Mcafee SIEM Device Support by Vendor

McAfee SIEM Device Support By Vendor

Vendor Device Name Device Type Supported Logs Parser Method of Collection

A10 Networks Load Balancer (AX Series) Load Balancer All ASP – Syslog Adtran NetVanta Network Switches & Routers All ASP – Syslog Airdefense Airdefense Network Switches & Routers WIPS Alerts Java Parser - Syslog Airtight Interactive Airtight Interactive Applications N/A ASP – Syslog InfoExpress ALLOW, DENY, EXIT, Alcatel-Lucent Authentication / Network Switches & Routers Java Parser - Syslog UDP CyberGatekeeper LAN CGATE type only Applications / Host / Server / Operating VitalQIP All ASP Systems / Web Content / Filtering / Proxies Apache Software Applications / Host / Server / Operating Java Parser - Local files; Apache Access Logs only Foundation Systems / Web Content / Filtering / Proxies syslog UDP Applications / Host / Server / Operating Access, Error and Apache ASP - Syslog Systems / Web Content / Filtering / Proxies ModSecurity Logs Access, Error and Arbor Arbor Peakflow DoS/SP Network Switches & Routers Java Parser - Syslog UDP ModSecurity Logs Arbor Peakflow X Network Switches & Routers Network Behavior Alerts Java Parser - Syslog UDP Arbor Peakflow X Network Switches & Routers Network Behavior Alerts ASP - Syslog UDP Aruba Aruba Wireless Access Points N/A Custom Aruba Parser Barracuda SPAM Filter Barracuda Barracuda SPAM Filter Security Appliances / UTMs ASP - Syslog UDP Messages Barracuda Web Barracuda Web Filter Security Appliances / UTMs ASP - Syslog UDP Security Gateways Messages Bit9 Bit9 Parity Suite Applications All CEF Blue Coat Blue Coat SG Series Web Content / Filtering / Proxies Proxy and System Log Java Parser - Syslog TCP Blue Coat SG Series Web Content / Filtering / Proxies Access Log ASP – Syslog UDP BlueLance LT Auditor + Java Parser - SQL Server Blue Lance Applications Netware Auditing for Novell Netware database (TCP port 1433)

Parser Vendor Device Name Device Type Supported Logs Method of Collection

Blue Martini Application All Code Based Blue Martini BoarderGuard 5000 & Blue Ridge All ASP - Syslog UDP 6000 Series Bradford Campus Bradford NAC / Network Switches & Routers All ASP – Syslog Manager Foundry BigIron, FastIron Foundary Syslog Brocade Network Switches & Routers ASP - Syslog UDP and NetIron Messages IronView Network NAC / Network Switches & Routers All ASP – Syslog Manager CA CA Datacom Mainframe Nitro Plugin Protocol Identity & Access IAM / IDM All Nitro Plugin Protocol Management Check Point Edge W32 & Check Point Firewall N/A OPSEC WU Check Point Enterprise & Firewall N/A OPSEC Enterprise Pro Check Point Express Firewall N/A OPSEC Check Point FW-1 Firewall N/A OPSEC Limited Check Point FW1, NG, Firewall N/A OPSEC NGX Standard Check Point Smart Firewall N/A OPSEC Center Enterprise Pro Check Point IPS-1 Sensory (formerly IDS / IPS NFR Alerts Nitro Plugin Protocol Network Flight Recorder) Check Point HA VPN-1 Virtual Private Networks N/A OPSEC Check Point VPN Pro Virtual Private Networks N/A OPSEC Check Point VPN-1 Edge Virtual Private Networks N/A OPSEC Check Point VPN-1 Virtual Private Networks N/A OPSEC Express SmartEvent Firewall All OPSEC

