Categories
This page lists all the categories used by BluSapphire.
Category | Description | Examples |
---|---|---|
Active Defence System (Deception) | Any deception tool | |
ams | Asset Management System | Tanium, BMS |
Authorization/ 2FA, MFA | Cisco DUO, RSA | |
casb | Cloud Access Security Broker | TBD |
Amazon Web Services | cloudtrail, cloudwatch | |
Microsoft Azure | MCAS, O365 | |
cloud-gcp | Google Cloud Platform | gmail, gcs |
container | Containers | Docker, Kubernates |
db | Database | Oracle, SQL, MySQL, Postgres |
dhcp | DHCP Servers | All DHCP Servers |
dlp | Data Leakage Prevention | ForceScout, Symantec |
dns | DNS Servers | All DNS Servers |
ds | Directory Services | AD, LDAP, OpenLDAP |
edr | Endpoint Detection | Carbon Black |
epp | Endpoint Protection | Cisco AMP, Symantec, Crowdstrike, BluArmour, Sophos |
erp | ERP | SAP |
flow | Flow | Netflow, Sflow, IPFIX |
fw | Firewall | Egle |
ics | Industrial Control Systems | Scada |
idam | Identity and Access Management | IBM Idam, Microsoft Idam, Oracle Im(oim) |
iot | Internet of Things |
|
ips | IDS/IPS | Snort, Firepower, Suricata |
kerberos | Kerberos | Any Kerberos logs |
lb | Load Balancer | F5, Nginx, Netscaler, Voltera, HA Proxy |
linux-audit | Audit Logs | Auditd |
linux-ssh | SSH Logs | SSH |
linux-syslog | Linux Syslog | Any other syslog from Linux. |
nac | Network Access Control | ISE, OpenNAC, ForceScout |
nbad | Network Behavior Anomaly Detection | DarkTrace, Zeek, Damballa |
network | Router, Switches | Any Routers any Switches |
ngfw | Next-Gen Firewalls / UTMs | Sophos, Fortinet, ASA, Paloalto, Fireeye, Checkpoint |
proxy-dns | DNS Proxy | Cisco Umbrella |
proxy-mail | Mail Proxy | Cisco Ironport, Mimecast, Proofpoint |
proxy-web | Web Proxy | Cisco Ironport, Zscaler and other proxy logs |
ra | Remote Access | vpn, Netscaler, Microsoft VPN, Cisco VPN |
rms | Risk Management System | Rapid7, ClearWater, Reciprocity |
sftp | SFTP | Any FTP / SFTP Servers |
th | Threat Hunt | Squirrel, BluGenie |
ti | Threat Intel | TBD |
virtual | Virtualization Hosts | Esx, Hypervisor, Nutanix |
vms | Vulnerability Management System | Nessus, Nexpose, Qualys, OpenVAS |
webserver | Application/Webserver | Tomcat, Apache, Weblogic, Websphere |
windows | Microsoft Windows Logs | Application, Security, Powershell, System, WMI, Sysmon, ETW |
wireless | Wireless Controllers | Wireless Controllers |
Last updated