Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Device Config: List of Devices Supported
Vendor | Product/Family | Device Configuration Links | Supported Features | Model(s) | ||
Supported | Tested in lab*** | |||||
Firewalls | ||||||
Cisco | ASA | Configuring Cisco ASA Netflow | Netflow v9 | All | 8.2(5) | |
| Netflow v5 | All | NA | ||||
| Configuring Syslogs from Cisco ASA / Cisco PIX | Syslog | All | 8.2(5) | |||
| Remediation | NA | NA | ||||
| Sourcefire/Firepower | Netflow v9, Syslog | All | ||||
| AMP | Netflow v9, Syslog | All | ||||
Juniper | SRX | Netflow v9 | All | 14.1R1.10 | ||
| Netflow v5 | All | NA | ||||
| Syslog | All | 14.1R1.10 | ||||
| Remediation | NA | NA | ||||
Palo Alto | Firewall | Palo Alto- Netflow Configuration | Netflow v9 | All | PAN-OS 6.1.0, PAN-OS 6.1.15;PA-5050s, PAN-OS 7.1.0 | |
| Netflow v5 | All | NA | ||||
| Palo Alto Firewall- Syslog Configuration | Syslog | All | PAN-OS 6.1.0, PAN-OS 6.1.15;NF V9 ;PA-5050s | |||
| Remediation | PAN-OS 7.1.0 | PAN-OS 7.1.0 | ||||
SonicWall | Firewall | Sonicwall Netflow Redirection | Netflow v9 | All | NA | |
| Netflow v5 | All | 6.2.6.0-20n, 6.2.7.1-23n;NSA 3600;6.2.1.1;6.2.6.0-20n above;HA 6.0.5.2 | ||||
| IPFIX | All | NA | ||||
| Configuring Syslogs from Sonicwall | Syslog | All | NA | |||
| Remediation | 6.2.6.0-20n, 6.2.7.1-23n | 6.2.6.0-20n, 6.2.7.1-23n | ||||
Checkpoint | Firewall | Configuring Netflows and Syslog from Checkpoint Firewall | Netflow v9 | R77.20 & R77.30 | R77.20 & R77.30 | |
| Netflow v5 | NA | NA | ||||
| Configuring syslogs from Checkpoint | Syslog | R77.20 & R77.30 | R77.20 & R77.30 | |||
| Remediation | Management Server should be of R80.10 or higher. | Management Server:R80.10; Gateway server: R77.30 | ||||
Sophos | UTM | Netflow configuration from Sophos firewall | Netflow v9 | All | NA | |
| Netflow v5 | All | NA | ||||
| Configure syslogs from Sophos firewall | Syslog | All | Sophos UTM 8 | |||
| Remediation | UTM 9.0 | UTM 9.0 | ||||
Cisco | Meraki | Netflow and Syslog Configuration: Cisco Meraki | Netflow v9 | All | Cisco Meraki, Mx84, Mx64 | |
| Netflow v5 | All | NA | ||||
| Netflow and Syslog Configuration: Cisco Meraki | Syslog | All | Cisco Meraki, Mx84, Mx64 | |||
| Remediation | NA | NA | ||||
Fortinet | Firewall | Configuring Syslog's and NetFlow's from Fortinet/ FortiGate firewalls | Netflow v9 | All | 240d, 100D | |
| Netflow v5 | All | NA | ||||
| /wiki/spaces/KB/pages/196444181 | Syslog | All | 240d, 100D | |||
| Remediation | 240d, 100D | 240d, 100D | ||||
Cyberoam | NGFW (Next Gen FireWall) | Netflow v9 | All | Cyberroam Cr50ing, Cyberroam Cr200ing | ||
| Netflow v5 | All | NA | ||||
| Syslog | All | Cyberroam Cr50ing, Cyberroam Cr200ing | ||||
| Remediation | NA | NA | ||||
Force Point | NGFW (Next Gen FireWall) | Netflow V9 | All | 6.2, 6.3 | ||
| Netflow v5 | NA | NA | ||||
| Syslog | All | 6.2 | ||||
| Remediation | 6.3 | 6.3 | ||||
| Gajshield | Netflows | |||||
| Syslogs | ||||||
| Cisco Sourcefire | Netflows | |||||
| Syslogs | ||||||
| Switches & Routers | ||||||
Cisco | Switches/Routers | Exporting Netflow data out of Cisco 3750 to the CCE using command line Exporting Netflow data out of Cisco 3850 to the CCE using command line | Netflow V9 | All | Cisco Router 2821 ,2911 , 1941 , 1841 SwitchCisco 3560X; 6509E;2960x | |
| Netflow V5 | All | NA | ||||
Juniper | MX | Netflow V9 | All | MX108 & MX408, 14.1R1.10 | ||
| Netflow V5 | NA | NA | ||||
| Sflows | NA | NA | ||||
Brocade | Switches/Routers | Netflow V9 | NA | NA | ||
| Netflow V5 | NA | NA | ||||
| Configuring sflow from Brocade Switches | Sflows | All models that support sflows | NA | |||
Extreme | Switches/Routers | Netflow V9 | NA | NA | ||
| Netflow V5 | NA | NA | ||||
| Configuring sflow from Extreme Switches | Sflow | All models that support sflows | ExtremeOS v12.5.4.5X670V-48t | |||
Dell | XSeries 1024 & 1052 | |||||
