Managed SIEM

Ability for more granularity around the SIEM source not reporting escalation settings. Currently, SIEM sources need to report every hour for 7 days to establish a baseline before an alert will be created. Adding in the ability to customize the duration for that period to be shorter or longer would allow for finer tuning.

I would like to see an optional column that shows Hostnames when looking at SIEM logs, currently the logs will only show the name of the collector and the IP addresses of any integrated devices that are reporting back to the collector. While you can still determine the devices via IP, over multiple networks this can be challenging, so a visible hostname would be incredibly helpful for 'at a glance' review to determine where the problem is.