TEAM: Huntress Managed Security Information and Event Management (SIEM)
PRODUCT: Managed SIEM Trial
ENVIRONMENT: Windows Event Logs, firewall syslog, or HTTP Event Collector (HEC) syslog
SUMMARY: Enabling and initial setup of the Huntress Managed SIEM tool as an admin in the Huntress portal.
Huntress Managed SIEM relies on the Huntress Rio service, which is included as part of the Huntress Agent. In order to use Huntress Managed SIEM, you must install the Huntress Agent on any endpoint you wish to protect or use to sync SIEM logs. Newly installed Huntress Agents may not show up in SIEM until the Huntress Rio service installs, which can take up to 24 hours. Additionally if you have excluded Process Insights from any machine those machines will not be suitable for Huntress Managed SIEM syslog collection.
Start the Managed SIEM Trial
1. Once the trial option has been set up for you, you can enable the trial via the Active Trials (Trial Manager) in the Huntress portal.
Select SIEM and choose "Start Trial"
2. Once enabled, you will receive a "Trial Starts for SIEM" message.
3. Navigate to the Huntress Managed SIEM Dashboard on the left hand panel under "SIEM" to refresh the page
4. Within 2-3 minutes, the "Configure" option for SIEM should appear. Choose the "Configure" option to set up the log collection. Usually much faster.
Configure Your First Log Sources
To start collecting Windows Event Logs, follow this guide.
To start collecting Syslog sources, follow this guide.
Explore our library of device configuration guides for all other supported log sources.