Custom Alerts
complete
J
Jonathan Pilkington
It would be nice if you could create custom alerts for the SIEM. Basically create a query and if something meets the criteria send a alert. A few things that you would probably want for this feature:
- I don't think these alerts should go to SOC. As otherwise the SOC might get overwhelmed by custom alerts.
- Allow the custom alert to have a threshold before activated. For example set a threshold of 50 failed logins on user bob2 before triggering.
- While the alerts should not go directly to the SOC it probably would be helpful if visible to the SOC if something does happen.
Autopilot
Merged in a post:
Send Alerts from SIEM
J
Joseph DiSanti
SIEM needs the ability to send alerts based on specific Queries setup. For, example send a alert or ticket when the admin account for a firewall is signed into
R
Ruben Castello
Agree on that, also when for example, aan user is Added to Admin Group of Active Directory. Just Informational alert, to check that is authorized activity with client.
P
Paco Iglesias
Upvoting this, definetly we need alerting from the SIEM. Otherwise, it's pretty much read only.
Either we get an API to query the SIEM externally to get events (which is not an option currently), or we can configure the SIEM to alert based on queries/filters
Nate O'Brien
marked this post as
complete
As of last week, we've made Query Management available to all users. You can find details about this capability here: https://support.huntress.io/hc/en-us/articles/42826617543187-Query-Management-Saved-and-Scheduled-Queries
D
Dru DuBay
Nate O'Brien the post title says "Alerts", these seem more like scheduled reports than alerts. You get something based on a schedule, not a trigger.
B
Brandon Griffin
Nate O'Brien Two of my voted requests just completed same day! I’m a happy customer! Love this!
J
Jeffrey Meigs
Nate O'Brien Hi Nate, I know this is a few month old, but this is not custom alerting. It would be nice to have alerts sent to individuals not the SOC on events, like a firewall login, etc. This above does not address the original "custom Alert" request.
G
Gurjan Lally
Would be great for us - with so much infrastructure and custom setups, there are plenty of custom detection cases. i.e. secrets (key vault) access, group membership, pim role assignments etc
F
Frank Coviello
We absolutely need this. CMMC mandates it in 3.3.4
z
zachary miller
This is much needed.
D
Devin Shirkey
This is much needed. Would like custom alerting on successful login on some syslog devices
Robert Duchesne
I agree with this, my defense clients have requested this so that they can know when something is manipulated or if there is an issue.
Nate O'Brien
Hello all - a survey was sent out to all participants (i.e. commenters and voters) of this request, however it looks like it was sent out without a subject line and may have gone to spam in some cases. If you haven't already taken the survey, we would greatly appreciate a moment of your time to do so. The survey can be found here:
Thank you all!
Load More
→