HawkEye AP Log Adapter List Updated January 2016



Similar documents
HawkEye AP Log Adapter List Updated January 2014

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

Symantec Security Information Manager Version 4.7

ArcSight Supports a Wide Range of Security Relevant Products

List of Supported Systems & Devices

Supported Devices (Event Log Sources)

LogLogic Release Notes for Security Event Viewer and Security Event Manager, v3.5.0

CiscoWorks SIMS(Netforensics)

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Plugin Name. X N/A sudo X Antivirus Avast avast X GFI Security gfi X McAfee mcafee X mcafee-epo

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM

TIBCO LogLogic Unity Quick Reference Guide Concepts

Release Notes ArcSight SmartConnector

TECHNOLOGY INTEGRATION GUIDE

Vendor/Product Log Format Analyzer Standard. Analyzer Premium & Analyzer Giga

SENTINEL MANAGEMENT & MONITORING

Select the right security information and event management solution to automate security and compliance operations.

JUNIPER NETWORKS STRM TECHNICAL NOTE

Detecting a Hacking Attempt

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

TRIPWIRE LOG CENTER HIGH PERFORMANCE LOG AND SECURITY EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Supported Log File Formats

TECHNOLOGY INTEGRATION GUIDE

IBM InfoSphere Guardium

INTEGRATION GUIDE TECHNOLOGY INTRODUCTION NETWORK DEVICES AND INFRASTRUCTURE

Reference Guide. Skybox View Revision: 11

Secure Your Operations through NOC/SOC Integration

Configuration Audit & Control

Total Protection for Enterprise-Advanced

Technology Consultant Security Specialist High Profile Organisations Overview and Core Competencies

Novell Sentinel Log Manager

Privileged - Super Users out of Control

Installation Guide. Sentinel Log Manager July 2014

og 4 NET A SureL 201

Enforcive /Cross-Platform Audit

MANAGED SERVICES. Remote Monitoring. Contact US: millenniuminc.com

Peter Dulay, CISSP Senior Architect, Security BU

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Integrigy Corporate Overview

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Required Software Product List

Effective Use of Security Event Correlation

How To Use Logrhythm For A Log On A Computer Or Network Device (For A Network) For A Network (For An Uniden Network) (For Log On Device) ( For Awn) (On A Network Or Network) Or

FUNCTIONAL OVERVIEW

IBM Tivoli Application Dependency Discovery Manager

IBM Tivoli Identity Manager

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Access Management Analysis of some available solutions

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Real-Time Database Protection and. Overview IBM Corporation

How To Manage A Database With Infosphere Guardium

ACL Compliance Director FAQ

Alert Logic Log Manager

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

Deployment Guide. Websense Web Security Websense Web Filter. v7.1

PCISS-1. Job Description: Key Responsibilities: I. Perform troubleshooting& support:

Security Correlation Server Quick Installation Guide

English Requirement: You must be able to understand and be understood in English.

Connectors Overview APPLICATION SECURITY ANTI-VIRUS/ANTI-SPAM CLOUD CONTENT SECURITY APPLICATIONS DATABASE ACTIVITY MONITORING (DAM)/ DB SECURITY

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

LOG CENTER SECURITY INTELLIGENCE MADE SIMPLE

ManageEngine (division of ZOHO Corporation) Infrastructure Management Solution (IMS)

Valery Milman CYBERARK PRIVILEGED ACCOUNT SECURITY

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1)

Required Software Product List

McAfee Database Activity Monitoring 5.0.0

High Speed Data Transfer from the APS. Kenneth Sidorowicz September 27, 2006

VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM

VMware Integrated Partner Solutions for Networking and Security

Government of Canada Managed Security Service (GCMSS) Annex A-7: Statement of Work - Security Information and Event Management (SIEM)

SECURE, MANAGE & CONTROL PRIVILEGED ACCOUNTS & SESSIONS. Presenter: Terence Siau

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

Log Correlation Engine 4.2 Architecture Guide. October 3, 2013 (Revision 2)

