Supported data sources

A data source might not be supported by all versions of McAfee ESM. Check compatibility before adding the data source. Some data sources have additional requirements.

Important: In many cases, integrations will work with newer versions of third-party products than those listed. Exceptions to this are 1) log file format changes in third-party products that require SIEM parsing rule modifications and 2) code changes in third-party products that require new code-based SIEM collectors.
Vendor Product Name Device Type Verified Versions Parser Method of Collection ESM Version Notes
A10 Networks Load Balancer Load Balancer All ASP Syslog 10.0 and later AX Series
Accellion Secure File Transfer Application All ASP Syslog 10.0 and later
Access Layers Portnox NAC 2.x ASP Syslog 10.0 and later
Adtran Bluesocket Wireless Access Point All ASP Syslog 10.0 and later
NetVanta Network Switches and Routers All ASP Syslog 10.0 and later
AirTight Networks SpectraGuard Application All ASP Syslog 10.0 and later
Alcatel-Lucent NGN Switch Switch All ASP Syslog 10.0 and later
VitalQIP Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
Amazon CloudTrail Generic N/A ASP API 10.x to 11.2.x
SQS Generic N/A ASP API 11.3.0 and later Parsing support for CloudTrail, CloudWatch, and GuardDuty. You can also create custom parsers for other log data retrieved from an SQS queue.
American Power Conversion Uninterruptible Power Supply Power Supplies All ASP Syslog 10.0 and later
Ansible Ansible System Management 3.5.3 ASP Syslog 10.1.0 and later
Apache Software Foundation Apache Web Server Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies 1.x, 2.x ASP Syslog 10.0 and later
Apple Inc. Mac OS X Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
Arbor Networks Peakflow SP Network Switches and Routers 2.x ASP Syslog 10.0 and later
Peakflow X Network Switches and Routers All ASP Syslog 10.0 and later
Pravail IDS / IPS All ASP Syslog 10.0 and later
ArcSight Common Event Format Event Format All ASP Syslog 10.0 and later
Aruba Aruba OS Wireless Access Point N/A Code Based Syslog 10.0 and later
ClearPass Wireless Access Point 5.x ASP Syslog 10.0 and later
Attivo Networks BOTsink Generic 3.3 ASP Syslog 10.0 and later
Avecto Privilege Guard (ePO) IAM / IDM 3.x ASP ePO - SQL 10.0 and later
Axway SecureTransport Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
Barracuda Networks Spam Firewall Security Appliances / UTMs 3.x, 4.x ASP Syslog 10.0 and later
Web Application Firewall Security Appliances / UTMs All ASP Syslog 10.0 and later
Barracuda Web Filter Security Appliances / UTMs All ASP Syslog 10.0 and later
BeyondTrust BeyondInsight Auditing 6.0 ASP Syslog 10.0 and later
BeyondTrust REM Vulnerability Systems All N/A N/A 10.0 and later
BeyondTrust Retina Vulnerability Systems All N/A N/A 10.0 and later
Bit9 Bit9 Security Platform / Parity Suite - CEF Application All ASP Syslog 10.0 and later
Bit9 Security Platform / Parity Suite Application All ASP Syslog 10.0 and later
Carbon Black IDS / IPS All ASP Syslog 10.0 and later
Blue Coat Director Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
ProxySG Web Content / Filtering / Proxies 4.x-6.x ASP Syslog 10.0 and later Access Log
Reporter Application 9.5.1 ASP Syslog 10.0 and later Cloud Access Log
Blue Ridge Networks BorderGuard Firewall 5000, 6000 ASP Syslog 10.0 and later
BlueCat Networks BlueCat DNS/DHCP Server Application All ASP Syslog 10.0 and later
Bradford Networks Campus Manager NAC / Network Switches and Routers All ASP Syslog 10.0 and later
Bro Network Security Monitor Bro Network Security Monitor Network Security All ASP Syslog 10.0 and later
Brocade BigIron, FastIron and NetIron Network Switches and Routers 7.5 ASP Syslog 10.0 and later
IronView Network Manager NAC / Network Switches and Routers All ASP Syslog 10.0 and later
VDX Switch Network Switches and Routers All ASP Syslog 10.0 and later
CA Technologies DataMinder - CEF DLP All ASP Syslog 10.0 and later CEF Format
SiteMinder Web Access All ASP Syslog 10.0 and later
Cerner Cerner P2 Sentinel Healthcare Auditing All Code Based McAfee Event Format 10.0 and later
Check Point Check Point Firewall All ASP OPSEC 10.0 and later Firewall 1, Edge, Enterprise, Express, NG, NGX, SmartEvent, and VPN
Check Point via Splunk Firewall All ASP Syslog 10.0 and later Using Splunk app
Cimcor CimTrak Management Console Configuration Management All Code Based McAfee Event Format 10.0 and later
Cisco ASA NSEL Firewall / Flow All Netflow Netflow 10.0 and later
CATOS v7xxx Host / Server / Operating Systems / Network Switches and Routers 6.x, 7.x ASP Syslog 10.0 and later
Content Security Management Security Management 13.x ASP Syslog 10.0 and later
Firepower Management Center - eStreamer Other All ASP Syslog 10.0 and later
CSA Console Host / Server / Operating Systems / IDS / IPS Code Based SQL 10.0 and later
IDS / IPS 5.x, 6.x ASP eStreamer 10.0 and later
Firepower Management Center - Syslog IDS / IPS 5.3.x, 5.4.x, 6.x ASP Syslog 10.0 and later
IDS / IPS All ASP Syslog 10.0 and later
Identity Services Engine Other All ASP Syslog 10.0 and later
IDS (4.x+ RDEP protocol) IDS / IPS 4.x SDEE 10.0 and later
IOS IDS / IPS / Network Switches and Routers 12.x ASP Syslog 10.0 and later ACL, IOS FW, IOS IDS and DSP
IOS ACL Network Switches and Routers 12.x Use Cisco IOS data source.
