Mapping event.dataset to logsource¶
Parsed events often include event.dataset, a string that ties the event to a parser lane. Event lane templates in the LogMan.io Library under Templates/EventLanes/ define logsource (vendor, product, category, service, …). This page shows how event.dataset lines up with those templates and with each template’s stream name.
For vendor, product, category, and service values in correlation rules, see Logsource in correlation rules. Use this page when you start from event.dataset on events and need the matching lane classification.
How to read these tables¶
event.dataset: Value from the parsec enricher / mapping (typically a string literal in parser YAML).Stream: Stream name pattern from the Event Lane template (often a-*suffix for versioned streams).logsource: The template’svendor,product,category, andservicelists, summarized in one column. An em dash (—) means no value was set in the reference snapshot.- Multiple templates can share the same parser prefix (for example Zeek: one
event.datasetvaluezeekwith differentproductper log type). - Dynamic values (
!GET, mapping from JSON fields intoevent.dataset, and similar) are not expanded here.
By event.dataset¶
event.dataset |
Stream (template) | logsource (summary) |
|---|---|---|
DHCP |
microsoft-dhcp-filebeat-v1 |
vendor=microsoft; product=microsoft-dhcp; category=dhcp |
microsoft-dhcp-smartfile-v1 |
vendor=microsoft; product=microsoft-dhcp; category=dhcp | |
alcatel-omniswitch |
alcatel-omniswitch-* |
vendor=alcatel-lucent; product=omniswitch; category=network,switch |
apache-http-server |
apache-http-server-* |
vendor=apache; product=apache-http-server |
apache.error |
nginx |
category=system |
apc-ups |
apc-ups-* |
vendor=apc,schneider-electric; product=apc-ups; category=network,application,scada |
barracuda-security-email-gateway |
barracuda-seg-* |
vendor=barracuda; product=secure-email-gateway; category=email,spam,malware |
bitdefender |
bitdefender-cloud-* |
vendor=bitdefender; product=bitdefender-cloud-security; category=antivirus |
bitdefender-gravityzone-* |
vendor=bitdefender; product=bitdefender-gravityzone; category=antivirus | |
bitdefender-gravity-zone |
bitdefender-gravityzone-* |
vendor=bitdefender; product=bitdefender-gravityzone; category=antivirus |
bluecoat |
broadcom-blue-coat-swg-* |
vendor=bluecoat,symantec,broadcom; category=proxy,network,security |
brocade-switch |
broadcom-brocade-switch-* |
vendor=broadcom; category=switch,network |
brother-mfc |
brother-mfc-* |
vendor=brother; product=brother-mfc; category=printing |
c4 |
c4-v1 |
— |
check-point |
check-point-firewall-* |
vendor=check-point; product=check-point-firewall; category=firewall,network |
cisco-aci |
cisco-aci-* |
vendor=cisco; product=cisco-aci; category=network |
cisco-asa |
cisco-asa-* |
vendor=cisco; product=cisco-asa; category=firewall,network |
cisco-catalyst |
cisco-switch-catalyst-* |
vendor=cisco; product=cisco-catalyst; category=switch,network |
cisco-ftd |
cisco-ftd-* |
vendor=cisco; product=cisco-ftd; category=firewall,network |
cisco-ios |
cisco-ios-* |
vendor=cisco; product=cisco-ios; category=network |
cisco-ise |
cisco-ise-* |
vendor=cisco; product=cisco-ise; category=firewall |
cisco-mds |
cisco-mds-* |
vendor=cisco; product=cisco-mds; category=network |
cisco-meraki |
cisco-meraki-* |
vendor=cisco; product=cisco-meraki; category=network |
cisco-nexus |
cisco-switch-nexus-* |
vendor=cisco; product=cisco-nexus; category=switch,network |
cisco-sda |
cisco-sda-* |
vendor=cisco; product=software-defined-access,dna-center; category=network,access-control,authentication |
cisco-ucs |
cisco-ucs-* |
vendor=cisco; product=cisco-ucs; category=network |
cisco-wlc |
cisco-wlc-* |
vendor=cisco; product=cisco-wlc; category=network,wifi |
citrix |
citrix-netscaler-* |
vendor=citrix; product=netscaler |
dell-ecs |
dell-ecs-* |
vendor=dell; product=elastic-cloud-storage,ecs; category=storage,cloud |
dell-idrac |
dell-idrac-* |
vendor=dell; product=dell-idrac; category=oob |
dell-powervault |
dell-powervault-* |
vendor=dell; product=dell-powervault |
dell-switch |
dell-switch-* |
vendor=dell; category=switch,network |
devolutions |
devolutions-web-server-* |
vendor=devolutions |
eaton-ups |
eaton-ups-* |
vendor=eaton; product=eaton-ups; category=ups |
eset |
eset-protect-* |
vendor=eset; product=eset-protect; category=antivirus |
f5 |
f5-* |
vendor=f5; category=switch,network |
fidelis-endpoint |
fidelis-endpoint-* |
vendor=fidelis; product=fidelis-endpoint; category=endpoint |
fidelis-network |
fidelis-network-* |
vendor=fidelis; product=fidelis-network; category=network |
flowmon-ads |
flowmon-ads-* |
vendor=flowmon; product=flowmon-ads; category=ids,network |
forticems |
fortinet-forticlient-* |
vendor=fortinet; product=forticlient; category=network |
fortigate |
fortinet-fortianalyzer-* |
vendor=fortinet; product=fortianalyzer; category=network |
