sepinf-inc
Implement "shortcut" for filter creation from results table.
I think would be a good utility to create filters from property values from selected item on results table. A behaviour similar to filter creation on ProcessMonitor of SysInternals, when you right click an item/property value, a popup menu opens with options to create filter to exclude or to only include items with equals value on the same selected property.
Couldn't the metadata filter tab be used to a similar goal? I have already thought to improve it to let the user create many filters instead of just one.
Yes. But it would be a shortcut, not a real urgent necessity. for example: I, as the analyst, see a particular occurrence of a property value, it would be quickier if I select this value and create a filter based on this value. My idea is to concatenate the corresponding filter string on the current top filter input.
As an example: i find a particular tor URL, 56 scrambled characters. I want to filter to show only where this ocurrence repeats. If i go to the Metadata, I should select regex, then URL, then find on a huge URL list where this ocurrence is to select it.
Em qua., 6 de abr. de 2022 15:54, Luis Nassif @.***> escreveu:
Couldn't the metadata filter tab be used to a similar goal? I have already thought to improve it to let the user create many filters instead of just one.
— Reply to this email directly, view it on GitHub https://github.com/sepinf-inc/IPED/issues/1053#issuecomment-1090712989, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG247S42ZAHB3H42YJFEM6DVDXTXVANCNFSM5SW6JFOQ . You are receiving this because you authored the thread.Message ID: @.***>
Many different filter on the metadata filter tab can be useful also. Maybe a different ResultSetViewer to show the results in a pivot table like viewer. But is different and more complex issue.
Em qua., 6 de abr. de 2022 16:42, Patrick Bernardina < @.***> escreveu:
Yes. But it would be a shortcut, not a real urgent necessity. for example: I, as the analyst, see a particular occurrence of a property value, it would be quickier if I select this value and create a filter based on this value. My idea is to concatenate the corresponding filter string on the current top filter input.
As an example: i find a particular tor URL, 56 scrambled characters. I want to filter to show only where this ocurrence repeats. If i go to the Metadata, I should select regex, then URL, then find on a huge URL list where this ocurrence is to select it.
Em qua., 6 de abr. de 2022 15:54, Luis Nassif @.***> escreveu:
Couldn't the metadata filter tab be used to a similar goal? I have already thought to improve it to let the user create many filters instead of just one.
— Reply to this email directly, view it on GitHub https://github.com/sepinf-inc/IPED/issues/1053#issuecomment-1090712989, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG247S42ZAHB3H42YJFEM6DVDXTXVANCNFSM5SW6JFOQ . You are receiving this because you authored the thread.Message ID: @.***>
The popup menu has many options already. Maybe another popup triggered with CTRL or SHIFT.
See the highlighted popup menu option. For dates is interesting also the options exclude before/after, and for numbers, exclude smaller/larger than.
Hi @lfcnassif , when refactoring MetadataPanel to expose some private classes an fields in a way to adapt to new FilterManager, #39, I saw it could be somewhat easy to reuse it to reach this issue. So, we could include this in 4.2 roadmap too. I sent a private video of the feature.
Great! I'm on external activities in another city today and tomorrow, so I may be slow to respond. If the Metadata panel code part without UI interaction could be moved to iped-engine module, and if it is easy, it would be possible to be used as a filter programmatically, from a python terminal or java/javascript tasks for example, that may be useful.