Feature Request for more robust vector graphics (Vega is not enough) OR a visualization module so I can generate good looking network maps (non-geographic)

[jt0dd]

Maybe this should be an Elastic Security / SIEM feature only, but a lot of people use Kibana as a SIEM already. I'm happy to migrate this elsewhere, just let me know the right repo.

With netflow and network traffic logs, it's possible to put together a pretty good picture of the network without manually building a map. I could write code easily to, for a given Elastic Index with Zeek logs, define a set of nodes and edges that accurately portray the structure of that network, in terms of the ares of it we can see in our dataset.

I want to be able to generate, within Kibana and / or Elastic Security, non-geographic, good looking network maps like these:

Currently there doesn't seem to be any way to do this in any Elastic product no matter how much coding I'm willing to put into it. The capability would be far better than needing to export the data into some third party tool.

Look at how beautifully (and practically) it's done here: https://www.datadoghq.com/blog/network-performance-monitoring/#observing-long-lived-abstractions

I see no reason Kibana couldn't add another type of chart / map to its built-in visualizations for this. The same way the current visualization / chart builder feature lets me tell Kibana which properties I want to correspond to each aspect of the graph, the same thing could be done with me using the GUI to tell Kibana which data properties correlates to nodes and edges in this network map.

Please include:

• Customizeable icons for each node.
• Edge style options: Color & width tied to some traits of the traffic associated with the edge (like how much traffic, what kind, inbound outbound)
• Node style options: Same concept as above
• Manual map layout editor: Rearrange, add, and remove nodes / edges.
• Timeline: Let the graph animate or slider drag over a timeline. So apply the data to the map based on the timestamps of the data entries used to generate the map.
• Data entry association: When a data entry is used in a map, it would be really cool if I could then see some GUI element to actually navigate to when / where on the network map it exists. So maybe in a dashboard I could somehow link a table and a map, and automagically have sort of a button added to each item in the table to "focus" it within the map.

I originally wrote this out as a more elaborate Kibana API based feature, as follows (which I'm leaving in just to clarify the approach I'm thinking of):

1. I write some code, maybe Painless, which analyzes traffic logs in an elastic index
2. I leverage a Kibana API to generate a graph (nodes and edges) to be visualized in Kibana with that code, also telling the Kibana API which index entries are associated with each edge / node.
3. When I find an entry that happens to be correlated to the visualization (a traffic log), I can click on a special field appended to that entry which will take me to the network map it's a part of and highlight the pertinent element in the diagram.
4. Bonus points if I can drag a slider along a timeline / push a play button to see what traffic was happening over time, since each correlated entry will be associated with a timestamp. Stretch goal.

[jt0dd]

Just following up! Curious if the team decided to adopt this as a viable and planned feature. (@jsanz maybe you would have that answer?)

[jsanz]

This has not been triaged yet by the team @jt0dd. This and the last week were busy here, let's give them some more time.

[Erikg346]

This is still very much needed. +1

[elasticmachine]

Pinging @elastic/kibana-visualizations (Team:Visualizations)