Hi SIEM searchers!
SIEM does not yet have a means to share selected columns for a SIEM search.
I can share a link of a SIEM search (or use Search Manager to share a search) , my team mate will see the syntax of the search, the time span, and see results of the search... but they do not see column view I defined for my view of these search results. Instead they see which ever column view they used last.
Anytime I meet with a Google person I remind thme that this is a big deal, particularly for MSSP adoption: it's vital that the same set of tools is rolled out to each analyst so each analysis is done consistently to a high level of service. Instead a lot of time is taken socializing the best column views and making sure every analyst s using the same ones.
On the other hand perhaps one of our community members has something that can ease the pain of sharing columns?
