SG SIEM Integrations.Xlsx

ESM Integration List Updated October 2013 Parser Device/Parser Version(s) Agent Vendor Device Type Method of Name Supported Required Collection

Load Balancer (ASP) (AX A10 Networks Load Balancer All ASP – Syslog No Series)

Access Layers Portnox (ASP) NAC 2.x ASP - Syslog No

Accellion Secure File Transfer (ASP) Application All ASP - Syslog No

NetVanta (ASP) Network Switches & Routers All ASP – Syslog No Adtran Blue Socket (ASP) Wireless Access Point All ASP - Syslog No Airtight SpectraGuard (ASP) Applications All ASP – Syslog No Networks Applications / Host / Server / Alcatel-Lucent VitalQIP (ASP) Operating Systems / Web All ASP Content / Filtering / Proxies No American Power Uninterruptible Power Power Supplies All ASP Conversion Supply (ASP) No Apache Software Applications / Host / Server / Java Parser - Local Foundation Apache HTTP Server Operating Systems / Web 1.x, 2.x files; syslog UDP Content / Filtering / Proxies No Applications / Host / Server / Apache Web Server (ASP) Operating Systems / Web 1.x, 2.x ASP - Syslog Content / Filtering / Proxies No Applications / Host / Server / Apple Mac OSX (ASP) Operating Systems / Web All ASP Content / Filtering / Proxies No Java Parser - Syslog Arbor Peakflow DoS/SP Network Switches & Routers 2.x UDP No Arbor Peakflow SP (ASP) Network Switches & Routers 2.x and above ASP - Syslog No Arbor Java Parser - Syslog Arbor Peakflow X Network Switches & Routers 2.x UDP No Arbor Peakflow X (ASP) Network Switches & Routers All ASP - Syslog No Pravail (ASP) IDS/IPS All ASP - Syslog No Common Event Format ArcSight Event Format All ASP - Syslog (ASP) No Aruba Wireless Access Points N/A Custom Aruba Parser No Aruba ClearPass (ASP) Wireless Access Points 5.x ASP- Syslog No Avecto Privilege Guard (ePO) IAM / IDM 3.x gSQL No Applications / Host / Server / Axway Secure Transport (ASP) Operating Systems / Web All ASP - Syslog Content / Filtering / Proxies No SPAM Firewall Security Appliances / UTMs 3.x, 4.x ASP - Syslog No Web Application Firewall Security Appliances / UTMs 3.x, 4.x ASP - Syslog Barracuda (ASP) No Barracuda Web Filter (ASP) Security Appliances / UTMs All ASP - Syslog No Web Security Gateway Security Appliances / UTMs All Custom No Bit9 Parity Suite (ASP) Applications All ASP - Syslog No Bit9 Bit9 Parity Suite - CEF Applications All ASP - Syslog (ASP) No Blue Cat Adronis DNS (ASP) Applications All ASP - Syslog Networks No Blue Coat SG Access Logs Web Content / Filtering / Proxies 4.x – 6.x ASP – Syslog Blue Coat (ASP) No Director Web Content / Filtering / Proxies All ASP - Syslog No Java Parser - SQL BlueLance LT Auditor + Blue Lance Applications 9.x Server database (TCP for Novell Netware port 1433) No Blue Martini Blue Martini Application 6.5 Code Based No Blue Ridge BorderGuard (ASP) Firewall 5000, 6000 ASP - Syslog No Bradford Campus NAC / Network Switches & Bradford All ASP – Syslog Manager (ASP) Routers No FastIron and NetIron (ASP) *BigIron also Network Switches & Routers 7.5 and above ASP - Syslog supported No Brocade IronView Network NAC / Network Switches & All ASP – Syslog Manager (ASP) Routers No VDX Network Switches & Routers All ASP - Syslog No Byres Security, Tonfino Firewall LSM Firewall All ASP - Syslog Inc. (ASP) No DataMinder - CEF (ASP) DLP All ASP - Syslog No SiteMinder (ASP) Web Access All ASP - Syslog No CA Identity & Access Yes - Secronix IAM / IDM All McAfee Event Format Management Agent Required Cerner Cerner P2 Sentinel Healthcare auditing All Code Based No Check Point (Syslog) Firewall All ASP No Check Point Edge W32 & Firewall R60 and above OPSEC WU No Check Point Enterprise & Firewall R60 and above OPSEC Enterprise Pro No Check Point Express Firewall R60 and above OPSEC No Check Point FW-1 Limited Firewall R60 and above OPSEC No Check Point FW1 - * Check Point includes IPS, IPS Blade, Firewall R60 and above OPSEC NG, NGX Standard No Check Point Smart Center Firewall R60 and above OPSEC Enterprise Pro No Check Point HA VPN-1 Virtual Private Networks R60 and above OPSEC No Check Point VPN Pro Virtual Private Networks R60 and above OPSEC No Check Point VPN-1 Edge Virtual Private Networks R60 and above OPSEC No Check Point VPN-1 Virtual Private Networks R60 and above OPSEC Express No SmartEvent Firewall R60 and above OPSEC No Cimtrak Management Cimcore Configuration Management All ASP Console No Cisco CSS (Content Other All ASP - Syslog Services Switches) No Cisco SDEE Application Protocol All ASP - SDEE No Open TACACS+ (ASP) Authentication All ASP – Syslog No Java Parser – Syslog TACPlus Authentication All UDP No

