Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

List of Devices Supported by the Seceon SIEM Tool

Owned by Customer Success & Engineering
Aug 18, 2022
3 min read

Vendor

Product/Family

Supported Features

Model(s)

Supported

Tested in lab***


Firewalls

Cisco
ASA
Configuring Cisco ASA NetflowNetflow v9All8.2(5)
Netflow v5AllNA
Configuring Syslogs from Cisco ASA / Cisco PIXSyslogAll8.2(5)


RemediationNANA
Sourcefire/Firepower
Netflow v9, SyslogAll

AMP
Netflow v9, SyslogAll


Juniper
SRX

Netflow v9All14.1R1.10

Netflow v5AllNA

SyslogAll14.1R1.10

RemediationNANA

Palo Alto
Firewall
How to configure NetFlow on Palo Alto firewallsNetflow v9AllPAN-OS 6.1.0, PAN-OS 6.1.15;PA-5050s, PAN-OS 7.1.0
Netflow v5AllNA
Configuring Syslog monitoring from Palo AltoSyslogAllPAN-OS 6.1.0, PAN-OS 6.1.15;NF V9 ;PA-5050s

RemediationPAN-OS 7.1.0PAN-OS 7.1.0

SonicWall
Firewall
Sonicwall Netflow RedirectionNetflow v9AllNA
Netflow v5All6.2.6.0-20n, 6.2.7.1-23n;NSA 3600;6.2.1.1;6.2.6.0-20n above;HA 6.0.5.2

IPFIXAllNA
Configuring Syslogs from SonicwallSyslogAllNA

Remediation6.2.6.0-20n, 6.2.7.1-23n6.2.6.0-20n, 6.2.7.1-23n

Checkpoint
Firewall
Configuring Netflow from Checkpoint FirewallNetflow v9R77.20 & R77.30R77.20 & R77.30
Netflow v5NANA
Configuring Syslog from Checkpoint FirewallSyslogR77.20 & R77.30R77.20 & R77.30

RemediationManagement Server should be of R80.10 or higher.Management Server:R80.10; Gateway server: R77.30

Sophos
UTM
Netflow configuration from Sophos firewallNetflow v9AllNA
Netflow v5AllNA
Configure Syslog from Sophos firewallSyslogAllSophos UTM 8

RemediationUTM 9.0UTM 9.0

Cisco
Meraki
Data Redirection from Cisco Meraki to the Seceon CCENetflow v9AllCisco Meraki, Mx84, Mx64
Netflow v5AllNA
Data Redirection from Cisco Meraki to the Seceon CCESyslogAllCisco Meraki, Mx84, Mx64

RemediationNANA

Fortinet
Firewall
Configuring Syslog's and NetFlow's from Fortinet/ FortiGate firewallsNetflow v9All240d, 100D
Netflow v5AllNA
/wiki/spaces/KB/pages/196444181SyslogAll240d, 100D

Remediation240d, 100D240d, 100D

Cyberoam
NGFW (Next Gen FireWall)

Netflow v9AllCyberroam Cr50ing, Cyberroam Cr200ing

Netflow v5AllNA

SyslogAllCyberroam Cr50ing, Cyberroam Cr200ing

RemediationNANA

Force Point
NGFW (Next Gen FireWall)

Netflow V9All6.2, 6.3

Netflow v5NANA

SyslogAll6.2

Remediation6.36.3
Switches & Routers
Cisco
Switches/Routers

Exporting Netflow data out of Cisco 3750 to the CCE using the command line

Exporting Netflow data out of Cisco 3850 to the CCE using the command line

Configuring Cisco SG550 Switch

Netflow V9AllCisco Router 2821 ,2911 , 1941 , 1841 SwitchCisco 3560X; 6509E;2960x
Netflow V5AllNA

Juniper
MX

Netflow V9AllMX108 & MX408, 14.1R1.10

Netflow V5NANA

SflowsNANA

Brocade
Switches/Routers

Netflow V9NANA

Netflow V5NANA
Configuring sflow from Brocade SwitchesSflowsAll models that support sflowsNA

Extreme
Switches/Routers

Netflow V9NANA

Netflow V5NANA
Configuring sflow from Extreme SwitchesSflowAll models that support sflowsExtremeOS v12.5.4.5X670V-48t
Windows
Microsoft
Windows
Configuring Windows EventsWindows Logs(Audit Logs/ USB Logs)All models that support NxlogServer 2012
Windows Logs(Audit Logs/ USB Logs)All models that support NxlogProfessional 7, 8, 10

RemediationAllServer 2012
Exchange
Nxlog configuration for MS Exchange server-2010
Windows Logs
All models that support NxlogMS Exchange Server-2010
/wiki/spaces/KB/pages/2457649All models that support NxlogMS Exchange Server-2012
AD
  1. Nxlog Configuration
  2. /wiki/spaces/PP/pages/445612089
Windows Logs(Audit Logs/ USB Logs)
All models that support Nxlog
Server 2012;2008R2


All models that support Nxlog
DNSWindows DNS Nxlog configurationWindows DNS Server LogsAll models that support NxlogServer 2012
DHCPWindows DHCP Nxlog configurationWindows DHCP Server LogsAll models that support NxlogServer 2012
Office 365O365 configuration to forward events to CCEAll activitiesCloud-based (office 365) with the option "Security Extension" enabled as an extension.Cloud-based (office 365)
SQL

Windows MSSQL Nxlog configuration

How to enable audit logs in MySQL server.

Windows database logsAll models that support NxlogMS SQL Server 2014
Azure ADIngesting logs from Azure ADSignIns Logs and directoryAudits LogsCloud-based (office 365)Cloud-based (office 365)
IIS -webserver

Windows IIS Nxlog configuration

Enable logging for the IIS server

windows_iis_logsAll models that support NxlogNA

Linux
SSHConfiguring Linux Server Log Export to the CCESSH LogsAll models that support rsyslogCentOS 7.1 and Ubuntu 16.04 LTS
FTP
FTP LogsAllCentOS 7.1 and Ubuntu 16.04 LTS
DNSLinux DNS Logs ConfigurationDNS LogsAllCentOS 7.1 and Ubuntu 16.04 LTS
DHCP
DHCP LogsAllCentOS 7.1 and Ubuntu 16.04 LTS







Endpoint Security
Trend MicroAnti Virus
LogsAllNA
SymantecAnti Virus
LogsAllNA
CylanceCylance PROTECTConfiguration of Cylance logs to SeceonVirus/Malware detection logs, Recon LogsAllNA
Other
SquidHTTP ProxySquid Proxy server logs configurationProxy LogsAll3.5.20
ApacheWeb ServerLinux Apache Web Server Logs ConfigurationApache LogsAll2.4
Email ExchangeSMTPWindows SMTP Nxlog configurationServer logsAllNA
MySQLMySQL Server
Database logsAllNA
McAfeeMcafee Web Gateway
proxy logsAllNA
McAfeeMcafee SIEM/wiki/spaces/PP/pages/694452233SIEM LogsAllNA
Netscalerweb application
SyslogAllNA
Cloud Service Providers
Microsoft Azure

Activity Logs, NSG LogsAll

AWS

Logs, FlowsAll

Office 365

Activity logs, Alert logsAll

** Our internal testing of flow and/or log processing is done against the listed version. However, flow and log formats don't change from version to version, hence we expect this functionality to work with versions prior and after the listed version. Remediation functionality is supported for those devices only that are tested in the lab.

Note:

For the support of devices that are not in the above list, the Seceon Team can work based on the size of deployment.

Seceon Inc. All rights reserved. https://www.seceon.com