TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Beyond Identity Event Logs | ✅ | ✅ | ✅ | beyond_identity_event_logs | JSON | S3 |
Overview
Beyond.png?sv=2026-02-06&spr=https&st=2026-06-12T22%3A08%3A35Z&se=2026-06-12T22%3A19%3A35Z&sr=c&sp=r&sig=%2FXw3oVXLIzTQWMS1coanODHPmkrjqaBkhR%2B33ZlMdg4%3D)
Identity is an innovative identity security and access management platform founded by Jim Clark and TJ Jermoluk. It is purpose-built to eliminate passwords and identity-based threats by utilizing cryptographically bound credentials and robust continuous authentication for both users and their devices. Learn more directly on Beyond Identity's official platform.
Supported data types
Beyond Identity Event Logs
Overview:
Beyond Identity event logs provide a comprehensive audit trail of all transactions, authentication attempts, and device activities within the platform. These logs record granular details such as user identity, timestamps, login success or failure, device operating system, IP address, and security posture checks. Organizations can utilize the Beyond Identity Events API or export the logs to SIEM integration to enhance threat detection and compliance auditing.
Table name: beyond_identity_event_logs
Send data to Hunters
Hunters supports ingesting Beyond Identity Event Logs via Webhook.
To connect Beyond Identity Event Logs:
Connect using Webhook
Approach Hunters support to receive the following details:
URL
Bearer Authorization Key
Once received, follow the guides below to configure the webhook:
Expected format
Logs are expected in JSON format:
{"id":"eventid01","timestamp":"2020-01-01T00:00:00.107Z","actor":{"type":"user","display_name":"User One","id":"actorid001","display_id":"user.example.com","tenant_id":"tenant001"},"eventType":"USER_AUTHENTICATION","correlationId":"correlationid001","eventData":{"type_name":"UserAuthentication","certificate":{"type_name":"Certificate","uuid":"certuuid001","fingerprint":"certfingerprint001","status":"ACTIVE"},"client":{"type_name":"Client","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36","referer_host":"app.example.com","auth_origin_host":"login.example.com","source_ip":"10.0.0.1","city":"City One","country":"Country One","geo_display":"City One, State One, Country One","subdivisions":["State One"],"source_ips":["10.0.0.2"],"authenticator_ip":"10.0.0.3"},"user":{"type_name":"User","external_id":"externalid001","email":"user@example.com","status":"ACTIVE","user_display":"User One","user_name":"user.example.com","internal_id":"userid001"},"device_info":{"type_name":"DeviceInfo","authenticator":{"type_name":"Authenticator","app_instance_id":"appinstance001","app_version":"2.0.0"},"platform_device_info":{"type_name":"WindowsDeviceInfo","crowdstrike_agent_id":"crowdstrike001","hardware":{"manufacturer":"Manufacturer One","model":"Model One","serial_number":"serial001"},"os":{"hostname":"host001","domain_name":"domain.example.com","intune_managed_device_id":"intune001","version":{"major":10,"minor":0,"build":"26100","revision":7623,"service_pack":"0.0","is_server":false}},"disks":[{"type_name":"WindowsDisk","name":"C:\\","is_system_drive":true,"is_bitlocker_enabled":true}],"security":{"is_tpm_available":true,"login_provider_guid":"{GUID-001}","login_provider_name":"CredentialProvider","security_software":[{"type_name":"WindowsSecuritySoftware","name":"Windows Firewall","status":"ON"},{"type_name":"WindowsSecuritySoftware","name":"CrowdStrike Falcon Sensor","status":"ON"},{"type_name":"WindowsSecuritySoftware","name":"Microsoft Defender Antivirus","status":"OFF"}]}}},"flow_type":"localhost","geography":{"type_name":"Geography","city":"City One","country":"Country One","geo_display":"City One, State One, Country One","subdivisions":["State One"],"latitude":33.7485,"longitude":-84.3871,"accuracy_radius":20,"metro_code":524,"time_zone":"America/New_York"}},"outcome":"SUCCESS"}