Cisco Java Parser - Syslog Cisco ASA Firewall 7.x and above UDP No Cisco ASA (ASP) Firewall 7.x and above ASP – Syslog UDP No Cisco ASA NSEL Firewall/Flow All Custom No Cisco Content Services Switch All ASP - Syslog Switches (ASP) No Java Parser - Syslog Cisco EAP (over UDP) Other All UDP No Cisco Firewall & Service Java Parser - Syslog Firewall 1.x – 3.x Module UDP No Cisco Identity Services Other All Syslog - ASP Engine (ASP) No *supported through Cisco PIX Firewall 5.x and above the Cisco ASA (ASP) parser No *supported through Cisco PIX IDS Firewall / IDS / IPS 5.x and above the Cisco ASA (ASP) parser No *supported through Cisco PIX and PIX IDS Firewall / IDS / IPS 5.x and above the Cisco ASA (ASP) (ASP) parser No Cisco IOS (ASP) - includes Firewall / IDS / IPS / Network ACL, IOS FW, IOS IDS and All ASP - Syslog Switches & Routers DSP No Firewall / Network Switches & Java Parser - Syslog Cisco IOS Firewall 12.x Routers UDP No Host / Server / Operating System Cisco CSA Console 5.x, 6.x SQL/Text Parser / IDS / IPS No *supported through Host / Server / Operating Systems CATOS 6.x the Cisco IOS (ASP) / Network Switches & Routers parser No Host / Server / Operating Systems CATOS v7xxx (ASP) 6.x, 7.x ASP - Syslog / Network Switches & Routers No Cisco ACS (ASP) IDS / IPS 3.x, 4.x ASP –Syslog No Cisco Secure ACS IDS/IPS 3.x 4.x ASP - Syslog No Cisco Guard DDos IDS / IPS All ASP – Syslog UDP Cisco Mitgator (ASP) No Cisco IDS (4.x+ RDEP IDS / IPS 4.x and above SDEE protocol) No Cisco IDSM IDS / IPS All SDEE No Cisco IPS IDS / IPS 12.x SDEE No

IDS / IPS / Network Switches & Cisco IOS (ASP) 12.x ASP - Syslog No Routers No No Cisco NAC Appliance NAC / Network Switches & All ASP – Syslog (ASP) (Clean Access) Routers No Cisco NAC Appliance NAC / Network Switches & Java Parser - HTTP 4.x (Clean Access) Routers based requests No ASP - Nitro Netflow NetFlow (Generic) Network Flow Collection 5,7,9 Collector No IDS / IPS / Network Switches & NX-OS (Nexus) 4.x, 5.x ASP – Syslog Routers No Java Parser - Syslog Cisco IOS ACL Network Switches & Routers 12.x UDP No Cisco

Cisco Wireless LAN Network Switches & Routers All ASP – Syslog Controllers (ASP) No Cisco Wireless Control Network Switches & Routers All ASP- Syslog System (ASP) No Cisco MDS (ASP) Network Switches & Routers All ASP - Syslog No Java Parser - Syslog Cisco VPN Concentrator Virtual Private Networks 2.x – 4.x UDP No Cisco VSM (VPN Switch Java Parser - Syslog Virtual Private Networks 2.x – 4.x Blade) UDP No

