TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Halcyon Logs | ✅ | ✅ | ✅ | halcyon_logs | JSON | S3 |
Overview
Halcyon.ai is a cybersecurity company that provides an AI-powered ransomware resilience platform designed to prevent, detect,.webp?sv=2022-11-02&spr=https&st=2026-04-05T12%3A33%3A23Z&se=2026-04-05T12%3A45%3A23Z&sr=c&sp=r&sig=wL%2F%2B%2Bzo4VxBKQCXRggXfY4d7hHQeDFHTOW37Zib8TiA%3D){kind=logo}
and recover from ransomware attacks across enterprise environments. Founded in 2021 and purpose-built to address the growing threat of ransomware, Halcyon focuses exclusively on eliminating the operational and financial impact of ransomware by combining advanced threat detection, automated response, and rapid recovery capabilities into a single unified solution. Its platform leverages proprietary machine learning models and behavioral analysis to identify ransomware activity in real time, while also incorporating mechanisms to capture encryption keys and enable automated file decryption.
The Halcyon platform integrates seamlessly with existing security and IT infrastructure, including endpoint detection and response (EDR), SIEM, and backup systems, enhancing rather than replacing current defenses. It provides end-to-end coverage across the ransomware attack lifecycle—from initial access and lateral movement to encryption and data exfiltration—while offering built-in capabilities such as tamper protection, data exfiltration prevention, and automated incident containment. Additionally, Halcyon delivers managed services through its 24/7 Ransomware Operations Center (ROC), helping organizations monitor, respond to, and recover from attacks with minimal downtime. By combining prevention, detection, and instant recovery within a single platform, Halcyon enables enterprises to strengthen cyber resilience, reduce reliance on ransom payments, and maintain business continuity.
Supported data types
Halcyon Event Logs
Overview:
Halcyon Event Logs are a structured telemetry and logging capability within the Halcyon platform that provide detailed visibility into ransomware-related activities, detections, and automated response actions across protected endpoints.
Table name: halcyon_logs
Send data to Hunters
Hunters supports the ingestion of Halcyon Logs via an intermediary AWS S3 bucket.
To connect Halcyon logs via S3:
Export your logs from Halcyon to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in JSON:
{ "action": "Report", "asset": { "id": "11aa2f22-33d3-44c4-a55a-eb6666b6d6a6", "kind": "Endpoint", "name": "cd3-e-f-ab012.example.com" }, "bytes": 1000000000, "elapsedTimeInMs": 84466000, "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "kind": "UploadThresholdExceeded", "occurredAt": "2024-02-32T24:21:06.965Z", "process": { "artifact": { "filePath": "/usr/sbin/rsyslogd", "kind": "File", "sha256": "972d921d70d07d418b93c6063e946638122a1d71566062085e739e1c55afd977" }, "commandLine": "/usr/sbin/rsyslogd -n", "kind": "FileProcessResponse", "parentPid": "1", "pid": "1514", "userId": "0-None-12345678", "username": "root" }, "tenantId": "f97df110-f4de-492e-8849-4a6af68026b0", "threshold": 1000000000 }
{ "action": "Report", "asset": { "id": "11aa2f22-33d3-44c4-a55a-eb6666b6d6a6 ", "kind": "Endpoint", "name": "1CD2345EFG-H" }, "bytes": 1000022, "elapsedTimeInMs": 84466000, "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "kind": "UploadThresholdExceeded", "occurredAt": "2024-02-32T24:21:06.965Z", "process": { "artifact": { "filePath": "C:\\WINDOWS\\System32\\svchost.exe", "kind": "File", "sha256": "949bfb5b4c7d58d92f3f9c5f8ec7ca4ceaffd10ec5f0020f0a987c472d61c54b" }, "commandLine": "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService -p -s WinRM", "kind": "FileProcessResponse", "parentPid": "1122", "pid": "11334" }, "tenantId": "f97df110-f4de-492e-8849-4a6af68026b0", "threshold": 1000000000 }