Managed SIEM

I would like to request that you add the ability to mark an IP or computer as a known network scanner. We got our first SIEM incident report today and it was a known vulnerability scanner but I did not see anywhere to reject the incident or make notes, only a button for "remediations not required." The ability to make comments on these incidents/escalations would seem to be an important way to help filter out the noise. On the last SIEM we used, they had the ability to mark an IP address as a “known scanner”.

It would be nice if I had a tenant-wide option that would either default SIEM to enabled or disabled for new organizations. Problem Explanation: I'm using Huntress SIEM internally and planning to up-sell the SIEM product to some of my customers based on the package that they subscribe to. As such, when my team onboards a new customer, they will have to add a Disable Override for SIEM.