Parser Vendor Device Name Device Type Supported Logs Method of Collection Cisco CSS (Content Cisco Other N/A ASP - Syslog UDP Services Switches) Cisco SDEE Application Protocol N/A ASP - SDEE TACACS+ Authentication N/A ASP – Syslog TACPlus Authentication Tacplus messages Java Parser – Syslog UDP Cisco ASA Firewall %ASA messages Java Parser - Syslog UDP Cisco ASA Firewall ASA messages ASP – Syslog UDP Cisco EAP N/A Java Parser - Syslog UDP Cisco Firewall & Service Firewall FWSM messages Java Parser - Syslog UDP Module Cisco PIX Firewall PIX messages Java Parser - Syslog UDP Cisco PIX IDS Firewall / IDS / IPS IDS messages only Java Parser - Syslog UDP Cisco PIX and PIX IDS Firewall / IDS / IPS PIX and IDS messages ASP – Syslog UDP Cisco IOS ACL, IOS FW, Firewall / IDS / IPS / Network %SEC, %FW only, %IDS ASP - Syslog UDP IOS IDS Switches & Routers only Firewall / Network Switches & Cisco IOS Firewall %FW only Java Parser - Syslog UDP Routers Host / Server / Operating System / Cisco CSA CSA Events SQL/Text Parser IDS / IPS %(CONTROLLER|LINK|OSPF|LINEP Host / Server / Operating Systems / ROTO|DVLAN|FILESYS|IP|MGMT|SEC CATOS Java Parser - Syslog UDP Network Switches & Routers URITY|SYS|SEC|NTT|Login|FW|Parser ) Messages %(CONTROLLER|LINK|OSPF|LINEP Host / Server / Operating Systems / ROTO|DVLAN|FILESYS|IP|MGMT|SEC CATOS ASP - Syslog UDP Network Switches & Routers URITY|SYS|SEC|NTT|Login|FW|Parser ) Messages Failed/Passed/Radius Cisco ACS IDS / IPS Accounting/TACACS ASP –Syslog UDP Accounting & Administration Cisco Guard IDS / IPS N/A ASP – Syslog UDP Cisco IDS IDS / IPS IDS messages only SDEE Cisco IDSM IDS / IPS N/A SDEE Cisco IPS IDS / IPS N/A SDEE Cisco IOS IDS IDS / IPS / Network Switches & Routers %IDS only ASP - Syslog UDP IPS Alerts, DUAL, PFINIT- Cisco IOS IPS IDS / IPS / Network Switches & Routers ASP - Syslog UDP SP, HSRP Parser Vendor Device Name Device Type Supported Logs Method of Collection Cisco NAC Appliance Cisco NAC / Network Switches & Routers All ASP – Syslog (Clean Access) Cisco NAC Appliance NAC / Network Switches & Routers NAC Only Java Parser - HTTP based requests (Clean Access) NetFlow (Generic) Network Flow Collection N/A ASP - Nitro Netflow Collector Aaa, Arp, Auth, Authpriv, cert-enroll, dhcp_snoop, fs-daemon, Fspf, ftp, Fwm, Im, interface-vlan, Ip, Ipconf, IDS / IPS / Network Switches & Ipqos, Kernel, m2rib, Mail, Mfdm, Mfwd, NX-OS (Nexus) Ntp, Port, port-channel, port-resources, ASP – Syslog Routers Provision, Radius, Security, Snmpd, Sifmgr, spanning-tree, Syslog, Sysmgr, TACACS, TACACS+, Track, User, Uucp, vlan_mgr and zone Cisco IOS ACL Network Switches & Routers %SEC only Java Parser - Syslog UDP Cisco Wireless LAN Network Switches & Routers N/A ASP – Syslog Controllers Cisco MARS Security Management Incident Notification XMLs Java Parser - Email (SMTP) Cisco VPN Concentrator Virtual Private Networks VPN messages Java Parser - Syslog UDP Cisco VSM (VPN Switch Virtual Private Networks VPN messages Java Parser - Syslog UDP Blade) Java Parser - FTP Server on Cisco Content Engine Web Content / Filtering / Proxies Proxy Logs Receiver IronPort Syslog and Access Cisco IronPort Web Content / Filtering / Proxies ASP - Syslog Messages Citrix Secure Access Citrix Applications N/A ASP – Syslog Gateway Citrix NetScaler Web Content / Filtering / Proxies All ASP – Syslog Citrix NetScaler Web Web Content / Filtering / Proxies All ASP – Syslog Cluster Labs Pacemaker CRMD Applications All ASP-Syslog Cooper Power Cybectec Network