Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Normalyze Alerts | ✅ | normalyze_alerts | NDJSON | S3 |
Overview
Normalyze is a data security platform that helps organizations discover, classify, and protect sensitive data across cloud environments. It provides visibility into data assets, identifies security risks, and ensures compliance with industry regulations. Using automated scanning and AI-driven analysis, Normalyze detects misconfigurations, unauthorized access, and potential data exposures. It enables security teams to enforce data protection policies, prevent breaches, and maintain a strong security posture across multi-cloud infrastructures.
Supported data types
Normalyze Alerts
Table name: normalyze_alerts
Normalyze Alerts provide real-time notifications on security risks and potential data exposures across cloud environments. These alerts help security teams identify misconfigurations, unauthorized access, and compliance violations related to sensitive data. By leveraging automated scanning and AI-driven analysis, Normalyze Alerts prioritize threats based on risk severity, enabling faster incident response and data protection.
Send data to Hunters
Hunters support the collection of logs from Normalyze via an intermediary AWS S3 bucket.
To connect Normalyze logs to Hunters:
Export your Normalyze Alerts into an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in JSON format.
{
"id": "12345678",
"hash": 987654321,
"data": {
"_tags": [
"aws",
"configuration-check",
"ec2",
"mitre-T1499",
"repudiation"
],
"region": "us-east-1",
"account_id": "111222333444",
"instance_id": "i-0abc123456789xyz",
"account_name": "default",
"instance_arn": "arn:aws:ec2:us-east-1:111222333444:instance/i-0abc123456789xyz",
"_asset_owners": [],
"instance_type": "m5.large",
"complianceTags": null,
"instance_state": "",
"instance_region": "us-east-1",
"_tags_key_values": [],
"instance_tenancy": "default",
"complianceControls": [
"CIS-CSCv8-13.0",
"CIS-CSCv8-13.6",
"GDPR-Art32.1",
"HIPAA-164.312(b)",
"ISO-27001-A.12.4",
"NIST-800-53rev5-SC-5",
"SOC-2-CC7.2"
],
"instance_publicdnsname": "",
"instance_monitoringstate": "disabled",
"instance_publicipaddress": null,
"instance_hibernation_enabled": false
},
"signatureid": 4004,
"likelihood": 7,
"impact": 0,
"riskScore": 0,
"likelihoodLabel": "HIGH",
"impactLabel": "LOW",
"createdAt": "2024-10-07T03:00:59.902Z",
"updatedAt": "2024-10-07T04:06:01.692Z",
"accountId": "111222333444",
"primaryResource": "arn:aws:ec2:us-east-1:111222333444:instance/i-0abc123456789xyz",
"resourceName": "instance/i-0abc123456789xyz",
"firstSeenAt": 1728270056,
"lastSeenAt": 1728273957,
"lastAction": "Discovered",
"status": "OPEN",
"isActive": true,
"closedAt": null,
"lastInspectedAt": 1728270213135,
"provider": "AWS",
"region": "us-east-1",
"resourceTypes": [
"EC2Instance",
"Instance"
],
"tags": [
"aws",
"configuration-check",
"ec2",
"mitre-T1499",
"repudiation"
],
"dataTags": null,
"dataTagsResult": null,
"complianceTags": null,
"scfTags": [],
"complianceControls": [
"CIS-CSCv8-13.0",
"CIS-CSCv8-13.6",
"GDPR-Art32.1",
"HIPAA-164.312(b)",
"ISO-27001-A.12.4",
"NIST-800-53rev5-SC-5",
"SOC-2-CC7.2"
],
"accountName": "ExampleCorp",
"resourceOwners": [],
"runId": 1728270056,
"cloudTags": {},
"riskTags": [
"aws",
"configuration-check",
"ec2",
"mitre-T1499",
"repudiation"
],
"monetaryValue": null,
"servicenowNumber": null,
"issueUrl": null,
"level": "LOW",
"entityCount": 0,
"uniqueEntityCount": 0
}