I think it would be cool to take the data that LEM collects and provide a historic visualization of where somebody (User Account, IP, and/or System) was over a time series. This would provide a forensic path that a potential intruder took during a breach.
I got this idea when reading another article regarding features of a different product HERE. I think LEM already has the data necessary to provide this information, its just a matter of taking that data and applying a visualization to make the data useful in a real-world use case.
Below I included a quick throw together of what I picture when I think about it. It would also allow you to click on any of the destinations and would then take you to a screen showing you all of the activity associated with both the source and destination at that time. I would love to hear any feedback people might have on this idea.
Of course such a feature would need a cool geeky name like Time Tracking, Time Trace, Chrono Path, etc.
P.S. If something like this already exists please let me know... and then ignore this request.
