Feature Requests

I have noticed inspectors require admin level permission to gather information from their respective devices. Can this be changes to use Read only/SNMP Read only permissions to further tighten down security on these devices? I currently setup Liongard for Sonicwalls using the read only admin role for just this reason. If threatIQ is being used, then the documentation can state what changes permission wise are needed for the account for that to work. again it should be as minimal of permissions as possible, not full admin rights.

For a full software inventory, it would be nice to have a 'full' list of software pulled in by Liongard. It currently does not seem to pull in apps that are managed outside of WMI and therefore not picked up (for example, Keeper) with the Windows Workstation inspector.

Veeam SPC parent & Child Inspectors are failing after upgrading Veeam SPC console version 9 with below error message. Error message: Inspection failed at https://veeamportal.xx.xx.xx/api/v3/protectedWorkloads/fileServers?limit=100 : Expected page results to be an array, got undefined. Perhaps you should provide a valuePath setting in your Endpoint url to tell the extractor where to find your data in your http response. URL was https://veeamportal.xx.xx.xx/api/v3/protectedWorkloads/fileServers?limit=100 . Seems Rest API version that the Liongard inspector was utilising with versions prior to v9 is no longer present for the latest one.

Pull data about threats blocked, Threat Category, Threat Score, and Sessions for use in Visual Insights

Quickly recover from cyber events or disasters with network configuration backup and export and comply with CIS CSC 11.

There will soon be high demand to know and track what devices are licensed for Microsoft's Extended Security Updates for Windows 10. Windows Server and Windows Workstation inspectors need to be updated to expose this data.

Being able to get the Client VPN information - Authentication setup, whether it is Enabled, etc. - from a metric would allow for improved reporting.

Request to be able to stop a scheduled inspection from running, or pause during the middle of one.

It would be nice if, along with the account name, Roarbot would pull the computer or IP address it detected the attack from. Right now, the multiple times I've come up with 0 failed logins from the event log hunting is maddening. Details at the time of the event would be great.