fortinet-fortigate-* |
vendor=fortinet; product=fortigate; category=firewall,network | |
fortinet-fortiswitch-* |
vendor=fortinet; product=fortiswitch; category=switch,network | |
fortimail |
fortinet-fortimail-* |
vendor=fortinet; product=fortimail; category=email |
fortimanager |
fortinet-fortimanager-* |
vendor=fortinet; product=fortimanager; category=firewall,network |
fortinet-fortiauthenticator |
fortinet-fortiauthenticator-* |
vendor=fortinet; product=fortiauthenticator; category=network |
ftp-filezilla |
filezilla-* |
vendor=filezilla; product=linux; category=application,ftp |
generic |
generic |
— |
ginis |
gordic-ginis-* |
vendor=gordic; category=application |
haproxy |
haproxy-* |
vendor=haproxy; category=network |
helios |
helios-* |
vendor=helios; product=helios; category=application |
hpe-aruba-clearpass |
hpe-aruba-clearpass-* |
vendor=hpe; category=network; service=aaa |
hpe-aruba-iap |
hpe-aruba-iap-* |
vendor=hpe; category=network,wifi; service=aaa |
hpe-aruba-switch |
hpe-aruba-switch-* |
vendor=hpe; category=network,switch |
hpe-ilo |
hpe-ilo-* |
vendor=hpe; category=oob |
hpe-laserjet |
hp-laserjet-* |
vendor=hp; product=hp-laserjet; category=printing |
hpe-primera |
hpe-primera-* |
vendor=hpe; product=hpe-primera; category=storage |
hpe-storeonce |
hpe-storeonce-* |
vendor=hpe; product=hpe-storeonce; category=storage |
ibm-fs |
ibm-fs-* |
vendor=ibm; product=flashsystem; category=storage |
ibm-nas |
ibm-nas-* |
vendor=ibm; product=nas,spectrum-scale,storwize; category=storage,network |
ibm-soar |
ibm-qradar-* |
vendor=ibm; product=ibm-qradar; category=security |
ibm-tape-library |
ibm-tape-library-* |
vendor=ibm; product=ibm-tape-library; category=storage |
icewarp-mailserver |
icewarp-mailserver-* |
vendor=icewarp; product=icewarp-mailserver; category=email |
innovaphone-pbx |
innovaphone-pbx-* |
vendor=innovaphone; product=pbx; category=voip,telephony,communication |
ivanti |
ivanti-security-* |
vendor=ivanti; category=network |
juniper-firewall |
juniper-firewall-* |
vendor=juniper; product=junos,srx-series; category=network,firewall |
juniper-switch |
juniper-switch-ex-* |
vendor=juniper; product=junos,ex-series; category=network,switch |
juniper-switch-qfx-* |
vendor=juniper; product=junos,qfx-series; category=network,switch | |
kerio-connect |
kerio-connect-mailsec-* |
vendor=kerio,gfi; product=kerio-connect; category=email,spam,malware,authentication |
kubernetes |
kubernetes-* |
product=kubernetes; category=containerization |
lenovo-xcc |
lenovo-xcc-* |
vendor=lenovo; category=hardware,system,management |
linux |
linux-rsyslog-* |
product=linux; service=syslog |
linux-syslog-rfc3164-* |
product=linux; service=syslog | |
linux-auditd |
linux-auditd-* |
product=linux; category=audit; service=auditd |
manage-engine-ad-audit-plus |
manageengine-ad-audit-plus-* |
vendor=manageengine; product=manageengine-ad-audit-plus |
manageengine-endpoint |
manageengine-endpoint-* |
vendor=manageengine; product=manageengine-endpoint |
mcafee-webwasher |
mcafee-webwasher-* |
vendor=mcafee; product=mcafee-webwasher; category=proxy |
microsoft-365 |
microsoft-365-messagetrace-v1 |
vendor=microsoft; product=m365; category=email; service=messagetrace |
microsoft-365-v1 |
vendor=microsoft; product=m365 | |
microsoft-ata |
microsoft-ata-* |
vendor=microsoft; product=advanced-threat-analytics; category=authentication,anomaly-detection,intrusion-detection |
microsoft-defender |
microsoft-defender-* |
vendor=microsoft; product=defender,defender-for-endpoint; category=endpoint-security,threat-detection,antivirus |
microsoft-dns-server |
microsoft-dns-filebeat-v1 |
vendor=microsoft; product=microsoft-dns; category=dns |
microsoft-dns-smartfile-v1 |
vendor=microsoft; product=microsoft-dns; category=dns | |
microsoft-exchange |
microsoft-exchange-* |
vendor=microsoft; product=microsoft-exchange; category=email |
microsoft-iis |
microsoft-iis-filebeat-v1 |
vendor=microsoft; product=microsoft-iis; category=webserver |
microsoft-iis-smartfile-v1 |
vendor=microsoft; product=microsoft-iis; category=webserver | |
microsoft-network-policy-server |
microsoft-nps-* |
vendor=microsoft; product=network-policy-server,nps; category=authentication,network,access-control |
microsoft-sharepoint |
microsoft-sharepoint-smartfile-v1 |
vendor=microsoft; product=microsoft-sharepoint; category=sharepoint |
microsoft-sql-server |
microsoft-sql-filebeat-v1 |
vendor=microsoft; product=microsoft-sql; category=database |
microsoft-sql-smartfile-v1 |
vendor=microsoft; product=microsoft-sql; category=database | |
mikrotik |
mikrotik-* |
vendor=mikrotik; category=network |
minolta |
minolta-bizhub-* |
vendor=minolta; product=minolta-bizhub; category=printing |
netapp |
netapp-fas-* |
product=netapp; category=storage |
netapp-storage-* |
product=netapp; category=storage | |
netgear-switch |
netgear-switch-* |
