Configuring External Systems for Discovery, Monitoring and Log Co

Configuring External Systems for Discovery, Monitoring and Log Collection

Ports Used by FortiSIEM for Discovery and Monitoring

These ports are used by FortiSIEM to discover devices, pull metrics and process event logs.

 Ports  Services Super Worker Collector
UDP/514 UDP syslog x x x
TCP/1470 TCP syslog x x x
UDP/6514 UDP syslog over TLS x x x
TCP/6514 TCP syslog over TLS x x x
UDP/2055 netflow x x x
TCP/22 ssh x x x
TCP/5480 HTTP Registration     x
ICMP   x x x
TCP/21 FTP (Receiving Bluecoat logs via ftp) x x x
TCP/5432 postgresql x    
UDP/111, TCP/111 NFS portmapper x x  
TCP/7900 phMonitor x x  
TCP/7914 phParser x x  
TCP/7916 phQueryWorker x x  
TCP/7918 phQueryMaster x x  
TCP/7920 phDataManager x x  
TCP/7922 phRuleMaster x x  
TCP/7924 phRuleWorker x x  
TCP/7926 phAgentManager x x  
TCP/7928 phDiscover x x  
TCP/7930 phCheckpoint x x  
TCP/7932 phReportWorker x x  
TCP/7934 phReportMaster x x  
TCP/7936 phEventPackager x x  
TCP/7938 phIpIdentityMaster x x  
TCP/7940 phIpIdentityWorker x x  
TCP/110 POP3 x    
TCP/135 WMI x x x
TCP/143 IMAP x    
UDP/161 SNMP x x x
UDP/162 SNMP TRAP x x x
TCP/389 LDAP x x x
TCP/443 HTTPS x x x
TCP/993 IMAP/SSL x    
TCP/995 POP/SSL x    
TCP/1433 JDBC x x x
UDP/8686 JMX x x x
TCP/18184 Checkpoint LEA x x x
TCP/18190 Checkpoint CPMI Port x x x

 

Supported Devices and Applications by Vendor
Vendor Model Discovery

Overview

Performance Monitoring Overview Log Analysis Overview Configuration Change monitoring Details
AirTight

Networks

SpectraGuard Discovered via

LOG only

Not natively supported – Custom monitoring needed CEF format: Over 125 event types parsed covering various Wireless suspicious activities Currently not natively supported AirTight

Networks

SpectraGuard

Alcatel TiMOS Routers and Switches SNMP: OS,

Hardware

SNMP: CPU, memory, interface utilization, hardware status Not natively supported – Custom parsing needed Currently not natively supported Alcatel TiMOS and AOS

Switch

Configuration

Alcatel AOS Routers and

Switches

SNMP: OS,

Hardware

SNMP: CPU, memory, interface utilization, hardware status Not natively supported – Custom parsing needed Currently not natively supported Alcatel TiMOS and AOS

Switch

Configuration

Alertlogic IPS Discovered via

LOG only

Currently not natively supported AlertLogic API – Snort event types Currently not natively supported  
Amazon AWS Servers AWS API: Server

Name, Access IP,

Instance ID,

Image Type,

Availability Zone

CloudWatch API: System Metrics:

CPU, Disk I/O, Network

 CloudTrail API: Over 325 event types parsed covering various AWS activities CloudTrail API: various administrative changes on AWS systems and users AWS

CloudWatch

AWS

CloudTrail

Amazon AWS Elastic Block

Storage (EBS)

CloudWatch API:

Volume ID,

Status, Attach

Time

CloudWatch API: Read/Write Bytes,

Ops, Disk Queue

Covered via CloudTrail API Covered via

CloudTrail API

AWS EBS and

RDS

Amazon AWS Relational

Database Storage

(RDS)

  CloudWatch API: CPU, Connections, Memory, Swap, Read/Write Latency and Ops Currently not natively supported Covered via

CloudTrail API

AWS EBS and

RDS

Amazon Elastic Load

Balancer (ELB)

  Currently not natively supported HTTP(S) Access logs –

Management logs – Covered via CloudTrail API

Covered via

CloudTrail API

 
Apache Tomcat Application

Server

JMX:  Version JMX: CPU, memory, servlet, session, database, threadpool, request processor metrics Currently not natively supported – Custom parsing needed Currently not natively supported Apache

Tomcat

Apache Apache Web server SNMP: Process name SNMP: process level cpu, memory

HTTPS via the mod-status module: Apache level metrics

Syslog: W3C formatted access logs – per

HTTP(S) connection: Sent Bytes, Received

Bytes, Connection Duration

Currently not natively supported Apache Web

Server

APC NetBotz

Environmental

Monitor

SNMP: Host name, Hardware model, Network interfaces SNMP: Temperature, Relative

Humidity, Airflow, Dew point, Current, Door switch sensor etc.

SNMP Trap: Over 125 SNMP Trap event types parsed covering various environmental exception conditions Currently not natively supported APC Netbotz
APC UPS SNMP: Host name, Hardware model, Network interfaces SNMP: UPS metrics SNMP Trap: Over 49 SNMP Trap event types parsed covering various environmental exception conditions Currently not natively supported APC UPS
Arista

Networks

Routers and

Switches

SNMP: OS, Hardware

SSH:

configuration, running processes

SNMP: CPU, Memory, Interface utilization, Hardware Status Syslog and NetFlow SSH: Running config, Startup config Arista Router and Switch
Aruba

Networks

Aruba Wireless

LAN

SNMP: Controller

OS, hardware,

Access Points

SNMP: Controller CPU, Memory,

Interface utilization, Hardware Status

SNMP: Access Point Wireless Channel utilization, noise metrics, user count

SNMP Trap: Over 165 event types covering

Authentication, Association, Rogue detection,

Wireless IPS events

Currently not natively supported Aruba WLAN
Aruba

Networks

ClearPass Policy

Manager

Discovery via

LOG

Currently not natively supported Syslog: Successful and failed AAA authentication, warnings and errors Currently not natively supported  
Aruba

Networks

Switches SNMP: OS,

Hardware

SNMP: Uptime, Interface utilization Currently not natively supported – Custom parsing needed Currently not natively supported  
Avaya Call Manager SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization, Hardware Status CDR: Call Records Currently not natively supported Avaya Call

Manager

 

Avaya Session Manager SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization, Hardware Status Currently not natively supported – Custom parsing needed Currently not natively supported  
Barracuda

