As a suggestion, I would benefit from a better separation of the Findings, Rules and Alerts functionalities.

With this, we can have a distinction on what have been found by engines (=> findings); but regarding our distincts policies (=> rules), we will manage it differently (=> alerts).

It means, to me, that:

• Rules could be used to select which criterias generate Alerts (on findings, but also on context)
• Alerts could be then sent to external notifications (TheHive, email, or anything else commonly used) / with a dedicated Alerts settings page.

The Rules page would then be only the list of criterias, without the "send to" settings.
The Alerts would then not only be created because of "New findings"/"Missing findings" but a list of all points to address, marked as important in our organisation.
And of course, it would be great if we could select what to do regarding the alerts, depending on their level, perimeter, etc. (=> Hive, mail, internal notification, etc.)

As this description might not be very clear, I'm available to discuss it further if needed !