Illusive Active Defense Suite
This article explains how to ingest to Hunters your Illusive Active Defense Suite logs.
Ingestion to Hunters
Illusive Active Defense Suite exports logs in the Common Event Format (CEF).
This can be done by logging in to the Illusive Console, enabling CEF logging via Syslog and sending the logs to a Syslog server owned by you, and then shipping the logs from the Syslog server to the shared cloud storage service with on-prem logging solutions such as Fluentd.
The format supported by Hunters for the ingestion of Illusive logs is CEF.
Please make sure you do not manipulate the events in your on-prem logging pipeline, so the files will arrive to the shared cloud storage service as CEF lines without unnecessary fields or wrappers.