HUNTERS INTEGRATIONS
1Password
1Password is a password manager that stores encrypted passwords online.
Abnormal Security
Abnormal's cloud email security platform protects enterprises from targeted email attacks.
abuse.ch
abuse.ch is a research project at the Institute for Cybersecurity and Engineering (ICE) to identify and track cyber threats, with a strong focus on malware and botnets.
Acalvio Technologies
Acalvio, the leader in cyber deception technology, helps enterprises actively defend against threats.
Agari Phishing Defense
Agari is an email protection product, protecting against phishing, business email compromise scams and other advanced email threats.
Alert Logic WSM
The Alert Logic Managed Web Application Firewall (WAF) Out-of-Band WAF monitors your web traffic and logs web violations but does not block any requests.
Alibaba Cloud
Alibaba Cloud’s logging tools, like Log Service and ActionTrail, are vital for monitoring, diagnosing, and responding to incidents. They help track user actions, manage risks, ensure compliance, and detect security threats.
AlienVault OTX
AlienVault Open Threat Exchange (OTX) is the world’s largest open threat intelligence community, enabling collaborative defense with actionable, community-powered threat data.
Anomali Intelligence
Anomali delivers intelligence-driven cybersecurity solutions, including ThreatStream, Match, and Lens.
Apache2
Apache2 is a popular open-source web server software that is used to serve web content on the internet.
Appgate
Appgate SDP is a Zero Trust Network Access (ZTNA) solution. ZTNA is an IT security solution that provides secure remote access to an organization’s applications, data, and services based on clearly defined access control policies.
Aqua
Aqua is a cloud security and compliance tool combining all of your cloud assets from AWS, Azure, and GCP.
Area 1
Cloudflare Area 1 comprehensively defends against sophisticated threats by stopping phish at the earliest stages of the attack cycle.
Armis
Armis, the asset intelligence cybersecurity company, protects the entire attack surface and manages the organization’s cyber risk exposure in real time.
Armorblox
Armorblox is a cloud office security platform that protects enterprise communications across email, messaging, and file-sharing services using natural language understanding.
Atlassian
Atlassian is a software company that develops products for software developers, project managers and other software development teams.
Auth0
Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications.
Aviatrix
Aviatrix is a next-generation, multi-cloud networking and security platform that simplifies the management, visibility, and control of cloud networks.
AWS
AWS logs provide unique and crucial visibility into the activities and resources in an organization’s AWS environment. Hunters ingests logs from AWS Config, AWS Cloudtrail, AWS VPC Flow, and AWS WAF.
Axis Security
Axis Security uses SSE to elevate access security and ensure that your connectivity is always in-sync with your business.
Beyond Trust
BeyondTrust is the worldwide leader in intelligent identity and access security. We protect identities, stop threats, and deliver dynamic access.
Bind DNS
BIND DNS is a complete implementation of the DNS protocol. BIND 9 can be configured as an authoritative name server, a resolver, and, on supported hosts, a stub resolver.
Box
Box empowers your teams by making it easy to work with people inside and outside your organization, protect your valuable content, and connect all your apps
Bricata
Bricata's Network Detection and Response (NDR) product is a cybersecurity solution that combines machine learning, full-spectrum threat detection, and automated response capabilities to identify, analyze, and counter network-based threats in real-time.
Broadcom Secure Access Cloud (Luminate)
Broadcom Secure Access Cloud is a SaaS solution that enables more secure and granular access management to corporate resources hosted on-premises or in the cloud.
Cato Networks
Cato Networks is a networks, cloud and endpoint management and security platform, categorized as a Secure Access Service Edge (SASE platform).
Check Point
Check Point Software Technologies Ltd. provides cyber security solutions to governments and corporate enterprises globally. All Check Point Security Logs are supported by Hunters.
Cisco AnyConnect NVM
Cisco AnyConnect NVM (Network Visibility Module) is an endpoint product by Cisco, used for monitoring network activity.
Cisco Firewall
Cisco have several network appliances that allow network monitoring and inspection, protecting corporate networks and data centers, such as Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense.
