I’m sure most of this if not all of it has came up already –
== Notification Options ==
It would be nice if the IPS/IDS was a little more granular in what is alerted on. Say for example this alert here:
This is one of several very chatty alarms hitting the email. It would be nice if we could still be alerted on these, but maybe in a digest format instead? Possibly with a select list of different types of alerts, with options on how we want to receive them - immediately via email/text, digest, log but not notify, etc.
Maybe the first time an alert comes in it delivers to email. Then subsequent duplicate alerts are suppressed and delivered in a digest format.
Then in the gui, it would be nice if the duplicate alerts were nested.
== Ignoring Alerts ==
It would be nice if there was a list of alerts that were previously ignored with a counter to show how many times that alert has been generated in the last 1,7,30 days.
A button to quickly ignore an alert from within the email notification would be nice as well though i’m assuming the mail queue is a little delayed, as I was still getting old alerts for 10 minutes or more after I clicked ignore.