|
AADManagedIdentitySignInLogs |
Microsoft Entra ID |
Yes |
Yes |
|
AADNonInteractiveUserSignInLogs |
Microsoft Entra ID |
Yes |
Yes |
|
AADProvisioningLogs |
Microsoft Entra ID |
Yes |
Yes |
|
AADRiskyServicePrincipals |
Microsoft Entra ID |
Yes |
Yes |
|
AADRiskyUsers |
Microsoft Entra ID |
Yes |
Yes |
|
AADServicePrincipalRiskEvents |
Microsoft Entra ID |
Yes |
Yes |
|
AADServicePrincipalSignInLogs |
Microsoft Entra ID |
Yes |
Yes |
|
AADUserRiskEvents |
Microsoft Entra ID |
Yes |
Yes |
|
ABAPAuditLog |
Pathlock Inc.: Rilevamento e risposta delle minacce per SAP
SAP S/4HANA Cloud Public Edition
Soluzione SecurityBridge per SAP |
Yes |
Yes |
| ABNORMAL_CASES_CL |
AbnormalSecurity (tramite la funzione Azure) |
NO |
NO |
| ABNORMAL_THREAT_MESSAGES_CL |
AbnormalSecurity (tramite la funzione Azure) |
NO |
NO |
|
ADFSSignInLogs |
Microsoft Entra ID |
Yes |
Yes |
| ADOAuditLogs_CL |
Azure DevOps log di controllo (tramite la piattaforma del connettore senza codice) |
Yes |
Yes |
| AIShield_CL |
AIShield |
NO |
NO |
|
AlertEvidence |
Microsoft Defender XDR |
Yes |
Yes |
| alertscompromisedcredentialdata_CL |
Netskope Data Connector |
NO |
NO |
| alertsctepdata_CL |
Netskope Data Connector |
NO |
NO |
| alertsdlpdata_CL |
Netskope Data Connector |
NO |
NO |
| alertsmalsitedata_CL |
Netskope Data Connector |
NO |
NO |
| alertsmalwaredata_CL |
Netskope Data Connector |
NO |
NO |
| alertspolicydata_CL |
Netskope Data Connector |
NO |
NO |
| alertsquarantinedata_CL |
Netskope Data Connector |
NO |
NO |
| alertsremediationdata_CL |
Netskope Data Connector |
NO |
NO |
| alertssecurityassessmentdata_CL |
Netskope Data Connector |
NO |
NO |
| alertsubadata_CL |
Netskope Data Connector |
NO |
NO |
| AliCloud_CL |
AliCloud (usando Azure Functions) |
NO |
NO |
| AliCloudActionTrailLogs_CL |
Alibaba Cloud ActionTrail (tramite Il framework del connettore codeless) |
Yes |
Yes |
| Anvilogic_Alerts_CL |
Anvilogico |
NO |
NO |
| ApacheHTTPServer_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
| ARGOS_CL |
Sicurezza Cloud ARGOS |
NO |
NO |
| argsentdc_CL |
Connettore Check Point Cyberint Alerts (tramite la piattaforma del connettore codeless) |
Yes |
Yes |
| Armis_Activities_CL |
attività di avvisi Armis (tramite Azure Functions) |
NO |
NO |
| Armis_Alerts_CL |
attività di avvisi Armis (tramite Azure Functions) |
NO |
NO |
| Armis_Devices_CL |
dispositivi Armis (con Azure Functions) |
NO |
NO |
|
ASimAuditEventLogs |
Attività utente workday |
Yes |
Yes |
|
ASimDnsActivityLogs |
Windows eventi DNS tramite AMA |
Yes |
Yes |
|
ASimNetworkSessionLogs |
Cisco Meraki (uso dell'API REST) |
Yes |
Yes |
| atlassian_beacon_alerts_CL |
Avvisi di Atlassian Beacon |
NO |
NO |
| Audit_CL |
Controllo Mimecast |
Yes |
Yes |
|
AuditLogs |
Microsoft Entra ID |
Yes |
Yes |
| Audits_Data_CL |
Vectra XDR (tramite Azure Functions) |
Yes |
Yes |
| Auth0AM_CL |
Auth0 Access Management (tramite Azure Functions) |
NO |
NO |
| Auth0Logs_CL |
Log di Auth0 (tramite Il framework del connettore senza codice) |
Yes |
Yes |
| Awareness_Performance_Details_CL |
Mimecast Awareness Training |
Yes |
Yes |
| Awareness_SafeScore_Details_CL |
Mimecast Awareness Training |
Yes |
Yes |
| Awareness_User_Data_CL |
Mimecast Awareness Training |
Yes |
Yes |
| Awareness_Watchlist_Details_CL |
Mimecast Awareness Training |
Yes |
Yes |
| AWSCloudFront_AccessLog_CL |
Amazon Web Services CloudFront (tramite Codeless Connector Framework) (anteprima) |
Yes |
Yes |
|
AWSCloudTrail |
Amazon Web Services S3
Amazon Web Services |
Yes |
Yes |
|
AWSCloudWatch |
Amazon Web Services S3 |
Yes |
Yes |
| AWSEKSLogs_CL |
AWS EKS Data Connector (tramite Il framework del connettore codeless) |
NO |
NO |
|
AWSGuardDuty |
Amazon Web Services S3 |
Yes |
Yes |
|
AWSNetworkFirewallFlow |
Amazon Web Services NetworkFirewall (tramite Il framework del connettore codeless) |
Yes |
Yes |
|
AWSRoute53Resolver |
Amazon Web Services S3 DNS Route53 (tramite Framework del connettore codeless) |
Yes |
Yes |
|
AWSS3ServerAccess |
Log di accesso al server AWS S3 (tramite Il framework del connettore senza codice) |
Yes |
Yes |
|
AWSSecurityHubFindings |
Risultati dell'hub di sicurezza di AWS (tramite Il framework del connettore senza codice) |
Yes |
Yes |
|
AWSVPCFlow |
Amazon Web Services S3 |
Yes |
Yes |
|
AWSWAF |
Amazon Web Services S3 WAF |
Yes |
Yes |
|
AZFWApplicationRule |
Firewall di Azure |
Yes |
Yes |
|
AZFWDnsQuery |
Firewall di Azure |
Yes |
Yes |
|
AZFWFatFlow |
Firewall di Azure |
Yes |
Yes |
|
AZFWFlowTrace |
Firewall di Azure |
Yes |
Yes |
|
AZFWIdpsSignature |
Firewall di Azure |
Yes |
Yes |
|
AZFWInternalFqdnResolutionFailure |
Firewall di Azure |
Yes |
Yes |
|
AZFWNatRule |
Firewall di Azure |
Yes |
Yes |
|
AZFWNetworkRule |
Firewall di Azure |
Yes |
Yes |
|
AZFWThreatIntel |
Firewall di Azure |
Yes |
Yes |
|
AzureActivity |
Attività Azure |
NO |
NO |
|
AzureDiagnostics |
Azure Batch Account
Ricerca cognitiva di Azure
Azure Protezione DDoS
Azure Hub eventi
Firewall di Azure
Azure Key Vault
Servizio Azure Kubernetes (AKS)
App per la logica di Azure
database Azure SQL
Bus di servizio di Azure
Analisi di flusso di Azure
Web application firewall di Azure (WAF)
Gruppi di sicurezza di rete |
NO |
NO |
|
AzureMetrics |
Account di archiviazione di Azure |
NO |
NO |
