Managed SIEM

We are experiencing DNS brute force attacks that are causing our firewall to spike in CPU usage and connectivity issues. It would be beneficial to have a feature that reports brute force activity in real-time, especially when a login is successful, and includes escalations when such behavior is detected. This would help us respond more quickly to these attacks and mitigate their impact on our network.

Request to add NordPass to supported SIEM logging products.

Add the ability to make WEL additions based on tagging within the Huntress Platform - good use case, we only want to add in Servers to Windows Event Logging, not the Laptop Endpoint base, we could tag the Servers within Huntress and select that tag within the Collection Settings for SIEM WEL

Support full log collection for both MacOS and Linux systems to be able to have a Customers entire infrastructure able to be covered with Managed SIEM.

Bitwarden instances that are not public facing cannot make use of the existing Huntress / Bitwarden SIEM integration. It would be great to have a private instance integration that leverages Huntress agents like local syslog sources.

Add the ability for users to build a query via a GUI. This would help less tech savvy users be able to search for specific events.

We would like to be able to send SIEM syslog data directly from the firewall into the Huntress portal rather than relaying through an agent on the network.

Track PowerShell modules and scripts to identify anomalous/malicious activity

SIEM Source Management It would be good to be able to do the following: Rename Source Name Rename Source Type Delete SIEM sources during implementation