Networks

Spam Firewall Discovery via

LOG

Currently not natively supported Syslog: Over 20 event types covering mail scanning and filtering activity Currently not natively supported Barracuda

Spam

Bit9 Security platform Discovery via

LOG

Currently not natively supported Syslog: Over 259 event types covering various file monitoring activities Currently not natively supported Bit9 Security

Platform

Bit9 Carbon Black Currently not natively supported Currently not natively supported Syslog: File monitoring watch list hit Currently not natively supported  
Blue Coat Security Gateway Versions v4.x and

later

SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization, Proxy performance metrics Syslog: Admin access to Security Gateway

SFTP: Proxy traffic analysis

Currently not natively supported Blue Coat

Web Proxy

Box.com Cloud Storage Currently not natively supported Currently not natively supported Box.com API: File creation, deletion, modify, file sharing Currently not natively supported Box.com
Brocade SAN Switch SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization Currently not natively supported Currently not natively supported Brocade SAN

Switch

Brocade ServerIron ADX switch SNMP: Host name, serial number, hardware SNMP: Uptime, CPU, Memory,

Interface Utilization, Hardware status,

Real Server Statistics

Currently not natively supported Currently not natively supported Brocade ADX
Brocade NetIron CER

Switches

SNMP: Host name, serial number, hardware SNMP: Uptime, CPU, Memory,

Interface Utilization, Hardware status,

Real Server Statistics

Currently not natively supported Currently not natively supported Brocade

NetIron CER

Routers

CentOS /

Other Linux distributions

Linux SNMP: OS,

Hardware,

Software,

Processes, Open Ports

SSH: Hardware

details, Linux distribution

SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down SSH: Disk I/O, Paging Syslog: Situations covering Authentication

Success/Failure, Privileged logons, User/Group Modification

SSH: File integrity monitoring, Command output monitoring, Target file monitoring

AccelOps LinuxFileMon Agent: File integrity monitoring

SSH: File integrity monitoring, Target file monitoring

Agent: File integrity monitoring

Linux Server
CentOS /

Other Linux distributions

DHCP Server Currently not natively supported Currently not natively supported Syslog: DHCP activity (Discover, Offer,

Request, Release etc) – Used in Identity and Location

Not Applicable Linux DHCP
Checkpoint FireWall-1 versions

NG, FP1, FP2,

FP3, AI R54, AI

R55, R65, R70,

R77, NGX, and

R75

SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization LEA from SmartCenter or Log Server:

Firewall Log, Audit trail, over 940 IPS Signatures

LEA: Firewall

Audit trail

Check Point

Provider-1

Firewall

Checkpoint Provider-1 versions

NG, FP1, FP2,

FP3, AI R54, AI

R55, R65, R70,

R77, NGX, and

R75

Currently not natively supported Currently not natively supported LEA: Firewall Log, Audit trail LEA: Firewall

Audit trail

Check Point

Provider-1

Checkpoint VSX SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization LEA from SmartCenter or Log Server:

Firewall Log, Audit trail

LEA: Firewall

Audit trail

Check Point

Provider-1

Citrix NetScaler

Application

Delivery Controller

SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization, Hardware Status, Application Firewall metrics Syslog: Over 465 event types covering admin activity, application firewall events, health events Currently not natively supported Citrix

Netscaler

Citrix ICA SNMP: Process

Utilization

SNMP: Process Utilization

WMI: ICA Session metrics

Currently not natively supported Currently not natively supported Citrix ICA
Cisco ASA Firewall (single and multi-context) version 7.x and later SNMP: OS, Hardware

SSH: interface security level needed for parsing traffic logs,

Configuration

SNMP: CPU, Memory, Interface

utilization, Firewall Connections,

Hardware Status

Syslog: Over 1600 event types parsed for situations covering admin access, configuration change, traffic log, IPS activity

NetFlow V9: Traffic log

SSH: Running config, Startup config Cisco ASA

 

Cisco PIX Firewall SNMP: OS, Hardware

SSH: interface security level needed for parsing traffic logs,

Configuration

SNMP: CPU, Memory, Interface utilization, Connections, Hardware Status Syslog: Over 1600 event types parsed for situations covering admin access,

configuration change, traffic log, IPS activity

SSH: Running config, Startup config Cisco ASA
Cisco FWSM SNMP: OS, Hardware

SSH: interface security level needed for parsing traffic logs,

Configuration

SNMP: CPU, Memory, Interface utilization, Connections, Hardware Status Syslog: Over 1600 event types parsed for situations covering admin access,

configuration change, traffic log, IPS activity

SSH: Running config, Startup config Cisco ASA
Cisco IOS based Routers and Switches SNMP: OS, Hardware

SSH:

configuration, running process, Layer 2 connectivity

SNMP: CPU, Memory, Interface utilization, Hardware Status

SNMP: IP SLA metrics

SNMP: BGP metrics, OSPF metrics

SNMP: Class based QoS metrics

SNMP: NBAR metrics

Syslog: Over 200 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, IPS activity

NetFlow V5, V9: Traffic logs

SSH: Running config, Startup config Cisco IOS
Cisco CatOS based

Switches

SNMP: OS,

Hardware (Serial Number, Image

file, Interfaces,

Components)

SSH:

configuration running process

SNMP: CPU, Memory, Interface utilization, Hardware Status Syslog: Over 700 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, IPS activity

NetFlow V5, V9: Traffic logs

SSH: Running config, Startup config Cisco IOS
Cisco Nexus OS based

Routers and

Switches

SNMP: OS, Hardware

SSH:

configuration running process, Layer 2 connectivity

SNMP: CPU, Memory, Interface utilization, Hardware Status

SNMP: IP SLA metrics, BGP metrics, OSPF metrics, NBAR metrics

SNMP: Class based QoS metrics

Syslog: Over 3500 event types parsed for situations covering admin access, configuration change, interface up/down, BGP interface up/down, traffic log, hardware status, software and hardware errors

NetFlow V5, V9: Traffic logs

SSH: Running config, Startup config Cisco NX-OS
Cisco 300 Series

Switches (SF 300,

SG300/350 etc)

SNMP: OS,

Hardware

SNMP: Interface utilization, Currently not natively supported Currently not natively supported Cisco 300

