Data Source | Source Type - Collection Method | Smart Filter Status | Parsing Status | Documentation |
Fortinet | Firewall - Syslog | ✅ | ✅ | |
Meraki |
Firewall - Syslog | ❌ |
MX Appliance Logs - ✅ Security Logs - ✅ Switch Logs - ❌ AP Logs - ❌ |
Coming soon! |
Palo Alto |
Firewall - Syslog | ❌ | ✅ | Configuration |
pfSense |
Firewall - Syslog | ❌ | ✅ | Configuration |
SonicWALL | Firewall - Syslog | ❌ | ✅ | |
Sophos |
Firewall - Syslog | ❌ | ✅ | |
Ubiquiti | Firewall - Syslog | ❌ | Parse most device | Configuration |
WatchGuard | Firewall - Syslog | ❌ | ✅ | Coming soon! |
LastPass | Identity - HTTP Event Collector | ❌ | ✅ | Configuration |
Duo | Identity - API | ❌ | ✅ | Configuration |
Keeper Security | Identity - HTTP Event Collector | ❌ | ✅ | Configuration |
DNSFilter | Identity - HTTP Event Collector | ❌ | ✅ | Configuration |
Windows Security Logs |
Windows Event Logs (Security) - Agent | ✅ | ✅ | |
Windows PowerShell Logs |
Windows Event Logs (PowerShell Operational) - Agent | ❌ | ✅ | |
VMWare ESX Authentication Logs |
Authentication - Syslog | ❌ |
❌ |
While these are not parsed today, sending authentication logs for retention is supported. Keep in mind that logging in ESXi can be voluminous; please refer to best practices from VMWare for appropriate logging. |
NAS Devices |
Authentication - Syslog | ❌ |
❌ |
While these are not parsed today, these logs can be sent via syslog and stored in Huntress Managed SIEM. Configuration for sending messages over syslog can be found in your vendor's documentation, some examples are below. |
Tailscale |
Remote Access - Generic HEC | ❌ |
❌ |
You can send Tailscale logs from their platform to Huntress Managed SIEM using our Generic HTTP Event Collector (HEC). In the Tailscale platform, choose the Splunk option for the destination, and then enter your Huntress-provided URL and token. |