Java Parser - FTP Cisco Content Engine Web Content / Filtering / Proxies 5.x Server on Receiver No Cisco IronPort Email Email Security 6.x, 7.x ASP - Syslog Security Appliance (ASP) No Cisco IronPort Web Web Content / Filtering / Proxies 6.x, 7.x ASP - Syslog Security Appliance (ASP) No Applications / Host / Server / Cisco UCS (Unified Operating Systems / Web All ASP - Syslog Computing System) (ASP) Content / Filtering / Proxies No Applications / Host / Server / Cisco WAAS Operating Systems / Web All ASP - Syslog Content / Filtering / Proxies No Cisco WAP 200 (ASP) Wireless Access Point All ASP - Syslog No AppFlow (NetScaler) Flow All Custom No Citrix NetScaler (ASP) * Citrix Secure Gateway & Web Content / Filtering / Proxies All ASP – Syslog NetScaler Web also supported No Cluster Labs Pacemaker CRMD (ASP) Applications 1.x ASP-Syslog No Data Loss Prevention Code Green DLP 8.x ASP - Syslog (ASP) No Confident Image Shield Appliancations All MEF (NPP) Technolgies No Cybectec RUT (ASP) Network Switches & Routers 5.x, 6.x ASP – Syslog No Cooper Power Yukon IED Manager Suite Systems Applications All ASP-Syslog (ASP) No Corero IPS (ASP) Corero (Formerly Top Layer IDS / IPS All ASP – Syslog Attack Mitigator) No Bouncer (ASP) Applications 4.x ASP – Syslog No CoreTrace Bouncer - CEF (ASP) Applications 5.x and above ASP - Syslog No Critical Watch FusionVM Vulnerability Systems All Code Based No CyberGuard (includes FS, Java Parser - Syslog CyberGuard Firewall 5.x SG, SL) UDP No

Enterprise Password Vault Applications 5.x ASP – Syslog (ASP) Cyber-Ark No Privileged Identity Management Suite - CEF Applications All ASP (ASP) No Cyrus IMAP & SASL (ASP) Messaging 2.x ASP - Syslog No Damballa FailSafe (ASP) Anti-Malware All CEF No Dell PowerConnect (ASP) Network Switches & Routers All ASP – Syslog No Digital Defense Frontline Vulnerability Systems All Code Based No EdgeWave iPrism Web Security (ASP) Web Content / Filtering / Proxies All ASP – Syslog No MainFrame

· DB2/IMS/Datacom/IDMS · CICS · FTP

· MasterConsole

· RACF/Top Secret/ACF2

· Telnet

· VSAM/BDAM/PDS DG Technology MEAS 5.x, 6.x ASP - Syslog

· TCP/IP

· SMP/E

· Authorized Load Libraries

· RMF Performance Data

· Batch Job and Started Tasks Start/Stop Yes - DG · Top Secret, Type 80 Technology MEAS agent eEye eEye Retina Vulnerability Systems All N/A No

eEye Retina Enterprise Vulnerability Systems All N/A Manager

No MainFrame

· AS/400

· DB2/IMS/Datacom/IDMS

Enforcive System Z DB2 (ASP) · FTP All ASP - Syslog (formerly BSafe)