| BetterMTDAppLog_CL |
BETTER Mobile Threat Defense (MTD) |
NO |
NO |
| BetterMTDDeviceLog_CL |
BETTER Mobile Threat Defense (MTD) |
NO |
NO |
| BetterMTDIncidentLog_CL |
BETTER Mobile Threat Defense (MTD) |
NO |
NO |
| BetterMTDNetflowLog_CL |
BETTER Mobile Threat Defense (MTD) |
NO |
NO |
| BeyondTrustPM_ActivityAudits_CL |
BeyondTrust PM Cloud |
Yes |
Yes |
| BeyondTrustPM_ClientEvents_CL |
BeyondTrust PM Cloud |
Yes |
Yes |
| BigIDDSPMCatalog_CL |
Connettore DSPM BigID |
Yes |
Yes |
| BitglassLogs_CL |
Bitglass (usando Azure Functions) |
NO |
NO |
| BitsightAlerts_data_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitsightBreaches_data_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitsightCompany_details_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitsightCompany_rating_details_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitsightDiligence_historical_statistics_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitsightDiligence_statistics_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitsightFindings_data_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitsightFindings_summary_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitsightGraph_data_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitsightIndustrial_statistics_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitsightObservation_statistics_CL |
connettore dati Bitsight (tramite Azure Functions) |
Yes |
Yes |
| BitwardenEventLogs |
Log eventi bitwarden |
NO |
NO |
| BoxEvents_CL |
Box (usando Azure Functions) |
NO |
NO |
| BoxEventsV2_CL |
Eventi Box (CCP) |
Yes |
Yes |
| CarbonBlack_Alerts_CL |
VMware Carbon Black Cloud tramite AWS S3 (tramite Framework del connettore codeless) |
NO |
NO |
| CarbonBlackAuditLogs_CL |
VMware Carbon Black Cloud (usando Azure Functions) |
NO |
NO |
| CarbonBlackEvents_CL |
VMware Carbon Black Cloud (usando Azure Functions) |
NO |
NO |
| CarbonBlackNotifications_CL |
VMware Carbon Black Cloud (usando Azure Functions) |
NO |
NO |
| CBSLog_AzureV2_CL |
CTM360 CyberBlindSpot (serverless) |
NO |
NO |
| Cisco_Umbrella_audit_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
NO |
NO |
| Cisco_Umbrella_cloudfirewall_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
Yes |
Yes |
| Cisco_Umbrella_dlp_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
NO |
NO |
| Cisco_Umbrella_dns_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
Yes |
Yes |
| Cisco_Umbrella_fileevent_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
NO |
NO |
| Cisco_Umbrella_firewall_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
Yes |
Yes |
| Cisco_Umbrella_intrusion_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
NO |
NO |
| Cisco_Umbrella_ip_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
Yes |
Yes |
| Cisco_Umbrella_proxy_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
Yes |
Yes |
| Cisco_Umbrella_ravpnlogs_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
NO |
NO |
| Cisco_Umbrella_ztaflow_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
NO |
NO |
| Cisco_Umbrella_ztna_CL |
Cisco Cloud Security (usando Azure Functions)
Cisco Cloud Security (con piano Premium elastico) (usando Azure Functions) |
NO |
NO |
| CiscoDuo_CL |
Cisco Duo Security (tramite Azure Functions) |
NO |
NO |
| CiscoETD_CL |
Cisco ETD (tramite Azure Functions) |
NO |
NO |
| CiscoSDWANNetflow_CL |
Cisco Software Defined WAN |
NO |
NO |
| CiscoSecureEndpointAuditLogsV2_CL |
Cisco Secure Endpoint (tramite Il framework del connettore codeless) |
Yes |
Yes |
| CiscoSecureEndpointEventsV2_CL |
Cisco Secure Endpoint (tramite Il framework del connettore codeless) |
Yes |
Yes |
| Cloud_Integrated_CL |
Mimecast Cloud Integrated |
Yes |
Yes |
|
CloudAppEvents |
Microsoft Defender XDR |
Yes |
Yes |
| Cloudflare_CL |
Cloudflare (anteprima) (con Azure Functions) |
Yes |
Yes |
| CloudflareV2_CL |
Cloudflare (uso del contenitore BLOB) (tramite Il framework del connettore senza codice) |
Yes |
Yes |
| CloudGuard_SecurityEvents_CL |
Check Point CloudGuard CNAPP Connector per Microsoft Sentinel |
Yes |
Yes |
| CognniIncidents_CL |
Cognni |
Yes |
Yes |
| Cohesity_CL |
Cohesity (usando Azure Functions) |
Yes |
Yes |
|
CommonSecurityLog |
Cisco ASA/FTD tramite AMA
Claroty xDome
Infoblox Cloud Data Connector tramite AMA
Infoblox SOC Insight Data Connector tramite AMA
Console di amministrazione di Silverfort
VirtualMetric DataStream per Microsoft Sentinel data lake
VirtualMetric DataStream per Microsoft Sentinel
VirtualMetric Director Proxy
[Deprecato] Infoblox SOC Insight Data Connector tramite agente legacy |
Yes |
Yes |
| CommvaultAlerts_CL |
CommvaultSecurityIQ |
Yes |
Yes |
| ConfluenceAuditLogs_CL |
Controllo di Atlassian Confluence (tramite Il framework del connettore senza codice) |
Yes |
Yes |
| ContrastADR_CL |
ContrastADR |
NO |
NO |
| ContrastADRIncident_CL |
ContrastADR |
NO |
NO |
|
CopilotActivity |
Microsoft Copilot |
NO |
Yes |
| Corelight |
Utilità di esportazione del connettore Corelight |
NO |
NO |
| CortexXDR_Incidents_CL |
Cortex XDR - Eventi imprevisti |
Yes |
Yes |
| CortexXpanseAlerts_CL |
Palo Alto Cortex Xpanse (tramite Il framework del connettore codeless) |
Yes |
Yes |
| CriblInternal_CL |
Cribl |
NO |
NO |
| CrowdStrike_Additional_Events_CL |
