Axis Security

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Axis Activity Logs

✅

✅

axis_activity_logs

NDJSON

S3


Overview

image.pngAxis Atmos Cloud securely connects any user to any business application or resource, via a centrally managed service.

The Axis audit logs contain various actions made by users, such as ZTNA logs, DNS Requests, SWG events, IPSEC Filtering, etc. Onboarding the logs into Hunters allows ingestion of the data, as well as levaraging the data in various detection and investigation use cases.

Supported data types

Axis Activity Logs

Table name: axis_activity_logs

The Axis audit logs contain various actions made by users, such as ZTNA logs, DNS Requests, SWG events, IPSEC Filtering, etc.

Send data to Hunters

Hunters supports the ingestion of Axis logs via an intermediary AWS S3 bucket.

To connect Axis logs:

  1. Follow this guide by Axis to export the audit logs via a syslog integration, then to S3.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Auth log

Logs are expected in NDJSON format.

{"sessionId":"12345abcdeghij6789jhklm","eventId":"a123brt-2e03-44a8-99e5-9876dfghj","timestamp":"2023-10-20T15:15:48.098Z","applicationId":"34567jh-94a2-41ba-b0b9-rtyu8765","applicationName":"abcd-cdn-som.example.com","applicationProtocol":"Http","applicationAddress":"abcd.som.example.com:80","applicationType":"ManagementDefined","operationSystem":"Mac OS X","geoLocation":"LT","userId":"samlp|example-4c4554a3ce134c9e8e1ca07d88b204f7|user@example.com","username":"user@example.com","userDisplayName":"User","groups":["K-OKTA-APP_abcd"],"identityProviderId":"7caf92b6-52ab-4939-a5a9-9b707603cb81","isBlocked":false,"ruleId":"0d502f27-bab2-4e50-82f3-5558aa0770e5","ruleName":"web_abcd-cdn-example.com","eventType":"Connect","eventDescription":"TCP connection established","additionalData":{"actualApplicationAddress":"abcdcdn.som.example.com:80"},"sourceIp":"111.222.333.44","tenantName":"example","time":"2023-10-20T15:15:48.098Z","tenantId":"234fg6-ecea-4b18-9081-12345sdfg"}