Extension_Interface.md

Extension Interface

Description

This interface defines any additional context elements that help describe the activity. The extension layer preserves fields that were not essential to describing the subject or activity, but are still represented in the log source. Extensions can contain two definitions. One contains schema fields, which are the fields required for any log from a given data source. The other definition contains activity type mapping, which includes the fields required for a specific activity type from a given data source.

Data Sources

• NG Analytics
• abnormal inbound email protection
• absolute
• accellion kiteworks
• access it universal.net
• aci
• adaxes
• advanced analytics
• airlock waf
• airwatch
• akamai technologies
• alert logic
• algosec
• amazon aws guardduty
• anyconnect
• anywhere365
• apache guacamole
• apache subversion (svn)
• apc
• appsense application manager
• aruba clearpass policy manager
• aruba mobility master
• aruba network mobility controller
• aruba wireless controller
• assetview
• assetview assetview
• asupim
• atlassian bitbucket
• audit log
• auditbeat
• auth0
• avaya ethernet routing switch
• avaya vpn
• aviglion acm
• aws cloudtrail
• axway sftp
• azure activity log
• azure monitor
• azure resource log (blob storage)
• azure resource log (keyvault)
• badge
• barracuda cloudgen firewall
• beyondtrust
• bind
• bitdefender gravityzone
• bitglass casb
• blackberry protect
• bloxone ddi
• blue coat proxysg
• bluecat networks
• botsink
• box cloud content management
• brivo
• bro
• bromium secure platform
• ca privileged access manager server control
• carbon black app control
• carbon black ces
• carbon black edr
• cassandra
• cato cloud
• catonetworks
• ccure building management system
• cds
• centrify audit and monitoring service
• centrify authentication service
• centrify infrastructure services
• centrify zero trust privilege services
• centrylink adaptive threat intelligence
• check point endpoint security
• check point identity awareness
• check point ngfw
• check point security gateway
• check point threat prevention
• cimtrak
• cisco acs
• cisco adaptive security appliance
• cisco adc
• cisco advanced malware protection (amp) for endpoints
• cisco advanced malware protection (amp) for networks
• cisco airespace
• cisco cloud web security
• cisco cloudlock
• cisco dhcp
• cisco firepower
• cisco ios
• cisco ise
• cisco meraki mx
• cisco meraki mx appliance
• cisco netflow
• cisco secure email
• cisco secure web appliance
• cisco stealthwatch (lancope)
• cisco umbrella
• cisco unified communications manager
• citrix endpoint management
• citrix gateway
• citrix gateway connector for exchange activesync
• citrix sharefile
• citrix virtual apps
• citrix virtual desktop
• citrix web app firewall
• clearsense
• clearswift secure email gateway
• clientview
• cloud akamai
• cloudflare insights
• cloudflare waf
• code42 incydr
• cofense phishme
• cognitas crosslink
• cohesity dataplatform
• contrast security secure code platform
• correlation rule
• cortex xdr
• cyberark endpoint privilege manager
• cyberark privilege access manager
• cyberark privileged access manager
• cybereason xdr
• cylance protect
• damballa failsafe
• darktrace
• darktrace enterprise immune system
• data security platform
• datawatch
• deep discovery inspector
• deep security
• digipass for apps
• digital arts i-filter for business
• digital guardian endpoint protection
• digital guardian network dlp
• dropbox
• dtex intercept
• duo access security
• edgewave iprism
• edirectory
• edocs
• egnyte
• elastic endpoint security
• emc isilon
• emp
• endpoint
• epic siem
• esector defesa logger
• eset
• eset endpoint security
• eset protect
• event viewer - adfs
• event viewer - dhcp-client
• event viewer - dhcp-server
• event viewer - dnsserver
• event viewer - nps
• event viewer - powershell
• event viewer - printservice
• event viewer - security
• event viewer - system
• event viewer - terminalservices-gateway
• extrahop reveal(x) 360
