Boards

Managed EDR

Integrations

Security Awareness Training

ITDR (MDR for Microsoft 365)

Reporting

macOS

UI/UX

MAV (Managed AV - Microsoft Defender)

Ransomware Canaries

Managed SIEM

API

SOC/Incident/Investigations/Escalations

Account/Organization/User Management

Powered by Canny

Managed SIEM

It would be nice if you could create custom alerts for the SIEM. Basically create a query and if something meets the criteria send a alert. A few things that you would probably want for this feature: I don't think these alerts should go to SOC. As otherwise the SOC might get overwhelmed by custom alerts. Allow the custom alert to have a threshold before activated. For example set a threshold of 50 failed logins on user bob2 before triggering. While the alerts should not go directly to the SOC it probably would be helpful if visible to the SOC if something does happen.

under review

Save Custom Queries

Would be good if there was a way to store a custom query we make for quick reference back to. E.G if we are monitoring the same event type for a particular user, instead of having to type of the ES|QL command each time, being able to load a stored custom query or a dropdown list of showing the history of previously ran queries to refer back on.

next quarter

Add Apple Universal Logging (AUL) Collection on MacOS

We should support the collection of AUL Logs on MacOS as it is the equivalent of Windows WEL logs. See the request below for flat file collection on Linux and MacOS: https://feedback.huntress.com/siem/p/adding-log-collection-for-macos-and-linux

under review

Add the ability for users to build a query via a GUI. This would help less tech savvy users be able to search for specific events.

next quarter

Azure, AWS and Google Workspace Integrations

Collect, parse, and store logs from Azure, AWS, and Google Workspace

planned

Ingest CISCO Umbrella & MIMECAST Logs

Would be great for you to ingest CISCO Umbrella & MIMECAST Logs, our current SIEM product does that and provides useful detections that could prove helpful

NAS Collection (Synology, QNAP, etc.)

Would be great to collect logs from NAS appliances. I have both Synology and QNAP NAS systems at client sites and the logs would help get insight into authentication and access attempts as well as things like the built-in AV logs on those devices.

under review

Additional Storage Options

Multi-year data storage and dynamic hot storage lifetimes (ex: 90 days hot for PCI compliance)

in progress

Adding Log Collection for MacOS and Linux

Support full log collection for both MacOS and Linux systems to be able to have a Customers entire infrastructure able to be covered with Managed SIEM.

planned

Manage Windows Logging

Manage Windows security audit (logging) settings

this quarter

Load More

→

Powered by Canny