Managed SIEM

the SIEM needs the ability to send alerts to individuals not the SOC on certain conditions. This was requested already and set as "Completed" by showing "Saved custom Queries" This is not whats needed. We are interested in the SIEM product as well, but i really need the ability to alert internal IT staff on specific events instantly like "network device login". Most SIEMs have this capability like: Wazuh, splunk, Sentinel, etc.

https://firewalla.com/

Collect, parse, and store logs from Azure, AWS, and Google Workspace

SIEM Source Management It would be good to be able to do the following: Rename Source Name Rename Source Type Delete SIEM sources during implementation

Currently, email notifications for escalation alerts related to non-responsive agents use a one-size-fits-all approach, which creates unnecessary noise. It would be extremely helpful to have the ability to separate escalation rules based on device type—for example, distinguishing between servers (which should always remain online except during scheduled maintenance) and user endpoints. A feature allowing different escalation policies or thresholds for servers versus endpoints, and the ability to group alerts by device type, role, or policy, would be very beneficial.

SIEM needs the ability to send alerts based on specific Queries setup. For, example send a alert or ticket when the admin account for a firewall is signed into

Add support for parsing Mikrotik RouterOS logs sent via syslog

Specifically, products like Avanan, or ConnectSecure (CyberCNS) for reporting or other custom programs/data points.

If a server is configured as DNS server ingest the logs for the service. This is listed in CIS v8.1, Safeguard 8.6.

This service is used by many CMMC/NIST bussinesses for storing CUI and would great if we could get the audit logs to Huntress