Acalvio

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Acalvio Shadowplex Deception Incidents

✅

acalvio_shadowplex_deception_incidents

CEF

S3


Overview

image.png

Acalvio ShadowPlex Advanced Threat Defense (ATD) provides early detection of cyber threats with precision and speed leveraging breakthrough Deception Technology and advanced AI.

Integrating the Acalvio ShadowPlex product to Hunters allows ingestion of your data, as well as leveraging it to various custom security use cases.

Supported data types

Acalvio Shadowplex Deception Incidents

Table name: acalvio_shadowplex_deception_incidents

Acalvio Shadowplex Deception Incidents are events logged by Acalvio in CEF format.

Send data to Hunters

Hunters supports the ingestion of Acalvio logs via an intermediary AWS S3 bucket.

To connect Acalvio logs:

  1. Follow this guide to export logs out of Acalvio.

  2. Ship the logs to an AWS S3 bucket.

  3. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in CEF format.

Acalvio Shadowplex Deception Incidents

<110>Sep 28 11:12:41 11.100.10.10 CEF:0|Acalvio|ShadowPlex|2023.1.2.3|22|Discovery|4|customer_id=123321123321123321 customer_display_name=cust cat="Discovery" subCat="Scan Detected" sev=4 externalId=https://11.12.23.24/#/data/test/details?jobID=68hnjsx7-e7d7-4ae0-1234-tyy08be34a start="Sep 28 2023 11:12:10.000 UTC" rt="Sep 28 2023 10:59:43.000 UTC" cs2Label=subnet cs2=122.10.110.0/14 src=122.10.110.114 dst=122.10.110.255 scanDir=horizontal scanNumHosts=3 cs37Label=domain cs37=Testing cs48Label=scanType cs48=ABC_SCAN