IOS EAP IDS / IPS / Network Switches and Routers 12.x Use Cisco IOS data source.
IOS Firewall Firewall / Network Switches and Routers 12.x Use Cisco IOS data source.
IOS IDS IDS / IPS / Network Switches and Routers 12.x Use Cisco IOS data source.
IOS IPS (SDEE protocol) Application Protocol All SDEE HTTP 10.0 and later
IronPort Email Security Email Security 6.x, 7.x ASP Syslog 10.0 and later
IronPort Web Security Appliance Web Content / Filtering / Proxies 6.x, 7.x ASP Syslog 10.0 and later
MDS Network Switches and Routers All ASP Syslog 10.0 and later
Meraki Wireless All ASP Syslog 10.0 and later
NAC Appliance NAC / Network Switches and Routers All ASP Syslog 10.0 and later Formerly Clean Access
NX-OS IDS / IPS / Network Switches and Routers 4.x, 5.x ASP Syslog 10.0 and later
Open TACACS+ Authentication All ASP Syslog 10.0 and later
PIX IDS IDS / IPS / Network Switches and Routers 12.x Use Cisco PIX/ASA/FWSM data source.
PIX/ASA/FWSM Firewall / IDS / IPS 5.x ASP Syslog 10.0 and later
Secure ACS IDS / IPS 3.x, 4.x ASP Syslog 10.0 and later
Unified Communications Applications All ASP Syslog 10.0 and later
Unified Computing System Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
WAAS Applications / Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
WAP200 Wireless Access Point All ASP Syslog 10.0 and later
Wireless Control System Network Switches and Routers All ASP Syslog 10.0 and later
Wireless LAN Controller Network Switches and Routers All ASP Syslog 10.0 and later
Citrix NetScaler (AppFlow) Flow All IPFix IPFix 10.0 and later
NetScaler Web Content / Filtering / Proxies All ASP Syslog 10.0 and later Secure Gateway and NetScaler Web also supported
Secure Gateway Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
Cluster Labs Pacemaker Application 1.x ASP Syslog 10.0 and later
Code Green TrueDLP Data Loss Prevention DLP 8.x ASP Syslog 10.0 and later
Cofense Cofense Intelligence Correlation ASP Syslog 10.0 and later CEF format is supported.
Cofense Triage Email Security 2.0 ASP Syslog 10.0 and later CEF format is supported.
Cooper Power Systems Cybectec RTU Network Switches and Routers 5.x, 6.x ASP Syslog 10.0 and later
Yukon IED Manager Suite Application All ASP Syslog 10.0 and later
Corero Corero IPS IDS / IPS All ASP Syslog 10.0 and later
Corvil Security Analytics Security Management 10.0 ASP Syslog 10.0 and later
Critical Watch Critical Watch FusionVM Vulnerability Systems All N/A N/A 10.0 and later
CyberArk Enterprise Password Vault Application 5.x ASP Syslog 10.0 and later
Privileged Identity Management Suite - CEF Application All ASP Syslog 10.0 and later
Privileged Threat Analytics UEBA 3.1 ASP Syslog 10.0 and later CEF format is supported.
Cyberoam Cyberoam UTM and NGFW UTM / Firewall 10.0 ASP Syslog 10.0 and later
Cylance CylancePROTECT Antivirus 1.4.2 ASP Syslog 10.0 and later
Cyrus Cyrus IMAP and SASL Messaging 2.x ASP Syslog 10.0 and later
D-Link NetDefend UTM Firewall UTM All ASP Syslog 10.0 and later
Damballa Failsafe Anti-Malware All ASP Syslog 10.0 and later
Dell Aventail Virtual Private Network 10.x ASP Syslog 10.0 and later
SonicOS Firewall All ASP Syslog 10.0 and later
PowerConnect Switches Network Switches and Routers All ASP Syslog 10.0 and later
DenyAll rWeb Firewall / DoS rweb 4.1, 4.1.1.1, 4.1.3.2 ASP Syslog 10.0 and later
DG Technology - InfoSec Mainframe Event Acquisition System MainFrame 5.x, 6.x ASP Syslog 10.0 and later DG Technology MEAS agent, DB2/IMS/Datacom/IDMS, CICS, FTP, MasterConsole, RACF/Top Secret/ACF2, Telnet, VSAM/BDAM/PDS, TCP/IP, SMP/E, Authorized Load Libraries, RMF Performance Data, Batch Job and Started, Tasks Start/Stop, Top Secret, Type 80
Digital Defense Digital Defense Frontline Vulnerability Systems All N/A N/A 10.0 and later
Digital Guardian Digital Guardian Platform DLP All ASP Syslog 10.0 and later
Dragos Dragos Platform Security Management 1.5 ASP Syslog 11.3.0 and later
Econet Sentinel IPS IDS / IPS All ASP Syslog 10.0 and later
EdgeWave iPrism Web Security Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
Enforcive Cross-Platform Audit MainFrame All ASP Syslog 10.0 and later Formerly Bsafe, AS/400, DB2/IMS/Datacom/IDMS, FTP, RACF/Top Secret/ACF2, Telnet, VSAM/BDAM/PDS
Enterasys Networks Dragon IPS IDS / IPS 1.x-7.x ASP Syslog 10.0 and later
Enterasys N and S Switches Network Switches and Routers 7.x ASP Syslog 10.0 and later
Enterasys Network Access Control Network Switches and Routers 7.x ASP Syslog 10.0 and later
