Enginsight Technical Documentation

Apache Software Foundation

Web server logs

System and application logs from macOS

Confluence Cloud

Collaboration platform API logs

Barracuda Networks

CloudGen Firewall

Firewall and network security logs

Barracuda Networks

Email security and filtering logs

Barracuda Networks

Web application firewall logs

Endpoint protection logs

Unified firewall and security logs

Firewall and VPN appliance logs

Switching infrastructure logs

Firepower Threat Defense

Next-generation firewall and intrusion prevention logs

Cloud-managed network and security logs

Application delivery and load balancing logs

Network monitoring and analysis logs

Endpoint protection platform logs

Extreme Networks

ExtremeCloud IQ

Cloud-managed network logs

Web server and reverse proxy logs

Application firewall logs

Firewall and security appliance logs

SIEM event forwarder using CEF format

Management Server

Endpoint protection management logs

API logs from LANCOM cloud-managed infrastructure

Unified Firewall

LANCOM firewall logs

Microsoft 365 Defender

Cloud-based endpoint and identity protection logs

Collaboration and productivity logs (Teams, Outlook, SharePoint, OneDrive, etc.)

System monitoring logs for Windows and Linux

Local Windows system, security, and application logs

Windows Defender

Local antivirus and endpoint protection logs

DNS resolver logs

pfSense/OPNsense

Open-source firewall logs

Palo Alto Networks

Centralized management and firewall logs

Postfix Project

Mail server logs

Firewall, VPN, and web filtering logs

Singularity Platform

Endpoint detection and response logs

Firewall and network security logs

Cloud-managed endpoint and security logs

Firewall, VPN, and web protection logs

Next-generation firewall logs

Web proxy and caching logs

VPN and IPsec logs

Endpoint protection logs

Firewall and security appliance logs

ArcSight Common Event Format

Standardized log format for interoperability

Dynamic Host Configuration Protocol logs

Enginsight Advanced Persistant Threats

YARA-based threat detection logs

Enginsight Common Fields

Shared fields across Enginsight modules

Enginsight Defence

Defensive security telemetry logs

Enginsight File Integrity Management

File monitoring and change detection logs

Enginsight Generic Fields

Normalized log fields across categories

Enginsight Intrusion Detection System

IDS detection and alert logs

Enginsight Loggernaut

Custom log ingestion agent

Enginsight SIEM

Enginsight-native SIEM logs

Enginsight Shield

Endpoint protection and shielding logs

Enginsight Standard Fields

Manually populated fields for custom parsers

Remote syslog relay logs

Generic file-based log ingestion

MITRE ATT&CK framework mapping

Authentication and session logs

Local Linux system and service logs