Armis

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Armis Alerts

✅

✅

armis_alerts

NDJSON

API


Overview

imageArmis is a cybersecurity company that specializes in providing comprehensive visibility and security for unmanaged and IoT devices. Their platform continuously monitors all connected devices within an organization's network, including IT, OT, and IoT assets, to detect and assess risks in real-time. By identifying vulnerabilities and unusual behavior, Armis helps prevent cyber threats, automates response actions, and ensures compliance with security policies, thereby safeguarding critical infrastructure and sensitive data across various industries.

Supported data types

Armis Alerts

Table name: armis_alerts

Armis Alerts are real-time notifications generated by the Armis platform to inform security teams about potential threats and vulnerabilities within an organization's network. These alerts provide detailed information about suspicious or malicious activities detected across managed and unmanaged devices, including IoT and OT assets. By offering contextual insights and prioritizing alerts based on risk levels, Armis Alerts enable swift and informed responses to security incidents, helping organizations mitigate risks and protect their critical infrastructure and data effectively.

Send data to Hunters

Hunters supports API collection for Armis Alerts.

To connect Armis Alerts to Hunters:

  1. Log into the Armis application.

  2. Navigate to Settings > API Management on your Armis application.

  3. Create a new API secret key if you haven't created one yet by clicking the Create button from the API Management page.

  4. Click Show to view the secret key.
    A popup window will be displayed.

  5. Copy and paste the secret key in a safe location.

  6. Complete the process on the Hunters platform, following this guide.

Expected format

Logs are expected in JSON format.

{
    "data": {
        "count": 1,
        "next": 1,
        "prev": null,
        "results": [
            {
                "activityUUIDs": [
                    "PLGGeY4BAAAAAGdeXazH"
                ],
                "affectedDevicesCount": 1,
                "alertId": 14546,
                "classification": "Security - Other",
                "connectionIds": [],
                "description": "Tenable.io Managed Devices without EPP/EDR.",
                "deviceIds": [
                    137
                ],
                "policyId": "25656",
                "policyLabels": [
                    "tenable_io",
                    "value_pack"
                ],
                "policyTitle": "New Tenable.io Devices Not Scanned in three Months and without EPP/EDR Agent.",
                "severity": "Medium",
                "status": "Unhandled",
                "statusChangeTime": "2024-03-26T06:50:32.774793+00:00",
                "time": "2024-03-26T06:50:32.774793+00:00",
                "title": "New Tenable.io Devices Not Scanned in three Months and without EPP/EDR Agent.",
                "type": "System Policy Violation"
            }
        ],
        "total": 182
    },
    "success": true
}