crowdstrike/intel-indicators Dashboards | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Contacting Support

Reading time: 3 minutes

crowdstrike/intel-indicators Dashboards

CrowdStrike Intel Indicators: Actors

Widget	Description	Type
Timeline for Intel on Threat Actor	Displays a chart of threat actors and their event timelines then limits results to the first 50 entries. Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| Actor := rename(actors) \| timechart(series=Actor, limit=50, function=count()) \| json:prettyPrint()`	`Time Chart`
Table of Indicators for Threat Actors (limit 10k)	Creates a table of indicators of the presence of Threat Actors (TA) and limits the results to the first 10,000 results. Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| table([last_updated, malicious_confidence, actors, type, indicator], sortby=last_updated, limit=10000) \| "Last Updated" := rename(last_updated) \| "Malicious Confidence" := rename(malicious_confidence) \| "Actor" := rename(actors) \| "Indicator Type" := rename(type) \| "Indicator" := rename(indicator)`	`Table`
Timeline by Indicator Type	Displays a chart of malicious confidence indicators by actor and type, then limits results to the first 50 entries. Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Indicator Type" := rename(type) \| timechart(series="Indicator Type", limit=50, function=count())`	`Time Chart`
Timeline by Malicious Confidence	Displays a chart of malicious confidence actors on a timeline and limits results to the first 50 entries. Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Malicious Confidence" := rename(malicious_confidence) \| timechart(series="Malicious Confidence" , limit=50, function=count())`	`Time Chart`

CrowdStrike Intel Indicators: Malware Family

Widget	Description	Type
Timeline for Intel on Malware Family	Displays a chart of malware families and resulting intel on a timeline and limits results to the first 50 entries. Hide Query Show Query logscale `malware_families[0]=* \| split(malware_families) \| malware_families=?malware_families type=?indicator_type malicious_confidence=?malicious_confidence \| "Malware Family" := rename(malware_families) \| timechart(series="Malware Family", limit=50, function=count())`	`Time Chart`
Table of Indicators for Threat Actors (limit 10k)	Creates a table of indicators of the presence of Threat Actors (TA) and limits the results to the first 10,000 results. Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| table([last_updated, malicious_confidence, actors, type, indicator], sortby=last_updated, limit=10000) \| "Last Updated" := rename(last_updated) \| "Malicious Confidence" := rename(malicious_confidence) \| "Actor" := rename(actors) \| "Indicator Type" := rename(type) \| "Indicator" := rename(indicator)`	`Table`
Timeline by Indicator Type	Displays a chart of malicious confidence indicators by actor and type, then limits results to the first 50 entries. Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Indicator Type" := rename(type) \| timechart(series="Indicator Type", limit=50, function=count())`	`Time Chart`
Timeline by Malicious Confidence	Displays a chart of malicious confidence actors on a timeline and limits results to the first 50 entries. Hide Query Show Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Malicious Confidence" := rename(malicious_confidence) \| timechart(series="Malicious Confidence" , limit=50, function=count())`	`Time Chart`

CrowdStrike Intel Indicators: Overview

Widget	Description	Type
Malicious Confidence: Low	Displays a list of current events that has a low malicious confidence rating. Hide Query Show Query logscale `deleted=false "malicious_confidence"=low \| count()`	`Gauge`
Deleted Indicators	Displays deleted indicators. Hide Query Show Query logscale `deleted=true \| count()`	`Gauge`
Indicator Count: Type	Indicator Type Hide Query Show Query logscale `timechart(series=type, limit=30, function=count())`	`Time Chart`
Total Indicators	Displays the total number of threat indicators. Hide Query Show Query logscale `count()`	`Gauge`
Top 10 Threat Actors	Displays a table of the top 10 threat actors. Hide Query Show Query logscale `actors[0]=* \| Actor := actors[0] \| top(field=Actor) \| rename(field=_count, as=Count)`	`Table`
Top 10 Malware Families	Displays a table of the top 10 malware families found. Hide Query Show Query logscale `top("malware_families[0]")\| split(malware_families) \| Count := rename(_count) \| "Malware Family" := rename(malware_families[0]) \| table(["Malware Family", "Count"])`	`Table`
Updated Indicators	Displays a list of updated indicators by publish date. Hide Query Show Query logscale `"published_date" !=last_updated \| count()`	`Gauge`
Malicious Confidence: High	Displays events with a malicious confidence rating of HIGH. Hide Query Show Query logscale `deleted=false "malicious_confidence"=high \| count()`	`Gauge`
Malicious Confidence: Unverified	Displays a list of unverified malicious confidence events. Hide Query Show Query logscale `deleted=false "malicious_confidence"=unverified \| count()`	`Gauge`
Malicious Confidence: Medium	Displays a list of entries whose malicious confidence level is ruled as 'medium'. Hide Query Show Query logscale `deleted=false "malicious_confidence"=medium \| count()`	`Gauge`

Enter search term