google/chronicle-ioc Dashboards

Widget	Description	Type
Top 10 Sources of Chronicle IOCs	A chart that displays the most common sources of Chronicle IOCs Hide Query Show Query logscale `top(source, limit=10, rest="Other")`	`Pie Chart`
Chronicle IOCs by Raw Severity	A chart that shows the most common raw severities for Chronicle IOCs Hide Query Show Query logscale `top(rawSeverity, limit=10, rest="Other")`	`Pie Chart`
Top 10 Categories for Chronicle IOCs	A chart that displays the most common IOC categories Hide Query Show Query logscale `top(category, limit=10, rest="Other")`	`Pie Chart`
10 Most Recent Chronicle IOCs	A table that displays the 10 most recently seen IOCs from Chronicle Hide Query Show Query logscale `rename("artifact.domainName", as="Domain Name") \| rename("category", as="Category") \| rename("source", as="Source") \| rename("rawSeverity", as="Severity") \| rename("confidenceScore.normalizedConfidenceScore", as="Confidence Score") \| rename("confidenceScore.normalizedConfidenceScore", as="Confidence Score") \| rename("lastSeenTime", as="Last Seen Time") \| table(["Domain Name", "Category", "Source", "Severity", "Confidence Score", "Last Seen Time"], sortby="Last Seen Time", limit=10)`	`Table`
Chronicle IOC Timeline	A timechart that displays Chronicle IOCs by their associated domain names over a period of time Hide Query Show Query logscale `timechart(artifact.domainName)`	`Time Chart`
Total IOCs	The total number of IOCs seen in the given timeframe Hide Query Show Query logscale `count()`	`Gauge`