Managed SIEM

If one of the Enabled Syslog Agents(ie: syslog listener) stops sending data for an extended period(ideally configurable), there should be an alert that is generated to have someone investigate.

Would love to see SIEM reports similar to the EDR reports we currently get. Could either be added to the current EDR reports or separate.

I need to be able to create a list of devices that are sending event logs and a way to view how much traffic those devices are sending. I would really like to be able to create a list of what SHOULD be reporting and alert when something is not. Firewalls mostly.