Cisco Identity Services Engine
The Cisco Identity Services Engine (ISE) offers a network-based approach for adaptable, trusted access everywhere, based on context.
Cisco Meraki
Meraki devices can act as different classic devices at once, and as such provide multiple log types which are relevant for detection and context enrichment during automatic investigations, such as firewall logs, DHCP logs, and DNS logs.
Cisco Secure Endpoint (AMP)
Cisco AMP (Advanced Malware Protection) is an EDR designed to prevent, detect, and help remove threats from computer systems.
Cisco Umbrella
Umbrella is a cloud-delivered service giving organizations visibility to protect users across all network devices.
Citrix Netscaler
Citrix NetScaler is an Application Delivery Controller (ADC) created to optimize, manage, and secure network traffic. It analyzes application-specific traffic to distribute, optimize, and protect L4–L7 network traffic.
Claroty
Claroty's Extended Internet of Things (XIoT) platform secures physical systems across industrial, healthcare, and enterprise environments.
Cloudflare
CloudFlare HTTP data is used in the Hunters Pipeline for detection and investigation related to HTTP requests to relevant appliances in the organization's network.
CloudSEK
CloudSEK is a cybersecurity company specializing in predictive threat intelligence powered by artificial intelligence. It offers solutions like XVigil, which monitors and identifies threats such as data leaks, phishing attacks, and brand impersonation across the web, including the dark and deep web. CloudSEK focuses on proactive risk management, helping organizations mitigate potential threats before they escalate.
Code42
Code 42 is a SaaS platform aimed to log and detect data loss (through documents being copied/moved/made accessible to the wrong persons), and respond accordingly.
Cofense
Cofense, formerly known as PhishMe, is a provider of comprehensive cybersecurity solutions that focus on empowering organizations to detect, respond to, and mitigate phishing threats. Their services include phishing detection and response tools, as well as training and simulation products to enhance employees' awareness and ability to identify phishing attempts.
Corelight Suricata Alerts
Corelight’s Suricata + Zeek integration provides rich, pivotable network data to everyone in the SOC.
CrowdStrike
Hunters seamlessly ingests rich endpoint telemetry from the Falcon platform as well as organizational data and security telemetry from any existing data source in the organization.
CyberArk
CyberArk's Privileged Access Manager is a full life-cycle solution for managing the most privileged accounts and SSH Keys in the enterprise.
Cybereason
Cybereason provides a next-generation antivirus (NGAV) solution that safeguards company endpoints against highly advanced and unknown security threats, including ransomware and fileless attacks.
Cyberhaven
Cyberhaven Sentry collects events as data moves throughout your company and can take real-time action to protect your data from theft, misuse, and exposure
Cyera
Cyera discovers, classifies and protects data across IaaS, PaaS, and SaaS environments.
Cyren
Cyren offers email security software that can protect businesses and users from phishing attacks and data loss.
DarkTrace
Darktrace empowers defenders to reduce risk and minimize cyber disruption. Its Self-Learning AI technology develops a deep and evolving understanding of your bespoke organization, allowing it to prevent, detect, and respond to unpredictable cyber-attacks across the entire digital environment – from cloud and email to endpoints and OT networks.
Databricks
Databricks is a cloud-based data analytics platform that unifies data engineering, science, and machine learning. Built by the creators of Apache Spark, it combines data lake and warehouse capabilities, enabling organizations to manage, process, and analyze data at scale on major cloud providers like AWS, Azure, and Google Cloud.
Duo
Duo is a user-centric access security platform that provides two-factor authentication. Two-factor authentication adds a second layer of security to your online accounts.
Edgescan
Edgescan provides vulnerability management solutions using a "software as a service" model. It has added cloud-based compliance and web application security offerings.
F5 VPN
F5 BIG-IP log files include important diagnostic information about the events that are occurring on the BIG-IP system.
FireEye EX
FireEye Email Security helps organizations minimize breaches caused by advanced email attacks. Email Security combines intelligence-led context and detection plug-ins to unearth malicious and benign phishing URLs on a big data, scalable platform.
