Would be neat if this SIEM module allowed for users to build out lists to add/remove/modify entries so easily query and alert on items. For instance when searching, users could add users/ips/urls to a known bad list for reference/lookups later. These lists could be references/used within dashboards/queries/alerts
Thanks for the interest, indeed this is something that we discussed and we'd like to implement. Lists of hosts, IPs, URLs, users would all be of interest, right? Anything other entity type?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.