Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Acalvio Shadowplex Deception Incidents | ✅ | acalvio_shadowplex_deception_incidents | CEF | S3 |
Overview
Acalvio ShadowPlex Advanced Threat Defense (ATD) provides early detection of cyber threats with precision and speed leveraging breakthrough Deception Technology and advanced AI.
Integrating the Acalvio ShadowPlex product to Hunters allows ingestion of your data, as well as leveraging it to various custom security use cases.
Supported data types
Acalvio Shadowplex Deception Incidents
Table name: acalvio_shadowplex_deception_incidents
Acalvio Shadowplex Deception Incidents are events logged by Acalvio in CEF format.
Send data to Hunters
Hunters supports the ingestion of Acalvio logs via an intermediary AWS S3 bucket.
To connect Acalvio logs:
Contact Acalvio to learn how to forward logs from Acalvio to AWS S3.
Ship the logs to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in CEF format.
Acalvio Shadowplex Deception Incidents
<110>Sep 28 11:12:41 11.100.10.10 CEF:0|Acalvio|ShadowPlex|2023.1.2.3|22|Discovery|4|customer_id=123321123321123321 customer_display_name=cust cat="Discovery" subCat="Scan Detected" sev=4 externalId=https://11.12.23.24/#/data/test/details?jobID=68hnjsx7-e7d7-4ae0-1234-tyy08be34a start="Sep 28 2023 11:12:10.000 UTC" rt="Sep 28 2023 10:59:43.000 UTC" cs2Label=subnet cs2=122.10.110.0/14 src=122.10.110.114 dst=122.10.110.255 scanDir=horizontal scanNumHosts=3 cs37Label=domain cs37=Testing cs48Label=scanType cs48=ABC_SCAN