Supported Products

Overview

Hunters Supported Products Matrix explained:

The Hunters Supported Products Matrix encapsulates all of the different data types supported by the Hunters platform for ingestion. These range from cloud data types based on various APIs (e.g., Okta) and up to on-premise data types (e.g., Windows Event Logs).

The matrix comprises of the following columns:

Vendor / Product
Source
Supported Collection
Supported Format

Vendor / Product

The technology or product supported by Hunters for ingestion.

Source

Whether the collection of the data type is on-premise or cloud-based (e.g., Blob Storage or API).

Cloud

Some data types are based solely on inherent cloud infrastructure, such as different Cloud Infrastructure providers, or different vendors and SaaS technologies. Therefore, these are collected from a cloud infrastructure rather than on-premise.

On-Premise

While many technologies today have external APIs which allow for an effective data collection, some technologies still reside inside the network, and require the utilization of a log forwarding infrastructure to allow for the shipping of such data. Such on-premise technologies are denoted in this list as On-Premise. For a recommendation of log forwarding infrastructure and how to set it up for your organization, please see the following resource.

Supported Collection

The supported methods of collecting the logs.

Example: If a particular product has an API, yet under the Supported Collection only S3 Bucket is listed - It means Hunters does not currently support collecting directly from the API, and requires the files to reside in S3, in their proper expected format (see next bullet).

The collection from some vendors/technologies may still be considered to be under BETA support, and is utilized by Hunters next-generation ingestion infrastructure consisting of generic API collector such as Pullers or Streamers. While such collection methods may be utilized by Hunters for the ingestion of some log types, it is considered BETA and may not meet GA quality (e.g., performance, monitoring etc.).

Supported Format

Many technologies may have different ways of shipping their logs, whether it is CEF, CSV, NDJSON and so on. For each technology or product, it is stated what format is currently supported by Hunters.

Note: A specific technology is considered fully supported by Hunters only when all requirements of the Supported Collection and Supported Format have been met.

Supported Products

Below is a list of all products with their respective currently supported collection methods and formats.

API Security
Vendor / Product	Source	Supported Collection	Supported Format
NoName Security	Cloud	API	NDJSON
Salt Security	Cloud	Vendor Ingestion	Snowflake-direct

Cloud Infrastructure
Vendor / Product	Source	Supported Collection	Supported Format
AWS CloudTrail	Cloud	Blob Storage	JSON
AWS Config Snapshot	Cloud	Blob Storage	JSON
AWS VPC Flow Logs	Cloud	Blob Storage	CSV
AWS Guard Duty	Cloud	Blob Storage	NDJSON
AWS ELB Access Logs	Cloud	Blob Storage	CSV
AWS WAF	Cloud	Blob Storage	NDJSON
AWS Route53 Resolver Query Logs	Cloud	Blob Storage	NDJSON
Aqua Security	Cloud	API	NDJSON
GCP Audit Logs	Cloud	Topic (BETA) / Blob Storage	NDJSON
GCP Security Command Center Assets	Cloud	Topic (BETA) / Blob Storage	NDJSON
GCP Security Command Center Findings	Cloud	Topic (BETA) / Blob Storage	NDJSON
Microsoft Azure Activity	Cloud	Blob Storage	NDJSON
Microsoft Azure Signin	Cloud	Blob Storage	NDJSON
Microsoft Azure Audit	Cloud	Blob Storage	NDJSON
Microsoft Azure NSG Flow	Cloud	Blob Storage	NDJSON

Container Infrastructure
Vendor / Product	Source	Supported Collection	Supported Format
Sysdig	Cloud	Blob Storage	NDJSON

Cloud Security Posture Management (CSPM)
Vendor / Product	Type	Supported Collection	Supported Format
Orca	Cloud	Webhook (BETA) / Blob Storage	NDJSON
Wiz	Cloud	Webhook (BETA) / Blob Storage	NDJSON
Lacework	Cloud	Blob Storage	NDJSON
Prisma Cloud	Cloud	Blob Storage	JSON

Email Security
Vendor / Product	Type	Supported Collection	Supported Format
Abnormal Security	Cloud	API	NDJSON
Agari Phishing Defense	Cloud	API	NDJSON
Cyren	Cloud	API / Blob Storage	NDJSON
FireEye EX	On-Premise	Blob Storage	NDJSON
Mimecast	Cloud	API	KEY-VALUE/ NDJSON
PerceptionPoint	Cloud	API	NDJSON
ProofPoint	Cloud	API, Blob Storage	NDJSON

