Managed SIEM

Add the ability for users to build a query via a GUI. This would help less tech savvy users be able to search for specific events.

I would like assistance in building ESQL commands based on our current alert templates. This would help us manually run commands to export logs for audits until automated alerting is released. Having support in this area would be valuable for maintaining compliance and readiness for audits.

It would be nice to have additional AD events logged. Events such as: Account Lockout Account Unlock Account Creation Account Delete Account Disable Account Enable GPO Changes GPO Deletes GPO Additions

When you do a search in SIEM and you click the view button the window pops up showing the detailed result. Please add a next/forward button so that you can easily cycle through the results in the current search. Rather than having to go back and forth to the search results list and clicking view each time.