CyberHaven

  • Updated on Jan 27, 2025
  • Published on May 28, 2023
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Cyberhaven Incidents

✅

✅

cyberhaven_incidents

NDJSON

API

Overview

imageCyberhaven is a security data protection company. Cyberhaven Sentry collects events as data moves throughout your company and can take real-time action to protect your data from theft, misuse, and exposure. They do that by using three deployment modes that together give full visibility and control over data - Cloud API connectors, endpoint agent and a Browser extension.

Integrating Cyberhaven with Hunters will allow collecting and storing the data, as well as triaging Cyberhaven's alerts in the Hunters portal.

Supported data types

Cyberhaven Incidents

Table name: cyberhaven_incidents

Detailed records and analyses that Cyberhaven's platform generates concerning security events. These logs are essential for organizations to understand the specifics of data security incidents.

Send data to Hunters

Hunters supports the collection of logs from Cyberhaven using API.

To connect Cyberhaven logs:

  1. Retrieve the following information from Cyberhaven:

    • API key (you can find it by logging into your Cyberhaven dashboard, and then navigating to Preferences > API token management.)

    • Host  - you Cyberhaven instance's domain, for example 7yy.cyberhaven.io

    • Base64 Credentials - should contain an encoded version of a json with the following format: {"email":"email","password":"password"}. For example: 'eydlbWFpbCc6ICcxMjM0NTZhcGlAY3liZXJoYXZlbi5jb20nLCAncGFzc3dvcmQnOiAnMTIzNGdn\nZy00NTZqamonfQ==\n'

  2. Complete the process on the Hunters platform, following this guide.

Expected format

Logs are expected in JSON format.

