Supported Devices/Products Matrix
Data ingestion
The following matrix shows the products currently supported by Fluency SIEM, along with the type of data ingress/integration.
Vendor | Product | API | Https (HEC) | Syslog | Misc | Date Updated |
---|---|---|---|---|---|---|
Acronis | Cyber Protect Cloud | Y* | 2023-Jul | |||
Avatier | AIMS | Y | ||||
Avanan | Email Security | * via AWS-S3 | ||||
AWS | CloudTrail | Y | ||||
CloudWatch Logs | Y | |||||
CloudWatch Metrics | * | PureCloudOps | ||||
Barracuda | Firewall | Y | ||||
Bitdefender | GravityZone | Y* | ||||
BlackBerry | CylancePROTECT | Y | 2023-Jul | |||
Broadcom | Symantec EPC | Y | ||||
Cisco | ASA | Y | ||||
AMP | Y | |||||
Defense Orch. (CDO) | Y* | |||||
ISE | Y | |||||
FTD (Firepower) | Y | |||||
Meraki | Y* | Y | ||||
Umbrella(OpenDNS) | Cisco-managed S3 | |||||
Citrix | NetScaler | Y | 2021-Oct | |||
Check Point | Firewall (NGFW) | Y | ||||
Sandblast | Y | |||||
Coro | Cybersecurity | Y | 2023-Sep | |||
CrowdStrike | Falcon EDR | Y | ||||
Darktrace | Darktrace | Y* | ||||
Digital Defense | Frontline VM | Y* | ||||
Duo Security | Audit API | Y | ||||
EdgeCast | Firewall (CDN) | * via AWS-S3 | ||||
EclecticIQ | - | Y | ||||
FireEye | ETP (email) | Y | ||||
HX (endpoint) | Y | |||||
Fortinet | FortiAnalyzer | Y | ||||
Fortigate NGFW | Y | |||||
Foritnet Cloud | - | |||||
Frontline | Vulnerability Mgmt | Y* | ||||
G-Suite (Workspace) | Y | Audit API | ||||
Imperva | Incapsula | Y* | via AWS-S3 | |||
Infoblox | DNS | Y | ||||
Linux | Syslog | Y | audispd / sshd | |||
dnsmasq (DNS) | Y | via rsyslog | ||||
McAfee | Web Gateway | Y | ||||
MVision | Y* | |||||
ePO | Y | |||||
Microsoft | Office365 (M365) | Y | Multiple APIs | |||
Azure EventHub | Y | |||||
Azure AD Audit | Y | |||||
Defender | Y | Defender Cloud / ATP | ||||
Windows EventLog | Y | * via NXLog agent | ||||
Windows LDAP | * requires local collector | |||||
Mimecast | Email Security | Y | ||||
Okta | Audit API | Y | ||||
PaloAlto | Firewall (NGFW) | Y | ||||
Cortex XDR | Y | |||||
GlobalProtect VPN | Y | |||||
Peplink | Router/Firewall | Y* | Y | w/ InControl API | ||
Ping Identity | PingFederate | Y | ||||
Proofpoint | Email Security | Y* | ||||
Qualys | Cloud Plateform | Y* | ||||
Salesforce | Event Monitoring | Y* | 2023-Oct | |||
SentinelOne | EDR | Y | Y | |||
CloudFunnel | * via AWS-S3 | 2023-Jun | ||||
Ranger | - | |||||
Seraphic | Browser Security | Y | 2023-Nov | |||
SonicWall | Firewall (NGFW) | Y | 2022-Mar | |||
Sophos | EDR | Y* | ||||
Firewall | Y | 2021-Dec | ||||
Tainium | Endpoint Security | Y* | ||||
Tenable | Vulnerability Mgmt | Y* | Tenable.io | |||
Trellix | Endpoint Security | Y* | ||||
Trend Micro | Apex Central | Y | ||||
Deep Security | Y | 2022-Jan | ||||
Worry-Free Security | - | no method available | ||||
VMware | Carbon Black | Y | ||||
Carbon Black PSC | Y | |||||
Zix | Email Security | Y* | ||||
Zoom | Video Conferencing | Y* | ||||
Syslog | Data Source (not listed above) | Y | *new parser upon request | |||
"*": Supported, but not enabled by default. Please contact Fluency Support to enable this integration for your instance.
Use the following link to: Create a Support Ticket
Event Notification
The following matrix shows the products currently supported by Fluency SIEM for event/notification export.
Vendor | Product | API | Webhook | Misc |
---|---|---|---|---|
SIEM Alert Export | ||||
Slack | Y | SIEM Alert Export | ||
PagerDuty | Y | Y | SIEM Alert Export |
Page last updated: 2023 Nov 14