SIEM Output Viewer enhancement

What is a one sentence summary of your feature request?

SIEM Output Viewer enhancement

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

Having the SIEM Output Viewer is nice but it would be great to have the option to choose a SIEM profile to view. For troubleshooting a Syslog issue you can then create a policy tailored to your issue, and in the action choose to send to the test SIEM Profile. In the test SIEM profile you can then easily check different SIEM templates and see the output for that template. You can also control what events you want to see in the Policy and generate those events. You can limit the policy to a single user or group etc..

How do you currently solve the challenges you have by not having this feature?

Its not easy since all events go to our SIEM so to parse through the viewer can be tough if you are getting many thousands of events in a minute.

Hi Peter,

The controls within the SIEM output viewer should allow you to apply filters so you can review subsets of the data presented. Is that experience not allowing you to see only the data you’re interested in?

Just for clarification, are you looking to limit the data set in the SIEM Output viewer by applying a specific template or a policy?