Professional Documents
Culture Documents
McAfee Siem Supported Devices
McAfee Siem Supported Devices
McAfee Siem Supported Devices
Vendor
A10 Networks
Accellion
Access Layers
Name
Version(s)
Supported
Parser
Method of
Collection
ESM Version
All
All
2.x
All
All
All
All
ASP
ASP
ASP
ASP
ASP
ASP
ASP
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
All
ASP
Syslog
All
ASP
Syslog
1.x, 2.x
Code Based
Syslog
1.x, 2.x
ASP
Syslog
Carbon Black
Load Balancer
Application
NAC
Wireless Access Point
Network Switches & Routers
Application
Switch
Applications / Host / Server /
Operating Systems / Web Content /
Filtering / Proxies
Power Supplies
Applications / Host / Server /
Operating Systems / Web Content /
Filtering / Proxies
Applications / Host / Server /
Operating Systems / Web Content /
Filtering / Proxies
Applications / Host / Server /
Operating Systems / Web Content /
Filtering / Proxies
Network Switches & Routers
Network Switches & Routers
Network Switches & Routers
Network Switches & Routers
IDS/IPS
Event Format
Wireless Access Point
Wireless Access Point
IAM / IDM
Applications / Host / Server /
Operating Systems / Web Content /
Filtering / Proxies
Security Appliances / UTMs
Security Appliances / UTMs
Security Appliances / UTMs
Vulnerability Systems
Vulnerability Systems
Application
Application
Web Content / Filtering / Proxies
Web Content / Filtering / Proxies
Application
Application
Firewall
Application
NAC / Network Switches & Routers
Network Switches & Routers
NAC / Network Switches & Routers
Network Switches & Routers
DLP
Web Access
IDS / IPS
Cerner
Cerner P2 Sentinel
Healthcare Auditing
All
Code Based
Check Point
Firewall
Firewall
All
All
ASP
ASP
Cimcor
Configuration Management
All
Code Based
ASA NSEL
Firewall / Flow
Host / Server / Operating Systems /
Network Switches & Routers
Other
Host / Server / Operating Systems /
IDS / IPS
IDS / IPS
Other
IDS / IPS
IDS / IPS / Network Switches &
Routers
Network Switches & Routers
IDS / IPS / Network Switches &
Routers
All
Netflow
Syslog
Syslog
Syslog
N/A
N/A
Syslog
Syslog
Syslog
Syslog
SQL
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
McAfee Event
Format
OPSEC
Syslog
McAfee Event
Format
Netflow
6.x, 7.x
ASP
Syslog
All
ASP
Syslog
5.x, 6.x
Code Based
SQL
All
All
4.x and above
ASP
ASP
SDEE
Syslog
Syslog
ASP
Syslog
All
6.x, 7.x
6.x, 7.x
All
All
4.x
SDEE
ASP
ASP
ASP
ASP
Code Based
Syslog
Syslog
Syslog
Syslog
HTTP
4.x, 5.x
ASP
Syslog
All
ASP
Syslog
Adtran
AirTight Networks
Alcatel-Lucent
American Power Conversion
Device Type
VitalQIP (ASP)
Uninterruptible Power Supply (ASP)
Apache HTTP Server
Mac OS X (ASP)
Avecto
Peakflow SP
Peakflow SP (ASP)
Peakflow X
Peakflow X (ASP)
Pravail (ASP)
Common Event Format (ASP)
Aruba OS
ClearPass (ASP)
Privilege Guard (ePO)
Axway
SecureTransport (ASP)
Arbor Networks
ArcSight
Aruba
Barracuda Networks
BeyondTrust
Bit9
Blue Coat
Blue Lance, Inc.
