Supported Log Sources

The following is a list of items that can be ingested to the SIEMonster platform. Please note that this is not an exhaustive list but the default log integrations supported. There are a large number of custom ingestion integrations that have been created for customers do that not form part of this list. If your log source is not expressly listed, feel free to contact SIEMonster Support through the support portal to request a review of your log source.

🔖 NOTE: Some integration sources such as “0380-windows_decoders.xml” deals with the logs that are retrieved from the Windows Eventchannel (application, security and system channels) by default. In many cases this will cover windows applications that are not expressly indicated.

Syslog / JSON / VPS (AWS, Azure, GCP) direct log feed integrations

The following list is for items that require decoding for ingestion. The process of decoding is breaking the event data into a key value pair data structure. Items that are in JSON format do not require this and may be supported outside of this decoder list.

0005-wazuh
0006-json
0007-wazuh-api
0010-active-response
0015-aix-ipsec
0025-apache
0030-arpwatch
0035-asterisk
0040-auditd
0045-barracuda
0050-checkpoint
0051-checkpoint-smart1
0055-cimserver
0060-cisco-estreamer
0062-cisco-ftd
0063-pix
0064-cisco-asa
0065-cisco-ios
0070-cisco-vpn
0075-clamav
0080-courier
0085-dovecot
0090-dragon-nids
0095-dropbear
0100-fortigate
0101-fortiddos
0102-fortimail
0103-fortiauth
0105-freeipa
0110-ftpd
0115-grandstream
0120-horde
0125-hp
0130-imapd
0135-imperva
0140-kernel
0145-mailscanner
0150-mysql
0155-named
0160-netscaler
0165-netscreen
0170-nginx
0175-ntpd
0180-openbsd
0185-openldap
0190-openvpn
0195-oscap
0200-ossec
0205-pam
0215-portsentry
0220-postfix
0225-postgresql
0230-proftpd
0235-puppet
0240-pure-ftpd
0245-racoon
0250-redis
0255-roundcube
0260-rsa-auth-manager
0265-rshd
0270-samba
0275-sendmail
0280-serv-u
0285-snort
0290-solaris
0295-sonicwall
0300-sophos
0305-squid
0310-ssh
0315-su
0320-sudo
0325-suhosin
0330-symantec
0335-telnet
0340-trend-osce
0345-unbound
0350-unix
0355-vm-pop3
0360-vmware
0365-vpopmail
0370-vsftpd
0375-web-accesslog
0377-huawei-usg
0378-mariadb
0379-dpkg
0380-windows
0385-wordpress
0390-zeus
0395-sqlserver
0400-identity_guard
0405-mongodb
0410-docker
0415-jenkins
0420-vshell
0425-qualysguard
0430-cylance
0435-owncloud
0440-proxmox-ve
0445-exim
0450-openvas
0455-pfsense
0460-kaspersky
0465-azure
0470-panda-paps
0475-mcafee
0480-perdition
0485-nextcloud
0490-junos
0495-freepbs
0505-paloalto
0510-sophos_fw
0520-msexchange-log-decoders.xml
0525-f5_bigip
0540-gitlab
0550-arbor
0555-fireeye
0560-oracledb
0565-aws-eks-authenticator
0575-eset-remote
0580-macos

API based integrations

Below is a list of SIEMonster API Integrations that currently exist out of the box with SIEMonster. Others can be created or the existing ones expanded under SIEMonster Professional Services.

🔖 NOTE: Some of these integrations are for direct log ingestion and some are purely for integration via API for workflows constructed in the SOAR module. Log retrieval can still be facilitated through these integrations in many cases but it will be workflow dependent to retrieve and publish events to the ingestion channel.

Static Application Security Testing (SAST)

1. SonarQube

2. Semgrep

3. Checkmarx

4. Brakeman

5. PMD

6. Bandit

7. SpotBugs

8. Rubocop

9. Visual Code Grepper (VCG)

10. Progpilot

11. Xanitizer

12. Veracode

13. Solar Appscreener

14. Mend (formerly WhiteSource)

15. Mobsfscan

16. HuskyCI

17. TFSec

18. Talisman

19. Threagile

20. TruffleHog

Dynamic Application Security Testing (DAST)

1. Burp Suite

2. OWASP ZAP

3. Acunetix

4. Netsparker

5. AppSpider (Rapid7)

6. Wapiti

7. Nikto

8. Wfuzz

9. Mozilla Observatory

10. StackHawk

11. Probely

12. Crashtest Security

13. Trustwave

14. WhiteHat Sentinel

Software Composition Analysis (SCA) / SBOM

1. Snyk

2. Black Duck (Synopsys)

3. Dependency-Track

4. Sonatype OSSIndex / AuditJS

5. OSV Scanner

6. Mend (formerly WhiteSource)

7. Pip-Audit

8. NPM Audit

9. Yarn Audit

10. Retire.js

11. Nancy

12. ORT (OSS Review Toolkit)

13. Scantist

14. Meterian

15. Whispers

Cloud & Infrastructure Scanning

1. AWS Security Hub

2. Tenable (Nessus, http://Tenable.io )

3. Qualys

4. OpenVAS

5. Nmap

6. ScoutSuite

7. Kubescape

8. Kube-Bench

9. Kubeaudit

10. KubeHunter

11. Anchore (Grype, AnchoreCTL)

12. Trivy

13. Terrascan

14. Azure Security Center

15. Sysdig

16. Wiz

17. Outpost24

18. Prowler

19. Aqua Security

20. Twistlock

Threat Intelligence & Enrichment

1. VirusTotal

2. AbuseIPDB

3. GreyNoise

4. MISP

5. Shodan

Cloud & Infrastructure

1. Amazon Web Services (AWS)

   1. CloudWatch

   2. EC2

   3. IAM

   4. Lambda

   5. S3

   6. Security Hub

   7. SES

   8. WAF

2. Microsoft Azure

   1. Active Directory

   2. Exchange

   3. Outlook

   4. Excel

Identity & Access Management

1. Active Directory

2. GitGuardian

3. Secureworks

4. Okta

5. Duo

Other Notable Integrations

1. Jira

2. Bugcrowd

3. HackerOne

4. RiskRecon

5. Trustwave Fusion

6. DrHeader

7. IntSights

8. Threat Composer

9. SKF (Security Knowledge Framework)

10. SARIF (Static Analysis Results Interchange Format)