Entrust IdentityGuard Application All ASP Syslog 10.0 and later
Epic Clarity - CEF Healthcare Application 2015 ASP Syslog 10.0 and later Specific auditing events
Clarity - SQL Pull Healthcare Application 2010, 2012, 2014 ASP SQL 10.0 and later
Ergon Airlock WAF Firewall 6.0 ASP Syslog 10.0 and later
Exabeam Exabeam UEBA UEBA 2.8 ASP Syslog 10.0 and later
Extreme Networks ExtremeWare XOS Network Switches and Routers 7.x, 8.x ASP Syslog 10.0 and later Alpine, BlackDiamond and Summit
F5 Networks BIG-IP Access Policy Manager Network Switches and Routers All ASP Syslog 10.0 and later
BIG-IP Application Security Manager - CEF Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
Firepass SSL VPN Virtual Private Network All ASP Syslog 10.0 and later
BIG_IP Local Traffic Manager - LTM Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
FairWarning Patient Privacy Monitoring Application Security 2.9.x Code Based McAfee Event Format 10.0 and later
Fidelis Fidelis XPS Network Security Applicance All ASP Syslog 10.0 and later
FireEye FireEye Malware Protection System - CEF Antivirus/Malware 5.x ASP Syslog 10.0 and later
Fluke Networks AirMagnet Enterprise Network Switches and Routers 8.x ASP Syslog 10.0 and later
Force10 Networks FTOS Network Switches and Routers All ASP Syslog 10.0 and later
ForeScout CounterACT Network Switches and Routers 5.x and 6.x ASP Syslog 10.0 and later
CounterACT CEF Network Switches and Routers 7.x ASP Syslog 10.0 and later
Fortinet FortiAuthenticator Authentication 3.x ASP Syslog 10.0 and later
FortiGate UTM - Comma Delimited Firewall All ASP Syslog 10.0 and later
FortiGate UTM - Space Delimited Firewall All ASP Syslog 10.0 and later
FortiMail Email 6.x ASP Syslog 10.0 and later
FortiManager Firewall All ASP Syslog 10.0 and later
FortiWeb Web Application Firewall Firewall All ASP Syslog 10.0 and later
Fortscale Fortscale UEBA UEBA 2.7 ASP Syslog 10.0 and later
FreeRADIUS FreeRADIUS Authentication All ASP Syslog 10.0 and later
Fujitsu IPCOM Firewall / IDS / IPS All ASP Syslog 10.0 and later
Generic Advanced Syslog Parser Other All ASP Syslog 10.0 and later
CIFS/SMB File Source Other N/A Code Based File pull 10.0 and later ELM only
FTP/FTPS File Source Other N/A Code Based File pull 10.0 and later ELM only
HTTP/HTTPS File Source Other N/A Code Based File pull 10.0 and later ELM only
McAfee Event Format Other N/A Code Based McAfee Event Format 10.0 and later
NFS File Source Other N/A Code Based File pull 10.0 and later ELM only
SCP File Source Other N/A Code Based File pull 10.0 and later ELM only
SFTP File Source Other N/A Code Based File pull 10.0 and later ELM only
GFI GFI LanGuard VA Scanner All Code Based File pull 10.0 and later
Gigamon GigaVUE Switches and Routers All ASP Syslog 10.0 and later
GitHub GitHub Enterprise Application 2.13.0 ASP Syslog 10.0 and later
Global Technology Associates GNAT Box Firewall 5.3.x ASP Syslog 10.0 and later
Globalscape Enhanced File Transfer (EFT) File Transfer 7.x ASP McAfee Event Format 10.0 and later
Good Technology Good Mobile Control Application All ASP Syslog 10.0 and later
Google Search Appliance Application All ASP Syslog 10.0 and later
Gurucul Gurucul Risk Analytics UEBA 6.2 ASP Syslog 10.0 and later
HashiCorp Vault ASP Syslog 10.1.0 and later
HBGary Active Defense UTM All ASP Syslog 10.0 and later
Hewlett-Packard 3Com Switches Switches and Routers All ASP Syslog 10.0 and later
LaserJet Printers Printers All ASP Syslog 10.0 and later
OpenVMS Operating Systems SYSLOG Client for OpenVMS 1.x ASP Syslog 10.0 and later Supported through "SYSLOG Client for OpenVMS", by Framework Solutions LLC
ProCurve Network Switches and Routers All ASP Syslog 10.0 and later
Virtual Connect Application Devices 4.4x ASP Syslog 10.0 and later
Hitachi ID Systems Identity and Access Management Suite Authentication ASP Syslog 10.0 and later
HyTrust HyTrust CloudControl NAC 3.x, 4.x ASP Syslog 10.0 and later
IBM DB2 LUW 10.0 and later, DB2 for Z/OS with CorreLog, DB2 for iSeries (AS/400) with Raz-Lee Database 8.x, 9.x, 10.x 10.0 and later Supported through McAfee Data Center Security Suite for Databases
Guardium Database Activity Monitoring 6.x, 7.x ASP Syslog 10.0 and later
ISS SiteProtector Security Management All Code Based SQL 10.0 and later
MainFrame MainFrame All Use DG Technoloty MEAS Parser.
Proventia GX Other All ASP Syslog 10.0 and later
System Z DB2 Database All Use DG Technoloty MEAS Parser.