• eyeinspect
• f-secure elements
• f5 access policy manager
• f5 application security manager (asm)
• f5 big-ip advanced firewall module (afm)
• f5 big-ip application security manager (asm)
• f5 big-ip dns
• f5 silverline
• falcon
• fast enterprises gentax
• fidelis cybersecurity elevate
• fidelis xps
• fileauditor
• filesite
• fireeye (trellix) endpoint security (hx)
• forcepoint casb
• forcepoint dlp
• forcepoint insider threat
• forcepoint next-gen firewall
• forescount counteract
• forescout counteract
• fortiauthenticator
• fortinet enterprise firewall
• fortinet fortiedr
• fortinet fortigate ngfw
• fortinet fortiweb
• fortinet utm
• fortinet vpn
• ftp
• galaxy
• gallagher access control
• gamma dlp
• gcp cloud audit
• gemalto mfa
• generic badge access
• github
• globalprotect
• gmail
• goanywhere mft
• google
• google apps
• google calendar
• google cloud ids
• google cloud platform
• google drive
• google virtual private cloud
• gravityzone
• gtb gtbinspector
• guardium
• hashicorp vault
• hcl notes
• honeywell pro-watch
• honeywell siama
• honeywell win-pak
• hornet security 365 total protection
• hornetsecurity cloud email security services
• hp laserjet printer
• hp print server
• hp safecom
• hp sure click enterprise
• hp virtual connect enterprise manager
• hpe comware
• huawei enterprise network firewall
• huawei unified security gateway
• ibm db2
• ibm endpoint manager
• ibm infosphere guardium
• ibm proventia network ips
• ibm qradar network security
• ibm resource access control facility
• ibm sense
• iboss cloud
• icdb
• icpam
• identityguard
• identitynow
• identiv
• illumio core
• imanage
• imperva counterbreach
• imperva data security
• imperva file activity monitoring
• imperva incapsula
• imperva securesphere
• imprivata
• imss
• imsva
• infoblox
• infoblox nios
• infowatch dlp
• inky anti-phishing
• iptables
• ironnet irondefense
• ironport email
• ironport web security
• ivanti mobileiron
• ixia threatarmor
• jh
• johnson controls p2000
• juniper networks advanced threat prevention
• juniper networks srx
• juniper networks srx gateway
• juniper pulse secure
• juniper srx series
• kaba exos
• kaspersky av
• kaspersky endpoint security for business
• kaspersky enterprise security
• kemp load balancer
• kemp loadmaster
• kemp virtual loadmaster load balancer
• kiteworks
• lanscope cat
• lastline (vmware) lastline defender
• lastpass
• leap
• lenel onguard
• lexmark
• logbinder for sharepoint
• logrhythm
• lumension
• lyrix
• m365 audit logs
• macos
• malwarebytes endpoint detection and response
• malwarebytes endpoint protection
• mariadb
• mastersam pam
• mcafee (trellix) endpoint security
• mcafee dlp
• mcafee endpoint security
• mcafee mdam
• mcafee skyhigh casb
• megaflex
• microsoft advanced threat analytics (ata)
• microsoft advanced threat protection
• microsoft applocker
• microsoft azure
• microsoft azure active directory identity protection
• microsoft azure advanced threat protection
• microsoft azure eventhub
• microsoft azure security center
• microsoft cas
• microsoft cloud app security
• microsoft defender
• microsoft defender advanced threat protection
• microsoft defender antivirus
• microsoft defender for endpoint
• microsoft exchange
• microsoft graph
• microsoft iis
• microsoft office 365
• microsoft rras
• microsoft sysmon
• microsoft web application proxy
• microsoft windows
• microsoft windows defender
• mimecast secure email gateway
• mimecast targeted threat protection - url
• morphisec guard
• moveit transfer
• msdhcp
• mssql
• mvision
• mysql
• n3k
• namespace rdirectory
• nasuni
• ncp
• net2door
• netapp
• netdocs
• netiq
• netiq edirectory
• netmotion wireless
• netskope netskope
• netskope security cloud
• netwrix auditor
• nexthink nexthink experience
• nnt changetracker
• nokia vitalqip
• nortel contivity vpn
• observeit
• officescan
• okta adaptive mfa
• okta multi-factor authentication
• onapsis
• onapsis onapsis
• one identity manager
• onelogin
• onespan sign
• onguard
• open vpn
• opendj ldap
