Third-Party Log Collection supported vendors and products

Views:

View a partial list of the supported vendors and products for third-party log ingestion.

Logs from any product that can send logs in Syslog format (including CEF and LEEF formats) can be ingested into TrendAI Vision One™ via collectors connected to log repositories in Third-Party Log Collection. To ingest log data from products that do not support Syslog format or do not have dedicated connectors or integrations in TrendAI Vision One™, you must first convert the logs to Syslog format before forwarding the data to TrendAI Vision One™.

Note

TrendAI Vision One™ also provides dedicated connectors to ingest log data from the following cloud products:

Microsoft Defender for Endpoint
AWS CloudTrail
AWS VPC Flow Logs
AWS WAF
Amazon Route53 Resolver Query Logs
AWS EKS Audit Logs
AWS Security Hub
Azure Activity logs
Microsoft Entra ID

For more products with dedicated connectors in TrendAI Vision One™, including products that receive outbound data from TrendAI Vision One™, see Third-Party Integrations.

The following table is a list of the supported vendors and products in Third-Party Log Collection. TrendAI™ does not guarantee the accuracy of third-party vendor or product names.

Vendor

Product

1Password

Extended Access Management

A10 Networks

Load Balancer

Abnormal AI

Abnormal Security

Absolute Software

Absolute

Acalvio

ShadowPlex

Active Countermeasures

AC-Hunter

Adtran

ADVA Fiber Service Platform

Agiloft

Agiloft

AIDE

Advanced Intrusion Detection Environment

Airbyte

Airbyte

Airlock Digital

Airlock Digital

Akamai

Cloud Monitor
DataStream 2
Edge DNS
Enterprise Application Access
Guardicore Segmentation
SIEM Integration
Web Application Firewall

Akeyless

Akeyless

Alcatel-Lucent Enterprise

OmniSwitch

AlgoSec

Security Management Suite

AlphaSOC

AlphaSOC

AMD

Pensando DSS Firewall

Anomali

ThreatStream

Ansible

Ansible AWX

Apache Software Foundation

Apache Cassandra
Apache Hadoop

Apache HTTP Server

Note

TrendAI™ recommends adding a custom server_name field to the default access and error logs with the following updated log format directives:

LogFormat "%v %h %l %u %t \"%r\" %>s %O" common
LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
ErrorLogFormat "%v [%t] [%m:%l] [pid %P:tid %T] [client\ %a] %M"

For more information, see the Apache online help.

Apache Tomcat

APC

Appian

Cloud Security

Apple

macOS

AppOmni

AppOmni

Aqua Security Software

Aqua CNAPP

Archer

Archer

Arista

NDR
Switch

Armis

Centrix (Activities)
Centrix (Alerts)
Centrix (Devices)
Centrix (Vulnerabilities)

Array Networks

AccessDirect

Asimily

Asimily

Asset Panda

Asset Panda

Atlassian

Bitbucket
Cloud
Confluence
Jira

Authentik

Authentik

Automation Anywwhere

Automation Anywhere

Avatier

Identity Anywhere

Avaya LLC

Avaya Experience Portal

AWS

CloudTrail
VPC Flow Logs
WAF

Azion

Edge Firewall

Barracuda

CloudGen Firewall
Email Protection
Firewall
Web Application Firewall
Web Security Gateway

BeyondTrust

BeyondInsight
Bomgar
Endpoint Privilege Management
Privileged Identity
Privileged Remote Access

Big Switch Networks

Big Cloud Fabric

Bindplane

Bindplane Collector

Bitdefender

GravityZone

Bitwarden

Bitwarden

BlackBerry

CylancePROTECT

Bluecat

Edge
Integrity

BMC

AMI Defender
Helix Client Management
Helix Discovery

Box

Broadcom

ACF2
Brocade ServerIron ADX
Brocade Switch
CA Access Control
Carbon Black App Control
Carbon Black EDR
LDAP Server
SSL Visibility Appliance
Support Portal
Symantec PAM

