Ideally integrate via Microsoft Sentinel Content Hub/Solution. Support for MSSP multi-tenant model. Log types: event types such as DNS requests, URL request, block/allow, malware, phishing, C2 detections. Timestamp, user identity, device identity, source info, domain/url, action, reason, category, outcome, tenant. This would allow data to be correlated for exfiltration patterns, correlate phishing click patch and web access telemetry. Allow threat hunting across multiple tenants.