Home
%3CLINGO-SUB%20id%3D%22lingo-sub-803891%22%20slang%3D%22en-US%22%3EThe%20Syslog%20and%20CEF%20source%20configuration%20grand%20list%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-803891%22%20slang%3D%22en-US%22%3E%3CP%3EMost%20network%20and%20security%20systems%20support%20either%20Syslog%20or%20%3CA%20href%3D%22https%3A%2F%2Fcommunity.microfocus.com%2Ft5%2FArcSight-Connectors%2FArcSight-Common-Event-Format-CEF-Implementation-Standard%2Fta-p%2F1645557%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ECEF%3C%2FA%3E(which%20stands%20for%20Common%20Event%20Format)%20over%20Syslog%20as%20means%20for%20sending%20data%20to%20a%20SIEM.%20This%20makes%20Syslog%20or%20CEF%20the%20most%20straight%20forward%20ways%20to%20stream%20security%20and%20networking%20events%20to%20Azure%20Sentinel.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20advantage%20of%20CEF%20over%20Syslog%20is%20that%20it%20ensures%20the%20data%20is%20normalized%20making%20it%20more%20immediately%20useful%20for%20analysis%20using%20Sentinel%2C%20however%2C%20unlike%20many%20other%20SIEM%20products%2C%20Sentinel%20allows%20ingesting%20unparsed%20Syslog%20events%20and%20performing%20analytics%20on%20them%20using%20query%20time%20parsing.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20number%20of%20systems%20supporting%20Syslog%20or%20CEF%20is%20in%20the%20hundreds%2C%20making%20the%20table%20below%20by%20no%20means%20comprehensive.%20We%20will%20update%20this%20list%20continuously.%20The%20table%20provides%20links%20to%20the%20source%20device's%20vendor%20documentation%20for%20configuring%20the%20device%20to%20send%20events%20in%20Syslog%20or%20CEF.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20style%3D%22height%3A%202219px%3B%22%20title%3D%22Table%22%20width%3D%22755%22%3E%0A%3CTBODY%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EVendor%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3E%3CSTRONG%3EProduct%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3E%3CSTRONG%3EConnector%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CSTRONG%3EInformation%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3EAkamai%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3ECEF%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper.akamai.com%2Ftools%2Fintegrations%2Fsiem%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EInstructions%3C%2FA%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EApache%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3Ehttpd%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ESyslog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.loggly.com%2Fultimate-guide%2Fcentralizing-apache-logs%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EUsing%20rsyslog%20or%20logger%20as%20a%20file%20forwarder%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3ECarbon%20Black%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3EDefense%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ESyslog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper.carbonblack.com%2Freference%2Fcb-defense%2Fintegrations%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3ECarbon%20Black%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3EResponse%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ESyslog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper.carbonblack.com%2F2016%2F06%2Fcb-event-forwarder-3.2.0-released%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ECheckpoint%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3ECEF%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-checkpoint%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESentinel%20Built%20in%20CEF%20connector%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%20193px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20193px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ECisco%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20193px%3B%20width%3A%20158px%3B%22%3EASA%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20193px%3B%20width%3A%2088.6667px%3B%22%3ECisco%20(CEF)%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20193px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3ESentinel%20built-in%20CEF%20connector%3C%2FP%3E%0A%3CP%3ENotes%3A%3C%2FP%3E%0A%3CP%3E-%20Cisco%20ASA%20support%20uses%20Sentinel's%20CEF%20pipeline.%20However%2C%20Cisco's%20logging%20is%20not%20in%20CEF%20format.%3C%2FP%3E%0A%3CP%3E-%20Make%20sure%20you%20disable%20logging%20timestamp%20using%20%22no%20logging%20timestamp%22.%20See%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fsecurity%2Fasa%2Fasa82%2Fcommand%2Freference%2Fcmd_ref%2Fl2.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3Ehere%3C%2FA%3E%26nbsp%3Bfor%20more%20details.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ECisco%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3ECloud%20Security%20Gateway%20(CWS)%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3ECEF%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3EUse%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Ftd%2Fdocs%2Fsecurity%2Fwsa%2FAdvanced_Reporting%2FWSA_Advanced_Reporting_6%2FAdvanced_Web_Security_Reporting_6_3.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3ECisco%20Advanced%20Web%20Security%20Reporting%3C%2FA%3E.%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ECisco%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3EWeb%20Security%20Appliances%20(WSA)%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3ECEF%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3EUse%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Ftd%2Fdocs%2Fsecurity%2Fwsa%2FAdvanced_Reporting%2FWSA_Advanced_Reporting_6%2FAdvanced_Web_Security_Reporting_6_3.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3ECisco%20Advanced%20Web%20Security%20Reporting%3C%2FA%3E.