HawkEye AP Log Adapter List Updated January 2014



Similar documents
HawkEye AP Log Adapter List Updated January 2016

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

Symantec Security Information Manager Version 4.7

ArcSight Supports a Wide Range of Security Relevant Products

List of Supported Systems & Devices

LogLogic Release Notes for Security Event Viewer and Security Event Manager, v3.5.0

Supported Devices (Event Log Sources)

CiscoWorks SIMS(Netforensics)

TIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM

Plugin Name. X N/A sudo X Antivirus Avast avast X GFI Security gfi X McAfee mcafee X mcafee-epo

Release Notes ArcSight SmartConnector

TIBCO LogLogic Unity Quick Reference Guide Concepts

Select the right security information and event management solution to automate security and compliance operations.

Vendor/Product Log Format Analyzer Standard. Analyzer Premium & Analyzer Giga

JUNIPER NETWORKS STRM TECHNICAL NOTE

TECHNOLOGY INTEGRATION GUIDE

SENTINEL MANAGEMENT & MONITORING

Detecting a Hacking Attempt

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

TRIPWIRE LOG CENTER HIGH PERFORMANCE LOG AND SECURITY EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Supported Log File Formats

TECHNOLOGY INTEGRATION GUIDE

INTEGRATION GUIDE TECHNOLOGY INTRODUCTION NETWORK DEVICES AND INFRASTRUCTURE

IBM InfoSphere Guardium

Secure Your Operations through NOC/SOC Integration

Reference Guide. Skybox View Revision: 11

Configuration Audit & Control

Total Protection for Enterprise-Advanced

Privileged - Super Users out of Control

Novell Sentinel Log Manager

Technology Consultant Security Specialist High Profile Organisations Overview and Core Competencies

Installation Guide. Sentinel Log Manager July 2014

Enforcive /Cross-Platform Audit

FUNCTIONAL OVERVIEW

MANAGED SERVICES. Remote Monitoring. Contact US: millenniuminc.com

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Effective Use of Security Event Correlation

IBM Tivoli Application Dependency Discovery Manager

og 4 NET A SureL 201

Peter Dulay, CISSP Senior Architect, Security BU

IBM Tivoli Identity Manager

How To Use Logrhythm For A Log On A Computer Or Network Device (For A Network) For A Network (For An Uniden Network) (For Log On Device) ( For Awn) (On A Network Or Network) Or

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Deployment Guide. Websense Web Security Websense Web Filter. v7.1

Valery Milman CYBERARK PRIVILEGED ACCOUNT SECURITY

Alert Logic Log Manager

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

High Speed Data Transfer from the APS. Kenneth Sidorowicz September 27, 2006

PCISS-1. Job Description: Key Responsibilities: I. Perform troubleshooting& support:

Real-Time Database Protection and. Overview IBM Corporation

Integrigy Corporate Overview

Required Software Product List

How To Secure A Database From A Leaky, Unsecured, And Unpatched Server

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

LOG CENTER SECURITY INTELLIGENCE MADE SIMPLE

McAfee Database Activity Monitoring 5.0.0

Connectors Overview APPLICATION SECURITY ANTI-VIRUS/ANTI-SPAM CLOUD CONTENT SECURITY APPLICATIONS DATABASE ACTIVITY MONITORING (DAM)/ DB SECURITY

ACL Compliance Director FAQ

Security Correlation Server Quick Installation Guide

How To Manage A Database With Infosphere Guardium

English Requirement: You must be able to understand and be understood in English.

