McAfee SIEM Supported Devices

Transcription

1 Last Updated 7/30/15 Vendor Name Device Type A10 Networks Load Balancer Load Balancer All Syslog AX Series Accellion Secure File Transfer Application All Syslog Access Layers Portnox NAC 2.x Syslog Adtran Bluesocket Wireless Access Point All Syslog and greater NetVanta Network Switches & All Syslog AirTight Networks SpectraGuard Application All Syslog NGN Switch Switch All Syslog 9.2 and greater Alcatel-Lucent VitalQIP All Syslog American Power Conversion Uninterruptible Power Supply Power Supplies All Syslog Apache Software Foundation Apple Inc. Apache HTTP Server Apache Web Server Mac OS X 1.x, 2.x Code Based Syslog 9.1 to x, 2.x Syslog All Syslog Peakflow SP Network Switches & 2.x and greater Syslog 9.2 and greater Arbor Networks Peakflow X Network Switches & 2.x Code Based Syslog 9.1 to Peakflow X Network Switches & All Syslog Pravail IDS / IPS All Syslog ArcSight Common Event Event All Syslog 9.2 and greater Aruba Aruba OS Wireless Access Point N/A Code Based Syslog ClearPass Wireless Access Point 5.x Syslog Avecto Privilege Guard (epo) IAM / IDM 3.x epo - SQL 9.2 and greater Axway Barracuda Networks BeyondTrust Bit9 Blue Coat SecureTransport All Syslog Spam Firewall Security Appliances / UTMs 3.x, 4.x Syslog Web Application Firewall Security Appliances / UTMs All Syslog Web Filter Security Appliances / UTMs All Syslog BeyondTrust REM Vulnerability Systems All N/A N/A BeyondTrust Retina Vulnerability Systems All N/A N/A Bit9 Security Platform / Parity Suite - CEF Application All Syslog 9.2 and greater Bit9 Security Platform / Parity Suite Application All Syslog Carbon Black IDS / IPS All Syslog 9.2 and greater Director Web Content / All Syslog 9.2 and greater ProxySG Web Content / 4.x-6.x Syslog Access Log Blue Lance, Inc. LT Auditor+ for Novell NetWare Application 9.x Code Based SQL 9.1 to Blue Ridge Networks BorderGuard Firewall 5000, 6000 Syslog BlueCat Networks BlueCat DNS/DHCP Server Application All Syslog Bradford Networks Campus Manager NAC / Network Switches & All Syslog Bro Network Security Monitor Bro Network Security Monitor Network Security All Syslog 9.4 and greater BigIron, FastIron and NetIron Network Switches & 7.5 and greater Syslog Brocade IronView Network Manager NAC / Network Switches & All Syslog VDX Switch Network Switches & All Syslog 9.2 and greater CA Technologies DataMinder - CEF DLP All Syslog CEF SiteMinder Web Access All Syslog Cerner Cerner P2 Sentinel Healthcare Auditing All Code Based Firewall 1, Edge, Enterprise, Express, NG, Check Point Firewall All OPSEC 9.3 and greater Check Point NGX, SmartEvent and VPN Check Point via Splunk Firewall All Syslog 9.2 and greater Using Splunk app Cimcor CimTrak Management Console Configuration Management All Code Based ASA NSEL Firewall / Flow All Netflow Netflow Cisco CATOS v7xxx Network Switches & 6.x, 7.x Syslog Content Services Switches Other All Syslog CSA Console IDS / IPS 5.x, 6.x Code Based SQL Guard DDoS Mitigator IDS / IPS All Syslog Identity Services Engine Other All Syslog IDS (4.x+ RDEP protocol) IDS / IPS 4.x and greater SDEE IOS 12.x and greater Syslog IOS ACL Network Switches & 12.x and greater IOS EAP McAfee SIEM Devices 12.x and greater IOS Firewall Firewall / Network Switches & 12.x and greater IOS IDS 12.x and greater IOS IPS (SDEE protocol) Application Protocol All SDEE HTTP IronPort Security Security 6.x, 7.x Syslog IronPort Web Security Appliance Web Content / 6.x, 7.x Syslog Meraki Wireless All Syslog and greater MDS Network Switches & All Syslog ACL, IOS FW, IOS IDS and DSP Use Cisco IOS data Use Cisco IOS data Use Cisco IOS data Use Cisco IOS data

