Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
Spot 1.1
Description
We have been discussing this topic but wanted to create the user story.
Queries to search for single IP address or port activity can currently take many minutes and building the threat investigation can take hours. We need to identify methods to index the data to make the search process much faster.
Recommend to run several types of queries on non-indexed and indexed data and publish the results back to the team.
Alan