In a cybersecurity management platform, filtering is a key tool for helping analysts focus on the most relevant alerts, incidents, or logs—cutting through the noise to find what’s important. However, the existing filtering system had severe limitations that made investigation slow, and often frustrating.
This project aimed to design a powerful but user-friendly advanced filtering experience to support analysts in threat hunting, investigations, and daily monitoring tasks.
Challenges
- Limited filter scope:
Problem: Users could only filter by the columns currently shown in the table.
Impact: Analysts couldn’t search based on hidden but important data fields (like IP address, policy ID, or cloud vendor name). - No logical operators (AND/OR/NOT):
Problem: There was no way to build complex filter logic.
Impact: Analysts couldn’t narrow down results effectively when multiple conditions were needed. Filtering was too shallow for real-world investigations. - No support for empty field filtering:
Problem: Users couldn’t search for records where certain fields were empty or missing.
Impact: Important gaps in data or misconfigurations could not be easily identified. - Unfiltered value lists:
Problem: Dropdowns showed all possible database values, even if they weren’t relevant to the current dataset.
Impact: Created confusion, long lists, and clutter—slowing down the filtering process. - No save/share capabilities:
Problem: Users had to recreate filters from scratch every time.
Impact: Wasted time and prevented collaboration between team members.
Existing filter
UX Solutions
I redesigned the filtering experience from the ground up with a focus on flexibility, usability, and future-proofing. Here’s what I did:
- Access to all fields:
Users can now filter any field, whether visible in the data grid or not.
A smart auto-complete field picker helps users quickly find the field they need. - Support for logical operators:
Filters now support AND, OR, AND NOT, OR NOT, with grouping using parentheses for advanced expressions.
This makes it possible to create very specific and powerful search conditions. - Field-aware logic and validation:
Each field type (e.g., IP address, string, date/time) has relevant operator choices.
The system validates user input—for example, IP addresses must follow the correct format.
Errors are clearly shown if something doesn’t match expectations. - Intelligent value lists:
Filter values are now contextual—only showing values that actually exist in the current dataset.
This prevents irrelevant clutter and speeds up the process. - Save, load, and share filters:
Users can now save and reuse filters, and in future releases, share them across teams.
Some filters can be defined as predefined templates with fixed or required parts (e.g., date range always set to “last 14 days”).
Click the gallery to see more screenshots.
Achievements
- Increased productivity: Analysts can now build and save complex filters in seconds instead of minutes.
- Smarter workflows: Logical operators and grouping allow for powerful investigations, threat hunting, and compliance queries.
- Stronger collaboration: Saved filters and shared presets enable consistent analysis across teams.
- Better user experience: The interface is clear, intuitive, and flexible—even for users without technical backgrounds.
- Analyst-centric design: The system was built with real-world analyst behavior in mind—solving problems they encounter daily.
This UX redesign transformed a basic, limiting filter feature into a powerful investigation engine. By supporting rich logic, validation, field access, and reusability, we made it much easier for security analysts to find what matters—and take action faster.