FireEye NX
FireEye Network Security is a cyber threat protection solution that helps organizations minimize the risk of breaches by detecting and stopping advanced, targeted and other evasive attacks hiding in Internet traffic.
Fortinet Firewall
Fortinet Firewall is a network appliance by Fortinet which enhances various network security capabilities.
GitHub
GitHub, Inc. is a provider of Internet hosting for software development and version control using Git. Organizations that manage their code on GitHub may view and export various logs regarding the platform.
GitLab
GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager offering wiki, issue-tracking, and CI/CD pipeline features, using an open-source license. It enables collaborative software development and version control, allowing teams to manage projects from planning and source code management to monitoring and security.
Google Cloud Platform
Google Cloud Platform logs provide unique and crucial visibility into the activities and resources in an organization’s GCP environment. Hunters ingests several data sources from GCP, including Audit logs, Security Command Center Assets, and Security Command Center Findings.
Google Workspace
Hunters ingests logs for various Gsuite applications, alerts created by Gsuite, and a snapshot of all users in the Gsuite account.
Harness IO
Harness is the industry’s first Software Delivery Platform to use AI to simplify your DevOps processes - CI, CD & GitOps, Feature Flags, Cloud Costs, and much more.
HPE Aruba Networking
HPE Aruba ClearPass is a powerful network access control (NAC) solution that provides secure, policy-based access for wired, wireless, and VPN networks. It enables organizations to authenticate, authorize, and enforce security policies for users and devices across diverse environments. With features like role-based access control, device profiling, and automated threat responses, ClearPass simplifies managing network security while enhancing visibility and compliance.
iboss
iboss is a cloud security company that provides a secure access service edge (SASE) solution.
Illusive Active Defense Suite
Illusive IRM (Identity Risk Management) is an Identity oriented security product mainly designed to stop ransomware attacks and other identity theft attack vectors.
Imperva
Imperva provides centralized data security across legacy and modern cloud environments by automating detection, protection, and risk response.
InfoBlox
InfoBlox is a network security appliance that concentrates on DNS, DHCP, and IPAM (IP Address Management), from both on-prem and cloud sources.
.svg)
Ironscales
Ironscale offers security professionals and end users an AI-driven, self-learning email security platform that provides a comprehensive solution to stop tomorrow’s phishing attacks today.
Island
Meet Island, the Enterprise Browser that gives you control over SaaS governance, visibility and productivity.
Jamf
Jamf is the most prominent way to manage macOS devices in an enterprise organization. Logs pulled from the Jamf API and Jamf Server provide critical insights into the state of macOS devices across the organization.
Jira
Jira is a powerful project management tool used for tracking tasks, bugs, and workflows. It's popular for agile development, allowing teams to plan, track, and release projects efficiently across various industries.
Jumpcloud
JumpCloud is a cloud directory service that securely manages and connects users to their IT resources, including systems, servers, applications, and more.
Juniper Firewall
Juniper Firewalls support next-generation firewall capabilities such as intrusion prevention, application visibility and control, and content security features that include anti-virus, anti-spam, and Web filtering.
Keeper
Keeper Security transforming the way organizations and individuals protect their passwords and sensitive digital assets to significantly reduce password-related data breaches and cyberthreats. Keeper is the leading provider of zero-knowledge security and encryption software covering password management, secrets management, connection management, dark web monitoring, digital file storage, secret messaging, and more.
Keycloak
Keycloak is an open-source identity and access management solution offering SSO, user management, and support for OAuth 2.0, OpenID Connect, and SAML. It simplifies authentication and authorization for apps with features like social login, multi-factor authentication, and a user-friendly admin console.
Kiteworks
Kiteworks is a secure file sharing and collaboration platform that provides a variety of security features, including advanced threat protection (ATP), data loss prevention (DLP), encryption, and access control.
Kubernetes
Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications.
Lacework
Lacework is a data-driven security platform for the cloud that collects and analyses various logs and telemetries for the main cloud vendors (AWS, Azure, GCP, etc.).