vendor=netgear; product=switch; category=network |
nginx-access-log |
nginx-* |
product=nginx; category=proxy,webserver |
ntopng |
ntopng-* |
product=ntopng; category=network |
openstack |
openstack-* |
vendor=openstack; product=nova; category=cloud,compute,audit |
openvpn |
openvpn-* |
product=openvpn; category=network,vpn |
oracle-cloud |
oracle-cloud-* |
vendor=oracle; product=oracle-cloud; category=cloud |
oracle-listener |
oracle-listener-* |
vendor=oracle; product=oracle-listener; category=database |
oracle-spark |
oracle-spark-* |
vendor=oracle; product=oracle-spark |
palo-alto |
palo-alto-* |
vendor=palo-alto-networks; product=pan-os; category=firewall,network |
pfsense |
pfsense-* |
vendor=netgate; product=pfsense; category=firewall,network |
philips-avw |
philips-avw-* |
vendor=philips,philips-healthcare; product=advanced-visualization-workspace,avw,advanced-visualization-workspace-15; category=application,medical-imaging,healthcare-informatics,network |
pure-storage-nas |
pure-storage-nas |
vendor=purestorage; product=nas; category=storage |
qnap-nas |
qnap-nas-* |
vendor=qnap; product=qnap-nas; category=storage |
samba |
samba-ad-dc-* |
vendor=samba; product=samba-ad-dc; category=network |
sentinelone |
sentinelone-api-* |
vendor=sentinelone; product=sentinelone; category=antivirus,edr |
sentinelone-syslog-* |
vendor=sentinelone; product=sentinelone; category=antivirus,edr | |
siemens-scalance |
siemens-scalance-* |
vendor=siemens; product=siemens-scalance; category=network |
socomec-ups |
socomec-ups-* |
vendor=socomec; product=ups,diris,net-vision; category=power,network,monitoring |
sophos |
sophos-device-standard-format-* |
vendor=sophos; category=firewall,network |
sophos-standard-syslog-protocol-* |
vendor=sophos; category=firewall,network | |
sophos-unstructured-* |
vendor=sophos; category=firewall,network | |
squid-proxy |
squid-proxy-* |
product=squid; category=proxy |
synology-dsm |
synology-dsm-* |
vendor=synology; product=diskstation-manager,dsm; category=storage,network-attached-storage,authentication,file-access |
synology-nas |
synology-nas-* |
vendor=synology; product=synology-nas; category=storage |
syslog |
linux-syslog-rfc5424-* |
product=linux; service=syslog |
syslog-rfc3164-* |
service=syslog | |
syslog-rfc5424-* |
service=syslog | |
system-activity |
activity |
category=system |
system-asab |
asab |
vendor=teskalabs; product=logmanio; category=system |
system-burrow |
burrow |
category=system |
system-clickhouse |
clickhouse |
category=system |
system-elasticsearch |
elasticsearch |
category=system |
system-grafana |
grafana |
category=system |
system-influxdb |
influxdb |
category=system |
system-jupyter |
jupyter |
category=system |
system-kafdrop |
kafdrop |
category=system |
system-kafka |
kafka |
category=system |
system-kibana |
kibana |
category=system |
system-lmio |
lmio |
category=system |
system-mongo |
mongo |
category=system |
system-syslog |
syslog |
category=system |
system-telegraf |
telegraf |
category=system |
system-zookeeper |
zookeeper |
category=system |
system-zoonavigator |
zoonavigator |
category=system |
ubiquiti-unifi |
ubiquiti-unifi-* |
vendor=ubiquiti; product=ubiquiti-unifi; category=network |
veeam-backup-replication |
veeam-backup-replication-* |
vendor=veeam; product=veeam-backup-replication; category=backup |
vmware-esxi |
vmware-esxi-* |
vendor=vmware; product=vmware-esxi; category=virtualization |
vmware-vcenter |
vmware-cloud-director-* |
vendor=vmware; product=vmware-cloud-director; category=virtualization |
vmware-vcenter-* |
vendor=vmware; product=vmware-vcenter; category=virtualization | |
whalebone |
whalebone-* |
vendor=whalebone; category=firewall |
windows-events |
microsoft-windows-events-v1 |
vendor=microsoft; product=windows |
winlogbeat |
vendor=microsoft; product=windows | |
wowza |
wowza-* |
vendor=wowza; product=wowza-streaming-engine |
ysoft-safeq |
ysoft-safeq-* |
vendor=ysoft; product=ysoft-safeq; category=printing |
zabbix |
zabbix-metrics-v1 |
vendor=zabbix; product=zabbix |
zabbix-security-v1 |
vendor=zabbix; product=zabbix; category=security | |
zeek |
zeek-analyzer-* |
vendor=zeek; product=zeek-analyzer; category=intrusion_detection |
zeek-conn-* |
vendor=zeek; product=zeek-conn; category=network,connection | |
zeek-dns-* |
vendor=zeek; product=zeek-dns | |
zeek-files-* |
vendor=zeek; product=zeek-files; category=file | |
zeek-http-* |
vendor=zeek; product=zeek-http; category=network,connection | |
zeek-kerberos-* |
vendor=zeek; product=zeek-kerberos; category=network,connection | |
zeek-ldapsearch-* |
vendor=zeek; product=zeek-ldapsearch; category=network,connection | |
zeek-mqttconnect-* |
vendor=zeek; product=zeek-mqttconnect; category=network,connection | |
zeek-mqttpublish-* |
vendor=zeek; product=zeek-mqttpublish; category=network,connection | |
zeek-ntp-* |
vendor=zeek; product=zeek-ntp; category=network,connection | |
