Allow Devices to be Excluded
complete
J
Jonathan Pilkington
Add the ability to exclude a computer from log collection (mainly if consumption based). Though this would depend if you plan on using the Huntress agent or if you plan to eventually separate the SIEM into its own program. As if it is the latter it would be simple as just not installing the SIEM component.
Chris Bisnett
complete
We've added a configuration settings page for the Windows Event log collection. You can now enable or disable Windows Event log collection at the account level and can set overrides at the Organization or Agent level.
This means that if you want collection pretty much everywhere, but maybe have a few Organizations where you don't want to collect, you can enable collection at the Account level and add overrides to disable for those specific Organizations.
Alternatively, if you only want to collect from a few Organizations initially, you can disable collection at the Account level and add overrides to enable for those specific Organizations.
You can find this functionality under the Managed SIEM navigation menu on the left.
Chris Bisnett
in progress
Chris Bisnett
planned
This is absolutely something we will build in and is something we've done for many of our other products. Our system is built in such a way that we can enable or disable functionality at the highest levels and then set exceptions at lower levels. So you would be able to enable SIEM at the Account level and then could disable it for specific Organizations or even specific Endpoints.
Our plan is to have a single agent that will have all of the capabilities built-in by default so that we can enable or disable functionality without users needing to take action.