What is a one sentence summary of your feature request?
New SIEM raw data request
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Would be great if more raw data like “Activities” , “Note” , “ticket number” can be added as SIEM raw data so that we can filter more useful data, currently we can only filter “EventAccessPolicyName” and “ActivitySessionLoginAccountName” which are not useful
How do you currently solve the challenges you have by not having this feature?
Welcome to the community and thanks for posting your idea!
This request does make sense, and we should be able to make more meta-data available to the SIEM template. I do have a question when you mention “Activities”; do you mean the Activity name?
Hi Martin, yes you are right, “Activity name” is an useful data as numbers of activities can be created under a single policy, so filtering “EventAccessPolicyName” is not that useful. Thanks!