Open scudette opened 4 years ago
scudette
commented
3 years ago Discussions on discord suggest that we could mark each row with a unique id (e.g. a uuid) and then we can refer to rows even after being processed by VQL queries.
The GUI can then query the server about each row's tags as it shows it in the GUI and then tags can be shown for rows even in notebook cells.
scudette
commented
2 months ago This long standing issue has some progress on it now.
With the 0.73 release it is possible to tag timelines exported from regular table rows. This allows a central place to contain all the tags from different places - although presented in a timeline format.
It might be sufficient to restrict tagging to timelines although it is a bit more complicated to use if the data is not time based.
Alternatively we might build a similar concept to the timeline with the tagging applied to a generic "annotation" object containing certain rows.
Sometimes as part of our investigations we identify certain things as needing further investigation or tag them.
For example a suspicious file, hash etc.
It would be nice to tag these so that whenever it appears there is a reminder that this hash is interesting or that this file is unique.
This needs to happen in multiple result sets. So for example if we identify a hash in one place then we should be able to recognize it in another table or another client.