Hello Huntress Team,

I would like to suggest an improvement for the SIEM log search interface. When running queries (for example, using from logs | where event.code == 4740), the current view only displays a fixed set of columns, and it’s necessary to open each log entry individually to review its details.

It would be extremely helpful to have the ability to customize which columns are displayed in the results table — for example, allowing users to add or remove fields such as target.user.name, destination.host.name, target.user.domain

This enhancement would greatly improve investigation efficiency, especially when analyzing large volumes of Windows Security logs (like account lockouts, logon failures, or privilege changes), where being able to quickly sort, filter, or visualize key fields in the main table would save significant time.

Thank you very much for considering this suggestion and for your continued work improving the Huntress platform.