Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
List of Devices Supported by the Seceon SIEM Tool
Vendor | Product/Family | Device Configuration Links | Supported Features | Model(s) | ||
Supported | Tested in lab*** | |||||
Firewalls | ||||||
Cisco | ASA | Configuring Cisco ASA Netflow | Netflow v9 | All | 8.2(5) | |
Netflow v5 | All | NA | ||||
Configuring Syslogs from Cisco ASA / Cisco PIX | Syslog | All | 8.2(5) | |||
Remediation | NA | NA | ||||
Sourcefire/Firepower | Netflow v9, Syslog | All | ||||
AMP | Netflow v9, Syslog | All | ||||
Juniper | SRX | Netflow v9 | All | 14.1R1.10 | ||
Netflow v5 | All | NA | ||||
Syslog | All | 14.1R1.10 | ||||
Remediation | NA | NA | ||||
Palo Alto | Firewall | How to configure NetFlow on Palo Alto firewalls | Netflow v9 | All | PAN-OS 6.1.0, PAN-OS 6.1.15;PA-5050s, PAN-OS 7.1.0 | |
Netflow v5 | All | NA | ||||
Configuring Syslog monitoring from Palo Alto | Syslog | All | PAN-OS 6.1.0, PAN-OS 6.1.15;NF V9 ;PA-5050s | |||
Remediation | PAN-OS 7.1.0 | PAN-OS 7.1.0 | ||||
SonicWall | Firewall | Sonicwall Netflow Redirection | Netflow v9 | All | NA | |
Netflow v5 | All | 6.2.6.0-20n, 6.2.7.1-23n;NSA 3600;6.2.1.1;6.2.6.0-20n above;HA 6.0.5.2 | ||||
IPFIX | All | NA | ||||
Configuring Syslogs from Sonicwall | Syslog | All | NA | |||
Remediation | 6.2.6.0-20n, 6.2.7.1-23n | 6.2.6.0-20n, 6.2.7.1-23n | ||||
Checkpoint | Firewall | Configuring Netflow from Checkpoint Firewall | Netflow v9 | R77.20 & R77.30 | R77.20 & R77.30 | |
Netflow v5 | NA | NA | ||||
Configuring Syslog from Checkpoint Firewall | Syslog | R77.20 & R77.30 | R77.20 & R77.30 | |||
Remediation | Management Server should be of R80.10 or higher. | Management Server:R80.10; Gateway server: R77.30 | ||||
Sophos | UTM | Netflow configuration from Sophos firewall | Netflow v9 | All | NA | |
Netflow v5 | All | NA | ||||
Configure Syslog from Sophos firewall | Syslog | All | Sophos UTM 8 | |||
Remediation | UTM 9.0 | UTM 9.0 | ||||
Cisco | Meraki | Data Redirection from Cisco Meraki to the Seceon CCE | Netflow v9 | All | Cisco Meraki, Mx84, Mx64 | |
Netflow v5 | All | NA | ||||
Data Redirection from Cisco Meraki to the Seceon CCE | Syslog | All | Cisco Meraki, Mx84, Mx64 | |||
Remediation | NA | NA | ||||
Fortinet | Firewall | Configuring Syslog's and NetFlow's from Fortinet/ FortiGate firewalls | Netflow v9 | All | 240d, 100D | |
Netflow v5 | All | NA | ||||
/wiki/spaces/KB/pages/196444181 | Syslog | All | 240d, 100D | |||
Remediation | 240d, 100D | 240d, 100D | ||||
Cyberoam | NGFW (Next Gen FireWall) | Netflow v9 | All | Cyberroam Cr50ing, Cyberroam Cr200ing | ||
Netflow v5 | All | NA | ||||
Syslog | All | Cyberroam Cr50ing, Cyberroam Cr200ing | ||||
Remediation | NA | NA | ||||
Force Point | NGFW (Next Gen FireWall) | Netflow V9 | All | 6.2, 6.3 | ||
Netflow v5 | NA | NA | ||||
Syslog | All | 6.2 | ||||
Remediation | 6.3 | 6.3 | ||||
Switches & Routers | ||||||
Cisco | Switches/Routers | Exporting Netflow data out of Cisco 3750 to the CCE using the command line Exporting Netflow data out of Cisco 3850 to the CCE using the command line | Netflow V9 | All | Cisco Router 2821 ,2911 , 1941 , 1841 SwitchCisco 3560X; 6509E;2960x | |
Netflow V5 | All | NA | ||||
Juniper | MX | Netflow V9 | All | MX108 & MX408, 14.1R1.10 | ||
Netflow V5 | NA | NA | ||||
Sflows | NA | NA | ||||
Brocade | Switches/Routers | Netflow V9 | NA | NA | ||
Netflow V5 | NA | NA | ||||
Configuring sflow from Brocade Switches | Sflows | All models that support sflows | NA | |||
