TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Nutanix HCI Logs | ✅ | ✅ | ✅ | ✅ | nutanix_hci_logs | Text | S3 |
Overview
Nutanix is a global enterprise cloud computing company that provides a software-defined platform designed to simplify and modernize data center infrastructure through hyperconverged infrastructure (HCI). Founded in 2009 and widely adopted by enterprises worldwide,.png?sv=2022-11-02&spr=https&st=2026-03-15T21%3A20%3A24Z&se=2026-03-15T21%3A33%3A24Z&sr=c&sp=r&sig=JMRI8lQci7EDqRlGsNGrX0FQYzwjgnaMyO4Uadxmn7k%3D){kind=logo}
Nutanix integrates compute, storage networking, and virtualization into a single unified platform that can run on commodity hardware and be managed centrally. Its flagship platform combines the Acropolis Operating System (AOS), the AHV hypervisor, and the Prism management interface to deliver scalable infrastructure and cloud services with simplified operations and automation.
The Nutanix Cloud Platform enables organizations to build private, hybrid, and multicloud environments while maintaining consistent management, security, and policy enforcement across on-premises and cloud deployments. By consolidating infrastructure components and providing built-in services such as disaster recovery, automation, and security, Nutanix reduces operational complexity and improves application performance and resilience. Through integrations with third-party tools and cloud providers, Nutanix helps organizations modernize legacy workloads, accelerate cloud adoption, and manage infrastructure through a single pane of glass.
Supported data types
Nutanix HCI Logs
Overview:
Nutanix HCI (Hyperconverged Infrastructure) is a software-defined infrastructure platform that integrates compute, storage, virtualization, and networking into a single unified system. Rather than managing separate hardware components such as servers, SAN storage, and networking devices, Nutanix consolidates these resources into a cluster of nodes that are centrally managed through a software layer. This architecture simplifies infrastructure operations by providing a single pane of glass for deployment, monitoring, scaling, and troubleshooting.
Table name: nutanix_hci_logs
Send data to Hunters
Hunters supports the ingestion of Nutanix HCI Logs via an intermediary AWS S3 bucket.
To connect Nutanix HCI logs via S3:
Export your logs from Nutanix to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in Plain Text:
2026-01-19T13:35:13.374769-08:00 NTNX-11-22-33-44-A-VM audit-alert_manager: 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 are not all owned by 11.22.33.44:123, please retry." sub_error_type: kNotSet\nI20260119 12:34:56.563958Z 123400 migrator_cleanup.cc:222] Scheduled an event for insights watch initialization after 60 seconds.\nI20260119 21:34:57.116732Z 123 alert_manager.cc:600] Heap size 123 is with in the threshold 123\nI20260119 12:34:57.116757Z 123400 base_op.cc:89] Printing Inflight BaseOp Stats, ReceiveNotificationsRpcOp: 0, DeleteEntityOp::audit: 0, AddAlertsOp: 0, ReadEntityOp::audit: 0, UpdateAlertsRpcOp: 0, ReadEntityOp::alert: 0, ProcessAlertsRpcOp: 0, RetrieveAlertMetadataRpcOp: 0, ManageAlertsRpcOp: 0, ListAlertsOp: 0\nI20260119 21:35:07.758947Z 123400 receive_notifications_rpc_op.cc:89] ReceiveNotification RPC received with component_name: "Health Client" notifications { timestamp_usecs: 1768858507757847 notification_name: "IAMAdministrationEventAudit" notification_members { member_name: "message" member_value { string_value: "User abc_local granted permission to View_Virtual_Machine on vm from 1.1.7.8" } } notification_members { member_name: "ip_address" member_value { string_value: "1.1.1.1" } } notification_members { member_name: "audit_user" member_value { string_value: "abc_local" } } notification_members { member_name: "browser_info" member_value { string_value: "iPlugin-2.2.2.2/RequestId-123/https://abc0002.AAA:1234" } } severity: kInfo entity_list { entity_type: "IAM" entity_id: "abc_local" entity_name: "abc_local" } component_name: "IAM" uuid: "1111"
2026-01-19T21:35:00.484471+00:00 NX-123G5K020001-A-VM api_audit_v3: INFO 2026-01-19 21:34:34,981 clientType=External||userName=admin||NutanixApiVersion=3.1||httpMethod=GET||restEndpoint=/v3/versions||entityUuid=||queryParams=b''||payload=||loginAttempt=False
2026-01-19T21:35:01.430170+00:00 nu1234 ahv node=nu1234 type=SOCKADDR msg=audit(123458501.426:181816): saddr=100000000000000000000000
SADDR={ saddr_fam=ink L-m=11 n-pid=0 }
2026-01-19T21:35:01.503142+00:00 nu1234 ahv node=nu1234 type=PROCTITLE msg=audit(123456501.498:181817): proctitle=123456789A20726F6F74205B707112233D
2026-01-19T21:35:01.568422+00:00 nu1234 ahv node=nu1234 type=CONFIG_CHANGE msg=audit(123858585.562:181818): pid=1206666 uid=0 auid=101 ses=11022 subj=system_u:system_r:sshd_t:s0.c123 op=tty_set old-enabled=0 new-enabled=1 old-log_passwd=0 new-log_passwd=0 res=1
UID="root" AUID="nutanix"
2026-01-19T21:35:10.319044+00:00 NTNX-1234-A-VM audit-alert_manager: I22330110 21:33:50.725376Z 12345 base_op.cc:89] Printing Inflight BaseOp Stats, AddAlertsOp: 0, ReceiveNotificationsRpcOp: 0\I22330110 21:34:44.848292Z 49759 zeus_configuration_ops.cc:727] ReadConfigurationOp(33445)[watch_a:1 watch_id:1 convert_ssd:1 sync:0]: Found config with timestamp 224433
2026-01-19T13:35:03.363704-08:00 NTNX-11-22-33-44-A-VM flow_service_logs-flow: 2026-01-19 21:34:55,530Z ERROR insights_watch_client.py:135 Error = kResetWatchClient during RegisterWatchClient: NodeRegisterWatchClient from node : 2027 encountered error of type: 5 with detail: Shards 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 ... 128 are not all owned by 11.22.33.44:1122, please retry. (kResetWatchClient).