Tivoli Endpoint Manager - BigFix Host / Server / Operating Systems / Other All ASP Syslog 10.0 and later Linux Agent Required
Tivoli Identity Manager - SQL Pull IAM / IDM All ASP SQL 10.0 and later
WebSphere Application Server Application 7.0 ASP File pull 10.0 and later
WebSphere DataPower SOA Appliances Application 4.x ASP Syslog 10.0 and later
z/OS, z/VM MainFrame Use DG Technoloty MEAS Parser.
Imperva WAF/DAM - CEF Database All ASP Syslog 10.0 and later
Indegy Security Platform Security Management All ASP Syslog 10.0 and later
Infoblox NIOS Application All ASP Syslog 10.0 and later
InterSect Alliance Snare for AIX Other All ASP Syslog 10.0 and later
Snare for Solaris Other All ASP Syslog 10.0 and later
Snare for Windows Other All ASP Syslog 10.0 and later
Interset Interset UEBA 4.1 ASP Syslog 10.0 and later
Invincea Enterprise - CEF Host / Server / Operating Systems / Other All ASP Syslog 10.0 and later
IPFIX IPFIX Network Flow Collection All IPFix IPFix 10.0 and later
Ipswitch WS_FTP Application All ASP Syslog 10.0 and later
iScan Online iScan Online Vulnerability Systems All N/A N/A 10.0 and later
Itron Itron Enterprise Edition Smart Grid Application All ASP Syslog 10.0 and later
Jflow Jflow (Generic) Network Flow Collection 5, 7, 9 Netflow 10.0 and later
Juniper Networks Juniper Secure Access/MAG VPN All ASP Syslog 10.0 and later
JUNOS - Structured-Data Format Network Switches and Routers All ASP Syslog 10.0 and later
JUNOS Router Network Switches and Routers All ASP Syslog 10.0 and later
NetScreen / IDP Network Switches and Routers All ASP Syslog 10.0 and later
Network and Security Manager - NSM Applications / Host / Server / Operating Systems All ASP Syslog 10.0 and later
Secure Access version 7 VPN 5.x-7.x ASP Syslog 10.0 and later
Steel Belted Radius Radius Server 5.x ASP Syslog 10.0 and later
Kaspersky Administration Kit - SQL Pull Antivirus All ASP SQL 10.0 and later
KEMP Technologies LoadMaster Network Switches and Routers 4.x, 5.x ASP Syslog 10.0 and later
Kerio Technologies Kerio Control Firewall All ASP Syslog 10.0 and later
Lancope StealthWatch IDS / IPS / Network Switches and Routers 6.x ASP Syslog 10.0 and later
LANDESK LANDESK Vulnerability Systems All N/A N/A 10.0 and later
Lastline Lastline Enterprise - CEF UTM 7.3 ASP Syslog 10.0 and later CEF syslog format is covered by the data source.
Legacy Event Center Other All ASP Syslog 10.0 and later
Informant IDS / IPS All ASP Syslog 10.0 and later
Lieberman Enterprise Random Password Manager Application All ASP Syslog 10.0 and later XML
Locum RealTime Monitor Application All ASP Syslog 10.0 and later
LOGbinder LOGbinder for SharePoint (SP) Application 4.0, 5.0, 5.1 ASP Syslog 10.0 and later CEF and Standard Syslog formats are covered by the LOGbinder data source.
LOGbinder for Exchange (EX) Application 2.0, 2.5, 3.0, 3.1 ASP Syslog 10.0 and later
LOGbinder for SQL Server (SQL) Application 1.5, 2.0, 2.1, 2.5 ASP Syslog 10.0 and later
Lumension Device Control - Endpoint Manager Security Suite (L.E.M.S.S.) DLP 8 ASP Syslog 10.0 and later
Bouncer - CEF Application 5.x ASP Syslog 10.0 and later
Bouncer Application 4.x ASP Syslog 10.0 and later
Lumension Vulnerability Systems All N/A N/A 10.0 and later
MailGate, Ltd. MailGate Server Applications / Security Management / Host / Server / Operating Systems 3.5 ASP Syslog 10.0 and later
Malwarebytes Breach Remediation Antivirus / Anti-Malware 2.6.2 ASP Syslog 10.0 and later CEF syslog format is covered by the data source.
Management Console Antivirus / Anti-Malware 1.7 ASP Syslog 10.0 and later Management Console, part of Malwarebytes Enterprise Endpoint Security, sends security events generated by Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit running on managed endpoints. ESM supports CEF formatted syslog.
McAfee Advanced Threat Defense Antimalware 3.2.2.4x ASP Syslog / DXL 10.0 and later
AntiSpyware (ePO) Antivirus All ASP ePO - SQL 10.0 and later
Application and Change Control (ePO) Web Content / Filtering / Proxies All ASP ePO - SQL 10.0 and later
Asset Manager Sensor Asset Management All ASP Syslog 10.0 and later
Correlation Engine Other All Correlation 10.0 and later
McAfee Database Security - CEF Database All ASP Syslog 10.0 and later
McAfee Database Security (ePO) Database All ASP ePO - SQL 10.0 and later
Deep Defender (ePO) Other All ASP ePO - SQL 10.0 and later
Email Gateway - CEF Web Content / Filtering / Proxies 6.x ASP Syslog 10.0 and later
EWS v5 / Email Gateway Original Format - Legacy Web Content / Filtering / Proxies 5.x ASP Syslog 10.0 and later
IronMail - Legacy Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
Endpoint Encryption (ePO) Application All ASP ePO - SQL 10.0 and later
Endpoint Protection for Mac (ePO) Antivirus 2.0 ASP Syslog 10.0 and later
Endpoint Security Firewall (ePO) Firewall 10.2 ASP ePO - SQL 10.0 and later
Endpoint Security Platform (ePO) Auditing 10.2 ASP ePO - SQL 10.0 and later
Endpoint Security Threat Prevention (ePO) Application 10.2 ASP ePO - SQL 10.0 and later
Endpoint Security Web Control (ePO) Application 10.2 ASP ePO - SQL 10.0 and later
ePO Audit Log (ePO) Other All ASP ePO - SQL 10.0 and later
ePolicy Orchestrator Other All ASP ePO - SQL 10.0 and later
ePolicy Orchestrator Agent (ePO) Applications / Security Management / Host / Server / Operating Systems 3.x ASP ePO - SQL 10.0 and later
Firewall Enterprise Firewall / IDS / IPS 8.x ASP Syslog 10.0 and later
Firewall for Linux (ePO) Firewall 8.x ASP Syslog 10.0 and later
Host Data Loss Prevention (ePO) DLP All ASP ePO - SQL 10.0 and later
Host Intrusion Prevention (ePO) IDS / IPS 6.x ASP ePO - SQL 10.0 and later
Informant IDS / IPS All ASP Syslog 10.0 and later
McAfee ACE Correlation All 10.0 and later
McAfee Application Data Monitor Application All Code Based 10.0 and later
McAfee Database Activity Monitoring (DAM) Database All Code Based 10.0 and later
McAfee Enterprise Log Manager
McAfee Enterprise Security Manager
McAfee Event Receiver
McAfee Event Receiver/ELM
McAfee Security for Domino Windows (ePO) Web Content / Filtering / Proxies All ASP ePO - SQL 10.0 and later
McAfee Security for Microsoft Exchange (ePO) Web Content / Filtering / Proxies All ASP ePO - SQL 10.0 and later
McAfee Vulnerability Manager Vulnerability Systems All N/A N/A 10.0 and later
McAfee MOVE AntiVirus (ePO) Antivirus All ASP ePO - SQL 10.0 and later
MVISION Cloud DLP All ASP Syslog 10.0 and later
MVISION Mobile Mobile Device Management All ASP GWAPI 11.1.1 and later
McAfee MVISION ePO All ASP GWAPI 11.2.0 and later
McAfee Network Access Control (ePO) Other All ASP ePO - SQL 10.0 and later
McAfee DLP Monitor DLP All ASP Syslog 10.0 and later
McAfee Network Security Manager - SQL Pull IDS / IPS 6.x ASP SQL 10.0 and later
McAfee Network Security Manager IDS / IPS 6.x ASP Syslog 10.0 and later
Network Threat Response IDS / IPS 4.0.0.5, 4.1 ASP Code-Based API 10.0 and later
McAfee Next Generation Firewall - Stonesoft IDS / IPS All ASP Syslog 10.0 and later
Nitro IPS IDS / IPS All ASP Syslog 10.0 and later
One Time Password Authentication 3.1 ASP Syslog 10.0 and later
McAfee Policy Auditor (ePO) Policy Server All ASP ePO - SQL 10.0 and later
SaaS Email Protection Email Security All ASP File Pull 10.0 and later
SiteAdvisor (ePO) Other All ASP ePO - SQL 10.0 and later
Threat Intelligence Exchange Reputation Server 1.0.0 ASP ePO - DXL 10.0 and later
UTM Firewall Firewall All ASP Syslog 10.0 and later
VirusScan (ePO) Antivirus All ASP ePO - SQL 10.0 and later
Web Gateway Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
WebShield Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
MEDITECH Caretaker HealthCare Application All ASP Syslog 10.0 and later
Microsoft ACS - SQL Pull Applications / Host / Server / Operating Systems All ASP SQL 10.0 and later
Adiscon Windows Events Applications / Host / Server / Operating Systems All Code Based Syslog 10.0 and later
Assets via Active Directory Asset All 10.0 and later
Advanced Threat Analytics UEBA All ASP Syslog 10.0 and later
Azure Other All ASP GWAPI 11.2.0 and later
Event Forwarding Applications / Host / Server / Operating Systems 2008 WMI MEF - McAfee SIEM Agent 10.0 and later
Exchange Applications / Host / Server / Operating Systems 2007, 2010, 2013 ASP File pull / McAfee SIEM Agent 10.0 and later Message Tracking Logs
Forefront Client Security HIPS 2010 ASP SQL 10.0 and later
Forefront EndPoint Protection HIPS 2010 ASP SQL 10.0 and later See System Center 2012 Endpoint Protection.
