Creating an option to detect activity from known RMM's and remote access tools would be helpful. For example, it would be cool to have a list of known tools you could opt in to be notified about. They would need to be an option to whitelist valid hostnames (like whitelisting your RMM instance hostname). Once opted in, you would get alerts on endpoint activity detected. Last, being able to exclude or whitelist on a client level would allow us to indicate if a client DOES actually use one of these tools and we don't need to be alerted about it.

***I worry this is a duplicate but I couldn't find anything