2 Cisco Vendor Name Device Type NAC Appliance NAC / Network Switches & All Syslog Formerly Clean Access NAC Appliance (Clean Access) NAC / Network Switches & 4.x Code Based HTTP 9.1 to NX-OS 4.x, 5.x Syslog Open TACACS+ Authentication All Syslog PIX IDS 12.x and greater PIX/ASA/FWSM Firewall / IDS / IPS 5.x and greater Syslog Secure ACS IDS / IPS 3.x, 4.x Syslog Unified Communications Applications All Syslog 9.2 and greater Unified Computing System All Syslog VSM/VPN Concentrator Virtual Private Network 2.x - 4.x Code Based Syslog 9.1 to WAAS All Syslog Use Cisco PIX/ASA/FWSM data WAP200 Wireless Access Point All Syslog Wireless Control System Network Switches & All Syslog Wireless Lan Controller Network Switches & All Syslog NetScaler (AppFlow) Flow All IPFix IPFix 9.2 and greater Citrix NetScaler Web Content / All Syslog Secure Gateway & NetScaler Web also supported Secure Gateway Web Content / All Syslog 9.2 and greater Cluster Labs Pacemaker Application 1.x Syslog Code Green Data Loss Prevention DLP 8.x Syslog Cooper Power Systems Cybectec RTU Network Switches & 5.x, 6.x Syslog Yukon IED Manager Suite Application All Syslog Corero Corero IPS IDS / IPS All Syslog Critical Watch Critical Watch FusionVM Vulnerability Systems All N/A N/A Enterprise Password Vault Application 5.x Syslog CyberArk Privileged Identity Management Suite - CEF Application All Syslog CyberGuard CyberGuard Firewall 5.x Code Based Syslog 9.1 to Includes FS, SG, SL Cyberoam Cyberoam UTM and NGFW UTM / Firewall 10.0 and greater Syslog 9.2 and greater Cyrus Cyrus IMAP & SASL Messaging 2.x Syslog D-Link NetDefend UTM Firewall UTM All Syslog 9.2 and greater Damballa Failsafe Anti-Malware All Syslog and greater SonicWALL Aventail Virtual Private Network 10.x Syslog Dell SonicWALL SonicOS Firewall All Syslog PowerConnect Switches Network Switches & All Syslog DenyAll rweb Firewall / DoS rweb 4.1, , Syslog and greater DG Technology - InfoSec Mainframe Event Acquisition System MainFrame 5.x, 6.x Syslog DG Technology MEAS agent, DB2/IMS/Datacom/IDMS, CICS, FTP, MasterConsole, RACF/Top Secret/ACF2, Telnet, VSAM/BDAM/PDS, TCP/IP, SMP/E, Authorized Load Libraries, RMF Performance Data, Batch Job and Started, Tasks Start/Stop, Top Secret, Type 80 Digital Defense Digital Defense Frontline Vulnerability Systems All N/A N/A and greater Econet Sentinel IPS IDS / IPS All Syslog 9.2 and greater EdgeWave iprism Web Security Web Content / All Syslog Enforcive System z SMF DB2 MainFrame All Syslog Dragon IPS IDS / IPS 1.x-7.x Syslog 9.4 and greater Dragon Sensor IDS / IPS 1.x-7.x Code Based SQL 9.1 to Enterasys Networks Dragon Squire IDS / IPS 1.x-7.x Code Based SQL 9.1 to Enterasys N and S Switches Network Switches & 7.x Syslog Enterasys Network Access Control Network Switches & 7.x Syslog Entrust IdentityGuard Application All Syslog Formerly Bsafe, AS/400, DB2/IMS/Datacom/IDMS, FTP, RACF/Top Secret/ACF2, Telnet, VSAM/BDAM/PDS Epic Clarity - SQL Pull Healthcare Application 2010, 2012, 2014 SQL and greater Auditing specific events Extreme Networks ExtremeWare XOS Network Switches & 7.x, 8.x Syslog BIG-IP Access Policy Manager Network Switches & All Syslog BIG-IP Application Security Manager - CEF F5 Networks Web Content / All Syslog 9.2 and greater Firepass SSL VPN Virtual Private Network All Syslog Local Traffic Manager - LTM Web Content / All Syslog FairWarning Patient Privacy Monitoring Application Security 2.9.x Code Based Fidelis Fidelis XPS Network Security Applicance All Syslog FireEye FireEye Malware Protection System - CEF Antivirus/Malware 5.x and greater Syslog Fluke Networks AirMagnet Enterprise Network Switches & 8.x Syslog Force10 Networks FTOS Network Switches & All Syslog ForeScout CounterACT Network Switches & 5.x and 6.x Syslog