We’re rolling out Huntress across our environment and have a significant macOS footprint. SIEM log collection on macOS is a gap for us at the moment.

Adding native support for macOS log ingestion would make a big difference to our ability to standardise monitoring and detection across all endpoints and would remove the need for separate tooling or workarounds.

This is a key requirement for us as we scale deployment.

I hope this rolls out on time, my company has a majority Mac endpoint deployment (around 90%) and we're looking to roll out around 50 managed Macs using SAP Privileges for temporary elevation. I desperately need to log elevations, reasons, actions taken during elevation. Look forward to seeing this implemented!

Great work from the Huntress team on the MacOS side but definitely want to voice that the community is ready and willing, our only blocker from moving all of our MacOS endpoints to Huntress is the lack of SIEM.

Currently lack of SIEM makes Huntress a more complex deployment with multiple tools, but SIEM would meet competitor offerings in highly compliant environments.

We need this feature to be able to move to Huntress SIEM

Looking forward to seeing this implemented. For the majority of our clients we don't have any specific requirements and default to what the Huntress team determines to be ideal for identifying malicious activity or for use in ,post-event forensic investigation.

However, we do have one client who has a specific requirement from a Fortune 5 company that states they collect the below events from their MacOS endpoints to comply with that company's security requirements.

i) Account management events;

ii) Object access;

iii) Policy change;

iv) Privilege functions;

v) Process tracking and system events;

vi) All administrator activity;

vii) Authentication checks;

viii) Authorization checks

ix) Data deletions;

x) Data access;

xi) Data changes;

xii) Permission changes.