Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
PulseSecure Access logs | ✅ | ✅ | pulsesecure_access_logs | Text | S3 | ||
PulseSecure Events logs | ✅ | pulsesecure_events_logs | Text | S3 | |||
PulseSecure Admin logs | ✅ | ✅ | pulsesecure_admin_logs | Text | S3 |
Overview
Pulse Secure is a cybersecurity company that provides secure access solutions for enterprises. Its platform focuses on virtual private network (VPN) services, network access control (NAC), and endpoint security. Pulse Secure enables businesses to securely connect remote employees and branch offices to their corporate networks by ensuring secure access to applications, data, and services. The platform offers solutions for zero-trust network access (ZTNA), mobile device management (MDM), and secure access to cloud resources, providing organizations with flexibility and strong protection for their distributed workforces.
Supported data types
Access logs
Table name: pulsesecure_access_logs
User access, such as the number of simultaneous users at each one-hour interval (logged on the hour) and user sign-ins and sign-outs
Events logs
Table name: pulsesecure_events_logs
System events, such as session timeouts, system errors and warnings, requests to check server connectivity, and system restart notifications.
Admin logs
Table name: pulsesecure_admin_logs
Administrator actions, such as administrator changes to user, system, and network settings. It includes a log entry whenever an administrator signs in, signs out or changes licenses on the appliance.
Send data to Hunters
Hunters supports the ingestion of PulseSecure logs via an intermediary AWS S3 bucket.
To connect PulseSecure logs:
Export your logs to an AWS S3 bucket. Each log type should be sent to a separate prefix in the S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in text format.
PulseSecure Access Logs Example
"2022-12-12 13:58:21 - ive - [127.0.0.1] System()[] - SAML AuthnRequest generation succeeded for SigninUrl:'https://vpn.hunt.com', SSO Service URL: 'https://junt.okta.com/app/hunt_pulsesecure_1/exk10hgtbpJirn2b6416/sso/saml' \\r\\n\"
PulseSecure Events Logs Example
"2022-12-12 13:59:42 - ive - [143.50.61.180] System()[] - SSL negotiation failed while client at source IP '143.50.61.180' was trying to connect to '10.121.154.4'. Reason: 'sslv3 alert bad certificate'\\r\\n\"
PulseSecure Admin Logs Example
"2022-12-12 13:58:42 - ive - [124.122.153.192] kbopala(Admin SSO)[.Administrators] - Session timed out for kbopala/Admin SSO (session:sid1fa9addcddv59e544c3427031d492a7e3a7bf0b8b500000000) due to inactivity (last access at 13:47:00 2022/12/12). Idle session identified during routine system scan.\\r\\n\"