Series

Routers

Cisco ONS SNMP: OS,

Hardware

  SNMP Trap: Availability and Performance

Alerts

  Cisco NX-OS
Cisco ACE Application

Firewall

SNMP: OS,

Hardware

       
Cisco UCS Server UCS API: Hardware components processors, chassis, blades, board, cpu, memory, storage, power supply unit, fan unit UCS API: Chassis Status, Memory

Status, Processor Status, Power

Supply status, Fan status

Syslog: Over 500 event types parsed for situations covering hardware errors, internal software errors etc Currently not natively supported Cisco UCS
Cisco WLAN Controller and Access Points SNMP: OS,

Hardware,

Access Points

SNMP: Controller CPU, Memory,

Interface utilization, Hardware Status

SNMP: Access Point Wireless Channel utilization, noise metrics, user count

SNMP Trap: Over 88 event types parsed for

situations covering Authentication,

Association, Rogue detection, Wireless IPS events

Currently not natively supported Cisco

Wireless LAN

Cisco Call Manager SNMP: OS,

Hardware, VoIP

Phones

SNMP: Call manager CPU, Memory,

Disk Interface utilization, Hardware

Status, Process level resource usage

SNMP: VoIP phone count, Gateway count, Media Device count, Voice mail server count  and SIP Trunks count

SNMP: SIP Trunk Info, Gateway Status

Info, H323 Device Info, Voice Mail

Device Info, Media Device Info,

Computer Telephony Integration (CTI) Device Info

Syslog: Over 950 messages from Cisco Call

Manager as well as Cisco Unified Real Time Monitoring Tool (RTMT)

CDR Records, CMR Records: Call Source and Destination, Time, Call Quality metrics

(MOS Score, Jitter, latency)

Currently not natively supported Cisco Call

Manager

 

Cisco Contact Center SNMP: OS,

Hardware

SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process

level resource usage, Install software change

Currently not natively supported – Custom parsing needed Currently not natively supported Cisco Contact

Center

Cisco Presence Server SNMP: OS,

Hardware

SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process

level resource usage, Install software change

Currently not natively supported – Custom parsing needed Currently not natively supported Cisco

Presence

Server

Cisco Tandeberg

Tele-presence

Video

Communication

Server (VCS)

SNMP: OS,

Hardware

SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process

level resource usage, Install software change

Currently not natively supported – Custom parsing needed Currently not natively supported Cisco

Tandeberg

Telepresence

VCS

Cisco Tandeberg

Tele-presence

Multiple Control

Unit (MCU)

SNMP: OS,

Hardware

SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process

level resource usage, Install software change

Currently not natively supported – Custom parsing needed Currently not natively supported Cisco

Telepresence

MCU

Cisco Unity Connection SNMP: OS,

Hardware

SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process

level resource usage, Install software change

Currently not natively supported – Custom parsing needed Currently not natively supported Cisco Unity
Cisco IronPort Mail

Gateway

SNMP: OS,

Hardware

SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process

level resource usage, Install software change

Syslog: Over 45 event types covering mail scanning and forwarding status Currently not natively supported Cisco IronPort

Mail

Cisco IronPort Web

Gateway

SNMP: OS,

Hardware

SNMP: CPU, Memory, Disk Interface utilization, Hardware Status, Process

level resource usage, Install software change

W3C Access log (Syslog): Over 9 event types covering web request handling status Currently not natively supported Cisco IronPort

Web

Cisco Cisco Network IPS

Appliances

SNMP: OS,

Hardware

SNMP: CPU, Memory, Disk Interface utilization, Hardware Status SDEE: Over 8000 IPS signatures Currently not natively supported Cisco NIPS
Cisco Sourcefire 3D and

Defense Center

SNMP: OS,

Hardware

      Sourcefire 3D and Defense Center
Cisco FireSIGHT

Console

    eStreamer SDK: Intrusion events, Malware events, File events, Discovery events, User activity events, Impact flag events   Cisco

FireSIGHT

Cisco Cisco Security

Agent

SNMP or WMI:

OS, Hardware

SNMP or WMI: Process CPU and memory utilization SNMP Trap: Over 25 event types covering Host IPS behavioral signatures. Currently not natively supported Cisco CSA
Cisco Cisco Access

Control Server

(ACS)

SNMP or WMI:

OS, Hardware

SNMP or WMI: Process CPU and memory utilization Syslog: Passed and Failed authentications,

Admin accesses

Currently not natively supported Cisco ACS
Cisco VPN 3000 SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization Syslog: Successful and Failed Admin

Authentication, VPN Authentication, IPSec Phase 1 and Phase 2 association, VPN statistics

Currently not natively supported Cisco VPN

3000

Cisco Meraki Cloud

Controllers

SNMP: OS,

Hardware, Meraki devices reporting to the Cloud Controller

SNMP: Uptime, Network Interface

Utilization

SNMP Trap: Various availability scenarios

Currently not natively supported – Custom parsing needed Currently not natively supported Cisco Meraki

Cloud

Controller and

Network

Devices

Cisco Meraki Firewalls SNMP: OS,

Hardware

SNMP: Uptime, Network Interface

Utilization

Syslog: Firewall log analysis Currently not natively supported Cisco Meraki

Cloud

Controller and

Network

Devices

Cisco Meraki

Routers/Switches

SNMP: OS,

Hardware

SNMP: Uptime, Network Interface

Utilization

  Currently not natively supported Cisco Meraki

Cloud

Controller and

Network

Devices

Cisco Meraki WLAN

Access Points

SNMP: OS,

Hardware

SNMP: Uptime, Network Interface

Utilization

  Currently not natively supported Cisco Meraki

Cloud

Controller and

Network

Devices

Cisco MDS Storage

Switch

SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization, Hardware Status Currently not natively supported – Custom parsing needed Currently not natively supported  
Cisco Network Control Manager (NCM)     Syslog: Network device software update, configuration analysis for compliance, admin login   Cisco Network

Compliance

Manager

 

Cisco Wide Area

Application

Services (WAAS)

SNMP: Host name, Version,

Hardware model, Network

interfaces

SNMP: CPU, Memory, Interface

utilization, Disk utilization, Process cpu/memory utilization

    Cisco WAAS
Cisco Application Centric

Infrastructure (ACI)

Not Applicable Not Applicable Cisco APIC API: Faults, Events,

Configuration Changes,

Node/Tenant/Cluster/Application/EPG/Overall health

  Cisco

Application

Centric

Infrastructure

(ACI)

