Huntress SIEM already has strong API and Splunk-HEC coverage, but building and maintaining dedicated integrations for every vendor takes time. A lot of vendors don’t treat SIEMs as a destination, yet they almost always offer “export to object storage” (AWS S3, sometimes S3-compatible) for retention and data lake use.

Request

Add native S3-based ingestion as a stopgap and scale multiplier, so Huntress can ingest logs from the long tail of vendors before (or instead of) building one-off API connectors.

Please support two modes:

1. Customer-owned AWS S3 bucket ingestion (data lake source)

Huntress reads new objects from a customer’s bucket using a guided IAM role/policy template. Prefer event-driven ingestion (S3 notifications to SQS) with polling fallback.

2. Huntress-hosted S3-compatible endpoint (“bucket in Huntress”)

Huntress provides an S3-compatible endpoint URL plus credentials so vendors that support custom S3 endpoints can push directly to Huntress-managed storage (tenant-isolated).

Why this helps

• Immediately expands coverage for vendors that only offer S3 export.

• Reduces MSP/enterprise reliance on custom glue (S3 → Lambda → HEC) and all the ongoing maintenance that comes with it.

• Gives the Huntress SOC more telemetry sooner, while the team continues prioritizing high-value API integrations.

• Complements existing HEC/APIs: use HEC/APIs for low-latency sources, use S3 for breadth and retention-oriented exports.

Examples of the pattern (S3 as the “universal log destination”)

• Auvik syslog archive to AWS S3: https://support.auvik.com/hc/en-us/articles/4409344579860-How-to-connect-syslog-archive-with-AWS-S3

• GitHub audit log streaming to AWS S3: https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise

• Proofpoint data export to customer AWS S3: https://docs.public.analyze.proofpoint.com/admin/data_export_overview.htm

• Zscaler log feeds to S3 (common landing zone pattern): https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/zscaler-zia-source-setup.html