Operating Systems / Other Network Flow Collection Application Vulnerability Systems Smart Grid Application Network Flow Collection VPN Network Switches & Routers Network Switches & Routers Network Switches & Routers Firewall IDS / IPS VPN Applications / Host / Server / Operating Systems VPN Radius Server Kaspersky Administration Kit - SQL Pull Antivirus KEMP Technologies LoadMaster Network Switches & Routers Kerio Technologies Kerio Control Firewall Invincea Enterprise - CEF IPFIX Ipswitch iScan Online Itron Jflow IPFIX WS_FTP iScan Online Itron Enterprise Edition Jflow (Generic) Juniper Secure Access/MAG JUNOS - Structured-Data Format JUNOS Router NetScreen / IDP NetScreen Firewall NetScreen IDP NetScreen SSL VPN Secure Access Juniper Networks Network and Security Manager - NSM StealthWatch Lancope StealthWatch LANDESK Legacy LANDESK Event Center Informant IDS / IPS / Network Switches & Routers IDS / IPS / Network Switches & Routers Vulnerability Systems Other IDS / IPS Version(s) Supported Parser Method of Collection ESM Version All ASP Syslog 9.1 and above All All All All 5, 7, 9 All All All All 4.x, 5.x, 6.x 3.x, 4.x 5.x - 7.x IPFix ASP N/A ASP Netflow ASP ASP ASP ASP Code Based Code Based Code Based IPFix Syslog N/A Syslog Syslog Syslog Syslog Syslog Syslog Syslog Syslog 9.1 and above 9.1 and above 9.4 and above 9.1 and above 9.1 and above 9.1 and above 9.1 and above 9.1 and above 9.1 and above 9.1 to 9.3.2 9.1 to 9.3.2 9.1 to 9.3.2 All ASP Syslog 9.1 and above 5.x-7.x 5.x and above ASP ASP Syslog Syslog 9.1 and above 9.1 and above All ASP SQL 9.2.1 and above 4.x, 5.x ASP Syslog 9.1 and above All ASP Syslog 9.3.2 and above 4.x-5.6 Code Based Syslog 9.1 to 9.3.2 6.x and above ASP Syslog 9.1 and above All All All N/A ASP ASP N/A Syslog Syslog 9.4 and above 9.1 and above 9.3 and above Notes Data Source Configuration Guide P P P Lieberman Enterprise Random Password Manager Application All ASP Syslog Locum RealTime Monitor Application All ASP Syslog 9.1 and above LOGbinder for SharePoint (SP) Application 4.0, 5.0, 5.1 ASP Syslog 9.2 and above LOGbinder for Exchange (EX) Application 2.0, 2.5, 3.0, 3.1 ASP Syslog 9.2 and above LOGbinder for SQL Server (SQL) Application 1.5, 2.0, 2.1, 2.5 ASP Syslog 9.2 and above 8 ASP Syslog 9.2.0 and above 5.x and above 4.x All ASP ASP N/A Syslog Syslog N/A 9.2 and above 9.1 and above 9.1 and above 2.6.2 ASP Syslog CEF syslog format is 9.5.0 and above covered by the data source P Management Console, part of Malwarebytes Enterprise Endpoint Security, sends security events generated by 9.5.0 and above Malwarebytes AntiMalware and Malwarebytes AntiExploit running on managed endpoints. CEF formatted syslog is supported by ESM. P LOGbinder Lumension Device Control - Endpoint Manager Security Suite (L.E.M.S.S.) Bouncer - CEF Bouncer Lumension Malwarebytes Breach Remediation DLP Application Application Vulnerability Systems Antivirus / Anti-Malware 9.1.1 and above XML P CEF & Standard Syslog formats are covered by the LOGbinder data source P P P P Malwarebytes Management Console Antivirus / Anti-Malware 1.7 ASP Syslog MailGate, Ltd. MailGate Server Applications / Security Management / Host / Server / Operating Systems 3.5 ASP Syslog 9.1 and above Advanced Threat Defense Anti-Malware 3.2.2.4x and above ASP Syslog / DXL 9.4.1 and above AntiSpyware (ePO) Antivirus Application and Change Control (ePO) Web Content / Filtering / Proxies All All ASP ASP ePO - SQL ePO - SQL 9.2 and above 9.2 and above Asset Manager Sensor Asset Management All ASP Syslog 9.1.1 and above Correlation