CrowdStrike Falcon Data Replicator (AWS S3) (tramite Codeless Connector Framework) |
Yes |
Yes |
|
CrowdStrikeAlerts |
Connettore dati dell'API CrowdStrike (tramite Il framework del connettore codeless) |
Yes |
Yes |
| CrowdStrikeReplicatorV2 |
CrowdStrike Falcon Data Replicator (CrowdStrike Managed AWS-S3) (uso di Azure Functions) |
NO |
NO |
| CyberArk_AuditEvents_CL |
CyberArk Audit
CyberArkAudit (tramite Azure Functions) |
Yes |
Yes |
| CyberpionActionItems_CL |
Log di sicurezza IONIX (tramite Il framework del connettore senza codice)
[DEPRECATO] Log di sicurezza IONIX (push) |
NO |
NO |
| CyberSixgill_Alerts_CL |
Avvisi interattivi Cybersixgill Actionable (tramite Azure Functions) |
NO |
NO |
| CybleVisionAlerts_CL |
Avvisi di Visione artificiale cible |
NO |
NO |
| CyeraAssets_CL |
Connettore dati Cyera DSPM di Microsoft Sentinel |
NO |
NO |
| CyeraAssets_MS_CL |
Connettore dati Cyera DSPM di Microsoft Sentinel |
NO |
NO |
| CyeraClassifications_CL |
Connettore dati Cyera DSPM di Microsoft Sentinel |
NO |
NO |
| CyeraIdentities_CL |
Connettore dati Cyera DSPM di Microsoft Sentinel |
NO |
NO |
| CyeraIssues_CL |
Connettore dati Cyera DSPM di Microsoft Sentinel |
NO |
NO |
| CyfirmaASCertificatesAlerts_CL |
Superficie di attacco CYFIRMA |
Yes |
Yes |
| CyfirmaASCloudWeaknessAlerts_CL |
Superficie di attacco CYFIRMA |
Yes |
Yes |
| CyfirmaASConfigurationAlerts_CL |
Superficie di attacco CYFIRMA |
Yes |
Yes |
| CyfirmaASDomainIPReputationAlerts_CL |
Superficie di attacco CYFIRMA |
Yes |
Yes |
| CyfirmaASDomainIPVulnerabilityAlerts_CL |
Superficie di attacco CYFIRMA |
Yes |
Yes |
| CyfirmaASOpenPortsAlerts_CL |
Superficie di attacco CYFIRMA |
Yes |
Yes |
| CyfirmaBIDomainITAssetAlerts_CL |
CYFIRMA Brand Intelligence |
Yes |
Yes |
| CyfirmaBIExecutivePeopleAlerts_CL |
CYFIRMA Brand Intelligence |
Yes |
Yes |
| CyfirmaBIMaliciousMobileAppsAlerts_CL |
CYFIRMA Brand Intelligence |
Yes |
Yes |
| CyfirmaBIProductSolutionAlerts_CL |
CYFIRMA Brand Intelligence |
Yes |
Yes |
| CyfirmaBISocialHandlersAlerts_CL |
CYFIRMA Brand Intelligence |
Yes |
Yes |
| CyfirmaCampaigns_CL |
CYFIRMA Cyber Intelligence |
Yes |
Yes |
| CyfirmaCompromisedAccounts_CL |
Account compromessi CYFIRMA |
Yes |
Yes |
| CyfirmaDBWMDarkWebAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaDBWMPhishingAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaDBWMRansomwareAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaIndicators_CL |
CYFIRMA Cyber Intelligence |
Yes |
Yes |
| CyfirmaMalware_CL |
CYFIRMA Cyber Intelligence |
Yes |
Yes |
| CyfirmaSPEConfidentialFilesAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaSPEPIIAndCIIAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaSPESocialThreatAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaSPESourceCodeAlerts_CL |
CYFIRMA Digital Risk |
Yes |
Yes |
| CyfirmaThreatActors_CL |
CYFIRMA Cyber Intelligence |
Yes |
Yes |
| CyfirmaVulnerabilities_CL |
Intelligence sulle vulnerabilità CYFIRMA |
Yes |
Yes |
| Cymru_Scout_Account_Usage_Data_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_Domain_Data_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_Communications_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_Details_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_Fingerprints_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_Foundation_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_OpenPorts_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_PDNS_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_Summary_Certs_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_Summary_Details_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_Summary_Fingerprints_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_Summary_OpenPorts_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_Summary_PDNS_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| Cymru_Scout_IP_Data_x509_CL |
Team Cymru Scout Data Connector (tramite Azure Functions) |
NO |
NO |
| CynerioEvent_CL |
Eventi di sicurezza Cynerio |
NO |
NO |
| Cyren_Indicators_CL |
Cyren Threat Intelligence |
NO |
NO |
| darktrace_model_alerts_CL |
Darktrace Connector per Microsoft Sentinel API REST |
Yes |
Yes |
| databahn_alerts_CL |
DataBahn |
NO |
NO |
| databahn_audit_logs_CL |
DataBahn |
NO |
NO |
| databahn_device_inventory_CL |
DataBahn |
NO |
NO |
| DataminrPulse_Alerts_CL |
Dataminr Pulse Alerts Data Connector (tramite Azure Functions) |
NO |
NO |
|
DataverseActivity |
Microsoft Dataverse |
Yes |
Yes |
| datawizaserveraccess_CL |
Datawiza DAP |
NO |
NO |
| Detections_Data_CL |
Vectra XDR (tramite Azure Functions) |
Yes |
Yes |
|
DeviceEvents |
Microsoft Defender XDR |
Yes |
Yes |
| DigitalShadows_CL |
Digital Shadows Searchlight (tramite Azure Functions) |
Yes |
Yes |
|
DnsEvents |
DNS |
Yes |
Yes |
|
DnsInventory |
DNS |
Yes |
Yes |
| DoppelTable_CL |
Connettore dati Doppel |
NO |
NO |
