You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
More and more sources create Search queries, e.g. Sigma Rules, Intelligence, SearchTemplates... Those queries might be used in Analyzers, the UI or other places. For various reasons it might be really good to collect metadata on things like:
Describe alternatives you've considered
Alternative would be to store the metadata where the query was created, e.g. a Sigma Rule would store how often it was executed and needs to store the results.
Additional context
Somehow the metrics collected need to be protected so one could only see own Queries.
The data collected should not be tied to a sketch but independent.
This discussion was converted from issue #2422 on November 11, 2022 14:46.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Is your feature request related to a problem? Please describe.
More and more sources create Search queries, e.g. Sigma Rules, Intelligence, SearchTemplates... Those queries might be used in Analyzers, the UI or other places. For various reasons it might be really good to collect metadata on things like:
of executions (e.g. show me a popular query)
Describe the solution you'd like
One way to implement this would be to hook this method: https://github.com/google/timesketch/blob/master/timesketch/api/v1/resources/explore.py#L63 and collect the metrics
Describe alternatives you've considered
Alternative would be to store the metadata where the query was created, e.g. a Sigma Rule would store how often it was executed and needs to store the results.
Additional context
Beta Was this translation helpful? Give feedback.
All reactions