TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
BeyondTrust Remote Support | ✅ | ✅ | ✅ | beyondtrust_remote_support_support_session | NDJSON | API |
Overview
Front-end integration of the BeyondTrust API enables customers to integrate Remote Support support sessions with third-party or in-house developed applications to pull report data, issue commands, or automatically save backups of the B Series Appliance's software configuration.
Supported data types
Beyondtrust Remote Support Support Session
Table name: beyondtrust-remote-support-support-session
provides detailed logs for BeyondTrust Remote Support sessions. It includes session metadata (start/end time, duration, participants), endpoint information (OS, IP, hostname), and a full list of session actions such as file transfers, command-shell activity, and permission changes. The API also exposes summary reports and optional links to session recordings, enabling auditing, compliance, and analytics use cases.
Learn more here.
Send data to Hunters
Hunters supports the ingestion of beyondtrust logs via API.
To connect BeyondTrust logs:
Generate client id, and client secret by following this guide.
Once created, go to Hunters portal and onboard the integration by specifying the client id, client secret and the domain.
Expected format
Logs are expected in JSON format.
{ "timestamp": "1764218854", "event_type": "Session Start", "eventName": "Session Start", "deviceHost": "example.org", "sessionId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" }