Managed SIEM

SIEM needs the ability to send alerts based on specific Queries setup. For, example send a alert or ticket when the admin account for a firewall is signed into

This service is used by many CMMC/NIST bussinesses for storing CUI and would great if we could get the audit logs to Huntress

If a server is configured as DNS server ingest the logs for the service. This is listed in CIS v8.1, Safeguard 8.6.

We have managed to add Azure Monitor activity to the Event Hub feed to SIEM. This pulls all admin and security events from Azure. Looks like it's working, but it would be good to have a guide on this and know if these events are being monitored by the SOC team.

the SIEM needs the ability to send alerts to individuals not the SOC on certain conditions. This was requested already and set as "Completed" by showing "Saved custom Queries" This is not whats needed. We are interested in the SIEM product as well, but i really need the ability to alert internal IT staff on specific events instantly like "network device login". Most SIEMs have this capability like: Wazuh, splunk, Sentinel, etc.

Collect, parse, and store logs from Azure, AWS, and Google Workspace

https://firewalla.com/

Currently, email notifications for escalation alerts related to non-responsive agents use a one-size-fits-all approach, which creates unnecessary noise. It would be extremely helpful to have the ability to separate escalation rules based on device type—for example, distinguishing between servers (which should always remain online except during scheduled maintenance) and user endpoints. A feature allowing different escalation policies or thresholds for servers versus endpoints, and the ability to group alerts by device type, role, or policy, would be very beneficial.

Omada has the remote logging capabilities very similar to the existing UniFi integration.

We would like to be able to send SIEM syslog data directly from the firewall into the Huntress portal rather than relaying through an agent on the network.