[Feature] Findings API Enhancements #795
Comments
|
Along with consolidating all the findings we should support additional filters in the API like time range, finding severity and detection type (rules vs threat intel) |
|
Plz add detail around the proposed change in the findings API. |
|
|
Plz link documentation change issue here for changing findings apis |
|
|
Is your feature request related to a problem?
The current challenge involves users being unable to view all findings in the Findings page when dealing with a large volume of generated data/Findings. Despite the backend accurately producing all findings, some are not visible in the UI. To remedy this, it is essential to implement proper pagination in the UI.
What solution would you like?
To alleviate the pagination challenge on the UI, a backend modification is proposed for the
findings/_searchAPI. Currently, findings are generated per detector, with parameters such as detectorId, detectorType, table (including sortOrder, sortString, missing, size, startIndex, and searchString). To enhance efficiency, the suggestion is to adapt the backend to return findings for all detectors collectively. This modification would consolidate the data, allowing the frontend to implement pagination more effectively. With this approach, pagination efforts can be concentrated on the UI side, simplifying the user experience when navigating through extensive findings.What alternatives have you considered?
A clear and concise description of any alternative solutions or features you've considered.
Do you have any additional context?
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: