|
Ollama Server
|
Other
|
ollama:server
|
server.log
|
TA-ollama
|
|
|
VMWare ESXi Syslog
|
Other
|
vmw-syslog
|
vmware:esxlog
|
Add-on for VMware ESXi Logs
|
|
|
M365 Exported eDiscovery Prompts
|
Other
|
csv
|
csv
|
N/A
|
|
|
M365 Copilot Graph API
|
Other
|
o365:graph:api
|
AuditLogs.SignIns
|
Splunk Add-on for Microsoft Office 365
|
|
|
Cisco ASA Logs
|
Other
|
cisco:asa
|
cisco:asa
|
Cisco Security Cloud
|
|
|
Cisco IOS Logs
|
Other
|
cisco:ios
|
cisco:ios
|
Cisco Networks Add-on
|
|
|
Cisco Duo Activity
|
Other
|
cisco:duo:activity
|
cisco_duo
|
Cisco Security Cloud
|
|
|
Cisco Duo Administrator
|
Other
|
cisco:duo:administrator
|
cisco_duo
|
Cisco Security Cloud
|
|
|
CrowdStrike Falcon Stream Alert
|
Other
|
CrowdStrike:Event:Streams:JSON
|
CrowdStrike:Event:Streams
|
Splunk Add-on for CrowdStrike FDR
|
|
|
Cisco Secure Firewall Threat Defense Connection Event
|
Other
|
cisco:sfw:estreamer
|
not_applicable
|
Cisco Security Cloud
|
|
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
Other
|
cisco:sfw:estreamer
|
not_applicable
|
Cisco Security Cloud
|
|
|
Cisco Secure Firewall Threat Defense File Event
|
Other
|
cisco:sfw:estreamer
|
not_applicable
|
Cisco Security Cloud
|
|
|
Zeek Conn
|
Other
|
bro:conn:json
|
bro:conn:json
|
TA for Zeek
|
|
|
Office 365 Reporting Message Trace
|
Other
|
o365:reporting:messagetrace
|
o365
|
Splunk Microsoft Office 365 Add-on
|
|
|
Google Workspace
|
Other
|
gws:reports:login
|
google_workspace
|
Splunk Add-on for Google Workspace
|
|
|
Office 365 Universal Audit Log
|
Other
|
o365:management:activity
|
o365
|
Splunk Microsoft Office 365 Add-on
|
|
|
Bro conn
|
Other
|
bro:conn:json
|
bro:conn:json
|
TA for Zeek
|
|
|
Bro dns
|
Other
|
bro:dns:json
|
bro:dns:json
|
TA for Zeek
|
|
|
Bro files
|
Other
|
bro:files:json
|
bro:files:json
|
TA for Zeek
|
|
|
Bro http
|
Other
|
bro:http:json
|
bro:http:json
|
TA for Zeek
|
|
|
Bro loaded_scripts
|
Other
|
bro:loaded_scripts:json
|
bro:loaded_scripts:json
|
TA for Zeek
|
|
|
Bro ntp
|
Other
|
bro:ntp:json
|
bro:ntp:json
|
TA for Zeek
|
|
|
Bro ocsp
|
Other
|
bro:ocsp:json
|
bro:ocsp:json
|
TA for Zeek
|
|
|
Bro ssl
|
Other
|
bro:ssl:json
|
bro:ssl:json
|
TA for Zeek
|
|
|
Bro weird
|
Other
|
bro:weird:json
|
bro:weird:json
|
TA for Zeek
|
|
|
Bro x509
|
Other
|
bro:x509:json
|
bro:x509:json
|
TA for Zeek
|
|
|
CircleCI
|
Other
|
circleci
|
circleci
|
App for CircleCI
|
|
|
CrowdStrike ProcessRollup2
|
Other
|
crowdstrike:events:sensor
|
crowdstrike
|
Splunk Add-on for CrowdStrike FDR
|
|
|
CrushFTP
|
Other
|
crushftp:sessionlogs
|
crushftp
|
N/A
|
|
|
G Suite Drive
|
Other
|
gsuite:drive:json
|
http:gsuite
|
Splunk Add-on for Google Workspace
|
|
|
G Suite Gmail
|
Other
|
gsuite:gmail:bigquery
|
http:gsuite
|
Splunk Add-on for Google Workspace
|
|
|
Google Workspace login_failure
|
Other
|
gws:reports:admin
|
gws:reports:admin
|
Splunk Add-on for Google Workspace
|
|
|
Google Workspace login_success
|
Other
|
gws:reports:admin
|
gws:reports:admin
|
Splunk Add-on for Google Workspace
|
|
|
Ivanti VTM Audit
|
Other
|
ivanti_vtm_audit
|
ivanti_vtm
|
N/A
|
|
|
MS365 Defender Incident Alerts
|
Other
|
ms365:defender:incident:alerts
|
ms365_defender_incident_alerts
|
Splunk Add-on for Microsoft Security
|
|
|
MS Defender ATP Alerts
|
Other
|
ms:defender:atp:alerts
|
ms_defender_atp_alerts
|
Splunk Add-on for Microsoft Security
|
|
|
Nginx Access
|
Other
|
nginx:plus:kv
|
/var/log/nginx/access.log
|
Splunk Add-on for NGINX
|
|
|
O365
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Add app role assignment grant to user.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Add app role assignment to service principal.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Add-MailboxPermission
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Add member to role.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Add owner to application.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Add service principal.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Change user license.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Consent to application.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Disable Strong Authentication.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 MailItemsAccessed
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 ModifyFolderPermissions
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Set Company Information.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Set-Mailbox
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Update application.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Update authorization policy.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 Update user.
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 UserLoggedIn
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
O365 UserLoginFailed
|
Other
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
|
Okta
|
Other
|
OktaIM2:log
|
Okta
|
Splunk Add-on for Okta Identity Cloud
|
|
|
osquery
|
Other
|
osquery:results
|
osquery
|
N/A
|
|
|
PingID
|
Other
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
N/A
|
|
|
Suricata
|
Other
|
suricata
|
suricata
|
Splunk TA for Suricata
|
|
|
GitHub Enterprise Audit Logs
|
Other
|
httpevent
|
http:github
|
Splunk Add-on for Github
|
|
|
GitHub Organizations Audit Logs
|
Other
|
github:cloud:audit
|
github
|
Splunk Add-on for Github
|
|
|
Cisco AI Defense Alerts
|
Other
|
cisco:ai:defense
|
cisco_ai_defense
|
Cisco Security Cloud
|
|