SECURE, MANAGE & CONTROL PRIVILEGED ACCOUNTS & SESSIONS. Presenter: Terence Siau

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Government of Canada Managed Security Service (GCMSS) Annex A-7: Statement of Work - Security Information and Event Management (SIEM)

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

MANAGED SECURITY SERVICES

ManageEngine (division of ZOHO Corporation) Infrastructure Management Solution (IMS)

DEPLOYMENT GUIDE. Websense Enterprise Websense Web Security Suite TM. v6.3.1

Access Management Analysis of some available solutions

ProtectID. for Financial Services

Payment Card Industry (PCI) Data Security Standard

VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM

Tivoli Security Information and Event Manager V1.0

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

Log Correlation Engine 4.2 Architecture Guide. October 3, 2013 (Revision 2)

What s new with Operations Management & Partner MPs

Mapping EventTracker Reports and Alerts To FISMA Requirements NIST SP Revision 3 Prism Microsystems, August 2009

IBM Security QRadar SIEM Version MR1. Log Sources User Guide

Operations Management and Open Source Tools

Continuous Monitoring for the New IT Landscape. July 14, 2014 (Revision 1)

Virtualization Journey Stages

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6

PROFILE: SENIOR SYSTEM ENGINEER

PROFILE: SENIOR SYSTEM ENGINEER

DEREK A. CHAMORRO CISSP, CCNP Austin, TX Website: therandomsecurityguy.com

PCI DSS. Get Compliant, Stay Compliant Seminar

EMC Software Release and Service Dates for NetWorker and NetWorker Modules Last Updated on August 16, 2012

Product overview. CA SiteMinder lets you manage and deploy secure web applications to: Increase new business opportunities

ManageEngine Password Manager Pro Vs Thycotic Secret Server

Transcription:

HawkEye AP Log Adapter List Updated January 2014 Firewalls / VPN Aventail SSL VPN * Check Point Firewall-1 fwexport * Check Point Firewall-1 LEA Check Point VPN-1 * Cisco ASA (via SyslogNG) Cisco FWSM Cisco PIX (via SyslogNG) Cisco VPN Concentrator * F5 Application Security Manager Juniper Networks NetScreen (via SyslogNG) Juniper Networks SSL VPN - Secure Access * Nortel Contivity VPN * Secure Computing Gauntlet (via McAfee) Secure Computing Sidewinder G2 (via McAfee) Symantec Enterprise Firewall * Routers / Switches Cisco Catalyst Switch * Cisco IOS (via SyslogNG) HP ProCurve T3/T4 (via SyslogNG) HP ProCurve TMSz (via SyslogNG) Juniper Networks JUNOS * Servers / Desktops Concurrent PowerMAX logs * HP OpenVMS system logs * HP NonStop EMS * HP NonStop SafeGuard HP-UX logs IBM AIX logs IBM VSE/ESA * Microsoft Windows Security Event (via Snare) Microsoft Windows Security Event (via HawkEye Retriever) Microsoft Windows Application Event (via HawkEye Retriever) Microsoft Windows System Event (via HawkEye Retriever) Microsoft Windows Directory Event (via HawkEye Retriever) Microsoft Windows DNS Event (via HawkEye Retriever) Microsoft Windows File Replication System (via HawkEye Retriever) Microsoft Windows 2008 Security Event (via Snare) Microsoft Windows 2008 Security Event (via HawkEye Retriever) Microsoft Windows 2008 Application Event (via HawkEye Retriever) Microsoft Windows 2008 System Event (via HawkEye Retriever) Microsoft Windows 2008 Directory Event (via HawkEye Retriever) Microsoft Windows 2008 DNS Event (via HawkEye Retriever) Microsoft Windows 2008 File Replication System (via HawkEye Retriever) Novell Netware system logs * Red Hat Linux logs SGI IRIX logs * Sun Solaris BSM (via SFTP) 1 Copyright Hexis Cyber Solutions, a subsidiary of The KEYW Holding Corporation. All rights reserved.

