Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Silverfort Audit Messages | ✅ | ✅ | silverfort_audit_messages | CEF | S3 |
Overview
Silverfort’s platform monitors all human and machine access requests, across all systems and environments, continuously analyzing risk and trust levels in real-time, applying adaptive risk-based authentication policies, and preventing unauthorized access to any sensitive asset.
Supported data types
Silverfort Audit Messages
Table name: silverfort_audit_messages
These are messages generated to log actions taken by the Silverfort system. The messages notify users of various system changes, such as successful or failed attempts to log into the Admin Console.
Send data to Hunters
Hunters supports the ingestion of Silverfort logs via an intermediary AWS S3 bucket.
To connect Silverfort logs:
Export your logs from Silverfort to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
In each log file, the events should be separated by a new-line, where each event has a CEF format.
Apr 6 21:04:19 sf-tower CEF:0|Silverfort|Admin Console|4.3.97.0|Authentication|Authentication request|2|rt=1662450555555 suser=<user_name> sntdom=<domain_name> shost=n/a src=null destinationServiceName= dhost=<ip> dntdom=n/a app=LDAP cs1Label=SilverfortReqRisk cs1=Low cs2Label=SilverfortReqResult cs2=Allowed cs3Label=SilverfortPolicyAction cs3=n/a cs4Label=SilverfortPolicyId cs4=-1 cs5Label=SilverfortMfaResponse cs5=n/a cs6Label=SilverfortMfaResponseTime cs6=n/a cs7Label=SilverfortReqRiskIndicators cs7=Suspected_service_account cs8Label=SilverfortPolicyName cs8=n/a