Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
User Activity Report Events | ✅ | ✅ | lastpass_user_activity_reports | NDJSON | API |
Overview
LastPass is a freemium password manager that stores encrypted passwords online.
After the data is ingested, Hunters read the data from the shared bucket, parse it and allow the usage of this source to protect your users and your network in a more comprehensive way - both in the detection and investigation phases in the Hunters’ pipeline.
Supported data types
User Activity Report Events
Table name: lastpass_user_activity_reports
The User Activity report provides a comprehensive log of every user-related events. The logs include attempted and successful actions.
More information on event types can be found here.
Send data to Hunters
Hunters supports the collection of logs from LastPass using API.
To connect LastPass logs:
Retrieve the following information from LastPass:
CID - your LastPass account number. Example:
12345678Provisioning Hash - can be retrieved using the following guide. Example:
abcdef123456789abcdef123456789abcdef123456789abcdef1234567891234
Complete the process on the Hunters platform, following this guide.
Expected format
The expected format of the logs is the ndjson format as exported by LastPass.
{"Time": "2021-12-14 22:45:02", "Username": "john@gmail.com", "IP_Address": "0.0.0.0", "Action": "Reporting", "Data": "(initiated by API)"}