zeek-ocsp-* |
vendor=zeek; product=zeek-ocsp; category=network,connection | |
zeek-pe-* |
vendor=zeek; product=zeek-pe; category=file | |
zeek-quic-* |
vendor=zeek; product=zeek-quic; category=network,connection | |
zeek-radius-* |
vendor=zeek; product=zeek-radius; category=network,connection | |
zeek-sip-* |
vendor=zeek; product=zeek-sip; category=network,connection | |
zeek-smtp-* |
vendor=zeek; product=zeek-smtp; category=network,email | |
zeek-snmp-* |
vendor=zeek; product=zeek-snmp; category=network,connection | |
zeek-ssh-* |
vendor=zeek; product=zeek-ssh; category=network,connection | |
zeek-ssl-* |
vendor=zeek; product=zeek-ssl; category=network,connection | |
zeek-syslog-* |
vendor=zeek; product=zeek-syslog; category=network,connection | |
zeek-tunnel-* |
vendor=zeek; product=zeek-tunnel; category=network,connection | |
zeek-weird-* |
vendor=zeek; product=zeek-weird; category=network,anomaly | |
zeek-x509-* |
vendor=zeek; product=zeek-x509; category=network,connection | |
zyxel-firewall |
zyxel-firewall-* |
vendor=zyxel; product=zyxel-firewall; category=network,firewall |
zyxel-switch |
zyxel-switch-* |
vendor=zyxel; product=zyxel-switch; category=network,switch |
By Event Lane template¶
| Template | Stream | parsec → Parsers/ |
event.dataset (combined) |
logsource (summary) |
|---|---|---|---|---|
APC/apc-ups.yaml |
apc-ups-* |
APC/UPS |
apc-ups |
vendor=apc,schneider-electric; product=apc-ups; category=network,application,scada |
Alcatel-Lucent/alcatel-omniswitch.yaml |
alcatel-omniswitch-* |
Alcatel-Lucent/OmniSwitch |
alcatel-omniswitch |
vendor=alcatel-lucent; product=omniswitch; category=network,switch |
Apache/apache-http-server.yaml |
apache-http-server-* |
Apache/HTTP Server |
apache-http-server |
vendor=apache; product=apache-http-server |
Barracuda/barracuda-seg.yaml |
barracuda-seg-* |
Barracuda/Secure Email Gateway |
barracuda-security-email-gateway |
vendor=barracuda; product=secure-email-gateway; category=email,spam,malware |
Bitdefender/bitdefender-cloud.yaml |
bitdefender-cloud-* |
Bitdefender/Cloud |
bitdefender |
vendor=bitdefender; product=bitdefender-cloud-security; category=antivirus |
Bitdefender/bitdefender-gravityzone.yaml |
bitdefender-gravityzone-* |
Bitdefender/GravityZone |
bitdefender, bitdefender-gravity-zone |
vendor=bitdefender; product=bitdefender-gravityzone; category=antivirus |
Broadcom/broadcom-blue-coat-swg.yaml |
broadcom-blue-coat-swg-* |
Broadcom/Blue Coat SWG |
bluecoat |
vendor=bluecoat,symantec,broadcom; category=proxy,network,security |
Broadcom/broadcom-brocade-switch.yaml |
broadcom-brocade-switch-* |
Broadcom/Brocade Switch |
brocade-switch |
vendor=broadcom; category=switch,network |
Brother/brother-mfc.yaml |
brother-mfc-* |
Brother/MFC-L8690CDW |
brother-mfc |
vendor=brother; product=brother-mfc; category=printing |
C4/c4-v1.yaml |
c4-v1 |
C4 |
c4 |
— |
CEF/cef-common.yaml |
cef-* |
CEF/Common |
— | — |
Check Point/check-point-firewall.yaml |
check-point-firewall-* |
Check Point/Firewall |
check-point |
vendor=check-point; product=check-point-firewall; category=firewall,network |
Cisco/cisco-aci.yaml |
cisco-aci-* |
Cisco/ACI |
cisco-aci |
vendor=cisco; product=cisco-aci; category=network |
Cisco/cisco-asa.yaml |
cisco-asa-* |
Cisco/ASA |
cisco-asa |
vendor=cisco; product=cisco-asa; category=firewall,network |
Cisco/cisco-catalyst.yaml |
cisco-switch-catalyst-* |
Cisco/Catalyst |
cisco-catalyst |
vendor=cisco; product=cisco-catalyst; category=switch,network |
Cisco/cisco-ftd.yaml |
cisco-ftd-* |
Cisco/FTD |
cisco-ftd |
vendor=cisco; product=cisco-ftd; category=firewall,network |
Cisco/cisco-ios.yaml |
cisco-ios-* |
Cisco/IOS |
cisco-ios |
vendor=cisco; product=cisco-ios; category=network |
Cisco/cisco-ise.yaml |
cisco-ise-* |
Cisco/ISE |
cisco-ise |
vendor=cisco; product=cisco-ise; category=firewall |
Cisco/cisco-mds.yaml |
cisco-mds-* |
Cisco/MDS |
cisco-mds |
vendor=cisco; product=cisco-mds; category=network |
Cisco/cisco-meraki.yaml |
cisco-meraki-* |
Cisco/Meraki |
cisco-meraki |
vendor=cisco; product=cisco-meraki; category=network |
Cisco/cisco-sda.yaml |
cisco-sda-* |
Cisco/SDA |
cisco-sda |
vendor=cisco; product=software-defined-access,dna-center; category=network,access-control,authentication |
Cisco/cisco-switch-nexus.yaml |
cisco-switch-nexus-* |
Cisco/Nexus |
cisco-nexus |
vendor=cisco; product=cisco-nexus; category=switch,network |
Cisco/cisco-ucs.yaml |
cisco-ucs-* |
Cisco/UCS |
cisco-ucs |
vendor=cisco; product=cisco-ucs; category=network |
Cisco/cisco-wlc.yaml |
cisco-wlc-* |
Cisco/WLC |
cisco-wlc |
vendor=cisco; product=cisco-wlc; category=network,wifi |
Citrix/citrix.yaml |
citrix-netscaler-* |
Citrix/NetScaler |
citrix |
vendor=citrix; product=netscaler |
Dell/dell-ecs.yaml |
dell-ecs-* |
Dell/ECS |
dell-ecs |
vendor=dell; product=elastic-cloud-storage,ecs; category=storage,cloud |
Dell/dell-idrac.yaml |
dell-idrac-* |
