1. Enhanced Cloud Integration Current Gap: Log360 lacks native integration with Microsoft Intune and cloud-based Active Directory (Azure AD), limiting visibility for organizations transitioning to hybrid or fully cloud environments. Requested Improvements: Direct Intune Log Collection: Ability to ingest and correlate logs from Intune-managed devices to monitor compliance, device health, and security policies. Azure AD Deep Integration: Support for Azure AD audit logs, conditional access events, and identity protection alerts to provide end-to-end visibility. Cloud Workload Monitoring: Extend coverage to SaaS applications (e.g., Microsoft 365, AWS, GCP) for unified threat detection. Why It Matters: Many clients have migrated from on-prem AD to cloud-first setups this year. Without cloud-native log collection, critical security events (e.g., rogue Intune policies or Azure AD breaches) go unmonitored. 2. Improved Automation and Response Current Gap: Limited automated remediation (e.g., auto-isolating compromised devices) forces manual intervention. Requested Features: Playbook Automation: Pre-built workflows to auto-resolve common issues (e.g., disabling users after brute-force attacks). SOAR Integration: APIs to connect with SIEM/SOAR platforms (e.g., Splunk, Palo Alto Cortex) for escalated threat response.
