| AADManagedIdentitySignInLogs |
Microsoft Entra ID |
Yes |
Yes |
| AADNonInteractiveUserSignInLogs |
Microsoft Entra ID |
Yes |
Yes |
| AADProvisioningLogs |
Microsoft Entra ID |
Yes |
Yes |
| AADRiskyServicePrincipals |
Microsoft Entra ID |
Yes |
Yes |
| AADRiskyUsers |
Microsoft Entra ID |
Yes |
Yes |
| AADServicePrincipalRiskEvents |
Microsoft Entra ID |
Yes |
Yes |
| AADServicePrincipalSignInLogs |
Microsoft Entra ID |
Yes |
Yes |
| AADUserRiskEvents |
Microsoft Entra ID |
Yes |
Yes |
| ABAPAuditLog |
Pathlock Inc.: Threat Detection and Response for SAP
SAP S/4HANA Cloud Public Edition
SecurityBridge Solution for SAP |
Yes |
Yes |
| ABNORMAL_CASES_CL |
AbnormalSecurity (using Azure Function) |
No |
No |
| ABNORMAL_THREAT_MESSAGES_CL |
AbnormalSecurity (using Azure Function) |
No |
No |
| ADFSSignInLogs |
Microsoft Entra ID |
Yes |
Yes |
| ADOAuditLogs_CL |
Azure DevOps Audit Logs (via Codeless Connector Platform) |
Yes |
Yes |
| AIShield_CL |
AIShield |
No |
No |
| AlertEvidence |
Microsoft Defender XDR |
Yes |
Yes |
| alertscompromisedcredentialdata_CL |
Netskope Data Connector |
No |
No |
| alertsctepdata_CL |
Netskope Data Connector |
No |
No |
| alertsdlpdata_CL |
Netskope Data Connector |
No |
No |
| alertsmalsitedata_CL |
Netskope Data Connector |
No |
No |
| alertsmalwaredata_CL |
Netskope Data Connector |
No |
No |
| alertspolicydata_CL |
Netskope Data Connector |
No |
No |
| alertsquarantinedata_CL |
Netskope Data Connector |
No |
No |
| alertsremediationdata_CL |
Netskope Data Connector |
No |
No |
| alertssecurityassessmentdata_CL |
Netskope Data Connector |
No |
No |
| alertsubadata_CL |
Netskope Data Connector |
No |
No |
| AliCloud_CL |
AliCloud (using Azure Functions) |
No |
No |
| AliCloudActionTrailLogs_CL |
Alibaba Cloud ActionTrail (via Codeless Connector Framework) |
Yes |
Yes |
| Anvilogic_Alerts_CL |
Anvilogic |
No |
No |
| ApacheHTTPServer_CL |
Custom logs via AMA |
Yes |
Yes |
| ARGOS_CL |
ARGOS Cloud Security |
No |
No |
| argsentdc_CL |
Check Point Cyberint Alerts Connector (via Codeless Connector Platform) |
Yes |
Yes |
| Armis_Activities_CL |
Armis Alerts Activities (using Azure Functions) |
No |
No |
| Armis_Alerts_CL |
Armis Alerts Activities (using Azure Functions) |
No |
No |
| Armis_Devices_CL |
Armis Devices (using Azure Functions) |
No |
No |
| ASimAuditEventLogs |
Workday User Activity |
Yes |
Yes |
| ASimDnsActivityLogs |
Windows DNS Events via AMA |
Yes |
Yes |
| ASimNetworkSessionLogs |
Cisco Meraki (using REST API) |
Yes |
Yes |
| atlassian_beacon_alerts_CL |
Atlassian Beacon Alerts |
No |
No |
| Audit_CL |
Mimecast Audit |
Yes |
Yes |
| AuditLogs |
Microsoft Entra ID |
Yes |
Yes |
| Audits_Data_CL |
Vectra XDR (using Azure Functions) |
Yes |
Yes |
| Auth0AM_CL |
Auth0 Access Management (using Azure Functions) |
No |
No |
| Auth0Logs_CL |
Auth0 Logs |
Yes |
Yes |
| Awareness_Performance_Details_CL |
Mimecast Awareness Training |
No |
No |
| Awareness_SafeScore_Details_CL |
Mimecast Awareness Training |
No |
No |
| Awareness_User_Data_CL |
Mimecast Awareness Training |
No |
No |
| Awareness_Watchlist_Details_CL |
Mimecast Awareness Training |
No |
No |
| AWSCloudFront_AccessLog_CL |
Amazon Web Services CloudFront (via Codeless Connector Framework) (Preview) |
Yes |
Yes |
| AWSCloudTrail |
Amazon Web Services S3
Amazon Web Services |
Yes |
Yes |
| AWSCloudWatch |
Amazon Web Services S3 |
Yes |
Yes |
| AWSGuardDuty |
Amazon Web Services S3 |
Yes |
Yes |
| AWSNetworkFirewallFlow |
Amazon Web Services NetworkFirewall (via Codeless Connector Framework) |
Yes |
Yes |
| AWSRoute53Resolver |
Amazon Web Services S3 DNS Route53 (via Codeless Connector Framework) |
Yes |
Yes |
| AWSS3ServerAccess |
AWS S3 Server Access Logs (via Codeless Connector Framework) |
Yes |
Yes |
| AWSSecurityHubFindings |
AWS Security Hub Findings (via Codeless Connector Framework) |
Yes |
Yes |
| AWSVPCFlow |
Amazon Web Services S3 |
Yes |
Yes |
| AWSWAF |
Amazon Web Services S3 WAF |
Yes |
Yes |
| AZFWApplicationRule |
Azure Firewall |
Yes |
Yes |
| AZFWDnsQuery |
Azure Firewall |
Yes |
Yes |
| AZFWFatFlow |
Azure Firewall |
Yes |
Yes |
| AZFWFlowTrace |
Azure Firewall |
Yes |
Yes |
| AZFWIdpsSignature |
Azure Firewall |
Yes |
Yes |
| AZFWInternalFqdnResolutionFailure |
Azure Firewall |
Yes |
Yes |
| AZFWNatRule |
Azure Firewall |
Yes |
Yes |
| AZFWNetworkRule |
Azure Firewall |
Yes |
Yes |
| AZFWThreatIntel |
Azure Firewall |
Yes |
Yes |
| AzureActivity |
Azure Activity |
No |
No |
| AzureDiagnostics |
Azure Batch Account
Azure Cognitive Search
Azure DDoS Protection
