Overview

Illusive IRM (Identity Risk Management) is an Identity oriented security product mainly designed to stop ransomware attacks and other identity theft attack vectors.

Integrating your Illusive IRM logs to the Hunters ecosystem will allow storing the data in a parsed format, as well as investigate threat scenarios over it and getting related Hunters' detections for your tenant.

Supported Data Types

  • Illusive Active Defense Suite logs(AKA Illusive Deception) - Detailed identity activity logged by Illusive. Illusive Active Defense Suite logs contains raw data and alerts from all of the Illusive products.

Hunters Integration

In order to integrate your Illusive logs into Hunters, the logs need to be collected from your network to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.

The expected format of the logs is the syslog/CEF format. The exact format can be seen in the data sample below.

Illusive IRM data sample

2021-06-30T07:39:15+00:00 hostname CEF:0|illusive|illusive|{device_version}|illusive:heartbeat|Heartbeat|0|dvc=10.2.4.1 rt=1625038755141 cat=illusive:SYS