Overview

Hunters Supported Products Matrix explained:

The Hunters Supported Products Matrix encapsulates all of the different data types supported by the Hunters platform for ingestion. These range from cloud data types based on various APIs (e.g., Okta) and up to on-premise data types (e.g., Windows Event Logs).

The matrix comprises of the following columns:

  • Vendor / Product

  • Source

  • Supported Collection

  • Supported Format

Vendor / Product

The technology or product supported by Hunters for ingestion.

Source

Whether the collection of the data type is on-premise or cloud-based (e.g., Blob Storage or API).

Cloud

Some data types are based solely on inherent cloud infrastructure, such as different Cloud Infrastructure providers, or different vendors and SaaS technologies. Therefore, these are collected from a cloud infrastructure rather than on-premise.

On-Premise

While many technologies today have external APIs which allow for an effective data collection, some technologies still reside inside the network, and require the utilization of a log forwarding infrastructure to allow for the shipping of such data. Such on-premise technologies are denoted in this list as On-Premise. For a recommendation of log forwarding infrastructure and how to set it up for your organization, please see the following resource.

Supported Collection

The supported methods of collecting the logs.

Example: If a particular product has an API, yet under the Supported Collection only S3 Bucket is listed - It means Hunters does not currently support collecting directly from the API, and requires the files to reside in S3, in their proper expected format (see next bullet).

The collection from some vendors/technologies may still be considered to be under BETA support, and is utilized by Hunters next-generation ingestion infrastructure consisting of generic API collector such as Pullers or Streamers. While such collection methods may be utilized by Hunters for the ingestion of some log types, it is considered BETA and may not meet GA quality (e.g., performance, monitoring etc.).

Supported Format

Many technologies may have different ways of shipping their logs, whether it is CEF, CSV, NDJSON and so on. For each technology or product, it is stated what format is currently supported by Hunters.

Note: A specific technology is considered fully supported by Hunters only when all requirements of the Supported Collection and Supported Format have been met.

Supported Products

Below is a list of all products with their respective currently supported collection methods and formats.

Cloud Infrastructure

Vendor / Product

Source

Supported Collection

Supported Format

AWS CloudTrail

Cloud

Blob Storage

JSON

AWS Config Snapshot

Cloud

Blob Storage

JSON

AWS VPC Flow Logs

Cloud

Blob Storage

CSV with Header

AWS Guard Duty

Cloud

Blob Storage

NDJSON

AWS ELB Access Logs

Cloud

Blob Storage

CSV with Header

AWS WAF

Cloud

Blob Storage

NDJSON

GCP Audit Logs

Cloud

Topic (BETA) / Blob Storage

NDJSON

GCP Security Command Center Assets

Cloud

Topic (BETA) / Blob Storage

NDJSON

GCP Security Command Center Findings

Cloud

Topic (BETA) / Blob Storage

NDJSON

Microsoft Azure Activity

Cloud

Blob Storage

NDJSON

Microsoft Azure Signin

Cloud

Blob Storage

NDJSON

Microsoft Azure Audit

Cloud

Blob Storage

NDJSON

Microsoft Azure NSG Flow

Cloud

Blob Storage

NDJSON

Container Infrastructure

Vendor / Product

Source

Supported Collection

Supported Format

Sysdig

Cloud

Blob Storage

NDJSON

Cloud Security Posture Management (CSPM)

Vendor / Product

Type

Supported Collection

Supported Format

Orca

Cloud

API (BETA) / Blob Storage

NDJSON

Wiz

Cloud

API (BETA) / Blob Storage

NDJSON

Email Security

Vendor / Product

Type

Supported Collection

Supported Format

Agari Phishing Defense

Cloud

API

API Native

Cyren

Cloud

API (BETA) / Blob Storage

Cyren SIEM API

FireEye EX

On-Premise

Blob Storage

NDJSON

ProofPoint

Cloud

API (BETA) / Blob Storage

API Native

Endpoint Management and EDR

Vendor / Product

Type

Supported Collection

Supported Format

Cisco Secure Endpoint (AMP)

Cloud

Cisco Stream API

API Native

CrowdStrike

Cloud

FDR, Stream API

API Native

Jamf

Cloud

Jamf REST API

API Native

Kaspersky Anti Virus (KAV)

On-Premise

Blob Storage

Key Value Separator

Microsoft Defender for Endpoint

Cloud

Blob Storage

NDJSON

SentinelOne

Cloud

API (BETA) / Blob Storage

NDJSON

Sophos Central

Cloud

API (BETA) / Blob Storage

NDJSON

Symantec Endpoint Protection

On-Premise

Blob Storage

Key Value Separator

VMware Carbon Black

Cloud

API

API Native

Enterprise Collaboration Software

Vendor / Product

Type

Supported Collection

Supported Format

Google Workspace

Cloud

API (BETA)

NDJSON

Zoom

Cloud

Zoom REST API

NDJSON

Identity and Access Management

Vendor / Product

Type

Supported Collection

Supported Format

Active Directory Users

On-Premise

Blob Storage

CSV

Duo

Cloud

Blob Storage

JSON

Okta

Cloud

API

API Native

OneLogin

Cloud

API (BETA)

NDJSON

PingID

Cloud

API (BETA)

NDJSON

Network Security

Vendor / Product

Type

Supported Collection

Supported Format

Alert Logic WSM

On-Premise

Blob Storage

JSON, NDJSON

Broadcom Secure Access Cloud (Luminate)

Cloud

Blob Storage

NJDSON

Check Point

On-Premise

Blob Storage

Syslog, Splunk CIM

Cisco Meraki

Cloud

Meraki REST API

NDJSON

Cisco Umbrella

Cloud

Blob Storage

CSV without Header

Cloudflare

Cloud

Blob Storage

NDJSON

Corelight Suricata Alerts

On-Premise

Blob Storage

JSON

FireEye NX

On-Premise

Blob Storage

NDJSON

Netskope

Cloud

Blob Storage

NDJSON

Palo Alto Networks Firewall

On-Premise

Blob Storage

CSV

PerimeterX Bot Defender

Cloud

Blob Storage

NDJSON

Squid Proxy

On-Premise

Blob Storage

ECS

Zscaler ZIA

Cloud

Blob Storage

RSA, NSS

Operating Systems

Vendor / Product

Type

Supported Collection

Supported Format

Auditd

On-Premise

Blob Storage

Raw Message

Microsoft Windows Event Logs

On-Premise

Blob Storage

NDJSON, CSV

Linux Logs

On-Premise

Blob Storage

NDJSON

Privileged Access Management

Vendor / Product

Type

Supported Collection

Supported Format

CyberArk

On-Premise

Blob Storage

CEF

Other

Vendor / Product

Type

Supported Collection

Supported Format

Illusive Active Defense Suite

On-Premise

Blob Storage

CEF