Skip to content

Datasources for Nextgen CyberQuest

Source of log Technology Supported versions Notes
Network Data
switches Syslog Cisco IOS 12.0+, Juniper, HP, other vendors
routers Syslog Cisco, Juniper, Fortigate, Palo Alto, SonicWall, other vendors
firewalls Syslog Cisco ASA 9.1+, SonicWall 6.2+, Fortigate, CheckPoint, Sophos UTM, Palo Alto
wireless devices Syslog SonicPoint, Cisco WPA
proxy servers Syslog Microsoft Windows Proxy v4+, SQUID, IDS-IPS, NGINX, Apache, Microsoft IIS
intrusion prevention/detection systems Syslog Cisco ASA 9.1+, SonicWall 6.2+, F5, Juniper, Fortigate, FirePower, Snort, SonicWall 6.2
NetFlow NetFlow NetFlow v5, v9, SonicWall 6.2+, F5, Juniper, Fortigate
IPFIX IPFIX VMWare, other IPFIX vendors
Microsoft SQL Server WMI Querry MS SQL 2008 +
Oracle DB Querry Oracle 12c+
MySQL DB Querry Maria DB (My SQL) 5+
Firebird DB Querry 3.0.4+
PostgreSQL Syslog 9.0+
Operating Systems
Windows logs (application, security etc.) WMI Querry starting from Windows Server 2003 and Windows 7
Windows applications and services logs WMI Querry starting from Windows Server 2003 and Windows 7
Active Directory account attributes WMI Querry starting from Windows Server 2003
RedHat Syslog Operation Logs RedHat 5+
CentOS Syslog Operation Logs CentOS 5+
Debian Syslog Operation Logs Debian 7+
HP-UX Syslog Operation Logs 11iV3
Ubuntu Syslog Operation Logs 8+
SUSE Syslog Operation Logs 12+
Solaris Syslog Operation Logs 6.5+
IBM-AIX Syslog Operation Logs 7.1+
TMG log files 2010+
ISA SERVER log files 2006+
GitLab log files GitLab 11.7
Microsoft Exchange Exchange Tracking Log 2010+
Postfix Syslog Operation Logs 2.5.6+
Dovecoat Syslog Operation Logs 2.2+
web servers
Microsoft IIS log files 6+
Apache Syslog Operation Logs 2.4+
ngnix Syslog Operation Logs 0.4+
Apache Tomcat Syslog Operation Logs 8.0.53+
Physical Security
Genetec log files 5+
One Identity Safeguard Syslog Operation Logs 2.0+
Bitdefender GravityZone Syslog Operation Logs 5.1+
McAfee Syslog Operation Logs 10+
Amavis Syslog Operation Logs 2.8+
Video analytics modules
NEC Neoface DB Querry All versions
Custom security applications
Change Auditor WMI Querry 5.9
Data Loss Prevention (DLP)
Symantec Syslog Operation Logs 14.5+
Vulnerability Management Solutions
Nessus Syslog Operation Logs v6+
NetWrix Syslog Operation Logs 9+
LastLine Syslog Operation Logs All versions
Nexpose Syslog Operation Logs All versions
custom applications Syslog, log files etc. Custom development
Allien Vault Syslog format CEF 5.2.2+
ArcSight Syslog format CEF 6.11+
IBM QRadar Syslog format CEF 7.2.8+
LogRithm Syslog format CEF 7.2+
Quest InTrust Syslog format CEF 9.7+
McAfee Enterprise Security Syslog format CEF 10.1.2+
Splunk Syslog format CEF 6.5 +
Other appliances
hypervisors Custom development
VMWare Syslog 5.5+
HyperV WMI 2008+
UTM (Unified Threat Management)
Sophos Syslog Operation Logs 9.358+
Palo Alto Networks Introduces Cortex Api
AWS CloudTrail Api
Microsoft® Azure Log Analytics Syslog