Adjusting the baseline for SIEM sources not reporting.
E
Elijah Santiago
Ability for more granularity around the SIEM source not reporting escalation settings. Currently, SIEM sources need to report every hour for 7 days to establish a baseline before an alert will be created. Adding in the ability to customize the duration for that period to be shorter or longer would allow for finer tuning.
Z
Zane
Laptops and Desktops go off constantly - It would be nice to Select Critical Devices to report on so that we do not have to exclude every new laptops or desktop device that gets logs digested.
S
Skyler Kincaid
Zane even if you could exclude certain device types (ie. laptops and desktops). Not being able to get alerts for external sources without mixing in laptops and desktops is crazy. Our DNSFilter logs started failing 30 days ago and we had no idea.
Misty Kaizen
We would really like to see this also
Nick Gusto
Agreed. This would greatly benefit many partners. Also, adding the ability to report on specific sources that are not reporting, instead of an "all or nothing" approach, would be useful.