Configuration

Clavister Clavister IP          
Cylance Cylance Protect

Endpoint

Protection

    Syslog: Endpoint protection alerts   Cylance

Protect

Cyphort Cyphort Cortex

Endpoint

Protection

    Syslog: Endpoint protection alerts   Cyphort

Cortex

Dell SonicWall Firewall SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface

utilization, Firewall session count

Syslog: Firewall log analysis (over 1000 event types) Currently not natively supported Dell

SonicWALL

Dell Force10 Router and Switch SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization, Interface Status, Hardware Status   SSH: Running config, Startup config Dell Force10
Dell NSeries Router and Switch SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization, Hardware Status   SSH: Startup config Dell NSeries
Dell PowerConnect

Router and Switch

SNMP: OS,

Hardware

SNMP: CPU, Memory, Interface utilization, Hardware Status   SSH: Startup config Dell

PowerConnect

Dell Dell Hardware on

Intel-based

Servers

SNMP: Hardware SNMP: Hardware Status: Battery, Disk,

Memory, Power supply, Temperature,

Fan, Amperage, Voltage

  Currently not natively supported.  
Dell Compellent

Storage

SNMP: OS,

Hardware

SNMP: Network Interface utilization,

Volume utilization, Hardware Status

(Power, Temperature, Fan)

  Currently not natively supported. Dell

Compellant

Dell EqualLogic

Storage

SNMP: OS,

Hardware (Network interfaces, Physical Disks,

Components)

SNMP: Uptime, Network Interface

utilization

SNMP: Hardware status: Disk, Power supply, Temperature, Fan, RAID health

SNMP: Overall Disk health metrics: Tot al disk count, Active disk count, Failed disk count, Spare disk count

SNMP: Connection metrics: IOPS, Throughput

SNMP: Disk performance metrics: IOPS,  Throughput

SNMP: Group level performance metrics: Storage, Snapshot

  Currently not natively supported. Dell

EqualLogic

EMC Clariion Storage Naviseccli: Host name, Operating system version, Hardware model,

Serial number, Network

interfaces,

Installed

Software, Storage

Controller Ports

Naviseccli: Hardware components, RAID Groups and assigned disks,

LUNs and LUN -> RAID Group mappings, Storage Groups and memberships

Naviseccli: Storage Processor utilization, Storage Port I/O, RAID Group I/O, LUN I/O, Host HBA

Connectivity, Host HBA Unregistered Host, Hardware component health,

Overall Disk health, Storage Pool Utilization

  Currently not natively supported. EMC Clarion

 

EMC VNX Storage Naviseccli: Host name, Operating system version, Hardware model,

Serial number, Network

interfaces,

Installed

Software, Storage

Controller Ports

Naviseccli: Hardware components, RAID Groups and assigned disks,

LUNs and LUN -> RAID Group mappings, Storage Groups and memberships

Naviseccli: Storage Processor utilization, Storage Port I/O, RAID Group I/O, LUN I/O, Host HBA

Connectivity, Host HBA Unregistered

Host, Hardware component health,

Overall Disk health, Storage Pool Utilization

    EMC VNX
EMC Isilon Storage SNMP: Host name, Operating system,

Hardware (Model,

Serial number, Network

interfaces, Physical Disks,

Components

SNMP: Uptime, Network Interface metrics

SNMP: Hardware component health:

Disk, Power supply, Temperature, Fan, Voltage

SNMP: Cluster membership change, Node health and performance (CPU,

I/O), Cluster health and performance, Cluster Snapshot, Storage Quota metrics, Disk performance, Protocol performance

    EMC Isilon
EMC Data Domain SNMP: Host name, Operating system,

Hardware (Model,

Serial number, Network

interfaces, Physical Disks

SNMP: Interface utilization, Hardware

Status

SNMP: Overall Storage metrics: replication metrics, disk I/O, NFS metrics, CIFS metrics

SNMP: Individual disk metrics: disk I/O, disk utilization, disk status

Currently not natively supported – Custom parsing needed Currently not natively supported  
ESET Nod32 Anti-virus Application type

discovery via

LOG

  Syslog (CEF format): Virus found/cleaned type of events   ESET NOD32
FireEye Malware Protection

System (MPS)

Application type

discovery via

LOG

  Syslog (CEF format): Malware found/cleaned type of events   FireEye MPS
FireEye HX Appliances for

Endpoint protection

Application type

discovery via

LOG

  Syslog (CEF format): Malware Acquisition,

Containment type of events

   
F5 Networks  Application

Security Manager

Discovery via

LOG

  Syslog (CEF Format); Various application level attack scenarios – invalid directory access, SQL injections, cross site exploits   F5 Application

Security

Manager

F5 Networks Local Traffic

Manager

SNMP: Host name, Operating system,

Hardware (Model,

Serial number, Network

interfaces,

Physical Disks),

Installed

Software,

Running Software

SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start SNMP Trap: Exception situations including hardware failures, certain security attacks, Policy violations etc

Syslog: Permitted and Denied Traffic

  F5 Networks

Local Traffic

Manager

F5 Networks Web Accelerator Discovery via

LOG

  Syslog: Permitted Traffic   F5 Networks

Web

Accelerator

Fortinet FortiGate firewalls SNMP: OS, Host name, Hardware

(Serial Number,

Interfaces,

Components)

SNMP: Uptime, CPU and Memory

utilization, Network Interface metrics

Syslog: Over 3700 Traffic and system logs SSH: Running config, Startup config Fortinet

FortiGate

Fortinet FortiManager SNMP: Host name, Hardware

model, Network interfaces,

Operating system

version

SNMP: Uptime, CPU and Memory

utilization, Network Interface metrics

    FortiManager

 

Fortinet FortiMail Mail

Gateway

Discovery via

LOG

Currently not supported Syslog: Over 120 event types covering admin logons, configuration changes, restarts, operational errors, malware and virus, spam Currently not natively supported Fortinet

FortiWeb

Fortinet FortiWeb Web

Gateway

SNMP: OS, Host name, Hardware

(Serial Number,

Interfaces)

SNMP: Uptime, CPU and Memory

utilization, Network Interface metrics

Syslog: Over 450 event types covering admin logons, configuration changes, restarts, operational errors, Web attacks, HTTP

Protocol anomaly

Currently not natively supported Fortinet

FortiWeb

Fortinet FortiSandbox SNMP: OS, Host name, Hardware

(Serial Number,

Interfaces)

