Apache2

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Apache2 HTTP Logs

✅

apache2_http_logs

CSV without header

S3


Overview

imageApache2 is a popular open-source web server software that is used to serve web content on the internet. It is widely used by organizations to host their websites, web applications, and web services. Apache2 is highly configurable and offers a range of features such as support for various scripting languages, SSL/TLS encryption, and virtual hosting.

The logs generated by Apache2 contain information about the requests made to the web server, including the source IP address, the requested URL, the user-agent of the client, and other details. This data can be used for a variety of purposes, such as monitoring web traffic, troubleshooting issues, and analyzing user behavior.

Hunters supports the Integration of Apache2 to the data lake. Moreover, the data source is used in the Hunters pipeline for detection and investigation related to HTTP requests to relevant appliances in the organization's network.

Supported data types

Apache2 Http logs (also named Linux HTTPD Logs)

Table name: apache2_http_logs

Web requests related information. Can be found on each linux machine that has HTTPD service running under /var/log/apache2 or /var/log/httpd.

Send data to Hunters

Hunters supports the ingestion of Apache2 Http logs via an intermediary AWS S3 bucket.

To connect Apache2 Http logs:

  1. Export your logs from Apache2 to an AWS S3 bucket.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

The logs should be stored in the bucket in csv format without a header, delimited by a space.

10.1.1.2 - - [16/Feb/2023:13:39:37 +0000] \"GET /blah/tt/some1.tt HTTP/1.0\" 404 28842 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\" 151481
10.2.3.4 - - [16/Feb/2023:13:39:42 +0000] \"GET /what/rr/nothing.di HTTP/1.0\" 404 28842 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\" 151481
10.1.1.9 - - [16/Feb/2023:14:14:34 +0000] \"GET /blah/test-test?oppID=99999999 HTTP/1.1\" 200 111283 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\" 151481