tags

[rock0ne]

am glad that your engineers have fully adopted the local ip lookups but after watching the version 2.4.120 preview where you can add notes to alerts that have been suppressed i thought why not do same for ip's in a form of tags. so for instance if you have ip that you want your junior analyst to pay extra attention to when they doing their normal triage or just routine checks they can either hover over ip to see glimpse of the notes on the ip and also to have internal naming for ip's. i believe this things could make analyst jobs fun and easier especially in areas of handover notes. i understand that the traditional way is through cases but this short description of the ip may help, example tag, strange source ip or ip acting strange but safe, or some cool phrases. this idea i believe could be even be added to keywords in the logs where certain words can be tagged to further clarify its purpose, example when you see windows event ID analyst may have to check their reference book or notes but a tag on it could clarify this quickly and as you know with windows event ID's knowing what they stand for could easily clarify things and speedup analysis. there's big talk about bridging the knowledge gab in IT but i see little efforts in making this a reality. anyway, thanks for being among the few that continues to see the benefits of providing community edition.

[dougburks]

We'll consider this as time allows. However, please keep in mind that we prioritize feature requests from paid users.