· RACF/Top Secret/ACF2

· Telnet

· VSAM/BDAM/PDS Yes - Enforcive Agent Java Parser - MySQL Enterasys Dragon IDS / IPS 1.x – 7.x database (TCP Sensor/Squire connection) Enterasys No N Series Switches (ASP) Network Switches & Routers 7.x ASP – Syslog No Dragon Sensor IDS/IPS 1.x - 7x. Java Parser No Network Access Control Network Switches & Routers 7.x ASP – Syslog (ASP) No Entrust IndenityGuard (ASP) Applications All ASP - Syslog No Extreme Alpine Network Swithes & Routers All Java Parser No Extreme Networks ExtremeWare XOS NAC/Network Switches & Routers 7.x, 8.x ASP – Syslog No Access Policy Manager NAC/Network Switches & Routers All ASP – Syslog (ASP) No Big-IP Application Security Web Content / Filtering / Proxies All ASP - Syslog F5 Manager - CEF (ASP) No FirePass SSL VPN (ASP) Virtual Private Network All ASP – Syslog No Local Traffic Manager Web Content / Filtering / Proxies All ASP - Syslog (ASP) No Fairwarning Privacy Fairwarning Application Security 2.9.x McAfee Event Format Monitoring No Fidelis Fidelis XPS (ASP) Network Security Appliance All ASP - Syslog No FireEye Malware Antivirus/Malware 5.x Code Based CEF Parser Protection System No FireEye FireEye Malware Protection System - CEF Antivirus/Malware 5.x and above ASP - Syslog (ASP) No AirMagnet Enterprise Fluke Networks Network Switches & Routers 8.x ASP – Syslog (ASP) No Force10 FTOS (ASP) Network Routers & Switches All ASP – Syslog Networks No CounterACT - CEF (ASP) NAC/Network & Switches 7.x and above ASP - Syslog No ForeScout CounterACT (ASP) NAC/Network & Switches 5.x and 6.x ASP - Syslog No Fortinet Fortigate Firewall Firewall 3.x Java Parser - Syslog No Fortinet Fortigate UTM - Firewall All ASP - Syslog Comma Delimited (ASP) No Fortinet Fortigate UTM - Fortinet Firewall All ASP - Syslog Space Delimited (ASP) No Fortinet FortiManager Firewall All ASP - Syslog (ASP) No Fortinet Web Application Firewall All ASP – Syslog Firewall (ASP) No FreeRadius FreeRadius (ASP) Authentication All ASP – Syslog No Java Parser - Syslog Funkwerk PacketAlarm IPS IDS / IPS 4.6 UDP No Java Parser - Syslog Gauntlet Gauntlet Firewall Firewall All UDP No GFI LanGuard VA Scanner VA Scanner All Custom/API No Gigamon GigaVUE (ASP) Switches & Routers All ASP - Syslog No GTA GNAT Firewall 5.3.x ASP – Syslog No HB Gary Active Defense (ASP) UTM All ASP - Syslog No 3 Com Switches (ASP) Switches & Routers All ASP - Syslog No LaserJet Printers (ASP) Printers All ASP – Syslog No HP OpenVMS Operating Systems 1.x ASP - Syslog No HP ProCurve (ASP) Network Switches & Routers All ASP - Syslog No Infoblox NIOS (ASP) Applications All ASP – Syslog No InfoExpress CyberGateKeeper Network Switches & Routers All Java No Guardium (ASP) Database Activity Monitoring 6.x, 7.x ASP – Syslog UDP No Yes - DG System Z DB2 Database All DG Tech MEAS Technology MEAS agent

Java Parser - SQL ISS Real Secure Server Host / Server / Operating Systems 5.5 – 7.x Server database (TCP Sensor port 1433) No Java Parser - Syslog IBM AIX OS Host / Server / Operating Systems 5.x UDP No

Java Parser - SQL ISS RealSecure Desktop Host / Server / Operating Systems 7.x Server database (TCP Protector / Other port 1433) No ISS Proventia GX Series Other All ASP -Syslog (ASP) No IBM Java Parser - SQL ISS Real Secure Network Other 6.x, 7.x Server database (TCP Sensor port 1433) No ISS Site Protector Security Management All Custom Text Parser No Yes - DG See DG Technology MainFrame MainFrame All Technology MEAS MEAS agent Tivoli EndPoint Manager - Host / Server / Operating Systems All ASP - Syslog BixFix 9ASP / Other No Tivoli Identity & Access IAM / IDM All ASP - Syslog Manager (ASP) No Yes - DG See DG Technology z/OS, z/VM Mainframe All Technology MEAS MEAS agent Yes - McAfee Informix Database All Code Based DEM Host / Server / Operating Systems Invincea Enteprise All ASP - Syslog / Other No WAF/DAM - CEF (ASP) Database All ASP - Syslog No Imperva Database Activity Monitor Database All Code Based No Invincea Enterprise - CEF Firewall All Code Based No Snare for AIX (ASP) Other All ASP - Syslog No Snare for Solaris Other All ASP - Syslog No Intersect Alliance Snare for Windows Other All ASP - Syslog No IP Fix IP Fix Network Flow Collection All Custom No Ipswitch WS_FTP (ASP) Applications All ASP - Syslog No iTron Enterprise Edition iTron Smart Grid Application All ASP – Syslog (ASP) No ASP - Nitro Netflow Jflow Jflow (Generic) Network Flow Collection 5,7,9 Collector No Juniper Netscreen Java Parser - Syslog Firewall 4.x, 5.x Firewalls UDP OR ASP - Syslog No Java Parser - Syslog Juniper Netscreen IDP IDS / IPS 3.x, 4.x UDP OR ASP - Syslog No Juniper Netscreen Java Parser - Syslog Network Switches & Routers All Security Manager UDP No

