Cloud Collectors Features Introduced in 2025
March 2025
The following features were introduced in Cloud Collectors during March 2025:
Feature | Description |
|---|---|
Mimecast Cloud Collector | The Mimecast Cloud Collector is now available as part of Cloud Collectors to facilitate data collection from the data sources Archive Search Logs, TTP Attachment Protection Logs, TTP Impersonation Protect Logs, TTP URL Logs, SIEM Logs, Archive Message View Logs, and Audit Events. |
REST API Cloud Collector | The REST API Cloud Collector is now available as part of Cloud Collectors to facilitate data collection from REST API endpoints from a broad range of vendors and products. |
Sophos Cloud Collector | The Sophos Cloud Collector is now available as part of Cloud Collectors to facilitate data collection from the data sources alerts and events. |
Event Exploration on Search via Cloud Collectors | Now with the Open in Search option, you can open the Search application in a new tab to view a prepopulated Search query that displays details of logs related to the selected Cloud Collector instance. You can modify the Search query with parameters and timeframe to filter logs to see details specific to a Collector instance. |
Early Access Collectors | |
Cloudflare Cloud Collector | The Cloudflare Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data collection from the account based and zone based data sources that include Audit logs, HTTP requests, and Gateway DNS events. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Google Workspace Cloud Collector | The Google Workspace Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data collection from the data sources: Admin, Calendar, Drive, Gplus, Groups, Login, Meet, Mobile, Rules, Saml, Token. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
LastPass Cloud Collector | The LastPass Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data ingestion from LastPass report events. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Vectra Cloud Collector | The Vectra Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data ingestion from the data sources Audit Log Events, and Detections. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
STIX/TAXII Cloud Collector | The STIX/TAXII Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate threat intelligence data collection from external sources that support the STIX/TAXII framework. You can opt to collect data about either IP addresses or domains. You can also opt to automatically generate a corresponding context table in the Context Management application that will process the data and map it to a standardized set of attributes. The context table will have the same name as the cloud collector. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Recorded Future Context Cloud Collector | The Recorded Future Context Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate threat intelligence data collection from a Recorded Future Context source that supports the STIX/TAXII framework. You can opt to collect data about either IP addresses or domains. You can also opt to automatically generate a corresponding STIX/TAXII context table in the Context Management application that will process the data and map it to a standardized set of attributes. The context table will have the same name as the cloud collector. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
February 2025
The following features were introduced in Cloud Collectors during February 2025:
Feature | Description |
|---|---|
Cisco Meraki Cloud Collector | The Cisco Meraki Cloud Collector is now available as part of Cloud Collectors to facilitate data collection from security events, alerts, configuration changes, and networks from Cisco Meraki APIs. |
Mimecast Cloud Collector | The Mimecast Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data collection from the data sources Archive Search Logs, TTP Attachment Protection Logs, TTP Impersonation Protect Logs, TTP URL Logs, SIEM Logs, Archive Message View Logs, and Audit Events.. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
REST API Cloud Collector | The REST API Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data collection from REST API endpoints from a broad range of vendors and products. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Sophos Cloud Collector | The Sophos Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data collection from the data sources alerts and events. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
January 2025
The following features were introduced in Cloud Collectors during January 2025:
Feature | Description |
|---|---|
Box Cloud Collector | The Box Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of user events and enterprise events from Box. |
Cisco Meraki Cloud Collector | The Cisco Meraki Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data collection from security events, alerts, configuration changes, and networks from Cisco Meraki APIs. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |
Recorded Future Cloud Collector | The Recorded Future Cloud Collector is now available as part of Cloud Collectors to facilitate ingestion of API Alerts. |
ServiceNow Cloud Collector | The ServiceNow Cloud Collector is now available as part of Cloud Collectors Early Access program to facilitate data ingestion from the data sources Sys Audit Role, Sys Attachment, Change Request, Change Task, Sys Audit, Sys Event, Syslog Transaction, Report View, Event, Request, Task, Incident, Interaction, and Problem. The early access program offers you an opportunity to gain access to the latest cloud collectors before their official release. To participate, see Sign Up for the Early Access Program. |