Adding in the ability to identify lateral movement using RDP, PsExec, or SMB, track network traffic metadata to ascertain if 2 IP addresses have communicated and analyze Firewall log data to identify potentially malicious configuration changes.