Juniper Juiniper NetScreen- IDP Network Switches & Routers All ASP - Syslog (ASP) No Juniper Applications / Host / Server / NSM (ASP) All ASP Operating Systems No JunOS - structure data Network Switches & Routers All ASP - Syslog format (ASP) No Juniper Secure Access SSL Virtual Private Networks 5.x – 7.x ASP- Syslog VPN (ASP) No Steel Belted Radius (ASP) Radius Server 5.x and above ASP - Syslog No SRX (ASP) Firewall/VPN All ASP –Syslog No Yes - McAfee Kaspersky Admin Console Antivirus 8.x Windows Agent Agent KEMP LoadMaster (ASP) Network Switches & Routers 4.x, 5.x ASP – Syslog Technologies No IDS / IPS / Network Switches & Java Parser - Syslog Lancope Stealth Watch 4.x – 5.6 Routers UDP No Lancope Lancope Stealth Watch IDS / IPS / Network Switches & 6.x and above ASP - Syslog (ASP) Routers No Liberman Enterprise Random Applications All CEF Software Password Manager (ASP) No LINUX LINUX Host / Server / Operating Systems All ASP – Syslog No Locum Real-time Monitor Applications All ASP - Syslog No Lumension PatchLink Scan Vulnerability Systems All Code Based No Applications / Security MailGate, Ltd. MailGate Server (ASP) Management / Host / Server / 3.5 ASP – Syslog Operating Systems No Application Data Monitor Other All Code Based No Application Change Web Content / Filtering / Proxies All ePO Parser Control No AntiSpyware AntiVirus All ePO Parser No McAfee Antivirus AntiVirus All WMI Parser – WMI No McAfee Asset Manager Asset Mananagement All ASP Sensor (ASP) No Applications / Security McAfee ePolicy Management / Host / Server / 3.x and above ePO Parser Orchestrator (EPO) Operating Systems No Applications / Security McAfee ePolicy Management / Host / Server / 4.x and above ePO Parser Orchestrator (EPO) Agent Operating Systems No Database Security - CEF Database All ASP - Syslog (ASP) No Database Security (ePO) Database All ePO Parser No Database Event Monitor Database All Code Based No DLP Prevent (Network) DLP All ASP - Syslog No DeepDefender (ePO) Other All ePO Parser No Applications / Security Event Center Management / Host / Server / All ASP - Syslog Operating Systems No Firewall Enterprise Legacy Firewall / IDS / IPS 5.x and 6.x ASP - Syslog (ASP) No Firewall Enterprise (ASP) Firewall / IDS / IPS 8.x ASP - Syslog No Email Gateway (ASP) Web Content / Filtering / Proxies All ASP - Syslog No Email and Web Security - Web Content / Filtering / Proxies 6.x and above ASP - Syslog CEF (ASP) No Email and Web Security Web Content / Filtering / Proxies 5.x ASP - Syslog (ASP) No Event Center (ASP) Other All ASP - Syslog No McAfee McAfee Group Shield for Domino Web Content / Filtering / Proxies All ePO Parser (ePO) No Group Shield for Web Content / Filtering / Proxies All ePO Parser Exchange (ePO) No Java Parser - Entercept API till 5.x ePO SQL McAfee HIPS IDS / IPS 6.x and above Server database for 6.0 No McAfee Host Data Loss DLP All ePO Parser Preventions (ePO) No MOVE AntiVirus (ePO) AntiVirus All ePO Parser No IronMail Messaging All ASP - Syslog No Nitro IPS IDS/IPS All ASP - Syslog No Network Acccess Other All ePO Parser Control (ePO) No Network Security Java Parser - Syslog IDS / IPS 1.x – 5.x (formerly IntruShield) UDP No Network Security Manager (ASP) (formerly IDS / IPS 6.x and above ASP - Syslog IntruShield) No Network Security Manager - SQL Pull IDS / IPS 6.x and above ASP - Syslog (formerly IntruShield) No SaaS Web Protections Web Content / Filtering / Proxies All ASP - Syslog (ASP) No SiteAdviisor (ePO) Other All ePO Parser No Vulnerability Manager Vulnerability Systems All Code Based No Web Gateway (ASP) Web Content / Filtering / Proxies All ASP – Syslog No McAfee WebShield (ASP) Web Content / Filtering / Proxies All ASP - Syslog No UTM Firewall (ASP) Firewall All ASP - Syslog No VirusScan (ePO) Antivirus All ePO Parser No Meditech CareTaker (ASP) HealthCare Application All ASP - Syslog No Applications / Host / Server / McKesson STAR Audi Server (ASP) All ASP – Syslog Operating Systems No Applications / Host / Server / Adiscon (ASP) All ASP Syslog Operating Systems No Applications / Host / Server / Active Directory All ASP Syslog Operating Systems No Applications / Host / Server / ACS All Code Based Operating Systems No Applications / Host / Server / 2007, 2010 Message Exchange ASP - Windows Agent Operating Systems tracking logs No Yes - McAfee Applications / Host / Server / Event Forwarding 2008 Code Based Agent with SIEM Operating Systems plug-in Forefront Client Security HIPS 2010 Code Based No Forefront Threat IDS/IPS 2010 Code Based Management Gateway No Forefront Unified Access IDS/IPS 2010 Code Based Gateway No Internet Authentication Web Content/Filtering/Proxies 2003, 2008 ASP - Syslog Service - Formated (ASP) No Internet Authentication Web Content/Filtering/Proxies 2003, 2008 ASP - Syslog Service - XML (ASP) No Microsoft PPTP VPN All ASP – Syslog

