I would find it very helpful to include (add) the following fields for authentication events to both the Authentication Activity Monitor and App logging (SIEM etc.)
- If an ALIAS was used for authentication
- Include what User Group(s) was leveraged to authenticate to a given agent (include both restricted or alias enabled agents and perhaps include this in the event as well)
- Date of last authentication to a given agent (principal account or alias)
The alias attribute is a searchable field from the dashboard, and for failed auth's the system attempts to resolve if it is a valid userid/alias...
Thanks for your consideration...
