Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
---|---|---|---|---|---|---|---|
Axis Activity Logs | ✅ | ✅ | axis_activity_logs | NDJSON | S3 |
Overview
Axis Atmos Cloud securely connects any user to any business application or resource, via a centrally managed service.
The Axis audit logs contain various actions made by users, such as ZTNA logs, DNS Requests, SWG events, IPSEC Filtering, etc. Onboarding the logs into Hunters allows ingestion of the data, as well as levaraging the data in various detection and investigation use cases.
Supported data types
Axis Activity Logs
Table name: axis_activity_logs
The Axis audit logs contain various actions made by users, such as ZTNA logs, DNS Requests, SWG events, IPSEC Filtering, etc.
Send data to Hunters
Hunters supports the ingestion of Axis logs via an intermediary AWS S3 bucket.
To connect Axis logs:
Follow this guide by Axis to export the audit logs via a syslog integration, then to S3.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Auth log
Logs are expected in NDJSON format.
{"sessionId":"12345abcdeghij6789jhklm","eventId":"a123brt-2e03-44a8-99e5-9876dfghj","timestamp":"2023-10-20T15:15:48.098Z","applicationId":"34567jh-94a2-41ba-b0b9-rtyu8765","applicationName":"abcd-cdn-som.example.com","applicationProtocol":"Http","applicationAddress":"abcd.som.example.com:80","applicationType":"ManagementDefined","operationSystem":"Mac OS X","geoLocation":"LT","userId":"samlp|example-4c4554a3ce134c9e8e1ca07d88b204f7|user@example.com","username":"user@example.com","userDisplayName":"User","groups":["K-OKTA-APP_abcd"],"identityProviderId":"7caf92b6-52ab-4939-a5a9-9b707603cb81","isBlocked":false,"ruleId":"0d502f27-bab2-4e50-82f3-5558aa0770e5","ruleName":"web_abcd-cdn-example.com","eventType":"Connect","eventDescription":"TCP connection established","additionalData":{"actualApplicationAddress":"abcdcdn.som.example.com:80"},"sourceIp":"111.222.333.44","tenantName":"example","time":"2023-10-20T15:15:48.098Z","tenantId":"234fg6-ecea-4b18-9081-12345sdfg"}