Dell/iDRAC |
dell-idrac |
vendor=dell; product=dell-idrac; category=oob |
Dell/dell-powervault.yaml |
dell-powervault-* |
Dell/PowerVault |
dell-powervault |
vendor=dell; product=dell-powervault |
Dell/dell-switch.yaml |
dell-switch-* |
Dell/Switch |
dell-switch |
vendor=dell; category=switch,network |
Devolutions/devolutions-web-server.yaml |
devolutions-web-server-* |
Devolutions/Web Server |
devolutions |
vendor=devolutions |
ESET/eset-protect.yaml |
eset-protect-* |
ESET/Protect JSON |
eset |
vendor=eset; product=eset-protect; category=antivirus |
Eaton/eaton-ups.yaml |
eaton-ups-* |
Eaton/UPS |
eaton-ups |
vendor=eaton; product=eaton-ups; category=ups |
F5/f5.yaml |
f5-* |
F5 |
f5 |
vendor=f5; category=switch,network |
Fidelis/fidelis-endpoint.yaml |
fidelis-endpoint-* |
Fidelis/Endpoint |
fidelis-endpoint |
vendor=fidelis; product=fidelis-endpoint; category=endpoint |
Fidelis/fidelis-network.yaml |
fidelis-network-* |
Fidelis/Network |
fidelis-network |
vendor=fidelis; product=fidelis-network; category=network |
FileZilla/filezilla.yaml |
filezilla-* |
FileZilla/v1_plus |
ftp-filezilla |
vendor=filezilla; product=linux; category=application,ftp |
Flowmon/flowmon-ads.yaml |
flowmon-ads-* |
Flowmon/ADS |
flowmon-ads |
vendor=flowmon; product=flowmon-ads; category=ids,network |
Fortinet/fortinet-fortianalyzer.yaml |
fortinet-fortianalyzer-* |
Fortinet/FortiAnalyzer |
fortigate |
vendor=fortinet; product=fortianalyzer; category=network |
Fortinet/fortinet-fortiauthenticator.yaml |
fortinet-fortiauthenticator-* |
Fortinet/FortiAuthenticator |
fortinet-fortiauthenticator |
vendor=fortinet; product=fortiauthenticator; category=network |
Fortinet/fortinet-forticlient.yaml |
fortinet-forticlient-* |
Fortinet/FortiClientEMS |
forticems |
vendor=fortinet; product=forticlient; category=network |
Fortinet/fortinet-fortigate.yaml |
fortinet-fortigate-* |
Fortinet/FortiGate |
fortigate |
vendor=fortinet; product=fortigate; category=firewall,network |
Fortinet/fortinet-fortimail.yaml |
fortinet-fortimail-* |
Fortinet/FortiMail |
fortimail |
vendor=fortinet; product=fortimail; category=email |
Fortinet/fortinet-fortimanager.yaml |
fortinet-fortimanager-* |
Fortinet/FortiManager |
fortimanager |
vendor=fortinet; product=fortimanager; category=firewall,network |
Fortinet/fortinet-fortiswitch.yaml |
fortinet-fortiswitch-* |
Fortinet/FortiGate |
fortigate |
vendor=fortinet; product=fortiswitch; category=switch,network |
Generic/generic.yaml |
generic |
Generic |
generic |
— |
Gordic/gordic-ginis.yaml |
gordic-ginis-* |
Gordic/Ginis |
ginis |
vendor=gordic; category=application |
HAProxy/haproxy.yaml |
haproxy-* |
HAProxy |
haproxy |
vendor=haproxy; category=network |
HP/hp-laserjet.yaml |
hp-laserjet-* |
HP/LaserJet/404dn |
hpe-laserjet |
vendor=hp; product=hp-laserjet; category=printing |
HPE/hpe-aruba-clearpass.yaml |
hpe-aruba-clearpass-* |
HPE/Aruba/ClearPass/Device Standard |
hpe-aruba-clearpass |
vendor=hpe; category=network; service=aaa |
HPE/hpe-aruba-iap.yaml |
hpe-aruba-iap-* |
HPE/Aruba/IAP |
hpe-aruba-iap |
vendor=hpe; category=network,wifi; service=aaa |
HPE/hpe-aruba-switch.yaml |
hpe-aruba-switch-* |
HPE/Aruba/Switch |
hpe-aruba-switch |
vendor=hpe; category=network,switch |
HPE/hpe-ilo.yaml |
hpe-ilo-* |
HPE/iLO |
hpe-ilo |
vendor=hpe; category=oob |
HPE/hpe-primera.yaml |
hpe-primera-* |
HPE/Primera |
hpe-primera |
vendor=hpe; product=hpe-primera; category=storage |
HPE/hpe-storeonce.yaml |
hpe-storeonce-* |
HPE/StoreOnce |
hpe-storeonce |
vendor=hpe; product=hpe-storeonce; category=storage |
Helios/helios.yaml |
helios-* |
Helios |
helios |
vendor=helios; product=helios; category=application |
IBM/ibm-fs.yaml |
ibm-fs-* |
IBM/FS |
ibm-fs |
vendor=ibm; product=flashsystem; category=storage |
IBM/ibm-nas.yaml |
ibm-nas-* |
IBM/NAS |
ibm-nas |
vendor=ibm; product=nas,spectrum-scale,storwize; category=storage,network |
IBM/ibm-qradar.yaml |
ibm-qradar-* |
IBM/QRadar |
ibm-soar |
vendor=ibm; product=ibm-qradar; category=security |
IBM/ibm-tape-library.yaml |
ibm-tape-library-* |
IBM/Tape Library |
ibm-tape-library |
vendor=ibm; product=ibm-tape-library; category=storage |
IceWarp/icewarp-mailserver.yaml |
icewarp-mailserver-* |
IceWarp/MailServer |
icewarp-mailserver |
vendor=icewarp; product=icewarp-mailserver; category=email |
Innovaphone/innovaphone-pbx.yaml |
innovaphone-pbx-* |
Innovaphone/PBX |
innovaphone-pbx |
vendor=innovaphone; product=pbx; category=voip,telephony,communication |
Ivanti/ivanti.yaml |
ivanti-security-* |
Ivanti/Syslog |
ivanti |
vendor=ivanti; category=network |
Juniper Networks/juniper-firewall-srx.yaml |
juniper-firewall-* |
Juniper Networks/Firewall |
juniper-firewall |
vendor=juniper; product=junos,srx-series; category=network,firewall |
Juniper Networks/juniper-switch-ex.yaml |
juniper-switch-ex-* |
Juniper Networks/Switch |
juniper-switch |
