MacOS EDR - SIEM Log collection | Voters

MacOS EDR - SIEM Log collection

future planned

Dee Lowndes

Would be good to collect the Mac logs into the SIEM its a requirement for some of our clients right now and makes sense to be in Huntress.

September 30, 2024

James Mason | PMM @ Huntress

marked this post as

future planned

Adding this to the Roadmap for us to look into adding to the second half of 2025

Paul Horn

Dee you are correct.  While the Windows logs are currently available, clients using a Mac don't' have the logs stored for recordkeeping purposes to fulfil Cyber requirements.  The majority of my clients are in the non-banking financial services sector such as Registered Investment Advisors.
The SEC has a proposed rule "Cybersecurity Risk Management for Investment Advisers, Registered Investment Companies, and Business Development Companies" where the requirement to capture the logs and review logs are mentioned.  Refer to the Information Protection, Incident Response, and Recordkeeping.
SIEM logs would need to be stored for 5 years.
https://www.federalregister.gov/documents/2022/03/09/2022-03145/cybersecurity-risk-management-for-investment-advisers-registered-investment-companies-and-business
I believe the FTC Safeguard Rules - Standards for Safeguarding Customer Information also has overlap here in needing the logs captured.
https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314