Engine Database Security - CEF Database Security (ePO) Deep Defender (ePO) Email Gateway - CEF EWS v5 / Email Gateway Original Format - Legacy IronMail - Legacy Other Database Database Other Web Content / Filtering / Proxies All All All All 6.x and above Correlation ASP ASP ASP ASP Syslog ePO - SQL ePO - SQL Syslog 9.1 and above 9.2 and above 9.2 and above 9.2 and above 9.2 and above P P P P Web Content / Filtering / Proxies 5.x ASP Syslog 9.1 and above P Web Content / Filtering / Proxies All ASP Syslog 9.1 and above Endpoint Encryption (ePO) Application All ASP ePO - SQL 9.3.2 and above P Endpoint Protection for Mac (ePO) Antivirus 2.0 and above ASP Syslog 9.2.0 and above P Endpoint Security Firewall (ePO) Firewall 10.2 and above ASP ePO - SQL 9.5.0 and above P Endpoint Security Platform (ePO) Endpoint Security Threat Prevention (ePO) Auditing 10.2 and above ASP ePO - SQL 9.5.0 and above P Application 10.2 and above ASP ePO - SQL 9.5.0 and above P Endpoint Security Web Control (ePO) ePO Audit Log (ePO) ePolicy Orchestrator Application Other Other Applications / Security Management / Host / Server / Operating Systems Firewall / IDS / IPS Firewall DLP IDS / IPS 10.2 and above All All ASP ASP ASP ePO - SQL ePO - SQL ePO - SQL 9.5.0 and above 9.2 and above 9.2 and above P P P 3.x and above ASP ePO - SQL 9.2 and above P 8.x 8.x All 6.x and above ASP ASP ASP ASP Syslog Syslog ePO - SQL ePO - SQL 9.2 and above 9.5 and above 9.2 and above 9.2 and above P P P P McAfee ePolicy Orchestrator Agent (ePO) Firewall Enterprise Firewall for Linux (ePO) Host Data Loss Prevention (ePO) Host Intrusion Prevention (ePO) P P Vendor McAfee MEDITECH Name Device Type Parser Method of Collection ASP Syslog ESM Version Notes Data Source Configuration Guide Informant McAfee Advanced Correlation Engine McAfee Application Data Monitor McAfee Database Activity Monitor for SIEM McAfee Enterprise Log Manager McAfee Enterprise Security Manager McAfee Event Receiver McAfee Event Receiver/ELM McAfee Security for Domino Windows (ePO) McAfee Security for Microsoft Exchange (ePO) IDS / IPS Correlation Application All All All Code Based 9.3 and above 9.1 and above 9.1 and above Database All Code Based 9.1 and above Web Content / Filtering / Proxies All ASP ePO - SQL 9.2 and above P Web Content / Filtering / Proxies All ASP ePO - SQL 9.2 and above P McAfee Vulnerability Manager Vulnerability Systems All N/A N/A 9.1.2 and above P MOVE AntiVirus (ePO) Antivirus All ASP ePO - SQL 9.3.2 and above P Network Access Control (ePO) Network DLP Monitor Network Security Manager - SQL Pull Network Security Manager Other DLP IDS / IPS IDS / IPS All All 6.x and above 6.x and above ASP ASP ASP ASP ePO - SQL Syslog SQL Syslog Network Threat Response IDS / IPS 4.0.0.5, 4.1 ASP Next Generation Firewall - Stonesoft Nitro IPS One Time Password Server Policy Auditor (ePO) IDS / IPS IDS / IPS Authentication Policy Server All All 3.1 All ASP ASP ASP ASP SaaS Email Protection Email Security All ASP SaaS Web Protection SiteAdvisor (ePO) Web Content / Filtering / Proxies Other All All ASP ASP Threat Intelligence Exchange Reputation Server 1.0.0 ASP ePO - DXL 9.4.1 and above P UTM Firewall VirusScan (ePO) Web Gateway WebShield Firewall Antivirus Web Content / Filtering / Proxies Web Content / Filtering / Proxies All All All All ASP ASP ASP ASP Syslog ePO - SQL Syslog Syslog 9.1 and above 9.2 and above 9.1 and above 9.1 and above P P P P Caretaker HealthCare Application All ASP Syslog 9.1 and above All ASP SQL 9.1.3 and above All Code Based Syslog 9.1 and