Island

  • Updated on Aug 1, 2025
  • Published on Jan 29, 2024
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Island timeline

✅

island_timeline

NDJSON

API

Island Identity Objects

✅

island_identity_objects

NDJSON

API

Island browser devices

island_browser_devices

NDJSON

API

Island Siem Audit Logs

✅

✅

island_siem_audit_logs

NDJSON

API

Overview

image.pngIsland Browser is a Chromium-based enterprise browser designed to enhance corporate security and IT governance. It enables enterprises to control and monitor how users interact with web applications, focusing on preventing data leakage and enforcing security policies. The browser integrates features like web filtering, exploit prevention, and support for Zero Trust access.

Supported data types

Island timeline

Table name: island_timeline

Island timeline logs are records or detailed logs capturing the sequence of user activities and events while using the browser. These logs serve various purposes, such as auditing, security analysis, compliance monitoring, and troubleshooting within an enterprise context.

Island Identity Objects

Table name: island_identity_objects

Island Identity Objects provides a list of all of devices.

Island browser devices

Table name: island_browser_devices

IdentityObjects entity by email.

Island Siem Audit Logs

Table name: island_siem_audit_logs

Island timeline logs are records or detailed logs capturing the sequence of user activities and events while using the browser.
This Siem Audit logs is a new API for the timeline logs developer by IslandIO since July 2025. This is intended for SIEM-like integrations (live data streams).
The old API, is throttled for large volumes of data and it is not intended to be used by SIEMs like Hunters.

Send data to Hunters

Hunters supports the collection of logs from Island using API.

To connect Island logs:

  1. Generate API Key for Island using this guide

  2. Complete the process on the Hunters platform, following this guide.

To connect Island Siem Audit Logs:

Source Documentation


  1. Log in to the Island Management Console as an Administrator.

  2. From the Island Management Console, navigate to Modules >Platform Settings >System Settings > Integrations > SIEM.

  3. Click Setup for the Generic SIEM Integration. The Generic SIEM Integration Settings drawer is displayed.          

  4. Click Generate API Key to create a new key. This will open the Create a New API Key Integration drawer, where the generated API key will be displayed. This key is used to authenticate and connect with API requests.

Required Permissions: The API Key should be for an Island account with administrator access (admin or system admin).

  1. Copy the API Key to your clipboard and paste it into the API request authorization header.

  2. After generating the API key, follow the instructions provided in the Create a New API Key Integration drawer (displayed below the API key popup) to send API requests correctly.
    To start collecting events via API, please follow these steps:

    1. Make a GET request to the Retrieve Audits endpoint: https://{HOST}/services/siem/api/v1/Audits/{AUDIT_ID}. This request retrieves the oldest batch of audits from the time the API key was generated, and returns the pageId.

    2. After receiving the audits, send a POST request to the same endpoint to confirm receipt: https://{HOST}/services/siem/api/v1/Audits/{AUDIT_ID}. The request body should have the parameter pageId from the previous request. This marks the current batch as acknowledged, preventing it from being retrieved in future requests.

    3. Repeat the GET request to retrieve the next batch of audits and admin actions: https://{HOST}/services/siem/api/v1/Audits/{AUDIT_ID}Continue this cycle of retrieval and acknowledgment to process additional batches.

  3. Click Close.

Expected format

Logs are expected in NDJSON format.

Island timeline

{"userId": "samlp|sample-saml-browser-prod|00u600u600u600u6", "deviceId": "79469f9d79469f9d79469f9d", "userName": "mock username", "email": "dummy@cybage.com", "type": "Navigation", "verdict": "Allowed", "timestamp": "2023-12-01T20:24:12.307Z", "topLevelUrl": "https://www.example.com/abc1234", "urlWebCategories": ["Business and Economy"], "saasApplicationName": "Salesforce.com", "saasApplicationCategory": "E-Commerce Tools", "urlWebReputation": 96, "tabId": 798644001, "ruleId": "abbb5bc3", "ruleName": "Allowed Business Applications ", "details": "{\n  \"navigation_details\": {\n    \"is_iframe\": false\n  }\n}", "incognito": false, "sourceIp": "172.4.4.4", "publicIp": "123.1.1.1", "machineName": "test.test.com", "tenantId": "sample", "id": "4cb1f562", "createdDate": "2024-01-18T14:37:06.970651Z", "updatedDate": "2024-01-18T14:37:06.970651Z"}

