Describe the feature:
As a Security Analyst there are times when I want to use the Graph app to view all relationships between two fields within a set of documents. Rather than only displaying the top X vertices for each field I would like it if it would show me all of the relationships. There should be a user configurable safety limit such as max_vertices=10000 to prevent the browser tab from crashing.
Describe a specific use case for the feature:
A common scenario for security analysts is to visualize the relationships of source.ip to destination.ip within a group of documents. During a Forensic investigation it is common that the destination.ip being used by the attackers will not be in the top X destination.ip's. Another issue is that in a large dataset every event will have a source.ip and a destination.ip, but the top 10 source.ip may have no relationship with the top 10 destination.ip. In these cases the graph app won't work as intended.
Describe the feature: As a Security Analyst there are times when I want to use the Graph app to view all relationships between two fields within a set of documents. Rather than only displaying the top X vertices for each field I would like it if it would show me all of the relationships. There should be a user configurable safety limit such as
max_vertices=10000
to prevent the browser tab from crashing.Describe a specific use case for the feature: A common scenario for security analysts is to visualize the relationships of source.ip to destination.ip within a group of documents. During a Forensic investigation it is common that the destination.ip being used by the attackers will not be in the top X destination.ip's. Another issue is that in a large dataset every event will have a source.ip and a destination.ip, but the top 10 source.ip may have no relationship with the top 10 destination.ip. In these cases the graph app won't work as intended.