[Host Isolation][Timeline] Make Isolation status a valid timeline draggable.

elastic / kibana

Your window into the Elastic Stack

https://www.elastic.co/products/kibana

Other

19.62k stars 8.22k forks source link

[Host Isolation][Timeline] Make Isolation status a valid timeline draggable. #104184

Open parkiino opened 3 years ago

parkiino commented 3 years ago

If an alert is an endpoint alert, there is an agent status row in the alert details. The values for that row show a draggable Agent status and Isolation status badge. Currently if a user were to drag these badges onto a new timeline, it would not filter anything because they are not available in the default indeces. We should add these two statuses to the elastic common schema so they are actually valid draggables and can be used to filter timelines.

elasticmachine commented 3 years ago

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)