Blue Martini Software
Blue Ridge Networks
BlueCat Networks
Bradford Networks
Brocade
CA Technologies
Cisco
All
ASP
Syslog
2.x
2.x and above
2.x
All
All
All
N/A
5.x
3.x
Code Based
ASP
Code Based
ASP
ASP
ASP
Code Based
ASP
ASP
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
ePO - SQL
All
ASP
Syslog
3.x, 4.x
All
All
All
All
All
All
All
4.x-6.x
9.x
6.5
5000, 6000
All
All
7.5 and above
All
All
All
All
All
ASP
ASP
ASP
N/A
N/A
ASP
ASP
ASP
ASP
Code Based
Code Based
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
Cisco
Vendor
Name
PIX IDS
PIX/ASA/FWSM (ASP)
Secure ACS (ASP)
Unified Communications (ASP)
Unified Computing System (ASP)
VSM/VPN Concentrator
WAAS (ASP)
Citrix
Cluster Labs
Code Green
Cooper Power Systems
Corero
Critical Watch
CyberArk
CyberGuard
Cyberoam
Cyrus
D-Link
Damballa
Dell
DG Technology - InfoSec
Digital Defense
Econet
EdgeWave
Enforcive
Enterasys Networks
Entrust
Extreme Networks
F5 Networks
WAP200 (ASP)
Wireless Control System (ASP)
Wireless Lan Controller (ASP)
NetScaler (AppFlow)
NetScaler (ASP)
Secure Gateway (ASP)
Pacemaker (ASP)
Data Loss Prevention (ASP)
Cybectec RTU (ASP)
Yukon IED Manager Suite (ASP)
Corero IPS (ASP)
Critical Watch FusionVM
Enterprise Password Vault (ASP)
Privileged Identity Management Suite - CEF
(ASP)
CyberGuard
Cyberoam UTM and NGFW
Cyrus IMAP & SASL (ASP)
NetDefend UTM Firewall (ASP)
Failsafe (ASP)
PowerConnect Switches (ASP)
Mainframe Event Acquisition System (ASP)
Digital Defense Frontline
Sentinel IPS (ASP)
iPrism Web Security (ASP)
System z SMF DB2 (ASP)
Dragon Sensor
Dragon Squire
Enterasys N and S Switches (ASP)
Enterasys Network Access Control (ASP)
IdentityGuard (ASP)
ExtremeWare XOS (ASP)
BIG-IP Access Policy Manager (ASP)
BIG-IP Application Security Manager - CEF
(ASP)
Firepass SSL VPN (ASP)
Local Traffic Manager - LTM (ASP)
Device Type
IDS / IPS / Network Switches &
Routers
Firewall / IDS / IPS
IDS / IPS
Applications
Applications / Host / Server /
Operating Systems / Web Content /
Filtering / Proxies
Virtual Private Network
Applications / Host / Server /
Operating Systems / Web Content /
Filtering / Proxies
Wireless Access Point
Network Switches & Routers
Network Switches & Routers
Flow
Web Content / Filtering / Proxies
Web Content / Filtering / Proxies
Application
DLP
Network Switches & Routers
Application
IDS/IPS
Vulnerability Systems
Application
Application
Syslog
2.x - 4.x
Code Based
Syslog
All
ASP
Syslog
All
All
All
All
All
All
1.x
8.x
5.x, 6.x
All
All
All
5.x
ASP
ASP
ASP
IPFix
ASP
ASP
ASP
ASP
ASP
ASP
ASP
N/A
ASP
Syslog
Syslog
Syslog
IPFix
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
N/A
Syslog
All
ASP
Syslog
All
All
ASP
ASP
2.9.x
Code Based
All
ASP
Syslog
Syslog
McAfee Event
Format
Syslog
Antivirus/Malware
ASP
Syslog
8.x
All
5.x and 6.x
7.x and above
All
3.x
All
All
All
All
All
All
All
N/A
N/A
N/A
ASP
ASP
ASP
ASP
Code Based
Code Based
Code Based
ASP
ASP
ASP
ASP
ASP
ASP
Code Based
Code Based
Code Based
N/A
Code Based
N/A
N/A
N/A
All
All
5.3.x
All
All
All
All
All
1.x
All
5.1.1-0
All
8.x, 9.x, 10.x
6.x, 7.x
11.5
5.5 - 7.x
All
All
All
All
Code Based
Code Based
Code Based
Code Based
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
File pull
File pull
File pull
McAfee Event
Format
File pull
File pull
File pull
File pull
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
