Created
June 24, 2024 18:17
-
-
Save superducktoes/ff5562180596ca7b56692c0e7633afe5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form version="1.1"> | |
| <label>Country Report</label> | |
| <fieldset submitButton="false"> | |
| <input type="dropdown" token="field1" searchWhenChanged="true"> | |
| <label>Country</label> | |
| <fieldForLabel>source_country</fieldForLabel> | |
| <fieldForValue>source_country</fieldForValue> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection| dedup source_country | table source_country | sort source_country</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| </search> | |
| <choice value="*">All</choice> | |
| </input> | |
| <input type="dropdown" token="field2"> | |
| <label>Classification</label> | |
| <choice value="*">All</choice> | |
| <choice value="malicious">malicious</choice> | |
| <choice value="unknown">unknown</choice> | |
| <default>*</default> | |
| </input> | |
| <input type="dropdown" token="field3"> | |
| <label>OS</label> | |
| <search> | |
| <query/> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| </search> | |
| <choice value="*">All</choice> | |
| <choice value="Windows*">Windows</choice> | |
| <choice value="Linux*">Linux</choice> | |
| <choice value="*Embedded*">Embedded</choice> | |
| <choice value="Free BSD*">FreeBSD</choice> | |
| <default>*</default> | |
| </input> | |
| <input type="dropdown" token="field4"> | |
| <label>Tags</label> | |
| <fieldForLabel>tags</fieldForLabel> | |
| <fieldForValue>tags</fieldForValue> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection | mvexpand tags | dedup tags | table tags | sort tags</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| </search> | |
| </input> | |
| </fieldset> | |
| <row> | |
| <panel> | |
| <title>Spoofable</title> | |
| <chart> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ | stats count by spoofable</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> | |
| <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> | |
| <option name="charting.axisTitleX.visibility">visible</option> | |
| <option name="charting.axisTitleY.visibility">visible</option> | |
| <option name="charting.axisTitleY2.visibility">visible</option> | |
| <option name="charting.axisX.abbreviation">none</option> | |
| <option name="charting.axisX.scale">linear</option> | |
| <option name="charting.axisY.abbreviation">none</option> | |
| <option name="charting.axisY.scale">linear</option> | |
| <option name="charting.axisY2.abbreviation">none</option> | |
| <option name="charting.axisY2.enabled">0</option> | |
| <option name="charting.axisY2.scale">inherit</option> | |
| <option name="charting.chart">pie</option> | |
| <option name="charting.chart.bubbleMaximumSize">50</option> | |
| <option name="charting.chart.bubbleMinimumSize">10</option> | |
| <option name="charting.chart.bubbleSizeBy">area</option> | |
| <option name="charting.chart.nullValueMode">gaps</option> | |
| <option name="charting.chart.showDataLabels">none</option> | |
| <option name="charting.chart.sliceCollapsingThreshold">0.01</option> | |
| <option name="charting.chart.stackMode">default</option> | |
| <option name="charting.chart.style">shiny</option> | |
| <option name="charting.drilldown">none</option> | |
| <option name="charting.layout.splitSeries">0</option> | |
| <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> | |
| <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> | |
| <option name="charting.legend.mode">standard</option> | |
| <option name="charting.legend.placement">right</option> | |
| <option name="charting.lineWidth">2</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="trellis.enabled">0</option> | |
| <option name="trellis.scales.shared">1</option> | |
| <option name="trellis.size">medium</option> | |
| </chart> | |
| </panel> | |
| <panel> | |
| <title>Category</title> | |
| <chart> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ | stats count by category</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> | |
| <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> | |
| <option name="charting.axisTitleX.visibility">visible</option> | |
| <option name="charting.axisTitleY.visibility">visible</option> | |
| <option name="charting.axisTitleY2.visibility">visible</option> | |
| <option name="charting.axisX.abbreviation">none</option> | |
| <option name="charting.axisX.scale">linear</option> | |
| <option name="charting.axisY.abbreviation">none</option> | |
| <option name="charting.axisY.scale">linear</option> | |
| <option name="charting.axisY2.abbreviation">none</option> | |
| <option name="charting.axisY2.enabled">0</option> | |
| <option name="charting.axisY2.scale">inherit</option> | |
| <option name="charting.chart">pie</option> | |
| <option name="charting.chart.bubbleMaximumSize">50</option> | |
| <option name="charting.chart.bubbleMinimumSize">10</option> | |
| <option name="charting.chart.bubbleSizeBy">area</option> | |
| <option name="charting.chart.nullValueMode">gaps</option> | |
| <option name="charting.chart.showDataLabels">none</option> | |
| <option name="charting.chart.sliceCollapsingThreshold">0.01</option> | |
| <option name="charting.chart.stackMode">default</option> | |
| <option name="charting.chart.style">shiny</option> | |
| <option name="charting.drilldown">none</option> | |
| <option name="charting.layout.splitSeries">0</option> | |
