Managed SIEM

Requesting on behalf of a Partner.

SIEM needs the ability to send alerts based on specific Queries setup. For, example send a alert or ticket when the admin account for a firewall is signed into

Please add an alert for any M365 password change, showing the user, timestamp, and initiator (self-service vs. admin). In passkey environments (like Windows Hello for Business), users typically don’t know or need their M365 passwords. That means any password change is a strong signal of risk — either a malicious actor attempting social engineering, or a user trying to bypass passwordless controls.

Support full log collection for both MacOS and Linux systems to be able to have a Customers entire infrastructure able to be covered with Managed SIEM.

I am interested in deploying a Linux agent to collect SIEM logs. It would be beneficial if this feature could be included when Linux support for EDR is rolled out, as it would streamline the process of managing logs across different operating systems.

We have managed to add Azure Monitor activity to the Event Hub feed to SIEM. This pulls all admin and security events from Azure. Looks like it's working, but it would be good to have a guide on this and know if these events are being monitored by the SOC team.

If a server is configured as DNS server ingest the logs for the service. This is listed in CIS v8.1, Safeguard 8.6.

We would like to be able to send SIEM syslog data directly from the firewall into the Huntress portal rather than relaying through an agent on the network.

This service is used by many CMMC/NIST bussinesses for storing CUI and would great if we could get the audit logs to Huntress

Collect, parse, and store logs from Azure, AWS, and Google Workspace