Forefront Threat Management Gateway / Internet Security and Acceleration - W3C Firewall / Host / Server / Operating Systems / Web Content / Filtering / Proxies / Virtual Private Networks All ASP File pull 10.0 and later
Forefront Threat Management Gateway - SQL Pull IDS / IPS 2010 ASP SQL 10.0 and later
Forefront Unified Access Gateway IDS / IPS 2010 ASP Syslog 10.0 and later
Internet Authentication Service - Database Compatible Format Web Content / Filtering / Proxies 2008, 2008 R2, 2012 ASP File Pull 10.0 and later Database-Compatible Format
Internet Authentication Service - Formatted Web Content / Filtering / Proxies 2000, 2003, 2008 ASP File Pull 10.0 and later IAS Legacy Format
Internet Authentication Service - XML Web Content / Filtering / Proxies 2008 R2, 2012 ASP File Pull 10.0 and later DTS Compliant Format
Internet Information Services - FTP Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP File pull / McAfee SIEM Agent 10.0 and later
Internet Information Services - SMTP Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP File pull / McAfee SIEM Agent 10.0 and later
Internet Information Services Host / Server / Operating Systems / Web Content / Filtering / Proxies All ASP File pull / McAfee SIEM Agent 10.0 and later
Microsoft Active Directory Other All WMI WMI 10.0 and later
Microsoft Exchange Server Other 2007, 2010 WMI WMI 10.0 and later
Microsoft SQL Server Database All WMI WMI 10.0 and later
MSSQL Database 2000 10.0 and later Supported through McAfee Data Center Security Suite for Databases
MSSQL Error Log Database All ASP SQL C2 10.0 and later
MSSQL Server C2 Audit Database 2000, 2005, 2008 Code Based MEF - McAfee SIEM Agent 10.0 and later
Network Policy Server Policy Server All ASP Syslog 10.0 and later
Office 365 Applications ASP API 10.1.0 and later Premium Azure AD Account Required
PhoneFactor Application All ASP Syslog 10.0 and later
SharePoint Host / Server / File Management 2007, 2010 ASP Syslog 10.0 and later
System Center 2012 EndPoint Protection HIPS 2012 ASP SQL 10.0 and later Supported through the Endpoint Protection - SQL Pull data source.
System Center Operations Manager Security Management 2007 Code Based MEF - McAfee SIEM Agent 10.0 and later
Windows DHCP Debug DHCP Logs 2003, 2008 ASP File pull / McAfee SIEM Agent 10.0 and later
Windows DNS Debug DNS Logs 2003, 2008 ASP File pull / McAfee SIEM Agent 10.0 and later
Windows Event Log - CEF Applications / Host / Server / Operating Systems All ASP Syslog 10.0 and later
Windows Event Log - WMI Applications / Host / Server / Operating Systems XP, Windows 7, Windows 8, Windows 10, Server 2003, Server 2008, Server 2012, Server 2016 WMI WMI 10.0 and later Windows 8 is supported in ESM version 10.0 and later.
Mimecast Mimecast Email 2017 Mimecast M3R ASP NGC 11.3.0 and later
Motorola AirDefense Wireless Switch All ASP Syslog 10.0 and later
NetApp Data ONTAP Storage 7.x ASP Syslog 10.0 and later
DataFort Storage Switch All ASP Syslog 10.0 and later
FAS Storage All 10.0 and later Use NetApp Data OnTap data source.
NetFlow Generic NetFlow Flow 5, 7, 9 NetFlow NetFlow 10.0 and later
NetFort Technologies LANGuardian Applications / Security Management / Host / Server / Operating Systems All ASP Syslog 10.0 and later
NetIQ Security Manager Network Switches and Routers / Security Management 5.1 ASP Syslog 10.0 and later
Sentinel Log Manager Network Switches and Routers / Security Management All ASP Syslog 10.0 and later
NetWitness Informer - CEF Application All ASP Syslog 10.0 and later
Spectrum - CEF Malware All ASP Syslog 10.0 and later URL Integration
NGS NGS SQuirreL Vulnerability Systems All N/A N/A 10.0 and later
Niara Niara UEBA 1.5 ASP Syslog 10.0 and later
Niksun NetDetector Other All ASP Syslog 10.0 and later
Nortel Networks Contivity VPN Network Switches and Routers 7.x ASP Syslog 10.0 and later
Passport 8000 Series Switches Network Switches and Routers 7.x ASP Syslog 10.0 and later
VPN Gateway 3050 Virtual Private Network 8.x ASP Syslog 10.0 and later
Novell eDirectory Applications / Security Management / Host / Server / Operating Systems All ASP Syslog 10.0 and later
Identity and Access Management - IAM IAM / IDM All ASP Syslog 10.0 and later
nPulse CPX Flow and Packet Capture Packet Capture All N/A N/A 10.0 and later URL Integration
ObserveIT ObserveIT UBA 7.5 ASP File pull / McAfee SIEM Agent 10.0 and later
Okta Okta Authentication All ASP API 11.3.0 and later
OpenVAS OpenVAS Vulnerability Systems All N/A N/A 10.0 and later
OpenVPN OpenVPN VPN 2.1 ASP Syslog 10.0 and later
Oracle Audit Vault and Database Firewall Database / Firewall 12.x ASP Syslog 10.0 and later
Directory Server Enterprise Edition Authentication 11 ASP Syslog 10.0 and later Also covers: Sun ONE Server and Sun Java Directory Server Enterprise Edition
Identity Manager - SQL Pull IAM / IDM 9.1.0.1 ASP SQL 10.0 and later
Internet Directory Authentication 11 ASP File pull / McAfee SIEM Agent 10.0 and later
MySQL on Linux Database 5.1, 5.5, 5.6, and 5.7 on Linux 10.0 and later Supported through McAfee Data Center Security Suite for Databases
Oracle Database 8.1.7 and later running on Sun Solaris, IBM AIX, Linux, HP-UX, Microsoft Windows, including Oracle RAC and Oracle Exadata 10.0 and later Supported through McAfee Data Center Security Suite for Databases
Oracle Audit - SQL Pull Database 9i, 9i - fine grained audit, 10g, 11g, 12c, 12c - Unified Audit Table ASP SQL 10.0 and later Supports standard and fine grain audits as well as Unified Audits introduced in 12c.
