Search Results

Introduction  The GitHub integration collects events from the GitHub API.  https://docs.github.com/en/rest?apiVersion=2022-11-28  Logs Audit  The GitHub audit log records all events related to the GitHub organization.   To use this integratio...

Introduction  The Sysmon for Linux integration allows you to monitor the Sysmon for Linux, which is an open-source system monitor tool developed to collect security events from Linux environments.  Use the Sysmon for Linux integration to collect logs from li...

Introduction  With 1Password Business, you can send your account activity to your security information and event management (SIEM) system, using the 1Password Events API.  Get reports about 1Password activity, such as sign-in attempts and item usage, while y...

Introduction  The Windows integration allows you to monitor the Windows OS, services, applications, and more.  https://docs.microsoft.com/  Use the Windows integration to collect metrics and logs from your machine. Then visualize that data i...

Introduction  The Bitbucket integration collects audit logs from the audit log files or the audit API.  Reference:  https://developer.atlassian.com/server/bitbucket/reference/rest-api/   Assumptions  The procedures described in Section 3 assume tha...

Introduction  The AWS CloudTrail integration allows you to monitor AWS CloudTrail  Reference: https://aws.amazon.com/cloudtrail/   Use the AWS CloudTrail integration to collect and parse logs related to account activity across your AWS infrastructure. Then ...

Introduction  The Amazon GuardDuty integration collects and parses data from Amazon GuardDuty Findings REST APIs.  The Amazon GuardDuty integration can be used in three different modes to collect data:  HTTP REST API - Amazon GuardDuty pushes logs d...

Introduction  The AWS Security Hub integration collects and parses data from AWS Security Hub REST APIs.  Assumptions  The procedures described in Section 3 assumes that a Log Collector has already been setup.   Compatibility  This module ...

Introduction  This document shows information related to AWS Integration.   The AWS integration is used to fetch logs and metrics from Amazon Web Services.  The usage of the AWS integration is to collect metrics and logs across many AWS services managed by ...

Introduction  Cisco Meraki offers a centralized cloud management platform for all Meraki devices such as MX Security Appliances, MR Access Points and so on. Its out-of-band cloud architecture creates secure, scalable, and easy-to-deploy networks that can be m...

Introduction  Secure Endpoint offers cloud-delivered, advanced endpoint detection and response across multidomain control points to rapidly detect, contain, and remediate advanced threats.  Assumptions  The procedures described in Section 3 assume tha...

Introduction  Cisco Umbrella is a cloud security platform that provides an additional line of defense against malicious software and threats on the internet by using threat intelligence. That intelligence helps prevent adware, malware, botnets, phishing attac...

Introduction  Cloudflare integration uses Cloudflare's API to retrieve audit logs and traffic logs from Cloudflare, for a particular zone, and ingest them into Elasticsearch. This allows you to search, observe and visualize the Cloudflare log events through E...

Introduction  This integration is for CrowdStrike products. It includes the following datasets for receiving logs:  falcon dataset consists of endpoint data and Falcon platform audit data forwarded from Falcon SIEM Connector.  fdr dataset consists of logs f...

Introduction  Connecting Dropbox  Use the Workplace Search Dropbox connector to automatically capture, sync and index the following items from your Dropbox service:  Stored Files  Including ID, File Metadata, File Content, Updated by, and timestamps.  Dro...

Introduction  This document shows information related to F5 Integration.   The F5 BIG-IP integration allows users to monitor LTM, AFM, APM, ASM, and AVR activity. F5 BIG-IP covers software and hardware designed around application availability, access control...

Introduction  This integration is for Fortinet FortiGate logs sent in the syslog format.  Assumptions  The procedures described in Section 3 assumes that a Log Collector has already been setup.   Compatibility This integration has been tested against Fo...

Introduction  This document shows information related to GCP Integration.   The Google Cloud integration collects and parses Google Cloud Audit Logs, VPC Flow Logs, Firewall Rules Logs and Cloud DNS Logs that have been exported from Cloud Logging to a Google...

Introduction  Introduced in GitLab Starter 8.4. Support for Amazon Elasticsearch was introduced in GitLab Starter 9.0.  This document describes how to set up Elasticsearch with GitLab. Once enabled, you'll have the benefit of fast search response times and t...

Introduction  Google Workspace (formerly G Suite) is a suite of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google. It allows users to create, edit, and share documents, spreadsheets, presentations, a...