vendor=juniper; product=junos,ex-series; category=network,switch |
Juniper Networks/juniper-switch-qfx.yaml |
juniper-switch-qfx-* |
Juniper Networks/Switch |
juniper-switch |
vendor=juniper; product=junos,qfx-series; category=network,switch |
KerioConnect/kerio-connect-mailsec.yaml |
kerio-connect-mailsec-* |
KerioConnect/Mail Server Security |
kerio-connect |
vendor=kerio,gfi; product=kerio-connect; category=email,spam,malware,authentication |
Kubernetes/kubernetes.yaml |
kubernetes-* |
Kubernetes |
kubernetes |
product=kubernetes; category=containerization |
Lenovo/lenovo-xclaritycontroller.yaml |
lenovo-xcc-* |
Lenovo/XClarityController |
lenovo-xcc |
vendor=lenovo; category=hardware,system,management |
Linux/linux-auditd.yaml |
linux-auditd-* |
Linux/Auditd |
linux-auditd |
product=linux; category=audit; service=auditd |
Linux/linux-rsyslog.yaml |
linux-rsyslog-* |
Linux/Common |
linux |
product=linux; service=syslog |
Linux/linux-syslog-rfc3164.yaml |
linux-syslog-rfc3164-* |
Linux/Common |
linux |
product=linux; service=syslog |
Linux/linux-syslog-rfc5424.yaml |
linux-syslog-rfc5424-* |
Syslog/RFC5424 |
syslog |
product=linux; service=syslog |
ManageEngine/manageengine-ad-audit-plus.yaml |
manageengine-ad-audit-plus-* |
ManageEngine/AD Audit Plus |
manage-engine-ad-audit-plus |
vendor=manageengine; product=manageengine-ad-audit-plus |
ManageEngine/manageengine-endpoint.yaml |
manageengine-endpoint-* |
ManageEngine/Endpoint |
manageengine-endpoint |
vendor=manageengine; product=manageengine-endpoint |
McAfee/mcafee-webwasher.yaml |
mcafee-webwasher-* |
McAfee/Webwasher |
mcafee-webwasher |
vendor=mcafee; product=mcafee-webwasher; category=proxy |
Microsoft/microsoft-365-messagetrace-v1.yaml |
microsoft-365-messagetrace-v1 |
Microsoft/365-MessageTrace |
microsoft-365 |
vendor=microsoft; product=m365; category=email; service=messagetrace |
Microsoft/microsoft-365-v1.yaml |
microsoft-365-v1 |
Microsoft/365 |
microsoft-365 |
vendor=microsoft; product=m365 |
Microsoft/microsoft-ata.yaml |
microsoft-ata-* |
Microsoft/ATA |
microsoft-ata |
vendor=microsoft; product=advanced-threat-analytics; category=authentication,anomaly-detection,intrusion-detection |
Microsoft/microsoft-defender.yaml |
microsoft-defender-* |
Microsoft/Defender |
microsoft-defender |
vendor=microsoft; product=defender,defender-for-endpoint; category=endpoint-security,threat-detection,antivirus |
Microsoft/microsoft-dhcp-filebeat-v1.yaml |
microsoft-dhcp-filebeat-v1 |
Microsoft/DHCP/Filebeat |
DHCP |
vendor=microsoft; product=microsoft-dhcp; category=dhcp |
Microsoft/microsoft-dhcp-smartfile-v1.yaml |
microsoft-dhcp-smartfile-v1 |
Microsoft/DHCP/Line |
DHCP |
vendor=microsoft; product=microsoft-dhcp; category=dhcp |
Microsoft/microsoft-dns-filebeat-v1.yaml |
microsoft-dns-filebeat-v1 |
Microsoft/DNS/Filebeat |
microsoft-dns-server |
vendor=microsoft; product=microsoft-dns; category=dns |
Microsoft/microsoft-dns-smartfile-v1.yaml |
microsoft-dns-smartfile-v1 |
Microsoft/DNS/Line |
microsoft-dns-server |
vendor=microsoft; product=microsoft-dns; category=dns |
Microsoft/microsoft-exchange-v1.yaml |
microsoft-exchange-* |
Microsoft/Exchange |
microsoft-exchange |
vendor=microsoft; product=microsoft-exchange; category=email |
Microsoft/microsoft-iis-filebeat-v1.yaml |
microsoft-iis-filebeat-v1 |
Microsoft/IIS/Filebeat |
microsoft-iis |
vendor=microsoft; product=microsoft-iis; category=webserver |
Microsoft/microsoft-iis-smartfile-v1.yaml |
microsoft-iis-smartfile-v1 |
Microsoft/IIS/Line |
microsoft-iis |
vendor=microsoft; product=microsoft-iis; category=webserver |
Microsoft/microsoft-nps.yaml |
microsoft-nps-* |
Microsoft/NPS |
microsoft-network-policy-server |
vendor=microsoft; product=network-policy-server,nps; category=authentication,network,access-control |
Microsoft/microsoft-sharepoint-smartfile-v1.yaml |
microsoft-sharepoint-smartfile-v1 |
Microsoft/SharePoint/Line |
microsoft-sharepoint |
vendor=microsoft; product=microsoft-sharepoint; category=sharepoint |
Microsoft/microsoft-sql-filebeat-v1.yaml |
microsoft-sql-filebeat-v1 |
Microsoft/SQL server/Filebeat |
microsoft-sql-server |
vendor=microsoft; product=microsoft-sql; category=database |
Microsoft/microsoft-sql-smartfile-v1.yaml |
microsoft-sql-smartfile-v1 |
Microsoft/SQL server/Line |
microsoft-sql-server |
vendor=microsoft; product=microsoft-sql; category=database |
Microsoft/microsoft-windows-events-wec.yaml |
microsoft-windows-events-v1 |
Microsoft/Windows Event Log |
windows-events |
vendor=microsoft; product=windows |
Microsoft/microsoft-windows-events-winlogbeat.yaml |
winlogbeat |
Elastic/Winlogbeat |
windows-events |
vendor=microsoft; product=windows |
MikroTik/mikrotik.yaml |
mikrotik-* |
MikroTik |
mikrotik |
vendor=mikrotik; category=network |
Minolta/minolta-bizhub.yaml |
minolta-bizhub-* |
Minolta/Bizhub |
minolta |
vendor=minolta; product=minolta-bizhub; category=printing |
NetApp/netapp-fas.yaml |
