1 Realtime dashboard with auto-refresh 2 Threat Models that can be customized or disabled 3 Threat detection that is sophisticated (ie heuristics, AI, Machine learning) 4 Able to establish baseline behavior and alert on anomalies 5 Alerts/Notifications that are high-confidence 6 Out of the box reports with ability to create custom reports 7 Mobile app that can notify of threats 8 GUI that facilitates threat hunting tasks 9 Ability to add usersto the system with different levels of access 10 2FA capability for all authentication into the system 11 Capable of integrate with MS Entra ID or Active Directory for authentication 12 Ability to support/monitor ipv6 traffic 13 Ability to export logs to a SIEM 14 Ability to ingestion of 3rd party feeds for threats, IOCs, etc. 15 Integration with Bitdefender EDR (Basic level, or describe to what extent integration can occur) 16 Monitor and alert on O365 authentications, with ability to take automatic actions in response to malicious authentication attempts 17 Monitor and alert on authentications from Duo 18 [Email] Inspect incoming and outgoing emails for malicious urls 19 [Email] Inspect incoming and outgoing emails for malicious files 20 [Email] Inspect incoming and outgoing emails for data exfiltration