Microsoft Applications / Host / Server / 2000, 2003, 2008, Microsoft Windows WMI Parser – WMI Operating Systems 2012, Vista, 7 and 8 Yes - McAfee Microsoft Windows Debug DNS Logs 2003, 2008 ASP – Windows Agent Agent with SIEM plug-in Yes - McAfee Agent with SIEM Microsoft Microsoft Windows Debug DHCP Logs 2003, 2008 ASP – Windows Agent plug-in Yes - McAfee Microsoft MS SQL C2 Database 2005, 2008 ASP - Windows Agent Agent with SIEM Audit plug-in Microsoft SQL Server Database All WMI Parser – WMI No Firewall / Host / Server / Operating Microsoft I nternet Systems / Web Content / Filtering / All ASP Security and Accleration Proxies / Virtual Private Networks No

Java Parser - SQL Microsoft Operations Host / Server / Operating Systems All Server database (TCP Manager port 1433)

No Host / Server / Operating Systems Windows Agent, Local Yes - McAfee Microsoft IIS (ASP) / Web Content / Filtering / All file via syslog using Agent with SIEM Proxies Snare plug-in Host / Server / Operating Systems Windows Agent, Local Yes - McAfee Microsoft IIS - FTP (ASP) / Web Content / Filtering / All file via syslog using Agent with SIEM Proxies Snare plug-in Microsoft Exchange Other 2007, 2010 WMI Parser – WMI Server No Microsoft Active Other All WMI Parser – WMI Directory No Yes - McAfee Microsoft SharePoint Host/ Server / File Management 2007, 2010 Code Based Agent with SIEM plug-in Microsoft SCOM Security Management 2007 Java Based No NAC / Network Switches & Java Parser - Syslog Mirage Networks Mirage Counterpoint 2.3.1 Routers UDP No Motorola AirDefense (ASP) Wireless Switch All ASP - Syslog No nCircle IP360 Scanner Vulnerability Systems All N/A No CPX Flow & Packet nPulse Packet Capture All URL Integration Capture No Nessus Nessus Vulnerability Systems 3.x, 4.x N/A No DataFort (ASP) Storage Switch All ASP – Syslog No Yes - McAfee Data OnTap (ASP) Storage 7.x ASP – Windows Agent Agent with SIEM NetApp plug-in Yes - McAfee FAS *use OnTAP parser Storage All Windows Agent Agent with SIEM plug-in Netflow NetFlow (Generic) Flow 5, 7, 9 Code Based No Applications / Security Netfort Netfort LANGuardian Management / Host / Server / All ASP – Syslog Technologies (ASP) Operating Systems No Java Parser - SQL netIQ Security Manager Network Switches & Routers / netIQ 5.1 Server database (TCP (ASP) Security Management port 1433) No Informer - CEF (ASP) Application All ASP No NetWitness NextGen Application Protocol All CEF Parser No Spectrum Malware All URL Integration No Niksun NetDectector (ASP) Other All ASP - Syslog No Java Parser - Syslog Nokia Nokia IPSO Firewall All UDP No Passport 8000 Network Switches & Routers 7.x ASP – Syslog No Nortel VPN Gateway 3050 Virtual Private Networks 8.x ASP No Applications / Security eDirecotry Management / Host / Server / All ASP Novell Operating Systems No IAM (ASP) IAM / IDM All ASP - Syslog No OpenVPN OPenVPN (ASP) VPN 2.1 and above ASP - Syslog No

iPlanet Web Content / Filtering / Proxies All Java Parser - Syslog UDP No

MySQL Database All Code Based Requires DBM or DAM

Oracle Audit Database All ASP - Syslog No Java Parser Agent - Oracle Common Audit Database 9i, 10g, 11g Local Files No

Oracle Java Parser - DB Audit Oracle Fine-Grained Audit Database 9i, 10g, 11g Tables through JDBC

