Overview

Hunters Supported Products Matrix explained:

The Hunters Supported Products Matrix encapsulates all of the different data types supported by the Hunters platform for ingestion. These range from cloud data types based on various APIs (e.g., Okta) and up to on-premise data types (e.g., Windows Event Logs).

The matrix comprises of the following columns:

  • Vendor / Product

  • Source

  • Supported Collection

  • Supported Format

Vendor / Product

The technology or product supported by Hunters for ingestion.

Source

Whether the collection of the data type is on-premise or cloud-based (e.g., Blob Storage or API).

Cloud

Some data types are based solely on inherent cloud infrastructure, such as different Cloud Infrastructure providers, or different vendors and SaaS technologies. Therefore, these are collected from a cloud infrastructure rather than on-premise.

On-Premise

While many technologies today have external APIs which allow for an effective data collection, some technologies still reside inside the network, and require the utilization of a log forwarding infrastructure to allow for the shipping of such data. Such on-premise technologies are denoted in this list as On-Premise. For a recommendation of log forwarding infrastructure and how to set it up for your organization, please see the following resource.

Supported Collection

The supported methods of collecting the logs.

Example: If a particular product has an API, yet under the Supported Collection only S3 Bucket is listed - It means Hunters does not currently support collecting directly from the API, and requires the files to reside in S3, in their proper expected format (see next bullet).

The collection from some vendors/technologies may still be considered to be under BETA support, and is utilized by Hunters next-generation ingestion infrastructure consisting of generic API collector such as Pullers or Streamers. While such collection methods may be utilized by Hunters for the ingestion of some log types, it is considered BETA and may not meet GA quality (e.g., performance, monitoring etc.).

Supported Format

Many technologies may have different ways of shipping their logs, whether it is CEF, CSV, NDJSON and so on. For each technology or product, it is stated what format is currently supported by Hunters.

Note: A specific technology is considered fully supported by Hunters only when all requirements of the Supported Collection and Supported Format have been met.

Supported Products

Below is a list of all products with their respective currently supported collection methods and formats.

API Security

Vendor / Product

Source

Supported Collection

Supported Format

NoName Security

Cloud

API

NDJSON

Salt Security

Cloud

Vendor Ingestion

Snowflake-direct

Cloud Infrastructure

Vendor / Product

Source

Supported Collection

Supported Format

AWS CloudTrail

Cloud

Blob Storage

JSON

AWS Config Snapshot

Cloud

Blob Storage

JSON

AWS VPC Flow Logs

Cloud

Blob Storage

CSV

AWS Guard Duty

Cloud

Blob Storage

NDJSON

AWS ELB Access Logs

Cloud

Blob Storage

CSV

AWS WAF

Cloud

Blob Storage

NDJSON

AWS Route53 Resolver Query Logs

Cloud

Blob Storage

NDJSON

Aqua Security

Cloud

API

NDJSON

GCP Audit Logs

Cloud

Topic (BETA) / Blob Storage

NDJSON

GCP Security Command Center Assets

Cloud

Topic (BETA) / Blob Storage

NDJSON

GCP Security Command Center Findings

Cloud

Topic (BETA) / Blob Storage

NDJSON

Microsoft Azure Activity

Cloud

Blob Storage

NDJSON

Microsoft Azure Signin

Cloud

Blob Storage

NDJSON

Microsoft Azure Audit

Cloud

Blob Storage

NDJSON

Microsoft Azure NSG Flow

Cloud

Blob Storage

NDJSON

Container Infrastructure

Vendor / Product

Source

Supported Collection

Supported Format

Sysdig

Cloud

Blob Storage

NDJSON

Cloud Security Posture Management (CSPM)

Vendor / Product

Type

Supported Collection

Supported Format

Orca

Cloud

Webhook (BETA) / Blob Storage

NDJSON

Wiz

Cloud

Webhook (BETA) / Blob Storage

NDJSON

Lacework

Cloud

Blob Storage

NDJSON

Prisma Cloud

Cloud

Blob Storage

JSON

Email Security

Vendor / Product

Type

Supported Collection

Supported Format

Abnormal Security

Cloud

API

NDJSON

Agari Phishing Defense

Cloud

API

NDJSON

Cyren

Cloud

API / Blob Storage

NDJSON

FireEye EX

On-Premise

Blob Storage

NDJSON

Mimecast

Cloud

API

KEY-VALUE/ NDJSON

PerceptionPoint

Cloud

API

NDJSON

ProofPoint

Cloud

API, Blob Storage

NDJSON

Endpoint Management and EDR

Vendor / Product

Type

Supported Collection

Supported Format

Cisco Secure Endpoint (AMP)

