TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
ProLion Cryptospike Logs | ✅ | ✅ | ✅ | ✅ | prolion_cryptospike_logs | JSON | S3 |
Overview
ProLion provides a suite of data protection and management software solutions that safeguard critical storage systems from modern cyber threats, particularly ransomware and insider threats. Their platform is designed for environments utilizing NetApp, Lenovo, and Dell storage systems, offering an essential last line of defense at the storage layer. ProLion's flagship product, CryptoSpike, uses machine learning to proactively detect anomalous user behavior and block ransomware attacks in real-time before significant damage or data exfiltration occurs. This solution not only prevents downtime but also allows for the granular, single-file restoration of only the affected files from snapshots, rather than rolling back entire volumes..png?sv=2022-11-02&spr=https&st=2026-01-31T00%3A31%3A49Z&se=2026-01-31T00%3A43%3A49Z&sr=c&sp=r&sig=W49uCxeSxjbusVsvCXbjtZRQTN3NnLI%2BLGPJpWc7RZQ%3D)
In addition to security, ProLion offers other key products that ensure business continuity and data visibility. The ClusterLion solution provides high availability and automatic fail over for critical applications like SAP HANA and MetroClusters, preventing system outages and avoiding 'split-brain' scenarios through multi-site quorum logic. Meanwhile, the DataAnalyzer tool offers deep insights into data usage, user permissions, and file analysis, helping organisations optimise storage costs, ensure compliance, and manage their growing volumes of unstructured data more efficiently. The company's focus is on simplifying complex data security challenges, integrating seamlessly into existing IT infrastructures, and offering 24/7 monitoring and support to help over 1,000 customers globally maintain secure and accessible data.
Supported data types
ProLion Cryptospike logs
Overview:
CryptoSpike detects unusual activities in your file system and blocks attacks in real time. In the event of a ransomware attack, the granular restore function makes it possible to restore affected files immediately.
Table name: prolion_cryptospike_logs
Send data to Hunters
Hunters supports the ingestion of ProLion Cryptospike logs via an intermediary AWS S3 bucket.
To connect ProLion Cryptospike Logs:
Export your logs from ProLion Cryptospike logs to an AWS S3 bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in JSON format:
{
"timestamp": "2026-01-07T06:31:29.806658390Z",
"csUserName": "example.com",
"storageUserName": null,
"comment": "Carwise",
"blockRuleMatches": [],
"blockedFiles": [],
"csInstanceIp": "xxx.xxx.xxx.xxx",
"csInstanceName": "CSS.local"
},
{
"key": "configuration-instance-modified",
"agent": "Server",
"service": "central-config-service",
"timestamp": "2026-01-07T06:31:46.535280260Z",
"entityAction": [
{
"entity": "CONFIGURATION_INSTANCE",
"entityKey": "35",
"action": "modify",
"tenant": null
}
],
"severity": "INFO",
"context": {
"application": "file-event",
"topic": "ignored"
},
"message": "Configuration instance of item 'null' was modified"
},
{
"key": "user-login-successful",
"message": "User logged in",
"service": "auth-service",
"agent": "Server",
"severity": "INFO",
"timestamp": "2026-01-07T07:38:05.108Z",
"context": {
"userId": 3,
"username": "example.com"
},
"entityAction": [
{
"action": "changed",
"entity": "TENANT",
"entityKey": "1"
}
]
}