Package Reference
A list of all the available packages are shown below.
| Vendor | Package ID | Package Name | Log Formats | IT Ops | Sec Ops | Dev Ops | Parsers | Dashboards | Alerts | Actions | Scheduled Searches |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Akamai Technologies, Inc. | akamai/asec | Akamai Cloud Web Application Firewall | JSON | ✓ | ✓ | ✓ | |||||
| Amazon Web Services, Inc. | aws/guardduty | AWS GuardDuty | JSON | ✓ | ✓ | ||||||
| Amazon Web Services, Inc. | aws/s3-server-access | AWS S3 Server Access | TEXT | ✓ | ✓ | ✓ | ✓ | ||||
| Amazon Web Services, Inc. | aws/vpcflow | AWS VPC Flow | TEXT | ✓ | ✓ | ✓ | ✓ | ||||
| Amazon Web Services, Inc. | aws/waf | AWS Web Application Firewall | JSON | ✓ | ✓ | ||||||
| Amazon Web Services, Inc. | aws/fsx | Amazon FSx | XML | ✓ | ✓ | ✓ | |||||
| Amazon Web Services, Inc. | aws/cloudtrail | Amazon Web Services CloudTrail | JSON | ✓ | ✓ | ✓ | ✓ | ||||
| AppOmni, Inc | appomni/appomni | AppOmni | ✓ | ||||||||
| Apple Inc. | apple/unifiedlog | Apple Unified Logs | ✓ | ||||||||
| Armis, Inc. | armis/centrix-iot | Armis Centrix for IoT Security | ✓ | ||||||||
| Asimily | asimily/iomt | Asimily IoMT | JSON | ✓ | ✓ | ||||||
| Broadcom Inc. | broadcom/proxysg | Broadcom ProxySG | Syslog | ✓ | ✓ | ✓ | |||||
| Check Point Software Technologies Ltd. | checkpoint/ngfw | Checkpoint Next Generation Firewall | Syslog, CEF, JSON | ✓ | ✓ | ✓ | |||||
| Cisco Systems, Inc. | cisco/ios | Cisco (IOS) Internetwork Operating System | Syslog | ✓ | ✓ | ✓ | |||||
| Cisco Systems, Inc. | cisco/asa | Cisco ASA | ✓ | ✓ | |||||||
| Cisco Systems, Inc. | cisco/duo | Cisco Duo (MFA) Multi-Factor Authentication | JSON | ✓ | ✓ | ✓ | |||||
| Cisco Systems, Inc. | cisco/ise | Cisco ISE Identity Service Engine | Syslog | ✓ | ✓ | ✓ | |||||
| Cisco Systems, Inc. | cisco/meraki | Cisco Meraki | BSD Syslog RFC 3164, IETF Syslog RFC 5424, JSON | ✓ | ✓ | ✓ | |||||
| Cisco Systems, Inc. | cisco/umbrella | Cisco Umbrella | JSON, CSV | ✓ | ✓ | ||||||
| Cisco Systems, Inc. | cisco/firepower | Package for Cisco Firepower | Syslog | ✓ | ✓ | ||||||
| Citrix Systems, Inc. | citrix/netscaler | Citrix Netscaler Application Delivery Controller | ✓ | ✓ | ✓ | ||||||
| Claroty Ltd. | claroty/ctd | Claroty CTD | Syslog, CEF | ✓ | ✓ | ||||||
| CloudFlare, Inc. | cloudflare/area1emailsecurity | Cloudflare Area 1 | ✓ | ✓ | |||||||
| CloudFlare, Inc. | cloudflare/zerotrust | Cloudflare Zero Trust | JSON | ✓ | ✓ | ✓ | |||||
| Corelight, Inc. | corelight/threathuntingguide | Corelight Network Sensors | ✓ | ✓ | |||||||
| CrowdStrike Holdings, Inc. | crowdstrike/siem-connector | A parser and dashboards for data from the CrowdStrike SIEM Connector | ✓ | ✓ | ✓ | ||||||
| CrowdStrike Holdings, Inc. | crowdstrike/ioc | A quick start package for working with the CrowdStrike IOC feed in LogScale | ✓ | ||||||||
| CrowdStrike Holdings, Inc. | crowdstrike/logscale-pagerduty | Action template for integrating with PagerDuty | |||||||||
| CrowdStrike Holdings, Inc. | crowdstrike/logscale-splunk-on-call | Action template for integrating with Splunk On-Call | |||||||||
| CrowdStrike Holdings, Inc. | crowdstrike/fltr-core | CrowdStrike Core FLTR Package | ✓ | ✓ | ✓ | ||||||
| CrowdStrike Holdings, Inc. | crowdstrike/fltr-firewall-adversaries | CrowdStrike FLTR Firewall Adversaries | ✓ | ||||||||
