In regards to recent phishing campaigns that have surfaced (Docusign) we would really like to see the ability to export a list of source IPs so that we can add to the appropriate blocklists. Syslog doesn't appear to log the source IP address along with…