One of the challenges faced by the team at LimaCharlie is figuring out how to expose the breadth and capability of our technology through the web application. There are many different factors that contribute to the design decisions we make but one of our guiding principles is that we want analysts to be able to get the information they need as quickly and easily as possible.
To this end, we have introduced a universal search bar into the dashboard of the web application. This single search interface serves as a good starting point for the vast majority of data inquiries.
From this interface users can search using a sensor ID, hostname prefix, IP address, hash, file path and more.
Searching for an IP, file path, hash or user name will bring back stats around the prevalence of the given datapoint. The prevalence is represented by three numbers indicating how many times the data point was seen on the given organization’s hosts over the last day, last week and last month. This data can provide a strong clue about whether or not something has just showed up to the party.
Searching for a sensor ID or hostname prefix will bring back links that lead directly into the live console or historical data explorer for the given sensor. These search results act a shortcut into full access of the endpoint and all of its historical telemetry.
It is still early days for this search feature but we are very happy with its performance and the type of agility that it enables. We are always interested in user feedback so if you have any suggestions on how we can improve this, or any feature, please get in touch.