above ACS - SQL Pull Adiscon Windows Events Assets via Active Directory Event Forwarding Applications / Host / Server / Operating Systems Applications / Host / Server / Operating Systems Asset Applications / Host / Server / Operating Systems Exchange Applications / Host / Server / Operating Systems Forefront Client Security HIPS Forefront EndPoint Protection HIPS Firewall / Host / Server / Forefront Threat Management Gateway Operating Systems / Web / Internet Security and Acceleration Content / Filtering / Proxies / W3C Virtual Private Networks Forefront Threat Management Gateway IDS / IPS - SQL Pull Forefront Unified Access Gateway IDS / IPS Microsoft Version(s) Supported 9.2 and above 9.1 and above 9.1.2 and above Formerly IntruShield 9.1 and above Formerly IntruShield NTR 4.0.0.5 is supported on ESM 9.3-9.4, 9.4.1and Code Based API 9.3.x - 9.4.0. NTR 4.1 above is supported on ESM 9.4.1 and above. Syslog 9.1 and above Syslog 9.1 and above Syslog 9.2 and above ePO - SQL 9.2 and above Supports csv File Pull 9.4.1 and above formatted reports Syslog 9.1 and above ePO - SQL 9.2 and above All WMI 2007, 2010, 2013 ASP 2010 ASP MEF - McAfee SIEM Agent File pull / McAfee SIEM Agent SQL P P P P P P P P 9.1 and above 2008 P 9.1 and above 9.1 and above Message Tracking Logs P P 9.1.1 and above See System Center 2012 Endpoint Protection P 2010 ASP SQL 9.1 and above All ASP File pull 9.1 and above P 2010 ASP SQL 9.3 and above P 2010 ASP Syslog 9.1.1 and above P ASP File Pull Database-Compatible 9.5.2 and above Format P Internet Authentication Service Database Compatible Format Web Content / Filtering / Proxies Internet Authentication Service Formatted Web Content / Filtering / Proxies 2000, 2003, 2008 ASP File Pull 9.1 and above IAS Legacy Format P Internet Authentication Service - XML Web Content / Filtering / Proxies 2008 R2, 2012 ASP File Pull 9.1 and above DTS Compliant Format P All Code Based Syslog 9.1 to 9.3.2 P All ASP 9.1 and above P All ASP 9.2 and above P 9.1 and above P 9.1 and above 9.1 and above 9.1 and above P P P 2008, 2008 R2, 2012 Microsoft Active Directory Microsoft Exchange Server Microsoft SQL Server Host / Server / Operating Systems / Web Content / Filtering / Proxies Host / Server / Operating Systems / Web Content / Filtering / Proxies Host / Server / Operating Systems / Web Content / Filtering / Proxies Host / Server / Operating Systems / Web Content / Filtering / Proxies Other Other Database MSSQL Database 2000 and above MSSQL Error Log Database All ASP MSSQL Server C2 Audit Database 2000, 2005, 2008 Code Based Network Policy Server Policy Server All ASP Internet Information Services Internet Information Services - FTP Internet Information Services - SMTP Internet Information Services All ASP All 2007, 2010 All WMI WMI WMI File pull / McAfee SIEM Agent File pull / McAfee SIEM Agent File pull / McAfee SIEM Agent WMI WMI WMI 9.1 and above File pull / McAfee SIEM Agent MEF - McAfee SIEM Agent Syslog Supported through McAfee Data Center Security Suite for Databases 9.2 and above 9.1 and above 9.1 and above P Vendor Name Device Type PhoneFactor Host / Server / Operating Systems Application SharePoint Host / Server / File Management System Center 2012 EndPoint Protection HIPS Operations Manager System Center Operations Manager Security Management Windows DHCP Version(s) Supported Parser All Code Based SQL 9.1 to 9.3.2 All ASP Syslog 9.1 and above 2007, 2010 ASP Syslog 9.1 and above 2012 ASP SQL 9.1 and above Code Based Debug DHCP Logs 2003, 2008 ASP Windows DNS Debug DNS Logs 2003, 2008 