Azure Event Hub
Azure Firewall
Azure Key Vault
Azure Kubernetes Service (AKS)
Azure Logic Apps
Azure SQL Databases
Azure Service Bus
Azure Stream Analytics
Azure Web Application Firewall (WAF)
Network Security Groups |
No |
No |
| AzureMetrics |
Azure Storage Account |
No |
No |
| BetterMTDAppLog_CL |
BETTER Mobile Threat Defense (MTD) |
No |
No |
| BetterMTDDeviceLog_CL |
BETTER Mobile Threat Defense (MTD) |
No |
No |
| BetterMTDIncidentLog_CL |
BETTER Mobile Threat Defense (MTD) |
No |
No |
| BetterMTDNetflowLog_CL |
BETTER Mobile Threat Defense (MTD) |
No |
No |
| BitglassLogs_CL |
Bitglass (using Azure Functions) |
No |
No |
| BitsightAlerts_data_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitsightBreaches_data_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitsightCompany_details_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitsightCompany_rating_details_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitsightDiligence_historical_statistics_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitsightDiligence_statistics_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitsightFindings_data_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitsightFindings_summary_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitsightGraph_data_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitsightIndustrial_statistics_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitsightObservation_statistics_CL |
Bitsight data connector (using Azure Functions) |
Yes |
Yes |
| BitwardenEventLogs |
Bitwarden Event Logs |
No |
No |
| BoxEvents_CL |
Box (using Azure Functions) |
No |
No |
| BoxEventsV2_CL |
Box Events (CCP) |
Yes |
Yes |
| CarbonBlack_Alerts_CL |
VMware Carbon Black Cloud via AWS S3 |
No |
No |
| CarbonBlackAuditLogs_CL |
VMware Carbon Black Cloud (using Azure Functions) |
No |
No |
| CarbonBlackEvents_CL |
VMware Carbon Black Cloud (using Azure Functions) |
No |
No |
| CarbonBlackNotifications_CL |
VMware Carbon Black Cloud (using Azure Functions) |
No |
No |
| CBSLog_Azure_1_CL |
Cyber Blind Spot Integration (using Azure Functions) |
No |
No |
| Cisco_Umbrella_audit_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
No |
No |
| Cisco_Umbrella_cloudfirewall_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
Yes |
Yes |
| Cisco_Umbrella_dlp_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
No |
No |
| Cisco_Umbrella_dns_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
Yes |
Yes |
| Cisco_Umbrella_fileevent_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
No |
No |
| Cisco_Umbrella_firewall_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
Yes |
Yes |
| Cisco_Umbrella_intrusion_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
No |
No |
| Cisco_Umbrella_ip_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
Yes |
Yes |
| Cisco_Umbrella_proxy_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
Yes |
Yes |
| Cisco_Umbrella_ravpnlogs_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
No |
No |
| Cisco_Umbrella_ztaflow_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
No |
No |
| Cisco_Umbrella_ztna_CL |
Cisco Cloud Security (using Azure Functions)
Cisco Cloud Security (using elastic premium plan) (using Azure Functions) |
No |
No |
| CiscoETD_CL |
Cisco ETD (using Azure Functions) |
No |
No |
| CiscoSDWANNetflow_CL |
Cisco Software Defined WAN |
No |
No |
| CiscoSecureEndpointAuditLogsV2_CL |
Cisco Secure Endpoint (via Codeless Connector Framework) |
Yes |
Yes |
| CiscoSecureEndpointEventsV2_CL |
Cisco Secure Endpoint (via Codeless Connector Framework) |
Yes |
Yes |
| Cloud_Integrated_CL |
Mimecast Cloud Integrated |
No |
No |
| CloudAppEvents |
Microsoft Defender XDR |
Yes |
Yes |
| Cloudflare_CL |
Cloudflare (Preview) (using Azure Functions) |
Yes |
Yes |
| CloudflareV2_CL |
Cloudflare (Using Blob Container) (via Codeless Connector Framework) |
Yes |
Yes |
| CloudGuard_SecurityEvents_CL |
Check Point CloudGuard CNAPP Connector for Microsoft Sentinel |
Yes |
Yes |
| CognniIncidents_CL |
Cognni |
Yes |
Yes |
| Cohesity_CL |
Cohesity (using Azure Functions) |
Yes |
Yes |
| CommonSecurityLog |
Cisco ASA/FTD via AMA
Claroty xDome
Infoblox Cloud Data Connector via AMA
Infoblox SOC Insight Data Connector via AMA
Silverfort Admin Console
VirtualMetric DataStream for Microsoft Sentinel data lake
VirtualMetric DataStream for Microsoft Sentinel
VirtualMetric Director Proxy
[Deprecated] Infoblox SOC Insight Data Connector via Legacy Agent |
Yes |
Yes |
| CommvaultSecurityIQ_CL |
CommvaultSecurityIQ |
No |
No |