{"id": "dd0808e3-1252-480d-881f-e0e50fbb7262", "assignee": "", "resolution_status": "resolved", "severity": "risky", "dataset": {"id": "Abcdefg1234", "name": "Dataset", "query_version": 1, "last_modified": "2023-01-12T19:03:34.010188355Z"}, "category": {"id": "GFGFGFG1234", "name": "Cat Name", "severity": 3, "rule": {"id": "dd0808e3-1252-480d-881f-e0e50fbb7262", "status": "risky", "create_incident": true, "record_screenshots": false, "notify_enabled": false, "notify_status": "on_incident", "notify_email": "", "show_title": false, "show_logo": false, "require_justification": false, "should_ack_warning": false, "allow_request_review": false, "override_enabled": false, "warning_dialog": {}, "blocking_dialog": {}, "blocking_action": null, "incident_action": ""}, "dataset_ids": ["af81de2624c0492693436eca194bd03b"], "exclude_origin": false, "last_modified": "2022-07-20T21:11:53.141672928Z"}, "rule_id": "988837f6-f761-4e13", "outdated_policy": false, "user": "Sam", "file": "filename.pdf", "data": {"path": "Users\\koko\\Downloads\\filename.pdf", "extension": "pdf", "hostname": "macbook-pro.local", "file_size": 7312, "path_components": {"0": "Users", "1": "Sam", "2": "Downloads", "3": "filename2.pdf"}, "path_basename": "filename2.pdf", "domain_components": {"0": "abc.com"}, "domain": "abc.com", "email_account": "sam@abc.com", "content_uri": "", "location": "mail", "location_outline": "sam@abc.com", "raw_id": "80ac-36f62349ed40", "tags_applied": false, "event_type": "attachment_add", "sensor_name": "EndpointSensorOutlook", "local_user_name": "koko", "local_time": "2023-05-02T15:54:51Z", "local_machine_name": "macbook-pro.local", "endpoint_id": "80ac-36f62349ed40", "group_name": ["com.access_ftp"], "data_size": 7312, "local_id": "80ac-36f62349ed40"}, "source_data": {"path": "Users\\koko\\Downloads\\filename.pdf", "extension": "pdf", "url": "url.url/?param=value, "browser_page_title": "Test", "hostname": "macbook-pro.local", "path_components": {"0": "Users", "1": "sam", "2": "Downloads", "3": "filename3.pdf"}, "path_basename": "filename2.pdf", "domain_components": {"0": "domain.com", "1": "app", "2": "5616839"}, "domain": "domain.com", "content_uri": "", "location": "website", "location_outline": "domain.com", "category": ["Other"], "links": ["TEST"], "raw_id": "2a3575ba-e05a-4542-857c-10b5912bf0ec", "tags_applied": false, "event_type": "download", "sensor_name": "EndpointSensorBrowser", "local_user_name": "sam", "local_time": "2023-05-02T15:53:38Z", "local_machine_name": "macbook-pro.local", "endpoint_id": "9cba-cc8ad61a122f", "group_name": ["com.access_ftp"], "local_id": "TEST"}, "personal_info": [], "content_tags": null, "incident_response": "not_applicable", "incident_reactions": ["not_applicable"], "event_time": "2023-05-02T15:54:51Z", "resolution_time": "2023-05-05T14:40:59.149720944Z", "trigger_time": "2023-05-02T15:54:52.356700619Z", "admin_history": [{"time": "2023-05-05T14:40:59.149720944Z", "user": "koko@abc.com", "new_status": "resolved", "assignee": "", "unblocked": false}], "category_last_modified": "2022-07-20T21:11:53.141672928Z", "dataset_last_modified": "2023-01-12T19:03:34.010188355Z", "edge": {"_id": "55299ac1-5a3c-4ed0-b5ea-707a3ba8def5", "source": {"path": "Users\\koko\\Downloads\\filename2.pdf", "extension": "pdf", "url": "url.url/?param=value": "filname", "hostname": "macbook-pro.local", "path_components": {"0": "Users", "1": "koko", "2": "Downloads", "3": "filename.pdf"}, "path_basename": "filename.pdf", "domain_components": {"0": "domain.com", "1": "app", "2": "5616839"}, "domain": "domain.com", "content_uri": "", "location": "website", "location_outline": "domain.com", "category": ["Other"], "links": ["06857093-5d78-476c-aba0-7f3a71d60bbe"], "raw_id": "06857093-5d78-476c-aba0-7f3a71d60bbe", "tags_applied": false, "event_type": "download", "sensor_name": "EndpointSensorBrowser", "local_user_name": "koko", "local_time": "2023-05-02T15:53:38Z", "local_machine_name": "macbook-pro.local", "endpoint_id": "eda15a43-c715-4f4a-95d9-6cf84066887b", "group_name": ["com.access_ftp"], "local_id": "90b7-0a0ff7378ddd"}, "destination": {"path": "Users\\koko\\Downloads\\filename.pdf", "extension": "pdf", "hostname": "macbook-pro.local", "file_size": 7312, "path_components": {"0": "Users", "1": "koko", "2": "Downloads", "3": "filename.pdf"}, "path_basename": "filename.pdf", "domain_components": {"0": "abc.com"}, "domain": "abc.com", "email_account": "sam@abc.com", "content_uri": "", "location": "mail", "location_outline": "sam@abc.com", "raw_id": "f8b9950a-c102-438f-ab6b-a3d3df71c34f", "tags_applied": false, "event_type": "attachment_add", "sensor_name": "EndpointSensorOutlook", "local_user_name": "koko", "local_time": "2023-05-02T15:54:51Z", "local_machine_name": "macbook-pro.local", "endpoint_id": "f8b9950a-c102-438f-ab6b-a3d3df71c34f", "group_name": ["com.access_ftp"], "data_size": 7312, "local_id": "f8b9950a-c102-438f-ab6b-a3d3df71c34f"}, "weight": 1, "nhops": 2, "flow_id": "", "is_direct": false, "personal_info_state": 0, "personal_info": [], "content_tags": null, "personal_info_attributes": null, "personal_info_counts": null, "executor_state": {"succeeded": null, "failed": null}, "executor_state2": 0, "processing_delay": 0, "processing_history": null, "processing_hops": 0, "too_many_relatives": false},"alert_id": "f8b9950a-c102-438f-ab6b-a3d3df71c34f","screenshot_guid": ""}