SNMP: Uptime, CPU and Memory

utilization, Network Interface metrics, Disk

Syslog: Event types covering malware, network attacks and system events Currently not natively supported Fortinet

FortiSandbox

Configuration

Fortinet FortiDDoS Discovery via

LOG

Currently not supported Syslog: Over 160 event types covering admin logons, configuration changes, restarts, operational errors, traffic anomaly, DDoS attacks Currently not natively supported FortiDDoS
Foundry

Networks

IronWare Router and Switch SNMP: OS, Hardware SSH:

configuration, running process

SNMP: Uptime, CPU, Memory,

Interface utilization, Hardware Status

Syslog: Over 6000 event types parsed for situations covering admin access, configuration change, interface up/down SSH: Running config, Startup config Foundry

Networks

IronWare

Google Google Apps Not Applicable Not Applicable Google Apps Admin SDK: Over 200 event

types parsed for situations covering login, file access, user/group creation/modification, file creation/modifications

Not Applicable Google Apps

Audit

Configuration

Huawei VRP Router and

Switch

SNMP: OS, Hardware

SSH:

configuration, running process, Layer 2 connectivity

SNMP: Uptime, CPU, Memory,

Interface utilization, Hardware Status

Syslog: Over 30 event types parsed for situations covering admin access, configuration change, interface up/down SSH: Running config, Startup config  
HP BladeSystem SNMP: Host name, Access IP, Hardware components SNMP: hardware status     HP

BladeSystem

HP HP-UX servers SNMP: OS,

Hardware

SNMP: Uptime, CPU, Memory, Network Interface, Disk space utilization, Network Interface Errors, Running Process Count, Running process CPU/memory utilization, Running process start/stop

SNMP: Installed Software change

SSH : Memory paging rate, Disk I/O utilization

    HP UX Server
HP HP Hardware on

Intel-based

Servers

SNMP: hardware model, hardware serial, hardware components (fan, power supply,

battery, raid, disk,

memory)

SNMP: hardware status SNMP Trap: Over 100 traps covering hardware issues    
HP TippingPoint

UnityOne IPS

SNMP: OS,

Hardware

SNMP: Uptime, CPU, Memory,

Network Interface,  Network Interface Errors

Syslog: Over 4900 IPS alerts directly or via

NMS

  TippingPoint

IPS

HP ProCurve Switches and Routers SNMP: OS, hardware model,

hardware serial, hardware components

SSH:

configuration

SNMP: Uptime, CPU, Memory,

Network Interface,  Network Interface Errors

SNMP: hardware status

  SSH: Running config, Startup config HP ProCurve
HP Value Series (19xx) Switches and Routers SNMP: OS, hardware model,

hardware serial, hardware components

SSH:

configuration

SNMP: Uptime, CPU, Memory,

Network Interface,  Network Interface Errors

  SSH: Startup config HP Value

Series (19xx) and HP 3Com

(29xx) Switch

 

HP 3Com (29xx)

Switches and

Routers

SNMP: OS, hardware model,

hardware serial, hardware components

SSH:

configuration

SNMP: Uptime, CPU, Memory,

Network Interface,  Network Interface Errors

  SSH: Startup config HP Value

Series (19xx) and HP 3Com

(29xx) Switch

HP HP/3Com

Comware Switches and Routers

SNMP: OS, hardware model,

hardware serial, hardware components

SSH:

configuration

SNMP: Uptime, CPU, Memory,

Network Interface,  Network Interface Errors

SNMP: hardware status

Syslog: Over 6000 vent types parsed for situations covering admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup config HP/3Com

ComWare

IBM Websphere

Application Server

SNMP or WMI: Running processes HTTP(S): Generic Information, Availability metrics, CPU / Memory metrics, Servlet metrics, Database pool metrics, Thread pool metrics,

Application level metrics, EJB metrics

    IBM

WebSphere

IBM DB2 Database

Server

SNMP or WMI: Running processes JDBC: Database Audit trail: Log on,

Database level and Table level

CREATE/DELETE/MODIFY operations

    IBM DB2
IBM ISS Proventia IPS

Appliances

    SNMP Trap: IPS Alerts: Over 3500 event types   IBM ISS

Proventia

IBM AIX Servers SNMP: OS,

Hardware,

Installed

Software,

Running

Processes, Open Ports

SSH: Hardware

details

SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down SSH: Disk I/O, Paging Syslog: General logs including Authentication

Success/Failure, Privileged logons,

User/Group Modification

  IBM AIX
IBM OS 400 (including iSeries)     Syslog via PowerTech Agent: Over 560 event types

Syslog via Townsend Agent

  IBM OS400
IBM Guardium

Database Firewall

         
Intel/McAfee McAfee Sidewinder

Firewall

SNMP: OS,

Hardware,

Installed

Software,

Running

Processes

SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start Syslog: Firewall logs   McAfee Firewall

Enterprise

(Sidewinder)

Intel/McAfee McAfee ePO SNMP: Related process name and parameters SNMP: Process resource utilization SNMP Trap: Over 170 event types   McAfee ePolicy

Orchestrator

(ePO)

Intel/McAfee Intrushield IPS SNMP: OS,

Hardware

SNMP: Hardware status Syslog: IPS Alerts   McAfee

IntruShield

Intel/McAfee Stonesoft IPS (now called Forcepoint)     Syslog: IPS Alerts   McAfee

Stonesoft

Intel/McAfee Web Gateway     Syslog: Web server log   McAfee Web

Gateway

Intel/McAfee Foundstone Vulnerability

Scanner

    JDBC: Vulnerability data   McAfee

Foundstone Vulnerability

Scanner

Infoblox DNS/DHCP

Appliance

SNMP: OS,

Hardware,

Installed

Software,

Running

Processes

SNMP: Zone transfer metrics, DNS

Cluster Replication metrics, DNS

Performance metrics, DHCP Performance metrics, DDNS Update metrics, DHCP subnet usage metrics

SNMP: Hardware Status

SNMP Trap: Hardware/Software Errors

Syslog: DNS logs – name resolution activity success and failures   Infoblox

DNS/DHCP

ISC Bind DNS     Syslog: DNS logs – name resolution activity success and failures   ISC BIND

DNS

 

Juniper JunOS

Router/Switch

SNMP: OS, Hardware

SSH:

Configuration

SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status Syslog: Over 1420 event types parsed for situations covering admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper

