Overview

strongDM is a proxy that centralises access to databases, servers, data centers, clusters, and web apps.

Integrating this datasource to Hunters will allow conducting investigations and threat hunting across your data.

For more information on the available audit log types, please review strongDM’s audit interface documentation.

Supported data types

  • strongDM Audit Activity - the activity log with optional support for following the live log

  • strongDM Audit Datasources - holds the datasources information and thier settings.

  • strongDM Audit Permissions -holds the exact permissions each user has.

  • strongDM Audit Queries - extracts the query log with optional support for following the live log

  • strongDM Audit Tokens - a list of all admin tokens.

  • strongDM Audit Users - a list of all the users, their respective roles etc.

Sending data to Hunters

StrongDM’s Activity and Queries logs can be collected periodically using the sdm cli as explained here.
Once uploaded to the bucket of your choice (e.g. to a S3 bucket or an Azure Blob Storage), Hunters will collect the data and ingest it.