HUNTERS INTEGRATIONS
1Password
1Password is a password manager that stores encrypted passwords online.
Abnormal
Abnormal is an email protection company, whose products are aimed at protecting against phishing, business email compromise scams and other advanced email threats.
abuse.ch
abuse.ch is a research project at the Institute for Cybersecurity and Engineering (ICE) to identify and track cyber threats, with a strong focus on malware and botnets.
Agari Phishing Defense
Agari is an email protection product, protecting against phishing, business email compromise scams and other advanced email threats.
Alert Logic WSM
The Alert Logic Managed Web Application Firewall (WAF) Out-of-Band WAF monitors your web traffic and logs web violations but does not block any requests.
AlienVault OTX
AlienVault Open Threat Exchange (OTX) is the world’s largest open threat intelligence community, enabling collaborative defense with actionable, community-powered threat data.
Anomali Intelligence
Anomali delivers intelligence-driven cybersecurity solutions, including ThreatStream, Match, and Lens.
Apache2
Apache2 is a popular open-source web server software that is used to serve web content on the internet.
Appgate
Appgate SDP is a Zero Trust Network Access (ZTNA) solution. ZTNA is an IT security solution that provides secure remote access to an organization’s applications, data, and services based on clearly defined access control policies.
Aqua
Aqua is a cloud security and compliance tool combining all of your cloud assets from AWS, Azure, and GCP.
Armorblox
Armorblox is a cloud office security platform that protects enterprise communications across email, messaging, and file-sharing services using natural language understanding.
Atlassian
Atlassian is a software company that develops products for software developers, project managers and other software development teams.
AWS
AWS logs provide unique and crucial visibility into the activities and resources in an organization’s AWS environment. Hunters ingests logs from AWS Config, AWS Cloudtrail, AWS VPC Flow, and AWS WAF.
Bind DNS
BIND DNS is a complete implementation of the DNS protocol. BIND 9 can be configured as an authoritative name server, a resolver, and, on supported hosts, a stub resolver.
Broadcom Secure Access Cloud (Luminate)
Broadcom Secure Access Cloud is a SaaS solution that enables more secure and granular access management to corporate resources hosted on-premises or in the cloud.
Cato Networks
Cato Networks is a networks, cloud and endpoint management and security platform, categorized as a Secure Access Service Edge (SASE platform).
Check Point
Check Point Software Technologies Ltd. provides cyber security solutions to governments and corporate enterprises globally. All Check Point Security Logs are supported by Hunters.
Cisco AnyConnect NVM
Cisco AnyConnect NVM (Network Visibility Module) is an endpoint product by Cisco, used for monitoring network activity.
Cisco Firewall
Cisco have several network appliances that allow network monitoring and inspection, protecting corporate networks and data centers, such as Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense.
Cisco Meraki
Meraki devices can act as different classic devices at once, and as such provide multiple log types which are relevant for detection and context enrichment during automatic investigations, such as firewall logs, DHCP logs, and DNS logs.
Cisco Secure Endpoint (AMP)
Cisco AMP (Advanced Malware Protection) is an EDR designed to prevent, detect, and help remove threats from computer systems.
Cisco Umbrella
Umbrella is a cloud-delivered service giving organizations visibility to protect users across all network devices.
Citrix Netscaler
Citrix NetScaler is an Application Delivery Controller (ADC) created to optimize, manage, and secure network traffic. It analyzes application-specific traffic to distribute, optimize, and protect L4–L7 network traffic.
Claroty
Claroty's Extended Internet of Things (XIoT) platform secures physical systems across industrial, healthcare, and enterprise environments.
Cloudflare
CloudFlare HTTP data is used in the Hunters Pipeline for detection and investigation related to HTTP requests to relevant appliances in the organization's network.
Code42
Code 42 is a SaaS platform aimed to log and detect data loss (through documents being copied/moved/made accessible to the wrong persons), and respond accordingly.
Corelight Suricata Alerts
Corelight’s Suricata + Zeek integration provides rich, pivotable network data to everyone in the SOC.
CrowdStrike
Hunters seamlessly ingests rich endpoint telemetry from the Falcon platform as well as organizational data and security telemetry from any existing data source in the organization.
CyberArk
CyberArk's Privileged Access Manager is a full life-cycle solution for managing the most privileged accounts and SSH Keys in the enterprise.
Cybereason
Cybereason provides a next-generation antivirus (NGAV) solution that safeguards company endpoints against highly advanced and unknown security threats, including ransomware and fileless attacks.
Cyren
Cyren offers email security software that can protect businesses and users from phishing attacks and data loss.
DarkTrace
Darktrace empowers defenders to reduce risk and minimize cyber disruption. Its Self-Learning AI technology develops a deep and evolving understanding of your bespoke organization, allowing it to prevent, detect, and respond to unpredictable cyber-attacks across the entire digital environment – from cloud and email to endpoints and OT networks.
Duo
Duo is a user-centric access security platform that provides two-factor authentication. Two-factor authentication adds a second layer of security to your online accounts.
Edgescan
Edgescan provides vulnerability management solutions using a "software as a service" model. It has added cloud-based compliance and web application security offerings.
F5 VPN
F5 BIG-IP log files include important diagnostic information about the events that are occurring on the BIG-IP system.
FireEye EX
FireEye Email Security helps organizations minimize breaches caused by advanced email attacks. Email Security combines intelligence-led context and detection plug-ins to unearth malicious and benign phishing URLs on a big data, scalable platform.
FireEye NX
FireEye Network Security is a cyber threat protection solution that helps organizations minimize the risk of breaches by detecting and stopping advanced, targeted and other evasive attacks hiding in Internet traffic.
Fortinet Firewall
Fortinet Firewall is a network appliance by Fortinet which enhances various network security capabilities.
Github
GitHub, Inc. is a provider of Internet hosting for software development and version control using Git. Organizations that manage their code on GitHub may view and export various logs regarding the platform.
Google Cloud Platform
Google Cloud Platform logs provide unique and crucial visibility into the activities and resources in an organization’s GCP environment. Hunters ingests several data sources from GCP, including Audit logs, Security Command Center Assets, and Security Command Center Findings.
Google Workspace
Hunters ingests logs for various Gsuite applications, alerts created by Gsuite, and a snapshot of all users in the Gsuite account.
GreyNoise
GreyNoise captures data on IPs that saturate security tools with internet noise so SOC teams can focus on threats that matter and ignore those that don't.
iboss
iboss is a cloud security company that provides a secure access service edge (SASE) solution.
Illusive Active Defense Suite
Illusive IRM (Identity Risk Management) is an Identity oriented security product mainly designed to stop ransomware attacks and other identity theft attack vectors.
InfoBlox
InfoBlox is a network security appliance that concentrates on DNS, DHCP, and IPAM (IP Address Management), from both on-prem and cloud sources.
IntSights
IntSights External Threat Protection (ETP) delivers enterprise-grade external threat intelligence that is contextualized, prioritized, actionable, and can be deployed in as little as 24 hours.
Jamf
Jamf is the most prominent way to manage MacOS devices in an enterprise organization. Logs pulled from the Jamf API provide important information regarding the MacOS devices used in the organization.
Jumpcloud
JumpCloud is a cloud directory service that securely manages and connects users to their IT resources, including systems, servers, applications, and more.
Juniper Firewall
Juniper Firewalls support next-generation firewall capabilities such as intrusion prevention, application visibility and control, and content security features that include anti-virus, anti-spam, and Web filtering.
Kaspersky Anti Virus (KAV)
Kaspersky Anti-Virus (KAV) guards you from threats like ransomware, cryptolockers & hackers.
Lacework
Lacework is a data-driven security platform for the cloud that collects and analyses various logs and telemetries for the main cloud vendors (AWS, Azure, GCP, etc.).
LastPass
LastPass is a freemium password manager that stores encrypted passwords online. After the data is ingested, Hunters reads the data from the shared bucket, parses it and allows the usage of this source to protect your users and your network in a more comprehensive way.
Linux Auditd
auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk.
ManageEngine ADAudit Plus
ADAudit Plus helps keep your Windows Server ecosystem secure and compliant by providing full visibility into all activities. ADAP does so by collecting event log data from most of your environment’s licensed components, creating Alerts and Reports above it.
McAfee MVISION Cloud
McAfee Mvision (former Skyhigh CASB) is a cloud access security broker that protects data and stops threats in the cloud across SaaS, PaaS, and IaaS from a single, cloud-native enforcement point.
Microsoft Azure
Azure logs provide unique and crucial visibility into the activities and resources in an organization's Azure environment. Hunters supports multiple Azure data sources, including Azure Activity Log, Sign In Log, Audit Log, and NSG Flow Log.
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is Microsoft’s EDR, collecting various logs from endpoints with MDATP agents - Devices Info, Process Info, Network Events, and more.
Microsoft Exchange
Microsoft Exchange is an email product by Microsoft. In Exchange Server, mail flow occurs through the transport pipeline.
Mimecast
Mimecast is a company specializing in cloud-based email management for Microsoft Exchange and Microsoft Office 365, including security, archiving, and continuity services to protect business mail.
NetFlow
NetFlow is a network protocol developed by Cisco for collecting IP traffic information and monitoring network flow.
Netskope
Netskope delivers a modern cloud security stack, with unified capabilities for data and threat protection, plus secure private access.
NoName Security
Noname is a cyber security company that provides an API security solution.
Office365
Office365 is Microsoft's online productivity suite. Hunters ingests logs with a variety of content types from Office365.
Okta
For organizations that utilize Okta as their SSO provider, it is usually a crucial component in providing regulated access for all organizational users to all relevant Cloud and SaaS resources. In some cases it is even used to manage access to internal organizational resources.
