Categories

This page lists all the categories used by BluSapphire.

Category
Description
Examples

Active Defence System (Deception)

Any deception tool

ams

Asset Management System

Tanium, BMS

Authorization/ 2FA, MFA

Cisco DUO, RSA

casb

Cloud Access Security Broker

TBD

Amazon Web Services

cloudtrail, cloudwatch

Microsoft Azure

MCAS, O365

cloud-gcp

Google Cloud Platform

gmail, gcs

container

Containers

Docker, Kubernates

db

Database

Oracle, SQL, MySQL, Postgres

dhcp

DHCP Servers

All DHCP Servers

dlp

Data Leakage Prevention

ForceScout, Symantec

dns

DNS Servers

All DNS Servers

ds

Directory Services

AD, LDAP, OpenLDAP

edr

Endpoint Detection

Carbon Black

epp

Endpoint Protection

Cisco AMP, Symantec, Crowdstrike, BluArmour, Sophos

erp

ERP

SAP

flow

Flow

Netflow, Sflow, IPFIX

fw

Firewall

Egle

ics

Industrial Control Systems

Scada

idam

Identity and Access Management

IBM Idam, Microsoft Idam, Oracle Im(oim)

iot

Internet of Things

ips

IDS/IPS

Snort, Firepower, Suricata

kerberos

Kerberos

Any Kerberos logs

lb

Load Balancer

F5, Nginx, Netscaler, Voltera, HA Proxy

linux-audit

Audit Logs

Auditd

linux-ssh

SSH Logs

SSH

linux-syslog

Linux Syslog

Any other syslog from Linux.

nac

Network Access Control

ISE, OpenNAC, ForceScout

nbad

Network Behavior Anomaly Detection

DarkTrace, Zeek, Damballa

network

Router, Switches

Any Routers any Switches

ngfw

Next-Gen Firewalls / UTMs

Sophos, Fortinet, ASA, Paloalto, Fireeye, Checkpoint

proxy-dns

DNS Proxy

Cisco Umbrella

proxy-mail

Mail Proxy

Cisco Ironport, Mimecast, Proofpoint

proxy-web

Web Proxy

Cisco Ironport, Zscaler and other proxy logs

ra

Remote Access

vpn, Netscaler, Microsoft VPN, Cisco VPN

rms

Risk Management System

Rapid7, ClearWater, Reciprocity

sftp

SFTP

Any FTP / SFTP Servers

th

Threat Hunt

Squirrel, BluGenie

ti

Threat Intel

TBD

virtual

Virtualization Hosts

Esx, Hypervisor, Nutanix

vms

Vulnerability Management System

Nessus, Nexpose, Qualys, OpenVAS

webserver

Application/Webserver

Tomcat, Apache, Weblogic, Websphere

windows

Microsoft Windows Logs

Application, Security, Powershell, System, WMI, Sysmon, ETW

wireless

Wireless Controllers

Wireless Controllers

Last updated