event.module guidelines
A list of module names that are used in parsers for the
#event.module tag.If you are creating a package with a vendor and module that has already been used in other packages, make sure to reuse the same name as they have in here. If you create a package for a new module, add the module name here.
When choosing a new module name, use something that is concise and clear, without hyphens in the names.
Module names per vendor
| Vendor | #event.module |
Product Full Name |
|---|---|---|
| 1password | devicetrust | 1Password Device Trust |
| 1password | passwordmanager | 1Password Password Manager |
| a10 | thunder | A10 Thunder Application Delivery Controller |
| abnormal | email-security | Abnormal Email Security |
| airlockdigital | airlock | Airlock Application Control |
| akamai | api | Akamai API Gateway |
| akamai | asec | Akamai Security Events |
| akamai | cdn | Akamai Content Delivery Network |
| akamai | eaa | Akamai Enterprise Application Access |
| akamai | guardicore | Akamai Guardicore Centra |
| apache | httpserver | Apache HTTP Server |
| apache | tomcat | Apache Tomcat |
| appomni | threatdetection | AppOmni Threat Detection |
| arista | ndr | Arista NDR Platform |
| armis | centrixiot | Armis Centrix IoT Security |
| aruba | clearpass | Aruba ClearPass |
| aruba | orchestrator | Aruba Orchestrator |
| asimily | iomt | Asimily IoMT Security Platform |
| atlassian | jira | Atlassian Jira |
| aws | aws-generic | Amazon Web Services Generic |
| aws | cloudtrail | AWS CloudTrail |
| aws | cloudwatch | AWS CloudWatch |
| aws | config | AWS Config |
| aws | fsx | Amazon FSx |
| aws | guardduty | AWS GuardDuty |
| aws | network-firewall | AWS Network Firewall |
| aws | rds | Amazon Relational Database Service |
| aws | route53 | Amazon Route 53 |
| aws | s3access | Amazon S3 Server Access |
| aws | security-hub | AWS Security Hub |
| aws | securitylake | AWS Security Lake |
| aws | vpcflow | Amazon VPC Flow Logs |
| aws | waf | AWS Web Application Firewall |
| barracuda | cgf | Barracuda CloudGen Firewall |
| barracuda | emailgatewaydefense | Barracuda Email Gateway Defense |
| beyondtrust | beyondinsight | BeyondTrust BeyondInsight |
| box | enterprise | Box Enterprise |
| broadcom | bluecoat | Broadcom Blue Coat Proxy |
| broadcom | fos | Broadcom Fabric Operating System |
| broadcom | proxysg | Broadcom ProxySG |
| broadcom | symantec-endpointprotection | Broadcom Symantec Endpoint Protection |
| cato | sase | Cato SASE Cloud |
| cetu | pipelines | CeTu Pipelines |
| checkpoint | harmonyemailcollaboration | Check Point Harmony Email & Collaboration |
| checkpoint | ngfw | Check Point Next Generation Firewall |
| cisco | asa | Cisco Adaptive Security Appliance |
| cisco | duo | Cisco Duo Security |
| cisco | firepower | Cisco Firepower |
| cisco | ios | Cisco IOS |
| cisco | ise | Cisco Identity Services Engine |
| cisco | meraki | Cisco Meraki |
| cisco | prime | Cisco Prime |
| cisco | secure-network-analytics | Cisco Secure Network Analytics |
| cisco | seg | Cisco Secure Email Gateway |
| cisco | threatgrid | Cisco Threat Grid |
| cisco | umbrella | Cisco Umbrella |
| citrix | adc | Citrix Application Delivery Controller |
| claroty | ctd | Claroty Continuous Threat Detection |
| cloudflare | waf | Cloudflare Web Application Firewall |
| cloudflare | zerotrust | Cloudflare Zero Trust |
| cofense | triage | Cofense Triage |
| contrastsecurity | adr | Contrast Security Application Defense and Response |
| corelight | ids | Corelight Network Detection and Response |
| corelight | investigator | Corelight Investigator |
| corelight | ndr | Corelight Network Detection and Response |
| crowdstrike | falcon | CrowdStrike Falcon |
| crowdstrike | saas-security | CrowdStrike SaaS Security |
| cyberark | vault | CyberArk Privileged Access Security |
| cynerio | healthcarendr | Cynerio Healthcare Network Detection and Response |
| darktrace | detect | Darktrace Enterprise Immune System |
| delinea | secretserver | Delinea Secret Server |
| dell | isilon | Dell PowerScale OneFS |
| dell | powerprotect | Dell PowerProtect Data Manager |
| dope-security | dope-swg | Dope Security Secure Web Gateway |
| dragos | platform | Dragos Platform |
| druva | realize | Druva Data Resiliency Cloud |
| enzoic | e4ad | Enzoic for Active Directory |
| epicsecurity | epic | Epic Electronic Health Records |
| extrahop | revealx-360 | ExtraHop Reveal(x) 360 |
| f5networks | bigip | F5 BIG-IP |
| f5networks | nginx | F5 NGINX |
| fidelis | audit | Fidelis Audit |
| fidelis | fidelis | Fidelis Network |
| forcepoint | dlp | Forcepoint Data Loss Prevention |
| forcepoint | ngfw | Forcepoint Next Generation Firewall |
| forgerock | identity | ForgeRock Identity Platform |
| fortinet | fortigate | Fortinet FortiGate |
| fortinet | fortimail | Fortinet FortiMail |
| fortinet | fortindr | Fortinet FortiNDR |
| gigamon | ami | Gigamon Application Metadata Intelligence |
| chromeenterprise | Google Chrome Enterprise | |
| cloud | Google Cloud Identity | |
| gcp | Google Cloud Platform | |
| workspace | Google Workspace | |
