Categories

This page lists all the categories used by BluSapphire.

Category	Description	Examples
ads	Active Defence System (Deception)	Any deception tool
ams	Asset Management System	Tanium, BMS
auth	Authorization/ 2FA, MFA	Cisco DUO, RSA
casb	Cloud Access Security Broker	TBD
cloud-aws	Amazon Web Services	cloudtrail, cloudwatch
cloud-azure	Microsoft Azure	MCAS, O365
cloud-gcp	Google Cloud Platform	gmail, gcs
container	Containers	Docker, Kubernates
db	Database	Oracle, SQL, MySQL, Postgres
dhcp	DHCP Servers	All DHCP Servers
dlp	Data Leakage Prevention	ForceScout, Symantec
dns	DNS Servers	All DNS Servers
ds	Directory Services	AD, LDAP, OpenLDAP
edr	Endpoint Detection	Carbon Black
epp	Endpoint Protection	Cisco AMP, Symantec, Crowdstrike, BluArmour, Sophos
erp	ERP	SAP
flow	Flow	Netflow, Sflow, IPFIX
fw	Firewall	Egle
ics	Industrial Control Systems	Scada
idam	Identity and Access Management	IBM Idam, Microsoft Idam, Oracle Im(oim)
iot	Internet of Things
ips	IDS/IPS	Snort, Firepower, Suricata
kerberos	Kerberos	Any Kerberos logs
lb	Load Balancer	F5, Nginx, Netscaler, Voltera, HA Proxy
linux-audit	Audit Logs	Auditd
linux-ssh	SSH Logs	SSH
linux-syslog	Linux Syslog	Any other syslog from Linux.
nac	Network Access Control	ISE, OpenNAC, ForceScout
nbad	Network Behavior Anomaly Detection	DarkTrace, Zeek, Damballa
network	Router, Switches	Any Routers any Switches
ngfw	Next-Gen Firewalls / UTMs	Sophos, Fortinet, ASA, Paloalto, Fireeye, Checkpoint
proxy-dns	DNS Proxy	Cisco Umbrella
proxy-mail	Mail Proxy	Cisco Ironport, Mimecast, Proofpoint
proxy-web	Web Proxy	Cisco Ironport, Zscaler and other proxy logs
ra	Remote Access	vpn, Netscaler, Microsoft VPN, Cisco VPN
rms	Risk Management System	Rapid7, ClearWater, Reciprocity
sftp	SFTP	Any FTP / SFTP Servers
th	Threat Hunt	Squirrel, BluGenie
ti	Threat Intel	TBD
virtual	Virtualization Hosts	Esx, Hypervisor, Nutanix
vms	Vulnerability Management System	Nessus, Nexpose, Qualys, OpenVAS
webserver	Application/Webserver	Tomcat, Apache, Weblogic, Websphere
windows	Microsoft Windows Logs	Application, Security, Powershell, System, WMI, Sysmon, ETW
wireless	Wireless Controllers	Wireless Controllers

Category

Description

Examples

ads

Active Defence System (Deception)

Any deception tool

ams

Asset Management System

Tanium, BMS

auth

Authorization/ 2FA, MFA

Cisco DUO, RSA

casb

Cloud Access Security Broker

TBD

cloud-aws

Amazon Web Services

cloudtrail, cloudwatch

cloud-azure

Microsoft Azure

MCAS, O365

cloud-gcp

Google Cloud Platform

gmail, gcs

container

Containers

Docker, Kubernates

Database

Oracle, SQL, MySQL, Postgres

dhcp

DHCP Servers

All DHCP Servers

dlp

Data Leakage Prevention

ForceScout, Symantec

dns

DNS Servers

All DNS Servers

Directory Services

AD, LDAP, OpenLDAP

edr

Endpoint Detection

Carbon Black

epp

Endpoint Protection

Cisco AMP, Symantec, Crowdstrike, BluArmour, Sophos

erp

ERP

SAP

flow

Flow

Netflow, Sflow, IPFIX

Firewall

Egle

ics

Industrial Control Systems

Scada

idam

Identity and Access Management

IBM Idam, Microsoft Idam, Oracle Im(oim)

iot

Internet of Things

ips

IDS/IPS

Snort, Firepower, Suricata

kerberos

Kerberos

Any Kerberos logs

Load Balancer

F5, Nginx, Netscaler, Voltera, HA Proxy

linux-audit

Audit Logs

Auditd

linux-ssh

SSH Logs

SSH

linux-syslog

Linux Syslog

Any other syslog from Linux.

nac

Network Access Control

ISE, OpenNAC, ForceScout

nbad

Network Behavior Anomaly Detection

DarkTrace, Zeek, Damballa

network

Router, Switches

Any Routers any Switches

ngfw

Next-Gen Firewalls / UTMs

Sophos, Fortinet, ASA, Paloalto, Fireeye, Checkpoint

proxy-dns

DNS Proxy

Cisco Umbrella

proxy-mail

Mail Proxy

Cisco Ironport, Mimecast, Proofpoint

proxy-web

Web Proxy

Cisco Ironport, Zscaler and other proxy logs

Remote Access

vpn, Netscaler, Microsoft VPN, Cisco VPN

rms

Risk Management System

Rapid7, ClearWater, Reciprocity

sftp

SFTP

Any FTP / SFTP Servers

Threat Hunt

Squirrel, BluGenie

Threat Intel

TBD

virtual

Virtualization Hosts

Esx, Hypervisor, Nutanix

vms

Vulnerability Management System

Nessus, Nexpose, Qualys, OpenVAS

webserver

Application/Webserver

Tomcat, Apache, Weblogic, Websphere

windows

Microsoft Windows Logs

Application, Security, Powershell, System, WMI, Sysmon, ETW

wireless

Wireless Controllers

Previous18_Taxonomy NextWeb Security Gateway

Last updated 7 days ago