CounterACT CEF Network Switches & 7.x and greater Syslog FortiAuthenticator Authentication 3.x Syslog 9.2 and greater FortiGate Antivirus Antivirus All Code Based Syslog 9.1 to FortiGate Firewall Firewall 3.x Code Based Syslog 9.1 to FortiGate IDS IDS / IPS All Code Based Syslog 9.1 to Fortinet FortiGate UTM - Comma Delimited - Firewall All Syslog FortiGate UTM - Space Delimited - Firewall All Syslog FortiMail FortiManager Firewall All Syslog FortiWeb Web Application Firewall Firewall All Syslog FreeRADIUS FreeRADIUS Authentication All Syslog Alpine, BlackDiamond and Summit

3 Fujitsu IPCOM Firewall / IDS / IPS All Syslog 9.4 and greater Advanced Syslog Other All Syslog CIFS/SMB File Source Other N/A Code Based File pull 9.2 and greater ELM only FTP/FTPS File Source Other N/A Code Based File pull 9.2 and greater ELM only HTTP/HTTPS File Source Other N/A Code Based File pull 9.2 and greater ELM only Generic Other N/A Code Based 9.2 and greater NFS File Source Other N/A Code Based File pull 9.2 and greater ELM only SCP File Source Other N/A Code Based File pull 9.2 and greater ELM only SFTP File Source Other N/A Code Based File pull 9.2 and greater ELM only GFI GFI LanGuard VA Scanner All Code Based File pull Gigamon GigaVUE Switches & All Syslog and greater Global Technology Associates GNAT Box Firewall 5.3.x Syslog Good Technology Good Mobile Control Application All Syslog 9.2 and greater Google Search Appliance Application All Syslog 9.2 and greater HBGary Active Defense UTM All Syslog 3Com Switches Switches & All Syslog LaserJet Printers Printers All Syslog OpenVMS 1.x Syslog Hewlett-Packard ProCurve Network Switches & All Syslog Vertica Virtual Connect Applicaton Devices 4.4x Syslog and greater Hitachi ID Systems Identity and Access Management Suite Authentication Syslog 9.2 and greater HyTrust HyTrust CloudControl NAC 3.x, 4.x Syslog 9.2 and greater DB2 8.x, 9.x, 10.x Guardium ing 6.x, 7.x Syslog 9.2 and greater Informix 11.5 ISS Real Secure Server Sensor Host / Server / x Code Based SQL 9.1 to ISS SiteProtector Security Management All Code Based SQL Use DG Technoloty MEAS MainFrame MainFrame All IBM Proventia GX Other All Syslog System Z DB2 All Use DG Technoloty MEAS Tivoli Endpoint Manager - BigFix Other All Syslog Linux Agent Required Tivoli Identity Manager - SQL Pull IAM / IDM All SQL 9.2 and greater WebSphere Application Server Application 7.0 and greater File pull and greater WebSphere DataPower SOA Appliances Application 4.x Syslog and greater z/os, z/vm MainFrame Use DG Technoloty MEAS Imperva WAF/DAM - CEF All Syslog 9.2 and greater Infoblox NIOS Application All Syslog InfoExpress CyberGatekeeper LAN Network Switches & All Code Based Syslog 9.1 to Snare for AIX Other All Syslog InterSect Alliance Snare for Solaris Other All Syslog Snare for Windows Other All Syslog InterSystems InterSystems Cache x Invincea Enterprise - CEF Other All Syslog IPFIX IPFIX Network Flow All IPFix IPFix Ipswitch WS_FTP Application All Syslog iscan Online iscan Online Vulnerability Systems All N/A N/A 9.4 and greater Itron Itron Enterprise Edition Smart Grid Application All Syslog Jflow Jflow (Generic) Network Flow 5, 7, 9 Netflow Juniper Secure Access/MAG VPN All Syslog JUNOS - Structured-Data Network Switches & All Syslog JUNOS Router Network Switches & All Syslog NetScreen / IDP Network Switches & All Syslog NetScreen Firewall Firewall 4.x, 5.x, 6.x Code Based Syslog 9.1 to Juniper Networks NetScreen IDP IDS / IPS 3.x, 4.x Code Based Syslog 9.1 to NetScreen SSL VPN Secure Access VPN 5.x - 7.x Code Based Syslog 9.1 to Network and Security Manager - NSM All Syslog Secure Access version 7 VPN 5.x-7.x Syslog Steel Belted Radius Radius Server 5.x and greater