Cambium Networks

cnMaestro

Candescent

Digital Banking

Cato Networks

Cato SASE

CD Foundation

Jenkins

Censys

Cansys

Centripetal Networks

CleanINTERNET

Cequence Security

Bot Management

Check Point

Audit logs
Harmony
Quantum
SandBlast
Threat Prevention

CheckPointHarmony Email & Collaboration

Email Security

Ciena

Service-Aware Operating System

Cimcor

CimTrak

Circle Internet Services

CircleCI

CIS

Albert

Cisco

ACE Application Control Engine Module
Adaptive Wireless IPS
AnyConnect Secure Mobility Client
APIC
Application Centric Infrastructure
ASA
Catalyst Center
Catalyst SD_WAN
ClamAV
Cloudlock
DHCP Server
eStreamer
Firepower NGFW
FireSIGHT Management Center
Firewall Services Module
IOS
IronPort
ISE
Meraki
NX-OS
PIX Firewall
Prime
Routers
Secure Access Control Server
Secure Email
Secure Endpoint
Secure Network Analytics
Secure Workload
Switch
TACACS+
TelePresence VCS Expressway
TrustSec
UCM Cloud
Umbrella
Umbrella Cloud-Delivered Firewall
Umbrella DNS Security
Umbrella SIG
Unified Communications Manager
Unified Computing System (UCS)
Unity Connection
Vision Dynamic Signage Director
WCS
Web Security Appliance

Cisco Duo

Activity Log
Administrator Actions
Directory
Passport
Telephony Logs

Citrix

Analytics
Monitor
NetScaler
Receiver
StoreFront

Claroty

CTD
Enterprise Management Console
xDome

Cloudflare

Area 1 Email Security
Audit logs
Cloudflare for SaaS
Network Analytics
Page Shield
WAF
WARP

Cloudian

HyperStore

CloudM

CloudM Automate

Cofense

Cofense PDR

Cohesity

NetBackup

Colinet Trotta

GAUS mp

Comforte

SecurDPS

CommVault

CommCell

Comodo

Advanced Endpoint Protection

Corelight

Open NDR

Cribl

Stream

CrowdStrike

Falco Next-Gen SIEM
Falcon EDR
Falcon Event Streams
Falcon Identity Protection
Falcon Threat Intelligence
FileVantage

CrushFTP

CrushFTP

Cyber 2.0

Cyber 2.0 Detection System

CyberArk

Endpoint Privilege Manager (EPM)
Privileged Access Management (PAM)
Privileged Account Management
Privileged Threat Analytics (PTA)
Secure Cloud Access

Cybereason

Cynet

Cynet CLM

Cyolo

Cyolo PRO

Darktrace

/ NETWORK

Databricks

Okera Dynamic Access Platform

Datadog

Network Monitoring

Dataminr

First Alert

Datto

File Protection

Deep Instinct

DSX for Endpoints

DEFUNCT/DISBANDED

DEFFUNCT/DISBANDED

Delinea

Centrify Identity Services
Distributed Engline
Privilege Manager
Secret Server

Dell

CyberSense
ECS
EMC PowerScale
OpenManage
PowerProtect Data Domain
PowerStore
PowerSwitch

Department of Health and Human Services

Enterprise Security Services

Digi International

Xbee

DigiCert

Digital Arts

i-Filter

DMP

Phiysical security solutions

DNSFilter

Data Export

DomainTools

Iris

Dope.security

dope.swg

Druva

Data Protection

Edgio

wafls

EfficientIP

Smart DDI

Elastic

Auditbeat
Defend
Elasticsearch
Packetbeat
Winlogbeat

Emerson Electric Co.

