Managed SIEM

Would be good if there was a way to store a custom query we make for quick reference back to. E.G if we are monitoring the same event type for a particular user, instead of having to type of the ES|QL command each time, being able to load a stored custom query or a dropdown list of showing the history of previously ran queries to refer back on.

Sometimes I want to be able to export data to a csv if there is a lot of data I have to look over. Allowing exporting all data of a query search would be helpful with this.

It would be nice if we can have an "easy button" for searching for specific common / interesting events. One example may be "failed logins" or "RDP Session Logins" with the option to modify the query to expand or scope it (Machine name etc).