Managed SIEM

SIEM Source Management It would be good to be able to do the following: Rename Source Name Rename Source Type Delete SIEM sources during implementation

Add integration/ability to ingest CF logs/data via API; the HEC connector requires CF Enterprise, which most MSPs/Businesses do not have.

Collect, parse, and store logs from Azure, AWS, and Google Workspace

If a server is configured as DNS server ingest the logs for the service. This is listed in CIS v8.1, Safeguard 8.6.

Specifically, products like Avanan, or ConnectSecure (CyberCNS) for reporting or other custom programs/data points.

the SIEM needs the ability to send alerts to individuals not the SOC on certain conditions. This was requested already and set as "Completed" by showing "Saved custom Queries" This is not whats needed. We are interested in the SIEM product as well, but i really need the ability to alert internal IT staff on specific events instantly like "network device login". Most SIEMs have this capability like: Wazuh, splunk, Sentinel, etc.

While IT Glue doesn't have it's own native SIEM export function, it does supply access to the activity logs on their API. Would be good to be able to bring those logs into SIEM. https://api.itglue.com/developer/#logs-index

Will you consider adding the ability to create custom detection rules ? That would enable us to use the data collected in the SIEM (Logs + EDR) to check for intrusions. I know that you do that already but if it was possible it would allow us to migrate from our current solution. Access to the data and being able to perform our checks is very important. You already consider allowing siem users to see the edr data so i think this is a natural next step.

Can we get a parser built for Juniper devices

Adding in the ability to identify lateral movement using RDP, PsExec, or SMB, track network traffic metadata to ascertain if 2 IP addresses have communicated and analyze Firewall log data to identify potentially malicious configuration changes.