File Scanning Framework (FSF)

Entrust

nShield HSM

Epic Systems

Epic EHR

Ergon Informatik

Airlock IAM

ESET

Enterprise Inspector
NOD32
Threat Intelligence

ExtraHop Networks

RevealX
RevealX NDR

Extreme Networks

Extreme Fabric
Wired Access

Application Security Manager
BIG-IP Access Policy Manager
BIG-IP Advanced Firewall Management
BIG-IP APM
BIG-IP DNS
BIG-IP LTM
Distributed Cloud Services
Shape Enterprise Defense
Silverline

Fastly

Cloud CDN

FAstly

Next-Gen WAF

Fidelis

Halo

Fidelis Security

Fielis Network

FileZilla

FileZilla

Fingerprint

FingerprintJS

Fivetran

Fivetran

Fluentd Project

Flueltd

Forcepoint

CASB
DLP
Email Security
Email Security On-Premises
Next-Generation Firewall
Web Security

Forescout

eyeInspect
Network Access Control

ForgeRock

Identity Cloud
OpenAM
OpenDJ

Forgerock

OpenIdM

Fortinet

FortiAnalyzer
FortiAuthenticator
FortiClient
FortiDDoS
FortiEDR
FortiGate
FortiGate DCHP
FortiMail Email Security
FortiManager
FortiNAC
FortiProxy
FortiSandbox
FortiSASE
FortiSwitch
FortiWeb

Fortra

Clearswift
Digital Guardian
Digital GUardian
Powertech SIEM Agent

GitGuardian

GitGuardian SaaS

GitHub

Dependabot
GitHub Enterprise

GitLab

GitLab

GMV

Checker ATM Security

Google

Chrome Enterprise Core
ChromeOS XDR connector
SecOps audit logs
SecOps custom IoCs

Gresham

Prime EDM

H3C

Comware

Hackerone

Hackerone

Halcyon

Anti-Ransomware

HAProxy Technologies

HAProxy

Harness

DevOps Modernization

HashiCorp

Terraform
Vault

HC Networks

Account@Adapter+

HCL Software

HCL BigFix

HID

DigitalPersona LDS

Hillstone Networks

NGFW

Hitachi Solutions

Cloud Platform

HPE

Aruba Networking Central
Aruba Networking ClearPass
BladeSystem c7000
Integrated Lights-Out (iLO)
Nimble Storage NimbleOS
ProCurve switch
Red Hat Enterprise Linux

HPE Aruba Networks

AirWave
EdgeConnect SD-WAN
Gateway IDS/IPS
Networking Switch
Wireless

HPE Juniper

Junos OS
Junos OS IPS
Mist
MX Series routers
NGFW
SD-WAN

Huawei

Ethernet switch
SecoManager

HYPR

Authenticate

IBM

AIX
CICS
Cloud Activity Tracker
DataPower Gateway
Db2
Guardium
IBM i
Informix
MaaS360
Mainframe storage
OpenPages
Power Systems
QRadar SIEM
Qradar SOAR
Security Identity Manager
Security Verify
Security Verify Access
Storage DS8000
Tape
Tivoli Monitoring
WebSEAL
Websphere Application Server
z/OS
zSecure Alert

iboss

Zero Trust Secure Access Service Edge

Illumio

Core

Infoblox

BloxOne
Response policy zones
Universal DDI

InfoExpress

CyberGatekeeper

Infor

Pathway

Intel

Endpoint Management Assistant

Intel 471

Fraud Intelligence
Malware Intelligence

Internet Systems Consortium

BIND

InterSystems

Cache

ION

FX Spectrum

IONIX

External Exposure Management

ISC

Island

Enterprise Browser

Jamf

Now
Pro
Pro context logs
Protect alerts
Protect telemetry
Security Cloud Portal
Threat Protection

Jfrog

Artifactory

JumpCloud

Directory Insights

Kaspersky

AV
Endpoint

Kea

DHCP

Keeper Security

Enterprise Security

Kemp

Load Balancer

KerioControl

Firewall

Keycloak

Identity and Access Management

Kiewrowks

Private Data Network

Kisi

Access Management

Kiteworks

Network

KnowBe4

PhishER

Kolide

Endpoint Security

Kong

API Gateway

Kubernetes

Audit
Auth Proxy
Node

Kyriba

Treasury Management

Lacework

Cloud Security

LastPass

Password Management

Layer7 SiteMinder

LenelS2

Onguard Badge Management

LexisNexis Risk Solutions

Fircosoft

LimaCharlie

Linkshadow

Linux Auditing System (AuditD)