MANAGED SECURITY SERVICES

Virtualization Journey Stages

DEPLOYMENT GUIDE. Websense Enterprise Websense Web Security Suite TM. v6.3.1

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

ProtectID. for Financial Services

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

Payment Card Industry (PCI) Data Security Standard

IBM RealSecure Server Sensor System Requirements

PROFILE: SENIOR SYSTEM ENGINEER

Supported Data & Log Sources

PCI DSS. Get Compliant, Stay Compliant Seminar

PROFILE: SENIOR SYSTEM ENGINEER

Tivoli Security Information and Event Manager V1.0

Mapping EventTracker Reports and Alerts To FISMA Requirements NIST SP Revision 3 Prism Microsystems, August 2009

IBM InfoSphere Guardium

DEREK A. CHAMORRO CISSP, CCNP Austin, TX Website: therandomsecurityguy.com

ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER

Information Technology Policy

Transcription:

HawkEye AP Log Adapter List Updated January 2016 Firewalls / VPN Aventail SSL VPN * Check Point Firewall-1 fwexport * Check Point Firewall-1 LEA Check Point VPN-1 * Cisco ASA (via SyslogNG) Cisco FWSM Cisco PIX (via SyslogNG) Cisco VPN Concentrator * F5 Application Security Manager Juniper Networks NetScreen (via SyslogNG) Juniper Networks SSL VPN - Secure Access * Nortel Contivity VPN * Palo Alto Networks Firewall Secure Computing Gauntlet (via McAfee) * Secure Computing Sidewinder G2 (via McAfee) * Symantec Enterprise Firewall * Routers / Switches Cisco Catalyst Switch * Cisco IOS (via SyslogNG) HP ProCurve T3/T4 (via SyslogNG) HP ProCurve TMSz (via SyslogNG) Juniper Networks JUNOS * Servers / Desktops Concurrent PowerMAX logs * HP OpenVMS system logs * HP NonStop EMS * HP NonStop SafeGuard HP-UX logs IBM AIX logs Microsoft Windows Security Event (via Snare OpenSource) Microsoft Windows Security Event (via HawkEye Retriever) Microsoft Windows Application Event (via HawkEye Retriever) Microsoft Windows System Event (via HawkEye Retriever) Microsoft Windows Directory Event (via HawkEye Retriever) Microsoft Windows DNS Event (via HawkEye Retriever) Microsoft Windows File Replication System (via HawkEye Retriever) Microsoft Windows 2008 Security Event (via Snare OpenSource) Microsoft Windows 2008 Security Event (via HawkEye Retriever) Microsoft Windows 2008 Application Event (via HawkEye Retriever) Microsoft Windows 2008 System Event (via HawkEye Retriever) Microsoft Windows 2008 Directory Event (via HawkEye Retriever) Microsoft Windows 2008 DNS Event (via HawkEye Retriever) Microsoft Windows 2008 File Replication System (via HawkEye Retriever) Novell Netware system logs * Red Hat Linux logs SGI IRIX logs * Sun Solaris BSM (via SFTP) Sun Solaris logs SuSE Linux Syslog UNIX/Linux Auditd (via SyslogNG) Page 1 Copyright Hexis Cyber Solutions, a wholly-owned subsidiary of The KEYW Holding Corporation. All rights reserved.

