Skip to content

DataSource Schema Reference

Jump to bottom
ashwin-patil edited this page Feb 4, 2020 · 4 revisions

Azure DataSources

Type DataSource logAnalytics Tablename Schema Reference
Azure Azure Active Directory SigninEvents Audit Log Schema
Azure Azure Active Directory AuditLogs Audit Log Schema
Azure Azure Active Directory AzureActivity Audit Log Schema
Azure Office OfficeActivity Common Schema
ExchangeAdmin Schema
Exchange Mailbox Schema
ShairPoint Base Schema
ShairPoint File Operation Schema
Azure Azure Keyvault AzureDiagnostics Audit Log Schema
Host Linux Syslog Audit Log Schema
Network IIS Logs W3CIISLog Audit Log Schema
Network VMinsights VMConnection Audit Log Schema
Network Wire Data Solution WireData Audit Log Schema
Network NSG Flow Logs AzureNetworkAnalytics Audit Log Schema

3rd Party Vendor DataSources

The below list references to vendor documentation to their own Syslog or CEF mapping documentation of various supported log types.
These contain either or both CEF Field mapping and Sample log for each log category type. We will make best effort to keep it fresh and updated, feel free to raise issues for broken links or additions to below list.

Log Collection guidelines refer Grand List: The Syslog and CEF source configuration grand list

Type Vendor Product logAnalytics Tablename CEF Field Mapping Reference
Network Palo Alto PAN OS CommonSecurityLog PAN OS v 9.0 -Go to Page 09
Network Checkpoint ALL CommonSecurityLog Log Field Description
Network Fortigate ALL CommonSecurityLog Log message fields
Log ID Numbers
Log ID Definitions
Network Barracuda Web Application Firewall CommonSecurityLog How to Configure Syslog and Other Logs
Network Cisco ASA CommonSecurityLog Cisco ASA Series Syslog Messages
Network Cisco Firepower CommonSecurityLog Cisco Firepower Threat Defense Syslog Messages
Network Cisco Umbrella Custom Logs Table Log Formats and Versioning
Network Cisco Meraki CommonSecurityLog Syslog Event Types and Log Samples
Network Zscaler Nano Streaming Service (NSS) CommonSecurityLog Web Logs
Firewall Logs
DNS Logs
Tunnel Logs
Network F5 BigIP LTM CommonSecurityLog Event Messages and Attack Types
Network F5 BigIP ASM CommonSecurityLog Logging Application Security Events
Network Citrix Nescaler Application Firewall CommonSecurityLog Common Event Format (CEF) Logging Support in the Application Firewall

NetScaler 12.0 Syslog Message Reference
Host Symantec Symantec Endpoint Protection Manager (SEPM) CommonSecurityLog
System logs
Administrative logs
Policy logs
Agent Activity logs
Enforcer Activity logs
Agent System logs
Agent Security logs
Agent Traffic logs
Agent Packet logs
Agent Behavior logs
Agent Scan logs
Agent Risk logs
Agent Proactive Detection logs (SONAR)
Enforcer System logs
Enforcer Client Activity logs
Enforcer Traffic logs
Host TrendMicro ALL CommonSecurityLog
CEF Data Loss Prevention Logs
CEF Behavior Monitoring Logs
CEF Device Access Control Logs
CEF Engine Update Status Logs
CEF Predictive Machine Learning Logs
CEF Pattern Update Status Logs
CEF Content Security Logs
CEF Spyware/Grayware Logs
CEF Virus/Malware Logs
CEF Web Security Logs
CEF C&C Callback Logs
CEF Suspicious File Logs
CEF Network Content Inspection Logs
CEF Endpoint Application Control Logs
CEF Sandbox Detection Logs

Home

Leaderboard

Get Started

From our Threat Hunters

Resources

Data Collection

Clone this wiki locally