| CrowdStrike Holdings, Inc. | crowdstrike/fdr | CrowdStrike Falcon Identity Protection | ✓ | ✓ | ✓ | ||||||
| CrowdStrike Holdings, Inc. | crowdstrike/fltr-identityprotection | CrowdStrike Falcon Identity Protection | ✓ | ||||||||
| CrowdStrike Holdings, Inc. | crowdstrike/fltr-tutorial | Dashboard-based tutorial for using FLTR | ✓ | ||||||||
| CrowdStrike Holdings, Inc. | crowdstrike/logscale-slack | LogScale Slack Package Action | |||||||||
| CrowdStrike Holdings, Inc. | crowdstrike/logscale-opsgenie | OpsGenie | |||||||||
| CrowdStrike Holdings, Inc. | crowdstrike/spotlight | Provide preconfigured dashboards and a parser for CrowdStrike Spotlight Vulnerability Data | ✓ | ✓ | |||||||
| CrowdStrike Holdings, Inc. | crowdstrike/falcon-devices | Provides preconfigured dashboards and a parser for CrowdStrike Falcon Device Data | ✓ | ✓ | |||||||
| CrowdStrike Holdings, Inc. | crowdstrike/intel-indicators | Provides tools for working with CrowdStrike Intelligence Indicators | ✓ | ✓ | |||||||
| CrowdStrike Holdings, Inc. | crowdstrike/fltr-lolbins | Queries based on "8 LOLBins Every Threat Hunter Should Know" by CrowdStrike Falcon OverWatch Elite. | |||||||||
| CyberArk Software Ltd. | cyberark/pam | CyberArk Privileged Access Manager Self-Hosted | ✓ | ✓ | |||||||
| CyberArk Software Ltd. | cyberark/vault | CyberArk Vault | ✓ | ✓ | |||||||
| Darktrace Limited | darktrace/detect | Darktrace Detect | JSON, CEF, Syslog | ✓ | ✓ | ||||||
| Dell, Inc. | dell/isilon | Dell Isilon | Syslog | ✓ | ✓ | ||||||
| Docker Inc. | docker/metrics | Visualize the usage metrics from your Docker containers | ✓ | ||||||||
| ExtraHop Networks, Inc. | extrahop/revealx | ExtraHop Reveal(X) | ✓ | ✓ | |||||||
| F5, Inc. | f5networks/bigip | F5 BIG-IP | Syslog | ✓ | ✓ | ✓ | |||||
| Forcepoint LLC | forcepoint/dlp | Forcepoint Data Loss Prevention Data (DLP) | CEF | ✓ | ✓ | ✓ | |||||
| Fortinet Inc. | fortinet/fortimail | Fortinet FortiMail | Syslog | ✓ | ✓ | ✓ | |||||
| Fortinet Inc. | fortinet/fortigate | Fortinet Fortigate | Syslog | ✓ | ✓ | ✓ | |||||
| Github | github/events | A package providing a high level overview of GitHub events and actions | ✓ | ✓ | ✓ | ||||||
| Google LLC | google/chrome-enterprise-security-events | A package for monitoring and analyzing Chrome Enterprise Security Events | JSON | ✓ | ✓ | ✓ | ✓ | ||||
| Google LLC | google/gcp-audit | A parser and overview dashboard for GCP Audit Logs | ✓ | ✓ | ✓ | ✓ | ✓ | ||||
| Google LLC | google/chronicle-ioc | Parses and visualizes IOCs from the Chronicle Search API | ✓ | ✓ | |||||||
| Google LLC | google/chronicle-alerts | Parses and visualizes alert data from the Chronicle Search API | ✓ | ✓ | |||||||
| HAProxy Technologies LLC | haproxy/haproxy | HAProxy | Syslog | ✓ | ✓ | ✓ | |||||
| HPE Aruba Networking | aruba/clearpass | Aruba ClearPass | Syslog | ✓ | ✓ | ✓ | |||||
| Humio | humio/vector-metrics | Assets for displaying Vector metrics | ✓ | ||||||||
| Humio | humio/insights | Dashboards and searches to monitor Humio | ✓ | ✓ | |||||||
| Humio | humio/activity | Overview of the status of alerts, scheduled searches and FDR ingest | ✓ | ||||||||
| Imperva, Inc. | imperva/cloud-waf | Imperva Cloud Web Application Firewall | CEF | ✓ | ✓ | ✓ | |||||
| Infoblox, Inc. | infoblox/nios | Parsers for the Infoblox NIOS DDI platform | Syslog | ✓ | ✓ | ✓ | |||||
