Products: Event Sources
Q1 Labs' security information and event management (SIEM) and log management solutions accept data from a wide range of event sources, including:
Antivirus
- McAfee e-Policy Orchestrator
- Symantec System Center and Antivirus Client
- Trend Micro Antivirus
- Trend Micro Control Manager
Authentication and DHCP
- Bridgewater Systems, Service Controller
- Cisco ACS (Authentication Control Server)
- Cisco NAC Appliance
- ForeScout CounterACT
- FreeRadius RADIUS Server
- Generic Authentication Server
- Juniper Steel Belted Radius
- Linux Red Hat DHCP logs
- MetaInfo MetalIP DHCP Server
- Microsoft IAS
- Microsoft DHCP Server
- RSA Authentication Manager
- Sun Solaris DHCP Server
- Symark Power Broker
Databases
- Microsoft, SQL Server
- Oracle (v9i, v10G)
- Oracle Database Listener
- Sybase ASE Database
- Imperva SecureSphere
Firewalls/VPN
- Check Point, FireWall-1 & OPSEC (NG, FP1, FP2, FP3, AI R54, NGX R60)
- CheckPoint Endpoint Security
- Cisco FWSM
- Cisco IOS Firewall
- Cisco PIX Firewall
- Fortinet
- Generic Firewall Device Support
- Juniper NetScreen Firewall
- Linux Iptables
- Nokia Firewall
- Nokia IP Series
- Nortel Switched Firewall
- PaloAlto Networks PA Series
- Secure Computing Cyberguard
- Symantec SGS Appliance
Generic/Custom
- Any custom device that emits Syslog, SNMP, or SDEE.
- File-based logs can be sent via syslog, FTP, SFTP and SCP
- Events retrieved via JDBC
Host Logs
- Apple OSX
- Cisco, Security Agent (CSA)
- IBM, AIX
- Microsoft Windows
- IBM iSeries (OS400)
- IBM RACF
- Open source Linux
- Open BSD Linux
- Redhat Linux
- Sun Solaris
- HP Tandem
- HP/UX
Intrusion Detection
- Cisco CSA
- Cisco IDS
- Enterasys Dragon
- Fortinet Fortigate FortiGuard
- Juniper ISG
- Network Associates McAfee Entercept
- Niksun NetVCR
- SNORT
- SourceFire Intrusion Sensor
- Trust Wave IPAngel
Intrusion Prevention
- Cisco, IPS
- ForeScout CounterACT
- IBM Site Protector & Proventia
- Juniper NetScreen IDP
- McAfee Intrushield
- Nortel Threat Protection System
- Symantec Endpoint Protection
- Tipping Point X Series
- Top Layer IPS 5500
- Trust Wave IPAngel
Management Platforms
- Enterasys Dragon
- Enterasys NetSight ASM
- IBM Domino (Notes)
- ISS Site Protector
- Juniper Infranet Controller
- Juniper Netscreen Security Manager
- SAP ERP
- Starent Networks Home Agent
- Tripwire Enterprise/Manager
Routers/Switches
- 3Com, 8800 Series Switch
- Cisco CatOS
- Cisco Catalyst Switches
- Cisco Routers
- Enterasys Matrix Router
- Extreme Extremeware
- F5 BIG IP
- Juniper Router
- Nortel BayRS NAS, Secure Router
Security Appliance & UTM
- Astaro Security Gateway
- Fortinet
- Juniper DX Platform
- Juniper Integrated Security Gateway
- Juniper Secure Services Gateway
- Juniper SRX Gateway
- Secure Computing SideWinder G2
- SonicWall UTM
- Tipping Point X Series and SMS
- Vericept Content 360
VPN
- Array Networks, ArraySP SSL VPN
- Check Point VPN-1
- Cisco ASA
- Cisco VPN 3000 Series Concentrator
- Cisco VPN 3000 Concentrator
- Juniper RA/SA Series SSL VPN
- Juniper RA/SA SSL VPN
- Nokia IP Series
- Nortel VPN Gateway VPN Router
- Secure Computing Cyberguard
Wireless Management
- Motorola Symbol Access Point
- Aruba Wireless Management Controller
- Cisco Aironet
- Enterasys HiGuard Wireless
Web Server, Proxies, Mail, Other
- Apache, HTTP Server
- BlueCoat SG
- CryptoCard CryptoShield
- F5 Load Balancer
- Microsoft Exchange
- Microsoft IIS
- ProFTP FTP
- Squid Web Cache
- Starent Networks Home Agent
- Sun Sendmail
Vulnerability Scanners*
- eEye REM
- Foundscan
- Juniper NSM Profiler
- nCircle IP360
- Nessus
- NMap
- Patchlink (Lumension/Harris) Scan
- Qualys
- Rapid7 NeXpose
- SecureScout
Network and Application Flow Data*
- Q1 Labs, QFlow w/Layer 7 application identification
- Cisco NetFlow NDE versions 1, 2, 5, 7 and 9
- Foundry S-Flow
- Juniper J-Flow
- Packeteer FDR – Flow Data Records
* NOTE: Not supported in QRadar SLIM
(Please contact your Q1 Labs' representative for the most up-to-date list of supported devices.)