Switches & Routers All ASP – Syslog Systems Yukon IMS Applications All ASP-Syslog CoreTrace CoreTrace Applications Bouncer Messages ASP – Syslog CyberGuard (includes CyberGuard Firewall FW messages Java Parser - Syslog UDP FS, SG, SL) Enterprise Password Cyber-Ark Applications All ASP – Syslog Vault Parser Vendor Device Name Device Type Supported Logs Method of Collection Dell PowerConnect Network Switches & Routers All ASP – Syslog EdgeWave iPrism Web Security Web Content / Filtering / Proxies All ASP – Syslog Vulnerability Assessment eEye eEye Retina Vulnerability Systems N/A data support eEye Retina Enterprise Vulnerability Assessment Vulnerability Systems N/A Manager data support Enterasys Dragon Java Parser - MySQL database (TCP Enterasys IDS / IPS NIDS and HIDS Messages Sensor/Squire connection) N Series Switches Network Switches & Routers All ASP – Syslog NAC NAC/Network Switches & Routers All ASP – Syslog S Series Switches Network Switches & Routers All ASP – Syslog Extreme ExtremeWare XOS NAC/Network Switches & Routers All ASP – Syslog Networks Access Policy Manager F5 NAC/Network Switches & Routers All ASP – Syslog (APM) Application Security Web Content / Filtering / Proxies N/A Nitro Plugin Protocol Manager (ASM) FirePass SSL VPN Virtual Private Network All ASP – Syslog Local Traffic Manager Web Content / Filtering / Proxies All ASP - Syslog UDP Fairwarning Privacy Fairwarning Application Security N/A Nitro Plugin Protocol Monitoring FireEye Malware FireEye Antivirus/Malware N/A CEF Parser Protection Fluke Networks AirMagnet Enterprise Network Switches & Routers All ASP – Syslog Force10 FTOS Network Routers & Switches All ASP – Syslog Networks ForeScout CounterACT NAC/Network & Switches All ASP – Syslog IPS , webfilter, spamfilter, Fortinet Fortinet Fortigate Firewall Java Parser - Syslog event, traffic type messages IPS , webfilter, spamfilter, Fortinet Fortigate Firewall ASP - Syslog event, traffic type messages Fortinet WAF Firewall All ASP – Syslog FreeRadius FreeRadius Authentication AUTH ASP – Syslog Funkwerk PacketAlarm IPS IDS / IPS IPS Alerts Java Parser - Syslog UDP GTA GNAT Firewall All ASP – Syslog

Parser Vendor Device Name Device Type Supported Logs Method of Collection ssh/telnet/ftp/rsh/inetd/sendm HP HP-UX (Hewlett-Packard) Host / Server / Operating Systems Java Parser - Syslog UDP ail/syslogd/su LaserJet Printers All ASP – Syslog OpenVMS Operating Systems N/A ASP - Syslog HP ProCurve Network Switches & Routers Procurve Syslog Messages ASP - Syslog UDP Infoblox NIOS Applications All ASP – Syslog IBM Guardium Database Activity Monitoring All ASP – Syslog UDP I System Z DB2 Database N/A DBM Agent - 7.1.x, 8.x, 9.x System Z DB2 Database All Versions BSafe Agent RealSecure Network /Server ISS Real Secure Server Java Parser - SQL Server database Host / Server / Operating Systems Sensor, Proventia A/G/M Sensor (TCP port 1433) Series Applicances ssh/telnet/ftp/rsh/inetd/sendm IBM AIX OS Host / Server / Operating Systems Java Parser - Syslog UDP ail/syslogd/su Host / Server / Operating Systems / BlackICE and Desktop Java Parser - SQL Server database ISS Desktop Protector Other Protection System (TCP port 1433) RealSecure Network /Server ISS Real Secure Network Java Parser - SQL Server database Other Sensor, Proventia A/G/M Sensor (TCP port 1433) Series Applicances