Formal Security
Collect data access logs from Formal Security, including actor, network, and resource information for comprehensive visibility into data access patterns.
Formal Security supports multiple ingestion methods including S3, Azure Blob Storage, Google Cloud Storage, and Cloudflare R2.
Ingest Methods
Setup the ingestion of this source using one of the following guides.
- AWS S3 Bucket
- AWS S3 Bucket with Custom SQS
- Azure Blob Storage
- Google Cloud Storage
- Cloudflare R2 Bucket
If using an AWS S3 bucket use the following SNS topic ARN to send your bucket notifications.
arn:aws:sns:<REGION>:253602268883:runreveal_formal_securitySetup
Formal Security logs can be ingested via object storage. Configure your Formal Security instance to export logs to one of the supported storage providers.
Verify It’s Working
Once added, the source logs should begin flowing within a few minutes.
You can validate we are receiving your logs by running the following SQL query.
SELECT * FROM runreveal.logs WHERE sourceType = 'formal-security' LIMIT 1Schema
The following columns are exposed for this source. RunReveal applies schema normalization across all sources, ensuring uniform field names and data types for cross-source queries and reusable detection logic.
Table: formal_security_logs (22 columns)
formal_security_logs (22 columns)| Column | Type |
|---|---|
id | String |
receivedAt | DateTime |
workspaceID | String |
sourceType | String |
sourceID | String |
eventID | String |
eventName | String |
eventTime | DateTime |
readOnly | Bool |
srcIP | String |
resources | Array(String) |
serviceName | String |
srcASOrganization | Nullable(String) |
srcASNumber | Nullable(UInt32) |
srcASCountryCode | Nullable(String) |
dstIP | String |
dstASOrganization | Nullable(String) |
dstASNumber | Nullable(UInt32) |
dstASCountryCode | Nullable(String) |
actor | Map(String, String) |
tags | Map(String, String) |
rawLog | String |