Syslog Kaspersky Administration Kit - SQL Pull Antivirus All SQL and greater KEMP Technologies LoadMaster Network Switches & 4.x, 5.x Syslog Kerio Technologies Kerio Control Firewall All Syslog and greater Lancope StealthWatch 4.x-5.6 Code Based Syslog 9.1 to StealthWatch 6.x and greater Syslog LANDESK LANDESK Vulnerability Systems All N/A N/A 9.4 and greater Legacy Event Center Other All Syslog Informant IDS / IPS All Syslog 9.3 and greater Lieberman Enterprise Random Password Manager Application All Syslog and greater XML Locum RealTime Monitor Application All Syslog LOGbinder LOGbinder Application All Syslog 9.2 and greater Device Control - Endpoint Manager Security DLP Suite (L.E.M.S.S.) 8 Syslog and greater Lumension Bouncer - CEF Application 5.x and greater Syslog 9.2 and greater Bouncer Application 4.x Syslog Lumension Vulnerability Systems All N/A N/A MailGate, Ltd. MailGate Server Host / Server / 3.5 Syslog Advanced Threat Defense Anti-Malware x and greater Syslog / DXL and greater AntiSpyware (epo) Antivirus All epo - SQL 9.2 and greater Application and Change Control (epo) Web Content / All epo - SQL 9.2 and greater Asset Manager Sensor Asset Management All Syslog and greater Correlation Engine Other All Correlation

4 Security - CEF All Syslog 9.2 and greater Security (epo) All epo - SQL 9.2 and greater Deep Defender (epo) Other All epo - SQL 9.2 and greater Gateway - CEF Web Content / 6.x and greater Syslog 9.2 and greater EWS v5 / Gateway Original - Legacy - Web Content / 5.x Syslog IronMail - Legacy- Web Content / All Syslog Endpoint Encryption (epo) Application All epo - SQL and greater Endpoint Protection for Mac Antivirus 2.0 and greater Syslog and greater McAfee epo Audit Log (epo) Other All epo - SQL 9.2 and greater epolicy Orchestrator Other All epo - SQL 9.2 and greater epolicy Orchestrator Agent (epo) Host / Server / 3.x and greater epo - SQL 9.2 and greater Firewall Enterprise Firewall / IDS / IPS 8.x Syslog 9.2 and greater Host Data Loss Prevention (epo) DLP All epo - SQL 9.2 and greater Host Intrusion Prevention (epo) IDS / IPS 6.x and greater epo - SQL 9.2 and greater Informant IDS / IPS All Syslog 9.3 and greater McAfee Advanced Correlation Engine Correlation All McAfee Application Data Monitor Application All Code Based Event Monitor for SIEM All Code Based McAfee Enterprise Log Manager McAfee Enterprise Security Manager Receiver Receiver/ELM McAfee Security for Domino Windows (epo) Web Content / All epo - SQL 9.2 and greater McAfee Security for Microsoft Exchange (epo) Web Content / All epo - SQL 9.2 and greater McAfee Vulnerability Manager Vulnerability Systems All N/A N/A and greater MOVE AntiVirus (epo) Antivirus All epo - SQL and greater Network Access Control (epo) Other All epo - SQL 9.2 and greater Network DLP Monitor DLP All Syslog Network Security Manager - SQL Pull IDS / IPS 6.x and greater SQL and greater Formerly IntruShield Network Security Manager IDS / IPS 6.x and greater Syslog Formerly IntruShield Network Threat Response IDS / IPS , 4.1 Code Based API , 9.4.1and greater Next Generation Firewall - Stonesoft IDS / IPS All Syslog Nitro IPS IDS / IPS All Syslog One Time Password Server Authentication 3.1 Syslog 9.2 and greater Policy Auditor (epo) Policy Server All epo - SQL 9.2 and greater SaaS Protection Security All File Pull and greater SaaS Web Protection Web Content / All Syslog SiteAdvisor (epo) Other All epo - SQL 9.2 and greater Threat Intelligence Exchange Reputation Server epo - DXL and greater UTM Firewall Firewall All Syslog VirusScan (epo) Antivirus All epo - SQL 9.2 and greater Web Gateway Web Content / All Syslog WebShield Web Content / All Syslog MEDITECH Caretaker HealthCare Application