RealSecure Network /Server ISS Site Protector Security Management Sensor, Proventia A/G/M Custom Text Parser Series Applicances SMF (System Management z/OS, z/vm Mainframe Facilities) Types 30, 14, 15, Nitro Plugin Protocol 17, 18, 56, 62, 64, 80 Tivoli Access Manager Authentication All Nitro Plugin Protocol for Operating Systems Tivoli Identity & Access IAM / IDM All Nitro Plugin Protocol Manager RACF (Resource Access z/OS, z/VM Mainframe Nitro Plugin Protocol Control Facility Informix Database N/A Imperva Database Activity Monitor Database All Code Based Web Application Firewall Firewall All Code Based Intersect Snare for Windows, Snare for SNARE Other ASP - Syslog UDP Alliance AIX

Parser Vendor Device Name Device Type Supported Logs Method of Collection IP Fix IP Fix Network Flow Collection Custom iTron iTron Enter Smart Grid Application All ASP – Syslog Juniper Netscreen System and Traffic Java Parser - Syslog UDP OR ASP - Juniper Firewall Firewall notification messages Syslog Java Parser - Syslog UDP OR ASP - Juniper Netscreen IDP IDS / IPS 4.x via NSM Syslog Juniper Netscreen Network Switches & Routers IDP, FW Java Parser - Syslog UDP Security Manager Applications / Host / Server / NSM All ASP Operating Systems Juniper Routers (JunOS) Network Switches & Routers JunOS Messages ASP - Syslog UDP Juniper Secure Access Virtual Private Networks Log/Monitoring Events ASP- Syslog UDP SSL VPN SRX Firewall/VPN JunOs Messages ASP –Syslog UDP All anti-virus events through Kaspersky Admin Console Antivirus Windows Agent the console KEMP LoadMaster Network Switches & Routers All ASP – Syslog Technologies IDS / IPS / Network Switches & Lancope Lancope Stealth Watch Stealth Watch messages only Java Parser - Syslog UDP Routers IDS / IPS / Network Switches & Lancope Stealth Watch All ASP - Syslog Routers AuditD, BIND, Netfilter, LINUX LINUX Host / Server / Operating Systems ProFTPD, Samba, Open ASP – Syslog SSH, Pure FTPD, cron, exinit Vulnerability Assessment Lumension PatchLink Scan Vulnerability Systems N/A data support OS-X Server & Applications / Security Management / Macintosh Server and Workstation ASP - Syslog Workstation Host / Server / Operating Systems Applications / Security Management / MailGate, Ltd. MailGate Server All ASP – Syslog Host / Server / Operating Systems Mainframe DB2 Host / Server / Operating Systems All Bsafe Agent Mainframe IMS Host / Server / Operating Systems All Bsafe Agent Mainframe SMF DB2 Host / Server / Operating Systems All Bsafe Agent Mainframe SMF RACF Host / Server / Operating Systems All Bsafe Agent Mainframe SMF FTP & Telnet Host / Server / Operating Systems All Bsafe Agent Mainframe SMF VSAM Host / Server / Operating Systems All Bsafe Agent Parser Vendor Device Name Device Type Supported Logs Method of Collection Top Secret, Type 80 Mainframe Host / Server / Operating Systems ICH/IEF/SMF/TSS messages Java Parser – Syslog UDP SMA_RT McAfee McAfee Antivirus AntiVirus N/A WMI Parser – WMI McAfee ePolicy Applications / Security Management / Host / Java Parser - SQL Server database AV/HIPS/Host FW messages Orchestrator (EPO) Server / Operating Systems (TCP port 1433) McAfee AntiSpyware (ASE), Data Loss Prevention (DLP), ePolicy Orchestrator Agent [Common McAfee Framework Agent] (CMA), GroupShield for Domino (GSD), GroupShield for Exchange (GSE), McAfee