What is a one sentence summary of your feature request?
Ability for NTM to ingest SP activity events and trigger threats/playbooks against it
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
NTM does not currently have visibility into SP and a lot of folks are moving their data to SPO. I think this would be a big feature (which may already be on the roadmap but didn’t see it in here).
How do you currently solve the challenges you have by not having this feature?
Sending SP activity events to a SIEM can help right now, but NTM has capabilities that would be nice to be able to utilize.