All Syslog ACS - SQL Pull All SQL and greater Adiscon Windows Events All Code Based Syslog Assets via Active Directory Asset All Event Forwarding MEF - McAfee 2008 WMI Exchange 2007, 2010, 2013 Forefront Client Security HIPS 2010 SQL and greater NTR is supported on ESM 9.3.x NTR 4.1 is supported on ESM and greater. Supports csv formatted reports Message Tracking Logs Microsoft Forefront Endpoint Protection - SQL Pull HIPS 2010, 2012 SQL Forefront Threat Management Gateway / Internet Security and Acceleration - W3C Firewall / Host / Server / Operating Systems / Web Content / Filtering / All File pull Proxies / Virtual Private Networks Forefront Threat Management Gateway - SQL Pull IDS / IPS 2010 SQL 9.3 and greater Forefront Unified Access Gateway IDS / IPS 2010 Syslog and greater Internet Authentication Service - ted Web Content/Filtering/Proxies 2003, 2008 Syslog Internet Authentication Service - XML Web Content/Filtering/Proxies 2003, 2008 Syslog Internet Information Services Web Content / All Code Based Syslog 9.1 to Internet Information Services - FTP All Web Content / Internet Information Services - SMTP All Web Content / 9.2 and greater Internet Information Services All Web Content / Microsoft Active Directory Other All WMI WMI Microsoft Exchange Server Other 2007, 2010 WMI WMI Microsoft SQL Server All WMI WMI MSSQL 7, 2000, 2005, 2008, 2012 MSSQL Error Log All Syslog 9.2 and greater MSSQL Server C2 Audit 2000, 2005, 2008 Code Based MEF - McAfee Network Policy Server Policy Server All Syslog Operations Manager Host / Server / All Code Based SQL 9.1 to PhoneFactor Application All Syslog SharePoint Host / Server / File Management 2007, 2010 Syslog System Center Operations Manager Security Management 2007 Code Based Windows DHCP Debug DHCP Logs 2003, 2008 MEF - McAfee

5 Windows DNS Debug DNS Logs 2003, 2008 Windows Event Log - CEF Windows Event Log - WMI All Syslog 9.2 and greater XP, Server 2003, Server 2008, Server 2012, Windows 7 and Windows 8 WMI WMI Mirage Networks CounterPoint NAC / Network Switches & Code Based Syslog 9.1 to Motorola AirDefense Wireless Switch All Syslog AirDefense Enterprise Wireless Switch All Code Based Syslog 9.1 to Data ONTAP Storage 7.x Syslog NetApp DataFort Storage Switch All Syslog FAS Storage All NetFlow Generic NetFlow Flow 5, 7, 9 NetFlow NetFlow Windows 8 is supported in ESM version and greater Use NetApp Data OnTap data NetFort Technologies LANGuardian Host / Server / All Syslog NetIQ Security Manager Sentinel Log Manager Network Switches & / Security Management Network Switches & / Security Management 5.1 Syslog All Syslog NetWitness Informer - CEF Application All Syslog Spectrum - CEF Malware All Syslog 9.2 and greater URL Integration NGS NGS SQuirreL Vulnerability Systems All N/A N/A Niksun NetDetector Other All Syslog Nokia IPSO Firewall All Code Based Syslog 9.1 to Contivity VPN Network Switches & 7.x Code Based Syslog 9.1 to Nortel Networks Contivity VPN Network Switches & 7.x Syslog 9.4 and greater Passport 8000 Series Switches Network Switches & 7.x Syslog VPN Gateway 3050 Virtual Private Network 8.x Syslog Novell edirectory Host / Server / All Syslog 9.2 and greater Identity and Access Management - IAM IAM / IDM All Syslog npulse CPX Flow & Packet Capture Packet Capture All N/A N/A URL Integration OpenVAS OpenVAS Vulnerability Systems All N/A N/A OpenVPN OpenVPN VPN 2.1 and greater Syslog Directory Server Enterprise Edition Authentication 11 Syslog and greater Also covers: Sun ONE Server and Sun Java Directory Server Enterprise Edition Identity Manager - SQL Pull IAM / IDM SQL and greater Internet Directory Authentication and greater Oracle MySQL Oracle (32 bit, Windows) 4.x, 5.x, 6.x 8.x, 9.x, 