Windows Firewall logs allow you to monitor any dropped or successful connections by the firewall. The logs are saved locally under
After the data is ingested, Hunters read the data from the shared bucket, parse it and allow the usage of this source to protect your network in a more comprehensive way and add it to the detection phase in the Hunters’ pipeline.
Supported Data Types
Windows Firewall Logs - see more details here.
In order to enable Hunters' collection & ingestion of Windows Firewall Logs for your account, the logs should be collected to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.
Hunters except the data to be in a CSV without header format.
The fields should be:
2022-03-01 15:29:30 ALLOW TCP 10.0.0.1 10.0.0.2 1234 80 52 S 14835656767 0 64240 - - - RECEIVE