extrahop/revealx Dashboards

Widget	Description	Type
Top Primary Victims (By Name)	Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(victim_primary.name) \| sort((_count))`	`Bar Chart`
Top MITRE Tactics	Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby("mitre_tactics_string") \| sort((_count))`	`Pie Chart`
Top Primary Victims (By IP)	Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(victim_primary.ipaddr) \| sort((_count))`	`Bar Chart`
Top External Offenders Map	Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| case { offender_primary.external = "true" \| _ip := offender_primary.ipaddr} \| worldmap(ip=_ip)`	`World Map`
Top Primary Offenders (By IP)	Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(offender_primary.ipaddr) \| sort((_count))`	`Bar Chart`
Top Primary Offenders (By Name)	Displays a list of primary offenders by name using ExtraHop Reveal(x) 360. Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(offender_primary.name) \| sort((_count))`	`Bar Chart`
Top Categories	Hide Query Show Query logscale `#type="extrahop-rx360-detection" AND "site"=?{site_name=*} \| groupby(categories_array[0]) \| sort((_count))`	`Pie Chart`

Widget	Description	Type
Total Unmanaged Systems	Hide Query Show Query logscale `format = "ExFlow" \|!undefined \| count(name,distinct=true)`	`Gauge`
Top 10 Peers	Hide Query Show Query logscale `format = "ExFlow" \| !undefined \| !169.254 \| groupby(field=receiverAddr, function=count()) \| sort(field=_count, type=number, limit=10, order=desc)`	`Table`
ExFlow Data (Unmanaged Systems)	Displays a list of Windows ExFlow PCAP data in table format. Hide Query Show Query logscale `ExFlow OS \| format("[PCAP Download](%s)", field=pcap, as=PCAP)\| format("%s", field=pcap, as="pcapLink")\|table([@timestamp,OS, name, mac ,senderAddr, senderPort,receiverAddr, receiverPort, bytes, pkts, l7proto, proto, age,PCAP])`	`Table`
Outbound Connections	Hide Query Show Query logscale `//\| receiverAddr = ?ReceiverIP AND senderAddr = ?SenderIP \| worldMap(ip=receiverAddr)`	`World Map`
New Devices (Last 24 Hours)	Displays new devices used in the last 24 hours. Hide Query Show Query logscale `format = "ExFlow" \| New Device \| count(receiverAddr, distinct=True)`	`Gauge`
Incoming Connections	Hide Query Show Query logscale `worldMap(ip=senderAddr)`	`World Map`
NDR Detections	Hide Query Show Query logscale `type = EH-ThreatHunt \| groupby(name) \| sort(field=_count, type=number, limit=10, order=desc)`	`Table`
Top Protocols in use by Unmanaged SYstems	Hide Query Show Query logscale `format = "ExFlow" \| !undefined \| !169.254 \| groupby(field=l7proto, function=count()) \| sort(field=_count, type=number, limit=10, order=desc)`	`Pie Chart`