| <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> | |
| <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> | |
| <option name="charting.legend.mode">standard</option> | |
| <option name="charting.legend.placement">right</option> | |
| <option name="charting.lineWidth">2</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="trellis.enabled">0</option> | |
| <option name="trellis.scales.shared">1</option> | |
| <option name="trellis.size">medium</option> | |
| </chart> | |
| </panel> | |
| <panel> | |
| <title>Dest Country Percentage</title> | |
| <single> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" | fields destination_countries | mvexpand destination_countries | dedup destination_countries | stats count(destination_countries) | rename count(destination_countries) as count | eval total=(count/46)*100 | table total</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="colorBy">value</option> | |
| <option name="colorMode">none</option> | |
| <option name="drilldown">none</option> | |
| <option name="numberPrecision">0.0</option> | |
| <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xd41f1f","0xdc4e41"]</option> | |
| <option name="rangeValues">[0,30,70,100]</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="showSparkline">1</option> | |
| <option name="showTrendIndicator">1</option> | |
| <option name="trellis.enabled">0</option> | |
| <option name="trellis.scales.shared">1</option> | |
| <option name="trellis.size">medium</option> | |
| <option name="trendColorInterpretation">standard</option> | |
| <option name="trendDisplayMode">absolute</option> | |
| <option name="unitPosition">after</option> | |
| <option name="useColors">1</option> | |
| <option name="useThousandSeparators">1</option> | |
| </single> | |
| </panel> | |
| <panel> | |
| <title>VPN Count</title> | |
| <single> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ vpn=true | stats count(*)</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="colorBy">value</option> | |
| <option name="colorMode">none</option> | |
| <option name="drilldown">none</option> | |
| <option name="numberPrecision">0</option> | |
| <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option> | |
| <option name="rangeValues">[0,30,70,100]</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="showSparkline">1</option> | |
| <option name="showTrendIndicator">1</option> | |
| <option name="trellis.enabled">0</option> | |
| <option name="trellis.scales.shared">1</option> | |
| <option name="trellis.size">medium</option> | |
| <option name="trendColorInterpretation">standard</option> | |
| <option name="trendDisplayMode">absolute</option> | |
| <option name="unitPosition">after</option> | |
| <option name="useColors">0</option> | |
| <option name="useThousandSeparators">1</option> | |
| </single> | |
| </panel> | |
| <panel> | |
| <title>Tor Exit Nodes</title> | |
| <single> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ tor=true | stats count(*)</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="drilldown">none</option> | |
| <option name="refresh.display">progressbar</option> | |
| </single> | |
| </panel> | |
| </row> | |
| <row> | |
| <panel> | |
| <title>Destination Scans</title> | |
| <map> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ | mvexpand destination_countries | stats count by destination_countries | geom geo_countries featureIdField="destination_countries"</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="drilldown">none</option> | |
| <option name="mapping.choroplethLayer.colorBins">5</option> | |
| <option name="mapping.choroplethLayer.colorMode">auto</option> | |
| <option name="mapping.choroplethLayer.maximumColor">0xaf575a</option> | |
| <option name="mapping.choroplethLayer.minimumColor">0x62b3b2</option> | |
| <option name="mapping.choroplethLayer.neutralPoint">0</option> | |
| <option name="mapping.choroplethLayer.shapeOpacity">0.75</option> | |
| <option name="mapping.choroplethLayer.showBorder">1</option> | |
| <option name="mapping.data.maxClusters">100</option> | |
| <option name="mapping.legend.placement">bottomright</option> | |
| <option name="mapping.map.center">(0,0)</option> | |
| <option name="mapping.map.panning">1</option> | |
| <option name="mapping.map.scrollZoom">0</option> | |
| <option name="mapping.map.zoom">2</option> | |
| <option name="mapping.markerLayer.markerMaxSize">50</option> | |
| <option name="mapping.markerLayer.markerMinSize">10</option> | |
| <option name="mapping.markerLayer.markerOpacity">0.8</option> | |
| <option name="mapping.showTiles">1</option> | |
| <option name="mapping.tileLayer.maxZoom">7</option> | |
| <option name="mapping.tileLayer.minZoom">0</option> | |
| <option name="mapping.tileLayer.tileOpacity">1</option> | |
| <option name="mapping.type">choropleth</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="trellis.enabled">0</option> | |
| <option name="trellis.scales.shared">1</option> | |
| <option name="trellis.size">medium</option> | |
| </map> | |
| </panel> | |
| </row> | |
| <row> | |
| <panel> | |
| <title>Rare rdns</title> | |
| <table> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ | rex field=rdns "(?<dest_host>\.[A-z0-9]+\.[A-z0-9]+)$$" | where NOT match(dest_host,"\d+$$") | search dest_host!=""| rare limit=500 dest_host | table dest_host</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="count">10</option> | |
