SIEM/SOAR
in progress
J
James Stull
It would be fantastic if Huntress was a full SIEM/SOAR solution, were we could collect event logs, syslogs, etc and the SOC be able to take action or help us resolve incidents. It would also be handy for us for more visibility. Such as which websites a user visited, what files they edited, etc.
Chris Bisnett
in progress
SIEM is something we've been discussing internally for a long time, but it never seemed like the timing was right for us to build it. With the recent changes in the market and expectations from cybersecurity insurance providers, we feel that now the SMB is ready to adopt a SIEM solution.
The main problems that I have heard from folks when talking to them about SIEM are that it is very expensive and that most organizations don't have the time or experience to manage the ingested data streams or detections. We're looking to solve these issues for the SMB by building a wholly new product focused very specifically on these challenges. We're not looking to build something that will compete feature for feature with the large Enterprise solutions like Splunk. Our version of SIEM will be much more focused on the challenges of the SMB and will look to make tradeoffs to increase the security signal and reduce the noise.
We've been working on this for a few months now and have working capabilities to collect, ingest, store, and make searchable Windows Event logs from the endpoints where the Huntress agent is installed. We've invited a number of partners to join the Private Preview to help us learn and get early access to the product free of charge. This helps us make sure that we're keeping in line with the needs of our partners and the SMB so that when we launch the product it's already doing all the things folks are looking for.
If you're interested in joining the Private Preview, reach out to your account manager or support and we'll setup some time to talk and get you started.
We'll continue to update the progress here in Canny as we build out more features and address the feedback.
- Chris
Chris Bisnett
B
Bryan Arellanes
With the ability to integrate with IDS please.
L
Lahoma Luettgen
Great to hear talk about SIEM functionality. Our need would be full visibility: Log forwarder for windows/mac/linux; Syslog collector and local syslog forwarder service for non internet accessible networks (OOB/etc); Cloud integrations with other security related tooling, M365, etc; Depending on client type, up to 12 month hot data retention. Cold storage is a must, 7 years to meet compliance requirements. Self storage for cold data is preferred with a way to import back into the SIEM for future analysis if required; We have found great value in network probes to analyze traffic across all vlans.
D
Dennis Finnema
+1 Events logs. Perhaps Firewall and NAS support would be handy, to track logins etc. Would also be handy to be able to send events using the Huntress API for custom integrations.
A
Angla Wiza
I'd definitely love to see an integration for Perch (Connectwise SIEM), as it caters to MSP/MSSPs as well
C
Chris Wiegman
You can't think for once this isn't in their long-term strategy. :)
D
David Lawrence
or...even if it integrated with an existing SIEM - that would be nice too.
M
Martin Twerski
Would be great. Many prospects pass on Huntress due to this.
D
Derrick Bennett
That would be great. As of now I'm looking into other software for my SIEM/SOAR. Id love to stay with one vendor though!
Load More
→