Host Intrusion Prevention (HIPS), McAfee Network Access Control (MNAC), McAfee Policy Auditor (PAE), McAfee SiteAdvisor (SAE), McAfee VirusScan (VSE), SolidCore (SCOR) Firewall Enterprise Firewall / IDS / IPS All ASP – Syslog Firewall Enterprise Firewall / IDS / IPS FW Logs Only Java Parser - Syslog UDP Email and Web Security Web Content / Filtering / Proxies All CEF Email and Web Security Web Content / Filtering / Proxies All ASP - Syslog HIPS data through ePO for Java Parser - Entercept API till 5.x McAfee HIPS IDS / IPS HIPS 6.0 and above ePO SQL Server database for 6.0 Network Security IDS / IPS IPS Alerts Java Parser - Syslog UDP (formerly IntruShield) Network Security IDS / IPS IPS Alerts ASP - Syslog (formerly IntruShield) Vulnerability Assessment Vulnerability Manager Vulnerability Systems N/A data support Web Gateway Web Content / Filtering / Proxies All ASP – Syslog McAfee WebShield SMTP Web Content / Filtering / Proxies Webshield Syslog Messages ASP - Syslog UDP Microsoft Exchange Applications / Host / Server / Operating Systems Message Tracking Logs ASP - Windows Agent Forefront Threat IDS/IPS All Code Based Management Gateway Applications / Host / Server / System, Security, Application, DNS, Microsoft Windows WMI Parser – WMI Operating Systems DHCP and File Replication. Microsoft Windows Server Debug DNS Logs (file) ASP – Windows Agent Microsoft Windows Server Debug DHCP Logs (file) ASP – Windows Agent Microsoft SQL Server Database N/A WMI Parser – WMI DBM Agent - MSSQL 2000 (SP4), Microsoft SQL Server Database N/A 2005, 2008 Firewall / Host / Server / Operating Systems / Microsoft ISA Server Web Content / Filtering / Proxies / Virtual Private N/A WMI Parser – WMI Networks Microsoft Operations Java Parser - SQL Server database Host / Server / Operating Systems MOM Messages Manager (TCP port 1433) Parser Vendor Device Name Device Type Supported Logs Method of Collection Host / Server / Operating Systems / IIS web traffic logs in W3C Java Parsing Agent - Local Files; Microsoft Microsoft IIS Web Content / Filtering / Proxies format syslog using Snare Host / Server / Operating Systems / IIS web traffic logs in W3C Microsoft IIS Windows Agent Web Content / Filtering / Proxies format Microsoft Exchange Other N/A WMI Parser – WMI Server Microsoft Active Directory Other N/A WMI Parser – WMI Microsoft SCOM Security Management 2007 Nitro Plugin Parser Mirage Threat and Response Mirage Counterpoint NAC / Network Switches & Routers Java Parser - Syslog UDP Networks Messages Vulnerability Assessment nCircle IP360 Scanner Vulnerability Systems N/A data support Vulnerability Assessment Nessus Nessus Vulnerability Systems N/A Data Support NetApp DataFort Storage Switch All ASP – Syslog OnTap Logs – audit, Data OnTap Storage message, sis and snapmirror ASP – Windows Agent logs FAS Storage .evt files Windows Agent Netfort Applications / Security Management / Netfort LANGuardian All ASP – Syslog Technologies Host / Server / Operating Systems Network Switches & Routers / Java Parser - SQL Server database netIQ netIQ Security Manager netIQ Alerts Security Management (TCP port 1433) NetWitness NextGen Application Protocol N/A CEF Parser Spectrum Malware All URL Integration NitroSecurity NitroView DBM Database N/A ASP - Syslog Firewall / IDS / IPS / Network NitroSecurity IPS N/A ASP - Syslog