Netscout Arbor

Overview

Netscout Arbor specializes in advanced DDoS protection, offering comprehensive solutions to detect, mitigate, and report on attacks. Utilizing the ATLAS Intelligence Feed (AIF), it provides real-time global threat intelligence, leveraging data from its extensive network to anticipate and counter emerging threats.

Arbor's technology includes advanced behavioral analytics and anomaly detection to identify potential risks early. It offers flexible deployment options, including on-premises, cloud-based, and hybrid models, ensuring robust protection tailored to various network environments.

Supported data types

Arbor DDoS Detection Logs

Table name: arbor_networks_aps

Arbor DDoS detection logs are detailed records generated by Netscout Arbor's DDoS protection systems, capturing information about detected DDoS attacks. These logs include crucial data such as the time of the attack, attack vectors, sources and destinations, packet types, volume of traffic, and mitigation actions taken.

By analyzing these logs, network administrators can understand the nature and scope of attacks, identify trends, and improve their security posture. The logs provide actionable insights for forensic analysis, helping organizations enhance their defenses against future attacks and ensure compliance with security policies and regulations.

Send data to Hunters

Hunters support the collection of Arbor DDoS protection logs via an intermediary AWS S3 bucket.

To connect Arbor DDoS protection logs:

1. Gather Arbor DDoS logs using an on-prem utility and transfer them into an AWS S3 bucket.

2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in Key-Value format.

Arbor DDoS Detection Logs Sample

<25>May 21 02:49:30 test.hostname  arbor-networks-aps:Blocked Host: Blocked host 1.2.3.4 at 02:49 by Invalid Packets using UDP/0 (Unknown) destination 1.2.0.1,EPOCH: 1716252570,PGID: 50,PGNAME: test-tst-all,URL: https://test.hostname/summary/