Networks

JunOS

Juniper SRX Firewalls SNMP: OS, Hardware SSH:

Configuration

SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status Syslog: Over 700 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper

Networks

JunOS

Juniper SSG Firewall SNMP: OS, Hardware

SSH:

Configuration

SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status Syslog: Over 40 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper

Networks

SSG Firewall

Juniper ISG Firewall SNMP: OS, Hardware

SSH:

Configuration

SNMP: CPU, Memory, Disk, Interface utilization, Hardware Status Syslog: Over 40 event types parsed for situations covering traffic log, admin access, configuration change, interface up/down and other hardware issues and internal errors SSH: Startup configuration Juniper

Networks

SSG Firewall

Juniper Steelbelted

RADIUS

Discovered via

LOG

  Syslog – 4 event types covering admin access and AAA authentication   Juniper

Networks

Steel-Belted

RADIUS

Juniper Secure Access

Gateway

SNMP: OS,

Hardware

SNMP: CPU, Memory, Disk, Interface utilization Syslog – Over 30 event types parsed for situations covering VPN login, Admin access, Configuration Change   Juniper

Networks SSL

VPN Gateway

Juniper Netscreen IDP     Syslog – directly from Firewall or via NSM –

Over 5500 IPS Alert types parsed

  Juniper

Networks IDP

Series

Juniper DDoS Secure     Syslog – DDoS Alerts   Juniper DDoS
Lantronix SLC Console

Manager

    Syslog – Admin access, Updates, Commands run   Lantronix SLC

Console

Manager

Liebert HVAC SNMP: Host Name, Hardware model SNMP: HVAC metrics: Temperature: current value, upper threshold, lower threshold, Relative Humidity: current value, upper threshold, lower threshold, System state etc     Liebert HVAC
Liebert FPC SNMP: Host Name, Hardware model SNMP: Output voltage (X-N, Y-N, Z-N),

Output current (X, Y. Z), Neutral

Current, Ground current, Output power,

Power Factor etc

    Liebert FPC
Liebert UPS SNMP: Host Name, Hardware model SNMP: UPS metrics: Remaining battery charge, Battery status, Time on

battery, Estimated Seconds Remaining, Output voltage etc

    Liebert UPS
Malwarebytes Endpoint

Protection

    Syslog (CEF format): Malware detected, quarantine success and failures    
Microsoft Windows 2000,

Windows 2003,

Windows 2008,

Windows 2008 R2,

Windows 2012,

Windows 2012 R2,

Windows 2014,

Windows 2016

SNMP: OS,

Hardware (for

Dell and HP),

Installed

Software,

Running

Processes

WMI: OS,

Hardware (for

Dell and HP),

BIOS, Installed

Software,

Running

Processes,

Services,

Installed Patches

SNMP: CPU, Memory, Disk, Interface utilization, Process utilization

WMI: SNMP: CPU, Memory, Disk,

Interface utilization, Detailed

CPU/Memory usage, Detailed Process utilization

WMI pulling: Security, System and Application logs

AccelOps Windows Agent (HTTPS): Security, System and Application logs, File Content change

Snare Agent (syslog): Security, System and Application logs

Correlog Agent (syslog): Security, System and Application logs

SNMP: Installed

Software Change

AccelOps

Windows Agent:

Installed

Software

Change,

Registry

Change

AccelOps

Windows Agent:

File Integrity

Monitoring

Microsoft

Windows

Servers

Microsoft DHCP Server –

2003, 2008

SNMP: Running

Processes

WMI: DHCP metrics:  request rate, release rate, decline rate, Duplicate

Drop rate etc

AccelOps Windows Agent (HTTPS): DHCP logs – release, renew etc

Snare Agent (syslog): DHCP logs – release, renew etc

Correlog Agent (syslog): DHCP logs release, renew etc

  Microsoft

DHCP (2003,

2008)

 

Microsoft DNS Server –

2003, 2008

SNMP: Running

Processes

WMI: DNS metrics: Requests received, Responses sent, WINS requests received, WINS responses sent, Recursive DNS queries received etc AccelOps Windows Agent (HTTPS): DNS logs – name resolution activity

Snare Agent (syslog): DNS logs – name resolution activity

Correlog Agent (syslog): DNS logs – name resolution activity

  Microsoft DNS

(2003, 2008)

Microsoft Domain Controller /

Active Directory 2003, 2008, 2012,

2014, 2016

SNMP: Running Processes

LDAP: Users

WMI: Active Directory metrics:

Directory Search Rate, Read Rate, Write Rate, Browse Rate, LDAP search rate, LDAP Bind Rate etc

WMI: “dcdiag -e” command output detect successful and failed domain controller diagnostic tests

WMI: “repadmin /replsummary” command output – Replication statistics

LDAP: Users with stale passwords, insecure password settings

    Microsoft

Active

Directory

Microsoft SQL Server – 2005,

2008, 2008R2,

2012, 2014

SNMP: Running

Processes

SNMP or WMI: Process resource usage

JDBC: General database info,

Configuration Info, Backup Info,

JDBC: Per-instance like Buffer cache hit ratio, Log cache hit ratio etc

JDBC: per-instance, per-database Performance metrics Data file size, Log file used, Log growths etc

JDBC: Locking info, Blocking info

JDBC: database error log

JDBC: Database audit trail

  Microsoft SQL

Server

Microsoft IIS versions SNMP: Running

Processes

SNMP or WMI: Process level resource usage

WMI: IIS metrics: Current Connections,

Max Connections, Sent Files, Received Files etc

AccelOps Windows Agent (HTTPS): W3C

Access logs – Per instance Per Connection Sent Bytes, Received Bytes, Duration

Snare Agent (syslog): W3C Access logs

Correlog Agent (syslog): W3C Access logs

  Microsoft IIS for Windows

2000 and 2003

Microsoft IIS for Windows

2008

Microsoft ASP.NET SNMP: Running

Processes

SNMP or WMI: Process level resource usage

WMI: Request Execution Time,

Request Wait Time, Current Requests,

Disconnected Requests etc

    Microsoft

ASP.NET

Microsoft Internet

Authentication

Server (IAS)

SNMP: Running

Processes

SNMP or WMI: Process level resource usage AccelOps Windows Agent (HTTPS): AAA

logs – successful and failed authentication

Snare Agent (syslog): AAA logs – successful and failed authentication

Correlog Agent (syslog): AAA logs successful and failed authentication

  Microsoft

Internet

Authentication

Server (IAS)