| dossier_atp_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_atp_threat_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_dns_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_geo_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_infoblox_web_cat_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_inforank_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_malware_analysis_v3_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_nameserver_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_nameserver_matches_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_ptr_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_rpz_feeds_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_rpz_feeds_records_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_threat_actor_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_tld_risk_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_whitelist_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| dossier_whois_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| DragosAlerts_CL |
Notifiche di Dragos tramite Cloud Sitestore |
Yes |
Yes |
| DruvaSecurityEvents_CL |
Connettore di eventi Druva |
Yes |
Yes |
| Dynamics365Activity |
Dynamics365 |
Yes |
NO |
| DynatraceAttacks_CL |
Attacchi Dynatrace |
NO |
NO |
| DynatraceAuditLogs_CL |
Log di controllo Dynatrace |
Yes |
Yes |
| DynatraceProblems_CL |
Problemi di Dynatrace |
NO |
NO |
| DynatraceSecurityProblems_CL |
Vulnerabilità del runtime Dynatrace |
NO |
NO |
| ElasticAgentEvent |
Agente elastico (autonomo) |
NO |
NO |
|
EmailEvents |
Microsoft Defender XDR |
Yes |
Yes |
| Entities_Data_CL |
Vectra XDR (tramite Azure Functions) |
Yes |
Yes |
| Entity_Scoring_Data_CL |
Vectra XDR (tramite Azure Functions) |
Yes |
Yes |
| ErmesBrowserSecurityEvents_CL |
Eventi di sicurezza del browser Ermes |
Yes |
Yes |
| ESIExchangeConfig_CL |
Agente di raccolta locale di Exchange Security Insights |
NO |
NO |
| ESIExchangeOnlineConfig_CL |
Exchange Security Insights Online Collector (tramite Azure Functions) |
NO |
NO |
|
Evento |
WebCTRL per la logica automatizzata
Microsoft Exchange Log di controllo amministratore per log eventi
Microsoft Exchange log ed eventi
[Deprecato] Microsoft Exchange log ed eventi |
Yes |
NO |
| eventsapplicationdata_CL |
Netskope Data Connector |
NO |
NO |
| eventsauditdata_CL |
Netskope Data Connector |
NO |
NO |
| eventsconnectiondata_CL |
Netskope Data Connector |
NO |
NO |
| eventsincidentdata_CL |
Netskope Data Connector |
NO |
NO |
| eventsnetworkdata_CL |
Netskope Data Connector |
NO |
NO |
| eventspagedata_CL |
Netskope Data Connector |
NO |
NO |
| ExchangeHttpProxy_CL |
Microsoft Exchange log proxy HTTP
[Deprecato] Microsoft Exchange log ed eventi |
Yes |
Yes |
| ExtraHop_Detections_CL |
connettore dati ExtraHop Detections (tramite Azure Functions) |
NO |
NO |
| F5Telemetry_ASM_CL |
F5 BIG-IP |
NO |
NO |
| F5Telemetry_LTM_CL |
F5 BIG-IP |
NO |
NO |
| F5Telemetry_system_CL |
F5 BIG-IP |
Yes |
Yes |
| Failed_Range_To_Ingest_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| feedly_indicators_CL |
Feedly IoC |
NO |
NO |
| FinanceOperationsActivity_CL |
Dynamics 365 Finance e operazioni |
Yes |
Yes |
| FireworkV2_CL |
Connettore push Flare |
Yes |
Yes |
| fluentbit_CL |
Azure CloudNGFW di Palo Alto Networks |
Yes |
Yes |
| FncEventsDetections_CL |
Fortinet FortiNDR Cloud |
NO |
NO |
| FncEventsObservation_CL |
Fortinet FortiNDR Cloud |
NO |
NO |
| FncEventsSuricata_CL |
Fortinet FortiNDR Cloud |
NO |
NO |
| ForcepointDLPEvents_CL |
Forcepoint DLP |
NO |
NO |
| ForescoutEvent |
Forescout |
NO |
NO |
| ForescoutHostProperties_CL |
Monitoraggio proprietà host Forescout |
Yes |
Yes |
| Garrison_ULTRARemoteLogs_CL |
Garrison ULTRA Remote Logs (tramite Azure Functions) |
NO |
NO |
|
GCPApigee |
Google ApigeeX (tramite Codeless Connector Framework) |
Yes |
Yes |
|
GCPAuditLogs |
Log di controllo GCP pub/sub |
Yes |
Yes |
|
GCPCDN |
Rete CDN di Google Cloud Platform (tramite Codeless Connector Framework) |
Yes |
Yes |
|
GCPCloudRun |
Esecuzione cloud GCP (tramite Framework del connettore codeless) |
Yes |
Yes |
|
GCPCloudSQL |
GCP Cloud SQL (tramite Il framework del connettore codeless) |
Yes |
Yes |
|
GCPComputeEngine |
Google Cloud Platform Compute Engine (tramite Codeless Connector Framework) |
Yes |
Yes |
|
GCPDNS |
DNS di Google Cloud Platform (tramite Codeless Connector Framework) |
Yes |
Yes |
|
GCPIAM |
Google Cloud Platform IAM (tramite Codeless Connector Framework) |
Yes |
Yes |
|
GCPIDS |
Google Cloud Platform Cloud IDS (tramite Codeless Connector Framework) |
Yes |
Yes |
| GCPLoadBalancerLogs_CL |
Log di GCP Pub/Sub Load Balancer (tramite la piattaforma del connettore senza codice). |
Yes |
Yes |
|
GCPMonitoring |
Monitoraggio cloud di Google Cloud Platform (tramite Codeless Connector Framework) |
Yes |
Yes |
|
GCPNAT |
NAT di Google Cloud Platform (tramite Codeless Connector Framework) |
Yes |
Yes |
|
GCPNATAudit |
NAT di Google Cloud Platform (tramite Codeless Connector Framework) |
Yes |
Yes |
|
GCPResourceManager |
Google Cloud Platform Resource Manager (tramite Framework connettore senza codice) |
Yes |
Yes |
|
GCPVPCFlow |
Log del flusso VPC GCP Pub/Sub VPC (tramite Framework del connettore senza codice) |
Yes |
Yes |
| GigamonV2_CL |
Connettore GIGamon AMX |
NO |
NO |
| GitHubAuditLogPolling_CL |
[Deprecato] GitHub registro di controllo enterprise |
Yes |
Yes |
| GitHubAuditLogsV2_CL |
GitHub Registro di controllo aziendale (tramite Framework connettore senza codice) |
Yes |
Yes |
| githubscanaudit_CL |
GitHub (con webhook) |
Yes |
Yes |
|
GKEAudit |
Motore di Google Kubernetes (tramite Framework del connettore codeless) |