ASP
Syslog
Other
Other
Other
VA Scanner
Switches & Routers
Firewall
Application
Application
UTM
Switches & Routers
Printers
Operating Systems
Network Switches & Routers
Database
NAC
Database
Database Activity Monitoring
Database
Host / Server / Operating Systems
Security Management
MainFrame
Other
Database
IBM
ASP
Other
HyTrust
All
Hewlett-Packard
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
N/A
Syslog
Syslog
Syslog
SQL
SQL
Syslog
Syslog
Syslog
Syslog
Syslog
GFI
Gigamon
Global Technology Associates
Good Technology
Google
HBGary
Syslog
Syslog
Syslog
Syslog
Generic
ASP
ASP
ASP
ASP
Application Security
FreeRADIUS
Code Based
ASP
ASP
ASP
ASP
ASP
ASP
N/A
ASP
ASP
ASP
Code Based
Code Based
ASP
ASP
ASP
ASP
ASP
Fortinet
ESM Version
All
ForeScout
Method of
Collection
5.x
10.0 and above
2.x
All
All
All
5.x, 6.x
All
All
All
All
1.x-7.x
1.x-7.x
7.x
7.x
All
7.x, 8.x
All
Fidelis
Fluke Networks
Force10 Networks
Parser
Firewall
UTM / Firewall
Messaging
UTM
Anti-Malware
Network Switches & Routers
MainFrame
Vulnerability Systems
IDS/IPS
Web Content / Filtering / Proxies
MainFrame
IDS/IPS
IDS/IPS
Network Switches & Routers
Network Switches & Routers
Application
Network Switches & Routers
Network Switches & Routers
FairWarning
FireEye
Version(s)
Supported
ASP
Syslog
Code Based
Code Based
SQL
SQL
ASP
Syslog
IBM
Vendor
Imperva
Infoblox
InfoExpress
InterSect Alliance
InterSystems
Invincea
IPFIX
Ipswitch
Itron
Jflow
Juniper Networks
Kaspersky
KEMP Technologies
Kerio Technologies
Lancope
Legacy
Lieberman
Locum
LOGbinder
Lumension
MailGate, Ltd.
McAfee
MEDITECH
Name
Device Type
Version(s)
Supported
Parser
Method of
Collection
ESM Version
ASP
Syslog
ASP
SQL
ASP
ASP
Code Based
ASP
ASP
ASP
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
ASP
Syslog
IPFix
ASP
ASP
Netflow
ASP
ASP
ASP
ASP
Code Based
Code Based
Code Based
IPFix
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
ASP
Syslog
ASP
ASP
ASP
ASP
ASP
Syslog
Syslog
SQL
Syslog
Syslog
Code Based
Syslog
ASP
Syslog
ASP
ASP
Syslog
Syslog
ASP
Syslog
ASP
ASP
ASP
ASP
N/A
Syslog
Syslog
Syslog
Syslog
N/A
ASP
Syslog
ASP
ASP
ASP
Correlation
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ePO - SQL
ePO - SQL
Syslog
Syslog
ePO - SQL
ePO - SQL
Syslog
Syslog
Syslog
ePO - SQL
ePO - SQL
ePO - SQL
ASP
ePO - SQL
ASP
ASP
ASP
ASP
Syslog
ePO - SQL
ePO - SQL
Syslog
ASP
ePO - SQL
ASP
ePO - SQL
N/A
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
N/A
ePO - SQL
ePO - SQL
Syslog
SQL
Syslog
Code Based API
Syslog
Syslog
ePO - SQL
Syslog
ePO - SQL
Syslog
ePO - SQL
Syslog
Syslog
Syslog
ASP
SQL
Code Based
Code Based
Vendor
Name
Adiscon Windows Events
Assets via Active Directory
2010
ASP
Syslog
Web Content/Filtering/Proxies
2003, 2008
ASP
Syslog
2003, 2008
ASP
Syslog
All
Code Based
Syslog
All
ASP
All
ASP
Web Content/Filtering/Proxies
Host / Server / Operating Systems /
Web Content / Filtering / Proxies
Host / Server / Operating Systems /
Web Content / Filtering / Proxies
Host / Server / Operating Systems /
Web Content / Filtering / Proxies
Firewall / Host / Server / Operating
Systems / Web Content / Filtering /
Proxies / Virtual Private Networks
Other
Other
Database
MSSQL
Database
2008
WMI
2007, 2010
ASP
2010
HIPS
IDS / IPS
IDS / IPS
ASP
Syslog
WMI
WMI
WMI
WMI
WMI
WMI
Database
All
2007, 2010
All
