I really enjoy your product - as a Security professional, there are neat features in this that the normal firewalls and logging do not provide out of Windows ! … but you knew that
What I would love to see, however, are two things:
more comprehensive logging of ALL events and/or observed traffic (suspect that’s in the DB, but not sure)
an option to be able to host the logs/DB in a centralized server (Syslog style) so it can be analyzed and examined by security people managing the box for potential IoCs
Hey, appreciate that this is nearly a year later, but PCAP/WinPCAP/Wireshark are not what people are referring to. Perhaps the initial response isn’t clear.
What people are asking is the ability to export the actions taken by Glasswire into some form of log, be it flat file (so it can be read by an agent like OSSEC), Syslog (preferred) or some form of API (generally least preferred). So every time Glasswire detects a malicious programme using the Virus Total API, or detects a new device on the network via “Things”, or even just report every IP address/port/url that applications are communicating with.
Logs with this information in can then be ingested into SIEMs (Splunk, QRadar, OSSIM, LogRhythm, etc.) and correlated with other system information/threat intelligence sources. For instance, my last example above could be correlated against indicators of compromise obtained via various threat intelligence services.
It’s important to get the information directly from the endpoint rather than from network devices as they can be bypassed quite easily; the widespread use of TLS/SSL these days being a primary-yet-basic method.