Linux DHCP

DHCP

Linux Sysmon

Linux System

LogicMonitor

PRTG

LogonBox

Authentication

Looker

Audit

Lookout

Mobile Endpoint Security

Lucid

Authentication log types.

macOS Endpoint Security

AV and endpoint logs

Malwarebytes

ManageEngine

AD360
ADAudit Plus
ADManager Plus
DataSecurity Plus
Log360
OpManager
Reporter Plus

Mandiant

Custom IOC

Maria

Database

Mattermost

Alerts

McAfee

DLP
Enterprise Security Manager
ePolicy Orchestrator
IPS
MVISION CASB
Skyhigh CASB
Unified Cloud Edge
Web Gateway
Web Protection

Medigate IoT

Medigate IoT

Men&Mice

Menlo Security

Web Proxy

Metabase

Data Security

Micro Focus

iManager

Microsoft

Internet Information Services for Windows® Server

Note

The default supported W3C fields for an IIS server are the following:

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

For more information, see the Microsoft online help.

Sysmon for Linux

MicroStrategy

Application server logs

Mikrotik

Router

Mimecast

Aware Governance & Compliance Suite
Aware Signal
Incydr
Security Email Gateway
URL Logs

MISP Threat Intelligence

Mobileiron

ENDPOINT MANAGEMENT

Mongo

Database

Motorola Solutions

Avigilon

MySQL

Database

Nagios

Infrastructure Monitoring

Nasuni

File Services Platform

Neo4j

Database management system

Neosec

Security

Net Suite

NetApp

BlueXP
ONTAP
SAN

Netapp

Storagegrid

NetDocuments Solutions

Threat Management Firewall

Netfilter IPtables

Firewall

NetIQ

Access Manager
eDirectory

Netscout

Arbor Sightline
NETWORK
OCI

Netskope

CASB
Cloud Security
V2
Web Proxy

Network Box

Firewall

Netwrix

Endpoint Protector
StealthAudit
Web Server

NGINX

NGINX

Niels Provos

Honeyd

Nokia

Router
VitalQIP

Noname API Security

Security

Nozomi Networks

Scada Guardian

Ntopng

Nucleus

Asset Metadata
Unified Vulnerability Management

Nutanix Prism

Firewall

NVIDIA

DOCA Argus

NXLog Manager

Log Aggregator

Nyansa Events

Okta

Access Gateway
Auth0
Identity and Access Management
User Context

Onapsis

One Identity

Identity Manager
TPAM

OneLogin

Onfido

Authentication

Oort Security Tool

Identity and Access Management

Open Cybersecurity Schema Framework (OCSF)

Schema

Open LDAP

LDAP

Open Policy Agent

Open Policy Agent

OpenAI

AuditLog

OpenCanary

Data Security

Opengear

Remote Management

Openpath

AV / Endpoint

OpenSSH

Logging and Troubleshooting

OpenTelemetry Netflow Receiver

OpenTelemetry Netflow Receiver

OpenText

Enterprise Security Manager

OpenVPN

Network

Opnsense

Firewall and Routing Platform

Ops Genie

Web Proxy log types

Opswat Metadefender

Threat Protection

Oracle

DATABASE
Unified Directory
WebLogic Server

Orca

Cloud Security Platform

Ordr

AI Protect platform

OSQuery

OSSEC

IDS/IPS

Palantir

Foundry SaaS

Palo Alto Networks

CloudGenics Software-Defined WAN
Cortex XDR Alerts
Cortex XDR Events
Firewall
IoT Security
Panorama
Prisma Access
Prisma Cloud
Prisma Cloud Alert payload
Traps

