Created
June 24, 2024 18:18
-
-
Save superducktoes/4a90c5a7ec941f3b28dcb4b7bd186534 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form version="1.1"> | |
| <label>Email RIOT</label> | |
| <fieldset submitButton="false"> | |
| <input type="time" token="field1"> | |
| <label></label> | |
| <default> | |
| <earliest>-30d@d</earliest> | |
| <latest>now</latest> | |
| </default> | |
| </input> | |
| </fieldset> | |
| <row> | |
| <panel> | |
| <title>Non-RIOT Locations</title> | |
| <map> | |
| <search> | |
| <query>source="mail://[email protected]/inbox" | rex field=_raw max_match=0 "(?<senderIP>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" | mvexpand senderIP | dedup senderIP | search senderIP!=10.* AND senderIP!=127.0.0.1 AND senderIP!=255.255.255.255 AND senderIP!=169.254.132.9 | gnriot ip_field=senderIP | where greynoise_riot=0 | iplocation senderIP | stats count by Country | geom geo_countries featureIdField="Country"</query> | |
| <earliest>$field1.earliest$</earliest> | |
| <latest>$field1.latest$</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="drilldown">none</option> | |
| <option name="mapping.choroplethLayer.colorBins">5</option> | |
| <option name="mapping.choroplethLayer.colorMode">auto</option> | |
| <option name="mapping.choroplethLayer.maximumColor">0xaf575a</option> | |
| <option name="mapping.choroplethLayer.minimumColor">0x62b3b2</option> | |
| <option name="mapping.choroplethLayer.neutralPoint">0</option> | |
| <option name="mapping.choroplethLayer.shapeOpacity">0.75</option> | |
| <option name="mapping.choroplethLayer.showBorder">1</option> | |
| <option name="mapping.data.maxClusters">100</option> | |
| <option name="mapping.legend.placement">bottomright</option> | |
| <option name="mapping.map.center">(0,0)</option> | |
| <option name="mapping.map.panning">1</option> | |
| <option name="mapping.map.scrollZoom">0</option> | |
| <option name="mapping.map.zoom">2</option> | |
| <option name="mapping.markerLayer.markerMaxSize">50</option> | |
| <option name="mapping.markerLayer.markerMinSize">10</option> | |
| <option name="mapping.markerLayer.markerOpacity">0.8</option> | |
| <option name="mapping.showTiles">1</option> | |
| <option name="mapping.tileLayer.maxZoom">7</option> | |
| <option name="mapping.tileLayer.minZoom">0</option> | |
| <option name="mapping.tileLayer.tileOpacity">1</option> | |
| <option name="mapping.type">choropleth</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="trellis.enabled">0</option> | |
| <option name="trellis.scales.shared">1</option> | |
| <option name="trellis.size">medium</option> | |
| </map> | |
| </panel> | |
| <panel> | |
| <title>RIOT Senders</title> | |
| <chart> | |
| <search> | |
| <query>sourcetype="mail" | rex field=_raw max_match=0 "(?<senderIP>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" | mvexpand senderIP | dedup senderIP | search senderIP!="10.50.*" AND senderIP!="127.0.0.1" AND senderIP!="10.*" | gnriot ip_field=senderIP | where greynoise_riot=1 | stats count by greynoise_name</query> | |
| <earliest>$field1.earliest$</earliest> | |
| <latest>$field1.latest$</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> | |
| <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> | |
| <option name="charting.axisTitleX.visibility">visible</option> | |
| <option name="charting.axisTitleY.visibility">visible</option> | |
| <option name="charting.axisTitleY2.visibility">visible</option> | |
| <option name="charting.axisX.abbreviation">none</option> | |
| <option name="charting.axisX.scale">linear</option> | |
| <option name="charting.axisY.abbreviation">none</option> | |
| <option name="charting.axisY.scale">linear</option> | |
| <option name="charting.axisY2.abbreviation">none</option> | |
| <option name="charting.axisY2.enabled">0</option> | |
| <option name="charting.axisY2.scale">inherit</option> | |
| <option name="charting.chart">column</option> | |
| <option name="charting.chart.bubbleMaximumSize">50</option> | |
| <option name="charting.chart.bubbleMinimumSize">10</option> | |
| <option name="charting.chart.bubbleSizeBy">area</option> | |
| <option name="charting.chart.nullValueMode">gaps</option> | |
| <option name="charting.chart.showDataLabels">none</option> | |
| <option name="charting.chart.sliceCollapsingThreshold">0.01</option> | |
| <option name="charting.chart.stackMode">default</option> | |
| <option name="charting.chart.style">shiny</option> | |
| <option name="charting.drilldown">none</option> | |
| <option name="charting.layout.splitSeries">0</option> | |
| <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> | |
| <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> | |
| <option name="charting.legend.mode">standard</option> | |
| <option name="charting.legend.placement">right</option> | |
| <option name="charting.lineWidth">2</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="trellis.enabled">0</option> | |
| <option name="trellis.scales.shared">1</option> | |
| <option name="trellis.size">medium</option> | |
| </chart> | |
| </panel> | |
| </row> | |
| <row> | |
| <panel> | |
| <title>Non-RIOT Senders</title> | |
| <chart> | |
| <search> | |
| <query>source="mail://[email protected]/inbox" | rex field=_raw max_match=0 "(?<senderIP>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" | mvexpand senderIP | search senderIP!=10.* AND senderIP!=127.0.0.1 AND senderIP!=255.255.255.255 AND senderIP!=169.254.132.9 | |
| | gnriot ip_field=senderIP | |
| | search greynoise_riot=0 | |
| | stats count by d</query> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| <sampleRatio>1</sampleRatio> | |
| </search> | |
| <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> | |
| <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> | |
| <option name="charting.axisTitleX.visibility">visible</option> | |
| <option name="charting.axisTitleY.visibility">visible</option> | |
| <option name="charting.axisTitleY2.visibility">visible</option> | |
| <option name="charting.axisX.abbreviation">none</option> | |
| <option name="charting.axisX.scale">linear</option> | |
| <option name="charting.axisY.abbreviation">none</option> | |
| <option name="charting.axisY.scale">linear</option> | |
| <option name="charting.axisY2.abbreviation">none</option> | |
| <option name="charting.axisY2.enabled">0</option> | |
| <option name="charting.axisY2.scale">inherit</option> | |
| <option name="charting.chart">pie</option> | |
| <option name="charting.chart.bubbleMaximumSize">50</option> | |
| <option name="charting.chart.bubbleMinimumSize">10</option> | |
| <option name="charting.chart.bubbleSizeBy">area</option> | |
| <option name="charting.chart.nullValueMode">gaps</option> | |
| <option name="charting.chart.showDataLabels">none</option> | |
| <option name="charting.chart.sliceCollapsingThreshold">0.01</option> | |
| <option name="charting.chart.stackMode">default</option> | |
| <option name="charting.chart.style">shiny</option> | |
| <option name="charting.drilldown">none</option> | |
| <option name="charting.layout.splitSeries">0</option> | |
| <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option> | |
| <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> | |
| <option name="charting.legend.mode">standard</option> | |
| <option name="charting.legend.placement">right</option> | |
| <option name="charting.lineWidth">2</option> | |
| <option name="refresh.display">progressbar</option> | |
| <option name="trellis.enabled">0</option> | |
| <option name="trellis.scales.shared">1</option> | |
| <option name="trellis.size">medium</option> | |
| </chart> | |
| </panel> | |
| </row> | |
| </form> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment