Third-Party Log Collection supported vendors and products

Views:

View a partial list of the supported vendors and products for third-party log ingestion.

Logs from any product that can send logs in Syslog format (including CEF and LEEF formats) can be ingested into TrendAI Vision One™ via collectors connected to log repositories in Third-Party Log Collection. To ingest log data from products that do not support Syslog format or do not have dedicated connectors or integrations in TrendAI Vision One™, you must first convert the logs to Syslog format before forwarding the data to TrendAI Vision One™.

Note

TrendAI Vision One™ also provides dedicated connectors to ingest log data from the following cloud products:

Microsoft Defender for Endpoint
AWS CloudTrail
AWS VPC Flow Logs
AWS WAF
Amazon Route53 Resolver Query Logs
AWS EKS Audit Logs
AWS Security Hub
Azure Activity logs
Microsoft Entra ID

For more products with dedicated connectors in TrendAI Vision One™, including products that receive outbound data from TrendAI Vision One™, see Third-Party Integrations.

The following table provides a partial list of the supported vendors and products in Third-Party Log Collection:

Vendor

Product

1Password

1Password Extended Access Management
Extended Access Management

A10 Networks

Load Balancer

Abnormal AI

Abnormal Human Behavior AI Platform

Absolute Software Corporation

Absolute Secure Endpoint

Acalvio Technologies, Inc.

Alcalvio ShadowPlex

Active Countermeasures, Inc.

AC-Hunter

ADTRAN Holdings, Inc.

ADVA Fiber Service Platform

Advanced Micro Devices, Inc. (AMD)

Pensando DSS

Agiloft, Inc.

Agiloft Data-first Agreement Platform

Airlock Digital Pty Ltd

Airlock Digital Allowlisting

Akamai Technologies, Inc.

App & API Protector
Cloud Monitor
DataStream 2
Edge DNS
Enterprise Application Access
Guardicore Segmentation
SIEM Integration

Akeyless.io Ltd.

Akeyless Vaultless Platform

Alcatel-Lucent Enterprise

OmniSwitch

AlgoSec, Inc.

AlgoSec Security Management Suite

AlphaSOC, Inc.

AlphaSOC

Amazon Web Services, Inc.

Amazon API Gateway
Amazon Aurora
Amazon CloudFront
Amazon CloudWatch
Amazon EC2
Amazon EC2 Dedicated Host
Amazon ECS Container Insights
Amazon EMR
Amazon GuardDuty
Amazon Inspector
Amazon Macie
Amazon RDS
Amazon Redshift
Amazon Route 53
Amazon S3
Amazon Virtual Private Cloud
AWS Client VPN
AWS CloudTrail
AWS Config
AWS Control Tower
AWS Identity and Access Management (IAM)
AWS Key Management Service
AWS Lambda
AWS Network Firewall
AWS Security Hub
AWS Systems Manager Session Manager
AWS WAF
Elastic Load Balancing
VPC Flow Logs
VPC Flow Logs (CSV)
VPC Transit Gateway flow logs

Anomali Inc.

Anomali ThreatStream

Apache Software Foundation

Apache Cassandra
Apache Hadoop

Apache HTTP Server

Note

Trend Micro recommends adding a custom server_name field to the default access and error logs with the following updated log format directives:

LogFormat "%v %h %l %u %t \"%r\" %>s %O" common
LogFormat "%v %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
ErrorLogFormat "%v [%t] [%m:%l] [pid %P:tid %T] [client\ %a] %M"

For more information, see the Apache online help.

Apache Tomcat

Appian Corporation

Appian Protect

Apple Inc.

Endpoint Security
macOS

AppOmni Inc.

AppOmni SaaS Security Platform

Aqua Security Software Ltd

Aqua Platform

Archer Technologies LLC

Archer

Arctic Wolf Networks Inc.

Aurora Protect

Arista Networks, Inc.

Arista NDR
Arista switches
Converged Cloud Fabric (CCF)

Armis, Inc.

Armis Centrix
Armis Centrix for Early Warning
Armis Centrix for OT/ IoT Security
Armis Centrix for Vulnerability Prioritization and Remediation

Array Networks, Inc.

