[AlphaSOC] Details dashboard adjustments

Question

Closed this issue 4 years ago · 2 comments

Please make the following adjustments:

Remove the second table as it's redundant
Rename the dashboard to AlphaSOC Detailed View
Add Source IP column to the table
Remove the Flag column as it expands the same threat into many rows
Adjust colum widths to be more sensible (e.g. a narrow Pipeline column, a wider Threat column, and so on).
Sort by timestamp descending by default.

Answer 1 · 2021-04-28T10:39:55.000Z

Is Source IP always an IP here, or can it be an agent ID or hostname? If so, we should rename to Source

Answer 2 · 2021-04-28T10:52:53.000Z

Always IP, unfortunately. As with Graylog, there are no advanced replacement, aggregation or conditional functions in standard Kibana visualizations.