Island browser devices

{"antiMalwareProducts": ["Avira Security"], "machineId": "C02RC02RC02R", "machineName": "John-MacBook-Pro-2", "machineModel": "MacBookPro12,1", "serialNumber": "C02RC02RC02R", "userName": "John S\u00f8rensen", "userId": "samlp|kayak-saml-browser-prod|00u800u800u8", "email": "jognk@gmail.com", "osPlatform": "MacOs", "islandPlatform": "Browser", "osVersion": "12.6.9", "browserVersion": "1.32.20", "chromiumVersion": "120.0.6099.216", "extensionVersion": "1.5058.2", "lastSeen": "2024-01-12T16:07:11.790079Z", "policyUpdateTime": "2023-12-08T14:29:32.393191Z", "diskEncrypted": true, "osUserName": "John", "status": "Active", "internalIpAddress": "192.168.2.1", "externalIpAddress": "62.111.1.1", "osDomain": "", "systemIntegrityProtection": true, "osFirewallEnabled": true, "osScreenLockEnabled": true, "isVirtualMachine": false, "browserName": "Island", "authMethod": "UserToken", "isArchived": false, "macAddresses": "f4:5c:89:ff:ff:ff | 82:13:13:ff:ff:ff", "cpuModel": "Intel(R) Core(TM) i5-5257U CPU @ 2.70GHz", "architecture": "x86_64", "ramSize": 8, "syncEnabled": false, "tenantId": "dummy", "id": "70ad524a", "createdDate": "2023-09-12T08:58:44.688064Z", "updatedDate": "2024-01-12T16:07:11.793245Z"}

Island identity objects

{"identityFilters": [{"type": "User", "value": "test1@ktest1.com"}], "excludedIdentityFilters": [], "name": "Austin Test", "description": "", "matchingType": "Any", "updatedByUser": {"firstName": "test", "lastName": "Admin", "name": "Test Admin", "email": "support@test.io", "auth0UserId": "samlp|island-saml-mc-production|00u6o00u6o00u6o", "id": "70f5dbbd", "createdDate": "1970-01-01T00:00:00Z", "updatedDate": "1970-01-01T00:00:00Z"}, "tenantId": "dummy", "id": "097ef25d-6c48-4e0a-95a1-a0afbb113d6a", "createdDate": "2023-07-17T12:37:46.004238Z", "updatedDate": "2023-07-17T12:37:46.004238Z"}

Island Siem Audit Logs

{"tenant_id":"tenant_x","id":"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee","timestamp":"2025-06-06T16:05:02.282Z","email":"user@tenant_x","user_id":"auth|tenant_x|user_x","user_name":"User X","type":"Navigation","verdict":"Allowed","processed_date":"2025-07-03T12:03:41.404Z","client_event_id":"bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb","client_sending_date":"2025-07-03T12:02:47.522Z","device_id":"cccccccc-cccc-cccc-cccc-cccccccccccc","url_web_reputation":92,"url_web_categories":["Category A"],"saas_application_name":"App X","saas_application_category":"Category","is_island_private_access":true,"machine_name":"HOST01.domain.local","os_user_name":"DOMAIN\\\\user","country":"CountryX","country_code":"XX","public_ip":"0.0.0.0","rule_id":"dddddddd-dddd-dddd-dddd-dddddddddddd","rule_name":"Policy_X","source_ip":"0.0.0.0","top_level_url":"https://domain.local/path","window_id":123456789,"machine_id":"eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee","frame_url":"https://domain.local/path","os_platform":"OS_X","compatibility_mode":"None","tab_id":987654321,"origin":"OriginX","version":2,"matched_user_group":"group.identifier","matched_device_posture":{"anti_malware_products":[{"enabled":true,"name":"Antivirus A","signatures_are_up_to_date":true,"signatures_last_updated":"2025-06-06T15:13:34.347Z"},{"enabled":true,"name":"Antivirus B","signatures_are_up_to_date":true,"signatures_last_updated":"2025-02-18T01:42:22.405Z"},{"enabled":true,"name":"Antivirus C","signatures_are_up_to_date":true,"signatures_last_updated":"2025-06-06T15:13:34.347Z"}],"azure_ad":[{"tenant_id":"fffffff1-1111-2222-3333-444444444444","type":"Joined"}],"disk_encryption":true,"domain":"domain.local"},"details":{"application_parameters_details_list":[{"application_id":"77777777-aaaa-bbbb-cccc-dddddddddddd","parameters":[{"parameter_name":"tenant"},{"parameter_name":"labels"}]}],"ipa_details":{"ipa_forwarding_method":"EncryptedProxy","ipa_rule":"Rule_X","ipa_used_proxy":"Proxy_X"},"navigation_details":{"is_iframe":false}},"signature":"REDACTED_SIGNATURE","saas_application_id":"99999999-aaaa-bbbb-cccc-eeeeeeeeeeee","source":"SourceX"}