AG SSL VPN

Asimily Inc.

Asimily

Asset Panda LLC

Asset Panda

Atlassian Corporation Plc

Atlassian Cloud audit logs
Bitbucket
Confluence
Jira

Automation Anywhere, Inc.

Automation Anywhere

Avatier Corporation

Identity Anywhere Password Management

Avaya LLC

Avaya Experience Portal

Azion Corporation

Azion Edge Firewall

Barracuda Networks, Inc.

Barracuda CloudGen Firewall
Barracuda Email Protection
Barracuda Web Application Firewall
Barracuda Web Security Gateway

BeyondTrust Software, Inc.

BeyondInsight
BeyondTrust Endpoint Privilege Management
BeyondTrust Modern PAM activity logs
BeyondTrust Privileged Identity
BeyondTrust Privileged Remote Access

Bindplane, Inc.

Bindplane

Bitwarden, Inc.

Bitwarden

BlueCat Networks, Inc.

BlueCat Edge
BlueCat Integrity

BMC Software, Inc.

BMC AMI Defender
BMC Helix Client Management
BMC Helix Discovery

Box, Inc.

Broadcom Inc.

ACF2
Broadcom Support Portal
Brocade ServerIron ADX
Brocade switches
CA Access Control
CA Privileged Access Manager
Carbon Black App Control
Carbon Black EDR
Layer7 SiteMinder
LDAP Server for z/OS
Symantec Edge Secure Web Gateway (SWG)
Symantec SSL Visibility Appliance

Cambium Networks Corporation

cnMaestro

Cato Networks Ltd.

Cato SASE Cloud

CD Foundation

Jenkins

Censys, Inc.

Censys

Center for Internet Security, Inc. (CIS)

Albert Network Monitoring

Centripetal Networks, Inc.

CleanINTERNET

Cequence Security, Inc.

Cequence Bot Management

Check Point Software Technologies Ltd.

CloudGuard CNAPP
Harmony Connect
Harmony Email & Collaboration
Quantum firewalls
SandBlast
SmartDefense

Ciena Corporation

Ciena routers

Cimcor, Inc.

CimTrak

CircleCI, Inc.

CircleCI

Cisco Systems, Inc.

AnyConnect Secure Mobility Client
Catalyst SD_WAN
Cisco ACE
Cisco ACI
Cisco APIC
Cisco ASA
Cisco Catalyst Center
Cisco Cloudlock
Cisco Duo activity logs
Cisco Duo administrator actions
Cisco Duo entity context data
Cisco Duo Passport
Cisco Duo telephony logs
Cisco Duo user context
Cisco Event Streamer
Cisco Expressway
Cisco FireSIGHT Management Center
Cisco Firepower NGFW
Cisco IOS
Cisco IOS DHCP Server
Cisco Meraki
Cisco NX-OS
Cisco PIX
Cisco Prime
Cisco Secure Access Control Server
Cisco Secure Email
Cisco Secure Email and Web Manager
Cisco Secure Endpoint
Cisco Secure Network Analytics
Cisco Secure Web Appliance
Cisco Secure Workload
Cisco Services Modules
Cisco TrustSec
Cisco UCS
Cisco Umbrella
Cisco Umbrella Cloud-Delivered Firewall
Cisco Unified Communications Manager
Cisco Unity Connection
Cisco Vision Dynamic Signage Director
Cisco Wireless Control System
Cisco aWIPS
Cisco routers
Cisco switches
ISE
TACACS+

Cisco Talos

ClamAV

Citrix Systems, Inc.

Citrix Workspace
Monitor
NetScaler
StoreFront

Claroty, Inc.

Claroty Continuous Threat Detection (CTD)
Claroty Enterprise Management Console (EMC)
Claroty xDome

Cloud Native Computing Foundation

Fluentd
Keycloak
Kubectl auth-proxy
Kubernetes Audit Logs
Kubernetes Node

Cloudflare, Inc.

Cloudflare Area 1
Cloudflare Audit Logs
Cloudflare Network Analytics
Cloudflare Page Shield
Cloudflare WAF
Cloudflare for SaaS
WARP

Cloudian

Cloudian HyperStore

CloudM

CloudM Automate

CloudPassage, Inc.

