Geolocation map visualization #936
Description
As of #931, Zeek logs generated from pcaps in Brim will automatically be populated with Geolocation data, when available in the included database. This gives us the opportunity to plot the points on a map in Brim. Below is a straw man proposal, subject to proper design from the UX team.
When a user clicks any event, we already do a join on uid to get the conn record info and determine if we can activate the "Packets" button. In a similar way, we could simultaneously check if any of the latitude/longitude fields within the geo record are non-null and, if so, activate a "Map" button. When the Map button is clicked, we could then pop up a visualization that plots as much info as we've got. Much like Google Maps, perhaps we could show a separate pins for the geo.orig and geo.resp endpoints of the connection and have them be separate colors or shapes to call attention to which is which. If we have info for both geo.orig and geo.resp, perhaps we could connect them with an arrow line from orig to resp. Also, when non-null, we could also include the country_code, region, and city info, either printed directly with the pin or as a hovered tooltip, along with the other IP/port info from the id record.