ASP Windows Event Log - CEF Applications / Host / Server / Operating Systems All ASP Syslog 9.2 and above Applications / Host / Server / Operating Systems XP, Windows 7, Windows 8, Windows 10, Server 2003, Server 2008, Server 2012, Server 2016 WMI WMI 9.1 and above 2.3.1 Code Based Syslog 9.1 to 9.3.2 All All 7.x All ASP Code Based ASP ASP Syslog Syslog Syslog Syslog 9.1 and above 9.1 to 9.3.2 9.1 and above 9.1 and above Windows Event Log - WMI Motorola NetApp NetFlow NetFort Technologies MEF - McAfee SIEM Agent File pull / McAfee SIEM Agent File pull / McAfee SIEM Agent ESM Version 2007 Microsoft Mirage Networks Method of Collection P Supported through the Endpoint Protection SQL Pull data source. P 9.1 and above P 9.1 and above P NAC / Network Switches & Routers Wireless Switch Wireless Switch Storage Storage Switch FAS Storage Generic NetFlow Flow 5, 7, 9 NetFlow NetFlow 9.1 and above LANGuardian Applications / Security Management / Host / Server / Operating Systems All ASP Syslog 9.1 and above Security Manager Network Switches & Routers / Security Management 5.1 ASP Syslog 9.1 and above Sentinel Log Manager Network Switches & Routers / Security Management All ASP Syslog 9.1 and above Informer - CEF Spectrum - CEF NGS SQuirreL Niara NetDetector IPSO Contivity VPN Contivity VPN Passport 8000 Series Switches VPN Gateway 3050 Application Malware Vulnerability Systems UEBA Other Firewall Network Switches & Routers Network Switches & Routers Network Switches & Routers Virtual Private Network All All All 1.5 and above All All 7.x 7.x 7.x 8.x ASP ASP N/A ASP ASP Code Based Code Based ASP ASP ASP Syslog Syslog N/A Syslog Syslog Syslog Syslog Syslog Syslog Syslog eDirectory Applications / Security Management / Host / Server / Operating Systems All ASP Syslog 9.2 and above All ASP Syslog 9.1 and above All All 2.1 and above N/A N/A ASP N/A N/A Syslog 9.1 and above 9.1 and above 9.1 and above 11 ASP Syslog 9.4.0 and above 9.1.0.1 ASP SQL 9.3.2 and above 11 ASP File pull / McAfee SIEM Agent 9.4.1 and above All Data Source Configuration Guide 9.1 and above AirDefense AirDefense Enterprise Data ONTAP DataFort CounterPoint Notes 9.1 and above Windows 8 is supported in ESM version 9.3.2 and above P P P Use NetApp Data OnTap data source P NetIQ NetWitness NGS Niara Niksun Nokia Nortel Networks Novell Identity and Access Management - IAM IAM / IDM nPulse OpenVAS OpenVPN 9.1 and above 9.2 and above URL Integration 9.1 and above 9.5.0 and above 9.1 and above 9.1 to 9.3.2 9.1 to 9.3.2 9.4 and above 9.1 and above 9.1 and above P P P P P P CPX Flow & Packet Capture OpenVAS OpenVPN Packet Capture Vulnerability Systems VPN Directory Server Enterprise Edition Authentication Identity Manager - SQL Pull IAM / IDM Internet Directory Authentication MySQL on Linux Database 5.1, 5.5, 5.6, and 5.7 on Linux 9.1 and above Supported through McAfee Data Center Security Suite for Databases Oracle Database 8.1.7 and above running on Sun Solaris, IBM AIX, Linux, HP-UX, Microsoft Windows, including Oracle RAC and Oracle Exadata 9.1 and above Supported through McAfee Data Center Security Suite for Databases Oracle Audit - SQL Pull Database 9i, 10g, 11g, 12c ASP Oracle Audit - XML File Pull Database 10g, 11g, 12c Oracle Audit Database 9i, 10g, 11g, 12c Audit Vault and Database Firewall Database / Firewall Real Application Clusters - RAC Database Oracle P URL Integration Also covers: Sun ONE Server and Sun Java Directory Server Enterprise Edition P Supports standard and fine grain audits as well as Unified Audits introduced in 12c. P SQL 