CloudPassage Halo

Cofense, Inc.

Cofense PDR

Cohesity, Inc.

NetBackup

Colinet Trotta S.A.

GAUS mp

comforte AG

SecurDPS

Commvault Systems, Inc.

Commvault CommCell

Corelight, Inc.

Open NDR Platform

Cribl

Cribl Stream

CrowdStrike Holdings, Inc.

CrowdStrike Falcon Adversary Intelligence
CrowdStrike Falcon Endpoint Security
CrowdStrike Falcon Event Streams
CrowdStrike Falcon Identity Protection
CrowdStrike Falcon Next-Gen SIEM
Falcon FileVantage

CrushFTP, LLC

CrushFTP

Cyber 2.0

Cyber 2.0 Detection System

CyberArk Software Ltd.

CyberArk Endpoint Privilege Manager
CyberArk Privileged Access Manager
CyberArk Privileged Threat Analytics
CyberArk Secure Cloud Access

Cybereason

Cybereason EDR

Cynet

Cynet All-in-One

Cyolo Ltd.

Cyolo PRO

Darktrace Holdings Ltd

Darktrace / NETWORK

Datadog, Inc.

Datadog Network Monitoring

Dataminr

Dataminr First Alert

Datto, Inc.

Datto File Protection

Deep Instinct

Deep Instinct DSX

Delinea Inc.

Privileged Access Service
Privileged Remote Access
Secret Server
Secret Server Distributed Engine

Dell Technologies Inc.

CyberSense
Dell ECS
Dell EMC PowerScale
Dell OpenManage
Dell PowerProtect Data Domain
Dell PowerStore
Dell PowerSwitch

Department of Health and Human Services

Enterprise Security Services

Digi International

Digi Remote Manager

DigiCert Inc.

DigiCert Solutions Infrastructure Security

Digital Arts Inc.

i-Filter

Digital Monitoring Products

Physical security solutions

DNSFilter, Inc.

DNSFilter Data Export

DomainTools

Threat Intelligence Feeds

dope.security

dope.swg

Druva Inc.

Druva Data Protection

Edgio

Edgio WAF

EfficientIP

EfficientIP SOLIDserver DDI

Elastic

Auditbeat
Elastic Defend
Elasticsearch
Packetbeat
Winlogbeat

Emerson Electric Co.

File Scanning Framework (FSF)

Entrust Corp.

Entrust nShield HSM

Epic Systems Corporation

Epic

Ergon Informatik AG

Ergon Airlock IAM

ESET

ESET Enterprise Inspector
ESET NOD32 Antivirus
ESET Threat Intelligence

ExtraHop Networks

ExtraHop RevealX

Extreme Networks, Inc.

Extreme Networks switches
Extreme Platform ONE

F5, Inc.

BIG-IP Access Policy Manager
F5 BIG-IP Advanced Firewall Manager
F5 BIG-IP Advanced WAF
F5 BIG-IP Application Security Manager
F5 BIG-IP DNS
F5 BIG-IP Local Traffic Manager
F5 Distributed Cloud Services
F5 Silverline

Fastly, Inc.

Fastly CDN
Fastly Next-Gen Web Application Firewall

Fidelis Security

Fidelis Network Detection and Response

FileZilla

FileZilla

FingerprintJS, Inc.

Fingerprint

Fivetran

Fivetran

Forcepoint

Forcepoint CASB
Forcepoint Data Loss Prevention
Forcepoint Email Security
Forcepoint Next-Generation Firewall
Forcepoint Web Security

Forescout

eyeInspect
Forescout Network Access Control

Fortinet, Inc.

FortiAnalyzer
FortiAuthenticator
FortiClient
FortiDDoS
FortiEDR
FortiGate
FortiGate DCHP
FortiMail Email Security
FortiManager
FortiNAC
FortiProxy
FortiSandbox
FortiSwitch
FortiWeb
Lacework FortiCNAPP Polygraph

Fortra LLC

Clearswift
Digital Guardian
Digital Guardian Endpoint Detection & Response
Powertech SIEM Agent for IBM i

GFI Software

KerioControl Firewall

GitGuardian

GitGuardian

GitHub, Inc.

