I would like an Active Response option for system agents to be able to execute a script or program on that system. We would like to use this to form some integrations between LEM detecting events and some of our other internal systems.
In one example: if LEM detects a Network Port Scan we have a program that can take an IP and block that IP on all of our border devices. If I could execute a remote program and pass it variables we could replace our old system with LEM for the detection of this behavior.