event.module guidelines
A list of module names that are used in parsers for the
#event.module tag.If you are creating a package with a vendor and module that has already been used in other packages, make sure to reuse the same name as they have in here. If you create a package for a new module, add the module name here.
When choosing a new module name, use something that is concise and clear, without hyphens in the names.
Module names per vendor
| Vendor | #event.module |
|---|---|
| abnormal | emailsecurity |
| akamai | asec |
| appomni | appomni |
| aws | cloudtrail |
| aws | fsx |
| aws | guardduty |
| aws | s3access |
| aws | vpcflow |
| aws | rds |
| aws | waf |
| apple | unifiedlog |
| armis | centrixiot |
| aruba | clearpass |
| asimily | iomt |
| broadcom | proxysg |
| checkpoint | ngfw |
| cisco | duo |
| cisco | firepower |
| cisco | ios |
| cisco | ise |
| cisco | meraki |
| cisco | umbrella |
| citrix | netscaler |
| claroty | ctd |
| cloudflare | zerotrust |
| corelight | ids |
| darktrace | detect |
| dell | isilon |
| extrahop | revealx360 |
| f5networks | bigip |
| f5networks | nginx |
| forcepoint | dlp |
| forgerock | identity |
| fortinet | fortigate |
| fortinet | fortimail |
| chromeenterprise | |
| haproxy | haproxy |
| imperva | cloudwaf |
| infoblox | nios |
| island | island |
| juniper | srx |
| menlo | msip |
| microsoft | azure |
| microsoft | windows |
| mimecast | emailsecurity |
| netgate | pfsense |
| netskope | sse |
| nozomi | ids |
| okta | sso |
| obsidiansecurity | obsidiansecurity |
| oneidentity | onelogin |
| paloalto | ngfw |
| paloalto | prismasdwan |
| pingidentity | pingfederate |
| proofpoint | tap |
| radware | alteon |
| redhat | jboss |
| rubrik | securitycloud |
| skyhigh | sse |
| tausight | ephi |
| trellix | fireeyenx |
| zoom | qss |
| zscaler | deception |
| zscaler | zia |
| zscaler | zpa |