Yes |
Yes |
|
GoogleCloudSCC |
Google Security Command Center |
Yes |
Yes |
|
GoogleWorkspaceReports |
Attività di Google Workspace (tramite Framework connettore senza codice) |
Yes |
Yes |
| HackerViewLog_AzureV2_CL |
CTM360 HackerView (Serverless) |
NO |
NO |
| HalcyonAuthenticationEvents_CL |
Connettore Halcyon |
Yes |
Yes |
| HalcyonDnsActivity_CL |
Connettore Halcyon |
Yes |
Yes |
| HalcyonFileActivity_CL |
Connettore Halcyon |
Yes |
Yes |
| HalcyonNetworkSession_CL |
Connettore Halcyon |
Yes |
Yes |
| HalcyonProcessEvent_CL |
Connettore Halcyon |
Yes |
Yes |
| Health_Data_CL |
Vectra XDR (tramite Azure Functions) |
Yes |
Yes |
|
IdentityLogonEvents |
Microsoft Defender XDR |
Yes |
Yes |
| Illumio_Auditable_Events_CL |
Illumio SaaS (tramite Azure Functions) |
Yes |
Yes |
| Illumio_Flow_Events_CL |
Illumio SaaS (tramite Azure Functions) |
Yes |
Yes |
| IllumioInsightsSummary_CL |
Riepilogo di Illumio Insights |
NO |
NO |
|
IlumioInsights |
Informazioni dettagliate su Illumio |
Yes |
Yes |
| ImpervaWAFCloud_CL |
Imperva Cloud WAF (usando Azure Functions) |
Yes |
Yes |
| Infoblox_Failed_Indicators_CL |
Infoblox Data Connector tramite l'API REST |
NO |
NO |
| InfobloxInsight_CL |
Infoblox SOC Insight Data Connector tramite l'API REST |
NO |
NO |
| InfoSecAnalytics_CL |
InfoSecGlobal Data Connector |
NO |
NO |
| IntegrationTable_CL |
ESET Protect Platform (tramite Azure Functions) |
Yes |
Yes |
| IntegrationTableIncidents_CL |
ESET Protect Platform (tramite Azure Functions) |
Yes |
Yes |
| iocsent_CL |
Connettore IOC Check Point Cyberint |
NO |
NO |
| Ipinfo_Abuse_CL |
IPinfo Abuse Data Connector |
NO |
NO |
| Ipinfo_ASN_CL |
Connettore dati ASN IPinfo |
NO |
NO |
| Ipinfo_Carrier_CL |
Connettore dati carrier IPinfo |
NO |
NO |
| Ipinfo_Company_CL |
IPinfo Company Data Connector |
NO |
NO |
| Ipinfo_CORE_CL |
IPinfo Core Data Connector |
NO |
NO |
| Ipinfo_Country_CL |
Connettore dati ASN paese IPinfo |
NO |
NO |
| Ipinfo_Domain_CL |
IPinfo Domain Data Connector |
NO |
NO |
| Ipinfo_Location_CL |
IPinfo Iplocation Data Connector |
NO |
NO |
| Ipinfo_Location_extended_CL |
IPinfo Iplocation Extended Data Connector |
NO |
NO |
| Ipinfo_PLUS_CL |
IPinfo Plus Data Connector |
NO |
NO |
| Ipinfo_Privacy_CL |
IPinfo Privacy Data Connector |
NO |
NO |
| Ipinfo_Privacy_extended_CL |
IPinfo Privacy Extended Data Connector |
NO |
NO |
| Ipinfo_RESIDENTIAL_PROXY_CL |
IPinfo ResProxy Data Connector |
NO |
NO |
| Ipinfo_RIRWHOIS_CL |
Connettore dati IPinfo RIRWHOIS |
NO |
NO |
| Ipinfo_RWHOIS_CL |
Connettore dati IPinfo RWHOIS |
NO |
NO |
| Ipinfo_WHOIS_ASN_CL |
IPinfo WHOIS ASN Data Connector |
NO |
NO |
| Ipinfo_WHOIS_MNT_CL |
IPinfo WHOIS MNT Data Connector |
NO |
NO |
| Ipinfo_WHOIS_NET_CL |
IPinfo WHOIS NET Data Connector |
NO |
NO |
| Ipinfo_WHOIS_ORG_CL |
IPinfo WHOIS ORG Data Connector |
NO |
NO |
| Ipinfo_WHOIS_POC_CL |
IPinfo WHOIS POC Data Connector |
NO |
NO |
| Island_Admin_CL |
Island Enterprise Browser Admin Audit (Polling CCP) |
Yes |
Yes |
| Island_User_CL |
Island Enterprise Browser User Activity (Polling CCP) |
Yes |
Yes |
| jamfprotectalerts_CL |
Jamf Protect Push Connector |
Yes |
Yes |
| jamfprotecttelemetryv2_CL |
Jamf Protect Push Connector |
Yes |
Yes |
| jamfprotectunifiedlogs_CL |
Jamf Protect Push Connector |
Yes |
Yes |
| JBossEvent_CL |
Log personalizzati tramite AMA |
NO |
NO |
| Jira_Audit_CL |
Atlassian Jira Audit (utilizzando Azure Functions) |
NO |
NO |
| Jira_Audit_v2_CL |
Controllo di Atlassian Jira (tramite Il framework del connettore codeless) |
Yes |
Yes |
| JuniperIDP_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
| KeeperSecurityEventNewLogs_CL |
Connettore push di Keeper Security |
Yes |
Yes |
| LastPassNativePoller_CL |
LastPass Enterprise - Reporting (Polling CCP) |
NO |
NO |
| LightningAttackPaths_CL |
Semperis Lightning Logs |
NO |
NO |
| LightningIOEResults_CL |
Semperis Lightning Logs |
NO |
NO |
| LightningTier0Nodes_CL |
Semperis Lightning Logs |
NO |
NO |
| Lockdown_Data_CL |
Vectra XDR (tramite Azure Functions) |
Yes |
Yes |
| Lookout_CL |
[DEPRECATO] Ricerca |
NO |
NO |
| LookoutMtdV2_CL |
Lookout Mobile Threat Detection Connector (tramite Codeless Connector Framework) (anteprima) |
Yes |
Yes |
| MailGuard365_Threats_CL |
MailGuard 365 |
Yes |
Yes |
| MailRiskEmails_CL |
MailRisk by Secure Practice (uso di Funzioni di Azure) |
NO |
NO |
| MarkLogicAudit_CL |
Log personalizzati tramite AMA |
NO |
NO |
| McasShadowItReporting |
Microsoft Defender for Cloud Apps |
NO |
NO |
| MDBALogTable_CL |
Log atlas di MongoDB |
Yes |
Yes |
| meraki_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
| MessageTrackingLog_CL |
Microsoft Exchange log di rilevamento dei messaggi
[Deprecato] Microsoft Exchange log ed eventi |
Yes |
Yes |
|
MicrosoftPurviewInformationProtection |
Microsoft Purview Information Protection |
Yes |
Yes |
| MimecastAudit_CL |
Mimecast Audit & Autenticazione (tramite Azure Functions) |
NO |
NO |
| MimecastDLP_CL |
Mimecast Secure Email Gateway (tramite Azure Functions) |
NO |
NO |
| MimecastSIEM_CL |
Mimecast Secure Email Gateway (tramite Azure Functions) |
NO |
NO |
| MimecastTTPAttachment_CL |
Mimecast Targeted Threat Protection (tramite Azure Functions) |
NO |
NO |
| MimecastTTPImpersonation_CL |
