Huntress Managed SIEM supports an ever-growing library of log sources. Support being the ability to ingest and parse data. This includes generic, structured logs like sources that send logs in JSON format via either HEC or Syslog. Since that list is potentially very long, we'll call out specific supported log sources where we have tailored parsing here.
Huntress Managed SIEM offers the ability to create an escalation on non-reporting sources. For more details review this page.
Windows Event Logs
Huntress Agents can be installed on Windows endpoints and configured to collect Windows Event Logs, specifically Security logs and specific Application logs.
Linux OS flat files
Huntress Agents can be installed on Linux endpoints and configured to collect Linux flat files, specifically AuditD and JournalD entries.
Supported Syslog Sources
Please note that other Syslog compliant sources are accepted as long as they meet the criteria:
- LEEF
- CEF
- RFC 5424
- RFC 3164
A troubleshooting guide is available for Syslog source collection.