UNIX/Linux FTPd (via SyslogNG) UNIX/Linux Login (via SyslogNG) UNIX/Linux SSHd2 (via SyslogNG) UNIX/Linux SUDO (via SyslogNG) UNIX/Linux SU (via SyslogNG) VMware ESX/ESXi (via ESX Retriever) Syslog Generic (via SyslogNG) Web Proxy BlueCoat ProxySG CA etrust SiteMinder Secure Proxy Server * ContentKeeper logs * Microsoft ISA Web Proxy * NetApp NetCache * Squid.org Squid * Websense Web Security Suite * Intrusion Detection (IDS) / Intrusion Protection (IPS) Cisco IPS Sensor Cisco Secure IDS * Cisco Security Agent (Okena) * Enterasys Dragon IDS * HP/Trend Micro Tipping Point (via SyslogNG) ISS Proventia IDS Sensor * ISS RealSecure * ISS Site Protector * Juniper Networks IDP (NetScreen) * McAfee Host Intrusion Prevention for Server * McAfee IntruShield (via SyslogNG) McAfee IntruShield RDBMS Retriever (via HawkEye Retriever) Snort (Open Source) * SourceFire * SourceFire Management Console * TopLayer Attack Mitigator * Tripwire * Traffic Management (Network) Nortel Alteon Load Balancer * Radware Linkproof * Cisco ASR Router * Cisco IOS Cisco TACACS Cisco Netflow Cisco Catalyst Switch * ISC DHCP * HP ProCurve T3/T4 HP ProCurve TMSz Juniper JUNOS * Microsoft RAS * Microsoft DHCP * Nortel Annex * Open Source TCPDump * QoSient Argus * Secure Computing Snapgear * Page 2 Copyright Hexis Cyber Solutions, a wholly-owned subsidiary of The KEYW Holding Corporation. All rights reserved.

Traffic Analysis Open Source TCP Dump * QoSient Argus * Remote Access Microsoft Remote Access Server (RAS) * Nortel Annex * Network Monitoring Catbird vsecurity Fortinet Fortigate * LBNL Network Research Group arpwatch * Microsoft System Center Operations Manager (SCOM) * Other Network Sources ISC DHCP * Microsoft DHCP * SIM / SEM / SIEM CA Audit * Cisco MARS HP OpenView NNM * HP ArcSight ESM (Enterprise Security Manager) * IBM Tivoli Netcool/NeuSecure * IBM Tivoli T/EC (Enterprise Console) * LogLogic * Novell Sentinel (e-security) * Novell ZenWorks Remote Control * Trustwave Intellitactics NSM * Security Management Console McAfee epolicy Orchestrator (epo) McAfee SCM (Messaging and Web Security) (batch) Netsweeper Web Filter * McAfee Total Protection (ToPS) for Network * Encryption and Key Management HP Secure Key Manager (batch) * Ingrian DataVault * Vormetric Coreguard * Specialty Security Products Hexis HawkEye AP Analyzer Activity Log Hexis HawkEye AP Application Manager Log Hexis HawkEye AP Collector Transaction Log Hexis HawkEye AP Collector Activity Log Hexis HawkEye AP Scalable Log Server Transaction Log Hexis HawkEye G Activity Log Web / App Server / Middleware Apache HTTP Server logs BEA Tuxedo logs * BEA WebLogic Server * Page 3 Copyright Hexis Cyber Solutions, a wholly-owned subsidiary of The KEYW Holding Corporation. All rights reserved.

IBM IHS/WebSphere access log * IBM MQ Series * IBM WebSphere logs * IBM WebSphere Edge Server * Microsoft IIS Microsoft SharePoint Sun iplanet Webserver * Email & IM Communicator Bondhub IM * Exim Main log * Cisco IronPort Email Gateway Postfix.org Postfix * McAfee Email and Web Security (MWS) * McAfee Secure Computing E-Mail Gateway (IronMail) * Microsoft Exchange LogBinder EX for Microsoft Exchange Open Source MIMEdefang * Open Source Smapd * Sendmail Flow Control * Sendmail Mailcenter * Sendmail Mailstream Manager * Sendmail MTA (Open Source) * Sendmail Switch MTA * Vulnerability Management ISS Internet Scanner * ISS System Scanner * McAfee Vulnerability Management Service (Foundstone) ncircle IP360 Appliance * Qualys QualysGuard * Anti-Virus / Anti-Spam Barracuda Networks Web Filter * Clearswift MIMEsweeper for SMTP * Sendmail Flow Control * Sendmail Mailcenter * Sendmail Mailstream Manager * Sendmail Message Proxy * Symantec Brightmail Anti-Spam * Symantec Endpoint Symantec Enterprise Antivirus Corporate Edition * Symantec Enterprise Vault * Symantec Mail Security (SMS) Appliance * Symantec Mail Security (SMS) for Exchange * Symantec Mail Security (SMS) for SMTP 5.0 * McAfee AntiVirus VirusScan * TrendMicro Control Manager * TrendMicro emanager * TrendMicro InterScan VirusWall * Access Control / Identity Management Cisco ACS (Access Control Server) logs Cisco ACS / TACACS+Radius Page 4 Copyright Hexis Cyber Solutions, a wholly-owned subsidiary of The KEYW Holding Corporation. All rights reserved.