Mimecast Targeted Threat Protection (tramite Azure Functions) |
NO |
NO |
| MimecastTTPUrl_CL |
Mimecast Targeted Threat Protection (tramite Azure Functions) |
NO |
NO |
| MongoDBAudit_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
| MuleSoft_Cloudhub_CL |
MuleSoft Cloudhub (tramite Azure Functions) |
NO |
NO |
| NCProtectUAL_CL |
Protezione NC |
NO |
NO |
| net_assets_CL |
Holm Security Asset Data (tramite Azure Functions) |
NO |
NO |
| Netskope_WebTx_metrics_CL |
Netskope Data Connector |
NO |
NO |
| NetskopeAlerts_CL |
Avvisi ed eventi netskope |
Yes |
Yes |
| NetskopeWebtxData_CL |
Netskope Web Transactions Data Connector |
NO |
NO |
| NetskopeWebtxErrors_CL |
Netskope Web Transactions Data Connector |
NO |
NO |
|
NetworkAccessTraffic |
Microsoft Entra ID |
Yes |
Yes |
| NexposeInsightVMCloud_assets_CL |
Report di gestione delle vulnerabilità della piattaforma insight Rapid7 (tramite Azure Functions) |
NO |
NO |
| NexposeInsightVMCloud_vulnerabilities_CL |
Report di gestione delle vulnerabilità della piattaforma insight Rapid7 (tramite Azure Functions) |
NO |
NO |
| NGINX_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
| NordPassEventLogs_CL |
NordPass |
Yes |
Yes |
| ObsidianActivity_CL |
Connettore Obsidian Datasharing |
NO |
NO |
| ObsidianThreat_CL |
Connettore Obsidian Datasharing |
NO |
NO |
| OCI_LogsV2_CL |
Oracle Cloud Infrastructure (tramite Codeless Connector Framework) |
Yes |
Yes |
|
OfficeActivity |
Microsoft 365 (in precedenza Office 365) |
Yes |
Yes |
| Okta_CL |
Okta Single Sign-On (tramite Azure Functions) |
NO |
NO |
| OktaSSO |
Okta Single Sign-On |
NO |
NO |
| Onapsis_Defend_CL |
Onapsis Difendi: Integrare il rilevamento delle minacce SAP senza corrispondenza e Intel con Microsoft Sentinel |
Yes |
Yes |
| OneLoginEventsV2_CL |
OneLogin IAM Platform (tramite Il framework del connettore codeless) |
Yes |
Yes |
| OneLoginUsersV2_CL |
OneLogin IAM Platform (tramite Il framework del connettore codeless) |
Yes |
Yes |
| OnePasswordEventLogs_CL |
1Password (serverless)
1Password (tramite Azure Functions) |
Yes |
Yes |
| OneTrustMetadataV3_CL |
OneTrust |
Yes |
Yes |
| OpenSystemsAuthenticationLogs_CL |
Open Systems Data Connector |
NO |
NO |
| OpenSystemsFirewallLogs_CL |
Open Systems Data Connector |
NO |
NO |
| OpenSystemsProxyLogs_CL |
Open Systems Data Connector |
NO |
NO |
| OpenSystemsZtnaLogs_CL |
Open Systems Data Connector |
NO |
NO |
| OracleWebLogicServer_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
| OrcaAlerts_CL |
Avvisi di sicurezza di Orca |
Yes |
Yes |
| PaloAltoCortexXDR_Alerts_CL |
Palo Alto Cortex XDR |
Yes |
Yes |
| PaloAltoCortexXDR_Audit_Agent_CL |
Palo Alto Cortex XDR |
Yes |
Yes |
| PaloAltoCortexXDR_Audit_Management_CL |
Palo Alto Cortex XDR |
Yes |
Yes |
| PaloAltoCortexXDR_Endpoints_CL |
Palo Alto Cortex XDR |
Yes |
Yes |
| PaloAltoCortexXDR_Incidents_CL |
Palo Alto Cortex XDR |
Yes |
Yes |
| PaloAltoPrismaCloudAlertV2_CL |
Palo Alto Prisma Cloud CSPM (tramite Il framework del connettore codeless) |
Yes |
Yes |
| Perimeter81_CL |
Log attività di Perimeter 81 |
NO |
NO |
| Phosphorus_CL |
Dispositivi di azoto |
NO |
NO |
| PingOne_AuditActivitiesV2_CL |
Ping One (tramite Framework connettore senza codice) |
Yes |
Yes |
| PostgreSQL_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
|
PowerAutomateActivity |
Microsoft Power Automate |
Yes |
Yes |
|
PowerBIActivity |
Microsoft PowerBI |
Yes |
Yes |
|
PowerPlatformAdminActivity |
Microsoft Power Platform'attività di amministrazione |
Yes |
Yes |
| prancer_CL |
Connettore dati DiIntune |
NO |
NO |
| PrismaCloudCompute_CL |
Palo Alto Prisma Cloud CWPP (usando l'API REST) |
Yes |
Yes |
|
ProjectActivity |
Microsoft Project |
Yes |
Yes |
| ProofpointPODMailLog_CL |
Proofpoint On Demand Email Security (tramite la piattaforma del connettore codeless) |
Yes |
Yes |
| ProofpointPODMessage_CL |
Proofpoint On Demand Email Security (tramite la piattaforma del connettore codeless) |
Yes |
Yes |
| ProofPointTAPClicksBlockedV2_CL |
Proofpoint TAP (tramite la piattaforma del connettore codeless) |
Yes |
Yes |
| ProofPointTAPClicksPermittedV2_CL |
Proofpoint TAP (tramite la piattaforma del connettore codeless) |
Yes |
Yes |
| ProofPointTAPMessagesBlockedV2_CL |
Proofpoint TAP (tramite la piattaforma del connettore codeless) |
Yes |
Yes |
| ProofPointTAPMessagesDeliveredV2_CL |
Proofpoint TAP (tramite la piattaforma del connettore codeless) |
Yes |
Yes |
|
PurviewDataSensitivityLogs |
Microsoft Purview |
Yes |
Yes |
| QscoutAppEvents_CL |
QscoutAppEventsConnector (tramite Framework del connettore Codeless) |
NO |
NO |
| QualysHostDetectionV3_CL |
Gestione delle vulnerabilità qualys (tramite Framework connettore senza codice) |
Yes |
Yes |
| QualysKB_CL |
Qualys VM KnowledgeBase (tramite Azure Functions) |
Yes |
Yes |
| RadiflowEvent |
Radiflow iSID tramite AMA |
NO |
NO |
| RSAIDPlus_AdminLogs_CL |
CONNETTORE RSA ID plus Admin Logs |
NO |
NO |
| Rubrik_Anomaly_Data_CL |
Rubrik Security Cloud Data Connector (tramite Azure Functions) |
Yes |
Yes |
| Rubrik_Events_Data_CL |
Rubrik Security Cloud Data Connector (tramite Azure Functions) |
Yes |
Yes |
| Rubrik_Ransomware_Data_CL |
Rubrik Security Cloud Data Connector (tramite Azure Functions) |
Yes |
Yes |
| Rubrik_ThreatHunt_Data_CL |