Oracle Audit - XML File Pull Database 10g, 11g, 12c ASP SQL 10.0 and later
Oracle Audit Database 9i, 10g, 11g, 12c ASP Syslog 10.0 and later
Real Application Clusters - RAC Database 11g ASP File Pull 10.0 and later Parses the Event Manager Log (evmd.log)
Solaris Basic Security Module - BSM Host / Server / Operating Systems 9.x, 10.x ASP Syslog 10.0 and later
WebLogic Other 8.1.x ASP Syslog 10.0 and later
Osiris Host Integrity Monitor Host / Server / Operating Systems / IDS / IPS ASP Syslog 10.0 and later ISAKMP, RADIUS, SECURITY, Accounting, RIP, VR messages only
Palo Alto Networks Palo Alto Firewalls Firewall All ASP Syslog 10.0 and later
Postfix Postfix Application All ASP Syslog 10.0 and later
PostgreSQL PostgreSQL Database 10.0 running on Linux 10.0 and later Supported through McAfee Data Center Security Suite for Databases
PostgreSQL Database All ASP Syslog 10.0 and later
PowerTech Interact - CEF Host All ASP Syslog 10.0 and later
Prevoty Prevoty Application Security 3.2.1 ASP Syslog 10.0 and later Requires Log4j on Prevoty
Proofpoint Messaging Security Gateway Application 7.2 and below ASP Syslog 10.0 and later
Targeted Attack Protection Security Management current (web application) ASP API 11.3 and later
Qualys Qualys QualysGuard Vulnerability Systems All N/A N/A 10.0 and later
Quest ChangeAuditor for Active Directory Applications All WMI WMI 10.0 and later
Radware AppDirector Network Switches and Routers All ASP Syslog 10.0 and later
AppWall Firewall All ASP Syslog 10.0 and later
DefensePro IDS / IPS 2.4.3 ASP Syslog 10.0 and later
LinkProof/FireProof Network Switches and Routers All ASP Syslog 10.0 and later
Rapid7 Rapid7 Metasploit Pro Vulnerability Systems 3.x N/A N/A 10.0 and later
Rapid7 Nexpose Vulnerability Systems All N/A N/A 10.0 and later
Raytheon SureView Application All ASP Syslog 10.0 and later
Raz-Lee Security iSecurity Suite Application All ASP Syslog 10.0 and later
Red Hat JBoss / WildFly v8 Application Server Jboss 7.x WildFly v8.x ASP Syslog 10.0 and later
RedSeal Networks RedSeal 6 Risk Compliance All ASP Syslog 10.0 and later
ReversingLabs N1000 Network Security Appliance IDS / IPS 3.2.1.2 ASP Syslog 10.0 and later
RioRey DDoS Protection Firewall / DoS RIOS 5.0, 5.1, 5.2 ASP Syslog 10.0 and later
Riverbed Steelhead Security Appliances / UTMs 5.x ASP Syslog 10.0 and later
RSA Authentication Manager Authentication 7.x ASP Syslog 10.0 and later
SafeNet Hardware Security Modules Application Security All ASP Syslog 10.0 and later
Saint Saint Vulnerability Systems All N/A N/A 10.0 and later
SAP Enterprise Threat Detection IPS-IDS 2.0 ASP NGC 10.4 and later
SAP Applications / Security Management / Host / Server / Operating Systems 5.x and 6.x ABAP Module and ASP Syslog 10.0 and later
Sybase Database 12.5 10.0 and later Supported through McAfee Data Center Security Suite for Databases
Savant Protection Savant - CEF Anti-Malware 3.x ASP Syslog 10.0 and later
Secure Crossing Zenwall Applications / Security Management / Host / Server / Operating Systems All ASP Syslog 10.0 and later
SecureAuth IEP - Single Sign On Authentication 5.x ASP Syslog 10.0 and later
Securonix Risk and Threat Intelligence UEBA Code Based McAfee Event Format 10.0 and later
SendMail Sentrion Messaging All Use Unix - Linux data source.
Sentrigo Hedgehog - CEF Database All ASP Syslog 10.0 and later
sFlow Generic sFlow Network Flow Collection All sFlow sFlow 10.0 and later
Silver Spring Networks Network Infrastructure Smart Grid All ASP File pull / McAfee SIEM Agent 10.0 and later
Skycure Skycure Enterprise Mobile Security All ASP Syslog 10.0 and later
Skyhigh Networks Cloud Security Platform DLP 2.2 ASP Syslog 10.0 and later CEF format is supported.
SnapLogic SnapLogic Cloud Integration All ASP Syslog 10.0 and later
Software Product Research DB2 Access Recording Services DBARS Database All ASP Syslog 10.0 and later
Sonus GSX VOIP All ASP Syslog 10.0 and later
Sophos Email Security and Data Protection Email Security All ASP Syslog 10.0 and later
Sophos Antivirus Antivirus All Code Based SQL 10.0 and later
UTM & Next-Gen Firewall UTM / Firewall 9.1 ASP Syslog 10.0 and later
Web Security and Control Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
SourceFire 3D Defense Center IDS / IPS 4.10 Use Cisco Firepower Management Center - eStreamer
Snort NIDS IDS / IPS All Use SourceFire NS/RNA data source.
FireSIGHT Management Console - eStreamer IDS / IPS 5.x, 6.x Code Based eStreamer 10.0 and later Use Cisco Firepower Management Center - estreamer
SourceFire NS/RNA IDS / IPS All ASP Syslog 10.0 and later Includes Snort IDS
Squid Squid Web Content / Filtering / Proxies 2.5 ASP Syslog 10.0 and later
SS8 BreachDetect Correlation 3.7 ASP File pull 10.0 and later
SSH Communications Security CryptoAuditor Auditing 1.5 ASP Syslog 10.0 and later
STEALTHbits StealthINTERCEPT HIDS 3.1.262.1 ASP Syslog 10.0 and later CEF format is supported.
