-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SIEM] Threat hunting enhancements: Filter for/out value, Show top fi…
…eld, Copy to Clipboard, Draggable chart legends (#61207) ## [SIEM] Threat hunting enhancements: Filter for/out value, Show top field, Copy to Clipboard, Draggable chart legends Enhancements to the threat hunting experience ![show-top-field](https://user-images.githubusercontent.com/4459398/79180753-f9bb7f80-7dc7-11ea-9ae2-d4e4fc79208c.gif) ### New draggable context menu A new context menu with the following items has been added to all draggables: - Filter for value - Filter out value - Show top _field name_ - Copy to Clipboard as shown in the following animated gif: ![new-context-menu](https://user-images.githubusercontent.com/4459398/79173935-4dbd6880-7db6-11ea-9253-7746481e1b17.gif) ### Filter for value The _Filter for value_ context menu action adds the draggable to the global filter bar, which is applicable to all pages in the SIEM app, per the following animated gif: ![filter-in-value](https://user-images.githubusercontent.com/4459398/79176624-f91deb80-7dbd-11ea-9b01-799145d776c8.gif) ### Filter out value The _Filter out value_ context menu action adds the draggable to the global filter bar as a _negated_ (`NOT`) filter, per the following animated gif: ![filter-out-value](https://user-images.githubusercontent.com/4459398/79178474-9f6bf000-7dc2-11ea-9423-512ad7f89a18.gif) ### Show top _field_ The _Show top field_ context menu action displays an interactive Top 10 histogram, per the following animated gif: ![show-top-field](https://user-images.githubusercontent.com/4459398/79180753-f9bb7f80-7dc7-11ea-9ae2-d4e4fc79208c.gif) - The contents of the histogram are filtered by the global KQL bar / filters and current date range - Brushing over the bars in the histogram updates the global date range / picker - Select _Events_ or _Signals_ - The _Show top field_ action is also available in the Fields Browser, per the following animated gif: ![in-fields-browser](https://user-images.githubusercontent.com/4459398/79179548-1a360a80-7dc5-11ea-9ad7-cdd7fef0cc64.gif) ### Copy to Clipboard The _Copy to clipboard_ context menu action copies the draggable field and value to the clipboard in KQL format (e.g. `process.name: "nice"`). Per the following animated gifs, it's now possible to copy _any_ draggable to the clipboard, and paste it in KQL format, which addresses [this feature request from a user](#59472): ![copy-to-clipboard](https://user-images.githubusercontent.com/4459398/79178893-a7785f80-7dc3-11ea-868a-5d7bc2824912.gif) ![pasted-value](https://user-images.githubusercontent.com/4459398/79179126-2c637900-7dc4-11ea-92a7-86c7d6377688.gif) ### Draggable chart legends You may now pivot from chart legends by dragging and dropping them to a timeline, or by selecting the Filter for / out context menu action, per the following animated gif: ![draggable-legend](https://user-images.githubusercontent.com/4459398/79179769-9deff700-7dc5-11ea-9153-b472914f2dfe.gif) #### Desk testing Desk tested in: - Chrome `81.0.4044.92` - Firefox `75.0` - Safari `13.1`
- Loading branch information
1 parent
420ccff
commit c2293cb
Showing
91 changed files
with
3,716 additions
and
681 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.