Package Reference

A list of all the available packages are shown below.

VendorPackage IDPackage NameLog FormatsIT OpsSec OpsDev OpsParsersDashboardsAlertsActionsScheduled Searches
Akamai Technologies, Inc.akamai/asecAkamai Cloud Web Application FirewallJSON✓✓ ✓    
Amazon Web Services, Inc.aws/guarddutyAWS GuardDutyJSON ✓ ✓    
Amazon Web Services, Inc.aws/s3-server-accessAWS S3 Server AccessTEXT✓✓✓✓    
Amazon Web Services, Inc.aws/vpcflowAWS VPC FlowTEXT✓✓✓✓    
Amazon Web Services, Inc.aws/wafAWS Web Application FirewallJSON ✓ ✓    
Amazon Web Services, Inc.aws/fsxAmazon FSxXML✓✓ ✓    
Amazon Web Services, Inc.aws/cloudtrailAmazon Web Services CloudTrailJSON✓✓✓✓    
AppOmni, Incappomni/appomniAppOmni    ✓    
Apple Inc.apple/unifiedlogApple Unified Logs    ✓    
Armis, Inc.armis/centrix-iotArmis Centrix for IoT Security    ✓    
Asimilyasimily/iomtAsimily IoMTJSON ✓ ✓    
Broadcom Inc.broadcom/proxysgBroadcom ProxySGSyslog✓✓ ✓    
Check Point Software Technologies Ltd.checkpoint/ngfwCheckpoint Next Generation FirewallSyslog, JSON, CEF✓✓ ✓    
Cisco Systems, Inc.cisco/iosCisco (IOS) Internetwork Operating SystemSyslog✓✓ ✓    
Cisco Systems, Inc.cisco/asaCisco ASA    ✓✓   
Cisco Systems, Inc.cisco/duoCisco Duo (MFA) Multi-Factor AuthenticationJSON✓✓ ✓    
Cisco Systems, Inc.cisco/iseCisco ISE Identity Service EngineSyslog✓✓ ✓    
Cisco Systems, Inc.cisco/merakiCisco MerakiSyslog, JSON✓✓ ✓    
Cisco Systems, Inc.cisco/umbrellaCisco UmbrellaJSON, CSV ✓ ✓    
Cisco Systems, Inc.cisco/firepowerPackage for Cisco FirepowerSyslog ✓ ✓    
Citrix Systems, Inc.citrix/netscalerCitrix Netscaler Application Delivery Controller ✓✓ ✓    
Claroty Ltd.claroty/ctdClaroty CTDSyslog, CEF ✓ ✓    
CloudFlare, Inc.cloudflare/area1emailsecurityCloudflare Area 1    ✓✓   
CloudFlare, Inc.cloudflare/zerotrustCloudflare Zero TrustJSON✓✓ ✓    
Corelight, Inc.corelight/threathuntingguideCorelight Network Sensors    ✓ ✓  
CrowdStrike Holdings, Inc.crowdstrike/siem-connectorA parser and dashboards for data from the CrowdStrike SIEM Connector  ✓ ✓✓   
CrowdStrike Holdings, Inc.crowdstrike/iocA quick start package for working with the CrowdStrike IOC feed in LogScale     ✓   
CrowdStrike Holdings, Inc.crowdstrike/logscale-pagerdutyAction template for integrating with PagerDuty         
CrowdStrike Holdings, Inc.crowdstrike/logscale-splunk-on-callAction template for integrating with Splunk On-Call         
CrowdStrike Holdings, Inc.crowdstrike/fltr-coreCrowdStrike Core FLTR Package     ✓✓ ✓
CrowdStrike Holdings, Inc.crowdstrike/fltr-firewall-adversariesCrowdStrike FLTR Firewall Adversaries     ✓   
CrowdStrike Holdings, Inc.crowdstrike/fdrCrowdStrike Falcon Identity Protection    ✓✓  ✓
CrowdStrike Holdings, Inc.crowdstrike/fltr-identityprotectionCrowdStrike Falcon Identity Protection     ✓   
CrowdStrike Holdings, Inc.crowdstrike/fltr-tutorialDashboard-based tutorial for using FLTR     ✓   
CrowdStrike Holdings, Inc.crowdstrike/logscale-slackLogScale Slack Package Action         
CrowdStrike Holdings, Inc.crowdstrike/logscale-opsgenieOpsGenie         
CrowdStrike Holdings, Inc.crowdstrike/spotlightProvide preconfigured dashboards and a parser for CrowdStrike Spotlight Vulnerability Data    ✓✓   
CrowdStrike Holdings, Inc.crowdstrike/falcon-devicesProvides preconfigured dashboards and a parser for CrowdStrike Falcon Device Data    ✓✓   
CrowdStrike Holdings, Inc.crowdstrike/intel-indicatorsProvides tools for working with CrowdStrike Intelligence Indicators    ✓✓   
CrowdStrike Holdings, Inc.crowdstrike/fltr-lolbinsQueries based on "8 LOLBins Every Threat Hunter Should Know" by CrowdStrike Falcon OverWatch Elite.         