| ConfluenceAuditLogs_CL |
Atlassian Confluence Audit (via Codeless Connector Framework) |
Yes |
Yes |
| ContrastADR_CL |
ContrastADR |
No |
No |
| ContrastADRIncident_CL |
ContrastADR |
No |
No |
| CopilotActivity |
Microsoft Copilot |
No |
Yes |
| Corelight |
Corelight Connector Exporter |
No |
No |
| CortexXDR_Incidents_CL |
Cortex XDR - Incidents |
Yes |
Yes |
| CortexXpanseAlerts_CL |
Palo Alto Cortex Xpanse (via Codeless Connector Framework) |
Yes |
Yes |
| CriblInternal_CL |
Cribl |
No |
No |
| CrowdStrike_Additional_Events_CL |
CrowdStrike Falcon Data Replicator (AWS S3) (via Codeless Connector Framework) |
Yes |
Yes |
| CrowdStrikeAlerts |
CrowdStrike API Data Connector (via Codeless Connector Framework) |
Yes |
Yes |
| CrowdStrikeReplicatorV2 |
CrowdStrike Falcon Data Replicator (CrowdStrike Managed AWS-S3) (using Azure Functions) |
No |
No |
| CyberArk_AuditEvents_CL |
CyberArkAudit (using Azure Functions) |
Yes |
Yes |
| CyberpionActionItems_CL |
IONIX Security Logs |
No |
No |
| CyberSixgill_Alerts_CL |
Cybersixgill Actionable Alerts (using Azure Functions) |
No |
No |
| CybleVisionAlerts_CL |
Cyble Vision Alerts |
No |
No |
| CyfirmaASCertificatesAlerts_CL |
CYFIRMA Attack Surface |
Yes |
Yes |
| CyfirmaASCloudWeaknessAlerts_CL |
CYFIRMA Attack Surface |
Yes |
Yes |
| CyfirmaASConfigurationAlerts_CL |
CYFIRMA Attack Surface |
Yes |
Yes |
| CyfirmaASDomainIPReputationAlerts_CL |
CYFIRMA Attack Surface |
Yes |
Yes |
| CyfirmaASDomainIPVulnerabilityAlerts_CL |
CYFIRMA Attack Surface |
Yes |
Yes |
| CyfirmaASOpenPortsAlerts_CL |
CYFIRMA Attack Surface |
Yes |
Yes |
| CyfirmaBIDomainITAssetAlerts_CL |
CYFIRMA Brand Intelligence |
Yes |
Yes |
| CyfirmaBIExecutivePeopleAlerts_CL |
CYFIRMA Brand Intelligence |
Yes |
Yes |
| CyfirmaBIMaliciousMobileAppsAlerts_CL |
CYFIRMA Brand Intelligence |
Yes |
Yes |
| CyfirmaBIProductSolutionAlerts_CL |
CYFIRMA Brand Intelligence |
Yes |
Yes |
| CyfirmaBISocialHandlersAlerts_CL |
CYFIRMA Brand Intelligence |
Yes |
Yes |
| CyfirmaCampaigns_CL |
CYFIRMA Cyber Intelligence |
Yes |
Yes |
| CyfirmaCompromisedAccounts_CL |
CYFIRMA Compromised Accounts |
Yes |
Yes |
| CyfirmaDBWMDarkWebAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaDBWMPhishingAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaDBWMRansomwareAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaIndicators_CL |
CYFIRMA Cyber Intelligence |
Yes |
Yes |
| CyfirmaMalware_CL |
CYFIRMA Cyber Intelligence |
Yes |
Yes |
| CyfirmaSPEConfidentialFilesAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaSPEPIIAndCIIAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaSPESocialThreatAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaSPESourceCodeAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaThreatActors_CL |
CYFIRMA Cyber Intelligence |
Yes |
Yes |
| CyfirmaVulnerabilities_CL |
CYFIRMA Vulnerabilities Intelligence |
Yes |
Yes |
| Cymru_Scout_Account_Usage_Data_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_Domain_Data_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_Communications_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_Details_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_Fingerprints_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_Foundation_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_OpenPorts_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_PDNS_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_Summary_Certs_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_Summary_Details_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_Summary_Fingerprints_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_Summary_OpenPorts_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_Summary_PDNS_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| Cymru_Scout_IP_Data_x509_CL |
Team Cymru Scout Data Connector (using Azure Functions) |
No |
No |
| CynerioEvent_CL |
Cynerio Security Events |
No |
No |
| darktrace_model_alerts_CL |
Darktrace Connector for Microsoft Sentinel REST API |
Yes |
Yes |
| DataminrPulse_Alerts_CL |
Dataminr Pulse Alerts Data Connector (using Azure Functions) |
No |
No |
| DataverseActivity |
Microsoft Dataverse |
Yes |
Yes |
| datawizaserveraccess_CL |
Datawiza DAP |
No |
No |
| Detections_Data_CL |
Vectra XDR (using Azure Functions) |
Yes |
Yes |
| DeviceEvents |
Microsoft Defender XDR |
Yes |
Yes |
| DigitalShadows_CL |
Digital Shadows Searchlight (using Azure Functions) |
Yes |
Yes |
| DnsEvents |
DNS |
Yes |
Yes |
| DnsInventory |
DNS |
Yes |
Yes |
| DoppelTable_CL |
Doppel Data Connector |