Lansweeper
Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.
LastPass
LastPass is a freemium password manager that stores encrypted passwords online. After the data is ingested, Hunters reads the data from the shared bucket, parses it and allows the usage of this source to protect your users and your network in a more comprehensive way.
Linux Auditd
auditd is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk.
Malwarebytes
Malwarebytes is an anti-malware software for Microsoft Windows, macOS, ChromeOS, Android, and iOS that finds and removes malware.
ManageEngine ADAudit Plus
ADAudit Plus helps keep your Windows Server ecosystem secure and compliant by providing full visibility into all activities. ADAP does so by collecting event log data from most of your environment’s licensed components, creating Alerts and Reports above it.
McAfee MVISION Cloud
McAfee Mvision (former Skyhigh CASB) is a cloud access security broker that protects data and stops threats in the cloud across SaaS, PaaS, and IaaS from a single, cloud-native enforcement point.
Microsoft Azure
Azure logs provide unique and crucial visibility into the activities and resources in an organization's Azure environment. Hunters supports multiple Azure data sources, including Azure Activity Log, Sign In Log, Audit Log, and NSG Flow Log.
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is Microsoft’s EDR, collecting various logs from endpoints with MDATP agents - Devices Info, Process Info, Network Events, and more.
Microsoft Exchange
Microsoft Exchange is an email product by Microsoft. In Exchange Server, mail flow occurs through the transport pipeline.
Microsoft Graph API
The Microsoft Graph API provides a single endpoint to access data and interact with Microsoft 365 services like Azure Active Directory, Teams, Outlook, and OneDrive. It uses RESTful calls to manage resources such as users, groups, messages, and files
Microsoft InTune
Microsoft Intune is a cloud-based endpoint management solution that manages user access and simplifies app and device management across devices, including mobile devices, desktop computers, and virtual endpoints.
Mikrotik
Mikrotik
Mimecast
Mimecast is a company specializing in cloud-based email management for Microsoft Exchange and Microsoft Office 365, including security, archiving, and continuity services to protect business mail.
MOVEit
MOVEit Transfer is a secure managed file transfer (MFT) program designed to provide a reliable, efficient, and secure way to transfer files, manage workflows, and ensure compliance with data security policies.
Mulesoft
MuleSoft provides the easy-to-use tools you need to automate your way to higher productivity and lower costs.
.png?width=67&height=67&name=RR%20Scratchpad%20(4).png)
NetIQ
NetIQ eDirectory is a directory service software that facilitates the centralized management of resources and user identities across different network environments.
Netography
Netography Fusion delivers high-fidelity alerts that identify anomalous or malicious network activity.
Netskope
Netskope delivers a modern cloud security stack, with unified capabilities for data and threat protection, plus secure private access.
NoName Security
Noname is a cyber security company that provides an API security solution.
Nozomi Networks
Nozomi Networks specializes in providing cybersecurity solutions and services, particularly in the areas of operational technology (OT) and Internet of Things (IoT) security.
Office365
Office365 is Microsoft's online productivity suite. Hunters ingests logs with a variety of content types from Office365.
Okta
For organizations that utilize Okta as their SSO provider, it is usually a crucial component in providing regulated access for all organizational users to all relevant Cloud and SaaS resources. In some cases it is even used to manage access to internal organizational resources.
OneLogin
Hunters supports ingestion of OneLogin events, based on Webhooks. This is a straightforward process which will allow Hunters to ingest your OneLogin events into the platform.
Openstack
OpenStack is a free, open standard cloud computing platform. It is mostly deployed as infrastructure-as-a-service (IaaS) in both public and private clouds where virtual servers and other resources are made available to users.
OpenVPN
OpenVPN is a VPN system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.
Orca
Orca is an agentless cloud security and compliance tool combining all your cloud assets from AWS, Azure, and GCP.
OSQuery
Osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive.
Palo Alto Networks Firewall
Palo Alto Networks next-generation firewalls detect known and unknown threats, including in encrypted traffic, using intelligence generated across many thousands of customer deployments.
