ProfessorProfessorOne obvious missing token I have raised to support several times is WILDVALUE -- it is not possible to reference this in alerts, which means you cannot say in an alert which input value triggered the alert. And of course, not a bug, but a feature request, which I hear frequently. You also cannot pass but a few specific tokens into PowerShell scripts, and the limitations are not well documented.
This specific issue is related more to recent security monitoring we have been asked to implement. It is not necessarily the correct tool, but then the whole point of using LM is to avoid a plethora of tools. When trying to encode the expected security settings for a Windows folder into a field, we found there are size limits so had to just use fields to index hardcoded values in the script. A key/value store would help. It would also help deal with monitoring for changes in values, like group membership, etc. I can roll out my own and figure out how to get that sync'ed on all the collectors, or it could be a service provided by the collectors themselves (preferable).
