Log Sources

below is a list of all the log sources supported by empow with the relevant log collection method per plugin. For API pull method there are 3 different values in the table:

  • Elastic – one or more of the Logstash Input Plugins supported by Elastic is being used. For instance s3-sns-sqs is a plugin reads logs from AWS S3 buckets using sqs. Click here to see full input plugins library.
  • 3rd party plugin – 3rd party script/s is being used, might be ones provided by the vendor or any other community resource. Those plugins packed in a container and monitored as part of the cluster.
  • empow’s API – API developed by empow according to vendor documentation and system requirements.


# Vendor Product Collection Method
1 AWS CloudTrail API
2 AWS AWS CloudWatch API
3 BIND BIND Syslog
4 Bitdefender GravityZone Elite Security API
5 Barracuda WAF-as-a-service Syslog
6 CarbonBlack CB Defense Syslog
7 Cylance CylancePROTECT Syslog
8 Cybereason EDR API
9 CrowdStrike Falcon API
10 Cimcor CimTrak Syslog
11 Cisco ASA Syslog
12 Cisco Meraki Syslog
13 Cisco Cisco Umbrella (OpenDNS) Syslog
14 Cisco Firepower Threat Defense Syslog
15 Cisco ISE Syslog
16 CheckPoint SmartDefense IPS Syslog
17 CheckPoint SandBlast Syslog
18 CheckPoint Firewall Syslog
19 Darktrace Enterprise Immune System Syslog
20 Duo Multi-Factor Authentication Syslog
21 ESET AV Syslog
22 ForgeRock OpenDJ Directory Server Syslog
23 Fortinet FortiGuard Antivirus Syslog
24 Fortinet Fortigate IDS Syslog
25 Fortinet Fortigate NGFW Syslog
26 ForcePoint Web Syslog
27 ForcePoint DLP Syslog
28 Forescout NAC Syslog
29 FireEye NX Series (Network) Syslog
30 F5 BIG-IP ASM Syslog
31 F-Secure Protection Service For Business API
32 Imperva SecureSphere Syslog
33 Juniper Networks SRX Syslog
34 Kaspersky Anti-Targeted Attack Platform (KATA) Syslog
35 Kaspersky Secure Mail Gateway (KSMG) Syslog
36 Kaspersky Web Traffic Security Syslog
37 Lastline Enterprise Syslog
38 Mimecast Targeted Threat Protection Syslog
39 Microsoft Azure Active Directory API
40 Microsoft Azure Application Gateway API
41 Microsoft Azure Security Center API
42 Microsoft O365 ATP API
43 Microsoft Windows Security Auditing Syslog
44 McAfee Endpoint Security (EPO) Syslog
45 McAfee Network Security Platform Syslog
46 Netskope CASB API
47 Nokia NetGuard Endpoint Security NIDS Syslog
48 Proofpoint Email Protection API
49 Palo Alto GlobalProtect Syslog
50 Palo Alto Wildfire Malware Analysis Syslog
51 Palo Alto NG Firewall Syslog
52 Palo Alto Threat Prevention IDS Syslog
53 Postfix Mail Transfer Agent Syslog
54 PulseSecure Secure Remote Access Syslog
55 Radware DefensePro Syslog
56 Sentinel One Singularity Syslog
57 Squid SquidCache Syslog
58 Symantec Email Security (SMG) Syslog
59 Symantec Web Isolation (Fireglass) Syslog
60 Symantec Endpoint Protection (SEP) Syslog
61 Sophos XG Firewall Network Protection API
62 Sophos Intercept X API
63 Sophos AntiVirus API
64 Sophos XG330 IDS API
65 Snort Snort Syslog
66 Suricata Suricata Syslog
67 Trend Micro Deep Security Syslog
68 Trend Micro Office Scan Syslog
69 TRAP-X Security DeceptionGrid Syslog
70 Tanium Tanium Protect Syslog
71 Wazuh Wazuh Syslog
72 Zscaler Private Access (ZPA) Syslog
73 Zscaler Internet Access (ZIA) Syslog

Reputation Feeds

# Vendor Product Indicator DB
1 Webroot BrightCloud
  • URLs
  • Domains
2 Anomali ThreatStream
  • URLs
  • Domains
3 Intsight TIP
  • URLs
  • Domains
  • IPs

Response & Enrichment

# Vendor Product Actions
1 Microsoft Windows Active Directory
  • Disable User Account
  • Enable User Account
  • Get User Information
  • List User Groups
  • Reset Password
  • Set New Password
  • Force Change Password Next Sign-in
2 Microsoft Azure Active Directory
  • Disable User Account
  • Enable User Account
  • Get User Information
  • List User Groups
  • Reset Password
  • Set New Password
  • Force Change Password Next Sign-in
3 Microsoft O365 ATP
  • Delete Emails by Sender
  • Delete Emails by Message ID
  • Block Indicators (File, IP, URL)
4 Microsoft Exchange Server
  • Delete Emails by Sender
  • Delete Emails by Message ID
5 Fortinet FortiGate NGFW
  • Block IP
  • Block URL/Domain
  • Unblock IP
  • UnBlock URL
6 Palo Alto NG Firewall
  • Block IP
  • Unblock IP
7 Cisco ASA
  • Block IP
  • Unblock IP
8 Cybereason EDR
  • Isolate Host
  • Kill Process
  • Send Email
10 The Hive Ticketing
  • Open Ticket
  • Update Ticket
10 Okta Ticketing
  • Open Ticket
  • Update Ticket