Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Aviatrix System Logs (syslogs) | ✅ | ✅ | aviatrix_system_logs | Text | S3 | ||
Aviatrix Auth Logs (auth.log) | ✅ | aviatrix_auth_logs | Text | S3 |
Overview
Aviatrix is a next-generation, multi-cloud networking and security platform that simplifies the management, visibility, and control of cloud networks. As a cloud-native solution, it fits into the category of Software-Defined Networking (SDN) in the cybersecurity landscape. This advanced platform enables organizations to effortlessly deploy and manage their network infrastructure across multiple cloud environments such as AWS, Azure, Google Cloud Platform, and Oracle Cloud Infrastructure.
The Aviatrix product is specifically designed to address the challenges associated with traditional networking solutions, which often struggle to keep pace with the dynamic and scalable nature of cloud computing. It does so by providing a centralized management console, automation capabilities, and advanced security features.
Supported data types
Hunters supports Aviatrix up to version 6.9, the Aviatrix Controller and Gateway components. Hunters ingests these logs and they can be accessed via the data lake.
Aviatrix System Logs (syslogs)
Table name: aviatrix_system_logs
Provides detailed information about network activity and events within the Aviatrix cloud networking platform, such as VPN connections, network topology changes, and security policy updates.
Aviatrix Auth Logs (auth.log)
Table name: aviatrix_auth_logs
Provide detailed information about user authentication and authorization activities within the Aviatrix cloud networking platform.
Both the Controller and Gateway provide Syslogs and Authlogs (Linux auth.log), which can be viewed and analyzed for better understanding of your cloud networking infrastructure. In addition to standard information on syslog, Aviatrix also provides capability for user VPN connections, VPN user TCP sessions, security rule violation statistics, Gateway stats and FQDN filter violations. Further information regarding these logs can be found here.
Send data to Hunters
Hunters supports the ingestion of Aviatrix logs via an intermediary AWS S3 bucket.
To connect Aviatrix logs:
Consult with Aviatrix support on how to route logs into an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Auth log
"Mar 27 12:22:47 Controller-10.20.30.140 auth.log 2023-03-27T12:22:44.136411+00:00 Controller-Controller-10.20.30.140 sudo: pam_unix(sudo:session): session closed for user root"
System log
"Apr 3 23:41:04 Controller-172.0.0.101 syslog 2023-04-03T23:41:04.666543+00:00 Controller-Controller-172.0.0.101 /perfmon: AviatrixGwNetStats: timestamp=2023-04-03T23:41:04.634409 name=controller public_ip=11.12.13.14 private_ip=172.2.3.4 interface=eth0 total_rx_rate=33.68Kb total_tx_rate=64.6Kb total_rx_tx_rate=98.28Kb total_rx_cum=237.47GB total_tx_cum=435.6GB total_rx_tx_cum=673.07GB conntrack_count=91"
"Apr 2 23:59:58 GW-gw1-1.12.11.98 syslog 2023-04-02T23:59:58.010498+00:00 GW-gw1-1.12.11.98 kernel: [59461141.147644] AviatrixFilter MATCH ACCEPT: IN=eth0 OUT=eth0 MAC=ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff SRC=172.1.2.3 DST=3.2.1.9 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=42770 DF PROTO=TCP SPT=38064 DPT=389 WINDOW=26883 RES=0x00 SYN URGP=0"