Idea ID: 2789021

make searching for "lateral movement" easier in the WebUI

Status: Waiting for Votes

Waiting for Votes

See status update history

I really like the feature of being able clicking on fields to add a new criteria to the search query.
When analyzing events, I often need to find similar events and do a "lateral" search. To do this, I have to create a new query based on a field that these events have in common, eg. EventGroupID, InitIP, or InitUserName. Adding another criteria to the existing query will not help in this case.
To facilitate this use case, I suggest that a new search tab is opened if a user CTRL-left clicks on a field. The criteria then should be the field the user clicked on.

And please make the values in the "show all fields" dialog click-able too.

See Bug 626650 - open new search tab on CTRL-left click