Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
NinjaOne Activity Logs | ✅ | ✅ | ✅ | ninjaone_activity_logs | NESTED-JSON-JSON-ARRAY | S3/Webhook |
Overview
NinjaOne is a cloud-delivered unified IT operations/endpoint management platform that combines.png?sv=2022-11-02&spr=https&st=2026-05-17T22%3A43%3A17Z&se=2026-05-17T22%3A54%3A17Z&sr=c&sp=r&sig=TQFFkF5RVBk%2F1uDioYeizhk44iH1A91SROvUhTAaQJU%3D)
endpoint management, autonomous patching, monitoring, remote access, backup, and related IT operations capabilities. NinjaOne’s own product pages position it as an endpoint management, patch management, MDM, and RMM platform with centralized visibility and automation across distributed environments.
Send data to Hunters
Hunters supports ingesting NinjaOne activity logs via an intermediary AWS S3 bucket or a Webhook.
To connect NinjaOne activity logs:
Connect using S3
Export your logs from NinjaOne to an AWS S3 bucket.
Once the export is completed and the logs are collected in S3, follow the steps in this section.
Connect using Webhook
Approach Hunters support to receive the following details:
URL
Bearer Authorization Key
Once received, follow the guides below to configure the webhook:
Supported data types
NinjaOne Activity Logs
Table name: ninjaone_activity_logs
NinjaOne activity logs are a chronological audit and telemetry stream covering both console-side administrative actions and endpoint-side operational events. They include system/user authentication events, account administration, device/user activity, condition alerts and resets, patch/scan lifecycle events, and selected inventory/configuration changes. The logs support both historical retrieval through the Activities API and near-real-time delivery through webhooks.
Expected format
Logs are expected in NESTED-JSON-JSON-ARRAY format.
{"lastActivityId":863592,"activities":[{"id":863585,"activityTime":1762440872.823510000,"activityType":"SYSTEM","statusCode":"APP_USER_LOGGED_IN","status":"Technician Logged In","activityResult":"SUCCESS","userId":1,"message":"Technician 'John Doe' logged in from IP 1.O.6.33.","type":"System","data":{"message":{"code":"audit_app_user_logged_in","params":{"ip":"1.O.6.33","appUserName":"John Doe","mfa":"TOTP","appUserId":"1","appUserEmail":"john.doe@example.com"}}}},{"id":863589,"activityTime":1762441581.998000000,"deviceId":17,"activityType":"MONITOR","statusCode":"USER_LOGGED_IN","status":"User Account Logged In","message":"User logged in: 'obi (xrdp:10 / ::ffff:X.112.X.X)', Logged in time: '2025-11-06T15:06:00Z'","type":"Monitor","data":{"message":{"code":"agent_act_user_log_in","params":{"logged_in_time":"2025-11-06T15:06:00Z","user_name":"obi (xrdp:10 / ::ffff:X.112.X.X)"}}}},{"id":863564,"activityTime":1762439350.000000000,"deviceId":80,"seriesUid":"ahb-isub56-srti64in-jnk5-gf","activityType":"CONDITION","statusCode":"TRIGGERED","status":"Triggered","sourceConfigUid":"ahb-isub56-srti64in-jnk5-gf","sourceName":"","subject":"","message":"System has not rebooted for more than 30 days. Last reboot time: '2025-09-21T14:07:50Z'","type":"Condition","data":{"message":{"code":"agent_win_cond_sys_uptime","params":{"reboot_days":"30","reboot_date":"2025-09-21T14:07:50Z"}}}}]}