CheckPoint Harmony Email & Collaboration partner, user and fan here. That would be greatly appreciated if it added context and maybe could help your detections/incident reports.

Jerry Meyer We have this working already with Avanan via the Generic HEC source in Huntress SIEM. only added function that would be great to have is predefined queries and triggers in Huntress for escalations (but can be done in Huntress with custom queries if searching for something specific)

Avanan -> Security Settings -> Security Engines -> SIEM Integration -> Configure

Transport -> Splunk HTTPS Event Collector (HEC)

HTTP Event Collector Host / URI -> https://hec.huntress.io/services/collector

HTTP Event Collector Token -> Token from Huntress

Format -> JSON (Spunk HEC/CIM compatible)

Collect System logs -> Checked

Huntress Directions -> https://support.huntress.io/hc/en-us/articles/36169678734867-Collecting-HEC-HTTP-Event-Collector-Sources

Great request. Not just Avanan but also Check Point Harmony Email & Collaboration (the new and improved version of Avanan) :)

Yes very much yes

we really need this

Yes please!

One hundred percent agree with this.