CyberArk Software Ltd.cyberark/pamCyberArk Privileged Access Manager Self-Hosted    ✓✓   
CyberArk Software Ltd.cyberark/vaultCyberArk Vault    ✓✓   
Darktrace Limiteddarktrace/detectDarktrace DetectSyslog, JSON, CEF ✓ ✓    
Dell, Inc.dell/isilonDell IsilonSyslog ✓ ✓    
Docker Inc.docker/metricsVisualize the usage metrics from your Docker containers     ✓   
ExtraHop Networks, Inc.extrahop/revealxExtraHop Reveal(X)    ✓✓   
F5, Inc.f5networks/bigipF5 BIG-IPSyslog✓✓ ✓    
Forcepoint LLCforcepoint/dlpForcepoint Data Loss Prevention Data (DLP)CEF✓✓ ✓    
Fortinet Inc.fortinet/fortimailFortinet FortiMailSyslog✓✓ ✓    
Fortinet Inc.fortinet/fortigateFortinet FortigateSyslog, CEF✓✓ ✓    
Githubgithub/eventsA package providing a high level overview of GitHub events and actions    ✓✓✓  
Google LLCgoogle/chrome-enterprise-security-eventsA package for monitoring and analyzing Chrome Enterprise Security EventsJSON✓✓ ✓✓   
Google LLCgoogle/gcp-auditA parser and overview dashboard for GCP Audit Logs ✓✓✓✓✓   
Google LLCgoogle/chronicle-iocParses and visualizes IOCs from the Chronicle Search API    ✓✓   
Google LLCgoogle/chronicle-alertsParses and visualizes alert data from the Chronicle Search API    ✓✓   
HAProxy Technologies LLChaproxy/haproxyHAProxySyslog✓ ✓✓    
HPE Aruba Networkingaruba/clearpassAruba ClearPassSyslog✓✓ ✓    
Humiohumio/vector-metricsAssets for displaying Vector metrics     ✓   
Humiohumio/insightsDashboards and searches to monitor Humio    ✓✓   
Humiohumio/activityOverview of the status of alerts, scheduled searches and FDR ingest     ✓   
Imperva, Inc.imperva/cloud-wafImperva Cloud Web Application FirewallCEF ✓ ✓✓   
Infoblox, Inc.infoblox/niosParsers for the Infoblox NIOS DDI platformSyslog✓✓ ✓    
Island Technology, Incisland/islandIslandJSON✓✓ ✓✓   
Juniper Networks, Inc.juniper/srxJuniper SRX Series FirewallSyslog ✓ ✓    
Microsoft Corporationmicrosoft/microsoft365Microsoft 365 E-mail Package    ✓✓   
Microsoft Corporationmicrosoft/iisMicrosoft IIS Package    ✓✓   
Microsoft Corporationmicrosoft/dhcp-clientMicrosoft Windows DHCP ClientJSON ✓✓✓    
Microsoft Corporationmicrosoft/dhcp-serverMicrosoft Windows DHCP ServerCSV✓✓ ✓    
Microsoft Corporationmicrosoft/windows-dns-debugMicrosoft Windows DNS DebuggerTEXT✓✓ ✓    
Microsoft Corporationmicrosoft/sysmonParser for Windows System Monitor (SysMon)XML, JSON✓✓ ✓    
Mimecast Services Ltd.mimecast/email-securityMimecastJSON    ✓✓   
Netskope, Inc.netskope/casbNetskope CASB Package    ✓✓   
Nginxnginx/nginxNginx Logs    ✓✓   
Nozomi Networks Incnozomi/idsNozomi IDSSyslog, CEF ✓ ✓    
Obsidian Security, Inc.obsidiansecurity/actionnotificationObsidian    ✓✓   
Okta, Inc.okta/ssoOkta SSOJSON✓✓ ✓    
One Identity LLConeidentity/oneloginOnelogin SSO         
Ordr, Inc.ordr/ordrOrdr    ✓✓   
Palo Alto Networks, Inc.paloalto/firewallPalo Alto Network Firewall Logs ✓✓ ✓    
Palo Alto Networks, Inc.palo-alto/prisma-sd-wanPalo Alto PrismaSyslog✓✓ ✓    
Ping Identity Corporationpingidentity/pingonePing Identity PingOne    ✓✓   
Proofpoint, Inc.proofpoint/tap-siem-apiProofpoint TAP SIEM API    ✓    
Radware, Inc.radware/alteonRadware AlteonSyslog✓✓✓✓    
Red Hat, Inc.redhat/ansibleAnsible    ✓✓   
Rubicon Communications LLC (Netgate)netgate/pfsenseNetgate PFSenseSyslog ✓ ✓    
Rubrik, Inc.rubrik/security-cloudRubrik Security CloudJSON ✓ ✓✓   
Rubyruby/loggerParsers for the Ruby Language standard logging framework.    ✓✓✓  
ServiceNow Inc.servicenow/servicenowServiceNow ✓✓✓✓✓   
Talontalon/talon-cyber-securityTalon    ✓✓✓  
Tausight Inc.tausight/ephi-risk-postureTausight ePHI PlatformJSON✓✓ ✓    
The Apache Software Foundation (ASF)apache/http-serverApache HTTP Server    ✓✓   
The Apache Software Foundation (ASF)apache/kafka-metricbeatPackage for monitoring Kafka metrics using Metricbeat     ✓   
The Linux Foundationlinux/system-logsA parser with queries and sample dashboards for Linux System Logs    ✓✓   
Trellixtrellix/fireeye-nxTrellix FireEye NXCEF ✓ ✓    
Vectra AI, Inc.vectra/detectionsVectra AI    ✓✓   
Veeam Softwareveeam/veeamdataplatformVeeamSyslog ✓ ✓✓  ✓
Zoom Video Communications, Inc.zoom/qssZoom QSSJSON✓✓✓✓    
Zscaler, Inc.zscaler/deceptionZScaler DeceptionSyslog, JSON ✓ ✓    
Zscaler, Inc.zscaler/internet-accessZscaler ZIAJSON✓✓ ✓✓   
Zscaler, Inc.zscaler/private-accessZscaler ZPAJSON✓✓✓✓   Â