[7.x] [SIEM] Threat hunting enhancements: Filter for/out value, Show top field, Copy to Clipboard, Draggable chart legends (#61207)#63816
Merged
andrew-goldstein merged 1 commit intoelastic:7.xfrom Apr 17, 2020
Conversation
…eld, Copy to Clipboard, Draggable chart legends (elastic#61207) ## [SIEM] Threat hunting enhancements: Filter for/out value, Show top field, Copy to Clipboard, Draggable chart legends Enhancements to the threat hunting experience  ### New draggable context menu A new context menu with the following items has been added to all draggables: - Filter for value - Filter out value - Show top _field name_ - Copy to Clipboard as shown in the following animated gif:  ### Filter for value The _Filter for value_ context menu action adds the draggable to the global filter bar, which is applicable to all pages in the SIEM app, per the following animated gif:  ### Filter out value The _Filter out value_ context menu action adds the draggable to the global filter bar as a _negated_ (`NOT`) filter, per the following animated gif:  ### Show top _field_ The _Show top field_ context menu action displays an interactive Top 10 histogram, per the following animated gif:  - The contents of the histogram are filtered by the global KQL bar / filters and current date range - Brushing over the bars in the histogram updates the global date range / picker - Select _Events_ or _Signals_ - The _Show top field_ action is also available in the Fields Browser, per the following animated gif:  ### Copy to Clipboard The _Copy to clipboard_ context menu action copies the draggable field and value to the clipboard in KQL format (e.g. `process.name: "nice"`). Per the following animated gifs, it's now possible to copy _any_ draggable to the clipboard, and paste it in KQL format, which addresses [this feature request from a user](elastic#59472):   ### Draggable chart legends You may now pivot from chart legends by dragging and dropping them to a timeline, or by selecting the Filter for / out context menu action, per the following animated gif:  #### Desk testing Desk tested in: - Chrome `81.0.4044.92` - Firefox `75.0` - Safari `13.1`
Contributor
💚 Build SucceededTo update your PR or re-run it, just comment with: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backports the following commits to 7.x: