Enable more granular Non-Reporting Log Source Escalations
A
Andrew Yim
Currently, Non-Reporting Log Source Escalations are global and will create notifications for endpoints that hit the configured non-report window. This creates unnecessary noise for clients with expected inactive/shelved endpoints. Please allow the setting "Escalate Non-Reporting Data Sources" to be scoped for individual organizations and/or endpoints.
Autopilot
Merged in a post:
SIEM audit log failure threshold per-organization setting.
D
Darren Quante
Currently the threshold for when to report a SIEM source as non-reporting is a global setting. We have clients under us who have different compliance requirements and tolerances for non-reporting SIEM sources. We should be able to set this threshold per organization rather than globally to accommodate different requirements.