9.2.1 and above ASP SQL 9.4.0 and above P ASP Syslog 9.2.1 and above P 12.x ASP Syslog 9.3.0 and above 11g ASP File Pull Parses the Event 9.4.0 and above Manager Log (evmd.log) Vendor Oracle Name Solaris Basic Security Module - BSM WebLogic Device Type Host / Server / Operating Systems Other Osiris Host Integrity Monitor Host / Server / Operating Systems / IDS / IPS Palo Alto Networks Palo Alto Firewalls Firewall PhishMe Intelligence Correlation Data Source Configuration Guide Version(s) Supported Parser Method of Collection ESM Version 9.x, 10.x ASP Syslog 9.1 and above 8.1.x ASP Syslog 9.1 and above ASP Syslog 9.1 and above ASP Syslog 9.1 and above ASP Syslog 9.5.0 and above CEF format is supported P CEF format is 9.5.1 and above supported P All PhishMe Notes ISAKMP, RADIUS, SECURITY, Accounting, RIP, VR messages only P PhishMe Triage Email Security 2.0 and above ASP Syslog Postfix Application All ASP Syslog PostgreSQL Database 9.2 and above running on Linux PowerTech PostgreSQL Interact - CEF Database Host All All ASP ASP Syslog Syslog 9.1 and above 9.2 and above Prevoty Prevoty Application Security 3.2.1 ASP Syslog 9.5.1 and above Proofpoint Qualys Quest Messaging Security Gateway Qualys QualysGuard ChangeAuditor for Active Directory AppDirector AppWall Application Vulnerability Systems Applications Network Switches & Routers Firewall All All All All All ASP N/A WMI ASP ASP Syslog N/A WMI Syslog Syslog 9.1 and above 9.1 and above 9.1 and above 9.1 and above 9.2 and above DefensePro IDS / IPS 2.4.3 and above Code Based Syslog 9.1 to 9.3.2 DefensePro IDS / IPS 2.4.3 and above ASP Syslog 9.1 and above Raytheon Raz-Lee Security LinkProof/FireProof Rapid7 Metasploit Pro Rapid7 Nexpose SureView iSecurity Suite Network Switches & Routers Vulnerability Systems Vulnerability Systems Application Application ASP N/A N/A ASP ASP Syslog N/A N/A Syslog Syslog 9.1 and above 9.1 and above 9.1 and above 9.1 and above 9.2 and above P P Red Hat JBoss / WildFly v8 Application Server ASP Syslog 9.4.1 and above P RedSeal Networks Reversing Labs RioRey Riverbed RSA SafeNet Saint RedSeal 6 N1000 Network Security Appliance DDoS Protection Steelhead Authentication Manager Hardware Security Modules Saint Risk Complianace IDS / IPS Firewall / DoS Security Appliances / UTMs Authentication Application Security Vulnerability Systems Applications / Security Management / Host / Server / Operating Systems All 3.x and above All All All Jboss 7.x WildFly v8.x All 3.2.1.2 RIOS 5.0, 5.1, 5.2 5.x 7.x All All ASP ASP ASP ASP ASP ASP N/A Syslog Syslog Syslog Syslog Syslog Syslog N/A 9.1 and above 9.5.0 and above 9.2.0 and above 9.1 and above 9.1 and above 9.1 and above 9.1 and above P P P P P P ABAP Module & ASP Syslog 9.1 and above P Postfix PostgreSQL Radware Rapid7 SAP Version 5 5.x and 6.x 9.1 and above 9.1 and above SAP Sybase Database Savant Protection Savant - CEF Secure Crossing Zenwall SecureAuth IEP - Single Sign On Anti-Malware Applications / Security Management / Host / Server / Operating Systems Authentication Securonix Risk and Threat Intelligence UEBA SendMail Sentrion Messaging All Sentrigo sFlow Hedgehog - CEF Generic sFlow Database Network Flow Collection All All ASP sFlow Silver Spring Networks Network Infrastructure Smart Grid All ASP Skycure Skycure Enterprise Mobile Security Skyhigh Networks Cloud Security Platform DLP SnapLogic SnapLogic DB2 Access Recording Services Software Product Research DBARS SonicWall Firewall/VPN SonicWALL SonicWall IPS Sonus GSX Email Security and Data Protection Sophos Antivirus