| <option name="dataOverlayMode">none</option> | |
| <option name="drilldown">none</option> | |
| <option name="percentagesRow">false</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="rowNumbers">false</option> | |
| <option name="totalsRow">false</option> | |
| <option name="wrap">true</option> | |
| </table> | |
| </panel> | |
| <panel> | |
| <title>CVE's</title> | |
| <chart> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ cve!="" | mvexpand cve | stats count by cve | sort -count</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> | |
| <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> | |
| <option name="charting.axisTitleX.visibility">visible</option> | |
| <option name="charting.axisTitleY.visibility">visible</option> | |
| <option name="charting.axisTitleY2.visibility">visible</option> | |
| <option name="charting.axisX.abbreviation">none</option> | |
| <option name="charting.axisX.scale">linear</option> | |
| <option name="charting.axisY.abbreviation">none</option> | |
| <option name="charting.axisY.scale">linear</option> | |
| <option name="charting.axisY2.abbreviation">none</option> | |
| <option name="charting.axisY2.enabled">0</option> | |
| <option name="charting.axisY2.scale">inherit</option> | |
| <option name="charting.chart">pie</option> | |
| <option name="charting.chart.bubbleMaximumSize">50</option> | |
| <option name="charting.chart.bubbleMinimumSize">10</option> | |
| <option name="charting.chart.bubbleSizeBy">area</option> | |
| <option name="charting.chart.nullValueMode">gaps</option> | |
| <option name="charting.chart.showDataLabels">none</option> | |
| <option name="charting.chart.sliceCollapsingThreshold">0.01</option> | |
| <option name="charting.chart.stackMode">default</option> | |
| <option name="charting.chart.style">shiny</option> | |
| <option name="charting.drilldown">none</option> | |
| <option name="charting.layout.splitSeries">0</option> | |
| <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> | |
| <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> | |
| <option name="charting.legend.mode">standard</option> | |
| <option name="charting.legend.placement">right</option> | |
| <option name="charting.lineWidth">2</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="trellis.enabled">0</option> | |
| <option name="trellis.scales.shared">1</option> | |
| <option name="trellis.size">medium</option> | |
| </chart> | |
| </panel> | |
| <panel> | |
| <title>Tags</title> | |
| <table> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection| search source_country="$field1$" classification=$field2$ os=$field3$ tags!="" | mvexpand tags | stats count by tags | sort - count</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="count">10</option> | |
| <option name="dataOverlayMode">none</option> | |
| <option name="drilldown">none</option> | |
| <option name="percentagesRow">false</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="rowNumbers">false</option> | |
| <option name="totalsRow">false</option> | |
| <option name="wrap">true</option> | |
| </table> | |
| </panel> | |
| </row> | |
| <row> | |
| <panel> | |
| <title>Top Organizations</title> | |
| <chart> | |
| <search> | |
| <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ organization!="" | stats count by organization | head 20 | sort - count</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> | |
| <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> | |
| <option name="charting.axisTitleX.visibility">visible</option> | |
| <option name="charting.axisTitleY.visibility">visible</option> | |
| <option name="charting.axisTitleY2.visibility">visible</option> | |
| <option name="charting.axisX.abbreviation">none</option> | |
| <option name="charting.axisX.scale">linear</option> | |
| <option name="charting.axisY.abbreviation">none</option> | |
| <option name="charting.axisY.scale">linear</option> | |
| <option name="charting.axisY2.abbreviation">none</option> | |
| <option name="charting.axisY2.enabled">0</option> | |
| <option name="charting.axisY2.scale">inherit</option> | |
| <option name="charting.chart">column</option> | |
| <option name="charting.chart.bubbleMaximumSize">50</option> | |
| <option name="charting.chart.bubbleMinimumSize">10</option> | |
| <option name="charting.chart.bubbleSizeBy">area</option> | |
| <option name="charting.chart.nullValueMode">gaps</option> | |
| <option name="charting.chart.showDataLabels">minmax</option> | |
| <option name="charting.chart.sliceCollapsingThreshold">0.01</option> | |
| <option name="charting.chart.stackMode">default</option> | |
| <option name="charting.chart.style">shiny</option> | |
| <option name="charting.drilldown">none</option> | |
| <option name="charting.layout.splitSeries">1</option> | |
| <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> | |
| <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> | |
| <option name="charting.legend.mode">standard</option> | |
| <option name="charting.legend.placement">right</option> | |
| <option name="charting.lineWidth">2</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="trellis.enabled">0</option> | |
| <option name="trellis.scales.shared">1</option> | |
| <option name="trellis.size">medium</option> | |
| </chart> | |
| </panel> | |
| </row> | |
| </form> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment