The need to take syslog or get more info from the cloud API is a dire need for us.
It is so much a part of any compliance framework.
I know in the past I have been told that syslog support is coming. But it seems to be just a talking point.
How can this product be called enterprise if we can't get vital information out of it?
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
There are already at least 3 requests for this in the last few years in the feature request area. So my adding another is not going to make any difference.
I do remember having a conversation porbably in late 2016 where our sales people said they were going to be adding syslog "soon".
This really should be a priority for WebRoot. Pushing SIEM out to the end points is getting more important as the ability to spot things on the wire is decreasing with the push for more encryption while in motion.
The idea of syslog to a central location for analysis, correlation, input to a threat detection system, etc is not just a nice thing to have anymore. It is becoming legally required by many compliance frameworks, like PCI, HIPPA, GDPR, etc. This is just a basic compliance thing.
Auditor's like to ding you on the basics.
It's also nice to have for troubleshooting issues on endpoints.
As far as more robust API's, I was only suggeting that in the case that syslog is not a possibility. We should then have the ability to make calls into the portal using API's to pull the detection history information from the databases. All processes that were seen starting and stopping, what they did, did WRSA prompt the user to allow, did upgrades fail, did a user turn off protection, etc. This is all relevent information that should be provided.
But from what I've seen from the API documentation, all you can really do is create groups, or apply policies, or run reports on how many end points have which version. All very basic stuff that is not helping wtih all the actual threat detection work.