Sophos UTM & Next-Gen Firewall Web Security and Control SourceFire Squid SSH Communications Security STEALTHbits StillSecure 12.5 and above 3.x ASP Syslog 9.2 and above All ASP Syslog 9.1 and above 5.x ASP Syslog McAfee Event Format 9.1 and above Code Based All ASP ASP Syslog 9.5.1 and above Cloud Integration All ASP Syslog 9.2 and above Database All ASP Syslog 9.1 and above Firewall IDS / IPS VOIP Email Security Antivirus UTM / Firewall Web Content / Filtering / Proxies All All All All All 9.1 All Code Based Code Based ASP ASP Code Based ASP ASP Syslog Syslog Syslog Syslog SQL Syslog Syslog 9.1 to 9.3.2 9.1 to 9.3.2 9.1 and above 9.1 and above 9.1 and above 9.4.0 and above 9.1 and above 4.10 Snort NIDS IDS / IPS All IDS / IPS CryptoAuditor 9.1 and above 9.4.1 and above Code Based eStreamer 9.1.1 and above All 1.x 2.5 ASP Code Based ASP Syslog Syslog Syslog 9.1 and above 9.1 to 9.3.2 9.1 and above Auditing 1.5 ASP Syslog 9.4.1 and above Strata Guard Firewall / Security Management / IDS / IPS / Virtual Private Networks P CEF format is supported 3.1.262.1 ASP Syslog 9.4 and above 5.x, 6.x ASP Syslog 9.1 and above P P Use FireSIGHT Management Console eStreamer Use SourceFire NS/RNA data source 5.x, 6.x HIDS Supported through McAfee Data Center Security Suite for Databases 9.2 and above 9.1 and above IDS / IPS Web Content / Filtering / Proxies Web Content / Filtering / Proxies StealthINTERCEPT P Use Unix - Linux data source 2.2 and above IDS / IPS Requires Log4j on Prevoty 9.1 and above Syslog sFlow File pull / McAfee SIEM Agent Syslog 3D Defense Center FireSIGHT Management Console eStreamer SourceFire NS/RNA Squid Squid 9.1 and above Supported through McAfee Data Center Security Suite for Databases P P Includes Snort IDS P CEF format is supported P Vendor Name Device Type Stonesoft Corporation Next Generation Firewall IDS / IPS Sun iPlanet Altiris Management Console Antivirus Corporate Edition Server Critical System Protection Critical System Protection Endpoint Protection Endpoint Protection Synology Tenable Symantec Data Loss Prevention Symantec Messaging Gateway Symantec Web Gateway DiskStation Manager Tenable Nessus Web Server Asset Antivirus IDS / IPS IDS / IPS Antivirus Antivirus Host / Server / Operating Systems DLP Messaging Web Content / Filtering / Proxies Application Vulnerability Systems Teradata Teradata Database ThreatConnect Thycotic Threat Intelligence Platform Secret Server SMS TippingPoint UnityOne UEBA Authentication Security Management Security Management IDS / IPS TITUS Message Classification Tofino Security Topia Technology Tofino Firewall LSM Skoot Townsend Security AS/400 - CEF Trapezoid TrapX Security Symantec PGP Universal Server TippingPoint Trend Micro Tufin Method of Collection ESM Version Notes Use McAfee Next Generation Firewall Stonesoft All All 7.x and above 8.x, 9.x 5.2 5.2 11.x 11.x, 12.x Code Based Syslog Code Based Code Based ASP Code Based ASP All All 2.x and above All All 3.x, 4.x, 5.x, 6.x Data Source Configuration Guide P SQL SQL SQL Syslog Syslog 9.1 to 9.3.2 9.2 and above 9.1 and above 9.1 to 9.3.2 9.4 and above 9.1 to 9.3.2 9.1 and above P P ASP Syslog 9.1 and above P ASP ASP ASP ASP N/A Syslog Syslog Syslog Syslog N/A 9.1 and above 9.1 and above 9.1 and above 9.2 and above 9.1 and above P P P 12, 13, 13.10, 14, 15, and 15.1 on Linux 9.1 and above Supported through McAfee Data Center Security Suite for Databases P ASP ASP ASP Code Based ASP Syslog Syslog Syslog Syslog Syslog Application All WMI WMI All All ASP ASP Syslog Syslog All ASP Syslog 9.2 and above