Astrix

  • Published on Aug 25, 2025
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Astrix Security Logs

✅

✅

astrix_security_logs

Json

S3 list / notifications

Overview

Astrix Security is a cybersecurity vendor specializing in the management and protection of non‑human identities (NHIs)—such as service accounts, API keys, OAuth tokens, and AI agents—across cloud-native (SaaS, PaaS, IaaS) and on‑premises environments. The platform offers continuous real‑time discovery of NHIs, risk-based posture management, anomaly and threat detection, and automated remediation workflows, including next‑generation secret scanning and lifecycle governance. Built as an agent‑less, API‑based SaaS solution, Astrix rapidly connects to critical platforms—such as Salesforce, Office 365, GitHub, Snowflake, AWS, GCP, and more—providing holistic visibility into app‑to‑app interactions and third‑party integrations without intrusive monitoring. Trusted by leading enterprises like Figma, NetApp, and Agoda, Astrix empowers security and IAM teams to detect supply‑chain threats, enforce least‑privilege policies, manage NHI lifecycles, and comply with regulatory standards—all while treating NHIs with the same rigor traditionally applied to human identities

Supported data types

Astrix Security Logs

Table name: astrix_security_logs

Astrix Security acts as a specialized security layer for non-human identities, extending the reach of IAM and threat detection to address the unique challenges posed by these often-unmanaged entities.

Send data to Hunters

Hunters supports the ingestion of Astrix logs using an API connection.

Send data to Hunters

Hunters supports the ingestion of Astrix logs using an intermediary S3 bucket.

To send data to Hunters:

  1. Contact Astrix support to learn how to route your Security logs to S3.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Hunters expects Astrix Security logs to be in json format. The following is an example of a typical log line:

{
  "source": "Astrix Security",
  "event-type": "issue_created",
  "timestamp": "2025-07-29T17:23:05.349Z",
  "event-version": "0.1.3",
  "data": {
    "account": {
      "platform": "github",
      "account": "org_7f3a2d"
    },
    "integration": {
      "id": "a9c0a0f1d2e3f4a5b6c7d8e9f00112233445566778899aabbccddeeff0011223",
      "is-installed": true,
      "astrix-link": "https://org-7f3a2d.anon.example/platforms/github?filters-integration=%7B%22id%22:%7B%22_in%22:%5B%22000000000%22%5D%7D%7D&integration=a9c0a0f1d2e3f4a5b6c7d8e9f00112233445566778899aabbccddeeff0011223&referer=webhook_notifier",
      "name": "integration-0001",
      "platform": "github",
      "status": "pending_review",
      "risk": "Medium",
      "usage": "High",
      "scopes": [],
      "exposure": "High",
      "installation-time": "2025-07-28T20:40:02+00:00",
      "instances": 1,
      "integration-types": [
        "ssh_key"
      ],
      "is-organization-installation": false,
      "is-internal": true,
      "is-published": false,
      "last-api-access": "2025-07-28T20:38:42+00:00",
      "owner": {
        "email": "user0001@anon.example",
        "name": "user_0001",
        "role": "vip"
      },
      "comment": null,
      "supplier": null,
      "users": {
        "total-users": 1,
        "active-users": 1,
        "users": [
          {
            "id": "user_0001",
            "email": "user0001@anon.example",
            "is_active": true,
            "name": "user_0001",
            "role": "VIP",
            "installation_timestamp": "2025-07-29T03:46:57.022"
          }
        ]
      },
      "risk_breakdown": {
        "exposure_level": "High",
        "likelihood_level": "Medium",
        "installed_by_admin": false,
        "installed_by_vip_user": true,
        "installed_by_critical_mass": "No",
        "permissions_sensitivity": "High",
        "resources_sensitivity": "Unclassified",
        "maintenance_level": "Partially Improper",
        "threat_analysis": "Not Detected",
        "reputation_indicator": "Internal"
      },
      "comments": [],
      "role_resource_subscription": [
        null
      ],
      "role_resource": [],
      "user_tags": []
    },
    "issue": {
      "issue-type": "Installed Users",
      "finding": "Installed by a VIP",
      "create-time": "2025-07-29T17:10:41.784Z",
      "astrix-link": "https://org-7f3a2d.anon.example/platforms/github?filters-integration=%7B%22id%22:%7B%22_in%22:%5B%22000000000%22%5D%7D%7D&integration=a9c0a0f1d2e3f4a5b6c7d8e9f00112233445566778899aabbccddeeff0011223&referer=webhook_notifier",
      "severity": "Low",
      "description": "The integration has been installed by a VIP user",
      "remediation": {
        "name": "Revoke Tokens of VIP Users",
        "description": null,
        "link": null
      },
      "state": "Open",
      "comment": null,
      "integration-users": {
        "total-users": 1,
        "active-users": 1,
        "users": [
          {
            "id": "user_0001",
            "email": "user0001@anon.example",
            "is_active": true,
            "name": "user_0001",
            "role": "VIP",
            "installation_timestamp": "2025-07-29T03:46:57.022"
          }
        ]
      },
      "extra-info": {}
    }
  }
}