While SaaS and cloud-native security solutions can provide great value for modern companies, they don't always provide a complete picture of the network. Many organizations rely on Firewalls, Proxy Servers and other security and IT solutions that reside inside the organizational network, and most of those on-premises devices don't provide an API/Log Export functionality that is accessible to the Hunters platform directly.
To ship logs to Hunters from these devices, an on-prem logging pipeline will need to be deployed in the organizational network. This pipeline should be responsible for collecting logs using the native logging features of the on-prem devices (most commonly Syslog or writing to files on disk), and shipping those logs to a cloud storage service (such as AWS S3) accessible to Hunters using a log forwarder. Common utilities used in these pipelines are Fluentd and Logstash).
The pipeline that will be deployed must meet the following requirements:
- Preserve the log's internal structure as it was originally generated by the product vendor, without adding additional prefixes, suffixes, headers, etc.
The supported logs formats are described across the "supported on-prem products" section.
- The cloud storage folder (e.g. AWS S3 prefix) where the logs will reside must not contain other log types.