There should be some tagging in Falcon LogScale. As I am tagging the endpoints for different domains and locations, the firewall should be tagged as well so that in the detections I can get the firewall name or the source name and source host name from which I am getting the information. If I have multiple sources in the correlation detections, I need those details of the multiple sources. It should be prescribed and very effective to understand Level 1s and share those details with the concerned team so that they can fastly proceed with the triage on the detection and take action. The price is, without question, very costly for any organization that has more than 1,000 or 2,000 users. It is still costly because for more than 10,000 users, one can go with Falcon LogScale, but for less than 10,000 users and more than 2,000 users, it is very costly. The product is scalable, but the support needs to be updated. The support team should be fast because there is a very slow response. Support should be faster because if a ticket has been raised, it should not go to the support engineers who are sitting abroad or outside India. It should be segregated and sent to the IST support team who is managing support in India. Once anybody gets into it and answers it, if they are not available in that particular shift according to IST, that can delay the response on the case and might have a bigger impact on the environment. The support team is pretty slow. They should improve first-level support quality. They usually avoid coming on a remote session to understand the exact scenario because there are issues related to different scenarios. Writing a few things on the case would not make them understand the exact situation I am facing. They should come on a remote session at least once on an immediate basis so that I can make them understand things, which will help in providing a resolution as soon as possible.
