Product updates
Data Source Health Notifications (Preview)
We’re introducing Data Source Health Notifications, a new feature designed to provide greater visibility into the health of data source ingestion. This capability sends email alerts whenever the status of connected data sources changes, allowing customers to monitor ingestion issues in real time and take timely action.
To enable notifications, navigate to Data > Data sources on the Hunters platform, select Notification Settings, turn the toggle On, add the desired email addresses, and click Save Notification Settings.
This release is part of our ongoing efforts to improve ingestion stability and transparency for customers.
.png?sv=2022-11-02&spr=https&st=2025-05-09T15%3A39%3A30Z&se=2025-05-09T15%3A52%3A30Z&sr=c&sp=r&sig=8qfDV5iK%2BtEEaSjrFfwQR4O4MeGMRaikpk2P4zhrFJE%3D)
📘Learn more
Learn more here:
Log Collection through Azure Block Storage
Hunters now supports log collection from Azure Block Storage, expanding the platform’s ingestion capabilities for customers using Microsoft Azure.
In this initial release, support is limited to NSG (Network Security Group) flow logs, enabling you to ingest and analyze network traffic data stored in Azure Block Storage.
To start collecting logs, configure your Azure Block Storage account to make NSG flow logs available for access and follow the data source setup instructions in the platform.
This integration helps simplify ingestion from Azure environments and provides broader coverage of network telemetry data.
📘Learn more
Learn more about Log Collection through Azure Storage.
Integrations
Cloudflare
Gateway DNS Requests Logs
Cloudflare Gateway DNS request logs record every DNS query made by users within an organization, routed through Cloudflare’s secure DNS resolver. These logs include details such as query timestamp, domain name, source IP or user identity, and policy actions taken (e.g., block or allow). They provide visibility into internet activity, helping to detect threats, enforce content policies, and support compliance efforts.
The integration includes:
Ingestion of the data to the data lake
Mapping of the data to IOC Search
Mapping to relevant Hunters schemas
Learn more here
Device Posture Results Logs
Cloudflare device posture results logs provide insights into the security status of user devices as evaluated by Cloudflare's Zero Trust platform. These logs capture data such as OS version, installed software, firewall status, and other posture checks. They help administrators enforce access policies based on device compliance and are valuable for auditing and troubleshooting security controls.
The integration includes:
Ingestion of the data to the data lake
Mapping to relevant Hunters schemas
Learn more here
AWS Network Firewall
AWS Network Firewall Flow Logs
AWS Network Firewall flow logs capture detailed information about allowed and denied traffic passing through the firewall. These logs include metadata such as source and destination IPs, ports, protocols, and actions taken, providing visibility into network activity for monitoring, compliance, and threat detection. Flow logs can be exported to Amazon S3, CloudWatch Logs, or Kinesis for storage and analysis.
The integration includes:
Ingestion of the data to the data lake
Mapping of the data to IOC Search
Mapping to relevant Hunters schemas
Learn more here
AWS Network Firewall Alert Logs
AWS Network Firewall alert logs record events where traffic matches a rule configured with an alert action, indicating potentially suspicious or policy-violating activity. These logs provide detailed information such as matched rule IDs, source and destination IPs, ports, protocols, and timestamps. Alert logs help security teams monitor threats in real time and investigate incidents without dropping traffic, and can be streamed to Amazon S3, CloudWatch Logs, or Kinesis for centralized analysis and response.
The integration includes:
Ingestion of the data to the data lake
Mapping of the data to IOC Search
Mapping to relevant Hunters schemas
Learn more here
FortiEDR
Fortinet FortiEDR logs provide detailed telemetry on endpoint activity, focusing on detecting and responding to advanced threats in real time. These logs include information about process execution, network connections, file access, and behavioral anomalies. They are typically used for threat hunting, incident investigation, and integration with SIEM platforms for centralized security monitoring.
The integration includes:
Ingestion of the data to the data lake
Mapping of the data to IOC Search
Mapping to relevant Hunters schemas
Learn more here
Onapsis
Onapsis logs capture security-relevant events, system activity, and threat intelligence related to business-critical applications like SAP and Oracle. These logs provide detailed insights into vulnerabilities, misconfigurations, unauthorized access attempts, and compliance issues. Typically generated by Onapsis sensors deployed on-premises, the logs can be forwarded to SIEMs or storage systems like Amazon S3 for centralized analysis, alerting, and long-term retention, enabling security teams to proactively defend high-value ERP systems.
The integration includes:
Ingestion of the data to the data lake
Mapping of the data to IOC Search
Mapping to relevant Hunters schemas
Learn more here
Detection
Deprecated detectors
🔎 Remote Administration Tool Installation
Detector ID: edr_remote_admin_tool_installation
Following the publication of the new detector New RMM Tool Executed (edr_new_rmm_tool_execution) last month, the detector Remote Administration Tool Installation has been deprecated as it seeks to detect the same scenario. The new detector has a higher fidelity and will result in less noise.