Forward Chosen Event ID's
under review
J
Jonathan Pilkington
I know this would probably only be a feature if it is based on a specific amount of data. But it would be nice to forward specific windows events to the Huntress SIEM. For example it would be nice to have say Applocker event ID 8004 show up in the SIEM so we would have one place to check for if applocker was blocking things.
A
Anthony Rankine
Rocket Cyber has a list of common/relevant event id's you can turn on/off in their portal. This would be a good start. But also ability to add custom would be great for the purposes already outlined here.
B
Brett
+1. Recently helped a cloud-only client roll out AppLocker. Having a simple way to enable SIEM for a client and collect these logs will speed up rolling out AppLocker at future clients (which is going to become more and more common in Australia as organisations adopt Essential Eight and see that they need Application Control/Whitelisting in order to tick that box).
Chris Bisnett
under review