ecapuano
commented
6 years ago I saw @lennartkoopmann at DEFCON and he said it was cool 😎
Open ecapuano opened 6 years ago
ecapuano
commented
6 years ago I saw @lennartkoopmann at DEFCON and he said it was cool 😎
kroepke
commented
6 years ago @ecapuano would this involve only single messages or other artifacts as well (charts, etc)?
ecapuano
commented
6 years ago Messages would suffice as a solid capability as links to specific objects could be included, but no harm in allowing rich objects and/or embedded charts :)
kroepke
commented
6 years ago Ok I suppose this also needs to be persistent beyond normal retention?
ecapuano
commented
6 years ago Good question :)
I don’t imagine it would need to persist beyond the life of the event itself.
That said, might be useful to allow setting custom index/retention for annotated/commented log entries.
Similar to
, it would be great if analysts could tag/annotate specific events in a way that would be visible to other analysts as a way to collaborate on troubleshooting/investigations.