| gytpol | misconfigurations | GYTPOL Misconfigurations |
| haproxy | haproxy | HAProxy Load Balancer |
| hashicorp | vault | HashiCorp Vault |
| imperva | cloudwaf | Imperva Cloud Web Application Firewall |
| infoblox | nios | Infoblox Network Identity Operating System |
| ironscales | esp | IRONSCALES Email Security Platform |
| island | island | Island Enterprise Browser |
| juniper | srx | Juniper SRX Series |
| keepersecurity | enterprise | Keeper Enterprise Password Management |
| linux | auditd | Linux Audit Daemon |
| linux | linux | Linux Operating System |
| linux | syslog | Linux System Logging |
| logbinder | sharepoint | LogBinder SharePoint |
| lookout | mobile | Lookout Mobile Endpoint Security |
| menlo | msip | Menlo Security Isolation Platform |
| microsoft | ad | Microsoft Active Directory |
| microsoft | azure | Microsoft Azure |
| microsoft | azure-devops | Microsoft Azure DevOps |
| microsoft | defender | Microsoft Defender |
| microsoft | defender-identity | Microsoft Defender for Identity |
| microsoft | edge | Microsoft Edge |
| microsoft | entraid | Microsoft Entra ID |
| microsoft | exchange | Microsoft Exchange |
| microsoft | github | Microsoft GitHub Enterprise |
| microsoft | iis | Microsoft Internet Information Services |
| microsoft | intune | Microsoft Intune |
| microsoft | m365 | Microsoft 365 |
| microsoft | messagetrace | Microsoft Message Trace |
| microsoft | sentinel | Microsoft Sentinel |
| microsoft | sql | Microsoft SQL Server |
| microsoft | windows | Microsoft Windows |
| microsoft | windows-defender-365 | Microsoft Defender for Office 365 |
| mimecast | emailsecurity | Mimecast Email Security |
| nasuni | edge | Nasuni Edge Appliance |
| nasuni | managementconsole | Nasuni Management Console |
| netgate | pfsense | Netgate pfSense |
| netskope | sse | Netskope Security Service Edge |
| netskope | transaction | Netskope Transaction Logs |
| nozomi | ids | Nozomi Networks Guardian |
| nozomi | nozomi | Nozomi Networks Platform |
| nutanix | datalens | Nutanix Data Lens |
| obsidiansecurity | securitydata | Obsidian Security Platform |
| okta | sso | Okta Single Sign-On |
| oneidentity | onelogin | OneLogin Identity Platform |
| ordr | ordrai | Ordr Systems Control Engine |
| paloalto | dlp | Palo Alto Networks Enterprise DLP |
| paloalto | ngfw | Palo Alto Networks Next-Generation Firewall |
| paloalto | prisma | Palo Alto Networks Prisma Access |
| paloalto | prismasdwan | Palo Alto Networks Prisma SD-WAN |
| paloalto | saas-security | Palo Alto Networks SaaS Security |
| pingidentity | pingone | PingOne Platform |
| proofpoint | casb | Proofpoint Cloud App Security Broker |
| proofpoint | emailprotection | Proofpoint Email Protection |
| proofpoint | seg | Proofpoint Email Security Gateway |
| proofpoint | tap | Proofpoint Targeted Attack Protection |
| pulse | secure | Pulse Secure VPN |
| purestorage | flasharray | Pure Storage FlashArray |
| purestorage | flashblade | Pure Storage FlashBlade |
| qualys | vm | Qualys Vulnerability Management |
| radware | alteon | Radware Alteon Application Delivery Controller |
| radware | waf | Radware Cloud Web Application Firewall |
| raynet | raynetone | RayNet One Platform |
| redhat | jboss | Red Hat JBoss Enterprise Application Platform |
| rubrik | securitycloud | Rubrik Security Cloud |
| sailpoint | identitynow | SailPoint IdentityNow |
| salesforce | salesforce | Salesforce Platform |
| saltsecurity | apisecurity | Salt Security API Protection Platform |
| seraphic | seraphicsecurity | Seraphic Security Platform |
| servicenow | servicenow | ServiceNow Platform |
| silverfort | itdr | Silverfort Identity Threat Detection and Response |
| skyhigh | sse | Skyhigh Security Service Edge |
| softerra | adaxes | Softerra Adaxes |
| sonicwall | sonicos | SonicWall SonicOS |
| sophos | sfos | Sophos Firewall Operating System |
| squid | proxy | Squid Proxy Server |
| superna | securityedition | Superna Eyeglass Data Security Edition |
| tausight | ephi | Tausight ePHI Security Platform |
| trellix | fireeyenx | Trellix Network Security |
| trendmicro | visionone | Trend Micro Vision One |
| tufin | securetrack | Tufin SecureTrack |
| varonis | varonis | Varonis Data Security Platform |
| vectra | brain | Vectra Cognito Detect |
| vectra | respond-ux | Vectra Respond User Experience |
| veeam | vbr | Veeam Backup & Replication |
| vercara | ultradns | Vercara UltraDNS |
| veriti | insight | Veriti Security Posture Management |
| versa | sase | Versa SASE |
| versa | vos | Versa Operating System |
| viavi | observerapex | VIAVI Observer Apex |
| vmware | airwatch | VMware Workspace ONE UEM |
| vmware | esxi | VMware ESXi |
| vmware | vcenter | VMware vCenter Server |
| watchguard | firebox | WatchGuard Firebox |
| workday | workday | Workday Platform |
| zimperium | mtd | Zimperium Mobile Threat Defense |
| zoom | qss | Zoom Quality of Service Subscription |
| zoom | zoom | Zoom Communications Platform |
| zscaler | deception | Zscaler Deception |
| zscaler | zia | Zscaler Internet Access |
| zscaler | zpa | Zscaler Private Access |