Annotation Capability on Single Events for Compliance Purposes
For compliance purposes (NIST, CMMC, etc) customers want the ability to annotate single events with comments on the logs. These comments would appear on any report that this log shows up on. It also shows to auditors that the logs are being reviewed.
Ex. Log with escalated privileges, be able to annotate that it was a result of adding a new user to the organization and this was a known action.
Thank you for sharing this suggestion, we will review and reach out to you for further clarification if needed. This enhancement is under review with the Snare Development Team.