Microsoft HyperV Hypervisor   Powershell over winexe: Guest/Host CPU usage, Memory usage, Page fault, Disk Latency, Network usage     HyperV
Microsoft Sharepoint Server SNMP: Running

Processes

SNMP or WMI: Process level resource usage LOGBinder Agent: SharePoint logs – Audit trail integrity, Access control changes, Document updates, List updates, Container object updates, Object changes, Object

Import/Exports, Document views, Information

Management Policy changes etc

  Microsoft

SharePoint

Microsoft Exchange Server SNMP: Running

Processes

SNMP or WMI: Process level resource usage

WMI: Exchange performance metrics, Exchange error metrics, Exchange mailbox metrics, Exchange SMTP metrics, Exchange ESE Database, Exchange Database Instances,

Exchange Mail Submission Metrics,

Exchange Store Interface Metrics etc

    Microsoft

Exchange

 

Microsoft ISA Server SNMP: Running

Processes

SNMP or WMI: Process level resource usage AccelOps Windows Agent (HTTPS): W3C

Access logs – Per Connection – Sent Bytes, Received Bytes, Duration

Snare Agent (syslog): W3C Access logs

Correlog Agent (syslog): W3C Access logs

  Microsoft ISA

Server

Microsoft PPTP VPN

Gateway

    AccelOps Windows Agent (HTTPS): VPN Access – successful and failed

Snare Agent (syslog): VPN Access successful and failed

Correlog Agent (syslog): VPN Access successful and failed

  Microsoft

PPTP

Microsoft Office 365 Not Applicable Not Applicable Office365 Management Activity API: Close to 500 event types for situations covering login, file access, user/group creation/modification, file creation/modifications   Microsoft

Office365

Audit

Configuration

Motorola AirDefense

Wireless IDS

    Syslog: Wireless IDS logs   Motorola

AirDefense

Motorola WiNG WLAN

Access Point

    Syslog: All system logs: User authentication,

Admin authentication, WLAN attacks,

Wireless link health

  Motorola

WLAN

Mikrotek Mikrotech Switches and Routers Host name, OS,

Hardware model,

Serial number,

Components

SNMP: Uptime CPU utilization,

Network Interface metrics

    Mikrotek

Router

NetApp DataONTAP based

Filers

SNMP: Host name, OS, Hardware model,

Serial number, Network

interfaces, Logical volumes,

Physical Disks

SNMP: CPU utilization, Network

Interface metrics, Logical Disk Volume utilization

SNMP: Hardware component health, Disk health

ONTAP API: Detailed NFS V3/V4,

ISCSI, FCP storage IO metrics, Detailed LUN metrics, Aggregate metrics, Volume metrics, Disk performance metrics

SNMP Trap: Over 150 alerts – hardware and software alerts   NetApp Filer
Nimble NimbleOS Storage Host name, Operating system

version,

Hardware model,

Serial number, Network

interfaces, Physical Disks,

Components

SNMP: Uptime, Network Interface metrics, Storage Disk Utilization

SNMP: Storage Performance metrics:

Read rate (IOPS), Sequential Read

Rate (IOPS), Write rate (IOPS), Sequential Write Rate (IOPS), Read latency etc

    Nimble

Storage

Nessus Vulnerability

Scanner

    Nessus API: Vulnerability Scan results – Scan name, Host, Host OS, Vulnerability category,

Vulnerability name, Vulnerability severity,

Vulnerability CVE Id and Bugtraq Id,

Vulnerability CVSS Score, Vulnerability

Consequence etc

  Nessus

Vulnerability

Scanner

Nginx Web Server SNMP:

Application name

SNMP: Application Resource Usage Syslog: W3C access logs: per HTTP(S) connection: Sent Bytes, Received Bytes, Connection Duration   Nginx Web

Server

Nortel ERS Switches and

Routers

SNMP: Host name, OS, Hardware model,

Serial number,

Components

SNMP: Uptime CPU/memory

utilization, Network Interface metrics/errors, Hardware Status

    Nortel ERS and Passport

Switch

Nortel Passport Switches and Routers SNMP: Host name, OS, Hardware model,

Serial number,

Components

SNMP: Uptime CPU/memory

utilization, Network Interface metrics/errors, Hardware Status

    Nortel ERS and Passport

Switch

Nutanix Controller VM SNMP: Host name, OS, Hardware model,

Serial number, Network

interfaces, Physical Disks,

Components

SNMP: Uptime CPU/memory

utilization, Network Interface metrics/errors, Disk Status, Cluster

Status, Service Status, Storage Pool

Info, Container Info

    Nutanix
Okta.com SSO Okta API: Users   Okta API: Over 90 event types covering user activity in Okta website   Okta

Configuration

OpenLDAP OpenLDAP LDAP: Users        

 

Oracle Enterprise

Database Server –

10g, 11g, 12c

SNMP or WMI: Process resource usage JDBC: Database performance metrics: Buffer cache hit ratio, Row cache hit ratio, Library cache hit ratio, Shared pool free ratio, Wait time ratio, Memory Sorts ratio etc

JDBC: Database Table space information: able space name, table space type, table space  usage, table space free space, table space next extent etc

JDBC: Database audit trail: Database logon, Database operations including CREATE/ALTER/DROP/TRUNCATE

operations on tables, table spaces, databases, clusters, users, roles, views, table indices, triggers etc.

Syslog: Listener log, Alert log, Audit Log   Oracle

Database

Oracle MySQL Server SNMP or WMI:

Process resource usage

JDBC: User Connections, Table

Updates, table Selects, Table Inserts,

Table Deletes, Temp Table Creates, Slow Queries etc

JDBC: Table space performance metrics: Table space name, table space type, Character set and Collation, table space  usage, table space free space etc

JDBC: Database audit trail: Database log on, Database/Table

CREATE/DELETE/MODIFY operations

    MySQL Server
Oracle WebLogic

Application Server

SNMP or WMI: Process resource usage JMX: Availability metrics, Memory metrics, Servlet metrics, Database metrics, Thread pool metrics, EJB metrics, Application level metrics     Oracle

WebLogic

Oracle Glassfish

Application Server

SNMP or WMI: Process resource usage JMX: Availability metrics, Memory metrics, Servlet metrics, Session metrics, Database metrics, Request processor metrics, Thread pool metrics, EJB metrics, Application level metrics, Connection metrics     Oracle