No |
No |
| dossier_atp_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_atp_threat_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_dns_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_geo_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_infoblox_web_cat_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_inforank_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_malware_analysis_v3_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_nameserver_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_nameserver_matches_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_ptr_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_rpz_feeds_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_rpz_feeds_records_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_threat_actor_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_tld_risk_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_whitelist_CL |
Infoblox Data Connector via REST API |
No |
No |
| dossier_whois_CL |
Infoblox Data Connector via REST API |
No |
No |
| DragosAlerts_CL |
Dragos Notifications via Cloud Sitestore |
Yes |
Yes |
| DruvaSecurityEvents_CL |
Druva Events Connector |
Yes |
Yes |
| Dynamics365Activity |
Dynamics365 |
Yes |
No |
| DynatraceAttacks_CL |
Dynatrace Attacks |
No |
No |
| DynatraceAuditLogs_CL |
Dynatrace Audit Logs |
Yes |
Yes |
| DynatraceProblems_CL |
Dynatrace Problems |
No |
No |
| DynatraceSecurityProblems_CL |
Dynatrace Runtime Vulnerabilities |
No |
No |
| ElasticAgentEvent |
Elastic Agent (Standalone) |
No |
No |
| EmailEvents |
Microsoft Defender XDR |
Yes |
Yes |
| Entities_Data_CL |
Vectra XDR (using Azure Functions) |
Yes |
Yes |
| Entity_Scoring_Data_CL |
Vectra XDR (using Azure Functions) |
Yes |
Yes |
| ErmesBrowserSecurityEvents_CL |
Ermes Browser Security Events |
Yes |
Yes |
| ESIExchangeConfig_CL |
Exchange Security Insights On-Premises Collector |
No |
No |
| ESIExchangeOnlineConfig_CL |
Exchange Security Insights Online Collector (using Azure Functions) |
No |
No |
| Event |
Automated Logic WebCTRL
Microsoft Exchange Admin Audit Logs by Event Logs
Microsoft Exchange Logs and Events
[Deprecated] Microsoft Exchange Logs and Events |
Yes |
No |
| eventsapplicationdata_CL |
Netskope Data Connector |
No |
No |
| eventsauditdata_CL |
Netskope Data Connector |
No |
No |
| eventsconnectiondata_CL |
Netskope Data Connector |
No |
No |
| eventsincidentdata_CL |
Netskope Data Connector |
No |
No |
| eventsnetworkdata_CL |
Netskope Data Connector |
No |
No |
| eventspagedata_CL |
Netskope Data Connector |
No |
No |
| ExchangeHttpProxy_CL |
Microsoft Exchange HTTP Proxy Logs
[Deprecated] Microsoft Exchange Logs and Events |
Yes |
Yes |
| ExtraHop_Detections_CL |
ExtraHop Detections Data Connector (using Azure Functions) |
No |
No |
| F5Telemetry_ASM_CL |
F5 BIG-IP |
No |
No |
| F5Telemetry_LTM_CL |
F5 BIG-IP |
No |
No |
| F5Telemetry_system_CL |
F5 BIG-IP |
Yes |
Yes |
| Failed_Range_To_Ingest_CL |
Infoblox Data Connector via REST API |
No |
No |
| feedly_indicators_CL |
Feedly |
No |
No |
| FinanceOperationsActivity_CL |
Dynamics 365 Finance and Operations |
Yes |
Yes |
| Firework_CL |
Flare |
No |
No |
| fluentbit_CL |
Azure CloudNGFW By Palo Alto Networks |
Yes |
Yes |
| FncEventsDetections_CL |
Fortinet FortiNDR Cloud |
No |
No |
| FncEventsObservation_CL |
Fortinet FortiNDR Cloud |
No |
No |
| FncEventsSuricata_CL |
Fortinet FortiNDR Cloud |
No |
No |
| ForcepointDLPEvents_CL |
Forcepoint DLP |
No |
No |
| ForescoutEvent |
Forescout |
No |
No |
| ForescoutHostProperties_CL |
Forescout Host Property Monitor |
Yes |
Yes |
| Garrison_ULTRARemoteLogs_CL |
Garrison ULTRA Remote Logs (using Azure Functions) |
No |
No |
| GCPApigee |
Google ApigeeX (via Codeless Connector Framework) |
Yes |
Yes |
| GCPAuditLogs |
GCP Pub/Sub Audit Logs |
Yes |
Yes |
| GCPCDN |
Google Cloud Platform CDN (via Codeless Connector Framework) |
Yes |
Yes |
| GCPCloudRun |
GCP Cloud Run (via Codeless Connector Framework) |
Yes |
Yes |
| GCPCloudSQL |
GCP Cloud SQL (via Codeless Connector Framework) |
Yes |
Yes |
| GCPComputeEngine |
Google Cloud Platform Compute Engine (via Codeless Connector Framework) |
Yes |
Yes |
| GCPDNS |
Google Cloud Platform DNS (via Codeless Connector Framework) |
Yes |
Yes |
| GCPIAM |
Google Cloud Platform IAM (via Codeless Connector Framework) |
Yes |
Yes |
| GCPIDS |
Google Cloud Platform Cloud IDS (via Codeless Connector Framework) |
Yes |
Yes |
| GCPLoadBalancerLogs_CL |
GCP Pub/Sub Load Balancer Logs (via Codeless Connector Platform). |
