This article explains how to ingest to Hunters your Thycotic Secret server Logs.

Ingestion to Hunters

For Hunters to integrate with your Thycotic Logs, the logs should be collected to a an S3 bucket shared with Hunters.

Supported Format

  • Example of CEF-formatted expected log:

Aug 18 14:28:06 sv-thyss CEF:0|Thycotic Software|Secret Server|8.6.000010|18|USER - LOGINFAILURE|2|msg=[SecretServer] Event: [User] Action: [Login Failure] By User: domain.local\\John Snow Item Name: domain.local\\John Snow suid=6 suser=domain.local\\John Snow duser=domain.local\\John Snow duid=6 fname=domain.local\\John Snow fileType=User fileId=6 src= rt=Aug 18 2014 14:28:03