Rubrik Security Cloud Data Connector (tramite Azure Functions) |
Yes |
Yes |
| SailPointIDN_Events_CL |
SailPoint IdentityNow (tramite Azure Functions) |
Yes |
Yes |
| SailPointIDN_Triggers_CL |
SailPoint IdentityNow (tramite Azure Functions) |
NO |
NO |
| SalesforceServiceCloudV2_CL |
Salesforce Service Cloud (tramite Il framework del connettore senza codice) |
Yes |
Yes |
| Samsung_Knox_Audit_CL |
Samsung Knox Asset Intelligence |
Yes |
Yes |
| SAPBTPAuditLog_CL |
SAP BTP |
Yes |
Yes |
| SAPETDAlerts_CL |
Sap Enterprise Threat Detection, Cloud Edition |
Yes |
Yes |
| SAPETDInvestigations_CL |
Sap Enterprise Threat Detection, Cloud Edition |
Yes |
Yes |
| SAPLogServ_CL |
SAP LogServ (RISE), S/4HANA Cloud Private Edition |
Yes |
Yes |
|
SecurityAlert |
Gestione dei rischi Insider di Microsoft 365
Microsoft Defender XDR
Microsoft Defender per endpoint
Microsoft Defender per identità
Microsoft Defender per IoT
Microsoft Defender for Office 365 (anteprima)
Microsoft Entra ID Protection
Microsoft Defender for Cloud basato su sottoscrizione (legacy)
Microsoft Defender for Cloud |
Yes |
Yes |
| SecurityAlert |
Microsoft Defender for Cloud Apps |
NO |
NO |
| SecurityBridgeLogs_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
|
SecurityEvent |
Pacchetti di caccia di Cyborg Security HUNTER
Registri eventi di sicurezza dei controller di dominio di Microsoft Active-Directory
Eventi di sicurezza tramite agente legacy
eventi Windows Security tramite AMA
[Deprecato] Microsoft Exchange log ed eventi |
Yes |
Yes |
| Incidente di sicurezza |
Derdack SIGNL4
Microsoft Defender XDR |
Yes |
Yes |
| Seg_Cg_CL |
Mimecast Secure Email Gateway |
Yes |
Yes |
| Seg_Dlp_CL |
Mimecast Secure Email Gateway |
Yes |
Yes |
| SentinelOne_CL |
SentinelOne (usando Azure Functions) |
Yes |
Yes |
| SentinelOneActivities_CL |
SentinelOne |
Yes |
Yes |
| SentinelOneAgents_CL |
SentinelOne |
Yes |
Yes |
| SentinelOneAlerts_CL |
SentinelOne |
Yes |
Yes |
| SentinelOneGroups_CL |
SentinelOne |
Yes |
Yes |
| SentinelOneThreats_CL |
SentinelOne |
Yes |
Yes |
| SeraphicWebSecurity_CL |
Sicurezza Web serafica |
NO |
NO |
|
SigninLogs |
Microsoft Entra ID |
Yes |
Yes |
| SlackAuditV2_CL |
SlackAudit (tramite Codeless Connector Framework) |
Yes |
Yes |
| SnowflakeLoad_CL |
Snowflake (tramite Framework del connettore codeless) |
Yes |
Yes |
| SnowflakeLogin_CL |
Snowflake (tramite Framework del connettore codeless) |
Yes |
Yes |
| SnowflakeMaterializedView_CL |
Snowflake (tramite Framework del connettore codeless) |
Yes |
Yes |
| SnowflakeQuery_CL |
Snowflake (tramite Framework del connettore codeless) |
Yes |
Yes |
| SnowflakeRoleGrant_CL |
Snowflake (tramite Framework del connettore codeless) |
Yes |
Yes |
| SnowflakeRoles_CL |
Snowflake (tramite Framework del connettore codeless) |
Yes |
Yes |
| SnowflakeTables_CL |
Snowflake (tramite Framework del connettore codeless) |
Yes |
Yes |
| SnowflakeTableStorageMetrics_CL |
Snowflake (tramite Framework del connettore codeless) |
Yes |
Yes |
| SnowflakeUserGrant_CL |
Snowflake (tramite Framework del connettore codeless) |
Yes |
Yes |
| SnowflakeUsers_CL |
Snowflake (tramite Framework del connettore codeless) |
Yes |
Yes |
| SOCPrimeAuditLogs_CL |
Connettore dati dei log di controllo della piattaforma SOC Prime |
Yes |
Yes |
| Sonrai_Tickets_CL |
Connettore dati Sonrai |
NO |
NO |
| SophosEP_CL |
Sophos Endpoint Protection (tramite Azure Functions) |
Yes |
Yes |
| SophosEPEvents_CL |
Sophos Endpoint Protection (tramite la piattaforma del connettore senza codice) |
Yes |
Yes |
| SquidProxy_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
|
StorageBlobLogs |
Account di archiviazione di Azure |
Yes |
Yes |
|
StorageFileLogs |
Account di archiviazione di Azure |
Yes |
Yes |
|
StorageQueueLogs |
Account di archiviazione di Azure |
Yes |
Yes |
|
StorageTableLogs |
Account di archiviazione di Azure |
Yes |
Yes |
| SymantecICDx_CL |
Symantec Integrated Cyber Defense Exchange |
NO |
NO |
|
Syslog |
CTERA Syslog
Cisco Software Defined WAN
Syslog tramite AMA
Syslog tramite agente legacy |
Yes |
Yes |
| TacitRed_Findings_CL |
Credenzialicompromesse |
NO |
NO |
| Talon_CL |
Talon Insights |
NO |
NO |
| Tenable_VM_Asset_CL |
Gestione delle vulnerabilitàtenibile (tramite Azure Functions) |
Yes |
Yes |
| Tenable_VM_Compliance_CL |
Gestione delle vulnerabilitàtenibile (tramite Azure Functions) |
Yes |
Yes |
| Tenable_VM_Vuln_CL |
Gestione delle vulnerabilitàtenibile (tramite Azure Functions) |
Yes |
Yes |
| Tenable_WAS_Asset_CL |
Gestione delle vulnerabilitàtenibile (tramite Azure Functions) |
Yes |
Yes |
| Tenable_WAS_Vuln_CL |
Gestione delle vulnerabilitàtenibile (tramite Azure Functions) |
Yes |
Yes |
| TheHiveData |
TheHive (tramite Framework connettore senza codice) |
NO |
NO |
| TheomAlerts_CL |
Theom |
NO |
NO |
|
ThreatIntelIndicators |
CrowdStrike Falcon Adversary Intelligence (usando Azure Functions) |
Yes |
NO |
|
ThreatIntelligenceIndicator |
Datalake2Sentinel
GreyNoise Threat Intelligence
JoeSandboxThreatIntelligence (tramite Azure Functions)
Luminar IOCs e credenziali perse (tramite Azure Functions)
MISP2Sentinel
Microsoft Defender Threat Intelligence
Mimecast Intelligence per Microsoft - Microsoft Sentinel (usando Azure Functions)
Premium Microsoft Defender Threat Intelligence