Yes |
Yes |
| GCPMonitoring |
Google Cloud Platform Cloud Monitoring (via Codeless Connector Framework) |
Yes |
Yes |
| GCPNAT |
Google Cloud Platform NAT (via Codeless Connector Framework) |
Yes |
Yes |
| GCPNATAudit |
Google Cloud Platform NAT (via Codeless Connector Framework) |
Yes |
Yes |
| GCPResourceManager |
Google Cloud Platform Resource Manager (via Codeless Connector Framework) |
Yes |
Yes |
| GCPVPCFlow |
GCP Pub/Sub VPC Flow Logs (via Codeless Connector Framework) |
Yes |
Yes |
| Gigamon_CL |
Gigamon AMX Data Connector |
No |
No |
| GitHubAuditLogPolling_CL |
[Deprecated] GitHub Enterprise Audit Log |
Yes |
Yes |
| GitHubAuditLogsV2_CL |
GitHub Enterprise Audit Log (via Codeless Connector Framework) (Preview) |
Yes |
Yes |
| githubscanaudit_CL |
GitHub (using Webhooks) |
Yes |
Yes |
| GKEAudit |
Google Kubernetes Engine (via Codeless Connector Framework) |
Yes |
Yes |
| GoogleCloudSCC |
Google Security Command Center |
Yes |
Yes |
| GoogleWorkspaceReports |
Google Workspace Activities (via Codeless Connector Framework) |
Yes |
Yes |
| HackerViewLog_Azure_1_CL |
HackerView Intergration (using Azure Functions) |
No |
No |
| HalcyonAuthenticationEvents_CL |
Halcyon Connector |
No |
No |
| HalcyonDnsActivity_CL |
Halcyon Connector |
No |
No |
| HalcyonFileActivity_CL |
Halcyon Connector |
No |
No |
| HalcyonNetworkSession_CL |
Halcyon Connector |
No |
No |
| HalcyonProcessEvent_CL |
Halcyon Connector |
No |
No |
| Health_Data_CL |
Vectra XDR (using Azure Functions) |
Yes |
Yes |
| IdentityLogonEvents |
Microsoft Defender XDR |
Yes |
Yes |
| Illumio_Auditable_Events_CL |
Illumio SaaS (using Azure Functions) |
Yes |
Yes |
| Illumio_Flow_Events_CL |
Illumio SaaS (using Azure Functions) |
Yes |
Yes |
| IllumioInsightsSummary_CL |
Illumio Insights Summary |
No |
No |
| IlumioInsights |
Illumio Insights |
Yes |
Yes |
| ImpervaWAFCloud_CL |
Imperva Cloud WAF (using Azure Functions) |
Yes |
Yes |
| Infoblox_Failed_Indicators_CL |
Infoblox Data Connector via REST API |
No |
No |
| InfobloxInsight_CL |
Infoblox SOC Insight Data Connector via REST API |
No |
No |
| InfoSecAnalytics_CL |
InfoSecGlobal Data Connector |
No |
No |
| IntegrationTable_CL |
ESET Protect Platform (using Azure Functions) |
Yes |
Yes |
| IntegrationTableIncidents_CL |
ESET Protect Platform (using Azure Functions) |
Yes |
Yes |
| iocsent_CL |
Check Point Cyberint IOC Connector |
No |
No |
| Island_Admin_CL |
Island Enterprise Browser Admin Audit (Polling CCP) |
Yes |
Yes |
| Island_User_CL |
Island Enterprise Browser User Activity (Polling CCP) |
Yes |
Yes |
| jamfprotectalerts_CL |
Jamf Protect Push Connector |
Yes |
Yes |
| jamfprotecttelemetryv2_CL |
Jamf Protect Push Connector |
Yes |
Yes |
| jamfprotectunifiedlogs_CL |
Jamf Protect Push Connector |
Yes |
Yes |
| JBossEvent_CL |
Custom logs via AMA |
No |
No |
| Jira_Audit_CL |
Atlassian Jira Audit (using Azure Functions) |
No |
No |
| Jira_Audit_v2_CL |
Atlassian Jira Audit (using REST API) |
Yes |
Yes |
| JuniperIDP_CL |
Custom logs via AMA |
Yes |
Yes |
| KeeperSecurityEventNewLogs_CL |
Keeper Security Push Connector |
Yes |
Yes |
| LastPassNativePoller_CL |
LastPass Enterprise - Reporting (Polling CCP) |
No |
No |
| Lockdown_Data_CL |
Vectra XDR (using Azure Functions) |
Yes |
Yes |
| Lookout_CL |
[DEPRECATED] Lookout |
No |
No |
| LookoutMtdV2_CL |
Lookout Mobile Threat Detection Connector (via Codeless Connector Framework) (Preview) |
Yes |
Yes |
| MailGuard365_Threats_CL |
MailGuard 365 |
No |
No |
| MailRiskEmails_CL |
MailRisk by Secure Practice (using Azure Functions) |
No |
No |
| MarkLogicAudit_CL |
Custom logs via AMA |
No |
No |
| McasShadowItReporting |
Microsoft Defender for Cloud Apps |
No |
No |
| MDBALogTable_CL |
MongoDB Atlas Logs |
No |
No |
| meraki_CL |
Custom logs via AMA |
Yes |
Yes |
| MessageTrackingLog_CL |
Microsoft Exchange Message Tracking Logs
[Deprecated] Microsoft Exchange Logs and Events |
Yes |
Yes |
| MicrosoftPurviewInformationProtection |
Microsoft Purview Information Protection |
Yes |
Yes |
| MimecastAudit_CL |
Mimecast Audit & Authentication (using Azure Functions) |
No |
No |
| MimecastDLP_CL |
Mimecast Secure Email Gateway (using Azure Functions) |
No |
No |
| MimecastSIEM_CL |
Mimecast Secure Email Gateway (using Azure Functions) |
No |
No |
| MimecastTTPAttachment_CL |
Mimecast Targeted Threat Protection (using Azure Functions) |
No |
No |
| MimecastTTPImpersonation_CL |
Mimecast Targeted Threat Protection (using Azure Functions) |
No |
No |
| MimecastTTPUrl_CL |
Mimecast Targeted Threat Protection (using Azure Functions) |
