How do 3rd part SIEMS providers sign up for notifications for changes to categories and log formats?
I also not noticed that SEIM severity is 1 or 7 (blocked or not blocked) this is not useful, for incident response purposes it would be helpful to know when high severity events occurred.