crowdstrike/intel-indicators Dashboards

CrowdStrike Intel Indicators: Actors

The CrowdStrike Intel Indicators Actors dashboard provides real-time visibility into threat actor activities, behavior patterns, and detected campaigns. This dashboard enables monitoring and analysis of threat actor intelligence across your environment.
CrowdStrike Intel Indicators: Malware Family

The CrowdStrike Intel Indicators Malware Family dashboard displays detailed malware classifications, family relationships, and infection patterns. This dashboard tracks malware evolution and variant behavior across your security landscape.
CrowdStrike Intel Indicators: Overview

The CrowdStrike Intel Indicators Overview dashboard presents comprehensive threat intelligence data, indicator patterns, and security findings. This dashboard enables holistic analysis of threat intelligence indicators across your environment.

CrowdStrike Intel Indicators: Actors

The CrowdStrike Intel Indicators Actors dashboard provides real-time visibility into threat actor activities, behavior patterns, and detected campaigns. This dashboard enables monitoring and analysis of threat actor intelligence across your environment.

Example of an Intel Indicators Actors dashboard

Widget	Description	Type
Timeline for Intel on Threat Actor	Displays a chart of threat actors and their event timelines then limits results to the first 50 entries. Hide Query Show Query Explain Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| Actor := rename(actors) \| timechart(series=Actor, limit=50, function=count()) \| json:prettyPrint()`	`Time Chart`
Table of Indicators for Threat Actors (limit 10k)	Creates a table of indicators of the presence of Threat Actors (TA) and limits the results to the first 10,000 results. Hide Query Show Query Explain Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| table([last_updated, malicious_confidence, actors, type, indicator], sortby=last_updated, limit=10000) \| "Last Updated" := rename(last_updated) \| "Malicious Confidence" := rename(malicious_confidence) \| "Actor" := rename(actors) \| "Indicator Type" := rename(type) \| "Indicator" := rename(indicator)`	`Table`
Timeline by Indicator Type	Displays a chart of malicious confidence indicators by actor and type, then limits results to the first 50 entries. Hide Query Show Query Explain Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Indicator Type" := rename(type) \| timechart(series="Indicator Type", limit=50, function=count())`	`Time Chart`
Timeline by Malicious Confidence	Displays a chart of malicious confidence actors on a timeline and limits results to the first 50 entries. Hide Query Show Query Explain Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Malicious Confidence" := rename(malicious_confidence) \| timechart(series="Malicious Confidence" , limit=50, function=count())`	`Time Chart`

CrowdStrike Intel Indicators: Malware Family

The CrowdStrike Intel Indicators Malware Family dashboard displays detailed malware classifications, family relationships, and infection patterns. This dashboard tracks malware evolution and variant behavior across your security landscape.

Example of an Intel Indicators Malware Family dashboard

Widget	Description	Type
Timeline for Intel on Malware Family	Displays a chart of malware families and resulting intel on a timeline and limits results to the first 50 entries. Hide Query Show Query Explain Query logscale `malware_families[0]=* \| split(malware_families) \| malware_families=?malware_families type=?indicator_type malicious_confidence=?malicious_confidence \| "Malware Family" := rename(malware_families) \| timechart(series="Malware Family", limit=50, function=count())`	`Time Chart`
Table of Indicators for Threat Actors (limit 10k)	Creates a table of indicators of the presence of Threat Actors (TA) and limits the results to the first 10,000 results. Hide Query Show Query Explain Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| table([last_updated, malicious_confidence, actors, type, indicator], sortby=last_updated, limit=10000) \| "Last Updated" := rename(last_updated) \| "Malicious Confidence" := rename(malicious_confidence) \| "Actor" := rename(actors) \| "Indicator Type" := rename(type) \| "Indicator" := rename(indicator)`	`Table`
Timeline by Indicator Type	Displays a chart of malicious confidence indicators by actor and type, then limits results to the first 50 entries. Hide Query Show Query Explain Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Indicator Type" := rename(type) \| timechart(series="Indicator Type", limit=50, function=count())`	`Time Chart`
Timeline by Malicious Confidence	Displays a chart of malicious confidence actors on a timeline and limits results to the first 50 entries. Hide Query Show Query Explain Query logscale `actors[0]=* \| split(actors) \| actors=?Actor type=?indicator_type malicious_confidence=?malicious_confidence \| "Malicious Confidence" := rename(malicious_confidence) \| timechart(series="Malicious Confidence" , limit=50, function=count())`	`Time Chart`

CrowdStrike Intel Indicators: Overview

The CrowdStrike Intel Indicators Overview dashboard presents comprehensive threat intelligence data, indicator patterns, and security findings. This dashboard enables holistic analysis of threat intelligence indicators across your environment.

Example of an Intel Indicators Overview dashboard

Widget	Description	Type
Malicious Confidence: Low	Displays a list of current events that has a low malicious confidence rating. Hide Query Show Query Explain Query logscale `deleted=false "malicious_confidence"=low \| count()`	`Gauge`
Deleted Indicators	Displays deleted indicators. Hide Query Show Query Explain Query logscale `deleted=true \| count()`	`Gauge`
Indicator Count: Type	Indicator Type Hide Query Show Query Explain Query logscale `timechart(series=type, limit=30, function=count())`	`Time Chart`
Total Indicators	Displays the total number of threat indicators. Hide Query Show Query Explain Query logscale `count()`	`Gauge`
Top 10 Threat Actors	Displays a table of the top 10 threat actors. Hide Query Show Query Explain Query logscale `actors[0]=* \| Actor := actors[0] \| top(field=Actor) \| rename(field=_count, as=Count)`	`Table`
Top 10 Malware Families	Displays a table of the top 10 malware families found. Hide Query Show Query Explain Query logscale `top("malware_families[0]")\| split(malware_families) \| Count := rename(_count) \| "Malware Family" := rename(malware_families[0]) \| table(["Malware Family", "Count"])`	`Table`
Updated Indicators	Displays a list of updated indicators by publish date. Hide Query Show Query Explain Query logscale `"published_date" !=last_updated \| count()`	`Gauge`
Malicious Confidence: High	Displays events with a malicious confidence rating of HIGH. Hide Query Show Query Explain Query logscale `deleted=false "malicious_confidence"=high \| count()`	`Gauge`
Malicious Confidence: Unverified	Displays a list of unverified malicious confidence events. Hide Query Show Query Explain Query logscale `deleted=false "malicious_confidence"=unverified \| count()`	`Gauge`
Malicious Confidence: Medium	Displays a list of entries whose malicious confidence level is ruled as 'medium'. Hide Query Show Query Explain Query logscale `deleted=false "malicious_confidence"=medium \| count()`	`Gauge`

Versions of this Page

Package Marketplace

Package Reference

Dashboard Reference

Package Management

Other Integrations

Log Formats

crowdstrike/intel-indicators Dashboards

CrowdStrike Intel Indicators: Actors

CrowdStrike Intel Indicators: Malware Family

CrowdStrike Intel Indicators: Overview

Enter search term