Switches & Routers Nitro Plug-in Protocol Other N/A Nitro Plugin Protocol NitroSecurity SNMP Other N/A SNMP Nokia Nokia IPSO Firewall IPSO OS logs Java Parser - Syslog UDP Nortel Passport 8000 Network Switches & Routers All ASP – Syslog VPN Gateway 3050 Virtual Private Networks All ASP Oracle MySQL Database N/A Yes, 4.1.22.x, 5.0.3x Oracle Common Audit Database System Java Parser Agent - Local Files Oracle Fine-Grained Java Parser - DB Audit Tables Database Fine Grained Audits Audit through JDBC Parser Vendor Device Name Device Type Supported Logs Method of Collection DBM Agent - Oracle 8.0.3+, 9.x, 10.x, Oracle Oracle Database N/A 11.x Identity & Access IAM / IDM All Nitro Plugin Protocol Manager ISAKMP, RADIUS, Host / Server / Operating System / Osiris Host Integrity Monitoring SECURITY, Accounting, RIP, ASP – Syslog IDS / IPS VR messages only Palo Alto PA-2000, 4000, 500 Firewall ALL ASP - Syslog Patrick AS-400 Host All CEF Parser Townsend Peoplesoft Peoplesoft Applications N/A Nitro Plugin Protocol PostFix PostFix Applications All ASP-Syslog PostgreSQL PostgreSQL Database All ASP Powertech AS-400 Host All CEF Parser Messaging Security ProofPoint Applications All ASP Gateway Vulnerability Assessment Qualys QualysGuard Vulnerability Systems N/A Data Support ChangeAuditor for Active Quest Applications All ASP – WMI Directory Radware DefensePro IDS / IPS DefensePro Alerts Java Parser - Syslog UDP FireProof and LinkProof Network Switches & Routers All ASP – Syslog Rapid 7 MetaSploit Pro Penetration Testing All Custom Vulnerability Assessment Nexpose VA Scanner Vulnerability Systems N/A Data Support ssh/telnet/ftp/rsh/inetd/sendm Red Hat Red Hat Linux OS Events Host / Server / Operating Systems ail/syslogd/su/pam Java Parser - Syslog UDP unix/rhosts/xinetd Riverbed Steelhead Security Appliances / UTMs All ASP – Syslog RSA Authentication RSA Authentication N/A WMI Parser – WMI Manager (windows) RSA Authentication Authentication ACE Server Logs Only Java Parser - Unix Syslog Manager (UNIX) RSA Authenticaiton Manager (Windows & Authentication All ASP – Syslog UNIX)

Parser Vendor Device Name Device Type Supported Logs Method of Collection SafeNet Safenet HSM Application Security N/A ASP – Syslog Saint Vulnerability Vulnerability Assessment Saint Vulnerability Systems N/A Scanner data support Savant Savant Protection Anti-Malware All CEF SecureAuth SecureAuth IEP Authentication All ASP – Syslog Applications / Security Management / Secure Crossing Secure Crossing ZenWall All ASP – Syslog Host / Server / Operating Systems sFlow sFlow (Generic) Network Flow Collection N/A Nitro sFlow Collector Silver Spring Access and Endponts Smart Grid All ASP – Syslog Networks SonicWALL Aventail Virtual Private Networks VPN messages ASP SonicWALL FW Firewall FW/IPS/VPN ASP - Syslog Sophos Email Security & Sophos Web Content / Filtering / Proxies All ASP Data Protection Sophos Enterprise All AV and endpoint events Antivirus/HIDS Nitro Plugin Protocol Console from the console Web Security & Control Web Content / Filtering / Proxies All ASP - Syslog Sourcefire Snort NIDS IDS / IPS IDS messages only Java Parser - Syslog UDP Sourcefire Intrusion IDS messages Java Parser - Estreamer API using IDS / IPS Sensor only(eStreamer) TCP port 8302 IDS messages Sourcefire NS/RNA IDS/IPS ASP - Syslog UDP only(eStreamer) Squid