7, 2000, 2005, 2008,
2012
All
ASP
Database
Code Based
Policy Server
Host / Server / Operating Systems
Application
Host / Server / File Management
All
All
All
2007, 2010
ASP
Code Based
ASP
ASP
Security Management
2007
Code Based
2003, 2008
ASP
2003, 2008
ASP
Syslog
MEF - McAfee
SIEM Agent
Syslog
SQL
Syslog
Syslog
MEF - McAfee
SIEM Agent
File pull / McAfee
SIEM Agent
File pull / McAfee
SIEM Agent
All
ASP
Syslog
WMI
WMI
2.3.1
All
All
7.x
All
All
5, 7, 9
Code Based
ASP
Code Based
ASP
ASP
Syslog
Syslog
Syslog
Syslog
Syslog
NetFlow
NetFlow
All
ASP
Syslog
5.1
ASP
Syslog
All
ASP
Syslog
All
All
All
All
All
7.x
7.x
8.x
ASP
ASP
N/A
ASP
Code Based
Code Based
ASP
ASP
Syslog
Syslog
N/A
Syslog
Syslog
Syslog
Syslog
Syslog
All
ASP
Syslog
All
ASP
Syslog
All
All
2.1 and above
N/A
N/A
ASP
ASP
N/A
N/A
Syslog
SQL
MySQL
Database
Oracle
Database
Database
Database
Host / Server / Operating Systems
Other
Host / Server / Operating Systems /
IDS / IPS
Firewall
Database
Application
PostgreSQL
Database
PostgreSQL (ASP)
Database
PostgreSQL
All
LANGuardian (ASP)
Oracle
SQL
NetFort Technologies
nPulse
OpenVAS
OpenVPN
SQL
NetFlow
Novell
Syslog
ASP
CounterPoint
AirDefense (ASP)
AirDefense Enterprise
Data ONTAP (ASP)
DataFort (ASP)
FAS
Generic NetFlow
Nortel Networks
Code Based
All
ASP
NGS
Niksun
Nokia
All
2010
NetWitness
ESM Version
2010
NetApp
Method of
Collection
Motorola
Parser
ASP
Exchange (ASP)
Mirage Networks
Version(s)
Supported
MEF - McAfee
SIEM Agent
File pull / McAfee
SIEM Agent
SQL
Event Forwarding
Microsoft
Device Type
SQL
Syslog
Syslog
Syslog
ASP
Syslog
ASP
Syslog
ASP
Syslog
ASP
Syslog
Vendor
PowerTech
Proofpoint
Qualys
Quest
Name
Version(s)
Supported
Method of
Collection
ESM Version
ASP
ASP
N/A
WMI
ASP
ASP
Code Based
ASP
ASP
N/A
N/A
ASP
ASP
ASP
ASP
ASP
ASP
N/A
ABAP Module &
ASP
Syslog
Syslog
N/A
WMI
Syslog
Syslog
Syslog
Syslog
Syslog
N/A
N/A
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
N/A
Syslog
ASP
Syslog
All
ASP
Syslog
5.x
ASP
Syslog
McAfee Event
Format
Savant Protection
Sybase
Savant - CEF (ASP)
Secure Crossing
Zenwall (ASP)
SecureAuth
Securonix
Application
SendMail
Sentrigo
sFlow
Sentrion
Hedgehog - CEF (ASP)
Generic sFlow
Messaging
Database
Network Flow Collection
All
All
All
ASP
sFlow
Smart Grid
All
ASP
SnapLogic
SnapLogic (ASP)
DB2 Access Recording Services DBARS
(ASP)
Aventail (ASP)
SonicOS (ASP)
SonicWall Firewall/VPN
SonicWall IPS
GSX (ASP)
Email Security and Data Protection (ASP)
Sophos Antivirus
Web Security and Control (ASP)
3D Defense Center
Snort NIDS
FireSIGHT Management Console eStreamer
SourceFire NS/RNA (ASP)
Squid
Squid (ASP)
Cloud Integration
All
ASP
Syslog
sFlow
File pull / McAfee
SIEM Agent
Syslog
Database
All
ASP
Syslog
10.x
All
All
All
All
All
All
All
4.10
All
ASP
ASP
Code Based
Code Based
ASP
ASP
Code Based
ASP
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
SQL
Syslog
IDS / IPS
5.x.x
Code Based
eStreamer
All
1.x
2.5
ASP
Code Based
ASP
Syslog
Syslog
Syslog
5.x, 6.x
ASP
Syslog
Code Based
Syslog
Code Based
Code Based
Code Based
ASP
ASP
ASP
ASP
ASP
ASP
N/A
SQL
SQL
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
N/A
ASP
Code Based
ASP
ASP
ASP
ASP
ASP
Code Based
ASP
ASP
ASP
ASP
ASP
ASP
ASP
N/A
ASP
Code Based
ASP
ASP
ASP
ASP
Code Based
ASP
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
SQL
SQL