No |
No |
| MongoDBAudit_CL |
Custom logs via AMA |
Yes |
Yes |
| MuleSoft_Cloudhub_CL |
MuleSoft Cloudhub (using Azure Functions) |
No |
No |
| NCProtectUAL_CL |
NC Protect |
No |
No |
| net_assets_CL |
Holm Security Asset Data (using Azure Functions) |
No |
No |
| Netskope_WebTx_metrics_CL |
Netskope Data Connector |
No |
No |
| NetskopeAlerts_CL |
Netskope Alerts and Events |
Yes |
Yes |
| NetskopeWebtxData_CL |
Netskope Web Transactions Data Connector |
No |
No |
| NetskopeWebtxErrors_CL |
Netskope Web Transactions Data Connector |
No |
No |
| NetworkAccessTraffic |
Microsoft Entra ID |
Yes |
Yes |
| NexposeInsightVMCloud_assets_CL |
Rapid7 Insight Platform Vulnerability Management Reports (using Azure Functions) |
No |
No |
| NexposeInsightVMCloud_vulnerabilities_CL |
Rapid7 Insight Platform Vulnerability Management Reports (using Azure Functions) |
No |
No |
| NGINX_CL |
Custom logs via AMA |
Yes |
Yes |
| NordPassEventLogs_CL |
NordPass |
Yes |
Yes |
| ObsidianActivity_CL |
Obsidian Datasharing Connector |
No |
No |
| ObsidianThreat_CL |
Obsidian Datasharing Connector |
No |
No |
| OCI_LogsV2_CL |
Oracle Cloud Infrastructure (via Codeless Connector Framework) |
Yes |
Yes |
| OfficeActivity |
Microsoft 365 (formerly, Office 365) |
Yes |
Yes |
| Okta_CL |
Okta Single Sign-On (using Azure Functions) |
No |
No |
| OktaSSO |
Okta Single Sign-On |
No |
No |
| Onapsis_Defend_CL |
Onapsis Defend: Integrate Unmatched SAP Threat Detection & Intel with Microsoft Sentinel |
Yes |
Yes |
| OneLoginEventsV2_CL |
OneLogin IAM Platform (via Codeless Connector Framework) |
Yes |
Yes |
| OneLoginUsersV2_CL |
OneLogin IAM Platform (via Codeless Connector Framework) |
Yes |
Yes |
| OnePasswordEventLogs_CL |
1Password (Serverless)
1Password (using Azure Functions) |
Yes |
Yes |
| OneTrustMetadataV3_CL |
OneTrust |
Yes |
Yes |
| OpenSystemsAuthenticationLogs_CL |
Open Systems Data Connector |
No |
No |
| OpenSystemsFirewallLogs_CL |
Open Systems Data Connector |
No |
No |
| OpenSystemsProxyLogs_CL |
Open Systems Data Connector |
No |
No |
| OpenSystemsZtnaLogs_CL |
Open Systems Data Connector |
No |
No |
| OracleWebLogicServer_CL |
Custom logs via AMA |
Yes |
Yes |
| OrcaAlerts_CL |
Orca Security Alerts |
Yes |
Yes |
| PaloAltoCortexXDR_Alerts_CL |
Palo Alto Cortex XDR |
Yes |
Yes |
| PaloAltoCortexXDR_Audit_Agent_CL |
Palo Alto Cortex XDR |
Yes |
Yes |
| PaloAltoCortexXDR_Audit_Management_CL |
Palo Alto Cortex XDR |
Yes |
Yes |
| PaloAltoCortexXDR_Endpoints_CL |
Palo Alto Cortex XDR |
Yes |
Yes |
| PaloAltoCortexXDR_Incidents_CL |
Palo Alto Cortex XDR |
Yes |
Yes |
| PaloAltoPrismaCloudAlertV2_CL |
Palo Alto Prisma Cloud CSPM (via Codeless Connector Framework) |
Yes |
Yes |
| Perimeter81_CL |
Perimeter 81 Activity Logs |
No |
No |
| Phosphorus_CL |
Phosphorus Devices |
No |
No |
| PingOne_AuditActivitiesV2_CL |
Ping One (via Codeless Connector Framework) |
Yes |
Yes |
| PostgreSQL_CL |
Custom logs via AMA |
Yes |
Yes |
| PowerAutomateActivity |
Microsoft Power Automate |
Yes |
Yes |
| PowerBIActivity |
Microsoft PowerBI |
Yes |
Yes |
| PowerPlatformAdminActivity |
Microsoft Power Platform Admin Activity |
Yes |
Yes |
| prancer_CL |
Prancer Data Connector |
No |
No |
| PrismaCloudCompute_CL |
Palo Alto Prisma Cloud CWPP (using REST API) |
Yes |
Yes |
| ProjectActivity |
Microsoft Project |
Yes |
Yes |
| ProofpointPODMailLog_CL |
Proofpoint On Demand Email Security (via Codeless Connector Platform) |
Yes |
Yes |
| ProofpointPODMessage_CL |
Proofpoint On Demand Email Security (via Codeless Connector Platform) |
Yes |
Yes |
| ProofPointTAPClicksBlockedV2_CL |
Proofpoint TAP (via Codeless Connector Platform) |
Yes |
Yes |
| ProofPointTAPClicksPermittedV2_CL |
Proofpoint TAP (via Codeless Connector Platform) |
Yes |
Yes |
| ProofPointTAPMessagesBlockedV2_CL |
Proofpoint TAP (via Codeless Connector Platform) |
Yes |
Yes |
| ProofPointTAPMessagesDeliveredV2_CL |
Proofpoint TAP (via Codeless Connector Platform) |
Yes |
Yes |
| PurviewDataSensitivityLogs |
Microsoft Purview |
Yes |
Yes |
| QscoutAppEvents_CL |
QscoutAppEventsConnector (via Codeless Connector Framework) |
No |
No |
| QualysHostDetectionV3_CL |
Qualys Vulnerability Management (via Codeless Connector Framework) |
Yes |
Yes |
| QualysKB_CL |
Qualys VM KnowledgeBase (using Azure Functions) |
Yes |
Yes |
| RadiflowEvent |
Radiflow iSID via AMA |
No |
No |
| RSAIDPlus_AdminLogs_CL |
RSA ID Plus Admin Logs Connector |
No |
No |
| Rubrik_Anomaly_Data_CL |
Rubrik Security Cloud data connector (using Azure Functions) |
Yes |
