Supported integrations for log forwarding
Arctic Wolf® supports integrations for log forwarding from cloud sources and other syslog sources.
Arctic Wolf can ingest logs from a wide array of log sources, but may not have rulesets or parsing available for all sources. Reach out to your Concierge Security® Team (CST) to determine if a log source is fully supported.
Cloud Detection and Response integrations
| Vendor | Log source type | Ingestion method |
|---|---|---|
| Abnormal Cloud Email Security® |
|
Third-party API |
| Amazon Web Services (AWS)® |
IaaS |
AWS Ingester |
| Auth0® |
Authentication, identity |
AWN webhook API |
| Box® |
SaaS |
Third-party API |
| Cato SSE 360® |
SASE |
Third-party API |
| Cisco Duo® |
Authentication, identity |
Third-party API |
| Cisco Meraki® |
Network |
Third-party API |
| Cisco Secure Email® |
|
AWS Ingester |
| Cisco Umbrella® |
Network |
Third-party API |
| CyberArk Identity Security Platform® |
SaaS |
Third-party API |
| CrowdStrike Falcon Identity Protection® |
Authentication, identity |
Third-party API |
| CyberArk Privilege Cloud® |
SaaS |
Third-party API |
| Google Cloud Platform (GCP)® |
IaaS |
Third-party API |
| Google Workspace® |
SaaS |
Third-party API |
| iManage Threat Manager® |
SaaS |
Third-party API |
| Microsoft 365® |
Email, SaaS |
Third-party API |
| Microsoft Azure® |
IaaS |
Third-party API |
| Microsoft Defender XDR® |
SaaS |
Third-party API |
| Mimecast® |
|
Third-party API |
| Netskope® |
SASE |
Third-party API |
| Okta® |
Authentication, identity |
Third-party API |
| OneLogin® |
Authentication, identity |
Third-party API |
| Oracle Cloud Guard® |
IaaS |
Third-party API |
| PingOne® |
Authentication, identity |
Third-party API |
| Proofpoint Targeted Attack Protection (TAP)® |
|
Third-party API |
| Salesforce® |
SaaS |
Third-party API |
| Wiz® |
SaaS |
Third-party API |
| Zscaler Internet Access (ZIA)® |
Network |
AWN webhook API, syslog |
Endpoint Detection and Response integrations
| Vendor | Log source type | Ingestion method |
|---|---|---|
| Aurora Endpoint Defense® | Endpoint | AWN webhook API |
| Broadcom Symantec Endpoint Security® | Endpoint | Third-party API |
| Carbon Black Cloud® | Endpoint | Third-party API |
| Cisco Secure Endpoint® | Endpoint | Third-party API |
| CrowdStrike Falcon® | Endpoint | Third-party API |
| ESET® | Endpoint | Third-party API |
| FortiEDR® | Endpoint | Third-party API |
| Palo Alto Networks Cortex® | Endpoint | Third-party API |
| SentinelOne Singularity Endpoint® | Endpoint | Third-party API |
| Sophos Central® | Endpoint | Third-party API |
| Tanium® | Endpoint | Third-party API |
| ThreatDown Nebula® | Endpoint | Third-party API |
| Trend Vision One® | Endpoint | Third-party API |
| Webroot® | Endpoint | Third-party API |
Log sources with syslog support
System logging protocol, or syslog, forwards events and logs to a centralized system to be analyzed. You can configure your syslog server to send the necessary logs to Arctic Wolf® for security monitoring. These events and logs include information about severity levels, timestamps, IP addresses, geolocations, and more. Arctic Wolf only supports select types of log ingestion.
Arctic Wolf supports network log forwarding for these products:
To configure other syslog integrations, see Configure a syslog server to send logs to Arctic Wolf.