netapp-fas-* |
NetApp/FAS |
netapp |
product=netapp; category=storage |
NetApp/netapp-storage.yaml |
netapp-storage-* |
NetApp/Storage |
netapp |
product=netapp; category=storage |
Netgear/netgear-switch.yaml |
netgear-switch-* |
Netgear/Switch |
netgear-switch |
vendor=netgear; product=switch; category=network |
Nginx/nginx.yaml |
nginx-* |
Nginx |
nginx-access-log |
product=nginx; category=proxy,webserver |
Ntopng/ntopng.yaml |
ntopng-* |
Ntopng |
ntopng |
product=ntopng; category=network |
OpenStack/openstack.yaml |
openstack-* |
OpenStack/Audit |
openstack |
vendor=openstack; product=nova; category=cloud,compute,audit |
OpenVPN/openvpn.yaml |
openvpn-* |
OpenVPN |
openvpn |
product=openvpn; category=network,vpn |
Oracle/oracle-cloud.yaml |
oracle-cloud-* |
Oracle/Cloud |
oracle-cloud |
vendor=oracle; product=oracle-cloud; category=cloud |
Oracle/oracle-listener.yaml |
oracle-listener-* |
Oracle/Listener |
oracle-listener |
vendor=oracle; product=oracle-listener; category=database |
Oracle/oracle-spark.yaml |
oracle-spark-* |
Oracle/Spark |
oracle-spark |
vendor=oracle; product=oracle-spark |
PaloAlto/paloalto.yaml |
palo-alto-* |
PaloAlto |
palo-alto |
vendor=palo-alto-networks; product=pan-os; category=firewall,network |
PfSense/pfsense.yaml |
pfsense-* |
PfSense |
pfsense |
vendor=netgate; product=pfsense; category=firewall,network |
Philips/philips-avw.yaml |
philips-avw-* |
Philips/AVW |
philips-avw |
vendor=philips,philips-healthcare; product=advanced-visualization-workspace,avw,advanced-visualization-workspace-15; category=application,medical-imaging,healthcare-informatics,network |
Pure Storage/pure-storage-nas.yaml |
pure-storage-nas |
Pure Storage/NAS |
pure-storage-nas |
vendor=purestorage; product=nas; category=storage |
QNAP/qnap-nas.yaml |
qnap-nas-* |
QNAP/NAS |
qnap-nas |
vendor=qnap; product=qnap-nas; category=storage |
Samba/samba-ad-dc.yaml |
samba-ad-dc-* |
Samba |
samba |
vendor=samba; product=samba-ad-dc; category=network |
SentinelONE/sentinelone-api.yaml |
sentinelone-api-* |
SentinelONE/API v2.1 |
sentinelone |
vendor=sentinelone; product=sentinelone; category=antivirus,edr |
SentinelONE/sentinelone-syslog.yaml |
sentinelone-syslog-* |
SentinelONE/Syslog |
sentinelone |
vendor=sentinelone; product=sentinelone; category=antivirus,edr |
Siemens/siemens-scalance.yaml |
siemens-scalance-* |
Siemens/Scalance |
siemens-scalance |
vendor=siemens; product=siemens-scalance; category=network |
Socomec/socomec-ups.yaml |
socomec-ups-* |
Socomec/UPS |
socomec-ups |
vendor=socomec; product=ups,diris,net-vision; category=power,network,monitoring |
Sophos/sophos-device-standard-format.yaml |
sophos-device-standard-format-* |
Sophos/Device Standard Format |
sophos |
vendor=sophos; category=firewall,network |
Sophos/sophos-standard-syslog-protocol.yaml |
sophos-standard-syslog-protocol-* |
Sophos/Standard Syslog Protocol |
sophos |
vendor=sophos; category=firewall,network |
Sophos/sophos-unstructured.yaml |
sophos-unstructured-* |
Sophos/Unstructured Format |
sophos |
vendor=sophos; category=firewall,network |
Squid/squid-proxy.yaml |
squid-proxy-* |
Squid/Proxy |
squid-proxy |
product=squid; category=proxy |
Synology/synology-dsm.yaml |
synology-dsm-* |
Synology/DSM |
synology-dsm |
vendor=synology; product=diskstation-manager,dsm; category=storage,network-attached-storage,authentication,file-access |
Synology/synology-nas.yaml |
synology-nas-* |
Synology/NAS |
synology-nas |
vendor=synology; product=synology-nas; category=storage |
Syslog/syslog-rfc3164.yaml |
syslog-rfc3164-* |
Syslog/RFC3164 |
syslog |
service=syslog |
Syslog/syslog-rfc5424.yaml |
syslog-rfc5424-* |
Syslog/RFC5424 |
syslog |
service=syslog |
System/activity.yaml |
activity |
System/activity |
system-activity |
category=system |
System/asab.yaml |
asab |
System/asab |
system-asab |
vendor=teskalabs; product=logmanio; category=system |
System/burrow.yaml |
burrow |
System/burrow |
system-burrow |
category=system |
System/clickhouse.yaml |
clickhouse |
System/clickhouse |
system-clickhouse |
category=system |
System/elasticsearch.yaml |
elasticsearch |
System/elasticsearch |
system-elasticsearch |
category=system |
System/grafana.yaml |
grafana |
System/grafana |
system-grafana |
category=system |
System/influxdb.yaml |
influxdb |
System/influxdb |
system-influxdb |
category=system |
System/jupyter.yaml |
jupyter |
System/jupyter |
system-jupyter |
category=system |
System/kafdrop.yaml |
kafdrop |
System/kafdrop |
system-kafdrop |
category=system |
System/kafka.yaml |
kafka |
System/kafka |
system-kafka |
category=system |
System/kibana.yaml |
kibana |
System/kibana |
system-kibana |
category=system |
System/lmio.yaml |
lmio |
System/lmio |
system-lmio |
category=system |
System/mongo.yaml |
mongo |
System/mongo |
system-mongo |
category=system |
System/nginx.yaml |
nginx |
System/nginx |
apache.error |
category=system |