PerceptionPoint
PerceptionPoint is a Prevention-as-a-Service company, offering fast interception of any content-based attack across all channels, including email, S3, and Dropbox.
PerimeterX Bot Defender
PerimeterX Bot Defender logs contain entries of website access to protected APIs, including blocked information.
pfSense
pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.
PingID
PingOne is a cloud identity solution that orchestrates adaptive authentication and access services to connect employees across any application, any directory and any device.
Prisma Cloud
Prisma Cloud CSPM is a Cloud protection platform. Prisma inspects cloud products - AWS and Azure assets, for example - and identifies vulnerabilities and mis-configurations.
ProofPoint
Hunters ingests various Proofpoint products, including On Demand (email cloud data service), Targeted Attack Protection (email cloud protection service), and Email Gateway (on-premise server logs).
ProtectWise
ProtectWise is a cloud-powered security company that provides Network Detection and Response (NDR) services.
PulseSecure
PulseSecure is a VPN system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.
Qualys
Qualys provides SaaS solutions in cloud security, compliance, and vulnerability management.
SailPoint
SailPoint IdentityNow is a modern SaaS-based Identity Security solution that provides a centralized way to see and control every user’s access to resources across hybrid IT environments while ensuring regulatory compliance.
Salesforce
Salesforce is a cloud-based Customer Relationship Management (CRM) platform that enables businesses to manage customer data, sales operations, and marketing campaigns.
Salt Security
Salt Security is a cyber security company that provides an API security solution.
Integrating your Salt Security logs into the Hunters ecosystem will allow getting alerts from Salt Security into your Hunters portal, as well as investigating threat scenarios over it and getting related Hunters' detections for your tenant.
Integrating your Salt Security logs into the Hunters ecosystem will allow getting alerts from Salt Security into your Hunters portal, as well as investigating threat scenarios over it and getting related Hunters' detections for your tenant.
SAP
SAP is a global leader in enterprise software, known for its solutions that help businesses manage various operations such as finance, logistics, human resources, and supply chain management.
Sempris
Semperis DSP is a solution designed to improve the security of Active Directory environments. It offers various features to detect, prevent, and recover from Active Directory-based attacks such as insider threats, ransomware, and advanced persistent threats (APTs).
SentinelOne
SentinelOne offers solutions that deliver real-time endpoint protection, detection and response, and monitors IoT frameworks for vulnerabilities. These solutions also provide features and leverage the cloud for scalability.
Seraphic Security
Seraphic Security is an enterprise browser security platform that helps organizations protect users and endpoints from compromise via the web, and prevent sensitive data leakage or loss via the browser.
Signal Sciences
The Signal Sciences platform is an application security monitoring system that proactively monitors for malicious and anomalous web traffic directed at your web servers.
Silverfort
Silverfort’s platform monitors all human and machine access requests in real time, to prevent unauthorized access to all sensitive assets.
SilverPeak
Silver Peak, the global SD-WAN leader, delivering the transformational promise of the cloud with a self-driving wide area network
Skyhigh Security
Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.
Slack
Slack is the collaboration hub that brings the right people, information, and tools together to get work done.
Snowflake
Snowflake Audit Logs provide a record of activities within the Snowflake data warehouse, offering insights into user actions, system events, and resource utilization.
In the process of integrating the logs into hunters, the data is fetched using API, normalized into schemas and streamed to Hunters' Data Lake. The Ingestion allows the exploration of this source for overseeing users' usages in the Snowflake warehouse.
In the process of integrating the logs into hunters, the data is fetched using API, normalized into schemas and streamed to Hunters' Data Lake. The Ingestion allows the exploration of this source for overseeing users' usages in the Snowflake warehouse.
Solarwinds Orion
The SolarWinds Orion Platform is a powerful, scalable infrastructure monitoring and management platform designed to simplify IT administration for on-premises, hybrid, and software as a service (SaaS) environments in a single pane of glass.
SonicWall
SonicWall Firewall is a network appliance by SonicWall which enhances various network security capabilities.