StillSecure Strata Guard Firewall / Security Management / IDS / IPS / Virtual Private Networks 5.x, 6.x ASP Syslog 10.0 and later
Stonesoft Corporation Next Generation Firewall IDS / IPS All Use McAfee Next Generation Firewall - Stonesoft
Symantec Altiris Management Console Asset 7.x 10.0 and later
Antivirus Corporate Edition Server Antivirus 8.x, 9.x Code Based SQL 10.0 and later
Critical System Protection IDS / IPS 5.2 ASP SQL 10.0 and later
Endpoint Protection Antivirus 11.x, 12.x ASP Syslog 10.0 and later
PGP Universal Server Host / Server / Operating Systems All ASP Syslog 10.0 and later
Symantec Data Loss Prevention DLP All ASP Syslog 10.0 and later
Symantec Messaging Gateway Messaging 2.x ASP Syslog 10.0 and later
Symantec Web Gateway Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
Synology DiskStation Manager Application All ASP Syslog 10.0 and later
Tenable Tenable Nessus Vulnerability Systems 3.x, 4.x, 5.x, 6.x ASP Syslog 10.1.0 and later
Teradata Teradata Database 12, 13, 13.10, 14, 15, and 15.1 on Linux 10.0 and later Supported through McAfee Data Center Security Suite for Databases
ThreatConnect Threat Intelligence Platform UEBA 3.x ASP Syslog 10.0 and later
Thycotic Secret Server Authentication 8 ASP Syslog 10.0 and later
TippingPoint SMS Security Management 2.x ASP Syslog 10.0 and later
UnityOne IDS / IPS All ASP Syslog 10.0 and later
TITUS Message Classification Application All WMI WMI 10.0 and later Supported through Microsoft Windows Event Log
Tofino Security Tofino Firewall LSM Firewall All ASP Syslog 10.0 and later
Topia Technology Skoot Application All ASP Syslog 10.0 and later
Townsend Security AS/400 - CEF Host / Server / Operating Systems All ASP Syslog 10.0 and later
Trapezoid Trust Control Suite Application All ASP Syslog 10.0 and later
TrapX Security DeceptionGrid Generic 5.x ASP Syslog 10.0 and later
Trend Micro Control Manager - SQL Pull Antivirus / Vulnerability Systems 5.x ASP SQL 10.0 and later
Deep Discovery - CEF Antivirus / Vulnerability Systems All ASP Syslog 10.0 and later
Deep Security - CEF HIDS 6.x ASP Syslog 10.0 and later
Deep Security Manager - CEF HIDS 6.x ASP Syslog 10.0 and later
InterScan Web Security Suite Web Content / Filtering / Proxies All ASP Syslog 10.0 and later
OfficeScan Antivirus / Vulnerability Systems All ASP File pull 10.0 and later
OSSEC FIM / HIDS 1.x, 2.x ASP Syslog 10.0 and later
Tripwire Tripwire / nCircle IP360 Vulnerability Systems 8.x and earlier N/A N/A 10.0 and later
Tripwire Enterprise Database / Security Management 4.x ASP Syslog 10.0 and later
Tripwire For Server Database / Security Management 4.x ASP Syslog 10.0 and later
Trustwave Data Loss Prevention DLP 8.x ASP Syslog 10.0 and later
Network Access Control NAC 3.x ASP Syslog 10.0 and later
WebDefend Web Content / Filtering / Proxies 4.x ASP Syslog 10.0 and later
Tufin SecureTrack Firewall / Auditing All ASP Syslog 10.0 and later
Type80 Security Software SMA_RT Host / Server / Operating Systems All ASP Syslog 10.0 and later
UNIX Linux Host / Server / Operating Systems All ASP Syslog 10.0 and later
VanDyke Software VShell Application 2.x, 3.x ASP Syslog 10.0 and later
Vericept Content 360 DLP 8.x ASP Syslog 10.0 and later Supported through Trustwave DLP
VMware AirWatch Mobile Device Management 7.3, 8.0 ASP Syslog 10.0 and later
Horizon Application Server 7.x ASP Syslog 10.0 and later
vCenter Server Application All ASP Code Based API 10.0 and later
VMware Application 1.x-5.x ASP Syslog 10.0 and later
Voltage Security SecureData Enterprise DLP 5.7 ASP Syslog 10.0 and later
Vormetric Data Security Application 4.x ASP Syslog 10.0 and later
WatchGuard Technologies Firebox and X Series Firewall 8.x-11.x ASP Syslog 10.0 and later
Wave Systems Corp Safend Protector DLP All ASP Syslog 10.0 and later
Websense Cloud Web Security HIDS All ASP File pull / McAfee SIEM Agent 10.0 and later
Websense - CEF, Key Value Pair Web Content / Filtering / Proxies 7.7 ASP Syslog 10.0 and later
Websense Enterprise - SQL Pull Web Content / Filtering / Proxies 6.x, 7.x ASP SQL 10.0 and later
Wurldtech OpShield Control Systems / Firewall 1.7.1 ASP Syslog 10.0 and later
Xirrus 802.11abgn Wi-Fi Arrays Switches and Routers All ASP Syslog 10.0 and later
Yubico YubiKey Authentication 5 ASP Syslog 10.1.0 and later
Zenprise Secure Mobile Gateway Security Mobile Gateway 5.x ASP Syslog 10.0 and later
ZeroFOX ZeroFOX Application All ASP Syslog 10.0 and later
Zscaler Nanolog Streaming Service (NSS) Web Content / Filtering / Proxies All ASP Syslog 10.0 and later