CA Access Control * CA etrust Siteminder Authentication Server * CA SiteMinder Web Access Manager * Juniper Networks Steel-belted RADIUS logs * Microsoft Active Directory * RADIUS logs (Open Source) * RSA ACE Server * Sun ONE iplanet Directory Server * Symark Powerbroker event log * Database IBM DB2 z/os * IBM DB2 UDB * Microsoft SQL Server Oracle Alerter Oracle Database Oracle Fine Grained Auditing (FGA) Oracle Listener Oracle Sysaudit PostgreSQL Audit Sybase Adaptive Server Enterprise (ASE) * Database Activity Monitors Guardium * Imperva * McAfee Database Activity Monitoring Mainframe CA ACF2 TSO Violation * CA ACF2 General Resource Event Log * CA ACF2 Logon Access Report Log * CA ACF2 SMF Audit Logs * CA Top Secret SMF Audit Logs * IBM iseries (AS/400) OS Logs * IBM RACF SMF Audit Logs * ERP / Financials / HR Systems Digital Insight MIBS * Lawson Financials * Oracle PeopleSoft Application Server logs * Oracle PeopleSoft Enterprise * SAP Security Audit Log SAP SQL Trace Audit Log * ephi Patient Management Cerner Millennium * McKesson Horizon * McKesson Star Audit * Call Detail Records (CDR) Mediation Systems Comptel (mediation system) * Intec Mediation * Page 5 Copyright Hexis Cyber Solutions, a wholly-owned subsidiary of The KEYW Holding Corporation. All rights reserved.

Other Infrastructure Applications Citrix Metaframe * Merant Version Manager * Serena Dimension Version Manager * Novell FTP logs * 3rd Party Audit Products CA etrust Audit * Concurrent PowerMAX C2 audit log * Fcheck (Open Source) * HP OpenVMS C2 audit logs * HP Tru64 C2 audit logs * IBM AIX C2 audit logs * IBM Tivoli Access Manager for O/S * Intersect Alliance Snare Linux C2 Audit * McAfee Policy Auditor * SE (Security Enhanced) Linux * SGI IRIX C2 Audit * Sun BSM (Basic Security Module) Internet Banking Infrastructure Magnet Internet Banking Business Suite * IBM Autonomic IBM CBE (Common Based Event) * Storage Management / File Servers CA ARCserve * IBM Tivoli Storage Manager * Network Appliance Filer * Netezza Performance Server * Novell ZENworks Suite * Samba (Open Source) * Custom Data Sources The term custom data source refers to any log source not currently supported by HawkEye AP such as those produced by business-critical applications or legacy management systems. Developing custom adapters is relatively easy, depending on the source. Hexis Cyber Solutions simply requires a small amount of sample data to create a parsing statement and a list of column names into which data will be parsed. The patented HawkEye AP data repository builds all data tables dynamically at load time, enabling full field-level reporting, analysis and investigation. Some vendors use "universal" log parsers to accommodate unfamiliar data but can only parse it into simple tables of four or five fields (i.e., time/date and IP address). Other vendors use generic indexing. Neither approach supports field-level reporting of custom data and instead allows only "Google-like" searches that return Google-like raw log entries. HawkEye AP is able to use its IntelliSchema Views to easily populate its out-of-the-box reports with custom sources allowing organizations to have a more complete view of their security and compliance environments. Page 6 Copyright Hexis Cyber Solutions, a wholly-owned subsidiary of The KEYW Holding Corporation. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information