B
Blake Duhamel
Custom alerting for the Huntress SIEM is becoming more of a compliance requirement for our customer's with industry compliance frameworks including CMMC and will likely become a hard requirement moving forward for other frameworks like HIPAA, PCI, CJIS, and other frameworks inside the United States along with other Countries and their respective compliance frameworks. If one of primary reason for not having Custom Alerting now is due SLA concerns by the Huntress SOC for them responding to custom alerts then what about other alternative options?
Some of the other feedback posts for features like this one have been incorrectly marked Complete and do not appear to have the ability to re-open or confirm if they are still being followed by Huntress. https://feedback.huntress.com/siem/p/custom-alerts
Alternative Options:
  • Allow custom alerting to be created and include a forced acknowledgement flag for each alert rule that the Huntress SOC cannot promise the same SLA response times compared to standard Huntress SOC.
  • Have Custom Alerts run as informational triggers to initially only alert Huntress customers and if important enough then they will reach out to SOC to reviewing further. (i.e, Custom Alert X is triggered which creates a new Huntress ticket using PSA/Email Integrations and the Huntress customer could then to run pre-defined ESQL/Scheduled Query before reaching out to SOC.)