Yes |
| Rubrik_Events_Data_CL |
Rubrik Security Cloud data connector (using Azure Functions) |
Yes |
Yes |
| Rubrik_Ransomware_Data_CL |
Rubrik Security Cloud data connector (using Azure Functions) |
Yes |
Yes |
| Rubrik_ThreatHunt_Data_CL |
Rubrik Security Cloud data connector (using Azure Functions) |
Yes |
Yes |
| SailPointIDN_Events_CL |
SailPoint IdentityNow (using Azure Functions) |
Yes |
Yes |
| SailPointIDN_Triggers_CL |
SailPoint IdentityNow (using Azure Functions) |
No |
No |
| SalesforceServiceCloudV2_CL |
Salesforce Service Cloud (via Codeless Connector Framework) |
Yes |
Yes |
| Samsung_Knox_Audit_CL |
Samsung Knox Asset Intelligence |
Yes |
Yes |
| SAPBTPAuditLog_CL |
SAP BTP |
Yes |
Yes |
| SAPETDAlerts_CL |
SAP Enterprise Threat Detection, cloud edition |
Yes |
Yes |
| SAPETDInvestigations_CL |
SAP Enterprise Threat Detection, cloud edition |
Yes |
Yes |
| SAPLogServ_CL |
SAP LogServ (RISE), S/4HANA Cloud private edition |
Yes |
Yes |
| SecurityAlert |
Microsoft 365 Insider Risk Management
Microsoft Defender XDR
Microsoft Defender for Endpoint
Microsoft Defender for Identity
Microsoft Defender for IoT
Microsoft Defender for Office 365 (Preview)
Microsoft Entra ID Protection
Subscription-based Microsoft Defender for Cloud (Legacy)
Tenant-based Microsoft Defender for Cloud |
Yes |
Yes |
| SecurityAlert |
Microsoft Defender for Cloud Apps |
No |
No |
| SecurityBridgeLogs_CL |
Custom logs via AMA |
Yes |
Yes |
| SecurityEvent |
Cyborg Security HUNTER Hunt Packages
Microsoft Active-Directory Domain Controllers Security Event Logs
Security Events via Legacy Agent
Windows Security Events via AMA
[Deprecated] Microsoft Exchange Logs and Events |
Yes |
Yes |
| SecurityIncident |
Derdack SIGNL4
Microsoft Defender XDR |
Yes |
Yes |
| Seg_Cg_CL |
Mimecast Secure Email Gateway |
No |
No |
| Seg_Dlp_CL |
Mimecast Secure Email Gateway |
No |
No |
| SentinelOne_CL |
SentinelOne (using Azure Functions) |
Yes |
Yes |
| SentinelOneActivities_CL |
SentinelOne |
Yes |
Yes |
| SentinelOneAgents_CL |
SentinelOne |
Yes |
Yes |
| SentinelOneAlerts_CL |
SentinelOne |
Yes |
Yes |
| SentinelOneGroups_CL |
SentinelOne |
Yes |
Yes |
| SentinelOneThreats_CL |
SentinelOne |
Yes |
Yes |
| SeraphicWebSecurity_CL |
Seraphic Web Security |
No |
No |
| SigninLogs |
Microsoft Entra ID |
Yes |
Yes |
| SlackAuditV2_CL |
SlackAudit (via Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeLoad_CL |
Snowflake (via Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeLogin_CL |
Snowflake (via Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeMaterializedView_CL |
Snowflake (via Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeQuery_CL |
Snowflake (via Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeRoleGrant_CL |
Snowflake (via Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeRoles_CL |
Snowflake (via Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeTables_CL |
Snowflake (via Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeTableStorageMetrics_CL |
Snowflake (via Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeUserGrant_CL |
Snowflake (via Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeUsers_CL |
Snowflake (via Codeless Connector Framework) |
Yes |
Yes |
| SOCPrimeAuditLogs_CL |
SOC Prime Platform Audit Logs Data Connector |
Yes |
Yes |
| Sonrai_Tickets_CL |
Sonrai Data Connector |
No |
No |
| SophosCloudOptix_CL |
Sophos Cloud Optix |
No |
No |
| SophosEP_CL |
Sophos Endpoint Protection (using Azure Functions) |
Yes |
Yes |
| SophosEPEvents_CL |
Sophos Endpoint Protection (using REST API) |
Yes |
Yes |
| SquidProxy_CL |
Custom logs via AMA |
Yes |
Yes |
| StorageBlobLogs |
Azure Storage Account |
Yes |
Yes |
| StorageFileLogs |
Azure Storage Account |
Yes |
Yes |
| StorageQueueLogs |
Azure Storage Account |
Yes |
Yes |
| StorageTableLogs |
Azure Storage Account |
Yes |
Yes |
| SymantecICDx_CL |
Symantec Integrated Cyber Defense Exchange |
No |
No |
| Syslog |
CTERA Syslog
Cisco Software Defined WAN
Syslog via AMA
Syslog via Legacy Agent |
Yes |
Yes |
| Talon_CL |
Talon Insights |
No |
No |
| Tenable_VM_Asset_CL |
Tenable Vulnerability Management (using Azure Functions) |
Yes |
Yes |
| Tenable_VM_Compliance_CL |
Tenable Vulnerability Management (using Azure Functions) |
Yes |
Yes |
| Tenable_VM_Vuln_CL |
Tenable Vulnerability Management (using Azure Functions) |
Yes |
Yes |
| Tenable_WAS_Asset_CL |
Tenable Vulnerability Management (using Azure Functions) |
Yes |
Yes |
| Tenable_WAS_Vuln_CL |
Tenable Vulnerability Management (using Azure Functions) |
Yes |
Yes |
