Network Threat Protection (NTP) suggestions

Hello,

I have some quick thoughts on the NTP component of SEP11. The IPS and FW has been the biggest improvement over SAV10 having those features locally on all machines has really helped slow down (but not stop) the infections from Social Engineering Trojans and Fake AV pages. But the solution could be so much more helpful if it allowed the below options, IMHO.

1. Provide the TCP/UDP port information in the alert details, I really like seeing the process .exe but having the port in there would be even better
2. Allow for emails alerts based on the SID firing, this would allow much faster response to events we deem emergencies.
3. Allow searching or filtering of NTP logs by SID and SID description
4. Show the SID and SID description in the search results, as it is now I have to drill into each event to see what actually fired. With 100 events or more per day that isn't practical. I realize I can export to .csv but again it would be easier to just see it in the search results.

Thanks