Enhance the Malicious IPs section by including enriched contextual data such as DNS name, IP reputation, blacklist status, botnet associations, TLS fingerprint and JA3 hash activity, geolocation, ASN/ISP, IP type (e.g., VPN, proxy, Tor), historical request patterns within the same tenant, accessed URLs, user-agent behavior, and prior mitigation actions. This detailed context will support faster, more informed threat investigation and response.