Skip to content

Alert Logic WSM

Overview

Supported data types

  • Alert Logic WSM Deny Logs: The WAF appliance's deny logs.

Sending data to Hunters

Prerequisites

Ship the Deny Logs from every appliance to an AWS S3 bucket using Alert Logic's built-in export feature. Export to S3 Then, configure the bucket according to this guide.

Note

The log format of the exported Deny Logs changes between different versions of the Alert Logic appliance. In particular, Alert Logic WSM v5 introduced the usage of ndjson format, while older versions still export the logs in json format.

Therefore, it is advised to ship the different formats to different S3 prefixes (e.g. v4 and v5 prefixes) for easier ingestion.

Creating a Dataflow

After you have configured an S3 bucket to be accessiable by Hunters and started exporting your logs, share the bucket credentials with Hunters support team which will set up the ingestion to the Hunters platform.