Cyberhaven Data Protection Logs

Cyberhaven logs provide comprehensive data protection and insider threat detection insights. These logs capture information about data access patterns, file movements, user behavior analytics, and security events that help organizations protect sensitive information and detect potential data exfiltration or insider threats.

Cyberhaven Source Tile

Ingest Methods

Setup the ingestion of this source using the following method:

Webhook Setup

Cyberhaven integration uses webhook-based real-time incident alerts and events. This method provides immediate notification of security events without polling delays.

Required Credentials

To connect your Cyberhaven account, you’ll need to provide:

  • Webhook URL - The RunReveal webhook endpoint URL generated by the RunReveal Cyberhaven source tile.

Webhook Configuration

Cyberhaven does not provide public documentation so the actual setup instructions may differ from the steps below.

In Cyberhaven Dashboard:

  1. Go to Integrations/Webhooks section
  2. Add a new webhook endpoint
  3. Paste the RunReveal webhook URL generated from the RunReveal source tile
  4. Configure any webhook settings:
    • Method: POST
    • Content-Type: application/json

Source Configuration

When setting up your Cyberhaven source, provide:

  • Source Name: A descriptive name for your Cyberhaven source (defaults to “cyberhaven”)
  • Health Check Duration: Configure how often to check source health (default: 1 day)
  • Notification Channels: Set up alerts for when the source stops receiving events

Verification

After entering your webhook URL, use the “Verify Settings” button to test the connection and ensure your webhook is properly configured to receive Cyberhaven incident data.

Data Schema

Your Cyberhaven logs will be available in the cyberhaven_logs table with the source type cyberhaven.