| Island Technology, Inc | island/island | Island | JSON | ✓ | ✓ | ✓ | ✓ | ||||
| Juniper Networks, Inc. | juniper/srx | Juniper SRX Series Firewall | Syslog | ✓ | ✓ | ||||||
| Microsoft Corporation | microsoft/microsoft365 | Microsoft 365 E-mail Package | ✓ | ✓ | |||||||
| Microsoft Corporation | microsoft/iis | Microsoft IIS Package | ✓ | ✓ | |||||||
| Microsoft Corporation | microsoft/dhcp-client | Microsoft Windows DHCP Client | JSON | ✓ | ✓ | ✓ | |||||
| Microsoft Corporation | microsoft/dhcp-server | Microsoft Windows DHCP Server | CSV | ✓ | ✓ | ✓ | |||||
| Microsoft Corporation | microsoft/windows-dns-debug | Microsoft Windows DNS Debugger | TEXT | ✓ | ✓ | ✓ | |||||
| Microsoft Corporation | microsoft/sysmon | Parser for Windows System Monitor (SysMon) | JSON, XML | ✓ | ✓ | ✓ | |||||
| Mimecast Services Ltd. | mimecast/email-security | Mimecast | JSON | ✓ | ✓ | ||||||
| Netskope, Inc. | netskope/casb | Netskope CASB Package | ✓ | ✓ | |||||||
| Nginx | nginx/nginx | Nginx Logs | ✓ | ✓ | |||||||
| Nozomi Networks Inc | nozomi/ids | Nozomi IDS | CEF, Syslog | ✓ | ✓ | ||||||
| Obsidian Security, Inc. | obsidiansecurity/actionnotification | Obsidian | ✓ | ✓ | |||||||
| Okta, Inc. | okta/sso | Okta SSO | JSON | ✓ | ✓ | ✓ | |||||
| One Identity LLC | oneidentity/onelogin | Onelogin SSO | |||||||||
| Ordr, Inc. | ordr/ordr | Ordr | ✓ | ✓ | |||||||
| Palo Alto Networks, Inc. | paloalto/firewall | Palo Alto Network Firewall Logs | ✓ | ✓ | ✓ | ||||||
| Palo Alto Networks, Inc. | palo-alto/prisma-sd-wan | Palo Alto Prisma | Syslog | ✓ | ✓ | ✓ | |||||
| Ping Identity Corporation | pingidentity/pingone | Ping Identity PingOne | ✓ | ✓ | |||||||
| Proofpoint, Inc. | proofpoint/tap-siem-api | Proofpoint TAP SIEM API | ✓ | ||||||||
| Radware, Inc. | radware/alteon | Radware Alteon | Syslog | ✓ | ✓ | ✓ | |||||
| Red Hat, Inc. | redhat/ansible | Ansible | ✓ | ✓ | |||||||
| Rubicon Communications LLC (Netgate) | netgate/pfsense | Netgate PFSense | Syslog | ✓ | ✓ | ||||||
| Rubrik, Inc. | rubrik/security-cloud | Rubrik Security Cloud | JSON | ✓ | ✓ | ✓ | |||||
| Ruby | ruby/logger | Parsers for the Ruby Language standard logging framework. | ✓ | ✓ | ✓ | ||||||
| ServiceNow Inc. | servicenow/servicenow | ServiceNow | ✓ | ✓ | ✓ | ✓ | ✓ | ||||
| Talon | talon/talon-cyber-security | Talon | ✓ | ✓ | ✓ | ||||||
| Tausight Inc. | tausight/ephi-risk-posture | Tausight ePHI Platform | JSON | ✓ | ✓ | ✓ | |||||
| The Apache Software Foundation (ASF) | apache/http-server | Apache HTTP Server | ✓ | ✓ | |||||||
| The Apache Software Foundation (ASF) | apache/kafka-metricbeat | Package for monitoring Kafka metrics using Metricbeat | ✓ | ||||||||
| The Linux Foundation | linux/system-logs | A parser with queries and sample dashboards for Linux System Logs | ✓ | ✓ | |||||||
| Trellix | trellix/fireeye-nx | Trellix FireEye NX | CEF | ✓ | ✓ | ||||||
| Vectra AI, Inc. | vectra/detections | Vectra AI | ✓ | ✓ | |||||||
| Veeam Software | veeam/veeamdataplatform | Veeam | Syslog | ✓ | ✓ | ✓ | ✓ | ||||
| Zoom Video Communications, Inc. | zoom/qss | Zoom QSS | JSON | ✓ | ✓ | ✓ | ✓ | ||||
| Zscaler, Inc. | zscaler/deception | ZScaler Deception | JSON, Syslog | ✓ | ✓ | ||||||
| Zscaler, Inc. | zscaler/internet-access | Zscaler ZIA | JSON | ✓ | ✓ | ✓ | ✓ | ||||
| Zscaler, Inc. | zscaler/private-access | Zscaler ZPA | JSON | ✓ | ✓ | ✓ | ✓ |