| TheHive_CL |
TheHive Project - TheHive (using Azure Functions) |
No |
No |
| TheomAlerts_CL |
Theom |
No |
No |
| ThreatIntelIndicators |
CrowdStrike Falcon Adversary Intelligence (using Azure Functions) |
Yes |
No |
| ThreatIntelligenceIndicator |
Datalake2Sentinel
GreyNoise Threat Intelligence
Luminar IOCs and Leaked Credentials (using Azure Functions)
MISP2Sentinel
Microsoft Defender Threat Intelligence
Mimecast Intelligence for Microsoft - Microsoft Sentinel (using Azure Functions)
Premium Microsoft Defender Threat Intelligence
Threat Intelligence Platforms
Threat Intelligence Upload API (Preview)
Threat intelligence - TAXII
VMRayThreatIntelligence (using Azure Functions) |
Yes |
No |
| Tomcat_CL |
Custom logs via AMA |
Yes |
Yes |
| TransmitSecurityActivity_CL |
Transmit Security Connector (using Azure Functions) |
No |
No |
| TrendMicro_XDR_OAT_CL |
Trend Vision One (using Azure Functions) |
No |
No |
| TrendMicro_XDR_RCA_Result_CL |
Trend Vision One (using Azure Functions) |
No |
No |
| TrendMicro_XDR_RCA_Task_CL |
Trend Vision One (using Azure Functions) |
No |
No |
| TrendMicro_XDR_WORKBENCH_CL |
Trend Vision One (using Azure Functions) |
No |
No |
| Ttp_Attachment_CL |
Mimecast Targeted Threat Protection |
No |
No |
| Ttp_Impersonation_CL |
Mimecast Targeted Threat Protection |
No |
No |
| Ttp_Url_CL |
Mimecast Targeted Threat Protection |
No |
No |
| Ubiquiti_CL |
Custom logs via AMA |
Yes |
Yes |
| union isfuzzy=true (WizAuditLogs_CL),(WizAuditLogsV2_CL) |
Wiz (using Azure Functions) |
No |
No |
| union isfuzzy=true (WizIssues_CL),(WizIssuesV2_CL) |
Wiz (using Azure Functions) |
No |
No |
| union isfuzzy=true (WizVulnerabilities_CL),(WizVulnerabilitiesV2_CL) |
Wiz (using Azure Functions) |
No |
No |
| ValenceAlert_CL |
SaaS Security |
No |
No |
| VaronisAlerts_CL |
Varonis SaaS |
No |
No |
| varonisresources_CL |
Varonis Purview Push Connector |
No |
No |
| vcenter_CL |
Custom logs via AMA |
Yes |
Yes |
| VectraStream_CL |
Custom logs via AMA |
No |
No |
| VeeamAuthorizationEvents_CL |
Veeam Data Connector (using Azure Functions) |
Yes |
Yes |
| VeeamCovewareFindings_CL |
Veeam Data Connector (using Azure Functions) |
Yes |
Yes |
| VeeamMalwareEvents_CL |
Veeam Data Connector (using Azure Functions) |
Yes |
Yes |
| VeeamOneTriggeredAlarms_CL |
Veeam Data Connector (using Azure Functions) |
Yes |
Yes |
| VeeamSecurityComplianceAnalyzer_CL |
Veeam Data Connector (using Azure Functions) |
Yes |
Yes |
| VeeamSessions_CL |
Veeam Data Connector (using Azure Functions) |
Yes |
Yes |
| W3CIISLog |
IIS Logs of Microsoft Exchange Servers
[Deprecated] Microsoft Exchange Logs and Events |
Yes |
No |
| web_assets_CL |
Holm Security Asset Data (using Azure Functions) |
No |
No |
| WindowsEvent |
Windows Forwarded Events |
Yes |
Yes |
| Workplace_Facebook_CL |
Workplace from Facebook (using Azure Functions) |
No |
No |
| WsSecurityEvents_CL |
WithSecure Elements API (Azure Function) |
Yes |
Yes |
| ZeroFox_CTI_advanced_dark_web_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_botnet_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_breaches_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_C2_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_compromised_credentials_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_credit_cards_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_dark_web_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_discord_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_disruption_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_email_addresses_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_exploits_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_irc_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_malware_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_national_ids_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_phishing_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_phone_numbers_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_ransomware_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_telegram_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_threat_actors_CL |
ZeroFox CTI |
No |
No |
| ZeroFox_CTI_vulnerabilities_CL |
ZeroFox CTI |
No |
No |
| ZeroFoxAlertPoller_CL |
ZeroFox Enterprise - Alerts (Polling CCF) |
Yes |
Yes |
| ZimperiumThreatLog_CL |
Zimperium Mobile Threat Defense |
No |
No |
| ZNSegmentAuditNativePoller_CL |
Zero Networks Segment Audit |
No |
No |
| Zoom_CL |
Zoom Reports (using Azure Functions) |
Yes |
Yes |
| ZPA_CL |
Custom logs via AMA |
Yes |
Yes |