• openvms
• oracle access management
• oracle access manager
• oracle database
• oracle public cloud
• ordr sce
• osirium
• ossec ossec+
• ovirt
• palo alto aperture
• palo alto networks aperture
• palo alto networks cortex
• palo alto networks magnifier
• palo alto networks ngfw
• palo alto networks prisma cloud
• palo alto networks traps
• palo alto networks wildfire
• palo alto ngfw
• password manager pro
• perforce
• pfsense
• phantom
• pharos
• ping identity
• pinsafe
• portnox clear
• postfix
• postgresql
• postscript
• powersentry
• powertech identity & access manager
• proofpoint casb
• proofpoint enterprise protection
• proofpoint insider threat management
• proxysg
• qualys vulnerability management, detection, and response
• quest change auditor for active directory
• quest intrust
• radius
• rangeraudit
• rapid7 nexpose
• red canary managed detection and response (mdr)
• remotelyanywhere
• ricoh printer
• rightcrowd
• rs2 technologies
• rsa authentication manager
• rsa dlp
• rsa netwitness endpoint
• rsa netwitness platform
• ruckus
• ruid
• safend data protection suite (dps)
• safend dps
• safesend
• sailpoint fam
• salesforce
• sangfor ngaf
• sap
• search
• seclore
• secure computing safeword
• secureauth login
• secureenvoy multi-factor authentication
• securelink
• securenet
• secureworks isensor ips
• securid
• securityexpert
• securityiq
• sensormatik
• sentinel ips outpost
• sentinelone singularity
• servicenow
• sftp
• shibboleth
• siemens access control
• sigsci
• silverfort authentication platform
• singularity platform
• skyhigh casb
• skysea clientview
• slack
• smg
• snort ids
• snowflake
• solaris
• sonarg
• sonicwall
• sonicwall firewall
• sophos endpoint protection
• sophos intercept x endpoint
• sophos utm
• sophos xg firewall
• specops password
• splunk stream
• squid
• stealthintercept
• sterling b2b integrator
• sunone ldap
• suricata ids
• swift
• swipes
• sybase
• symamtec (broadcom) advanced threat protection
• symamtec (broadcom) cloud analysis and sandboxing
• symamtec (broadcom) email security.cloud
• symamtec (broadcom) endpoint security
• symamtec (broadcom) managed security services
• symamtec (broadcom) mobile threat defense
• symantec advanced threat protection
• symantec cloudsoc
• symantec critical system protection
• symantec dlp
• symantec email security
• symantec endpoint protection
• symantec fireglass
• symantec siteminder
• symantec vip
• symantec virtual secure web gateway
• symantec web security service
• symmetry access control
• synology nas
• sysmon
• tanium core platform
• tanium integrity monitor
• tanium tanium endpoint platform
• tanium threat response
• targeted attack platform
• tenable vulnerability management
• teradata rdbms
• terraform
• thycotic software secret server
• timelox
• titanftp
• trapx
• trapx tsoc
• trellix email security (ex)
• trellix endpoint security (helix)
• trellix endpoint security (hx)
• trellix enterprise security manager
• trellix helix
• trellix intelligent sandbox
• trellix network security (nx)
• trellix network security platform (ips)
• trend micro cloud app security
• trend micro deep discovery inspector
• trend micro interscan web security
• trend micro intrusion prevention (ips)
• trend micro officescan
• trend micro scanmail
• trend micro tippingpoint ngips
• tripwire enterprise
• tufin securetrack
• unix
• unix auditd
• unix sendmail
• usb
• vanderbilt
• varonis data security platform
• vbcorp vbcorp+a1228:a1254
• vectra cognito detect
• vectra cognito stream
• verizon network detection & response
• virtru
• vmware airwatch
• vmware app control
• vmware carbon black app control
• vmware carbon black edr
• vmware carbon black endpoint
• vmware esxi
• vmware horizon
• vmware identity manager
• vmware nsx
• vmware vcenter
• vmware view
• vormetric
• watchguard
• wazuh siem
• weblogin
• webmail owa
• websense security gateway
• windows defender
• workday
• xceedium
• xerox
• xps
• xsuite
• zebra wlan management
• zeek
• zoom
• zscaler internet access
• zscaler private access