Supported Log Sources
The following is a list of items that can be ingested to the SIEMonster platform. Please note that this is not an exhaustive list but the default log integrations supported. There are a large number of custom ingestion integrations that have been created for customers do that not form part of this list. If your log source is not expressly listed, feel free to contact SIEMonster Support through the support portal to request a review of your log source.
đ NOTE: Some integration sources such as â0380-windows_decoders.xmlâ deals with the logs that are retrieved from the Windows Eventchannel (application, security and system channels) by default. In many cases this will cover windows applications that are not expressly indicated.
Syslog / JSON / VPS (AWS, Azure, GCP) direct log feed integrations
The following list is for items that require decoding for ingestion. The process of decoding is breaking the event data into a key value pair data structure. Items that are in JSON format do not require this and may be supported outside of this decoder list.
0005-wazuh
0006-json
0007-wazuh-api
0010-active-response
0015-aix-ipsec
0025-apache
0030-arpwatch
0035-asterisk
0040-auditd
0045-barracuda
0050-checkpoint
0051-checkpoint-smart1
0055-cimserver
0060-cisco-estreamer
0062-cisco-ftd
0063-pix
0064-cisco-asa
0065-cisco-ios
0070-cisco-vpn
0075-clamav
0080-courier
0085-dovecot
0090-dragon-nids
0095-dropbear
0100-fortigate
0101-fortiddos
0102-fortimail
0103-fortiauth
0105-freeipa
0110-ftpd
0115-grandstream
0120-horde
0125-hp
0130-imapd
0135-imperva
0140-kernel
0145-mailscanner
0150-mysql
0155-named
0160-netscaler
0165-netscreen
0170-nginx
0175-ntpd
0180-openbsd
0185-openldap
0190-openvpn
0195-oscap
0200-ossec
0205-pam
0215-portsentry
0220-postfix
0225-postgresql
0230-proftpd
0235-puppet
0240-pure-ftpd
0245-racoon
0250-redis
0255-roundcube
0260-rsa-auth-manager
0265-rshd
0270-samba
0275-sendmail
0280-serv-u
0285-snort
0290-solaris
0295-sonicwall
0300-sophos
0305-squid
0310-ssh
0315-su
0320-sudo
0325-suhosin
0330-symantec
0335-telnet
0340-trend-osce
0345-unbound
0350-unix
0355-vm-pop3
0360-vmware
0365-vpopmail
0370-vsftpd
0375-web-accesslog
0377-huawei-usg
0378-mariadb
0379-dpkg
0380-windows
0385-wordpress
0390-zeus
0395-sqlserver
0400-identity_guard
0405-mongodb
0410-docker
0415-jenkins
0420-vshell
0425-qualysguard
0430-cylance
0435-owncloud
0440-proxmox-ve
0445-exim
0450-openvas
0455-pfsense
0460-kaspersky
0465-azure
0470-panda-paps
0475-mcafee
0480-perdition
0485-nextcloud
0490-junos
0495-freepbs
0505-paloalto
0510-sophos_fw
0520-msexchange-log-decoders.xml
0525-f5_bigip
0540-gitlab
0550-arbor
0555-fireeye
0560-oracledb
0565-aws-eks-authenticator
0575-eset-remote
0580-macos
API based integrations
Below is a list of SIEMonster API Integrations that currently exist out of the box with SIEMonster. Others can be created or the existing ones expanded under SIEMonster Professional Services.
đ NOTE: Some of these integrations are for direct log ingestion and some are purely for integration via API for workflows constructed in the SOAR module. Log retrieval can still be facilitated through these integrations in many cases but it will be workflow dependent to retrieve and publish events to the ingestion channel.
Static Application Security Testing (SAST)
SonarQube
Semgrep
Checkmarx
Brakeman
PMD
Bandit
SpotBugs
Rubocop
Visual Code Grepper (VCG)
Progpilot
Xanitizer
Veracode
Solar Appscreener
Mend (formerly WhiteSource)
Mobsfscan
HuskyCI
TFSec
Talisman
Threagile
TruffleHog
Dynamic Application Security Testing (DAST)
Burp Suite
OWASP ZAP
Acunetix
Netsparker
AppSpider (Rapid7)
Wapiti
Nikto
Wfuzz
Mozilla Observatory
StackHawk
Probely
Crashtest Security
Trustwave
WhiteHat Sentinel
Software Composition Analysis (SCA) / SBOM
Snyk
Black Duck (Synopsys)
Dependency-Track
Sonatype OSSIndex / AuditJS
OSV Scanner
Mend (formerly WhiteSource)
Pip-Audit
NPM Audit
Yarn Audit
Retire.js
Nancy
ORT (OSS Review Toolkit)
Scantist
Meterian
Whispers
Cloud & Infrastructure Scanning
AWS Security Hub
Tenable (Nessus, http://Tenable.io )
Qualys
OpenVAS
Nmap
ScoutSuite
Kubescape
Kube-Bench
Kubeaudit
KubeHunter
Anchore (Grype, AnchoreCTL)
Trivy
Terrascan
Azure Security Center
Sysdig
Wiz
Outpost24
Prowler
Aqua Security
Twistlock
Threat Intelligence & Enrichment
VirusTotal
AbuseIPDB
GreyNoise
MISP
Shodan
Cloud & Infrastructure
Amazon Web Services (AWS)
CloudWatch
EC2
IAM
Lambda
S3
Security Hub
SES
WAF
Microsoft Azure
Active Directory
Exchange
Outlook
Excel
Identity & Access Management
Active Directory
GitGuardian
Secureworks
Okta
Duo
Other Notable Integrations
Jira
Bugcrowd
HackerOne
RiskRecon
Trustwave Fusion
DrHeader
IntSights
Threat Composer
SKF (Security Knowledge Framework)
SARIF (Static Analysis Results Interchange Format)