Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Signal Sciences Requests | ✅ | ✅ | signal_sciences_requests | NDJSON | API | ||
Signal Sciences Events | ✅ | ✅ | signal_sciences_events | NDJSON | API | ||
Signal Sciences Corp | ✅ | signal_sciences_corp_activity | NDJSON | API |
Overview
The Signal Sciences platform is an application security monitoring system that proactively monitors for malicious and anomalous web traffic directed at your web servers. The system is comprised of three key components:
A web server integration module
A monitoring agent
Our cloud-hosted collection and analysis system
Integrating the Signal Sciences logs to Hunters allows collection of the data via the API, as well as ingestion of the data and leveraging it for various security use cases.
Supported data types
Signal Sciences Requests
Table name: signal_sciences_requests
Detailed insights into HTTP/S requests that the WAF processes. These logs contain vital information about each request, such as the request method, URL, headers, client IP address, and any triggered security events or rules.
Learn more here
Signal Sciences Events
Table name: signal_sciences_events
These logs capture information about attempts to exploit vulnerabilities, such as SQL injection, cross-site scripting (XSS), and other common web attack vectors. Each log entry includes data on the nature of the event, the severity level, the affected resources, and the specific security rules that were triggered.
Learn more here
Signal Sciences Corp
Table name: signal_sciences_corp_activity
Detailed records of operational and security activities detected and managed by their WAF solution. These logs play a pivotal role in monitoring, analyzing, and responding to various web traffic and security events, encompassing everything from routine web requests to potential security threats.
Learn more here
Send data to Hunters
Hunters supports the collection of the logs using API.
To connect Signal Sciences logs:
Follow this guide by the vendor to generate relevant keys.
Supply Hunters with the following details:
API User - for example user@org.com.
API Token - for example e3d3d29b-3330-4630-b812-67595238d7ee.
Complete the process on the Hunters platform, following this guide.
Expected format
Logs are expected in JSON format.
Signal Sciences Requests
{"id":"15678gtuiu676hhg899","serverHostname":"local_host","remoteIP":"102.200.20.102","remoteHostname":"","remoteCountryCode":"IN","userAgent":"linux","timestamp":"2023-09-02T00:00:02Z","method":"GET","serverName":"www.example.com","protocol":"https","tlsProtocol":"tlsv1.2","tlsCipher":"ABCD-THJ-456","path":"/sample/test_datas/2","uri":"/sample/test_datas/2","scheme":"https","headersIn":[["Device","mobile"],["Cookie","allowed"]],"agentResponseCode":201,"responseCode":404,"responseSize":100,"responseMillis":19,"headersOut":[["error_type","TError"],["type","text"]],"summation":{"attrs":{},"attacks":[]},"tags":[{"type":"testing_tags","location":"test_location","value":"401","detector":"error","redaction":"","link":""}]}
Signal Sciences Events
{"id":"123fgsineb45njewlc6789","timestamp":"2023-09-22T02:41:47Z","detectedTimestamp":"2023-09-22T02:41:49Z","source":"11.12.13.14","remoteCountryCode":"US","remoteHostname":"","userAgents":["Mozilla/5.0 (Windows AB 1.1; Win64; x64; ab:11.1) user/1234 Firefox/11.1"],"action":"flagged","type":"attack","reasons":{"corp.attacks":1},"requestCount":1,"tagCount":1,"window":60,"expires":"2023-09-23T02:41:47Z","expiredBy":"","alertId":"123dhnc4ckkdalo56","exampleRequest":{"id":"789dskjkawyedb45wd12","serverHostname":"local_host","remoteIP":"11.12.13.14","remoteHostname":"","remoteCountryCode":"US","userAgent":"Mozilla/5.0 (Windows AB 1.1; Win64; x64; ab:11.1) user/1234 Firefox/11.1","timestamp":"2023-09-22T02:41:16Z","method":"GET","serverName":"www.example.com","protocol":"HTTP/1.1","tlsProtocol":"tlsv.1","tlsCipher":"ABCD-ABC-123","path":"/sample/","uri":"/sample/","scheme":"https","headersIn":[["Host","www.example.com"],["CF-Device-Type","desktop"]],"agentResponseCode":406,"responseCode":406,"responseSize":156,"responseMillis":3,"headersOut":[["content-type","text/html"],["connection","close"]],"summation":{"attrs":{},"attacks":[]},"tags":[{"type":"testing_tags","location":"","value":"","detector":"12346bb0466d07e6abcd","redaction":"","link":"https://sample.example.net/sample/12346bb0466d07e6abcd"}]}}
Signal Sciences Corp Activity
{"id":"12536f168148709d5e2d6gr5","eventType":"tester_login","msgData":{"corpName":"example","detailLink":"https://test1.net/user2@example.com","email":"user2@example.com","tokenName":"tester","userAgent":"Chrome"},"message":"created token `tester`","attachments":[{"Title":"","Fields":[{"Title":"token_name","Value":"tester","Short":true}],"MarkdownFields":false}],"created":"2023-09-14T11:11:11Z"}