[SIEM] Histograms on each page - Githubissues

elastic / kibana

Your window into the Elastic Stack

https://www.elastic.co/products/kibana

Other

19.48k stars 8.04k forks source link

[SIEM] Histograms on each page #56916

Open angorayc opened 4 years ago

angorayc commented 4 years ago

@MikePaquette @tsg,

This issue is to confirm what kind of histograms we still need on Hosts, Single Host, Network and IP detail page. If so, what kind of fields we would like to do aggregation on, and if we want to hide them if all value returns zero. Thank you.

[x] existing histogram

All Hosts

~[ ] all hosts~
[x] authentications (aggregate on event.type)
~[ ] uncommon process~
[x] anomalies (Hide histogram when all data returns zero)
[x] events (aggregate on event.dataset, event.action, and event.module)
[x] external alerts (aggregate on event.module and event.category)

Single Host

[x] authentications (aggregate on event.type)
~[ ] uncommon process~
[x] anomalies (Hide histogram when all data returns zero)
[x] events (aggregate on event.dataset, event.action, and event.module)
[x] external alerts (aggregate on event.module and event.category)

Network

[ ] Flows - port, protocol
[x] DNS (aggregate on dns.question.registered_domain)
[ ] HTTP - method, response code
[ ] TLS - server name, job, finger print
[x] Anomalies (Hide histogram when all data returns zero)
[x] External alerts (aggregate on event.module and event.category)

IP details

[ ] Source IPs
[ ] Destination IPs
[ ] Source countries
[ ] Destination countries
[ ] Users
[ ] HTTP Requests
[ ] Transport Layer Security
[x] Anomalies (Hide histogram when all data returns zero)

elasticmachine commented 4 years ago

Pinging @elastic/siem (Team:SIEM)