OneLogin
Hunters supports ingestion of OneLogin events, based on Webhooks. This is a straightforward process which will allow Hunters to ingest your OneLogin events into the platform.
OpenVPN
OpenVPN is a VPN system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.
Orca
Orca is an agentless cloud security and compliance tool combining all your cloud assets from AWS, Azure, and GCP.
OSQuery
Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive.
Palo Alto Networks Firewall
Palo Alto Networks next-generation firewalls detect known and unknown threats, including in encrypted traffic, using intelligence generated across many thousands of customer deployments.
PerceptionPoint
PerceptionPoint is a Prevention-as-a-Service company, offering fast interception of any content-based attack across all channels, including email, S3, and Dropbox.
PerimeterX Bot Defender
PerimeterX Bot Defender logs contain entries of website access to protected APIs, including blocked information.
PingID
PingOne is a cloud identity solution that orchestrates adaptive authentication and access services to connect employees across any application, any directory and any device.
Prisma Cloud
Prisma Cloud CSPM is a Cloud protection platform. Prisma inspects cloud products - AWS and Azure assets, for example - and identifies vulnerabilities and mis-configurations.
ProofPoint
Huters ingests various Proofpoint products, including On Demand (email cloud data service), Targeted Attack Protection (email cloud protection service), and Email Gateway (on-premise server logs).
ProtectWise
ProtectWise is a cloud-powered security company that provides Network Detection and Response (NDR) services.
PulseSecure
PulseSecure is a VPN system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.
Qualys
Qualys provides SaaS solutions in cloud security, compliance, and vulnerability management.
SentinelOne
SentinelOne offers solutions that deliver real-time endpoint protection, detection and response, and monitors IoT frameworks for vulnerabilities. These solutions also provide features and leverage the cloud for scalability.
Silverfort
Silverfort’s platform monitors all human and machine access requests in real time, to prevent unauthorized access to all sensitive assets.
Slack
Slack is the collaboration hub that brings the right people, information, and tools together to get work done.
SonicWall
SonicWall Firewall is a network appliance by SonicWall which enhances various network security capabilities.
Sophos Central
Sophos Central is a single cloud management solution for all your Sophos next-gen technologies: endpoint, server, mobile, firewall, ZTNA, email, and so much more.
Splunk Intelligence Management (TruStar)
Splunk Intelligence Management aims to break down data silos within and across enterprises to align security effectiveness with business objectives.
Squid Proxy
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.
strongDM
strongDM is a proxy that centralises access to databases, servers, data centers, clusters, and web apps.
Symantec
Symantec protects all your traditional and mobile endpoint devices with innovative technologies for attack surface reduction, attack prevention, breach prevention, and detection and response.
Sysdig
Sysdig Secure provides unified security and compliance for containers, Kubernetes and cloud. Sysdig logs are used by Hunters to populate alerts by Sysdig, as well as to allow advanced investigation over your Container assets.
Tenable.io
Powered by Nessus technology, Tenable.io is Tenable’s cloud-based vulnerability management and coverage. It scans and analyzes assets of many types and gathers data on vulnerabilities on them.
ThreatX
ThreatX WAF is a Cloud Native WAF product that delivers protection across apps and APIs. It separates the enterprise network from the Internet blocks Web requests from outside that targets the Customers' internal Web Servers.
Thycotic
Thycotic Secret Server is an enterprise Privileged Access Management (PAM) solution, available both on-premise and in the cloud.
Tines
Tines is a no-code security workflow automation tool that allows users to automate complex workflows unique to their business.
Torq
Torq is a ground-up reinvention of what automation for security should be: automation that transforms how security teams work, by making it easier for them to deliver better protection, faster.
VirusTotal
VirusTotal's threat intelligence dataset contains notions such as malware samples, URLs, domains and IP addresses according to binary properties, and many others.
VMware Carbon Black
Carbon Black products provide critical raw data OS-level telemetry from hosts (endpoints or servers). These telemetries include process creation events, network connection events, DNS requests, file events, and much more.
Windows Firewall Logs
Windows Firewall logs allow you to monitor any dropped or successful connections by the firewall.
Wiz
Wiz's platform analyzes computing infrastructure for combinations of risk factors that could allow malicious actors to gain control of assets and/or exfiltrate valuable data.
Zeek Logs
Zeek is a passive, open-source network traffic analyzer, used by many vendors (such as Corelight) as a Network Security Monitor to support investigations of suspicious or malicious activity.
ZeroFox
ZeroFox is a threat intelligence SaaS platform that uses diverse data sources and artificial intelligence-based analysis to identify and remediate cyber attacks.
Zoom
Zoom's secure, reliable video platform powers all of your communication needs, including meetings, chat, phone, webinars, and online events.
Zscaler
Zscaler is a cloud security company that provides Security Service Edge (SSE) solution. Hunters ingests both ZIA (Zscaler Internet Access) and ZPA (Zscaler Private Access) logs.