We use LogRhythm NetworkXDR to correlate the data with the SIEM dashboards. The product correlates all the data from the systems and machines, for example, the firewalls, the switches, and other Windows machines, then it generates logs from the application security system. All the logs from machines can be correlated and will show the type of clouds populated, so from there comes an auto-response to block the IPs over the firewall if IPs have issues.
Another good use case that we create after office hours is that if anyone logs in, alarms are generated, so it's a custom use case where clients are alerted of incidents via email. Daily, we can send incident responses for the clients to check and we can make their environment more secure through LogRhythm NetworkXDR.