Dependabot
GitHub Enterprise

GitLab Inc.

GitLab Dedicated

GMV

Checker ATM Security

Google

ChromeOS XDR
Google Kubernetes Engine context logs
Google SecOps SOAR
Google SecOps custom IoCs
Google Workspace Admin Chrome Enterprise management
Mandiant Threat Intelligence

Google Cloud

Apigee
Cloud NGFW Enterprise
Cloud SWP
Compute context logs
Firewall Rule Logging
Google App Engine
Google BigQuery
Google Cloud Audit Logs
Google Cloud Compute Engine
Google Cloud Data Loss Prevention
Google Cloud DNS
Google Cloud Functions context logs
Google Cloud IDS
Google Cloud Identity and Access Management
Google Cloud Identity and Access Management IAM Policy Analyzer
Google Cloud IoT Core
Google Cloud Load Balancing
Google Cloud Monitoring
Google Cloud NAT
Google Cloud Resource Manager
Google Cloud Run
Google Cloud SQL
Google Cloud SQL context logs
Google Cloud Security Command Center Risk Engine
Google Cloud Security Command Center Security Posture Management
Google Cloud Security Command Center Threat Detection
Google Cloud Storage context logs
Looker
Network Connectivity Center
reCAPTCHA Enterprise
VPC Flow Logs

Google Open Source

Forseti Security

Google Workspace

Gmail Audit Logs
Google Workspace Activities
Google Workspace Admin Console ChromeOS device management
Google Workspace Admin Console group management
Google Workspace Admin Console mobile device management
Google Workspace Admin Console roles and privileges
Google Workspace Admin Console users
Google Workspace Alerts

Gresham Technologies

Prime EDM

H3C

Comware

HackerOne

HackerOne

Halcyon

Halcyon Anti-Ransomware Platform

Hannes von Haugwitz

AIDE (Advanced Intrusion Detection Environment)

HAProxy Technologies

HAProxy

Harness

Harness AI DevOps Platform

HashiCorp

HashiCorp Vault
Terraform Enterprise

HC Networks Co., Ltd.

Account@Adapter+

HCL Software

HCL BigFix

HID Global

DigitalPersona Reports

Hillstone Networks

Hillstone A-Series NGFW

Hitachi Vantara

Virtual Storage Platform One

Honeywell International Inc.

OnGuard

Hewlett Packard Enterprise

Aruba Networking Central
BladeSystem c7000
Integrated Lights-Out (iLO)
Nimble OS
ProCurve switch
Red Hat Enterprise Linux from HPE

HPE Aruba Networking

Aruba ClearPass
HPE Aruba Networking Central Gateway IDS/IPS
HPE Aruba Networking EdgeConnect SD-WAN
HPE Aruba Networking Management Software (AirWave)
HPE Aruba Networking switches
HPE Aruba Networking wireless devices

HPE Juniper Networking

Juniper AI-driven SD-WAN
Juniper Mist
Juniper MX Series routers
Juniper NGFW
Junos OS

Huawei Technologies Co., Ltd.

Huawei switches

HYPR

HYPR Identity Assurance Platform

IBM

IBM AIX
IBM CICS Transaction Server
IBM Cloud Activity Tracker
IBM DataPower Gateway
IBM Db2
IBM DS8000
IBM Guardium
IBM i
IBM Informix
IBM MaaS360
IBM OpenPages with Watson
IBM Power Systems
IBM QRadar SIEM
IBM QRadar SOAR
IBM Security Access Manager for Web WebSEAL
IBM Security Identity Manager
IBM Security Verify
IBM Security Verify Access
IBM Security Verify SaaS
IBM Security zSecure Alert
IBM Tape Storage Solutions
IBM Tivoli
IBM Websphere Application Server
IBM z/OS

iboss

iboss Secure Cloud Gateway

Illumio

Illumio Core

Infoblox, Inc.

Infoblox DDI solutions
Infoblox DNS Firewall with RPZ
Infoblox Threat Defense

InfoExpress, Inc.

