💡 Add the possibility to "flag" key events

outflanknl / RedELK

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

BSD 3-Clause "New" or "Revised" License

2.38k stars 370 forks source link

💡 Add the possibility to "flag" key events #163

Open fastlorenzo opened 3 years ago

fastlorenzo commented 3 years ago

It would be great to be able to "flag" (with tags maybe?) some key documents, and potentially add a small description. This would be useful to be able to extract a high level timeline of the attack for reporting.

Maybe this could be done via the Kibana plugin (I'll investigate that one).

@MarcOverIP / @xychix let me know what you think about the idea 💡

MarcOverIP commented 3 years ago

Would be a great addition. Really love that functionality if it's GUI clickable in Kibana.

I believe @xychix has done something internally with jupyter notebooks.