Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Squid Proxy Logs | ✅ | ✅ | squid_proxy_logs | CSV without header | S3 |
Overview
Squid Proxy is an open-source caching and forwarding proxy server that helps optimize web traffic, improve performance, and enhance security. It is commonly used for web content caching, reducing bandwidth usage, and filtering internet traffic. Squid supports HTTP, HTTPS, and FTP protocols and can be configured for access control, content filtering, and load balancing. It is widely used by businesses, ISPs, and educational institutions to manage and monitor web traffic while improving response times and reducing network congestion.
Supported data types
Squid Proxy Logs
Table name: squid_proxy_logs
Used to store information about requests made by clients to the web server. This log contains the source IP address, the destination URL, and other metadata about the request. The log provides information about how visitors use a website or network, what kind of traffic is requested, and if any malicious activities are occurring.
Send data to Hunters
Hunters supports the ingestion of Squid Proxy logs via an intermediary AWS S3 bucket.
To connect Squid Proxy logs:
Export your logs from Squid Proxy to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
The expected format of a squid proxy log, based on Squid’s documentation, is a CSV (no-header) format.
1663379979 233 127.0.0.1 TCP_MISS/200 468 GET http://1.1.1.1:4444/wd/hub/session/ - HIER_DIRECT/2.2.2.2 application/json