| CPC G06F 16/2228 (2019.01) [G06F 11/30 (2013.01); G06F 16/245 (2019.01); G06F 16/282 (2019.01); G06F 21/00 (2013.01); G06F 21/55 (2013.01); G06F 21/552 (2013.01); G06F 21/554 (2013.01); G06Q 10/10 (2013.01); H04L 63/1416 (2013.01)] | 20 Claims |
|
1. A computer-implemented method comprising:
performing one or more search queries for querying an event data store, the search queries being part of an investigation;
storing, in the event data store, search object associated with each search query during the investigation, where at least one search query references a previously-executed search query that produced results to generate the at least one search query;
creating a resolution object after reaching a resolution of the investigation, the resolution object comprising information on search objects that contributed to the resolution of the investigation;
receiving a new search query;
detecting that the new search query matches search values during the investigation;
presenting, in response to the detecting, details of the investigation and the resolution of the investigation, the presenting comprising providing options to select any of the search objects from the investigation;
detecting a selection of one of the search objects from the investigation;
executing a new query based on the selected search object; and
causing presentation of results from the new query.
|