Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
---|---|---|---|---|---|---|---|
Cisco Anyconnect VPN Authentication Logs | ✅ | ✅ | cisco_anyconnect_vpn_authentication_logs | Key value | S3 |
Overview
This article details how to ingest logs from Cisco VPN into Hunters.
Cisco AnyConnect Secure Mobility Client is used for secure access to the enterprise network from any device while protecting the organization.
Supported data types
Cisco Anyconnect VPN Authentication Logs
Table name: cisco_anyconnect_vpn_authentication_logs
The authentication logs from Cisco AnyConnect VPN are crucial for monitoring who is accessing the network, when, and how, thus ensuring that only authorized users can connect.
Learn more here.
Send data to Hunters
Hunters supports the ingestion of Cisco AnyConnect VPN logs via an intermediary AWS S3 bucket.
To connect Cisco AnyConnect VPN logs:
Export your logs from Cisco AnyConnect to an AWS S3 bucket by following this guide.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in key value format.
Sep 18 15:01:28 host 1695042087:Acct-Session-Id="308",Acct-Status-Type=Start,User-Name="k.m@abc.com",Alias="",NAS-IP-Addr=88.200.108.100,NAS-Identifier="cvpn-certs",Calling-Station-Id="5.10.100.100",Framed-IP-Address=10.100.201.103,Tunnel-Client-Endpoint=12.21.100.200,Class="AP-CVPN",Acct-Terminate-Cause="",Acct-Session-Time=,Acct-Input-Octets=,Acct-Output-Octets=,Tunnel-Group="AP-CVPN"
Sep 18 15:01:50 host 1695042110:Acct-Session-Id="440",Acct-Status-Type=Start,User-Name="jp@abc.com",Alias="",NAS-IP-Addr=31.100.10.100,NAS-Identifier="cvpn-certs",Calling-Station-Id="31.100.100.100",Framed-IP-Address=10.00.121.100,Tunnel-Client-Endpoint=255.255.100.10,Class="AP-CVPN",Acct-Terminate-Cause="",Acct-Session-Time=,Acct-Input-Octets=,Acct-Output-Octets=,Tunnel-Group="AP-CVPN"