Boards

Managed EDR

Managed ITDR

Managed SAT

Managed SIEM

Endpoint Security Posture Management

Integrations, Webhooks, APIs

Account, Org, and User Management

Reporting & Dashboards

Powered by Canny

Managed SIEM

Windows SEIM should ingest App Control and AppLocker logs

It would be helpful if the SEIM agent on Windows ingested logs relating to App Control and App Locker. These are located in Applications and Services logs - Microsoft - Windows - CodeIntegrity and Applications and Services logs - Microsoft - Windows - AppLocker A more generalized version of this request is for us to be able to create templates or otherwise control which of the many Windows event logs we want to capture on a per-client basis.

Ability to store logs for longer then 12 months

Some clients have a need for 12+ months (see Office of Comptroller of Currency https://www.occ.treas.gov/ ).

Ingest logs from DHCP

If a Windows server is configured as a DHCP server ingest the DHCP logs. This is listed in CIS v8.1, Safeguard 1.4

Powered by Canny