Sophos Central
Sophos Central is a single cloud management solution for all your Sophos next-gen technologies: endpoint, server, mobile, firewall, ZTNA, email, and so much more.
Splunk Intelligence Management (TruStar)
Splunk Intelligence Management aims to break down data silos within and across enterprises to align security effectiveness with business objectives.
Squid Proxy
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.
STIX-TAXII
STIX™ (Structured Threat Information Expression) is a language and serialization format used to exchange cyber threat intelligence (CTI).
StrongDM
StrongDM is a Zero Trust Privileged Access Management (PAM) platform that extends the capabilities of traditional privileged access management to support all modern infrastructure, including databases, servers, Kubernetes clusters, clouds, and web applications.
Symantec
Symantec protects all your traditional and mobile endpoint devices with innovative technologies for attack surface reduction, attack prevention, breach prevention, and detection and response.
Sysdig
Sysdig Secure provides unified security and compliance for containers, Kubernetes and cloud. Sysdig logs are used by Hunters to populate alerts by Sysdig, as well as to allow advanced investigation over your Container assets.
Teleport
Teleport is an open-source tool for providing zero trust access to servers and cloud applications using SSH, Kubernetes and HTTPS.
Tenable.io
Powered by Nessus technology, Tenable.io is Tenable’s cloud-based vulnerability management and coverage. It scans and analyzes assets of many types and gathers data on vulnerabilities on them.
Thinkst Canary
Thinkst Canary is an agent installed on network appliances that monitors them and attempts to discover incidents.
ThreatX
ThreatX WAF is a Cloud Native WAF product that delivers protection across apps and APIs. It separates the enterprise network from the Internet blocks Web requests from outside that targets the Customers' internal Web Servers.
Thycotic
Thycotic Secret Server is an enterprise Privileged Access Management (PAM) solution, available both on-premise and in the cloud.
Tines
Tines is a no-code security workflow automation tool that allows users to automate complex workflows unique to their business.
Trend Micro
Trend Micro Deep Security is a comprehensive security solution designed to protect physical, virtual, cloud, and container environments.
Vectra
Vectra AI's Threat Detection and Response Platform protects your business from cyberattacks by detecting attackers in real time and taking immediate action.
Very Good Security
Very Good Security helps companies by providing a secure payment environment, fast-tracking PCI, and/or optimizing payments.
Vicarius
Vicarius prevent hackers from exploiting corporate devices.
VirusTotal
VirusTotal's threat intelligence dataset contains notions such as malware samples, URLs, domains and IP addresses according to binary properties, and many others.
VMware Carbon Black
Carbon Black products provide critical raw data OS-level telemetry from hosts (endpoints or servers). These telemetries include process creation events, network connection events, DNS requests, file events, and much more.
VMWare ESXi
A VMWare ESXi component generates logs for various events occurring on the machine.
VMware Workspace ONE
VMware Workspace ONE is a digital platform that delivers and manages any app on any device by integrating access control, application management, and unified endpoint management
Watchguard Firebox
Watchguard allows to see all the traffic through your network and monitor network activity to make sure that your network is secure.
Wazuh
Wazuh is an open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments.
Windows Firewall Logs
Windows Firewall logs allow you to monitor any dropped or successful connections by the firewall.
Wiz
Wiz's platform analyzes computing infrastructure for combinations of risk factors that could allow malicious actors to gain control of assets and/or exfiltrate valuable data.
Zeek Logs
Zeek is a passive, open-source network traffic analyzer, used by many vendors (such as Corelight) as a Network Security Monitor to support investigations of suspicious or malicious activity.
ZeroFox
ZeroFox is a threat intelligence SaaS platform that uses diverse data sources and artificial intelligence-based analysis to identify and remediate cyber attacks.
Zoom
Zoom's secure, reliable video platform powers all of your communication needs, including meetings, chat, phone, webinars, and online events.
Zscaler
Zscaler is a cloud security company that provides Security Service Edge (SSE) solution. Hunters ingests both ZIA (Zscaler Internet Access) and ZPA (Zscaler Private Access) logs.