Semperis

  • Updated on Feb 10, 2025
  • Published on May 30, 2023
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Semperis DSP Logs

✅

semperis_dsp_logs

Key value

S3

Overview

imageSemperis DSP is a solution designed to improve the security of Active Directory environments. It offers various features to detect, prevent, and recover from Active Directory-based attacks such as insider threats, ransomware, and advanced persistent threats (APTs).

Semperis DSP provides real-time threat detection, automated response actions, access control policies, and reporting for AD environments. It monitors and analyzes activity to identify policy violations and suspicious behavior, taking predefined actions to ensure security and compliance, reduce data breach risks, and maintain business continuity.

By Integrating Semperis to Hunters you will get your DSP logs ingested and made accessible via Snowflake data lake.

Supported data types

Semperis DSP Logs

Table name: semperis_dsp_logs

Semperis Directory Services Protector (DSP) Logs are integral components of the Semperis cybersecurity framework, meticulously designed to monitor, record, and alert on activities within Active Directory (AD) and Azure Entra ID environments. These logs offer real-time alerting on suspicious behaviors and changes, facilitating forensic analysis in the aftermath of security incidents, and supporting compliance efforts with detailed reporting capabilities.

Send data to Hunters

Hunters supports the ingestion of Semperis logs via an intermediary AWS S3 bucket.

To connect Semperis logs:

  1. Export your logs from Semperis to an AWS S3 bucket.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in key-value format.

Semperis DSP log

"651 <110>Feb 14 15:59:59 test.com Semperis.DSP  [AdChanges@51802] [ForestId] ffffffffffffffffffffffffffffffff [ChangeId] 222222222 [PartitionNamingContext] DC=testcr [DistinguishedName] CN=PPPPPPPP [ClassName] computer [AttributeName] primaryGroupID [ObjectModificationType] CreateObject [AttributeModificationType] Modify [LinkedValueDN]  [ValidUntil] 2100-01-01T00:00:00.000Z [OriginatingServer] AM-DCP-A222.test.com [OriginatingTime] 2023-02-14T15:14:11.000Z [OriginatingUsers] TEST [OriginatingUserWorkstations]  [StringValueFrom]  [StringValueTo] 515"
"311 <110>Feb 14 15:51:40 test.com Semperis.DSP  [OperationLog@51802] [OperationResult] Granted [OperationType] LoginADSM [RequestedAction] None [OperationTarget] ADSM Login [TrusteeName] NT AUTHORITY [OperationSource] 10.1.2.3:WebSite [OperationTime] 2023-02-14T15:50:07.841Z"