UNIX/Linux FTPd (via SyslogNG) UNIX/Linux Login (via SyslogNG) UNIX/Linux SSHd2 (via SyslogNG) UNIX/Linux SUDO (via SyslogNG) UNIX/Linux SU (via SyslogNG) VMware ESX/ESXi (via ESX Retriever) Syslog Generic (via SyslogNG) Web Proxy BlueCoat ProxySG CA etrust SiteMinder Secure Proxy Server * ContentKeeper logs * Microsoft ISA Web Proxy * NetApp NetCache * Squid.org Squid * Websense Web Security Suite * Intrusion Detection (IDS) / Intrusion Protection (IPS) Cisco IPS Sensor Cisco Secure IDS * Cisco Security Agent (Okena) * Enterasys Dragon IDS * HP Tipping Point (via SyslogNG) ISS Proventia IDS Sensor * ISS RealSecure * ISS Site Protector * Juniper Networks IDP (NetScreen) * McAfee Host Intrusion Prevention for Server * McAfee IntruShield (via SyslogNG) McAfee IntruShield RDBMS Retriever (via HawkEye Retriever) Snort (Open Source) SourceFire SourceFire Management Console * TopLayer Attack Mitigator * Tripwire * Traffic Management (Network) Nortel Alteon Load Balancer * Radware Linkproof * Cisco ASR Router * Cisco IOS Cisco TACACS Cisco Netflow Cisco Catalyst Switch * ISC DHCP * HP ProCurve T3/T4 HP ProCurve TMSz Juniper JUNOS * Microsoft RAS * Microsoft DHCP * 2 Copyright Hexis Cyber Solutions, a subsidiary of The KEYW Corporation. All rights reserved.

Traffic Analysis Open Source TCP Dump * QoSient Argus * Remote Access Microsoft Remote Access Server (RAS) * Nortel Annex * Network Monitoring Fortinet Fortigate * LBNL Network Research Group arpwatch * Microsoft System Center Operations Manager (SCOM) * Other Network Sources ISC DHCP * Microsoft DHCP * SIM / SEM / SIEM CA Audit * Cisco MARS HP OpenView NNM * HP ArcSight ESM (Enterprise Security Manager) * IBM Tivoli Netcool/NeuSecure * IBM Tivoli T/EC (Enterprise Console) * LogLogic * Novell Sentinel (e-security) * Novell ZenWorks Remote Control * Trustwave Intellitactics NSM * Security Management Console McAfee epolicy Orchestrator (epo) McAfee SCM (Messaging and Web Security) (batch) Netsweeper Web Filter McAfee Total Protection (ToPS) for Network * Encryption and Key Management HP Secure Key Manager (batch) Ingrian DataVault * Vormetric Coreguard * HawkEye AP Self-Audit HawkEye AP Analyzer Activity Log HawkEye AP Application Manager Log * HawkEye AP Collector Transaction Log HawkEye AP Collector Activity Log HawkEye AP Scalable Log Server Transaction Log Web / App Server / Middleware Apache HTTP Server logs BEA Tuxedo logs * 3 Copyright Hexis Cyber Solutions, a subsidiary of The KEYW Corporation. All rights reserved.

BEA WebLogic Server * IBM IHS/WebSphere access log * IBM MQ Series * IBM WebSphere logs * IBM WebSphere Edge Server * Microsoft IIS Sun iplanet Webserver * Email & IM Communicator Bondhub IM * Exim Main log * IronPort Email Gateway Postfix.org Postfix * McAfee Email and Web Security (MWS) * McAfee Secure Computing E-Mail Gateway (IronMail) * Microsoft Exchange LogBinder EX for Microsoft Exchange Open Source MIMEdefang * Open Source Smapd * Sendmail Flow Control * Sendmail Mailcenter * Sendmail Mailstream Manager * Sendmail MTA (Open Source) Sendmail Switch MTA * Vulnerability Management ISS Internet Scanner * ISS System Scanner * McAfee Vulnerability Management Service (Foundstone) ncircle IP360 Appliance * Qualys QualysGuard * Anti-Virus / Anti-Spam Barracuda Networks Web Filter * Clearswift MIMEsweeper for SMTP * Sendmail Flow Control * Sendmail Mailcenter * Sendmail Mailstream Manager * Sendmail Message Proxy * Symantec Brightmail Anti-Spam * Symantec Endpoint Symantec Enterprise Antivirus Corporate Edition * Symantec Enterprise Vault * Symantec Mail Security (SMS) Appliance * Symantec Mail Security (SMS) for Exchange * Symantec Mail Security (SMS) for SMTP 5.0 * McAfee AntiVirus VirusScan * TrendMicro Control Manager * TrendMicro emanager * TrendMicro InterScan VirusWall * 4 Copyright Hexis Cyber Solutions, a subsidiary of The KEYW Corporation. All rights reserved.

