Is your feature request related to a problem? Please describe.
When performing a forensic analysis using Timesketch the modus often follows a pattern like this:
Check events around a specific time window
Notice a value (e.g. url or file-name/-path) that is of interest (artifact)
Wanting to pivot on this artifact and mark relevant appearance at other times or timelines.
Opening a new browser tab to now search for the artifact across all data and mark relevant events.
Going back to the original search and continue there.
The need to open a new browser tab to do context relevant work is breaking the workflow and can be improved.
Describe the solution you'd like
Have the option to pivot on attributes/values/artifacts using the context search style slider from the bottom.
Allow include / exclude filters to trigger the slider and interact with relevant events.
Allow to open saved searches in the slider without losing the context of the current search.
Describe alternatives you've considered
An alternative idea would be to support multiple Explore "tabs" in the canvas. However, even this might be the long term solution, we already have the building blocks for the context search slider at hand.
Additional context
(from a UX feedback session with analysts)
Is your feature request related to a problem? Please describe. When performing a forensic analysis using Timesketch the modus often follows a pattern like this:
The need to open a new browser tab to do context relevant work is breaking the workflow and can be improved.
Describe the solution you'd like Have the option to pivot on attributes/values/artifacts using the context search style slider from the bottom.
Describe alternatives you've considered An alternative idea would be to support multiple Explore "tabs" in the canvas. However, even this might be the long term solution, we already have the building blocks for the context search slider at hand.
Additional context (from a UX feedback session with analysts)