Appgate SDP

Overview

Appgate SDP, an industry-leading Zero Trust Network Access (ZTNA) solution.

Zero Trust Network Access (ZTNA) is an IT security solution that provides secure remote access to an organization’s applications, data, and services based on clearly defined access control policies.

Appgate SDP is a cloud-native, unified, API-enabled solution that delivers valuable security, efficiency and user experience benefits. Each user has a one-to-one encrypted network segment to each location where resources have been explicitly granted.

Supported data types

Audit logs

Table name: appgate_audit_logs

Appgate audit logs will typically be used to keep a record of the transactions being performed by the Collective. These typically provide a definitive record of all accesses and administrative actions sufficient for an audit trail to be followed through the system.

Send data to Hunters

Hunters supports the ingestion of Appgate audit logs via an intermediary AWS S3 bucket.

To connect Appgate audit logs:

1. Export your logs using this guide.

2. Ship the logs to an AWS S3 bucket.

3. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Appgate Audit Logs

{"version":2,"timestamp":"2023-01-17T19:12:35.959Z","hostname":"ec2-35-166-99-252.us-west-2.compute.amazonaws.com","daemon":"cz-controllerd","log":{"client_ip":"1.1.1.1","collective_id":"ababababa-ababab-ababa-ababa-ababab","collective_name":"Name","distinguished_name":"CN=1111,CN=user@domain.com,OU=OU","distinguished_name_device_id":"32323232323233","distinguished_name_ou":"distinguished_name_ou","distinguished_name_user":"user@domain.com","entity_id":"aaaaaa-aa-aa-a655-aaaaa","entity_name":"Controller-1","entity_type":"Appliance","event_type":"entity_viewed","id":"04b6aaa6256-aa-aaa-b7f9-aaaa","timestamp":"2023-01-17T19:12:35.958680Z","version":17}}