PAN Autofocus

Passive DNS

Passwordstate

below is a catch all for tokens, phones, groups, and endpoints

Peplink

Firewall

PerimeterX

Bot Protection

pfSense

Firewall

Pharos

Pharos

Phishlabs

Digital Risk Protection

Ping Identity

PingDirectory Server Logs
PingFederate
PingOne

Pivotal

PaaS Application

Planetcast

Contido

Portnox

Privileged Account Activity

PostFix Mail

Email Server

PostgreSQL

Database

Precisely

Ironstream IBM z/OS

Preempt

Alert
Auth

Privacy-I

Privacy-I

ProFTPD

Web Server

Progress Software

MOVEit Transfer
WS_FTP

Proofpoint

CASB
Email Filter
ET PRO
Observeit
On Demand
Sendmail Sentrion
Tap Alerts
Tap Forensics
Tap Threats
Threat Response
Web Browser Isolation

ProofPoint

Secure Email Relay

Pulse Secure

Virtual Traffic Manager
VPN

Pure Storage

Data Storage

QNAP Systems

Qualys

Asset Context
Continuous Monitoring
Scan
Virtual Scanner
VM

Quest

Active Directory
Change Auditor for EMC
File Access Audit

Qumulo FS

File System

Radware

Alteon
Web Application Firewall

Rapid7

Insight
Vulnerability Scanner

Recorded Future

Recordia

Telephone software

Red Canary

Red Hat

Directory Server LDAP
OpenShift

Reliaquest

GreyMatter Threat Intelligence

Reliquest

Digital Shadows SearchLight

Remediant

SecureONE

ReviveSec

Application server logs

RH-ISAC

Ribbon Analytics Platform

Telephone Software

Rippling Activity Logs

ACTIVITY_LOGS

Riverbed Steelhead

Network Management and Optimization

RSA

Identity and Access Management
NetWitness
SecurID Access Identity Router

Rubrik

Backup software
Polaris

Ruckus Networks

Wireless

SailPoint

IAM
IdentityIQ

Saiwall VPN

Salesforce

Commerce Cloud
SaaS Application

Samba SMBD

Privileged Account Activity

Sangfor

Next Generation Firewall
Proxy

SAP

Business Technology Platform
Netweaver
SAST Suite
SM20
SuccessFactors
Sybase Adaptive Server Enterprise Database
Webdispatcher

Saviynt Enterprise Identity Cloud

Endpoints

SecureAuth

SecureLink

Remote Access Tools

Semperis DSP

LDAP

Sendmail

Email Server

SentinelOne

Alerts
Deep Visibility
EDR
Singularity
Singularity Cloud Funnel

Sentry

Data Security

SEPPmail Secure Email

email encryption and signature solutions

Seqrite Endpoint Security (EPS)

AV and endpoint logs

ServiceNow

Audit
CMDB
Security

Shibboleth

Shrubbery TACACS+

NETWORK MANAGEMENT

Sierra Wireless

IOT Devices

Signal Sciences

Silverfort

Authentication Platform

SiteMinder

Web Access Management

Skybox Security

Firewall Assurance

Skyhigh Security

Slack

Audit

Smartsheet

CASB

Snare Solutions

System Diagnostic Logs

Snipe-IT

SaaS Applications

Snoopy Logger

Log Aggregator

Snort

IDS/IPS

Snowflake

Database

Snyk

Group level audit/issues logs

Solaris system

Solarwinds

Kiwi Syslog Server

SonicWall

Firewall
Secure Mobile Access

Sonrai

Enterprise Cloud Security Solution

Sophos

AV
Capsule8
Central
DHCP
Firewall (Next Gen)
Intercept EDR
UTM

SOTI

MobiControl

Sourcefire

IDS/IPS

Splunk

Attack Analyzer
Platform

Spur

Data Feeds

SpyCloud

AV / Endpoint

Squid

Web Proxy

StackHawk

Vulnerability scanners

StackSpot

StackSpot

Stealthbits

Audit
Defend
PAM

STIX Threat Intelligence

STIX Threat Intelligence

Stormshield

Firewall

strongSwan

Sublime Security

Vulnerability scanners

Suricata

Swift

Alliance Messaging Hub

Swimlane

SOAR

Symantec

Blue Coat ProxySG
CloudSOC CASB
DLP
EDR
Endpoint Protection
Event export
Messaging Gateway
Security Analytics
VIP Authentication Hub
VIP Gateway
Web Isolation
Web Security Service

