It would be extremely useful if the SIEM could have some form of IntelliSense-style auto-completion added to it.

For example:

-Auto-completion of available field names

-Operator suggestions

-Function/command suggestions

-Inline syntax validation

-Optional value suggestions where possible

Just about every modern SIEM (Sentinel, Elastic, Splunk, ect..) has some form of this being used and I don't think Huntress should be any different.

This would significantly improve the SIEMs usability and reduce time spent on writing queries, especially as search query capabilities get expanded out to match with the full capabilities of ES|QL for more advanced searches.