Documentation Index

Fetch the complete documentation index at: https://docs.hunters.ai/llms.txt

Use this file to discover all available pages before exploring further.

📢 Read the latest Release Notes to learn what's new on Hunters! 💡

Cohesity

  • Published on May 28, 2026
Prev Next

TL;DR

Supported data types

3rd party

detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Cohesity Audit Logs

✅

✅

✅

cohesity_audit_logs

nested-json-text

S3

Overview

Cohesity is a prominent IT company specializing in AI-powered data security, management, and cyber resilience.  Founded in 2013 and headquartered in Santa Clara, California, the company helps thousands of global enterprises back up, protect, and derive actionable insights from their vast amounts of data across on-premises, cloud, and edge environments. 

Supported data types

Cohesity Audit Logs

Overview:

Cohesity audit logs provide a comprehensive, immutable record of system and user activities across your data environment. They track administrative actions (such as policy modifications and configuration changes), system operations (like data manipulation), and user access events to ensure compliance, rapid forensic investigations, and strict security monitoring


Table name: cohesity_audit_logs


Send data to Hunters

Hunters supports the ingestion of Cohesity Audit Logs via an intermediary AWS S3 bucket.

To connect Cohesity Audit Logs:

  1. Export your logs from Cohesity Audit Logs to an AWS S3 bucket.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

Logs are expected in NESTED JSON TEXT format.

{ "message": "{\"Timestamp\" : \"2020-01-01T01:30:00.167Z\", \"RecordID\" : \"recordid:place01\", \"Protocol\" : \"NFS3\", \"ClientIP\" : \"xx.xx.xx.xx\", \"UserID\" : 0, \"ViewName\" : \"view_name_1\", \"ViewAliasName\" : \"view_name_1\", \"Fsid\" : 123456, \"RequestType\" : \"Mount\", \"Result\" : \"MNT3_OK\", \"EntityPath\" : \"/Path_Name\", \"EntityInode\" : 9876543, \"SourceParentEntityInode\" : 1234321}", "severity": 6, "facility": 16, "host": "backup-node-1.example.internal", "appname": "filesystem_audit", "procid": "123456", "severityName": "info", "facilityName": "local0", "_time": 1577836800, "_raw": "<134>2020-01-01T01:35:22.535336+00:00 backup-node-1.example.internal filesystem_audit[616831]: {\"Timestamp\" : \"2020-01-01T01:30:00.167Z\", \"RecordID\" : \"recordid:place01\", \"Protocol\" : \"NFS3\", \"ClientIP\" : \"xx.xx.xx.xx\", \"UserID\" : 0, \"ViewName\" : \"view_name_1\", \"ViewAliasName\" : \"view_name_1\", \"Fsid\" : 123456, \"RequestType\" : \"Mount\", \"Result\" : \"MNT3_OK\", \"EntityPath\" : \"/Path_Name\", \"EntityInode\" : 9876543, \"SourceParentEntityInode\" : 1234321}", "cribl_pipe": "passthru" }
{ "message": "Accepted publickey for username from xx.xx.xx.xx port 11111 ssh2: RSA SHA256:PLACEHOLDER_FINGERPRINT", "severity": 6, "facility": 10, "host": "backup-node-2.example.internal", "appname": "sshd", "procid": "123456", "severityName": "info", "facilityName": "authpriv", "_time": 1577836801, "_raw": "<86>2020-01-01T01:35:23.383574+00:00 backup-node-2.example.internal sshd[2952584]: Accepted publickey for username from xx.xx.xx.xx port 11111 ssh2: RSA SHA256:PLACEHOLDER_FINGERPRINT", "cribl_pipe": "passthru" }