Trust Control Suite DeceptionGrid Firewall Application Host / Server / Operating Systems Application Generic All 5.x and above ASP ASP Syslog Syslog 9.2 and above 9.5.0 and above Control Manager Antivirus / Vulnerability Systems 3.x, 5.x, 6.x Code Based SQL 9.1 to 9.3.2 Control Manager - SQL Pull Antivirus / Vulnerability Systems 5.x ASP SQL 9.1.3 and above Deep Discovery - CEF Antivirus / Vulnerability Systems All ASP Syslog 9.2 and above Deep Security - CEF Deep Security Manager - CEF InterScan Web Security Suite HIDS HIDS Web Content / Filtering / Proxies 6.x and above 6.x and above All ASP ASP ASP Syslog Syslog Syslog 9.1 and above 9.1 and above 9.1 and above P P OfficeScan Antivirus / Vulnerability Systems All ASP File pull 9.2 and above P OSSEC Tripwire / nCircle IP360 FIM / HIDS Vulnerability Systems Database / Security Management Database / Security Management Database / Security Management DLP NAC Web Content / Filtering / Proxies Firewall / Auditing Host / Server / Operating Systems Host / Server / Operating Systems Host / Server / Operating Systems 1.x, 2.x All ASP N/A Syslog N/A 9.1 and above 9.1 and above 4.x ASP Syslog 9.1 and above 4.x Code Based Syslog 9.1 to 9.3.2 4.x ASP Syslog 9.4 and above 8.x 3.x 4.x All ASP ASP ASP ASP Syslog Syslog Syslog Syslog 9.2 and above 9.1 and above 9.1 and above 9.2 and above All Code Based Syslog 9.1 to 9.3.2 All ASP Syslog 9.4 and above P All ASP Syslog 9.1 and above P Code Based Syslog 9.1 to 9.3.2 P Tripwire For Server Tripwire For Server Trustwave Parser 3.x and above 8 2.x and above 1.x, 2.x All Tripwire Enterprise Tripwire Version(s) Supported Data Loss Prevention Network Access Control WebDefend SecureTrack SMA_RT Type80 Security Software SMA_RT Linux UNIX UNIX OS Host / Server / Operating Systems VanDyke Software VShell Application Vericept Content 360 DLP Verdasys Digital Guardian AirWatch DLP Mobile Device Management VMware vCenter Server VMware Voltage Security SecureData Enterprise Vormetric Data Security WatchGuard Technologies Firebox and X Series Wave Systems Corp Safend Protector Solaris, Red Hat Linux, HP-UX, IBM AIX and SUSE 2.x, 3.x 9.5.0 and above 9.2 and above 9.1 and above 9.1 to 9.3.2 9.1 and above P Supported through 9.2.1 and above Microsoft Windows Event Log 9.1 and above 9.2 and above P P P P P P ASP Syslog 9.1 and above 8.x ASP Syslog 9.2 and above All 7.3, 8.0 ASP ASP Syslog Syslog 9.2 and above 9.4.1 and above P Application All ASP Code Based API 9.3.2 and above P Application DLP Application Firewall DLP 1.x-5.x 5.7 4.x 8.x-11.x All ASP ASP ASP ASP ASP 9.1 and above 9.4.1 and above 9.1 and above 9.1 and above 9.2 and above P All ASP 7.7 and above 6.x, 7.x ASP ASP Syslog Syslog Syslog Syslog Syslog File pull / McAfee SIEM Agent Syslog SQL Cloud Web Security HIDS Websense - CEF, Key Value Pair Websense Enterprise - SQL Pull Web Content / Filtering / Proxies Web Content / Filtering / Proxies Websense Supported through Trustwave DLP P P 9.3.2 and above 9.2 and above 9.2.2 and above P P Vendor Wurldtech Xirrus Zenprise ZeroFOX Zscaler Name OpShield 802.11abgn Wi-Fi Arrays Secure Mobile Gateway ZeroFOX Nanolog Streaming Service (NSS) Device Type Version(s) Supported Parser Method of Collection ESM Version Control Systems / Firewall Switches & Routers Security Mobile Gateway Application Web Content / Filtering / Proxies 1.7.1 All 5.x and above All All ASP ASP ASP ASP ASP Syslog Syslog Syslog Syslog Syslog 9.4.1 and above 9.1 and above 9.1 and above 9.2 and above 9.4.0 and above Notes Data Source Configuration Guide P P P P