Seraphic Security

Overview

Seraphic is a cybersecurity company that focuses on securing web browsers and enterprise applications against advanced threats. Its platform provides protection against browser-based attacks, such as phishing, malware, zero-day exploits, and session hijacking, without impacting user experience or performance. Seraphic Security enables organizations to enforce security policies, detect anomalies, and prevent unauthorized access across both managed and unmanaged devices. By securing browsers at the endpoint level, it helps enterprises protect sensitive data and maintain a strong security posture against evolving threats.

Supported data types

Seraphic Events

Table name: seraphic_events

Valid occurrences in the browser logged by Seraphic.

Seraphic Alerts

Table name: seraphic_alerts

Invalid occurrences in the browser flagged by Seraphic.

Send data to Hunters

Hunters supports the collection of logs from Seraphic using API.

To connect Seraphic logs:

1. Follow these guidelines to acquire your Seraphic API key. For example, abcdefabcdef1231abcdefabcdef1231

2. Complete the process on the Hunters platform, following this guide.

Expected format

Seraphic Alerts

{"id": "0v2Z6", "log_type": "alert", "action": "", "host_id": "w2", "sid": "ca20c18428c6", "client_ts": "2023-07-24T08:33:40.204Z", "receive_ts": "2023-07-24T08:33:40.204Z", "payload": {"url": "https://abc.com", "ruleID": 16, "jsonPayload": {"eventName": "insecureContext", "contextLocation": "http://abc.com", "contextReferer": "http://abc.com", "ruleID": 16, "message": "This session is insecure. Please proceed with caution when sharing sensitive data.", "tab_details": {"active": true, "audible": false, "autoDiscardable": true, "discarded": false, "groupId": -1, "height": 571, "highlighted": true, "id": 938, "incognito": false, "index": 2, "mutedInfo": {"muted": false}, "pinned": false, "selected": true, "status": "complete", "title": "Single Window for Visa and Work Permit", "url": "http://abc.com/login", "width": 1280, "windowId": 898}, "url": "http://abc.com", "sourceIPS": "10.10.10.10,192.168.1.155", "classification": "banking/finance", "url_host": "abc.th", "url_protocol": "http:", "url_path": "main.php", "url_port": 80}, "implant_data": {"os_name": "Windows", "os_version": "10", "browser_name": "Chrome", "architecture": 64, "browser_version": "115.0.5790.102", "ext_version": "2.0.1.7696", "username": "abc", "user_sid": "S-1-220872", "computer_name": "NW2", "hostname": "NW2", "cpu_count": 8, "ram": "15.78 GB", "disk": "Windows - 471.56 GB", "displays": "720 - 1280", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36", "ips": "10.10.10.10,192.168.1.155"}}, "archived": false, "url": "http://abc.com/rm_add_expert", "domain": "abc.th", "rule_id": 16, "ip": "", "referer": "", "artifact_type": "", "computer_name": "NW2", "hostname": "NW2", "username": "chat", "application": "Chrome | 115.0.5790.102", "os_name": "Windows", "os_version": "10", "browser_version": "115.0.5790.102", "platform": "windows", "alert_type_id": "6", "alert_type_name": "Insecure Context", "severity": 0, "rule_name": "Secure Insecure Sessions", "rule_category": "protection", "rules": [{"id": 16, "name": "Secure Insecure Sessions", "category": "protection"}]}

Seraphic Events

{"id": "AbcdkBKehoui9q3qe9", "log_type": "event", "severty": null, "host_id": "sg-ABCD-12341", "sid": "abcd-4528-4ad6-9ca1-abcd", "client_ts": "2023-07-24T13:14:55.540Z", "receive_ts": "2023-07-24T13:14:55.540Z", "payload": {"url": "https://example.abc.io/search/searchv3.action?queryString=aaa, "ruleID": 12, "jsonPayload": {"eventName": "pageNavigation", "documentId": "ABC1234DD", "documentLifecycle": "active", "frameId": 0, "frameType": "outermost_frame", "parentFrameId": -1, "processId": 12, "tabId": 1235, "timeStamp": 1690204495438.281, "url": "https://example.abc.io/search/searchv3.action?queryString=aaa", "ruleID": 12, "tab_details": {"active": true, "audible": false, "autoDiscardable": true, "discarded": false, "groupId": -1, "height": 123, "highlighted": true, "id": 123432919, "incognito": false, "index": 0, "mutedInfo": {"muted": false}, "pinned": false, "selected": true, "status": "loading", "title": "Search - example", "url": "https://example.abc.io/search/searchv3.action?queryString=aaa", "width": 1366, "windowId": 123532942}, "contextReferer": "https://example.okta.com/", "sourceIPS": "12.123.12.123", "classification": "Uncategorized", "url_host": "example.abc.io", "url_protocol": "https:", "url_path": "/search/searchv3.action", "url_port": 123, "host_ip": "10.121.40.211", "internalHost": true}, "implant_data": {"os_name": "Windows", "os_version": "10", "browser_name": "Chrome", "architecture": 64, "browser_version": "123.0.1234.123", "ext_version": "1.0.1.1234", "username": "kbendicion", "user_sid": "S-1-5-21-1234-1234-1957994488-266211", "computer_name": "SG-ABCD-1234", "hostname": "SG-ABC-1234", "cpu_count": 20, "ram": "78.12 GB", "disk": "New Volume - 9.98 GB, - 400.4 GB", "displays": "768 - 1366,1080 - 1920", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/123.12 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/123.36", "ips": "12.123.123.123"}, "ip": "12.123.12.123", "internalHost": true}, "archived": false, "url": "https://example.abc.io/search/searchv3.action?queryString=aaa", "event_sub_type": null, "rule_id": 49, "ip": "12.123.12.123", "internal_host": true, "in_pac_bypass_list": null, "artifact_type": null, "computer_name": "SG-ABCD-1234", "hostname": "SG-ABCD-1234", "username": "user1", "application": "Chrome | 123.0.1234.123", "os_name": "Windows", "os_version": "10", "browser_version": "123.0.1234.123", "platform": "windows", "event_type_id": 7, "event_type_name": "Page Navigation", "action": null, "rule_name": "Page Navigation", "rule_category": "telemetry", "rules": [{"id": 12, "name": "Page Navigation", "category": "telemetry"}]}