System/syslog.yaml |
syslog |
System/syslog |
system-syslog |
category=system |
System/telegraf.yaml |
telegraf |
System/telegraf |
system-telegraf |
category=system |
System/zookeeper.yaml |
zookeeper |
System/zookeeper |
system-zookeeper |
category=system |
System/zoonavigator.yaml |
zoonavigator |
System/zoonavigator |
system-zoonavigator |
category=system |
Ubiquiti/ubiquiti-unifi.yaml |
ubiquiti-unifi-* |
Ubiquiti/UniFi Controller |
ubiquiti-unifi |
vendor=ubiquiti; product=ubiquiti-unifi; category=network |
VMware/vmware-esxi.yaml |
vmware-esxi-* |
VMware/ESXi |
vmware-esxi |
vendor=vmware; product=vmware-esxi; category=virtualization |
VMware/vmware-vcenter.yaml |
vmware-vcenter-* |
VMware/vCenter |
vmware-vcenter |
vendor=vmware; product=vmware-vcenter; category=virtualization |
VMware/vmware-vcloud-director.yaml |
vmware-cloud-director-* |
VMware/vCenter |
vmware-vcenter |
vendor=vmware; product=vmware-cloud-director; category=virtualization |
Veeam/veeam-backup-replication.yaml |
veeam-backup-replication-* |
Veeam/Backup-Replication |
veeam-backup-replication |
vendor=veeam; product=veeam-backup-replication; category=backup |
Whalebone/whalebone.yaml |
whalebone-* |
Whalebone/Syslog |
whalebone |
vendor=whalebone; category=firewall |
Wowza/wowza.yaml |
wowza-* |
Wowza |
wowza |
vendor=wowza; product=wowza-streaming-engine |
Zabbix/zabbix-metrics-v1.yaml |
zabbix-metrics-v1 |
Zabbix/Metrics |
zabbix |
vendor=zabbix; product=zabbix |
Zabbix/zabbix-security-v1.yaml |
zabbix-security-v1 |
Zabbix/Security |
zabbix |
vendor=zabbix; product=zabbix; category=security |
Zeek/zeek-analyzer.yaml |
zeek-analyzer-* |
Zeek |
zeek |
vendor=zeek; product=zeek-analyzer; category=intrusion_detection |
Zeek/zeek-conn.yaml |
zeek-conn-* |
Zeek |
zeek |
vendor=zeek; product=zeek-conn; category=network,connection |
Zeek/zeek-dns.yaml |
zeek-dns-* |
Zeek |
zeek |
vendor=zeek; product=zeek-dns |
Zeek/zeek-files.yaml |
zeek-files-* |
Zeek |
zeek |
vendor=zeek; product=zeek-files; category=file |
Zeek/zeek-http.yaml |
zeek-http-* |
Zeek |
zeek |
vendor=zeek; product=zeek-http; category=network,connection |
Zeek/zeek-kerberos.yaml |
zeek-kerberos-* |
Zeek |
zeek |
vendor=zeek; product=zeek-kerberos; category=network,connection |
Zeek/zeek-ldapsearch.yaml |
zeek-ldapsearch-* |
Zeek |
zeek |
vendor=zeek; product=zeek-ldapsearch; category=network,connection |
Zeek/zeek-mqttconnect.yaml |
zeek-mqttconnect-* |
Zeek |
zeek |
vendor=zeek; product=zeek-mqttconnect; category=network,connection |
Zeek/zeek-mqttpublish.yaml |
zeek-mqttpublish-* |
Zeek |
zeek |
vendor=zeek; product=zeek-mqttpublish; category=network,connection |
Zeek/zeek-ntp.yaml |
zeek-ntp-* |
Zeek |
zeek |
vendor=zeek; product=zeek-ntp; category=network,connection |
Zeek/zeek-ocsp.yaml |
zeek-ocsp-* |
Zeek |
zeek |
vendor=zeek; product=zeek-ocsp; category=network,connection |
Zeek/zeek-pe.yaml |
zeek-pe-* |
Zeek |
zeek |
vendor=zeek; product=zeek-pe; category=file |
Zeek/zeek-quic.yaml |
zeek-quic-* |
Zeek |
zeek |
vendor=zeek; product=zeek-quic; category=network,connection |
Zeek/zeek-radius.yaml |
zeek-radius-* |
Zeek |
zeek |
vendor=zeek; product=zeek-radius; category=network,connection |
Zeek/zeek-sip.yaml |
zeek-sip-* |
Zeek |
zeek |
vendor=zeek; product=zeek-sip; category=network,connection |
Zeek/zeek-smtp.yaml |
zeek-smtp-* |
Zeek |
zeek |
vendor=zeek; product=zeek-smtp; category=network,email |
Zeek/zeek-snmp.yaml |
zeek-snmp-* |
Zeek |
zeek |
vendor=zeek; product=zeek-snmp; category=network,connection |
Zeek/zeek-ssh.yaml |
zeek-ssh-* |
Zeek |
zeek |
vendor=zeek; product=zeek-ssh; category=network,connection |
Zeek/zeek-ssl.yaml |
zeek-ssl-* |
Zeek |
zeek |
vendor=zeek; product=zeek-ssl; category=network,connection |
Zeek/zeek-syslog.yaml |
zeek-syslog-* |
Zeek |
zeek |
vendor=zeek; product=zeek-syslog; category=network,connection |
Zeek/zeek-tunnel.yaml |
zeek-tunnel-* |
Zeek |
zeek |
vendor=zeek; product=zeek-tunnel; category=network,connection |
Zeek/zeek-weird.yaml |
zeek-weird-* |
Zeek |
zeek |
vendor=zeek; product=zeek-weird; category=network,anomaly |
Zeek/zeek-x509.yaml |
zeek-x509-* |
Zeek |
zeek |
vendor=zeek; product=zeek-x509; category=network,connection |
ZyXEL/zyxel-firewall.yaml |
zyxel-firewall-* |
ZyXEL/Firewall |
zyxel-firewall |
vendor=zyxel; product=zyxel-firewall; category=network,firewall |
ZyXEL/zyxel-switch.yaml |
zyxel-switch-* |
ZyXEL/Switch |
zyxel-switch |
vendor=zyxel; product=zyxel-switch; category=network,switch |
ySoft/ysoft-safeq.yaml |
ysoft-safeq-* |
YSoft/SafeQ |
ysoft-safeq |
vendor=ysoft; product=ysoft-safeq; category=printing |
Coverage¶
In the snapshot used for this matrix there are 175 Event Lane templates and 134 distinct event.dataset values from string literals in parser YAML (matched by parsec.name prefix to paths under Parsers/). 1 of those templates had no matching literal under the expected parser path.