Abnormal SecurityAbnormal Security Cloud Collector | AnomaliAnomali Cloud Collector | AWS CloudTrail (via S3) AWS CloudTrail (via S3) Cloud Collector | AWS CloudWatchAWS CloudWatch Cloud Collector | AWS CloudWatch AlarmsAWS CloudWatch Alarms Cloud Collector |
AWS GuardDutyAWS GuardDuty Cloud Collector | AWS S3 AWS S3 Cloud Collector | AWS Security LakeAWS Security Lake Cloud Collector | AWS SQS AWS SQS Cloud Collector | Azure Activity Logs Azure Activity Logs Cloud Collector |
Azure Blob StorageAzure Blob Storage Cloud Collector | Azure Event HubAzure Event Hub Cloud Collector | Azure Log Analytics Azure Log Analytics Cloud Collector | Azure Storage Analytics Azure Storage Analytics Cloud Collector | Azure Virtual Network FlowAzure Virtual Network Flow Cloud Collector |
BoxBox Cloud Collector | Broadcom Carbon BlackBroadcom Carbon Black Cloud Collector | CatoCato Networks Cloud Collector | | |
ChatGPTChatGPT Enterprise Cloud Collector | Cisco MerakiCisco Meraki Cloud Collector | Cisco Secure EndpointCisco Secure Endpoint Cloud Collector | | |
Cisco UmbrellaCisco Umbrella Cloud Collector | CloudflareCloudflare Cloud Collector | Cribl Cribl Cloud Collector | | |
CrowdStrike ContextCrowdStrike Context Cloud Collector | Crowdstrike Falcon (via API) CrowdStrike Falcon (via API) Cloud Collector | Crowdstrike Falcon (via FDR) CrowdStrike Falcon (via FDR) Cloud Collector | Cylance Protect (now Arctic Wolf)Cylance Protect (now Arctic Wolf) Cloud Collector | DataBahnDataBahn Cloud Collector |
Duo Cisco Duo Cloud Collector | DropboxDropbox Cloud Collector | GCP Cloud LoggingGCP Cloud Logging Cloud Collector | GCP Pub/Sub GCP Pub/Sub Cloud Collector | GCP Security Command CenterGCP Security Command Center Cloud Collector |
Gemini EnterpriseGemini Enterprise Cloud Collector | GitHubGitHub Cloud Collector | Gmail BigQueryGmail BigQuery Cloud Collector | | |
| Google WorkspaceGoogle Workspace Cloud Collector | LastPassLastPass Cloud Collector | Microsoft 365 Exchange Admin Reports Microsoft 365 Exchange Admin Reports Cloud Collector | Microsoft 365 Management Activity Microsoft 365 Management Activity Cloud Collector |
Microsoft Defender XDR Microsoft Defender XDR (via Azure Event Hub) Cloud Collector | Microsoft Entra ID Context Microsoft Entra ID Context Cloud Collector | Microsoft Entra ID Logs Microsoft Entra ID Logs Cloud Collector | Microsoft Security Alerts Microsoft Security Alerts Cloud Collector | Microsoft Sentinel Microsoft Sentinel (via Event Hub) Cloud Collector |
MimecastMimecast Cloud Collector | Netskope Alerts Netskope Alerts Cloud Collector | Netskope Events Netskope Events Cloud Collector | OktaOkta Cloud Collector | Okta Context Okta Context Cloud Collector |
Palo Alto Networks XDRPalo Alto Networks XDR Cloud Collector | | | | |
Palo Alto Networks Cortex Data Lake Configure the Palo Alto Networks Cortex Data Lake Cloud Collector | Progress ShareFileProgress ShareFile Cloud Collector | Proofpoint On-Demand Proofpoint On-Demand Cloud Collector | Proofpoint Targeted Attack Protection Proofpoint Targeted Attack Protection Cloud Collector | QualysQualys Cloud Collector |
Recorded Future ContextRecorded Future Context Cloud Collector | Recorded FutureRecorded Future Cloud Collector | REST APIRest API Cloud Collector | SalesforceSalesforce Cloud Collector | Salesforce EventLogSalesforce EventLog Cloud Collector |
SentinelOneSentinelOne Cloud Collector | SentinelOne Cloud Funnel SentinelOne Cloud Funnel Cloud Collector | ServiceNowServiceNow Cloud Collector | Slack Slack Cloud Collector | SnowflakeSnowflake Cloud Collector |
SophosSophos Central Cloud Collector | Splunk Splunk Cloud Collector | STIX/TAXIISTIX/TAXII Cloud Collector | Symantec Endpoint Security Symantec Endpoint Security Cloud Collector | TenableTenable Cloud Collector |
Trellix Endpoint SecurityTrellix Endpoint Security Cloud Collector | Trend Vision One Trend Vision One Cloud Collector | VectraVectra Cloud Collector | Wiz APIWiz API Cloud Collector | Wiz IssuesWiz Issues Cloud Collector |
ZoomZoom Cloud Collector | | | | |
