Would be great for you to ingest CISCO Umbrella & MIMECAST Logs, our current SIEM product does that and provides useful detections that could prove helpful