No Identity & Access Yes - Secronix IAM / IDM All McAfee Event Format Manager Agent Required Solaris BSM Host / Server / Operating Systems 9.x, 10.x ASP- Syslog No Java Parser - Syslog Solaris OS Events Host / Server / Operating Systems 2.x and above UDP No WebLogic (ASP) Other All ASP - Syslog No ISAKMP, RADIUS, Host / Server / Operating System SECURITY, Osiris Host Integrity Monitoring ASP – Syslog / IDS / IPS Accounting, RIP, VR messages only No Host / Server / Operating System OSISoft PI System All MEF / IDS / IPS No Palo Alto PA-2000, 4000, 500 Firewall All ASP - Syslog No Patrick AS-400 Host All CEF Parser Townsend No Peoplesoft Peoplesoft Applications N/A McAfee Event Format No PostFix PostFix Applications All ASP-Syslog No PostgreSQL PostgreSQL Database All ASP No Interact Host All ASP No Powertech Interact - CEF Host All CEF Parser No Messaging Security ProofPoint Applications All ASP Gateway (ASP) No Qualys QualysGuard Vulnerability Systems All N/A No ChangeAuditor for Active Quest Applications All ASP – WMI Directory No AppDirector Network Switches & Routers All ASP - Syslog No Java Parser - Syslog Radware DefensePro IDS / IPS 2.4.3 and above UDP No FireProof and LinkProof Network Switches & Routers All ASP – Syslog No Rapid 7 MetaSploit Pro Penetration Testing 3.x and above Custom No Nexpose VA Scanner Vulnerability Systems All N/A No Raytheon SureView (ASP) Application All ASP - Syslog No Java Parser - Syslog Red Hat Red Hat Linux OS Events Host / Server / Operating Systems 2.1 and above UDP No RedSeal RedSeal (ASP) Risk Compliance All ASP - Syslog No Riverbed Steelhead Security Appliances / UTMs 5.x ASP – Syslog No RSA Authentication RSA Authentication 5.x, 6.x, 7.x WMI Parser – WMI Manager (windows) No RSA Authenticaiton RSA Manager (Windows & Authentication 7.x ASP – Syslog UNIX) No SafeNet Safenet HSM Application Security All ASP – Syslog No Saint Vulnerability Saint Vulnerability Systems All N/A Scanner No Samsung Somansa DB-I (ASP) Database All ASP No Applications / Security Yes - McAfee SAP SAP ECC Management / Host / Server / 5.x and 6.x ABAP Module & ASP ESM ABAP Operating Systems module Savant Savant Protection Anti-Malware 3.x CEF No SecureAuth Single Sign On SecureAuth Authentication 5.x ASP – Syslog (ASP) No Applications / Security Secure Crossing ZenWall Secure Crossing Management / Host / Server / All ASP – Syslog (ASP) Operating Systems No SendMail Sentrion Messaging All ASP - Syslog No sFlow sFlow (Generic) Network Flow Collection All Nitro sFlow Collector No Silver Spring Network Infrastruture Smart Grid All ASP – Syslog Networks (ASP) No Software Product DBARS Database All ASP - Syslog Research No SonicWALL Aventail (ASP) Virtual Private Networks 10.x ASP No SonicOS (ASP) Firewall All ASP - Syslog No Sonus GSX VOIP (ASP) VOIP All ASP - Syslog No Sophos Email Security & Web Content / Filtering / Proxies 3.x, 4.x ASP Data Protection Email Security & Data Email Security All ASP Protection (ASP) No Sophos Sophos Enterprise Antivirus/HIDS 3.x McAfee Event Format Console No Web Security & Control Web Content / Filtering / Proxies All ASP - Syslog (ASP) No eStreamer (ASP) IDS/IPS All Code Based No *supported though Snort NIDS IDS / IPS All the Sourcefire NS/RNA Parser No Java Parser - Sourcefire Sourcefire Intrusion IDS / IPS All Estreamer API using Sensor TCP port 8302 No Sourcefire NS/RNA *includes support for IDS/IPS All ASP - Syslog Snort IDS No Splunk Splunk SIEM log feed All ASP and Code Based No Squid Web Proxy Web Content / Filtering / Proxies 1.x Java Parser – N/A Squid Squid Web Proxy (ASP) Web Content / Filtering / Proxies 2.5 ASP – Syslog Firewall / Security Management / StillSecure Strata Guard (ASP) IDS / IPS / Virtual Private 5.x, 6.x ASP – Sylosg Networks Firewall / Security Management / Stonesoft Stonegate Java Parser – Syslog IDS / IPS / Virtual Private 4.x Management Center UDP Networks No Firewall / Virtual Private Java Parser – Syslog Stonesoft Stonegate 2.x, 3.x Stonesoft Networks UDP No