Cloud

API

NDJSON

CrowdStrike

Cloud

FDR (Blob Storage), API

NDJSON

Cybereason

Cloud

API

NDJSON

Jamf

Cloud

API

NDJSON

Kaspersky Anti Virus (KAV)

On-Premise

Blob Storage

KEY-VALUE

Microsoft Defender for Endpoint

Cloud

Blob Storage

NDJSON

OSQuery

Cloud

Blob Storage

NDJSON

SentinelOne

Cloud

Blob Storage, API

NDJSON

Sophos Central

Cloud

API

NDJSON

Symantec

On-Premise

Blob Storage

KEY-VALUE

VMware Carbon Black

Cloud

Blob Storage, API

API Native

Enterprise Collaboration Software

Vendor / Product

Type

Supported Collection

Supported Format

Github

Cloud

Blob Storage

NDJSON

Google Workspace

Cloud

API

NDJSON

Zoom

Cloud

API

NDJSON

Office365

Cloud

Blob Storage

NDJSON

Atlassian

Cloud

API

NDJSON

Identity and Access Management

Vendor / Product

Type

Supported Collection

Supported Format

1Password

Cloud

API

NDJSON

Active Directory Users

On-Premise

Blob Storage

CSV

Duo

Cloud

Blob Storage

JSON

LastPass

Cloud

Blob Storage

NDJSON

Okta

Cloud

API

NDJSON

OneLogin

Cloud

API

NDJSON

PingID

Cloud

API

NDJSON

JumpCloud

Cloud

API

NDJSON

Silverfort

Cloud

Blob Storage

CEF

Network Security

Vendor / Product

Type

Supported Collection

Supported Format

Alert Logic WSM

On-Premise

Blob Storage

NDJSON

Cato Networks

On-Premise

API

NDJSON

Check Point

On-Premise

Blob Storage

SYSLOG

Cisco ASA

On-Premise

Blob Storage

TEXT

Cisco AnyConnent NVM

On-Premise

Blob Storage

JSON

Cisco Meraki

Cloud

API

NDJSON

Cisco Umbrella

Cloud

Blob Storage

CSV (without header)

Cloudflare

Cloud

Blob Storage

NDJSON

Corelight Suricata Alerts

On-Premise

Blob Storage

JSON

DarkTrace

Cloud/On-Premise

API

NDJSON

FireEye NX

On-Premise

Blob Storage

NDJSON

Fortinet Firewall

On-Premise

Blob Storage

KEY-VALUE

HTTP Server-side W3C logging

Cloud

Blob Storage

CSV

iboss

On-Premise

Blob Storage

CSV

InfoBlox

On-Premise

Blob Storage

TEXT

Juniper Firewall

On-Premise

Blob Storage

SYSLOG

Netskope

Cloud

Blob Storage

NDJSON

Palo Alto Networks Firewall

On-Premise

Blob Storage

CSV

PerimeterX Bot Defender

Cloud

Blob Storage

NDJSON

ProtectWise

Cloud

Blob Storage

TEXT

SonicWall

On-Premise

Blob Storage

KEY-VALUE

Squid

Cloud

Blob Storage

CSV (without header)

Windows Firewall Logs

On-Premise

Blob Storage

CSV (without header)

Zscaler ZIA

Cloud

Blob Storage

RSA, NSS

Zscaler ZPA

Cloud

Blob Storage

NDJSON

Zeek Logs

On-Premise

Blob Storage

CSV, NDJSON

Operating Systems

Vendor / Product

Type

Supported Collection

Supported Format

Auditd

On-Premise

Blob Storage

TEXT

Microsoft Windows Event Logs

On-Premise

Blob Storage

NDJSON, CSV, XML

Linux Logs

On-Premise

Blob Storage

NDJSON

Privileged Access Management

Vendor / Product

Type

Supported Collection

Supported Format

CyberArk

On-Premise

Blob Storage

CEF

Thycotic

On-Premise

Blob Storage

CEF

Threat Intelligence Platform

Vendor / Product

Type

Supported Collection

Supported Format

Anomali Intelligence

Cloud

API

NDJSON

TruStar

Cloud

API

NDJSON

Vulnerability Management

Vendor / Product

Type

Supported Collection

Supported Format

EdgeScan

Cloud

API

NDJSON

Tenable.io

Cloud

API

NDJSON

Qualys

Cloud

API

XML

Other

Vendor / Product

Type

Supported Collection

Supported Format

Claroty

On-Premise

Blob Storage

CEF

Illusive Active Defense Suite

On-Premise

Blob Storage

CEF

ManageEngine ADAudit Plus

On-Premise

Blob Storage

KEY-VALUE

strongdm

Cloud

Blob Storage

NDJSON

Windows DNS Debug Logs

On-Premise

Blob Storage

TEXT