# Categories | Category | Description | Examples | | ----------------------------------------------------------------------- | ---------------------------------- | ----------------------------------------------------------- | | [ads](https://docs.blusapphire.io/18_taxonomy/active-defence-deception) | Active Defence System (Deception) | Any deception tool | | ams | Asset Management System | Tanium, BMS | | [auth](https://docs.blusapphire.io/18_taxonomy/auth-idam) | Authorization/ 2FA, MFA | Cisco DUO, RSA | | casb | Cloud Access Security Broker | TBD | | [cloud-aws](https://docs.blusapphire.io/18_taxonomy/cloud-aws) | Amazon Web Services | cloudtrail, cloudwatch | | [cloud-azure](https://docs.blusapphire.io/18_taxonomy/cloud-aws-1) | Microsoft Azure | MCAS, O365 | | cloud-gcp | Google Cloud Platform | gmail, gcs | | container | Containers | Docker, Kubernates | | db | Database | Oracle, SQL, MySQL, Postgres | | dhcp | DHCP Servers | All DHCP Servers | | dlp | Data Leakage Prevention | ForceScout, Symantec | | dns | DNS Servers | All DNS Servers | | ds | Directory Services | AD, LDAP, OpenLDAP | | edr | Endpoint Detection | Carbon Black | | epp | Endpoint Protection | Cisco AMP, Symantec, Crowdstrike, BluArmour, Sophos | | erp | ERP | SAP | | flow | Flow | Netflow, Sflow, IPFIX | | fw | Firewall | Egle | | ics | Industrial Control Systems | Scada | | idam | Identity and Access Management | IBM Idam, Microsoft Idam, Oracle Im(oim) | | iot | Internet of Things | | | ips | IDS/IPS | Snort, Firepower, Suricata | | kerberos | Kerberos | Any Kerberos logs | | lb | Load Balancer | F5, Nginx, Netscaler, Voltera, HA Proxy | | linux-audit | Audit Logs | Auditd | | linux-ssh | SSH Logs | SSH | | linux-syslog | Linux Syslog | Any other syslog from Linux. | | nac | Network Access Control | ISE, OpenNAC, ForceScout | | nbad | Network Behavior Anomaly Detection | DarkTrace, Zeek, Damballa | | network | Router, Switches | Any Routers any Switches | | ngfw | Next-Gen Firewalls / UTMs | Sophos, Fortinet, ASA, Paloalto, Fireeye, Checkpoint | | proxy-dns | DNS Proxy | Cisco Umbrella | | proxy-mail | Mail Proxy | Cisco Ironport, Mimecast, Proofpoint | | proxy-web | Web Proxy | Cisco Ironport, Zscaler and other proxy logs | | ra | Remote Access | vpn, Netscaler, Microsoft VPN, Cisco VPN | | rms | Risk Management System | Rapid7, ClearWater, Reciprocity | | sftp | SFTP | Any FTP / SFTP Servers | | th | Threat Hunt | Squirrel, BluGenie | | ti | Threat Intel | TBD | | virtual | Virtualization Hosts | Esx, Hypervisor, Nutanix | | vms | Vulnerability Management System | Nessus, Nexpose, Qualys, OpenVAS | | webserver | Application/Webserver | Tomcat, Apache, Weblogic, Websphere | | windows | Microsoft Windows Logs | Application, Security, Powershell, System, WMI, Sysmon, ETW | | wireless | Wireless Controllers | Wireless Controllers |