Extreme | Switches/Routers | Netflow V9 | NA | NA | ||
Netflow V5 | NA | NA | ||||
Configuring sflow from Extreme Switches | Sflow | All models that support sflows | ExtremeOS v12.5.4.5X670V-48t | |||
Windows | ||||||
Microsoft | Windows | Configuring Windows Events | Windows Logs(Audit Logs/ USB Logs) | All models that support Nxlog | Server 2012 | |
Windows Logs(Audit Logs/ USB Logs) | All models that support Nxlog | Professional 7, 8, 10 | ||||
Remediation | All | Server 2012 | ||||
Exchange | Nxlog configuration for MS Exchange server-2010 | Windows Logs | All models that support Nxlog | MS Exchange Server-2010 | ||
/wiki/spaces/KB/pages/2457649 | All models that support Nxlog | MS Exchange Server-2012 | ||||
AD | Windows Logs(Audit Logs/ USB Logs) | All models that support Nxlog | Server 2012;2008R2 | |||
All models that support Nxlog | ||||||
DNS | Windows DNS Nxlog configuration | Windows DNS Server Logs | All models that support Nxlog | Server 2012 | ||
DHCP | Windows DHCP Nxlog configuration | Windows DHCP Server Logs | All models that support Nxlog | Server 2012 | ||
Office 365 | O365 configuration to forward events to CCE | All activities | Cloud-based (office 365) with the option "Security Extension" enabled as an extension. | Cloud-based (office 365) | ||
SQL | Windows database logs | All models that support Nxlog | MS SQL Server 2014 | |||
Azure AD | Ingesting logs from Azure AD | SignIns Logs and directoryAudits Logs | Cloud-based (office 365) | Cloud-based (office 365) | ||
IIS -webserver | windows_iis_logs | All models that support Nxlog | NA | |||
Linux | SSH | Configuring Linux Server Log Export to the CCE | SSH Logs | All models that support rsyslog | CentOS 7.1 and Ubuntu 16.04 LTS | |
FTP | FTP Logs | All | CentOS 7.1 and Ubuntu 16.04 LTS | |||
DNS | Linux DNS Logs Configuration | DNS Logs | All | CentOS 7.1 and Ubuntu 16.04 LTS | ||
DHCP | DHCP Logs | All | CentOS 7.1 and Ubuntu 16.04 LTS | |||
Endpoint Security | ||||||
Trend Micro | Anti Virus | Logs | All | NA | ||
Symantec | Anti Virus | Logs | All | NA | ||
Cylance | Cylance PROTECT | Configuration of Cylance logs to Seceon | Virus/Malware detection logs, Recon Logs | All | NA | |
Other | ||||||
Squid | HTTP Proxy | Squid Proxy server logs configuration | Proxy Logs | All | 3.5.20 | |
Apache | Web Server | Linux Apache Web Server Logs Configuration | Apache Logs | All | 2.4 | |
Email Exchange | SMTP | Windows SMTP Nxlog configuration | Server logs | All | NA | |
MySQL | MySQL Server | Database logs | All | NA | ||
McAfee | Mcafee Web Gateway | proxy logs | All | NA | ||
McAfee | Mcafee SIEM | /wiki/spaces/PP/pages/694452233 | SIEM Logs | All | NA | |
Netscaler | web application | Syslog | All | NA | ||
Cloud Service Providers | ||||||
Microsoft Azure | Activity Logs, NSG Logs | All | ||||
AWS | Logs, Flows | All | ||||
Office 365 | Activity logs, Alert logs | All | ||||
** Our internal testing of flow and/or log processing is done against the listed version. However, flow and log formats don't change from version to version, hence we expect this functionality to work with versions prior and after the listed version. Remediation functionality is supported for those devices only that are tested in the lab. | ||||||
Note:
For the support of devices that are not in the above list, the Seceon Team can work based on the size of deployment.
Seceon Inc. All rights reserved. https://www.seceon.com