The monthly/quarterly reports show metrics about how much data is collected by SIEM and how many resulted in incidents, but it would be nice to also see this from the perspective of the "top" sources or users generating signals/incidents.