Feature Requests

It would be useful to identify not only that a change was made but also the user that made the change. Would drastically cut down on time spent information gathering and speed up the time to resolution if someone has more privileges than they need. When the change is detected that the user or system that made the change would be identified in the same screen on the Change Management pages.

We all frequently deal with MS updates that make registry changes and tracking exactly what changed in an update are difficult to say the least. In addition in the sense of a cyber attack registry key modification could help identify the vector of attack. My ideal solution would be another column on the workstation inspector maybe next to the Updates/Patches page that has a list of the registry keys, with the option to turn on the metrics to monitor changes to specific keys or changes to the keys altogether.

It's important for us to be notified if the PSA integration fails to generate a ticket. We just had something like that happen and we missed a critical alert as a result. If we can't be notified when it fails, then either we stumble upon it in one of our checks or we miss out on another critical alert. Just a method to send me or the admins of our account an email informing us the PSA integration failed to generate a ticket for an alert.

Partner wants to generate separate alerts for all devices instead of per inspector. Tried with this metric: Devices[?Name = XXXX && Type == BackupManager && HoursSinceLastCompletedSession_r > 72 ]. Name But it was generating result per inspector and not per device.

I want to be able to monitor Apple MDM Certificates in Azure and then create an actionable alert when they are a certain date out from their expiration date I would expect that the M365 Inspector can poll the Azure item with the Apple MDM cert name and expiration date and we can create an actionable alert to handle

By default the Internet Domain/DNS Inpsector's DMARC Quarantine/Reject Policy Validation metric is not enabled for display or change monitoring, or for use in any rule that is in a template. This means that a domain with a DMARC policy of p=none triggers only the dataprint value "dmarcQuarantineRejectPolicyCheck" to be "caution", rather than throwing an alert. Also of note the ideas portal has an example of a very nice spin on this metric: https://share.liongard.com/ideas/LCCL-I-895 Just as a thought, consider enabling this check or the similar metric from the ideas portal in something like the Cyber Risk Alert Template to alert at some priority for a DMARC record which is set to none, indicating that email spoofing may be possible.