3.0 Event Sources

Sentinel supports a wide variety of endpoint event sources that can deliver security and operational events to Sentinel for processing along with other types of contextual data using modular, pluggable components. Sentinel provides both agents and agent-less options. For more information about the specific endpoints monitored by these agents, follow the links below.

Module/Plug-in	Compatible Versions and Endpoints
Security Agent for UNIX	Security Agent for UNIX 7.7 Security Agent for UNIX 7.6.4.1 Security Agent for UNIX 7.6.4 Security Agent for UNIX 7.6.3 Security Agent for UNIX 7.6.2 Security Agent for UNIX 7.6.1 Security Agent for UNIX 7.6
Windows Agent (available via Sentinel Agent Manager)	Microsoft Windows Server 2022 Microsoft Windows Server 2019 Microsoft Windows Server 2016 Microsoft Windows Server 2012 R2 Microsoft Windows Server 2012 Microsoft Windows 10, Version 21H2 Microsoft Windows 10, Version 21H1 Microsoft Windows 10
Agentless data collection	Sentinel Collectors
ArcSight SmartConnectors	AirMagnet Enterprise Syslog Amazon Web Services CloudTrail ArcSight CEF Cisco FireSIGHT Syslog ArcSight Common Event Format Hadoop Barracuda Email Security Gateway Syslog Box HPE Aruba Mobility Controller Syslog IP Flow (Netflow/J-Flow) IP Flow Information Export (IPFIX) Kaspersky DB Microsoft Office 365 sFlow Vormetric CoreGuard Syslog Microsoft DHCP File SNMP Unified Microsoft DNS DGA Trace Log Multiple Server File MS DNS Trace Log Multiple Server File Bluecoat Proxy SG Multiple Server File Bluecoat Proxy SG Syslog Vmware ESXi Server Syslog Symantec Endpoint Protection Syslog Juniper Firewall Screen-OS Syslog Juniper IDP Series Syslog Juniper Network and Sec Mg Syslog Check Point Syslog Cisco Secure ACS Syslog Cisco Wireless LAN Controller Syslog Cisco ASA Syslog