strongDM

  • Updated on Feb 10, 2025
  • Published on May 30, 2023
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

strongDM Activity Logs

✅

✅

strongdm_activity_logs

JSON

S3

trongDM Query Logs

✅

✅

strongdm_query_logs

JSON

S3

Overview

imageStrongDM is a Zero Trust Privileged Access Management (PAM) platform that extends the capabilities of traditional privileged access management to support all modern infrastructure, including databases, servers, Kubernetes clusters, clouds, and web applications. StrongDM combines authentication, authorization, networking, and observability into a single platform, providing secure and auditable access for the precise amount of time that access is needed.

Supported data types

strongDM Activity Logs

Table name: strongdm_activity_logs

StrongDM Activity Logs provide a centralized, detailed audit trail of all user activity across connected systems, databases, and servers. These logs capture critical information, including who accessed what resource, when, and what actions were performed, offering unparalleled visibility and accountability. Designed to simplify compliance and security, StrongDM ensures organizations can easily monitor, investigate, and report on infrastructure access in real time.

strongDM Query Logs

Table name: strongdm_query_logs

StrongDM Query Logs record all database queries executed through the platform, providing a clear and detailed audit trail of database activity. These logs capture essential details like the user, query content, target database, and timestamp, enabling organizations to monitor data access, troubleshoot issues, and ensure compliance with security and regulatory standards. With centralized query logging, StrongDM makes it easy to track and analyze database interactions in real-time.

Send data to Hunters

Hunters supports the collection of strongDM logs via an intermediary S3 bucket.

To connect strongDM logs:

  1. Follow this guide to route your strongDM logs into an AWS S3 bucket.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in JSON format.

strongDM Activity Logs

{"time":"2024-11-26 08:26:46.998303 +0000 UTC","ip_address":"1.2.3.4","actor_id":"a-3c6e57356661234db","actor_name":"Admin Token Audit logging for infosec (77dc16fe-1ebe-4829-99e9-e798f68d5)","activity":"user logged into the local client","description":"Admin token (Audit logging for infosec) logged into the local client."}

strongDM Query Logs

{"timestamp":"2024-11-26T08:48:39.423153468Z","datasourceID":"rs-4d3b9584bfb92","datasourceName":"prod-redshift-ds-serverless-cdw-onix-read-only","userID":"a-1de4e6734e518","userName":"username1","durationMs":"6","query":"-- parse prepared statement 'S_1-578558080200'\nSELECT current_schema(),session_user","hash":"b3ac06900e82d0b66e3882d9cf94462eac4f","SourceIP":"1.2.3.4","clientIP":"5.6.7.8","target":"cdw-prod-endpoint-rzpmfekui2mxqbltr.106877218800.us-east-1.redshift-serverless.amazonaws.com:1234"}