%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3ECisco%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3E%3CP%3EMeraki%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ESyslog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocumentation.meraki.com%2FzGeneral_Administration%2FMonitoring_and_Reporting%2FSyslog_Server_Overview_and_Configuration%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocumentation.meraki.com%2FzGeneral_Administration%2FMonitoring_and_Reporting%2FSyslog_Event_Types_and_Log_Samples%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EEvent%20Types%20and%20Log%20Samples%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ECisco%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3EFirepower%20Threat%20Defense%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3ESyslog%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fsecurity%2Ffirepower%2F601%2Fconfiguration%2Fguide%2Ffpmc-config-guide-v601%2FConfiguring_External_Alerting.html%3FbookSearch%3Dtrue%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ECisco%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3EIronPort%20Web%20Security%20Appliance%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3ESyslog%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwiki.splunk.com%2FSet_up_Splunk_for_Cisco_IronPort_Web_Security_Appliance%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ECisco%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3EUmbrella%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3ECEF%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3EUse%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.cisco.com%2Fc%2Fdam%2Fen%2Fus%2Ftd%2Fdocs%2Fsecurity%2Fwsa%2FAdvanced_Reporting%2FWSA_Advanced_Reporting_6%2FAdvanced_Web_Security_Reporting_6_3.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3ECisco%20Advanced%20Web%20Security%20Reporting%3C%2FA%3E.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ECirtix%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3ENetScaler%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3ESyslog%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.citrix.com%2Farticle%2FCTX121728%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper-docs.citrix.com%2Fprojects%2Fnetscaler-syslog-message-reference%2Fen%2F12.0%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EMessage%20format%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ECitrix%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3ENetScaler%20App%20FW%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3ECEF%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.citrix.com%2Farticle%2FCTX136146%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EInstructions%3C%2FA%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3ECrowdStrike%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3EFalcon%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ECEF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3EUse%20a%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.crowdstrike.com%2Fresources%2Fdata-sheets%2Ffalcon-connector%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ESIEM%20connector%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Einstalled%20on%20premises%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%20111px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20111px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3ECyberArk%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20111px%3B%20width%3A%20158px%3B%22%3E%3CSPAN%3EPrivileged%20Access%20Security%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20111px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ECEF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20111px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.cyberark.com%2FProduct-Doc%2FOnlineHelp%2FPAS%2FLatest%2Fen%2FContent%2FPTA%2FOutbound-Sending-%2520PTA-syslog-Records-to-SIEM.htm%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.cyberark.com%2FProduct-Doc%2FOnlineHelp%2FPAS%2FLatest%2Fen%2FContent%2FPTA%2FCEF-Based-Format-Definition.htm%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMessage%20format%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ENote%20that%20a%26nbsp%3B%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Sentinel%2FCannot-get-CommonSecurityLog-Events-to-show-in-Sentinel-quot%2Fm-p%2F508132%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Echange%20is%20required%20in%20the%20MMA%20configuration%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EDarktrace%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3EImmune%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ECEF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3ESee%20%3CA%20href%3D%22https%3A%2F%2Fwww.darktrace.com%2Fen%2Fpress%2F2016%2F73%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eannouncement%3C%2FA%3E.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EF5%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3EWAF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ECEF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-f5%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESentinel%20Built-in%20connector%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%20138px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20138px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EF5%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20138px%3B%20width%3A%20158px%3B%22%3E%3CP%3EBigIP%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20138px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ESyslog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20138px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.f5.com%2Fcsp%2Farticle%2FK13080%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechdocs.f5.com%2Fkb%2Fen-us%2Fproducts%2Fbig-ip_ltm%2Fmanuals%2Fproduct%2Ftmos-implementations-11-5-1%2F23.html%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ETLS%20instructions%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ENote%20that%20F5