crowdstrike/intel-indicators Dashboards

Widget	Description	Type
Timeline for Intel on Threat Actor	Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| Actor := rename(actors) \| timechart(series=Actor, limit=50, function=count()) \| json:prettyPrint()`	`Time Chart`
Table of Indicators for Threat Actors (limit 10k)	Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| table([last_updated, malicious_confidence, actors, type, indicator], sortby=last_updated, limit=10000) \| "Last Updated" := rename(last_updated) \| "Malicious Confidence" := rename(malicious_confidence) \| "Actor" := rename(actors) \| "Indicator Type" := rename(type) \| "Indicator" := rename(indicator)`	`Table`
Timeline by Indicator Type	Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Indicator Type" := rename(type) \| timechart(series="Indicator Type", limit=50, function=count())`	`Time Chart`
Timeline by Malicious Confidence	Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Malicious Confidence" := rename(malicious_confidence) \| timechart(series="Malicious Confidence" , limit=50, function=count())`	`Time Chart`

Widget	Description	Type
Timeline for Intel on Malware Family	Hide Query Show Query logscale `malware_families[0]=* \| split(malware_families) \| malware_families=?malware_families type=?indicator_type malicious_confidence=?malicious_confidence \| "Malware Family" := rename(malware_families) \| timechart(series="Malware Family", limit=50, function=count())`	`Time Chart`
Table of Indicators for Threat Actors (limit 10k)	Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| table([last_updated, malicious_confidence, actors, type, indicator], sortby=last_updated, limit=10000) \| "Last Updated" := rename(last_updated) \| "Malicious Confidence" := rename(malicious_confidence) \| "Actor" := rename(actors) \| "Indicator Type" := rename(type) \| "Indicator" := rename(indicator)`	`Table`
Timeline by Indicator Type	Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Indicator Type" := rename(type) \| timechart(series="Indicator Type", limit=50, function=count())`	`Time Chart`
Timeline by Malicious Confidence	Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Malicious Confidence" := rename(malicious_confidence) \| timechart(series="Malicious Confidence" , limit=50, function=count())`	`Time Chart`

Widget	Description	Type
Malicious Confidence: Low	Hide Query Show Query logscale `deleted=false "malicious_confidence"=low \| count()`	`Gauge`
Deleted Indicators	Hide Query Show Query logscale `deleted=true \| count()`	`Gauge`
Indicator Count: Type	Indicator Type Hide Query Show Query logscale `timechart(series=type, limit=30, function=count())`	`Time Chart`
Total Indicators	Hide Query Show Query logscale `count()`	`Gauge`
Top 10 Threat Actors	Hide Query Show Query logscale `actors[0]=* \| Actor := actors[0] \| top(field=Actor) \| rename(field=_count, as=Count)`	`Table`
Top 10 Malware Families	Hide Query Show Query logscale `top("malware_families[0]")\| split(malware_families) \| Count := rename(_count) \| "Malware Family" := rename(malware_families[0]) \| table(["Malware Family", "Count"])`	`Table`
Updated Indicators	Hide Query Show Query logscale `"published_date" !=last_updated \| count()`	`Gauge`
Malicious Confidence: High	Hide Query Show Query logscale `deleted=false "malicious_confidence"=high \| count()`	`Gauge`
Malicious Confidence: Unverified	Hide Query Show Query logscale `deleted=false "malicious_confidence"=unverified \| count()`	`Gauge`
Malicious Confidence: Medium	Hide Query Show Query logscale `deleted=false "malicious_confidence"=medium \| count()`	`Gauge`