FastTrack (Admin By Request)

  • Updated on Nov 25, 2025
  • Published on Nov 13, 2025
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Fasttrack AdminByRequest Events

✅

✅

✅

fasttrack_adminbyrequest_events

NDJSON

S3 / API

Fasttrack Adminbyrequest Requests

✅

✅

fasttrack_adminbyrequest_requests

NDJSON

S3 / API

Fasttrack Adminbyrequest Audit Logs

✅

✅

fasttrack_adminbyrequest_audit-logs

NDJSON

S3 / API

Overview

FastTrack AdminByRequest is a cloud-based Privileged Access Management (PAM) solution designed to provide organizations with secure, auditable, and tightly controlled local administrator access on endpoints—without hindering end-user productivity. Rather than granting employees standing or permanent admin rights, AdminByRequest introduces an on-demand elevation model where privileges are requested, evaluated, approved, and logged through a central workflow. This ensures that users gain the access they need only when necessary, and only for the duration required.

At its core, the platform is built to strike a careful balance between security, usability, and operational efficiency. By removing persistent admin rights, organizations significantly reduce exposure to malware, privilege escalation attempts, unauthorized configuration changes, and other endpoint-level threats. At the same time, AdminByRequest ensures that legitimate work—such as installing applications, updating tools, or performing advanced troubleshooting—can continue smoothly through guided self-service or administrator-controlled approval paths.

AdminByRequest achieves this balance through lightweight client deployment, centralized cloud policy management, robust logging, and real-time visibility into elevated activities across all managed devices. This combination allows security teams to enforce least-privilege principles while maintaining full auditability of every elevation event, helping organizations adhere to best practices and compliance frameworks. The result is a modern PAM approach that enhances endpoint security posture without slowing down IT operations or end users.

Supported data types

Fasttrack AdminByRequest Events

Overview

Table name: fasttrack_adminbyrequest_events

Provides detailed information on system-level and user-triggered events within the AdminByRequest ecosystem, supporting threat detection and operational monitoring.

Send data to Hunters

Hunters supports the ingestion of FastTracks logs via an intermediary AWS S3 bucket or API.

To connect Fasttrack Events via S3

  1. Export your logs from FastTrack to an AWS S3 bucket and follow the steps in this section.

To connect Fasttrack Events via API:

  1. You can authenticate and connect consuming the API with just hostname and api-key:

    2. See more: https://docs.adminbyrequest.com/integrations/public-api.htm

  2. Once inserted on the SSI (portal) the auth-credentials, the api integration will start pulling the data every 5 minutes.

Expected format

Logs are expected in JSON format.

{
  "id": "000011123",
  "eventCode": 100,
  "eventLevel": 0,
  "eventText": "Sudo command executed",
  "eventTime": "2025-01-01T00:00:00",
  "eventTimeUTC": "2025-01-01T00:00:00",
  "computerName": "COMPUTER-NAME-001",
  "userAccount": "user.account",
  "userName": "User Name",
  "alertAccount": null,
  "auditLogURL": null,
  "rollback": false,
  "additionalData": "[\"Executed a sudo command:\", \"defaults\", \"read\", \"/Library/LaunchAgents/com.example.app.p\"]",
  "application": {
    "file": null,
    "path": null,
    "name": null,
    "vendor": null,
    "version": null,
    "sha256": null
  }
}

Fasttrack AdminByRequest Requests

Overview

Table name: fasttrack_adminbyrequest_requests

Covers all user-initiated privilege elevation requests, including request metadata, approval status, justification, and contextual information essential for security review.

Send data to Hunters

Hunters supports the ingestion of FastTracks via an intermediary AWS S3 bucket or API.

To connect Fasttrack Requests via S3

  1. Export your logs from FastTrack to an AWS S3 bucket and follow the steps in this section.

To connect Fasttrack Events via API:

  1. You can authenticate and connect consuming the API with just hostname and api-key:

    2. See more: https://docs.adminbyrequest.com/integrations/public-api.htm

  2. Once inserted on the SSI (portal) the auth-credentials, the api integration will start pulling the data every 5 minutes.

