Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Silver Peak | ✅ | ✅ | silverpeak_firewall_logs | Key Value | S3 |
Overview
Silver Peak, now HPE Aruba Networking, creates a SD-WAN fabric that is used to provide secure connectivity with private line performance interconnecting enterprise locations with public clouds, private clouds, and service provider hosted services.
Integrating the logs into Hunters allows ingestion of the data, as well as levaraging the logs in the Hunters Network schema as well as the IOC Search feature.
Supported data types
Silverpeak Firewall Logs
Table name: silverpeak_firewall_logs
Firewall logs captured by Silverpeak.
Send data to Hunters
Hunters supports the ingestion of Silverpeak logs via an intermediary AWS S3 bucket.
To connect Silverpeak logs:
Export your logs to a syslog stream, using this guide.
Ship the logs to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in Key Value format.
<149> Dec 2 12:56:06 ABE2-ABC-SPK-01 netflowd[12345]: [NOTICE] Action:drop, Reason:security policy deny, InputInt:lan0.300, OutputInt:INET1_DefaultABC, StartTime:Sat Dec 2 12:56:05 2023, EndTime:Sat Dec 2 12:56:06 2023, RXPkts:1, TXPkts:1, RXOctets:11, TXOctets:100, Flow-ID:111222, ingressVRFID:0, egressVRFID:0, VRFname:Default, SrcAddr:100.20.204.0, DstAddr:100.07.120.120, SrcPort:10102, DstPort:123, Application:Dns, IPTos:be (0x0), Protocol:udp, TCPFlags:0x0, Host:ABE2-ABC-SPK-01, FromZone:CCTV, ToZone:INTERNET, Tag:CCTV_INTERNET_1000, Direction:Outbound, Overlay:DefaultABC, NATSrcIP:10.107.00.74, NATSrcPort:50012