Add location to O365 User Failed MFA Event Notification
The current description for this Event Notification is 'A user successful logged in but failed an MFA attempt.' This notification shows the triggered values but we have to go into perchybana to see all the details. If its possible to include the LOCATION of the successful sign in right in the alert, that would make it even more useful.
Mass action edit - Event Notifications
Ability to select multiple notifications and change values like send to Teams.
It would be nice if there we essentially a community marketplace. If as an end-user I build something to suck logs out of something (Like KnowBe4), ship them to your SIEM cluster, and built EN/Dashboard/Search around them, it'd be nice to have a supported way to share that "bundle" that isn't the current shared board way.
Fortinet Fortigate Firewalls
Any chance to get som Marketplace Items for this Syslogs? Got loads of Fortigates i want to ingest syslogs for or get an integration for.
MITRE ATT&CK Dashboard
I'd like to see a MITRE ATT&CK framework dashboard that shows which alerts reside under which category.
Post breach collection
Create reports, alerts and visualisations for new clients that have been breached. Microsoft 365, Sophos, Ironscales, MDATP, Meraki, UniFi