Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Netography Alerts | ✅ | ✅ | ✅ | netography_alerts | CEF | S3 |
Overview
Netography is a cloud-native Network Defense Platform (NDP) that provides real-time detection and response to anomalies and threats across hybrid, multi-cloud, and on-prem networks from a single console without deploying sensors, agents, or taps.
Supported data types
Netography Alerts
Table name: netography_alerts
By integrating Syslog, users can consolidate logs from various devices or applications within their network into a centralized repository. This centralized logging enhances security, compliance, and operational management by offering real-time insights and historical data analysis.
Send data to Hunters
Hunters support the collection of Netography logs via an intermediary AWS S3 bucket.
To connect Netography logs:
Follow the guidelines by Netography to export the data using an on-prem utility and transfer them into an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in CEF format.
Netography Alerts
<129>2023-10-25T09:50:26Z notify1.netog.io neto.event[11223]: CEF:0|netography.com|notifier|0.0.1|Netography Alert|Test alert is ongoing from 123.12.123.12:12345 in TEST-TRANSIT for device TEST_DEVICE|High|dpt=111 dst=123.12.123.121 dst=123.12.123.122 dst=123.12.123.123 dst=123.12.123.124 dst=123.12.123.125 dst=123.12.123.126 dst=123.12.123.127 spt=65474 src=123.12.123.21 src=123.12.123.22 src=123.12.123.23 start=Oct 25 2023 09:16:48