It would be really good to have SIEM able to ingest logs from RMM solutions to help monitor and secure the usage of our RMM tools.

This would be taking the logs of engineers and internal staff usage, and co-managed resources within the RMM tool and identifying things like source login location, and actions within the tool - bulk changes, deletions, script changes, deployment of large jobs, creation of scripts and deployment within a short timeframe etc, anything that could be deemed as unusual / unsafe behaviour.

We're on Datto RMM so would like that to be first cab off the rank