MSP Tool Logs
in progress
D
Dee Lowndes
Ingest access logs from things like Screenconnect, Kaseya, Nable, Auvik, Datto RMM etc etc that MSP's use to admin their clients.
Chris Bisnett
in progress
We're working through the long list of MSP tools that folks have requested. Some are easier than others to implement and some we have access to and others we don't. All of these things determine just how fast we can get to the data source.
Separate tickets for tracking interest and progress for each tool:
DattoRMM
NinjaRMM
Nate O'Brien
Merged in a post:
SIEM - Ingest logs from RMM Tool
S
Steven Richardson
It would be really good to have SIEM able to ingest logs from RMM solutions to help monitor and secure the usage of our RMM tools.
This would be taking the logs of engineers and internal staff usage, and co-managed resources within the RMM tool and identifying things like source login location, and actions within the tool - bulk changes, deletions, script changes, deployment of large jobs, creation of scripts and deployment within a short timeframe etc, anything that could be deemed as unusual / unsafe behaviour.
We're on Datto RMM so would like that to be first cab off the rank
Nate O'Brien
Huntress Managed SIEM has now added support for NinjaRMM.
The documentation can be found here: https://support.huntress.io/hc/en-us/articles/45192294350483-HEC-NinjaRMM
DattoRMM, ScreenConnect, and other MSP tools are still on our to-do list and will be coming shortly! Thank you!
C
Craig Jones
I do not want to spam but I do want to confirm status of N-ABLE RMM!
If I need to create a formal request for it I will but see it named here just not flagged with a status.
C
Cameron Charbone
Very interested in ScreenConnect Ingestion. Not sure either if anyone has shouted out ITGlue, that would be great.
C
Cody Arnold
+1, NinjaRMM/Datto RMM API integration to ingest RMM logs.
D
Domenick Lanuzza
ScreenConnect already has an integration for forwarding syslog locally for on premise hosted servers (although the format is terrible....) and an integration for Splunk HEC that would also work for Huntress HEC. Would be awesome to see some log filtering and parsing for ScreenConnect!
M
Martin Yelland
N-Central supports shipping Audit Logs to Syslog, this would be great.
Chris Bisnett
in progress
We're working through the long list of MSP tools that folks have requested. Some are easier than others to implement and some we have access to and others we don't. All of these things determine just how fast we can get to the data source.
Separate tickets for tracking interest and progress for each tool:
C
Cory B
I would like to add ManageEngine Endpoint Central, GoToAssist, and LogMeIn to this request.
C
Craig Gauss
Have had our financial auditors ask for logs for any RAT
Load More
→