Endpoint Management and EDR
Vendor / Product	Type	Supported Collection	Supported Format
Cisco Secure Endpoint (AMP)	Cloud	API	NDJSON
CrowdStrike	Cloud	FDR (Blob Storage), API	NDJSON
Cybereason	Cloud	API	NDJSON
Jamf	Cloud	API	NDJSON
Kaspersky Anti Virus (KAV)	On-Premise	Blob Storage	KEY-VALUE
Microsoft Defender for Endpoint	Cloud	Blob Storage	NDJSON
OSQuery	Cloud	Blob Storage	NDJSON
SentinelOne	Cloud	Blob Storage, API	NDJSON
Sophos Central	Cloud	API	NDJSON
Symantec	On-Premise	Blob Storage	KEY-VALUE
VMware Carbon Black	Cloud	Blob Storage, API	API Native

Enterprise Collaboration Software
Vendor / Product	Type	Supported Collection	Supported Format
Github	Cloud	Blob Storage	NDJSON
Google Workspace	Cloud	API	NDJSON
Zoom	Cloud	API	NDJSON
Office365	Cloud	Blob Storage	NDJSON
Atlassian	Cloud	API	NDJSON

Identity and Access Management
Vendor / Product	Type	Supported Collection	Supported Format
1Password	Cloud	API	NDJSON
Active Directory Users	On-Premise	Blob Storage	CSV
Duo	Cloud	Blob Storage	JSON
LastPass	Cloud	Blob Storage	NDJSON
Okta	Cloud	API	NDJSON
OneLogin	Cloud	API	NDJSON
PingID	Cloud	API	NDJSON
JumpCloud	Cloud	API	NDJSON
Silverfort	Cloud	Blob Storage	CEF

Network Security
Vendor / Product	Type	Supported Collection	Supported Format
Alert Logic WSM	On-Premise	Blob Storage	NDJSON
Cato Networks	On-Premise	API	NDJSON
Check Point	On-Premise	Blob Storage	SYSLOG
Cisco ASA	On-Premise	Blob Storage	TEXT
Cisco AnyConnent NVM	On-Premise	Blob Storage	JSON
Cisco Meraki	Cloud	API	NDJSON
Cisco Umbrella	Cloud	Blob Storage	CSV (without header)
Cloudflare	Cloud	Blob Storage	NDJSON
Corelight Suricata Alerts	On-Premise	Blob Storage	JSON
DarkTrace	Cloud/On-Premise	API	NDJSON
FireEye NX	On-Premise	Blob Storage	NDJSON
Fortinet Firewall	On-Premise	Blob Storage	KEY-VALUE
HTTP Server-side W3C logging	Cloud	Blob Storage	CSV
iboss	On-Premise	Blob Storage	CSV
InfoBlox	On-Premise	Blob Storage	TEXT
Juniper Firewall	On-Premise	Blob Storage	SYSLOG
Netskope	Cloud	Blob Storage	NDJSON
Palo Alto Networks Firewall	On-Premise	Blob Storage	CSV
PerimeterX Bot Defender	Cloud	Blob Storage	NDJSON
ProtectWise	Cloud	Blob Storage	TEXT
SonicWall	On-Premise	Blob Storage	KEY-VALUE
Squid	Cloud	Blob Storage	CSV (without header)
Windows Firewall Logs	On-Premise	Blob Storage	CSV (without header)
Zscaler ZIA	Cloud	Blob Storage	RSA, NSS
Zscaler ZPA	Cloud	Blob Storage	NDJSON
Zeek Logs	On-Premise	Blob Storage	CSV, NDJSON

Operating Systems
Vendor / Product	Type	Supported Collection	Supported Format
Auditd	On-Premise	Blob Storage	TEXT
Microsoft Windows Event Logs	On-Premise	Blob Storage	NDJSON, CSV, XML
Linux Logs	On-Premise	Blob Storage	NDJSON

Privileged Access Management
Vendor / Product	Type	Supported Collection	Supported Format
CyberArk	On-Premise	Blob Storage	CEF
Thycotic	On-Premise	Blob Storage	CEF

Threat Intelligence Platform
Vendor / Product	Type	Supported Collection	Supported Format
Anomali Intelligence	Cloud	API	NDJSON
TruStar	Cloud	API	NDJSON

Vulnerability Management
Vendor / Product	Type	Supported Collection	Supported Format
EdgeScan	Cloud	API	NDJSON
Tenable.io	Cloud	API	NDJSON
Qualys	Cloud	API	XML

Other
Vendor / Product	Type	Supported Collection	Supported Format
Claroty	On-Premise	Blob Storage	CEF
Illusive Active Defense Suite	On-Premise	Blob Storage	CEF
ManageEngine ADAudit Plus	On-Premise	Blob Storage	KEY-VALUE
strongdm	Cloud	Blob Storage	NDJSON
Windows DNS Debug Logs	On-Premise	Blob Storage	TEXT