Piattaforme di intelligence sulle minacce
API di caricamento di Intelligence per le minacce (anteprima)
Intelligence sulle minacce - TAXII
VMRayThreatIntelligence (usando Azure Functions) |
Yes |
NO |
| Tomcat_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
| TransmitSecurityActivity_CL |
Transmit Security Connector (tramite Azure Functions) |
NO |
NO |
| TrellixEvents |
Trellix Endpoint Security (tramite Il framework del connettore senza codice) |
NO |
NO |
| TrendMicro_XDR_OAT_CL |
Trend Vision One (usando Azure Functions) |
NO |
NO |
| TrendMicro_XDR_RCA_Result_CL |
Trend Vision One (usando Azure Functions) |
NO |
NO |
| TrendMicro_XDR_RCA_Task_CL |
Trend Vision One (usando Azure Functions) |
NO |
NO |
| TrendMicro_XDR_WORKBENCH_CL |
Trend Vision One (usando Azure Functions) |
NO |
NO |
| Ttp_Attachment_CL |
Mimecast Targeted Threat Protection |
Yes |
Yes |
| Ttp_Impersonation_CL |
Mimecast Targeted Threat Protection |
Yes |
Yes |
| Ttp_Url_CL |
Mimecast Targeted Threat Protection |
Yes |
Yes |
| Ubiquiti_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
| union ASimAuditEventLogs, ASimAuthenticationEventLogs, ASimDhcpEventLogs, ASimDnsActivityLogs, ASimFileEventLogs, ASimNetworkSessionLogs, ASimProcessEventLogs, ASimRegistryEventLogs, ASimUserManagementActivityLogs, ASimWebSessionLogs |
Connettore di integrazione synqly |
NO |
NO |
| union isfuzzy=true (WizAuditLogs_CL),(WizAuditLogsV2_CL) |
Wiz (usando Azure Functions) |
NO |
NO |
| union isfuzzy=true (WizIssues_CL),(WizIssuesV2_CL) |
Wiz (usando Azure Functions) |
NO |
NO |
| union isfuzzy=true (WizVulnerabilities_CL),(WizVulnerabilitiesV2_CL) |
Wiz (usando Azure Functions) |
NO |
NO |
| ValenceAlert_CL |
Sicurezza SaaS |
NO |
NO |
| VaronisAlerts_CL |
Varonis SaaS |
NO |
NO |
| varonisresources_CL |
Connettore push Varonis Purview |
NO |
NO |
| vcenter_CL |
Log personalizzati tramite AMA |
Yes |
Yes |
| VectraStream_CL |
Log personalizzati tramite AMA |
NO |
NO |
| VeeamAuthorizationEvents_CL |
Veeam Data Connector (tramite Azure Functions) |
Yes |
Yes |
| VeeamCovewareFindings_CL |
Veeam Data Connector (tramite Azure Functions) |
Yes |
Yes |
| VeeamMalwareEvents_CL |
Veeam Data Connector (tramite Azure Functions) |
Yes |
Yes |
| VeeamOneTriggeredAlarms_CL |
Veeam Data Connector (tramite Azure Functions) |
Yes |
Yes |
| VeeamSecurityComplianceAnalyzer_CL |
Veeam Data Connector (tramite Azure Functions) |
Yes |
Yes |
| VeeamSessions_CL |
Veeam Data Connector (tramite Azure Functions) |
Yes |
Yes |
| VersasecCmsErrorLogs_CL |
VersasecCms |
NO |
NO |
| VersasecCmsSysLogs_CL |
VersasecCms |
NO |
NO |
|
W3CIISLog |
log IIS dei server di Microsoft Exchange
[Deprecato] Microsoft Exchange log ed eventi |
Yes |
NO |
| web_assets_CL |
Holm Security Asset Data (tramite Azure Functions) |
NO |
NO |
|
WindowsEvent |
Windows Eventi inoltrati |
Yes |
Yes |
| Workplace_Facebook_CL |
Workplace da Facebook (usando Azure Functions) |
NO |
NO |
| WsSecurityEvents_CL |
API WithSecure Elements (funzione Azure) |
Yes |
Yes |
| XbowAssessments_CL |
Piattaforma di sicurezza XBOW (tramite funzione di Azure) |
NO |
NO |
| XbowAssets_CL |
Piattaforma di sicurezza XBOW (tramite funzione di Azure) |
NO |
NO |
| XbowFindings_CL |
Piattaforma di sicurezza XBOW (tramite funzione di Azure) |
NO |
NO |
| ZeroFox_CTI_advanced_dark_web_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_botnet_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_breaches_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_C2_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_compromised_credentials_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_credit_cards_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_dark_web_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_discord_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_disruption_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_email_addresses_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_exploits_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_irc_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_malware_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_national_ids_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_phishing_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_phone_numbers_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_ransomware_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_telegram_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_threat_actors_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFox_CTI_vulnerabilities_CL |
ZeroFox CTI |
NO |
NO |
| ZeroFoxAlertPoller_CL |
ZeroFox Enterprise - Avvisi (CCF di polling) |
Yes |
Yes |
| ZimperiumThreatLog_CL |
Zimperium Mobile Threat Defense |
NO |
NO |
| ZNAudit_CL |
Segmento zero networks (push) |
NO |
NO |
| ZNIdentityActivity_CL |
Segmento zero networks (push) |
NO |
NO |
| ZNNetworkActivity_CL |
Segmento zero networks (push) |
NO |
NO |
| ZNRPCActivity_CL |
Segmento zero networks (push) |
NO |
NO |
| ZNSegmentAuditNativePoller_CL |
Controllo segmento zero reti |
NO |
NO |
| Zoom_CL |
report Zoom (tramite Azure Functions) |
Yes |
Yes |
| ZoomV2_CL |
Connettore report zoom (tramite Framework connettore senza codice) |
NO |
NO |
| ZPA_CL |
Log personalizzati tramite AMA |
Yes |
Yes |