yeti icon indicating copy to clipboard operation
yeti copied to clipboard

Published 20 hours ago verified publisher icon yeti-platform

Feature Request: Click to Pivot by Tags / Tag View

Open juanandresgs opened this issue 7 years ago • 2 comments

Hi!

Would it be possible to pivot by tags by simply clicking on the tab name? Similarly, is it possible to have a view that just shows the tags with some stats (number tagged by type, any automated enrichment, shady neighbors, etc?)

These would help showcase all the value YETI is doing on the backend and allow some quick traversal of interesting indicators (What just so happens to be tagged with two different actors? overlaps, etc)

Thanks!

JA

juanandresgs avatar Mar 30 '18 18:03 juanandresgs

That's a lot of feature requests :)

Pivoting on tags

This could be easily done by adding the tag as a filter in the Browse view. Replacing the whole filter by just the tag name would be exactly pivoting. Is that what you had in mind?

Dashboard with stats

This was raised in another issue, and it is totally doable. Before I start working on this I'd like to know exactly what kind of information to include. BTW, what do you mean by "any automatic enrichment" and "shady neighbors"? How would you represent this?

The overlap part is interesting. What would be a good "view" of this? A graph with tags acting as "main nodes" showing edges to all the observables they are connected to?

tomchop avatar Apr 01 '18 21:04 tomchop

Sorry to bombard.

  1. Yes, the tags filter works but it would be nicer to be able to do just that by clicking on the tags themselves (right now, finding tagged indicator requires a whole new search / filter to do much with)

  2. As for seeing stats on automatic enrichment etc. When tagging domains of interest, I don’t believe there’s currently a way to see when those indicators are enriched by any of the API keys added. It would be great to be able to see (for example) passiveDNS changes and subsequent correlations that arise (say if two domains resolve to the same IP and are suddenly correlated by this overlap).

  3. For overlaps, I personally like just seeing the multiple tags pop up in the indicator view. However, a graph view could be amazing. A really visually intuitive way to correlate this may be color coding per tags with a legend? This could even extend to the investigations view where having tag[1] indicators in green and tag[2] indicators in yellow would give a quick visual representation of where they may be overlapping :)

Juan Andres Guerrero-Saade Principal Security Researcher, Insikt Group Recorded Future https://www.recordedfuture.com/ [email protected] Twitter- @juanandres_gs http://www.twitter.com/juanandres_gs

On Apr 1, 2018, at 10:43 PM, Thomas Chopitea [email protected] wrote:

That's a lot of feature requests :)

Pivoting on tags

This could be easily done by adding the tag as a filter in the Browse view. Replacing the whole filter by just the tag name would be exactly pivoting. Is that what you had in mind?

Dashboard with stats

This was raised in another issue, and it is totally doable. Before I start working on this I'd like to know exactly what kind of information to include. BTW, what do you mean by "any automatic enrichment" and "shady neighbors"? How would you represent this?

The overlap part is interesting. What would be a good "view" of this? A graph with tags acting as "main nodes" showing edges to all the observables they are connected to?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/yeti-platform/yeti/issues/245#issuecomment-377819037, or mute the thread https://github.com/notifications/unsubscribe-auth/APNrMxs-U9QVrTPEBIPOXm1l1NY7IMoMks5tkUoUgaJpZM4TCBd0.

juanandresgs avatar Apr 04 '18 15:04 juanandresgs