DataDog · znbbz · Apr 8, 2026 · Apr 6, 2026 · Apr 6, 2026 · Apr 8, 2026
@@ -60,23 +60,30 @@ These packs are available:
 - [AWS CloudTrail][8]
 - [AWS Elastic Load Balancer Logs][9]
 - [AWS Network Load Balancer Logs][10]
+- [AWS WAF][28]
+- [Check Point][29]
 - [Cisco ASA][11]
+- [Cisco Meraki][30]
 - [Cloudflare][12]
+- [CrowdStrike FDR][31]
 - [F5][13]
 - [Fastly][14]
 - [Fortinet Firewall][15]
 - [HAProxy Ingress][16]
+- [Infoblox][32]
 - [Istio Proxy][17]
 - [Juniper SRX Firewall Traffic Logs][18]
 - [Netskope][19]
 - [NGINX][20]
 - [Okta][21]
 - [Palo Alto Firewall][22]
+- [SentinelOne Cloud Funnel EDR][33]
 - [Windows XML][23]
 - [ZScaler ZIA DNS][24]
 - [Zscaler ZIA Firewall][25]
 - [Zscaler ZIA Tunnel][26]
 - [Zscaler ZIA Web Logs][27]
+- [Zscaler ZPA][34]
 
 ## Setup
 
@@ -125,4 +132,11 @@ To set up packs:
 [24]: /observability_pipelines/packs/zscaler_zia_dns/
 [25]: /observability_pipelines/packs/zscaler_zia_firewall/
 [26]: /observability_pipelines/packs/zscaler_zia_tunnel/
-[27]: /observability_pipelines/packs/zscaler_zia_web_logs/
+[27]: /observability_pipelines/packs/zscaler_zia_web_logs/
+[28]: /observability_pipelines/packs/aws_waf/
+[29]: /observability_pipelines/packs/checkpoint/
+[30]: /observability_pipelines/packs/cisco_meraki/
+[31]: /observability_pipelines/packs/crowdstrike/
+[32]: /observability_pipelines/packs/infoblox/
+[33]: /observability_pipelines/packs/sentinel_one/
+[34]: /observability_pipelines/packs/zscaler_zpa/
@@ -0,0 +1,20 @@
+---
+title: AWS WAF
+description: Learn more about the AWS WAF pack.
+---
+
+## Overview
+
+{{< img src="observability_pipelines/packs/aws_waf.png" alt="The AWS WAF pack" style="width:25%;" >}}
+
+AWS WAF captures AWS WAF logs from CloudWatch, S3, or Firehose.
+
+What this pack does:
+
+- Extracts metrics by action and terminating rule
+- Optionally, drops and samples `ALLOW` logs
+- Drops unused fields, null fields, and redacts credentials
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
@@ -0,0 +1,20 @@
+---
+title: Check Point
+description: Learn more about the Check Point pack.
+---
+
+## Overview
+
+{{< img src="observability_pipelines/packs/checkpoint.png" alt="The Check Point pack" style="width:25%;" >}}
+
+Processes Check Point logs in CEF format, with or without syslog prefix.
+
+What this pack does:
+
+- Parses and renames fields
+- Generates metrics by severity and by event name
+- Drops `Accept` traffic; samples low-severity events
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
@@ -0,0 +1,20 @@
+---
+title: Cisco Meraki
+description: Learn more about the Cisco Meraki pack.
+---
+
+## Overview
+
+{{< img src="observability_pipelines/packs/cisco_meraki.png" alt="The Cisco Meraki pack" style="width:25%;" >}}
+
+Cisco Meraki captures appliance events, flows, VPN firewall, NAT flows, and URL activity.
+
+What this pack does:
+
+- Parses syslog to structured fields
+- Extracts log-type, flow action, and transport metrics
+- Normalizes attributes and samples high-volume events
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
@@ -0,0 +1,20 @@
+---
+title: CrowdStrike FDR
+description: Learn more about the CrowdStrike FDR pack.
+---
+
+## Overview
+
+{{< img src="observability_pipelines/packs/crowdstrike.png" alt="The CrowdStrike FDR pack" style="width:25%;" >}}
+
+Falcon Data Replicator (FDR) provides endpoint detection and response.
+
+What this pack does:
+
+- Drops high-volume, low-signal operational events
+- Drops sensor health and telemetry-only events
+- Drops benign process execution events
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
@@ -0,0 +1,20 @@
+---
+title: Infoblox
+description: Learn more about the Infoblox pack.
+---
+
+## Overview
+
+{{< img src="observability_pipelines/packs/infoblox.png" alt="The Infoblox pack" style="width:25%;" >}}
+
+Infoblox NIOS syslog captures DNS, DHCP, audit, and CEF activity from appliances.
+
+What this pack does:
+
+- Parses logs into structured fields
+- Extracts DNS response code and DHCP event metrics
+- Normalizes request data and samples high-volume events
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
@@ -0,0 +1,20 @@
+---
+title: SentinelOne Cloud Funnel EDR
+description: Learn more about the SentinelOne Cloud Funnel EDR pack.
+---
+
+## Overview
+
+{{< img src="observability_pipelines/packs/sentinel_one.png" alt="The SentinelOne Cloud Funnel EDR pack" style="width:25%;" >}}
+
+SentinelOne Cloud Funnel streams EDR and Deep Visibility events as JSON to cloud storage.
+
+What this pack does:
+
+- Drops low-value types
+- Removes unused fields per event type (DNS, File, Process, Network, Registry, and so on)
+- Optionally, remove counter field
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}
@@ -0,0 +1,20 @@
+---
+title: Zscaler ZPA
+description: Learn more about the Zscaler ZPA pack.
+---
+
+## Overview
+
+{{< img src="observability_pipelines/packs/zscaler_zpa.png" alt="The Zscaler ZPA pack" style="width:25%;" >}}
+
+Zscaler Private Access captures private app access, sessions, and connections.
+
+What this pack does:
+
+- Normalizes ZPA fields, drops null and empty fields, maps key fields
+- Samples successful and Browser Access traffic
+- Tags failed or blocked connections
+
+## Further Reading
+
+{{< partial name="whats-next/whats-next.html" >}}