10g, 11g, 11g R2 Oracle Audit - SQL Pull 10g, 11g SQL and greater Oracle Audit All Syslog and greater Support grain and fine grain logs Osiris Audit Vault and Firewall / Firewall 12.x Syslog and greater Real Application Clusters - RAC 11g File Pull and greater Solaris Basic Security Module - BSM Host / Server / 9.x, 10.x Syslog WebLogic Other 8.1.x Syslog Host Integrity Monitor IDS / IPS Syslog Palo Alto Networks Palo Alto Firewalls Firewall All Syslog Pivotal Greenplum Postfix Postfix Application All Syslog PostgreSQL PostgreSQL 7.4.x, 8.4.x, 9.0.x, 9.1.x PostgreSQL All Syslog PowerTech Interact - CEF Host All Syslog 9.2 and greater Proofpoint Messaging Security Gateway Application All Syslog Qualys Qualys QualysGuard Vulnerability Systems All N/A N/A Quest ChangeAuditor for Active Directory Applications All WMI WMI AppDirector Network Switches & All Syslog AppWall Firewall All Syslog 9.2 and greater Parses the Event Manager Log (evmd.log) ISAKMP, RADIUS, SECURITY, Accounting, RIP, VR messages only Radware DefensePro IDS / IPS and greater Code Based Syslog 9.1 to DefensePro IDS / IPS and greater Syslog LinkProof/FireProof Network Switches & All Syslog Rapid7 Rapid7 Metasploit Pro Vulnerability Systems 3.x and greater N/A N/A Rapid7 Nexpose Vulnerability Systems All N/A N/A Raytheon SureView Application All Syslog Raz-Lee Security isecurity Suite Application All Syslog 9.2 and greater RedSeal Networks RedSeal 6 Risk Complianace All Syslog RioRey DDoS Protection Firewall / DoS RIOS 5.0, 5.1, 5.2 Syslog and greater Riverbed Steelhead Security Appliances / UTMs 5.x Syslog RSA Authentication Manager Authentication 7.x Syslog SafeNet Hardware Security Modules Application Security All Syslog Saint Saint Vulnerability Systems All N/A N/A SAP SAP Version 5 Host / Server / 5.x and 6.x ABAP Module & Syslog Sybase 11.x, 12.x, 15.x

6 Savant Protection Savant - CEF Anti-Malware 3.x Syslog 9.2 and greater Secure Crossing Zenwall Host / Server / All Syslog SecureAuth IEP - Single Sign On Authentication 5.x Syslog Securonix Risk and Threat Intelligence Application Code Based SendMail Sentrion Messaging All Sentrigo Hedgehog - CEF All Syslog 9.2 and greater sflow Generic sflow Network Flow All sflow sflow Silver Spring Networks Network Infrastructure Smart Grid All Skycure Skycure Enterprise Mobile Security All Syslog and greater SnapLogic SnapLogic Cloud Integration All Syslog 9.2 and greater Software Product Research DB2 Access Recording Services DBARS All Syslog SonicWALL SonicWall Firewall/VPN Firewall All Code Based Syslog 9.1 to SonicWall IPS IDS / IPS All Code Based Syslog 9.1 to Sonus GSX VOIP All Syslog Security and Data Protection Security All Syslog Sophos Sophos Antivirus Antivirus All Code Based SQL UTM & Next-Gen Firewall UTM / Firewall 9.1 Syslog and greater Web Security and Control Web Content / All Syslog SourceFire Squid 3D Defense Center IDS / IPS 4.10 Snort NIDS IDS / IPS All FireSIGHT Management Console - estreamer IDS / IPS 5.x.x Code Based estreamer and greater Use Unix - Linux data Use FireSIGHT Management Console - estreamer Use SourceFire NS/RNA data SourceFire NS/RNA IDS / IPS All Syslog Includes Snort IDS Squid Web Content / 1.x Code Based Syslog 9.1 to Squid Web Content / 2.5 Syslog STEALTHbits StealthINTERCEPT HIDS Syslog 9.4 and greater StillSecure Strata Guard Firewall / Security Management / IDS / IPS / Virtual Private Networks Stonesoft Corporation Next Generation Firewall IDS / IPS All 5.x, 6.x Syslog Sun iplanet Web Server All Code Based Syslog 9.1 to Altiris Management Console Asset 7.x and greater 9.2 and greater Antivirus Corporate Edition Server Antivirus 8.x, 9.x Code Based SQL Critical System Protection IDS / IPS 5.2 