It would be beneficial if incident reports included the specific logs entries that triggered the incident. This could save valuable time in responding to incidents and would provide helpful info for reducing false positives. Currently we have to identify the triggering log entry by searching for the corresponding timestamp. Including the actual log info under the 'Signals Investigated' tab within the incident report would be awesome as it would save time and eliminate some of the guesswork.