I would like to see a way to correlate investigations based on IOCs including usernames and systems so that it is easier to identify issues and do more correlation for tuning purposes.
In the ideal world, I would like to see correlation on these fields:
Username
Hostname
Source IP
Destination IP
File Hash
File Name
Threat Group/Actor
This would make it easier for identifying trends and improving detections. It would also be helpful if an analyst can correct, add, and remove data that is used for correlation between investigations.