Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Thycotic Secret server logs | ✅ | ✅ | thycotic_secret_server | CEF | S3 |
Overview
Thycotic, now part of Delinea after merging with Centrify in 2021, is a leading provider of privileged access management (PAM) solutions. It specializes in securing privileged accounts, passwords, and access to critical systems within organizations, helping businesses reduce security risks from both external attacks and insider threats. Their cloud-ready solutions are known for being easy to deploy and scalable, making them popular among enterprises seeking to protect sensitive data and ensure compliance with security standards.
Supported data types
Thycotic Secret server logs
Table name: thycotic_secret_server
The Secret Server system log is a top-level IIS log that reports when roles start and stop and any activity occurring on the site, as well as any legacy monitors.
Learn more here.
Send data to Hunters
Hunters supports the ingestion of Thycotic logs via an intermediary AWS S3 bucket.
To connect Thycotic logs:
Export your logs from Thycotic to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
CEF-formatted log line
Aug 18 14:28:06 sv-thyss CEF:0|Thycotic Software|Secret Server|8.6.000010|18|USER - LOGINFAILURE|2|msg=[SecretServer] Event: [User] Action: [Login Failure] By User: domain.local\\John Snow Item Name: domain.local\\John Snow suid=6 suser=domain.local\\John Snow duser=domain.local\\John Snow duid=6 fname=domain.local\\John Snow fileType=User fileId=6 src=192.168.2.27 rt=Aug 18 2014 14:28:03