Skip to content

Supported Data Sources

Here you can find the list of products that our FoxTech Defend managed SIEM can ingest, analyse and alert upon.

We’re always extending our support – so if you have any applications, network devices or cloud-based services you need watching that are not listed, get in touch as we can likely add that to our supported list.

Cloud

Logs are generally collected through the Cloud provider’s APIs, or from an S3 or similar storage bucket.

  • AWS ALB
  • AWS Amazon ECR Image scanning
  • AWS Amazon Security Lake
  • AWS CLB
  • AWS CloudTrail
  • AWS CloudWatch Logs
  • AWS Config
  • Aws Eks Authenticator
  • AWS GuardDuty
  • AWS Inspector Classic
  • AWS KMS
  • AWS Macie
  • AWS NLB
  • AWS S3 Server Access logs
  • AWS Trusted Advisor
  • AWS VPC
  • AWS WAF
  • Azure
  • Azure Active Directory
  • Azure Activity Logs
  • GCP Audit Logs
  • GCP DNS Queries
  • GCP Firewall
  • GCP HTTP(S) Load Balancer
  • GCP VPC Flow Logs
  • Office 365

Servers

These are generally monitored through an agent deployed to the server that collects logs in addition to other security related telemetry.

  • Linux
  • Windows
  • MacOS
  • Solaris
  • AIX
  • HP-UK
  • VMWare*

Network

Most network devices provide logs through syslog. As this is usually plain-text, most devices will need to send these to the FoxTech Defend platform over an IPSec site to site tunnel.

  • Cisco Asa
  • Cisco Estreamer
  • Cisco Ftd
  • Cisco Ios
  • Cisco Vpn
  • F5 Big IP
  • Fortiddos
  • Fortigate
  • Hp
  • Huawei Usg
  • Junos
  • Meraki Access Points
  • Meraki Dashboard
  • Meraki Firewalls
  • Meraki Switches
  • Netscaler
  • Netscreen
  • Openvpn
  • Paloalto
  • Pfsense
  • Pix
  • Sonicwall

Security

  • Arbor
  • Arpwatch
  • Auditd
  • Barracuda
  • Checkpoint
  • Checkpoint Smart1
  • Cisco Umbrella
  • Clamav
  • Cloudflare
  • CrashTest Security
  • Cylance
  • Dragon Nids
  • Eset Remote
  • Fireeye
  • Imperva
  • Kaspersky
  • Mailscanner
  • Mcafee
  • Openvas
  • Oscap
  • Ossec
  • Portsentry
  • Qualysguard
  • Rsa Auth Manager
  • Snort
  • Sophos
  • Squid
  • Sudo
  • Suhosin
  • Symantec
  • Trend Osce
  • Zeek

Applications

Application logs are often fetched from local files, or Windows Event Logs via the FoxTech Defend Agent. Cloud based applications usually use the service’s native APIs.

  • Apache
  • Asterisk
  • Courier
  • Dovecot
  • Dropbear
  • Exim
  • Fortiauth
  • Fortimail
  • Freeipa
  • Freepbs
  • Ftpd
  • Github
  • Gitlab
  • Grandstream
  • Horde
  • Identity
  • Imapd
  • Jenkins
  • Mariadb
  • Microsoft Defender
  • Microsoft DHCP
  • Microsoft Exchange
  • Microsoft IIS
  • Microsoft Network Policy Server
  • Microsoft Windows
  • Mongodb
  • MS Exchange
  • Mysql
  • Named
  • Nextcloud
  • Nginx
  • Ntpd
  • Openldap
  • Oracledb
  • Owncloud
  • Perdition
  • Postfix
  • Postgresql
  • Proftpd
  • Puppet
  • Pure Ftpd
  • Racoon
  • Redis
  • Roundcube
  • Rshd
  • Samba
  • Sendmail
  • Serv U
  • Sqlserver
  • Ssh
  • Su
  • Telnet
  • Unbound
  • Vm Pop3
  • Vpopmail
  • Vsftpd
  • Vshell
  • Web Accesslog
  • Wordpress
  • Zeus