PowerConnect 3548 | ||||||
Aerohive | SR2224P | |||||
HP | ProCurve 1810G | |||||
| Mikrotik | ||||||
| Windows | ||||||
Microsoft | Windows | Configuring Windows Events | Windows Logs(Audit Logs/ USB Logs) | All models that support Nxlog | Server 2012, Server 2016 | |
| Windows Logs(Audit Logs/ USB Logs) | All models that support Nxlog | Professional 7, 8, 10 | ||||
| Sysmon logs | ||||||
| Remediation | All | Server 2012 | ||||
| Defender | ||||||
Exchange | Nxlog configuration for MS Exchange server-2010 | Windows Logs | All models that support Nxlog | MS Exchange Server-2010 | ||
| /wiki/spaces/KB/pages/2457649 | All models that support Nxlog | MS Exchange Server-2012 | ||||
AD | Windows Logs(Audit Logs/ USB Logs) | All models that support Nxlog | Server 2012;2008R2, Server 2016 | |||
| All models that support Nxlog | ||||||
| DNS | Windows DNS Nxlog configuration | Windows DNS Server Logs | All models that support Nxlog | Server 2012 | ||
| DHCP | Windows DHCP Nxlog configuration | Windows DHCP Server Logs | All models that support Nxlog | Server 2012 | ||
| Office 365 | O365 configuration to forward events to CCE | All activities | Cloud based (office 365) with the option "Security Extension" enabled as an extension. | Cloud based (office 365) | ||
| SQL | Windows database logs | All models that support Nxlog | MS SQL Server 2014 | |||
| Azure AD | /wiki/spaces/PP/pages/704675841 | SignIns Logs and directoryAudits Logs | Cloud based (office 365) | Cloud based (office 365) | ||
| IIS -webserver | windows_iis_logs | All models that support Nxlog | NA | |||
Linux | SSH | /wiki/spaces/~557058cf2fd0496c744606bdf6f01734be3904/pages/360808491 | SSH Logs | All models that support rsyslog | CentOS 7.1 and Ubuntu 16.04 LTS | |
| FTP | FTP Logs | All | CentOS 7.1 and Ubuntu 16.04 LTS | |||
| DNS | Linux DNS Logs Configuration | DNS Logs | All | CentOS 7.1 and Ubuntu 16.04 LTS | ||
| DHCP | DHCP Logs | All | CentOS 7.1 and Ubuntu 16.04 LTS | |||
| Endpoint Security | ||||||
| Trend Micro | Anti Virus | Logs | All | NA | ||
| Symantec | Anti Virus | Logs | All | NA | ||
| Cylance | Cylance PROTECT | Device Config: Cylance - Syslogs Forwarding to Seceon CCE | Virus/Malware detection logs, Recon Logs | All | NA | |
| Sophos | Endpoint Security | |||||
| Endgame | ||||||
| Kaspersky | ||||||
| Cisco AMP | ||||||
| NAC | ||||||
| Genians | Syslogs | All | ||||
| Remediation | All | |||||
| Aria | CSPi | Remediation | All | |||
| Other | ||||||
| Squid | HTTP Proxy | Squid Proxy server logs configuration | Proxy Logs | All | 3.5.20 | |
| Apache | Web Server | Linux Apache Web Server Logs Configuration | Apache Logs | All | 2.4 | |
| Email Exchange | SMTP | Windows SMTP Nxlog configuration | Server logs | All | NA | |
| MySQL | MySQL Server | Database logs | All | NA | ||
| McAfee | Mcafee Web Gateway | proxy logs | All | NA | ||
| McAfee | Mcafee SIEM | /wiki/spaces/PP/pages/694452233 | SIEM Logs | All | NA | |
| Netscaler | web application | Syslog | All | NA | ||
| Oracle | Database | Syslogs | ||||
| PostgreSQL | Database | |||||
| MySQL | Database | |||||
| VMware ESXi | ||||||
| CSPi | ||||||
ForeScout | NAC | |||||
| Cloud service Providers | ||||||
| Microsoft Azure | Activity Logs, NSG Logs | All | ||||
| Azure Government | ||||||
| AWS | Logs, Flows | All | ||||
| Office 365 | Activity logs, Alert logs | All | ||||
| ** Our internal testing of flow and/or log processing is done against the listed version. However, flow and log formats doesn't change from version to version, hence we expect this functionality to work with versions prior and after the listed version. Remediation functionality is supported for those devices only that are tested in lab. | ||||||
Note:
For the support of devices that are not in the above list, the Seceon Team can work based on the size of deployment.
Seceon Inc. All rights reserved. https://www.seceon.com