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
N/A
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Syslog
Code Based
Syslog
ASP
ASP
Syslog
Syslog
Rapid7
Raytheon
Raz-Lee Security
RedSeal Networks
Riverbed
RSA
SafeNet
Saint
SAP
SourceFire
StillSecure
Stonesoft Corporation
Sun
IDS / IPS
Web Content / Filtering / Proxies
Web Content / Filtering / Proxies
Firewall / Security Management / IDS
/ IPS / Virtual Private Networks
IDS / IPS
Web Server
Asset
Antivirus
IDS / IPS
Antivirus
Antivirus
Host / Server / Operating Systems
DLP
Messaging
Web Content / Filtering / Proxies
Application
Vulnerability Systems
Database
Security Management
Security Management
IDS / IPS
Firewall
Application
Host / Server / Operating Systems
Application
Antivirus / Vulnerability Systems
Antivirus / Vulnerability Systems
Antivirus / Vulnerability Systems
HIDS
HIDS
Web Content / Filtering / Proxies
Antivirus / Vulnerability Systems
FIM / HIDS
Vulnerability Systems
Database / Security Management
Database / Security Management
NAC
DLP
Web Content / Filtering / Proxies
Firewall / Auditing
Host / Server / Operating Systems
Host / Server / Operating Systems
UNIX OS
VShell (ASP)
Digital Guardian (ASP)
Application
DLP
Squid
Symantec
Synology
Tenable
Teradata
TippingPoint
Tofino Security
Topia Technology
Townsend Security
Trapezoid
Trend Micro
Tripwire
Trustwave
Tufin
Type80 Security Software
UNIX
VanDyke Software
Verdasys
All
All
All
All
All
All
2.4.3 and above
2.4.3 and above
All
3.x and above
All
All
All
All
5.x
7.x
All
All
Parser
Host
Application
Vulnerability Systems
Applications
Network Switches & Routers
Firewall
IDS / IPS
IDS / IPS
Network Switches & Routers
Vulnerability Systems
Vulnerability Systems
Application
Application
Risk Complianace
Security Appliances / UTMs
Authentication
Application Security
Vulnerability Systems
Applications / Security Management /
Host / Server / Operating Systems
Database
Anti-Malware
Applications / Security Management /
Host / Server / Operating Systems
Authentication
Radware
Device Type
Code Based
All
All
7.x and above
8.x, 9.x
5.2
11.x
11.x
All
All
2.x and above
All
All
3.x, 4.x, 5.x, 6.x
12.x, 13.x, 14.x
2.x and above
1.x, 2.x
All
All
All
All
All
3.x, 5.x, 6.x
5.x
All
6.x and above
6.x and above
All
All
1.x, 2.x
All
4.x
4.x
3.x
8.x
4.x
All
All
All
Solaris, Red Hat
Linux, HP-UX, IBM
AIX and SUSE
2.x, 3.x
All
Vendor
VMware
Vormetric
WatchGuard Technologies
Wave Systems Corp
Websense
Xirrus
Zenprise
ZeroFOX
Name
vCenter Server (ASP)
VMware (ASP)
Data Security (ASP)
Firebox and X Series (ASP)
Safend Protector (ASP)
Websense - CEF, Key Value Pair (ASP)
Websense Enterprise - SQL Pull (ASP)
802.11abgn Wi-Fi Arrays (ASP)
Secure Mobile Gateway (ASP)
ZeroFOX (ASP)
Device Type
Application
Application
Application
Firewall
DLP
Web Content / Filtering / Proxies
Web Content / Filtering / Proxies
Switches & Routers
Security Mobile Gateway
Application
Version(s)
Supported
Parser
Method of
Collection
ESM Version
All
1.x-5.x
4.x
8.x-11.x
All
7.7 and above
6.x
All
5.x and above
All
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
ASP
McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and
brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change
without notice, and are provided without warranty of any kind, express or implied. Copyright 2014 McAfee, Inc.