Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Breez Security Logs | ✅ | ✅ | ✅ | breez_security_logs | NDJSON | S3-LIST |
Overview
This article explains how to connect your Breez Security Logs.
Breez is an advanced security telemetry platform designed to simplify the collection and normalization of data from diverse sources, including endpoints, identity systems, cloud infrastructure, and business applications. It delivers a structured and enriched view of security activity, enabling teams to detect anomalies, investigate incidents, and respond more quickly and precisely.
The Breez Security Logs serve as a dependable foundation for in-depth analysis and proactive threat hunting. By prioritizing context, clarity, and interoperability, Breez empowers modern security operations teams to transform raw telemetry into actionable intelligence.
Identity Threat Detection and Response - Breez Security
Supported data types
Breez Security Logs
Overview
Table name: breez_security_logs
Breez Security is an Identity Threat Detection and Response (ITDR) platform focused on real-time identity protection across cloud and SaaS environments. It monitors both human and non-human identities—such as service accounts, bots, API keys, and automation—across providers like AWS, Azure, GCP, Office 365, and Google Workspace.
By building dynamic behavioral fingerprints for each identity, Breez detects anomalies including credential compromise, insider threats, and automation misuse before they escalate. Its agentless telemetry, AI-powered analytics, and identity context enable high-fidelity alerts, rapid investigation timelines, and automated responses to reduce incident response time.
Founded by identity-security experts, Breez delivers streamlined identity-centric workflows that help organizations enforce least privilege, detect spear-phishing, and investigate cloud misconfigurations or supply-chain risks quickly and effectively.
Send data to Hunters
Breez Security Logs
To connect Breez Security Logs :
Please follow these:
📘Note
When performing the last part of the process (Provide information to Hunters), follow these steps:
Navigate to Data > Data Sources, and then click + Connect Data Sources.
Search for Breez and click Connect.
From the side-menu, click + More Integrations and then select PAN VIA S3 LIST → Breez Security Log
.png?sv=2022-11-02&spr=https&st=2025-06-29T23%3A53%3A01Z&se=2025-06-30T00%3A05%3A01Z&sr=c&sp=r&sig=ZmxDIUcDciIGE6zU9P4kmQ%2FPVU%2BVBtn9%2FRy85tPGvKA%3D)
.png?sv=2022-11-02&spr=https&st=2025-06-29T23%3A53%3A01Z&se=2025-06-30T00%3A05%3A01Z&sr=c&sp=r&sig=ZmxDIUcDciIGE6zU9P4kmQ%2FPVU%2BVBtn9%2FRy85tPGvKA%3D)
Expected format
Logs are expected in JSON format.
{
"access_key_id": "ABCED1223465JNKJKKA",
"acknowledgement_details": null,
"acknowledgement_status": "PENDING_ACKNOWLEDGEMENT",
"alert_id": "abcd123-1234-4390-b8f1-123a8vcd",
"alert_snapshot": null,
"alert_status": "OPEN",
"alert_timestamp": "2024-10-12-04-29-53.777566",
"alert_type": "Customer",
"api_name": "DeleteBucket",
"api_status": "Success",
"breez_event_id": "123abcd-0b6a-abcd-b438-abcd121f72",
"breez_event_timestamp": "1728707090087",
"breez_identity_type": "machine",
"breez_timestamp": "2024-10-12-04-29-53.777566",
"client_id": "3a9a08a2-20b1-11ee-8a6f-5a5a58032620",
"cloud_account_id": "240774922464",
"cloud_account_name": "workload-dev-abcd",
"cloud_region": "us-west-2",
"data_source": "AWS",
"details": null,
"error_details": null,
"event_source": "s3.amazonaws.com",
"event_time": "2024-10-12T04:23:51Z",
"geo_data": {
"city": "Dublin",
"country": "Ireland",
"ip": "12.12.1.123",
"latitude": "53.3331",
"longitude": "-6.2489",
"region": "Leinster"
},
"identity_type": "AssumedRole",
"modified_by": null,
"operation": "Delete",
"policy_type": "Data Exfilteration",
"principal_arn": "9876543234",
"priority": "CRITICAL",
"remediation": "",
"remediation_message": "",
"resource": "s3-batch-abc-spotn-sample-partners-assets-112233445566",
"resource_details": [],
"role_arn": "arn:aws:iam::112233445566:role/SpaceLift-Administrator-Access",
"role_chain": "arn:aws:iam::112233445566:role/SpaceLift-Administrator-Access->123456789",
"rule_description": "A S3 bucket was deleted from an unknown location.",
"rule_id": "123abc-abcd-47d3-9390-123456",
"rule_name": "A bucket was deleted from unknown location",
"rule_type": "RULE",
"session_name": "services-samplehandler-1234",
"silent_alerts_dataset": null,
"source_ip_address": "11.21.2.211",
"sub_resources": "NONE",
"user_agent": "[APN/1.0 HashiCorp/1.0 Terraform/1.5.7 (+https://www.terraform.io) terraform-provider-aws/5.71.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.32.2 os/linux lang/go#1.23.2 md/GOOS#linux md/GOARCH#amd64 api/s3#1.65.2]"
}