Adjusting the baseline for SIEM sources not reporting.
E
Elijah Santiago
Ability for more granularity around the SIEM source not reporting escalation settings. Currently, SIEM sources need to report every hour for 7 days to establish a baseline before an alert will be created. Adding in the ability to customize the duration for that period to be shorter or longer would allow for finer tuning.
Z
Zane
Laptops and Desktops go off constantly - I would nice to Select Critical Devices to report on so that we do not have to exclude every new laptops or desktop device that gets logs digested.
Misty Kaizen
We would really like to see this also
Nick Gusto
Agreed. This would greatly benefit many partners. Also, adding the ability to report on specific sources that are not reporting, instead of an "all or nothing" approach, would be useful.