zero-networks

Overview

Zero Networks is a software-defined micro segmentation and access control platform designed to automatically enforce least-privilege network access across all users, devices, and services. The platform applies Zero Trust principles by continuously validating communication paths and identities before permitting any connection. Through automated learning, Zero Networks dynamically creates and enforces access policies without requiring manual rule definitions—simplifying segmentation and drastically reducing attack surfaces.

Zero Networks is a cyber company that provides an automated, agentless, and unified zero trust platform for network security, including micro segmentation, identity segmentation, and secure remote access. It focuses on stopping the spread of ransomware and other cyberattacks by creating a "firewall bubble" around each network asset, enforcing strict access controls through multi-factor authentication (MFA), and applying least privilege to users and accounts. The platform's automated approach and integration with existing infrastructure allow for rapid deployment and significantly reduced implementation costs compared to traditional solutions.  

Supported data types

Zero Networks Network Activity Logs

Table name: zero_networks_network_activity_logs

Zero Networks Network Activity Logs – Capture detailed information about network communications between endpoints, allowed and denied connections, policy enforcement decisions, and anomaly detections within micro-segmented environments.

Zero Networks Audit Activity Logs

Table name: zero_networks_audit_activity_logs

Zero Networks Audit Activity Logs – Record administrative and configuration-related actions performed within the Zero Networks platform, including policy changes, user management, and system configurations - critical for maintaining governance, accountability, and compliance.

Send data to Hunters

Hunters supports the ingestion of Zero-Networks logs using a S3 bucket.

To send data to Hunters:

1. Contact Zero-Networks support to learn how to route your Security logs to S3.

2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Hunters expects Zero-Networks logs to be in json format. The following is an example of a typical log line:

zero-networks-network-activity-logs

{"timestamp":1759232929047,"protocol":6,"state":3,"trafficType":1,"dst":{"assetId":"id_dst_x","assetSrc":3,"networkProtectionState":1,"assetType":2,"fqdn":"anonymized-dst.example","ip":"10.0.0.1","port":40000,"processName":"","processPath":"","ipThreatScore":0},"src":{"assetId":"id_src_x","assetSrc":3,"networkProtectionState":12,"assetType":1,"eventRecordId":90000001,"fqdn":"anonymized-src.example","ip":"10.0.0.2","port":50000,"processId":6000,"processName":"process.exe","processPath":"C:\\Path\\To\\process.exe","userId":"S-1-1111-0-1","userName":"DOMAIN\\USER$","user":{"sid":"S-1-1111-0-0-1","name":"DOMAIN\\USER$"},"ipThreatScore":0},"inboundRuleMatches":[],"conflictingInboundRuleMatches":[],"outboundRuleMatches":[],"conflictingOutboundRuleMatches":[],"reason":5,"ipSpace":0}

zero-networks-audit-activity-logs

{"timestamp":1759468482789,"isoTimestamp":"2025-10-03T05:14:42.789Z","auditType":123,"enforcementSource":1,"destinationEntitiesList":[{"id":"a:a:ANON1234","name":"ANON-HOST-001"}],"details":"{\"sourceAsset\":\"ANON-HOST-001\",\"connectServer\":\"conn-server-01\",\"connectedSince\":1759410886330,\"externalIP\":\"10.0.0.1\",\"user\":\"User Anon\",\"uacId\":\"v:a:0000AA\",\"uacName\":\"InfraAnon\",\"idp\":0,\"expiresAt\":\"03 Oct 25 05:14 UTC\"}","reportedObjectId":"a:a:ANONOBJ","performedBy":{"id":"u:a:USER0001","name":"User Anon"}}