MSP Tool Logs
under review
M
Miles Silk
This would be great for SyncroMSP
Chris Bisnett
under review
S
Scott Thomson
Keeper Security, does audit log shipping via syslog
Chris Bisnett
I like this idea. What types of events are logged? Is it stuff that could identify malicious uses of the tooling?
Is that what you would be looking to do with this source?
S
Scott Thomson
Chris Bisnett different vendors do or do not retain to same degree. Having a single trusted vendor to warehouse these, possibly on different terms (from customer SIEM, pricing wise), would be a huge boon to us just for compliance reasons. DattoRMM was, im pretty sure, infinite technician activity retention when we onboarded years ago. Its 6m rolling now. I trust my staff, but... thats not going to mean much if we end up with an insider threat situation and i dont have vis of their entire history.
S
Scott Thomson
Expanding: I'm not even sure you can get DattoRMM activity logs via API. But if you give me a means to manually ingest, dedup the duplicates that come from that, and raise alerts.if we are behind by X on manual submit? Ill pay for that even if you dont threat hunt against it.
Matt
Chris Bisnett The biggest thing for me is to be able to investigate if/when the RMM gets owned in a quick and easy manner. A lot of that is up to the RMM vendor actually giving access to that data via API but if it is available, it would be great to have the SIEM be able to ingest that and possibly alert on anything malicious. If that makes sense.
C
Christopher Culligan
It would be nice to have NinjaOne added to this list as well.
C
Cindie'la Dicki'la
+1 - this would be more of an API type of integration I believe.
SaaSAlerts does this for several MSP based apps.
C
Chris Mangan
This is such a great idea. Potential game changer.
S
Steven Sher
it would be great, like having a security tool for your MSP stack
Tony
I would love this! Especially ScreenConnect.