Code Based SQL 9.1 to Critical System Protection IDS / IPS 5.2 SQL 9.4 and greater Symantec Endpoint Protection Antivirus 11.x Code Based Syslog 9.1 to Endpoint Protection Antivirus 11.x, 12.x Syslog PGP Universal Server Host / Server / All Syslog Symantec Data Loss Prevention DLP All Syslog Symantec Messaging Gateway Messaging 2.x and greater Syslog Symantec Web Gateway Web Content / All Syslog Synology DiskStation Manager Application All Syslog 9.2 and greater Tenable Tenable Nessus Vulnerability Systems 3.x, 4.x, 5.x, 6.x N/A N/A Teradata Teradata 12.x, 13.x, 14.x Thycotic Secret Server Authentication 8 Syslog 9.2 and greater SMS Security Management 2.x and greater Syslog TippingPoint TippingPoint Security Management 1.x, 2.x Code Based Syslog 9.1 to UnityOne IDS / IPS All Syslog TITUS Message Classification Application All WMI WMI and greater Tofino Security Tofino Firewall LSM Firewall All Syslog Topia Technology Skoot Application All Syslog 9.2 and greater Townsend Security AS/400 - CEF Host / Server / All Syslog 9.2 and greater Trapezoid Trust Control Suite Application All Syslog 9.2 and greater Control Manager Antivirus / Vulnerability Systems 3.x, 5.x, 6.x Code Based SQL 9.1 to Use McAfee Next Generation Firewall - Stonesoft Microsoft Windows Event Log Trend Micro Control Manager - SQL Pull Antivirus / Vulnerability Systems 5.x SQL and greater Deep Discovery - CEF Antivirus / Vulnerability Systems All Syslog 9.2 and greater Deep Security - CEF HIDS 6.x and greater Syslog Deep Security Manager - CEF HIDS 6.x and greater Syslog InterScan Web Security Suite Web Content / All Syslog OfficeScan Antivirus / Vulnerability Systems All Syslog 9.2 and greater OSSEC FIM / HIDS 1.x, 2.x Syslog Tripwire / ncircle IP360 Vulnerability Systems All N/A N/A Tripwire Tripwire Enterprise / Security Management 4.x Syslog Tripwire For Server / Security Management 4.x Code Based Syslog 9.1 to Tripwire For Server / Security Management 4.x Syslog 9.4 and greater Data Loss Prevention DLP 8.x Syslog 9.2 and greater Trustwave Network Access Control NAC 3.x Syslog WebDefend Web Content / 4.x Syslog Tufin SecureTrack Firewall / Auditing All Syslog 9.2 and greater Type80 Security Software SMA_RT Host / Server / All Code Based Syslog 9.1 to SMA_RT Host / Server / All Syslog 9.4 and greater Linux Host / Server / All Syslog UNIX Solaris, Red Hat UNIX OS Host / Server / Linux, HP-UX, IBM Code Based Syslog 9.1 to AIX and SUSE VanDyke Software VShell Application 2.x, 3.x Syslog Vericept Content 360 DLP 8.x Syslog 9.2 and greater Verdasys Digital Guardian DLP All Syslog 9.2 and greater VMware vcenter Server Application All Code Based API and greater VMware Application 1.x-5.x Syslog Voltage Security SecureData Enterprise DLP 5.7 Syslog and greater Vormetric Data Security Application 4.x Syslog WatchGuard Technologies Firebox and X Series Firewall 8.x-11.x Syslog Wave Systems Corp Safend Protector DLP All Syslog 9.2 and greater Cloud Web Security HIDS All and greater Websense Websense - CEF, Key Value Pair Web Content / 7.7 and greater Syslog 9.2 and greater Trustwave DLP

7 Websense Vendor Name Device Type Websense Enterprise - SQL Pull Web Content / 6.x, 7.x SQL and greater Xirrus abgn Wi-Fi Arrays Switches & All Syslog Zenprise Secure Mobile Gateway Security Mobile Gateway 5.x and greater Syslog ZeroFOX ZeroFOX Application All Syslog 9.2 and greater Zscaler Nanolog Streaming Service (NSS) Web Content / All Syslog and greater McAfee. Part of Intel Security Mission College Boulevard Santa Clara, CA Intel and the Intel logo and McAfee logos are registered trademarks of Intel Corporation or McAfee, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. Copyright 2015 McAfee, Inc.