Access Control / Identity Management Cisco ACS (Access Control Server) logs Cisco ACS / TACACS+Radius CA Access Control * CA etrust Siteminder Authentication Server * CA SiteMinder Web Access Manager * Juniper Networks Steel-belted RADIUS logs * Microsoft Active Directory * RADIUS logs (Open Source) * RSA ACE Server Sun ONE iplanet Directory Server * Symark Powerbroker event log * Database IBM DB2 z/os * IBM DB2 UDB * Microsoft SQL Server Oracle Alerter Oracle Database Oracle Fine Grained Auditing (FGA) PostgreSQL Sybase Adaptive Server Enterprise (ASE) * Database Activity Monitors Guardium * Imperva * McAfee Database Activity Monitoring Mainframe CA ACF2 TSO Violation * CA ACF2 General Resource Event Log * CA ACF2 Logon Access Report Log * CA ACF2 SMF Audit Logs * CA Top Secret SMF Audit Logs * IBM iseries (AS/400) OS Logs * IBM RACF SMF Audit Logs * ERP / Financials / HR Systems Digital Insight MIBS * Lawson Financials * Oracle PeopleSoft Application Server logs * Oracle PeopleSoft Enterprise * SAP Security Audit Log SAP SQL Trace Audit Log * ephi Patient Management Cerner Millennium * McKesson Horizon * McKesson Star Audit * 5 Copyright Hexis Cyber Solutions, a subsidiary of The KEYW Corporation. All rights reserved.

Call Detail Records (CDR) Mediation Systems Comptel (mediation system) * Intec Mediation * HawkEye AP Log Adapters Other Infrastructure Applications Citrix Metaframe * Merant Version Manager * Serena Dimension Version Manager * Novell FTP logs * 3rd Party Audit Products CA etrust Audit * CA etrust Audit * Concurrent PowerMAX C2 audit log * Fcheck (Open Source) * HP OpenVMS C2 audit logs * HP Tru64 C2 audit logs * IBM AIX C2 audit logs * IBM Tivoli Access Manager for O/S * Intersect Alliance Snare Linux C2 Audit * McAfee Policy Auditor * SE (Security Enhanced) Linux * SGI IRIX C2 Audit * Sun BSM (Basic Security Module) Internet Banking Infrastructure Magnet Internet Banking Business Suite * IBM Autonomic IBM CBE (Common Based Event) * Service Assurance EMC Smarts * Storage Management / File Servers CA ARCserve * IBM Tivoli Storage Manager * Network Appliance Filer * Netezza Performance Server * Novell ZENworks Suite * Samba (Open Source) * Custom Data Sources The term custom data source refers to any log source not currently supported by HawkEye AP such as those produced by business-critical applications or legacy management systems. Developing custom adapters is relatively easy, depending on the source. Hexis Cyber Solutions simply requires a small amount of sample data to create a parsing statement and a list of column names into which data will be parsed. The patented HawkEye AP data repository builds all data tables dynamically at load time, enabling full field-level reporting, analysis and investigation. 6 Copyright Hexis Cyber Solutions, a subsidiary of The KEYW Corporation. All rights reserved.

Some vendors use universal log parsers to accommodate unfamiliar data but can only parse it into simple tables of four or five fields (i.e., time/date and IP address). Other vendors use generic indexing. Neither approach supports field-level reporting of custom data and instead allows only Google-like searches that return Google-like raw log entries. HawkEye AP is able to use its IntelliSchema Views to easily populate its out-of-the-box reports with custom sources allowing organizations to have a more complete view of their security and compliance environments. 7 Copyright Hexis Cyber Solutions, a subsidiary of The KEYW Corporation. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information