Aviatrix

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Aviatrix System Logs (syslogs)

✅

✅

aviatrix_system_logs

Text

S3

Aviatrix Auth Logs (auth.log)

✅

aviatrix_auth_logs

Text

S3


Overview

imageAviatrix is a next-generation, multi-cloud networking and security platform that simplifies the management, visibility, and control of cloud networks. As a cloud-native solution, it fits into the category of Software-Defined Networking (SDN) in the cybersecurity landscape. This advanced platform enables organizations to effortlessly deploy and manage their network infrastructure across multiple cloud environments such as AWS, Azure, Google Cloud Platform, and Oracle Cloud Infrastructure.

The Aviatrix product is specifically designed to address the challenges associated with traditional networking solutions, which often struggle to keep pace with the dynamic and scalable nature of cloud computing. It does so by providing a centralized management console, automation capabilities, and advanced security features.

Supported data types

Hunters supports Aviatrix up to version 6.9, the Aviatrix Controller and Gateway components. Hunters ingests these logs and they can be accessed via the data lake.

Aviatrix System Logs (syslogs)

Table name: aviatrix_system_logs

Provides detailed information about network activity and events within the Aviatrix cloud networking platform, such as VPN connections, network topology changes, and security policy updates.

Aviatrix Auth Logs (auth.log)

Table name: aviatrix_auth_logs

Provide detailed information about user authentication and authorization activities within the Aviatrix cloud networking platform.

Both the Controller and Gateway provide Syslogs and Authlogs (Linux auth.log), which can be viewed and analyzed for better understanding of your cloud networking infrastructure. In addition to standard information on syslog, Aviatrix also provides capability for user VPN connections, VPN user TCP sessions, security rule violation statistics, Gateway stats and FQDN filter violations. Further information regarding these logs can be found here.

Send data to Hunters

Hunters supports the ingestion of Aviatrix logs via an intermediary AWS S3 bucket.

To connect Aviatrix logs:

  1. Consult with Aviatrix support on how to route logs into an AWS S3 bucket.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Auth log

"Mar 27 12:22:47 Controller-10.20.30.140 auth.log 2023-03-27T12:22:44.136411+00:00 Controller-Controller-10.20.30.140 sudo: pam_unix(sudo:session): session closed for user root"

System log

"Apr  3 23:41:04 Controller-172.0.0.101 syslog 2023-04-03T23:41:04.666543+00:00 Controller-Controller-172.0.0.101 /perfmon: AviatrixGwNetStats: timestamp=2023-04-03T23:41:04.634409 name=controller public_ip=11.12.13.14 private_ip=172.2.3.4 interface=eth0 total_rx_rate=33.68Kb total_tx_rate=64.6Kb total_rx_tx_rate=98.28Kb total_rx_cum=237.47GB total_tx_cum=435.6GB total_rx_tx_cum=673.07GB conntrack_count=91"
"Apr  2 23:59:58 GW-gw1-1.12.11.98 syslog 2023-04-02T23:59:58.010498+00:00 GW-gw1-1.12.11.98 kernel: [59461141.147644] AviatrixFilter MATCH ACCEPT: IN=eth0 OUT=eth0 MAC=ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff SRC=172.1.2.3 DST=3.2.1.9 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=42770 DF PROTO=TCP SPT=38064 DPT=389 WINDOW=26883 RES=0x00 SYN URGP=0"