Adjusting the baseline for SIEM sources not reporting.
E
Elijah Santiago
Ability for more granularity around the SIEM source not reporting escalation settings. Currently, SIEM sources need to report every hour for 7 days to establish a baseline before an alert will be created. Adding in the ability to customize the duration for that period to be shorter or longer would allow for finer tuning.
Z
Zane
Laptops and Desktops go off constantly - It would be nice to Select Critical Devices to report on so that we do not have to exclude every new laptops or desktop device that gets logs digested.
S
Skyler Kincaid
Zane even if you could exclude certain device types (ie. laptops and desktops). Not being able to get alerts for external sources without mixing in laptops and desktops is crazy. Our DNSFilter logs started failing 30 days ago and we had no idea.
C
Connor Van Reenen
Zane Completely agree. We ran into this exact issue and it is creating noise for us as well. Being able to designate critical sources like firewalls and servers to alert on, without having to worry about laptops and desktops that get turned off regularly, would be a huge improvement. Hope Huntress prioritizes this soon.
Misty Kaizen
We would really like to see this also
Nick Gusto
Agreed. This would greatly benefit many partners. Also, adding the ability to report on specific sources that are not reporting, instead of an "all or nothing" approach, would be useful.