GlassFish

Server

Oracle Sun SunOS and

Solaris

SNMP: OS,

Hardware,

Software,

Processes, Open Ports

SSH: Hardware

details

SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down SSH: Disk I/O, Paging Syslog: Situations covering Authentication

Success/Failure, Privileged logons,

User/Group Modification

  Sun Solaris

Server

Palo Alto

Networks

PAN-OS based

Firewall

SNMP: Host name, OS, Hardware, Network

interfaces

SSH:

Configuration

SNMP: Uptime, CPU utilization, Network Interface metrics, Firewall connection count Syslog: Traffic log, Threat log (URL, Virus, Spyware, Vulnerability, File, Scan, Flood and data subtypes), config and system logs SSH:

Configuration

Change

Palo Alto

Firewall

PulseSecure PulseSecure VPN     Syslog: VPN events, Traffic events, Admin events   PulseSecure
Qualys Vulnerability

Scanner

    Qualys API: Vulnerability Scan results – Scan name, Host, Host OS, Vulnerability category,

Vulnerability name, Vulnerability severity,

Vulnerability CVE Id and Bugtraq Id,

Vulnerability CVSS Score, Vulnerability

Consequence etc

  Qualys

Vulnerability

Scanner

Qualys Web Application

Firewall

    syslog (JSON formatted): web log analysis   Qualys Web

Application

Firewall

Rapid7 NeXpose Vulnerability Scanner     Rapid7 NeXpose API: Vulnerability Scan results – Scan name, Host, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulnerability CVE Id and Bugtraq Id, Vulnerability CVSS Score,

Vulnerability Consequence etc

  Rapid7

NeXpose Vulnerability Scanner

 

Riverbed Steelhead WAN

Accelerators

SNMP: Host name, Software

version,

Hardware model, Network

interfaces

SNMP: Uptime, CPU / Memory / Network Interface / Disk space

metrics,  Process cpu/memory

utilization

SNMP: Hardware Status

SNMP: Bandwidth metrics:

(Inbound/Outbound  Optimized Bytes –

LAN side, WAN side,

Connection metrics: Optimized/Pass through / Half-open optimized connections etc)

SNMP: Top Usage metrics: Top source, Top destination, Top Application, Top Talker

SNMP: Peer status: For every peer: State, Connection failures, Request timeouts, Max latency

SNMP Trap: About 115 event types covering software errors, hardware errors, admin login, performance issues – cpu, memory, peer latency issues

Netflow: Connection statistics

  Riverbed

SteelHead WAN

Accelerator

Redhat Linux SNMP: OS,

Hardware,

Software,

Processes, Open Ports

SSH: Hardware details, Linux distribution

SNMP: CPU, Memory, Disk, Interface utilization, Process monitoring, Process stop/start, Port up/down SSH: Disk I/O, Paging Syslog: Situations covering Authentication

Success/Failure, Privileged logons, User/Group Modification

SSH: File integrity monitoring, Command output monitoring, Target file monitoring

Agent: File integrity monitoring

SSH: File integrity monitoring, Target file monitoring

Agent: File integrity monitoring

Linux Server
Redhat JBOSS Application

Server

SNMP: Process

level

CPU/Memory usage

JMX: CPU metrics, Memory metrics,

Servlet metrics, Database pool metrics, Thread pool metrics, Application level metrics, EJB metrics

    Redhat

JBOSS

Redhat DHCP Server SNMP: Process

level

CPU/Memory usage

  Syslog: DHCP address release/renew events   Linux DHCP
Ruckus Wireless LAN SNMP: Controller host name, Controller hardware model, Controller network interfaces,

Associated

WLAN Access

Points

SNMP: Controller Uptime, Controller

Network Interface metrics, Controller

WLAN Statistics, Access Point

Statistics, SSID performance Stats

    Ruckus WLAN
Snort IPS SNMP: Process

level

CPU/Memory usage

  Syslog: Over 40K IPS Alerts

JDBC: Over 40K IPS Alerts – additional details including TCP/UDP/ICMP header and payload in the attack packet

  Snort IPS
Sophos Sophos Endpoint

Security and

Control

    SNMP Trap: Endpoint events including

Malware found/deleted, DLP events

  Sophos

Endpoint

Security and

Control

Squid Web Proxy SNMP: Process

level

CPU/Memory usage

  Syslog: W3C formatted access logs – per

HTTP(S) connection: Sent Bytes, Received

Bytes, Connection Duration

  Squid Web

Proxy

Symantec Symantec

Endpoint

Protection

    Syslog: Over 5000 event types covering end

point protection events –

malware/spyware/adware, malicious events

  Symantec

Endpoint

Protection

Symantec DLP          
TrendMicro Office scan     SNMP Trap: Over 30 event types covering

end point protection events –

malware/spyware/adware, malicious events

  Trend Micro

OfficeScan

TrendMicro Intrusion Defense

Firewall (IDF)

    Syslog: Over 10 event types covering end point firewall events   Trend Micro

IDF

TrendMicro Deep Security

Manager

    Syslog: Over 10 event types covering end point protection events    
Tufin SecureTrack     Syslog: Over 10 event types covering firewall policy management events    
Vasco DigiPass     Syslog – Successful and Failed

Authentications, Successful and Failed administrative logons

  Vasco

DigiPass

 

 

VMware VMware ESX and

VCenter

VMWare SDK: Entire VMware hierarchy and dependencies Data Center,

Resource Pool,

Cluster, ESX and

VMs

VMWare SDK: VM level: CPU, Memory, Disk, Network, VMware tool status

VMWare SDK: ESX level: CPU,

Memory, Disk, Network, Data store

VMWare SDK: ESX level: Hardware Status

VMWare SDK: Cluster level: CPU,

Memory, Data store, Cluster Status

VMWare SDK: Resource pool level: CPU, Memory

VMWare SDK: Over 800 VCenter events covering account creation, VM creation, DRS events, hardware/software errors   VMware Monitoring

Events

VMware vShield     Syslog: Over 10 events covering permitted and denied connections, detected attacks    
VMware VCloud Network and Security

(vCNS) Manager

    Syslog: Over 10 events covering various activities    
WatchGuard Firebox Firewall     Syslog: Over 20 firewall event types   WatchGuard

Firebox

Firewall

Websense Web Filter     Syslog: Over 50 web filtering events and web traffic logs   Websense

Web Filter

 

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.