Improve Search capability for cases

Mihaly_Kolozsvari

In the Search function it would be great to have multiple options to filter for.

Example: I would like to search for cases that has Tag X, Y but does not have Tag Z

It would be also a great add if we could search for entities within cases (and do not switch over to entity search).

12 votes

Scheduled in Roadmap


  Szymon Kozicki

    I requested this several months ago. It's honestly baffling how such a core functionality is limited to logical OR. Moreover, the value in filter search does not apply to all filters...

  Daniel Harvey
    edited December 2020

    Bumping this - The current search functionality is extremely limited, only allowing a search across simple metadata fields such as case title.

    If you want to find a case or alert that contains a particular string or event field value, unless what you're searching for has been extracted/mapped as entity you have no chance. This is one of the bigger things I miss coming across from a more traditional ticketing/case system - The search functionality was much more powerful, being able to simply search for any string I want across every field and get results back immediately even across hundreds of thousands of alerts/cases.

    Currently, It's not possible to do this directly in the search page.

    Best workaround I can come up with right now is building an 'advanced search' playbook using the API to query via localhost if an endpoint allows it.

  Greg Kuhl

    +1 for some kind of global search that encompasses all stored information about all cases, including (especially) case comments!

