add filter for security_related and cim_status, along with example in…

… the lookup file
northben · Feb 14, 2020 · 91faa93 · 91faa93
1 parent 15c1fdd
commit 91faa93
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/amelia/default/data/ui/views/data_dictionary_explorer.xml b/amelia/default/data/ui/views/data_dictionary_explorer.xml
@@ -7,6 +7,7 @@
       | tstats min(_time) as first_event max(_time) as last_event count where index=* by index sourcetype
       | search NOT index IN(assetsummary, cim_modactions, csvsummary, endpoint_summary, firedalerts, notable, risk, summary, threat_activity)
       | lookup amelia_data_dictionary_lookup index sourcetype
+      | $filter$
     </query>
     <earliest>$field1.earliest$</earliest>
     <latest>$field1.latest$</latest>
@@ -49,6 +50,17 @@
       </search>
       <default></default>
     </input>
+    <input type="radio" token="filter" searchWhenChanged="true">
+      <label>Filter</label>
+      <choice value="*">All</choice>
+      <choice value="security_related=&quot;yes&quot;">Is security related</choice>
+      <choice value="security_related=&quot;no&quot;">Not security related</choice>
+      <choice value="NOT security_related=*">Not security defined</choice>
+      <choice value="cim_status=&quot;expected&quot;">Is CIM expected</choice>
+      <choice value="NOT cim_status=*">Not CIM defined</choice>
+      <prefix>search </prefix>
+      <default>*</default>
+    </input>
   </fieldset>
   <row>
     <panel>

diff --git a/amelia/lookups/amelia_data_dictionary_lookup.csv b/amelia/lookups/amelia_data_dictionary_lookup.csv
@@ -1,2 +1,2 @@
-index,sourcetype,description,owner,business purpose
-*,*,Example description. Use * for wildcard in index/sourcetype.,,
+index,sourcetype,description,owner,business purpose,security_related,cim_status
+*,*,Example description. Use * for wildcard in index/sourcetype.,,,yes,expected