%20BigIP%20also%20supports%20%3CA%20href%3D%22https%3A%2F%2Fclouddocs.f5.com%2Fproducts%2Fextensions%2Ff5-telemetry-streaming%2Flatest%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Edirect%20integration%3C%2FA%3Ewith%20Sentinel%20(also%20see%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fmicrosofteur.sharepoint.com%2F%3Av%3A%2Ft%2FAzureSentinelProductInfo%2FEYoEiJ0yaXFCqkySHspyz6YByAYIkehOSSvbBQn6UoxiJQ%3Fe%3De5pkhR%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EHow%20to%20video%3C%2FA%3E)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2084px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EFortinet%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20158px%3B%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%2088.6667px%3B%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-fortinet%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESentinel%20Built-in%20CEF%20connector%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.fortinet.com%2Fdocument%2Ffortigate%2F6.2.0%2Flog-message-reference%2F524940%2Fintroduction%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ELog%20message%20reference%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.fortinet.com%2Fdocument%2Ffortigate%2F6.2.0%2Flog-message-reference%2F604144%2Fcef-support%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ECEF%20mapping%20and%20examples%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EIBM%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3E%3CP%3EzSecure%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ECEF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3ESee%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.ibm.com%2Fsupport%2Fknowledgecenter%2Fen%2FSS2RWS_2.3.0%2Fcom.ibm.zsecure.doc_2.3.0%2Fabout_this_release%2Fabout_rel_whats_new.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EWhat's%20new%20for%20zSecure%20V2.3.0%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ENote%20that%20it%20supports%20alerts%20only.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EImperva%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3ESecureSphere%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ECEF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.imperva.com%2Fdocs%2FSB_Imperva_SecureSphere_CEF_guide.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3EKaspersky%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3ESecurity%20Center%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3ESyslog%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fhelp.kaspersky.com%2FKSC%2FEventExport%2Fen-US%2F140022.htm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EInstructions%3C%2FA%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2084px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EMcAfee%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20158px%3B%22%3E%3CP%3EePO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ESyslog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.mcafee.com%2Fbundle%2Fepolicy-orchestrator-5.9.1-product-guide%2Fpage%2FGUID-5C5332B3-837A-4DDA-BE5C-1513A230D90A.html%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26amp%3Bid%3DKB87927%26amp%3Bactp%3Dnull%26amp%3Bviewlocale%3Den_US%26amp%3BshowDraft%3Dfalse%26amp%3Bplatinum_status%3Dfalse%26amp%3Blocale%3Den_US%26amp%3Bbk%3Dn%26amp%3B_ga%3D2.110407365.1184558696.1552347886-1519183354.1550404246%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EKB%20Article%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ENote%3A%20TLS%20only%20(requires%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.rsyslog.com%2Fdoc%2Fv8-stable%2Ftutorials%2Ftls_cert_summary.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ersyslog%20TLS%20configuration)%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EMcAfee%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3EWeb%20Gateway%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ECEF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fcommunity.mcafee.com%2Ft5%2FDocuments%2FWeb-Gateway-Understanding-syslog-send-logs-to-your-SIEM-or-other%2Fta-p%2F554145%23toc-hId-440677315%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EPalo%20Alto%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3EPanOS%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ECEF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fconnect-paloalto%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESentinel%20Built-in%20CEF%20connector%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%20166px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20166px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EPalo%20Alto%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20166px%3B%20width%3A%20158px%3B%22%3E%3CP%3ETraps%20through%20Cortex%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20166px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ESyslog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20166px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.paloaltonetworks.com%2Ftraps%2Ftms%2Ftraps-management-service-admin%2Fview-and-manage-logs%2Fforward-traps-logs-to-a-syslog-server%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ENotes%3A%3C%2FP%3E%0A%3CP%3E-%20Require%20rsyslog%20configuration%20to%20support%20RFC5424%3C%2FP%3E%0A%3CP%3E-%20TLS%20only%20(requires%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.rsyslog.com%2Fdoc%2Fv8-stable%2Ftutorials%2Ftls_cert_summary.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ersyslog%20TLS%20configuration%3C%2FA%3E)%3C%2FP%3E%0A%3CP%3E-%20The%20certificate%20has%20to%20be%20signed%20by%20a%20public%20CA%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%20111px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20111px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ESonicWall%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20111px%3B%20width%3A%20158px%3B%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20111px%3B%20width%3A%2088.6667px%3B%22%3ECEF%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%20111px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fhelp.sonicwall.com%2Fhelp%2Fsw%2Feng%2F7020%2F26%2F2%2F3%2Fcontent%2FLog_Syslog.120.2.htm%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EMake%20sure%20you%3A%3CBR%20%2F%3E-%20Select%20local%20use%204%20as%20the%20facility.