Expected format

Logs are expected in JSON format.

{
  "scanResults": [],
  "id": 123456789,
  "traceNo": "123454321",
  "settingsName": "Global",
  "type": "Admin Session",
  "typeCode": 1,
  "status": "Denied",
  "statusCode": 3,
  "application": {
    "file": null,
    "name": null,
    "vendor": null,
    "version": null,
    "sha256": null,
    "scanResult": null,
    "scanResultCode": 0,
    "threat": null,
    "virustotalLink": null
  },
  "user": {
    "account": "USER001",
    "fullName": "User, Test",
    "email": "user@example.com",
    "phone": ""
  },
  "computer": {
    "name": "COMPUTER-001",
    "platform": "Mac",
    "platformCode": 1,
    "make": "Apple Inc.",
    "model": "MacBookPro 18.2"
  },
  "reason": "test reason",
  "approvedBy": null,
  "approvedByEmail": null,
  "deniedReason": null,
  "deniedBy": null,
  "deniedByEmail": null,
  "requestTime": "2025-01-01T00:00:00",
  "auditlogLink": "https://www.example.com/AuditLog?Page=AdminSessions&ID=123456&ShowFilter=false"
}

Fasttrack AdminByRequest Audit Logs

Overview

Table name: fasttrack_adminbyrequest_audit_logs

Delivers comprehensive audit trails of elevated actions, ensuring traceability, compliance, and visibility into what users did during their elevated session.

Send data to Hunters

Hunters supports the ingestion of FastTrack logs via an intermediary AWS S3 bucket or API.

To connect Fasttrack Audit Logs via S3

  1. Export your logs from FastTrack to an AWS S3 bucket and follow the steps in this section.

To connect Fasttrack Events via API:

  1. You can authenticate and connect consuming the API with just hostname and api-key:

    2. See more: https://docs.adminbyrequest.com/integrations/public-api.htm

  2. Once inserted on the SSI (portal) the auth-credentials, the api integration will start pulling the data every 5 minutes.

Expected format

Logs are expected in JSON format.

{
  "installs": [
    {
      "application": "Self Service",
      "version": "",
      "vendor": ""
    }
  ],
  "uninstalls": [],
  "elevatedApplications": [],
  "scanResults": [],
  "id": 123454387,
  "traceNo": "12397153",
  "settingsName": "Global",
  "type": "Run As Admin",
  "typeCode": 0,
  "status": "Finished",
  "statusCode": 2,
  "application": {
    "file": "Self Service.app",
    "path": "/Library/example/.ABCdboxManager/12345.activeSandbox/Root/Applications",
    "name": "Self Service",
    "vendor": "",
    "version": "",
    "sha256": "",
    "scanResult": "Clean",
    "scanResultCode": 0,
    "threat": null,
    "virustotalLink": "https://www.example.com/latest-scan/",
    "preapproved": false
  },
  "user": {
    "account": "ROOT",
    "fullName": "root",
    "email": "",
    "phone": "",
    "isAdmin": true
  },
  "computer": {
    "name": "MB-12345",
    "platform": "Mac",
    "platformCode": 1,
    "make": "Apple Inc.",
    "model": "Mac 1.10"
  },
  "reason": null,
  "approvedBy": null,
  "approvedByEmail": null,
  "deniedReason": null,
  "deniedBy": null,
  "deniedByEmail": null,
  "ssoValidated": false,
  "requestTime": "2025-11-10T10:28:50",
  "requestTimeUTC": "2025-11-10T06:28:50",
  "startTime": "2025-11-10T10:28:50",
  "startTimeUTC": "2025-11-10T06:28:50",
  "endTime": "2025-11-10T10:28:50",
  "endTimeUTC": "2025-11-10T06:28:50",
  "responseTime": null,
  "auditlogLink": "https://www.adminbyrequest.com/AuditLog?Page=sample&ID=1234&ShowFilter=false"
}