The Defender IP Lockout Logs and Audits could be used for refinement of settings, but right now they're mostly just reporting pages. I'm hoping Defender can be enhanced to allow us to more easily take action based on activity that's been monitored.
Related to filtering and sorting:
1) Columns allow for changing the sort, but that immediately overrides the current filter. Change the filter and the columns lose their sorting.
2) Click to go to the next page of results and the sorting also resets.
3) I'd like to be able to see only the unbanned IPs. Defender did its job with those that are banned. Now I just want to see the rest of them.
4) I'd like to be able to click on an IP address to see all related activity.
5) I'd like to be able to click on a message to see all related activity.
6) It would be helpful to be able to click on the username in a line like "Failed login attempt with username test", to add that name to the list of banned names.
7) After items are filtered, I'd like to be able to check several or all items, and perform a bulk operation like Ban or Whitelist. Compare this to clicking each item and waiting for the AJAX refresh.
8) It would really help if we could mouse-over an IP to see its country of origin. I'm using IP Geo Block and already have several Geolocation tables and their API implementations. Ideally Defender would reference existing local data.
9) For message "Lockout occurred: Attempting to login with a banned username." ... please show the banned username.
In Audit Logging....
10) In the Event Log we can see the IP address and other data related to errors. Please show the Ban status.
11) Where a new user registers, please show the email address.
12) When a new user registers and their IP address is banned, please add a flag to user metadata which we can see and filter in the Users listing. With this it will be much easier to bulk-remove bogus registrations.
Thanks for consideration.