%3C%2FP%3E%0A%3CP%3E-%20Select%20ArcSight%20as%20the%20Syslog%20format.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2084px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ESquid%20Proxy%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20158px%3B%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%2088.6667px%3B%22%3ESyslog%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20357.333px%3B%22%3EConfigure%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22http%3A%2F%2Fwww.squid-cache.org%2FDoc%2Fconfig%2Faccess_log%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3Eaccess%20logs%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ewith%20either%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwiki.squid-cache.org%2FFeatures%2FLogModules%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3ETCP%20of%20UDP%20modules%3C%2FA%3E.%20Sentinel's%20built-in%20queries%20use%20the%20default%20log%20format.%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2084px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3ESymantec%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20158px%3B%22%3E%3CP%3EWSG%20(Bluecoat)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ESyslog%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.symantec.com%2Fdocs%2FTECH242216%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ENote%20that%20only%26nbsp%3BTCP%20is%20supported%20which%20requires%20rsyslog%20configuration%20to%20use%20TCP.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ESymantec%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSTRONG%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3EEndpoint%20Protection%20Manager%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3ESyslog%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.symantec.com%2Fen_US%2Farticle.HOWTO81169.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EInstructions%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ESymantec%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3ECloud%20Workload%20Protection%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3EAPI%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.symantec.com%2Fus%2Fen%2Farticle.howto130011.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EInstructions%3C%2FA%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3ETrend%20Micro%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ECEF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fesupport.trendmicro.com%2Fmedia%2F13970354%2FTMCM_SIEM_Integration.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EUsing%20Control%20Manager%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fdocs.trendmicro.com%2Fen-us%2Fenterprise%2Fcontrol-manager-70%2Ftools-and-additional%2Fusing-logforwarder%2Fconfiguring-logforwa.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EUsing%20LogForwarder%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2029px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20150px%3B%22%3E%3CP%3E%3CSTRONG%3EVaronis%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20158px%3B%22%3E%3CP%3EDatAlert%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%2088.6667px%3B%22%3E%3CP%3ECEF%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2029px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Finfo.varonis.com%2Fhubfs%2Fdocs%2Fsplunk-app%2FVaronis-App-for-Splunk-User-Guide.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2084px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3ENetApp%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20158px%3B%22%3EONTAP%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%2088.6667px%3B%22%3ESyslog%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2084px%3B%20width%3A%20357.333px%3B%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.netapp.com%2Fontap-9%2Findex.jsp%3Ftopic%3D%2Fcom.netapp.doc.dot-cm-sag%2FGUID-9F8EB0DF-12F5-4DA9-B14B-34487DE3717D.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EInstructions%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ENote%20that%20those%20are%20management%20activity%20audit%20logs%20and%20not%20file%20usage%20activity%20logs.%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2056px%3B%22%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20150px%3B%22%3E%3CSTRONG%3EzScaler%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20158px%3B%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%2088.6667px%3B%22%3ECEF%3C%2FTD%3E%0A%3CTD%20valign%3D%22top%22%20style%3D%22height%3A%2056px%3B%20width%3A%20357.333px%3B%22%3ESee%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fhelp.zscaler.com%2Fzia%2Fdocumentation-knowledgebase%2Fanalytics%2Fnss%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EzScaler%20NSS%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eand%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.zscaler.com%2Fresources%2Fsolution-briefs%2Fpartner-hp-arcsight.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%20data-interception%3D%22on%22%3EArcSight%20integration%20guide%3C%2FA%3E.%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-803891%22%20slang%3D%22en-US%22%3E%3CP%3EWant%20to%20connect%20a%20source%20system%20to%20Sentinel%20to%20send%20events%3F%20The%20chances%20are%20that%20it%20supported%20streaming%20events%20using%20Syslog%20or%20CEF.%20This%20article%20provides%20pointers%20for%20configuring%20different%20security%20and%20networking%20systems%20to%20send%20events%20using%20Syslog%20or%20CEF.%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

