I aready proposed a feature to forward unmatched alerts to some email adress. Another thing I would like to have changed is how unmatched alerts are displayed in the table. Ther should be (at least as popup when hovering the alert) more information about the alert.
This minute I have to click every unrecognized alert to check if I already wrote a rule for it or not (because newly created rules will not applied to "old" alerts which would be a nice feature, too). This makes a lot of work! If I just could simply see by pointing to the alert that I already did something for its type I could just close it.
Another nice thing would be to have the possibility to create new alerts just from the alert table. This could be done by implementing a default actions for unresolved alerts (lik in the "wizard": "Trash" or "New rule").
I'd move this to feature requests area and break into separate requests where it makes sense...that way people can vote on it.