Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Kiteworks Audit Logs | ✅ | kiteworks_audit_logs | Syslog | S3 |
Overview
Kiteworks is a secure file-sharing and collaboration platform that provides a variety of security features, including advanced threat protection (ATP), data loss prevention (DLP), encryption, and access control. Kiteworks can be integrated to Hunters SOC platform to provide a comprehensive security solution for organizations.
Supported data types
Kiteswork Audit Logs
Table names: kiteworks_audit_logs
Kiteworks syslog exports all content and administrative events: file movements, file access, errors, access control changes, privilege changes, user on/offboarding, failed and successful logins, scan failures (AV, ATP, DLP), and more.
Send data to Hunters
Hunters supports the ingestion of Kiteworks logs via an intermediary AWS S3 bucket.
To connect Kiteworks logs:
Export your logs from Kiteworks to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Kiteworks Audit Logs
<174>May 7 08:39:35 ksft-h3 rest_server.py: 10.1.2.3, Activity Type: cleanup_upload, Activity Group: file_changes, Activity: Clean up failed upload attempt of file test1.eml
<22>May 7 04:01:03 ksft-h4 sendmail[24230]: 333333rS11111: from=<root@ksft-h4.test1.net>, size=1390, class=-60, nrcpts=1, msgid=<202305070401.347413c1024228@ksft-h4.test1.net>, proto=ESMTP, daemon=MTA, relay=ksft-h4.test1.net [127.0.0.1]