N/A Data Sources Data Sources

Name Platform Sourcetype Source Supported TA Date
Ivanti VTM Audit N/A ivanti_vtm_audit ivanti_vtm
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/c5d9612b-0ffd-44d3-8247-3cf3486ec5e2/">Bro</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            bro:http:json
        </td>
        <td class="col-3">
            bro:http:json
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/34ad06fc-a296-4ab5-8315-2f07714948e3/">CircleCI</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            circleci
        </td>
        <td class="col-3">
            circleci
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/cbb06880-9dd9-4542-ac60-bd6e5d3c3e4e/">CrowdStrike ProcessRollup2</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            crowdstrike:events:sensor
        </td>
        <td class="col-3">
            crowdstrike
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/8a42ace5-e4c8-4653-80cf-1b8e7e6024ef/">CrushFTP</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            crushftp:sessionlogs
        </td>
        <td class="col-3">
            crushftp
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/5f79120f-a235-4468-bd0d-55203758ac22/">G Suite Drive</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            gsuite:drive:json
        </td>
        <td class="col-3">
            http:gsuite
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/706c3978-41de-406b-b6e0-75bd01e12a5d/">G Suite Gmail</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            gsuite:gmail:bigquery
        </td>
        <td class="col-3">
            http:gsuite
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/cabec7cf-4008-4899-b47e-39c34a9a1255/">Google Workspace login_failure</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            gws:reports:admin
        </td>
        <td class="col-3">
            gws:reports:admin
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/bffe8013-9cdf-4fe6-9c1b-6784391a4951/">Google Workspace login_success</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            gws:reports:admin
        </td>
        <td class="col-3">
            gws:reports:admin
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/12345678-90ab-cdef-1234-567890abcdef/">MS365 Defender Incident Alerts</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            ms365:defender:incident:alerts
        </td>
        <td class="col-3">
            ms365_defender_incident_alerts
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/c716a418-eab3-4df5-9dff-5420174e3068/">Nginx Access</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            nginx:plus:kv
        </td>
        <td class="col-3">
            /var/log/nginx/access.log
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/b32de97d-0074-4cca-853c-db22c392b6c0/">O365</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/ce1d7849-a1d2-47fd-b6eb-d7ef854a860c/">O365 Add app role assignment grant to user.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/785ba57a-ba7b-474e-97c8-9474e6e00b3a/">O365 Add app role assignment to service principal.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/9c0babdb-bb15-449e-abba-0a9cdb3fc061/">O365 Add-MailboxPermission</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/8b949f7c-4b5d-404f-9694-d7403c4ec096/">O365 Add member to role.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/da012cbf-af6e-40ee-a1ba-32a5f8da8f8a/">O365 Add owner to application.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/9c1ef9f5-bc30-4a47-a1bd-cb34484ee778/">O365 Add service principal.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/1029a20d-3d0d-4fb9-b5e2-22ac5380b20a/">O365 Change user license.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/0a15a464-ef51-4614-9a07-a216eb9817db/">O365 Consent to application.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/235381c4-382a-4183-b818-a51c3ce12187/">O365 Disable Strong Authentication.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/3d5188eb-341a-4b46-9caa-aade4047d027/">O365 MailItemsAccessed</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/0a8c1080-68c2-46d7-8324-2e7d97bb6e2f/">O365 ModifyFolderPermissions</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/06c6d576-f032-41e3-b15d-80a434ce13d8/">O365 Set Company Information.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/db798c5c-928c-4972-bb42-e5f90e35865f/">O365 Set-Mailbox</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/62159133-911b-4c63-9e30-a6a8c89195ca/">O365 Update application.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/d40e6a20-4d64-404c-8351-2caae8228d34/">O365 Update authorization policy.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/a05fd01e-34d9-4233-9089-11272416b531/">O365 Update user.</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/ed29c8c4-4053-419c-b133-16abf2a1c4c9/">O365 UserLoggedIn</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/6099b33d-d581-43ed-8401-911862590361/">O365 UserLoginFailed</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            o365:management:activity
        </td>
        <td class="col-3">
            o365
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/ec26febe-e760-4981-bbee-72e107c7b9d2/">Okta</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            OktaIM2:log
        </td>
        <td class="col-3">
            Okta
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/7ec4d7c8-c1d0-423a-9169-261f6adb74c0/">osquery</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            osquery:results
        </td>
        <td class="col-3">
            osquery
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/17890675-61c1-40bd-a88e-6a8e9e246b43/">PingID</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            XmlWinEventLog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/64b245d4-a4d1-4865-a718-c83d3b939f2e/">Suricata</a>
        </td>
        <td class="col-1">
              N/A
        </td>
        <td class="col-2">
            suricata
        </td>
        <td class="col-3">
            suricata
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
</tbody>