Airlock Digital Solution: Application Control Visibility for Endpoint Security

Data Source

Airlock Digital is an application control platform that monitors and controls executable file execution on endpoints. This connector ingests logs from Airlock Digital servers to provide visibility into software execution patterns and policy violations.

Ingestion Mechanism

CCF-based connector using DCR ingestion with API Key authentication. Polls three REST API endpoints every 5 minutes:

• /v1/logging/svractivities → AirlockDigitalServerActivities_CL
• /v1/logging/exechistories → AirlockDigitalExecutionHistories_CL
• /v1/logging/fileactivitysummary → AirlockDigitalFileActivitySummary_CL

Detection Surface Unlocked

Application control visibility enables detection of:

• Unauthorized software execution: Blocked execution attempts indicate potential malware or policy violations
• Execution context analysis: File hashes, publishers, command lines, and parent processes provide attribution for security investigations
• Administrative activity monitoring: Server configuration changes and agent check-ins track infrastructure modifications
• File activity trends: Aggregated statistics identify unusual execution patterns or new file introductions

The ExecutionType field differentiates between blocked (1), audited, and trusted executions, enabling focused alerting on security violations while maintaining operational visibility.

MITRE Coverage

Application control monitoring directly supports:

• T1204 User Execution (execution attempts of untrusted binaries)
• T1055 Process Injection (unusual process execution patterns)
• T1059 Command and Scripting Interpreter (command line execution monitoring)

Affected Files

Solutions/AirlockDigital/Data Connectors/AirlockDigital_CCF/AirlockDigital_ConnectorDefinition.json
Solutions/AirlockDigital/Data Connectors/AirlockDigital_CCF/AirlockDigital_DCR.json
Solutions/AirlockDigital/Data Connectors/AirlockDigital_CCF/AirlockDigital_PollerConfig.json
Solutions/AirlockDigital/Data Connectors/AirlockDigital_CCF/table_AirlockDigitalExecutionHistories.json
Solutions/AirlockDigital/Data Connectors/AirlockDigital_CCF/table_AirlockDigitalFileActivitySummary.json
Solutions/AirlockDigital/Data Connectors/AirlockDigital_CCF/table_AirlockDigitalServerActivities.json
Solutions/AirlockDigital/Package/testParameters.json
Solutions/AirlockDigital/Parsers/parser_AirlockDigitalExecutionHistoriesAliasFunction.json
Solutions/AirlockDigital/Parsers/parser_AirlockDigitalFileActivitySummaryAliasFunction.json
Solutions/AirlockDigital/Parsers/parser_AirlockDigitalServerActivitiesAliasFunction.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_AirlockDigital.json, createUiDefinition.json, mainTemplate.json)