Skip to content

Updating TI queries based on feedback and discussions#3571

Merged
petebryan merged 5 commits into
masterfrom
shainw-updateTIjoins
Nov 30, 2021
Merged

Updating TI queries based on feedback and discussions#3571
petebryan merged 5 commits into
masterfrom
shainw-updateTIjoins

Conversation

@shainw

@shainw shainw commented Nov 29, 2021

Copy link
Copy Markdown
Contributor

Discussions as part of - #3477 - This includes generic changes that need to be done. Customers may still want to customize.

Proposed Changes

  • Specifying join kind explicitly and commenting as to why we use innerunique.
  • Making changes to filtering after the join and fixing the 2nd argmax to use the activity time instead of indicator time as you want the most recent activity that matches
  • Include the primary join token value in the 2nd argmax() so we do not lose visibility on the friendly name of the IOC and only use the IndicatorId.
  • Added in some additional entity mappings

@shainw
Updating TI queries based on feedback and discussions on this PR - #3477
32f4021 
 - and I don't want preferences for a specific environment to be included.  This includes generic changes that need to be done.
This was referenced Nov 29, 2021
Closed
Closed
petebryan
petebryan approved these changes Nov 30, 2021
View reviewed changes

@petebryan petebryan left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All make sense

@petebryan petebryan merged commit d8ba659 into master Nov 30, 2021
@petebryan petebryan deleted the shainw-updateTIjoins branch November 30, 2021 00:58
@samikroy samikroy mentioned this pull request Nov 30, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashwin-patil ashwin-patil Awaiting requested review from ashwin-patil

@aprakash13 aprakash13 Awaiting requested review from aprakash13

@Amitbergman Amitbergman Awaiting requested review from Amitbergman

@dicolanl dicolanl Awaiting requested review from dicolanl

@ianhelle ianhelle Awaiting requested review from ianhelle

@juliango2100 juliango2100 Awaiting requested review from juliango2100

@laithhisham laithhisham Awaiting requested review from laithhisham

@liatlishams liatlishams Awaiting requested review from liatlishams

@liemilyg liemilyg Awaiting requested review from liemilyg

@lior-tamir lior-tamir Awaiting requested review from lior-tamir

@mgladi mgladi Awaiting requested review from mgladi

@nazang nazang Awaiting requested review from nazang

@NoamLandress NoamLandress Awaiting requested review from NoamLandress

@oshezaf oshezaf Awaiting requested review from oshezaf

@oshvartz oshvartz Awaiting requested review from oshvartz

@preetikr preetikr Awaiting requested review from preetikr

@sagamzu sagamzu Awaiting requested review from sagamzu

@sarah-yo sarah-yo Awaiting requested review from sarah-yo

@shschwar shschwar Awaiting requested review from shschwar

@sreedharande sreedharande Awaiting requested review from sreedharande

@timbMSFT timbMSFT Awaiting requested review from timbMSFT

@Yaniv-Shasha Yaniv-Shasha Awaiting requested review from Yaniv-Shasha

@YaronFruchtmann YaronFruchtmann Awaiting requested review from YaronFruchtmann

@YuvalNaor YuvalNaor Awaiting requested review from YuvalNaor

1 more reviewer

@petebryan petebryan petebryan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shainw @petebryan