Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
---|---|---|---|---|---|---|---|
Apache2 HTTP Logs | ✅ | apache2_http_logs | CSV without header | S3 |
Overview
Apache2 is a popular open-source web server software that is used to serve web content on the internet. It is widely used by organizations to host their websites, web applications, and web services. Apache2 is highly configurable and offers a range of features such as support for various scripting languages, SSL/TLS encryption, and virtual hosting.
The logs generated by Apache2 contain information about the requests made to the web server, including the source IP address, the requested URL, the user-agent of the client, and other details. This data can be used for a variety of purposes, such as monitoring web traffic, troubleshooting issues, and analyzing user behavior.
Hunters supports the Integration of Apache2 to the data lake. Moreover, the data source is used in the Hunters pipeline for detection and investigation related to HTTP requests to relevant appliances in the organization's network.
Supported data types
Apache2 Http logs (also named Linux HTTPD Logs)
Table name: apache2_http_logs
Web requests related information. Can be found on each linux machine that has HTTPD service running under /var/log/apache2
or /var/log/httpd
.
Send data to Hunters
Hunters supports the ingestion of Apache2 Http logs via an intermediary AWS S3 bucket.
To connect Apache2 Http logs:
Export your logs from Apache2 to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
The logs should be stored in the bucket in csv format without a header, delimited by a space.
10.1.1.2 - - [16/Feb/2023:13:39:37 +0000] \"GET /blah/tt/some1.tt HTTP/1.0\" 404 28842 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\" 151481
10.2.3.4 - - [16/Feb/2023:13:39:42 +0000] \"GET /what/rr/nothing.di HTTP/1.0\" 404 28842 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\" 151481
10.1.1.9 - - [16/Feb/2023:14:14:34 +0000] \"GET /blah/test-test?oppID=99999999 HTTP/1.1\" 200 111283 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\" 151481