event.module Guidelines
The table below contains a list of module names that are used in parsers for the #event.module tag.
Apply the following guidelines for the vendor and module names when creating a package:
If the vendor and module has already been used in other packages, make sure to reuse the same name.
If you are adding a new module make sure that it is concise and clear and doesn't contain hyphens in the names. See Vendor Guidelines for more information on vendor names and their relative guidelines.
| #Vendor | #event.module |
|---|---|
| abnormal | emailsecurity |
| akamai | asec |
| appomni | appomni |
| aws | cloudtrail |
| aws | fsx |
| aws | guardduty |
| aws | s3access |
| aws | vpcflow |
| aws | rds |
| aws | waf |
| apple | unifiedlog |
| armis | centrixiot |
| aruba | clearpass |
| asimily | iomt |
| broadcom | proxysg |
| checkpoint | ngfw |
| cisco | duo |
| cisco | firepower |
| cisco | ios |
| cisco | ise |
| cisco | meraki |
| cisco | umbrella |
| citrix | netscaler |
| claroty | ctd |
| cloudflare | zerotrust |
| corelight | ids |
| darktrace | detect |
| dell | isilon |
| extrahop | revealx360 |
| f5networks | bigip |
| f5networks | nginx |
| forcepoint | dlp |
| forgerock | identity |
| fortinet | fortigate |
| fortinet | fortimail |
| chromeenterprise | |
| haproxy | haproxy |
| imperva | cloudwaf |
| infoblox | nios |
| island | island |
| juniper | srx |
| menlo | msip |
| microsoft | azure |
| microsoft | windows |
| mimecast | emailsecurity |
| netgate | pfsense |
| netskope | sse |
| nozomi | ids |
| okta | sso |
| obsidiansecurity | obsidiansecurity |
| oneidentity | onelogin |
| paloalto | ngfw |
| paloalto | prismasdwan |
| pingidentity | pingfederate |
| proofpoint | tap |
| radware | alteon |
| redhat | jboss |
| rubrik | securitycloud |
| skyhigh | sse |
| tausight | ephi |
| trellix | fireeyenx |
| zoom | qss |
| zscaler | deception |
| zscaler | zia |
| zscaler | zpa |