Wondering if anyone has a solution they are happy with for monitoring stale security events and Windows firewall logs. Not heartbeats or latest general response, but the specific event/log collections to assure active collection from both sources. Could do something like "If a recent heartbeat received in the last "x" time, but no security or firewall events collected (separately) within "y" time, then report the computer." Not sure how best to address normal computer downtime when monitoring PCs. If a PC has been off all weekend, then would likely trigger a false alarm Monday morning due to the log ingestion delay. Could extend "y" to be longer than the normal PC downtime scenarios, but wondered if anyone already had a more elegant solution in place? Thx!