I have worked with several firewall appliances in the past that have the ability to drop or reset network traffic when a threat is detected by the IDS. If a threat is deemed as a false positive, a rule can be created to whitelist that particular vulnerability for that IP address of the internal device. This would help stop any threats from communicating on the network until deemed safe.
I would also like to see the source IP address of the internal device when running reports. Currently, we only see the Firewall public IP -> External IP of device on the internet.