Stonesoft Stonegate IPS IDS / IPS All ASP (ASP) No Sybase Sybase Database 11.x and above McAfee DAM No Altiris CMDB CMDB 7.x and above Custom No Symantec AntiVirus AntiVirus All WMI Parser – WMI No Symantec AV CE Server Antivirus 8.x, 9.x Code Based No Symantec Endpoint Java Parser – Syslog AntiVirus 11.x Protection UDP No Symantec Endpoint AntiVirus 11.x ASP – Syslog Protection No Java Parser – Syslog Symantec Intruder Alert Host / Server / Operating Systems 3.6 UDP No Java Parser – SQL Symantec Critical System IDS / IPS 5.2 Server database (TCP Protection Symantec port 1433) No Java Parser – Syslog Symantec ManHunt IDS / IPS 3.x UDP No Symantec Message Messaging 2.x and above ASP - Syslog Gateway (ASP) No Java Parser – DB2 Symantec HIDS IDS / IPS / Other 4.1 database No PGP Universal Server Host / Server / Operating Systems All All No Symantec Web Gateway Web Content / Filtering / Proxies All ASP – Syslog (ASP) No Vontu DLP (ASP) DLP All ASP - Syslog No Yes - DG System i System i Host / Server / Operating Systems All DG Tech MEAS Technology MEAS agent Tippingpoint Unitity One IDS / IPS All ASP – Syslog (ASP) No TippingPoint Java Parser – Syslog Tippingpoint SMS Format Security Management 1.x, 2.x UDP No Tippingpoint SMS (ASP) Security Management 2.x and above ASP - Syslog No Titus Classification Data Governance All ASP - Syslog No AS-400 - CEF Host / Server / Operating Systems All ASP - Syslog Townsend No Security AES-400 Host / Server / Operating Systems All ASP - Syslog No Trapezoid Trust Control Suite Application All ASP - Syslog No Control Manager AntiVirus / Vulnerability Systems 3.x, 5.x, 6.x Code Based No Deep Discovery (ASP) AntiVirus / Vulnerability Systems All ASP - Syslog No Deep Security IDS - CEF HIDS 6.x and above ASP - Syslog (ASP) No Trend Micro InterScan Web Security Web Content / Filtering / Proxies All ASP - Syslog Suite (ASP) No Office Scan AntiVirus / Vulnerability Systems All ASP - Syslog No OSSEC (ASP) FIM/HIDS 1.x, 2.x ASP – Syslog No Java Parser – Syslog Enterprise Database / Security Management 4.x Tripwire UDP No Tripwire NIDS IDS / IPS / Other 3.x SNMP No Networks Access Control NAC 3.x ASP – Syslog (ASP) No Trustwave Vericept - CEF (ASP) DLP 8.x CEF No Webdefend (ASP) Web Content / Filtering / Proxies 4.x ASP – Syslog No Java Parser – Syslog Type 80 Type 80 SMA_RT Host / Server / Operating Systems All UDP No VanDyke vShell (ASP) Applications 2.x, 3.x ASP - Syslog Software No VMWare/EMC VMWare ESX/ESX i Applications 1.x – 5.x ASP - Syslog No Vormetric Data Security (ASP) Applications 4.x ASP – Syslog No WatchGuard WatchGuard Firebox Firewall 8.x – 11.x ASP – Syslog No Websense Enterprise Web Content / Filtering / Proxies 6.x ASP - Syslog (ASP) No Websense Websense Enterprise - Web Content / Filtering / Proxies 7.7 and above CEF CEF (ASP) No WCK bSRM Risk Compliance All URL Integration No Xirrus 802.11abgn WiFi Arrays Switches & Routers All ASP – Syslog No Secure Mobile Gateway Zenprise Secure Mobile Gateway 5.x and above ASP - Syslog (ASP) No Java Parser – SQL Data Zonelabs Zonelabs Integrity Firewall 4.5 Source No

McAfee, the McAfee logo, ePolicy Orchestrator, and McAfee ePO are registered trademarks or 2821 Mission College Boulevard trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other Santa Clara, CA 95054 marks and brands may be claimed as the property of others. The product plans, specifications 888 847 8766 and descriptions herein are provided for information only and subject to change without notice, www.mcafee.com and are provided without warranty of any kind, express or implied. Copyright © 2013 McAfee, Inc.