Most network and security systems support either Syslog or CEF (which stands for Common Event Format) over Syslog as means for sending data to a SIEM. This makes Syslog or CEF the most straight forward ways to stream security and networking events to Azure Sentinel.

 

The advantage of CEF over Syslog is that it ensures the data is normalized making it more immediately useful for analysis using Sentinel, however, unlike many other SIEM products, Sentinel allows ingesting unparsed Syslog events and performing analytics on them using query time parsing. 

 

The number of systems supporting Syslog or CEF is in the hundreds, making the table below by no means comprehensive. We will update this list continuously. The table provides links to the source device's vendor documentation for configuring the device to send events in Syslog or CEF.

 

Vendor

Product

Connector

Information

Akamai   CEF Instructions

Apache

httpd

Syslog

Using rsyslog or logger as a file forwarder

Carbon Black

Defense

Syslog

Instructions

Carbon Black

Response

Syslog

Instructions

Checkpoint   CEF

Sentinel Built in CEF connector

Cisco ASA Cisco (CEF)

Sentinel built-in CEF connector

Notes:

- Cisco ASA support uses Sentinel's CEF pipeline. However, Cisco's logging is not in CEF format.

- Make sure you disable logging timestamp using "no logging timestamp". See here for more details.

Cisco Cloud Security Gateway (CWS) CEF Use the Cisco Advanced Web Security Reporting.
Cisco Web Security Appliances (WSA) CEF Use the Cisco Advanced Web Security Reporting.

Cisco

Meraki

Syslog

Instructions

Event Types and Log Samples

Cisco Firepower Threat Defense Syslog

Instructions

Cisco IronPort Web Security Appliance Syslog

Instructions

Cisco Umbrella CEF

Use the Cisco Advanced Web Security Reporting.

Cirtix NetScaler  Syslog

Instructions

Message format

Citrix NetScaler App FW CEF Instructions

CrowdStrike

Falcon

CEF

Use a SIEM connector installed on premises

CyberArk

Privileged Access Security

CEF

Instructions

Message format

Note that a  change is required in the MMA configuration

Darktrace

Immune

CEF

See announcement.

F5

WAF

CEF

Sentinel Built-in connector

F5

BigIP

Syslog

Instructions

TLS instructions

Note that F5 BigIP also supports direct integration with Sentinel (also see the How to video)

Fortinet

   

Sentinel Built-in CEF connector

Log message reference

CEF mapping and examples

IBM

zSecure

CEF

See What's new for zSecure V2.3.0

Note that it supports alerts only.

Imperva

SecureSphere

CEF

Instructions

Kaspersky Security Center  Syslog Instructions

McAfee

ePO

Syslog

InstructionsKB Article

Note: TLS only (requires rsyslog TLS configuration)

McAfee

Web Gateway

CEF

Instructions

Palo Alto

PanOS

CEF

Sentinel Built-in CEF connector

Palo Alto

Traps through Cortex

Syslog

Instructions

Notes:

- Require rsyslog configuration to support RFC5424

- TLS only (requires rsyslog TLS configuration)

- The certificate has to be signed by a public CA

SonicWall   CEF

Instructions

Make sure you:
- Select local use 4 as the facility.

- Select ArcSight as the Syslog format.

Squid Proxy   Syslog Configure access logs with either the TCP of UDP modules. Sentinel's built-in queries use the default log format.

Symantec

WSG (Bluecoat)

Syslog

Instructions

Note that only TCP is supported which requires rsyslog configuration to use TCP.

Symantec   Endpoint Protection Manager Syslog Instructions  
Symantec Cloud Workload Protection API Instructions

Trend Micro

 

CEF

Using Control Manager

Using LogForwarder

Varonis

DatAlert

CEF

Instructions

NetApp ONTAP Syslog

Instructions

Note that those are management activity audit logs and not file usage activity logs.

zScaler   CEF See zScaler NSS and the ArcSight integration guide.