Lookout

  • Published on Feb 19, 2025
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Lookout Mobile Threat Defense logs

lookout_mobile_threat_defense_logs

NDJSON

S3

Overview

Lookout is a cloud security platform that protects mobile devices, endpoints, and cloud applications from cyber threats and data breaches. It provides real-time threat detection, phishing protection, and data loss prevention by analyzing user behavior and device activity. Lookout secures organizations against mobile malware, unauthorized access, and compliance risks, helping businesses protect sensitive data across remote and hybrid work environments.

Supported data types

Lookout Mobile Threat Defense logs

Table name: lookout_mobile_threat_defense_logs

Lookout Mobile Threat Defense logs provide detailed records of security events related to mobile device protection. These logs capture threat detections, risky app behavior, network attacks, phishing attempts, and device vulnerabilities. By analyzing these logs, security teams can monitor threats in real-time, investigate incidents, and enforce security policies to protect sensitive data across mobile endpoints.

Send data to Hunters

Hunters support the collection of logs from Lookout via an intermediary AWS S3 bucket.

To connect Lookout logs to Hunters:

  1. Export your Lookout logs into an AWS S3 bucket.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in JSON format.

{
  "type": "THREAT",
  "id": "987654321",
  "eventTime": "2024-08-27T14:02:28.000Z",
  "changeType": "CREATED",
  "actor": {
    "type": "DEVICE",
    "id": "123e4567-e89b-12d3-a456-426614174000"
  },
  "details": {
    "type": "NETWORK",
    "id": "abcdef12-3456-7890-abcd-ef1234567890",
    "action": "DETECTED",
    "severity": "HIGH",
    "classifications": [
      "ACTIVE_MITM"
    ],
    "assessments": [
      {
        "classification": "ACTIVE_MITM",
        "severity": "HIGH"
      },
      {
        "classification": "ACTIVE_MITM",
        "severity": "HIGH"
      }
    ],
    "networkThreatDetails": {
      "type": "ACTIVE_MITM",
      "ssid": "SecureNet",
      "dnsIpAddresses": [
        "192.168.1.1",
        "192.168.1.2"
      ],
      "macAddress": "AA:BB:CC:DD:EE:FF"
    }
  },
  "target": {
    "type": "DEVICE",
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "externalId": "11223344-5566-7788-99AA-BBCCDDEEFF00",
    "clientType": "LES",
    "mdmType": "INTUNE",
    "emailAddress": "john.doe@example.com",
    "platform": "IOS",
    "osVersion": "18.1.1",
    "manufacturer": "Apple",
    "model": "iPhone14,5",
    "mdmConnectorId": 654321,
    "mdmConnectorUuid": "abcdef12-3456-7890-abcd-ef1234567890"
  }
}