In SEPM console Allow logs to display "xxxx or above" in Severity
Monitors tab on left, lots tab on top. Under filter section titled "What filter settings would you like to use" allow Severity level to be chosen xxxxxxx or above.
Currently SEPM displays logs based on single criteria - you must choose 1 and only 1 severity. Most other log viewers, Orien, Kiwi logging, etc. allow "xxx and above".
Many times I need to view both Major and Critical alerts under attacks because, by design, SEP puts Active Response as Major while the alert that caused the "active response" may be critical in nature.
I'd like to be able to view ALL related log entries in a single screen - Major AND critical since they relate to the exact same event - a critcal risk or problem triggered active response. Currently I must switch screens or views back and forth.
No, to view "ALL or "*" would be overwhelming as there'd be hundreds of them if not thousands. To view 2, or xxx and above is the ideal solution.
In other products I've worked with and evaluated I could easily choose "major and above" or "information and above" for example to filter OUT debug entries.
Major and above would allow customers to in a SINGLE SCREEN or SINGLE VIEW of the logs, view the Major log entries related to "active response" as well as the CRITICAL ALERT that spawned the active response. It just makes sense to view more than one set of criteria at a time, almost all other logging and reporting packages or features allow this. Being forced to view a single level of criteria is quite restrictive and reduces the usefulness of what would be a premier interface.
Here is an example from another product of what I mean: