Alert Logic WSM
Supported data types
- Alert Logic WSM Deny Logs: The WAF appliance's deny logs.
Sending data to Hunters
Ship the Deny Logs from every appliance to an AWS S3 bucket using Alert Logic's built-in export feature. Then, configure the bucket according to this guide.
The log format of the exported Deny Logs changes between different versions of the Alert Logic appliance.
In particular, Alert Logic WSM v5 introduced the usage of
ndjson format, while older versions still export the logs in
Therefore, it is advised to ship the different formats to different S3 prefixes (e.g.
v5 prefixes) for easier ingestion.
Creating a Dataflow
After you have configured an S3 bucket to be accessiable by Hunters and started exporting your logs, share the bucket credentials with Hunters support team which will set up the ingestion to the Hunters platform.