Citrix Netscaler

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Citrix Netscaler Logs

✅

✅

citrix_netscalar_logs

Text

S3

Citrix Netscaler AppFW Logs

✅

✅

citrix_netscalar_application_firewall_logs

CEF

S3


Overview

imageCitrix NetScaler is an Application Delivery Controller (ADC) created to optimize, manage, and secure network traffic. It analyzes application-specific traffic to distribute, optimize, and protect Layer 4–Layer 7 (L4–L7) network traffic.

Supported data types

Citrix Netscaler Logs

Table name: citrix_netscalar_logs

Syslog messages are generated by the NetScaler appliance to record operational information about the system, including error messages, warning messages, and informational messages. These logs can be forwarded to a centralized syslog server for aggregation and analysis, facilitating network management and monitoring.

Citrix Netscaler AppFW Logs

Table name: citrix_netscalar_application_firewall_logs

NetScaler AppFW is a web application firewall that provides comprehensive security for web applications by protecting them from various types of attacks, including SQL injection and cross-site scripting. It offers advanced features such as application behavior profiling and signature-based detection to ensure robust protection and compliance with security standards.

Send data to Hunters

Hunters supports the integration of Citrix Netscaler logs using an intermediary S3 bucket.

To send data to Hunters:

  1. Contact Citrix support to learn how to route your Citrix Netscaler logs to S3.

  2. Follow this guide to learn how to complete the process.

Expected format

Citrix Netscaler Logs

Logs are expected in text format.

07/27/2022:09:19:59 GMT SERVER 0-PPE-0 : default TCP CONN_DELINK 68288527 0 :  Source IP:PORT - Vserver IP - NatIP IP:PORT - Destination IP:PORT - Delink Time 07/27/2022:09:19:59 GMT - Total_bytes_send 0 - Total_bytes_recv 1650"}
1650

Citrix Netscaler AppFW Logs

Logs are expected in CEF format.

CEF:0|Citrix|NetScaler|NS13.1|APPFW|APPFW_POLICY_HIT|6|src=10.11.8.83 spt=6388 method=POST request=test.com/clientxml/auth/login msg=Application Firewall profile invoked cn1=475386121 cn2=218288882 cs1=Tableau_WAF cs2=PPE0 cs4=ALERT cs5=2024 act=not blocked