Synology

DATA STORAGE

Sysdig

Security

Systemd

Journald

Tableau

Web server

TACACS Plus

Authentication log types

Tailscale

CASB

Talon

Security

Tanium

Asset
Audit
Comply
Discover
Insight
Integrity Monitor
Patch
Question
Reveal
Stream
Threat Response

TCPWave

Team Cymru

Scout Threat Intelligence

TeamViewer

Remote Support

Teleport

Access Plane

Tenable

Active Directory Security
Audit
CSPM
OT
Security Center
Vulnerability Scanner

Teradata

DataBase

Tetragon

eBPF Audit Logs

Thales

Audit Trail
CipherTrust Manager
Digital Identity and Security
Imperva Advanced Bot Protection
Imperva Attack Analytics
Imperva CEF logs
Imperva Data Risk Analytics
Imperva Data Security Fabric
Imperva FlexProtect
Imperva SecureSphere
Imperva Web Application Firewall
Luna Hardware Security Module
MFA
SafeNet
SafeNet KeySecure
Vormetric

The Linux Foundation

Falco

Thinkst Canary

Deception Software

ThreatConnect

ThreatLocker

Platform

ThreatX WAF

Thycotic

Identity and Access Management

Tines

Data Security

TINTRI

Data Security

Trellix

Email Security
Email Security Alerts
Endpoint Security
Endpoint Security Audits
HX Event Streamer
Malware Analysis
Network Security
Network Security Audits
Packet Capture (PX)

Tripwire

Trustwave

SEC MailMarshal
webmarshal

Twingate

TXOne Networks

TXOne EdgeOne
TXOne ElementOne
TXOne SageOne
TXOne Stellar

UberAgent

UberAgent

Ubika

WAAP
WAF

Ubiquiti

UniFi Switch

UKG

Unbound DNS

Unifi AP

Switches and Routers

Unix system

UpGuard

Vulnerability scanners

Upstream Security

Vehicle SOC Alerts

Uptycs

UPX

AntiDDoS

UrlScan.io

Vulnerability scanners

VanDyke

SFTP

Varonis

Data Security / Insider Threat

Vectra

Alerts
Detect
Stream

Veeam

Backup software
Veeam Backup & Recovery (VBR)

Velo Technologies

Firewall

Venafi

ZTPKI

Verba

Recording System

Vercel

Veridium

VeridiumID

Veritas Technologies

NetBackup

Versa Networks

Firewall

Virtru

Email Encryption

VMware

AirWatch
Avinetworks iWAF
ESXi
Horizon
NSX
Tanzu Kubernetes Grid
vCenter
vRealize Suite (VMware Aria)
VSphere
Workspace ONE

Voltage

SecureMail

Vsftpd

FTP Server

VyOS

Open Source Router

WALLIX Bastion

Privileged Account Activity

WatchGuard

EDR
Firewall

Wazuh

Log Aggregator

WeKan

WeKan

Windchill

Lifecycle Management Software

Winscp

Data Transfer

wiz.io

Identity and Access Management

WordPress

Configuration Management

Workday

Audit Logs
SaaS Application
User Activity

WP Engine

Firewall

Xiting

XAMS

YAMAHA

ROUTER RTX1200

Yubico

Zeek

JSON
TSV

Zendesk

Zero Networks

Security

ZeroFox Platform

Database

Zimperium

Mobile Scurity

Zix

Email Encryption

Zoom

Operation Logs

Zscaler

CASB
Deception
DLP
DNS
Internet Access Audit Logs
NGFW
NSS Feeds for Alerts
Private Access
Secure Private Access Audit Logs
Tunnel
VPN
Web Proxy

Zyxel

ZyWALL

Comments (0)