Squid Web Proxy Web Content / Filtering / Proxies Web Proxy Logs Java Parser – N/A Squid Web Proxy Web Content / Filtering / Proxies Web Proxy Logs ASP – Syslog Firewall / Security Management / IDS StillSecure Strata Guard Firewall Events ASP – Sylosg / IPS / Virtual Private Networks Stonesoft Stonegate Firewall / Security Management / IDS Stonesoft IPS/FW/VPN Java Parser – Syslog UDP Management Center / IPS / Virtual Private Networks Stonesoft Stonegate Firewall / Virtual Private Networks FW/VPN activities Java Parser – Syslog UDP Firewall /VPN Stonesoft Stonegate IPS IDS / IPS IPS Alerts Java Parser – Syslog UDP Sun Solaris BSM Host / Server / Operating Systems BSM Audit Logs Java Parser - Syslog UDP ssh/telnet/ftp/rsh/inetd/sendm Solaris OS Events Host / Server / Operating Systems Java Parser - Syslog UDP ail/syslogd/su/xinetd iPlanet Web Content / Filtering / Proxies N/A Java Parser - Syslog UDP Sybase Sybase Database N/A DBM Agent - 11.x, 12.x, 15.x Parser Vendor Device Name Device Type Supported Logs Method of Collection Symantec Symantec Anti Virus AntiVirus N/A WMI Parser – WMI Symantec AV CE Server Antivirus All NPP Symantec Endpoint Host FW/IPS/AV/Control/NAC AntiVirus Java Parser – Syslog UDP Protection messages Symantec Endpoint Host FW/IPS/AV/Control/NAC AntiVirus ASP – Syslog Protection messages Symantec Intruder Alert Host / Server / Operating Systems ITA Alerts Java Parser – Syslog UDP Symantec Critical System Java Parser – SQL Server database (TCP IDS / IPS Events and Audit messages Protection port 1433) Symantec ManHunt IDS / IPS IDS messages only Java Parser – Syslog UDP Symantec HIDS IDS / IPS / Other HIDS messages Java Parser – DB2 database PGP Universal Server Host / Server / Operating Systems All All Symantec Web Gateway Web Content / Filtering / Proxies All messages ASP – Syslog System i System i Host / Server / Operating Systems All BSafe Agent TippingPoint Tippingpoint Unitity One IDS / IPS N/A ASP – Syslog Tippingpoint SMS Format Security Management IDS messages Java Parser – Syslog UDP Tippingpoint SMS Format Security Management IDS messages ASP - Syslog Tofino Firewall LSM Firewall / Virtual Private Networks All ASP – Syslog Top Layer TopLayer Attack Mitigator IDS / IPS N/A ASP – Syslog Trend Micro Control Manager (IMSS & IWSS) AntiVirus / Vulnerability Systems IMSS and IWSS Java Parser – SQL Server database (TCP port 1433) Deep Security IDS HIDS HIDS and Windows messages ASP - Syslog OSSEC FIM/HIDS All ASP – Syslog Tripwire Enterprise Database / Security Management Tripwire Integrity Check messages Java Parser – Syslog UDP Tripwire NIDS IDS / IPS / Other N/A SNMP Trustvave NAC NAC All NAC events ASP – Syslog Vericept DLP All CEF Webdefend Web Content / Filtering / Proxies All ASP – Syslog Type 80 Type 80 SMA_RT Host / Server / Operating Systems ICH/IEF/SMF/TSS messages Java Parser – Syslog UDP VMWare/EMC VMWare ESX/ESX i Applications Virtual System logs ASP - Syslog Vormetric Data Security Applications All ASP – Syslog WatchGuard WatchGuard Firebox Firewall All ASP – Syslog Web Security and Filtering Java Parser – SQL Server database Websense Websense Enterprise Web Content / Filtering / Proxies Messages (TCP port 1433) Xirrus 802.11abgn WiFi Arrays Switches & Routers All ASP – Syslog Zonelabs Zonelabs Integrity Firewall N/A Java Parser – SQL Data Source