I would like to see improvements on the operational side, specifically in grouping. Currently, I can group sensors into a custom group and assign policies, but I feel it is a shame that I cannot create groups of groups with inheritance. This would be useful for organizing multiple sites or countries into a single group containing multiple sub-groups. Additionally, in the whitelisting case, if I want one policy to have specific whitelisting, but not all the machines in that policy to have it, I could use multiple groups belonging to the same parent group. It is a bit disappointing that whitelisting can only be done via policies and not for individual machines. If I need to whitelist for only one machine, I must create a specific policy. This poses a challenge with two thousand endpoints, making it nearly impossible to create two thousand different policies.
