References

Apache HTTP Server is the world's most-used open-source web server for delivering static and dynamic web content on Linux, Windows and macOS.

Atlassian Confluence Cloud is a SaaS wiki and collaboration platform for creating, sharing and organising team knowledge.

Barracuda CloudGen Firewall is a next-generation firewall platform that combines advanced threat prevention with SD-WAN traffic optimisation for distributed networks.

Barracuda Email Security Gateway is a dedicated mail-security appliance that filters spam, malware and phishing before messages reach the mail server.

Barracuda Web Application Firewall is a hardware or virtual appliance that shields web applications from OWASP Top 10 attacks, bots and DDoS traffic.

Bitdefender GravityZone is a unified endpoint-protection platform delivering antivirus, EDR and hardening for Windows, macOS and Linux systems.

Cisco ASA is a stateful firewall and VPN appliance family used to protect enterprise networks and remote-access connections.

Cisco Meraki is a cloud-managed networking portfolio covering security appliances, switches and Wi-Fi access points administered via the Meraki Dashboard.

Citrix NetScaler ADC is an application-delivery controller providing load-balancing, SSL VPN and web-application-firewall services.

Consistec Caplon is a network analytics platform that performs deep-packet inspection, SLA monitoring and anomaly detection in real time.

Enginsight APT is a behavioural analytics engine that detects advanced persistent threats across endpoints and network traffic.

Enginsight FIM (File Integrity Monitoring) tracks critical file and registry changes to spot tampering or misuse.

Enginsight IDS is a host-based intrusion-detection system providing signature and anomaly alerts for OS and application activity.

Enginsight Loggernaut is the ingestion and retention service that normalises, parses and stores customer log data.

Enginsight SIEM Incidents are correlated alert records that bundle related events into actionable cases for analysts.

Enginsight Shield is an inline intrusion-prevention system that blocks exploits and anomalies in real time.

ExtremeCloud IQ is Extreme Networks' cloud platform for provisioning, monitoring and securing wired and wireless infrastructure.

F5 BIG-IP ASM (Advanced WAF) is F5's web-application firewall module for the BIG-IP ADC platform, providing signature, behavioural and bot defence.

NGINX is a high-performance open-source web server and reverse proxy used for HTTP, HTTPS, TCP and UDP traffic.

Microsoft Defender for Endpoint is Microsoft's built-in antivirus and EDR solution for Windows, macOS, Linux and mobile.

Microsoft 365 Unified Audit is Microsoft's consolidated log source covering Exchange Online, SharePoint, Teams and Entra ID.

Windows Event Log is the native logging subsystem that records system, security, application and custom provider events.

CEF (Common Event Format) is ArcSight's vendor-neutral log standard that encodes security events as structured key-value pairs.

ESET PROTECT is ESET's central management console for its endpoint-security suite, covering malware defence, firewall and device control.

File ingestion represents plain-text log files imported from disk or network shares-ideal for custom applications or legacy devices.

FortiSIEM is Fortinet's security-information-and-event-management system, providing log aggregation, correlation and automated incident response.

Fortinet FortiGate is a next-generation firewall platform that unifies IPS, web filtering, antivirus, SD-WAN and VPN services.

G DATA Endpoint Security is a multilayered antivirus and behavior-blocking suite for Windows, macOS and Linux desktops and servers.

The "gen" namespace contains vendor-agnostic key names-such as src.ip, dest.port or event.time-used to map equivalent values across all log sources. It acts as the canonical schema layer so searches, correlations and dashboards work no matter where the data originated.

ISC dhcpd is the reference open-source DHCP server for dynamically assigning IPv4/IPv6 addresses and options to clients.

LANCOM Systems routers, WLAN controllers and access points provide secure site-to-site VPN, enterprise Wi-Fi and SD-WAN for SMEs.

LANCOM Management Cloud is a SaaS platform for orchestrating firmware, policies and analytics across LANCOM network devices.

MITRE ATT&CK is a community-driven knowledge base mapping adversary tactics, techniques and procedures for threat modelling.

OpenSSH is the de-facto standard secure-shell implementation for encrypted remote login and file transfer.

Palo Alto Networks Next-Generation Firewall provides Layer-7 traffic control, threat prevention and cloud sandboxing via WildFire.

Postfix is a widely-used open-source SMTP server for sending and receiving e-mail on Unix-like systems.

Relay Log Forwarder denotes any generic syslog relay that forwards messages without altering the original format.

SentinelOne Singularity is an AI-powered endpoint-detection-and-response platform with autonomous remediation.

SonicWall Next-Generation Firewall appliances secure SMB and enterprise networks with IPS, antivirus, and SSL inspection.

Sophos Intercept X and XGS Firewall provide unified endpoint and network security with deep-learning malware detection.

Squid is an open-source forward proxy and web cache supporting HTTP, HTTPS and FTP.

Standard represents generic system or application logs that conform to the SIEM's base schema but lack vendor context.

Syslog is the standard message-logging protocol (RFC 3164/5424) for Unix-like operating systems and network devices.

Microsoft Sysmon is an advanced Windows event provider that records process, network and registry activity for forensics.

Trend Micro Apex One is an endpoint-protection platform combining antivirus, EDR and virtual patching.

Unbound is a validating, recursive and caching DNS resolver focused on privacy and DNSSEC support.

WatchGuard Firebox is a unified threat-management firewall that adds IPS, antivirus and web filtering to edge security.

genua genuscreen (pf) is a German high-assurance firewall that combines stateful packet filtering with IPSec VPN and monitoring.

macOS Unified Logging is Apple's system-wide log framework capturing kernel, system and application telemetry on macOS hosts.

pfSense is an open-source firewall and router OS based on FreeBSD offering stateful packet filtering and VPN services.

strongSwan is an open-source IPSec VPN solution supporting IKE v1/v2 for site-to-site and remote access tunnels.