CyberGatekeeper

Ingrian Networks, Inc.

Ingrian DataSecure Appliance

Intel

Intel Endpoint Management Assistant

Intel 471

Verity471

Internet Systems Consortium, Inc.

BIND
ISC DHCP
Kea DHCP

InterSystems

InterSystems Caché

ION Group

ION Spectrum

IONIX

IONIX Attack Surface Management

Island

Island Enterprise Browser

Jadaptive

LogonBox Authenticator

Jamf

Jamf Pro
Jamf Pro CMDB
Jamf Pro context logs
Jamf Protect alerts
Jamf Protect telemetry
Jamf Protect threat events
Jamf Security Cloud

Jfrog

JFrog Artifactory

JumpCloud

JumpCloud Directory Insights

Kaspersky

Kaspersky Antivirus
Kaspersky Endpoint Security

Keeper Security

Keeper Enterprise Security

Kemp Technologies

Kemp LoadMaster

Kisi

Kisi Access Control

Kiteworks, Inc.

Kiteworks Data Loss Prevention (DLP) Solution
Kiteworks Private Data Network

KnowBe4

PhishER

Kong

Kong Gateway

Kyriba

Kyriba Treasury Management

LastPass

LastPass Password Management

LexisNexis Risk Solutions

FircoSoft

LimaCharlie

LimaCharlie SecOps Cloud

Linkshadow

LinkShadow CyberMeshX

Linux Foundation

Falco
ISC DHCP
Linux Auditing System (Auditd)
systemd journald

Lookout, Inc.

Lookout Mobile Endpoint Security

Lucid Software Inc.

Lucid

Malwarebytes

ThreatDown Endpoint Detection and Response

Mandiant, Inc. (Google)

Mandiant Alerts

MariaDB Corporation

MariaDB

Mattermost, Inc

Mattermost

Microsoft

Internet Information Services for Windows® Server

Note

The default supported W3C fields for an IIS server are the following:

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

For more information, see the Microsoft online help.

Sysmon for Linux

Mimecast Limited

Aware Governance & Compliance Suite
Aware Signal Application
Mimecast Incydr

Motorola Solutions, Inc.

Avigilon Unity Access

NCR Corporation

D3 Digital Banking

Netwrix Corporation

Endpoint Protector by CoSoSys

Niels Provos

Honeyd

Okta, Inc.

Auth0

Open Identity Platform Community

OpenAM
OpenDJ
OpenIdM

Open Text Corporation

OpenText Enterprise Security Manager

Paessler

PRTG

Palo Alto Networks, Inc.

Prisma SD-WAN

Ping Identity Corporation

ForgeRock Identity Cloud

Planetcast Media Services Limited

MAM.c

Progress Software

MOVEit Transfer
MOVEit Transfer SFTP

Proofpoint, Inc.

ET PRO

Red Hat, Inc.

Ansible AWX

ReliaQuest

Digital Shadows SearchLight
GreyMatter Threat Intelligence

S.C. Bitdefender S.R.L.

GravityZone Endpoint Detection and Response (EDR)

SentinelOne, Inc.

SentinelOne Singularity

Thales Group

CipherTrust Manager
Imperva Advanced Bot Protection
Imperva CEF logs
Imperva Data Risk Analytics
Imperva Data Security Fabric
Imperva FlexProtect
Imperva SecureSphere
Imperva Web Application Firewall
SafeNet Trusted Access
SentinelOne Singularity
Thales Attack Analytics
Thales File Activity Monitoring

Trellix

Skyhigh Security
Trellix Data Loss Prevention
Trellix ePO
Trellix ePolicy Orchestrator
Trellix Email MPS
Trellix Email Security
Trellix Endpoint Forensics
Trellix Endpoint Forensics audit logs
Trellix Enterprise Security Manager
Trellix MVISION Cloud Access Security Broker
Trellix Network Security
Trellix Network Security audit logs
Trellix Packet Capture

Xcitium

Xcitium

Zoho Corporation

ManageEngine AD360
ManageEngine ADAudit Plus
ManageEngine ADManager Plus
ManageEngine Log360
ManageEngine Reporter Plus

Comments (0)