Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
---|---|---|---|---|---|---|---|
Appgate Audit Logs | ✅ | ✅ | appgate_audit_logs | NDJSON | S3 |
Overview
Appgate SDP, an industry-leading Zero Trust Network Access (ZTNA) solution.
Zero Trust Network Access (ZTNA) is an IT security solution that provides secure remote access to an organization’s applications, data, and services based on clearly defined access control policies.
Appgate SDP is a cloud-native, unified, API-enabled solution that delivers valuable security, efficiency and user experience benefits. Each user has a one-to-one encrypted network segment to each location where resources have been explicitly granted.
Supported data types
Audit logs
Table name: appgate_audit_logs
Appgate audit logs will typically be used to keep a record of the transactions being performed by the Collective. These typically provide a definitive record of all accesses and administrative actions sufficient for an audit trail to be followed through the system.
Send data to Hunters
Hunters supports the ingestion of Appgate audit logs via an intermediary AWS S3 bucket.
To connect Appgate audit logs:
Export your logs using this guide.
Ship the logs to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Appgate Audit Logs
{"version":2,"timestamp":"2023-01-17T19:12:35.959Z","hostname":"ec2-35-166-99-252.us-west-2.compute.amazonaws.com","daemon":"cz-controllerd","log":{"client_ip":"1.1.1.1","collective_id":"ababababa-ababab-ababa-ababa-ababab","collective_name":"Name","distinguished_name":"CN=1111,CN=user@domain.com,OU=OU","distinguished_name_device_id":"32323232323233","distinguished_name_ou":"distinguished_name_ou","distinguished_name_user":"user@domain.com","entity_id":"aaaaaa-aa-aa-a655-aaaaa","entity_name":"Controller-1","entity_type":"Appliance","event_type":"entity_viewed","id":"04b6aaa6256-aa-aaa-b7f9-aaaa","timestamp":"2023-01-17T19:12:35.958680Z","version":17}}