Silverfort’s platform monitors all human and machine access requests, across all systems and environments, continuously analyzing risk and trust levels in real-time, applying adaptive risk-based authentication policies and preventing unauthorized access to any sensitive asset.

Supported Data Types

  • Silverfort Audit messages - These are messages generated to log actions taken by the Silverfort system. The messages notify users of various system changes, such as successful or failed attempts to log into the Admin Console.

Hunters Ingestion

For Hunters to integrate with Silverfort, the logs should be collected to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.

Expected Format

In each log file, the events should be separated by a new-line, where each event has a CEF format.


Apr  6 21:04:19 sf-tower CEF:0|Silverfort|Admin Console||Authentication|Authentication request|2|rt=1662450555555 suser=<user_name> sntdom=<domain_name> shost=n/a src=null destinationServiceName= dhost=<ip> dntdom=n/a app=LDAP cs1Label=SilverfortReqRisk cs1=Low cs2Label=SilverfortReqResult cs2=Allowed cs3Label=SilverfortPolicyAction cs3=n/a cs4Label=SilverfortPolicyId cs4=-1 cs5Label=SilverfortMfaResponse cs5=n/a cs6Label=SilverfortMfaResponseTime cs6=n/a cs7Label=SilverfortReqRiskIndicators cs7=Suspected_service_account cs8Label=SilverfortPolicyName cs8=n/a