Explore - Pulsedive

<!DOCTYPE html> <html lang='en' data-theme='dark' data-uid='0' data-username='' data-email='' data-key='' data-role='0' data-pro='0' data-api='0' data-feed='0' data-enterprise='0' data-integrations='W10=' data-services='eyJhcGkiOnsicGxhbiI6InZpc2l0b3IiLCJkaXNwbGF5IjpudWxsLCJsaW1pdHMiOnsic29mdCI6ZmFsc2UsInJlcXVlc3RzIjp7InNlY29uZCI6MSwiZGF5IjoxMCwibW9udGgiOjEwMH0sImV4cGxvcmUiOjEwLCJhbmFseXplIjpmYWxzZSwibmV3cyI6ZmFsc2V9LCJjdXN0b21lciI6ZmFsc2V9LCJmZWVkIjp7InBsYW4iOiJmcmVlIiwiZGlzcGxheSI6IlNhbXBsZSBPbmx5IiwibGltaXRzIjp7InNhbXBsZSI6dHJ1ZX0sImN1c3RvbWVyIjpmYWxzZX19' data-crawler='0' data-throttle='0' data-customer='0' data-maintenance='0' > <head>  <meta charset='utf-8'>  <base href='https://pulsedive.com'>  <title>Explore - Pulsedive</title>  <link rel='canonical' href='https://pulsedive.com/explore/threats'>  <link rel='shortcut icon' href='https://pulsedive.com/img/favicon.png'> <link rel='icon' type='image/x-icon' href='https://pulsedive.com/img/favicon.png'>  <link rel='search' type='application/opensearchdescription+xml' title='Pulsedive' href='https://pulsedive.com/opensearch.php?v=6.3.06'>  <meta name='version' content='6.3.06'>  <meta name='assets' content='https://pulsedive.com'>  <meta name='viewport' content='width=device-width, initial-scale=1'>  <meta name='author' content='Pulsedive'> <meta name='description' content="Search, filter, and pivot on IOCs by risk, threats, feeds, WHOIS, DNS, HTTP headers, country, and more using Pulsedive."> <meta name='keywords' content="threat intelligence,feed,ioc">  <meta name='twitter:card' content='summary_large_image'> <meta name='twitter:site' content='@pulsedive'> <meta name='twitter:creator' content='@pulsedive'> <meta name='twitter:title' content='Explore - Pulsedive'> <meta name='twitter:description' content='Search, filter, and pivot on IOCs by risk, threats, feeds, WHOIS, DNS, HTTP headers, country, and more using Pulsedive.'> <meta name='twitter:image' content='https://pulsedive.com/img/opengraph/explore.jpg'>  <meta property='og:url' content='https://pulsedive.com/explore/threats'> <meta property='og:title' content='Explore - Pulsedive'> <meta property='og:description' content='Search, filter, and pivot on IOCs by risk, threats, feeds, WHOIS, DNS, HTTP headers, country, and more using Pulsedive.'> <meta property='og:image' content='https://pulsedive.com/img/opengraph/explore.jpg'>  <link rel='preload' href='https://pulsedive.com/fonts/fontawesome.css?v=6.3.06' as='style'><link rel='stylesheet' href='https://pulsedive.com/fonts/fontawesome.css?v=6.3.06'><link rel='preload' href='https://pulsedive.com/fonts/montserrat.css?v=6.3.06' as='style'><link rel='stylesheet' href='https://pulsedive.com/fonts/montserrat.css?v=6.3.06'><link rel='preload' href='https://pulsedive.com/fonts/varelaround.css?v=6.3.06' as='style'><link rel='stylesheet' href='https://pulsedive.com/fonts/varelaround.css?v=6.3.06'>  <link rel='preload' href='https://pulsedive.com/css/page.css?v=6.3.06' as='style'><link rel='stylesheet' href='https://pulsedive.com/css/page.css?v=6.3.06'><link rel='preload' href='https://pulsedive.com/css/layout.css?v=6.3.06' as='style'><link rel='stylesheet' href='https://pulsedive.com/css/layout.css?v=6.3.06'><link rel='preload' href='https://pulsedive.com/css/cards.css?v=6.3.06' as='style'><link rel='stylesheet' href='https://pulsedive.com/css/cards.css?v=6.3.06'><link rel='preload' href='https://pulsedive.com/css/elem.css?v=6.3.06' as='style'><link rel='stylesheet' href='https://pulsedive.com/css/elem.css?v=6.3.06'><link rel='preload' href='https://pulsedive.com/css/dark.css?v=6.3.06' as='style'><link rel='stylesheet' href='https://pulsedive.com/css/dark.css?v=6.3.06'> </head> <body data-schema='eyJpbmRpY2F0b3JzIjp7ImFydGlmYWN0Ijp7ImRpc3BsYXkiOiJBcnRpZmFjdCIsImF0dHJpYnV0ZXMiOlsiZmlsZW5hbWUiLCJmaWxldHlwZSIsInlhcmEiLCJ0YWN0aWMiLCJ0ZWNobmlxdWUiXX0sImRvbWFpbiI6eyJkaXNwbGF5IjoiRG9tYWluIiwiYXR0cmlidXRlcyI6WyJwcm90b2NvbCIsInBvcnQiLCJob3N0dHlwZSIsInRlY2hub2xvZ3kiLCJ0YWN0aWMiLCJ0ZWNobmlxdWUiXX0sImlwdjYiOnsiZGlzcGxheSI6IklQdjYiLCJhdHRyaWJ1dGVzIjpbInByb3RvY29sIiwicG9ydCIsImhvc3R0eXBlIiwidGVjaG5vbG9neSIsInRhY3RpYyIsInRlY2huaXF1ZSJdfSwiaXAiOnsiZGlzcGxheSI6IklQIiwiYXR0cmlidXRlcyI6WyJwcm90b2NvbCIsInBvcnQiLCJob3N0dHlwZSIsInRlY2hub2xvZ3kiLCJ0YWN0aWMiLCJ0ZWNobmlxdWUiXX0sInVybCI6eyJkaXNwbGF5IjoiVVJMIiwiYXR0cmlidXRlcyI6WyJwcm90b2NvbCIsInBvcnQiLCJ0ZWNobm9sb2d5IiwidGFjdGljIiwidGVjaG5pcXVlIl19fSwidGhyZWF0cyI6eyJhdHRyaWJ1dGVzIjpbInRhY3RpYyIsInRlY2huaXF1ZSIsInRlY2hub2xvZ3kiLCJpbmR1c3RyeSIsImNvdW50cnljb2RlIl0sImNhdGVnb3JpZXMiOnsiYXR0YWNrIjoiQXR0YWNrIiwidGVycm9yaXNtIjoiVGVycm9yaXNtIiwic3BhbSI6IlNwYW0iLCJleHBsb2l0a2l0IjoiRXhwbG9pdCBLaXQiLCJyYW5zb213YXJlIjoiUmFuc29td2FyZSIsInJhdCI6IlJBVCIsImJvdG5ldCI6IkJvdG5ldCIsInBoaXNoaW5nIjoiUGhpc2hpbmciLCJnZW5lcmFsIjoiR2VuZXJhbCIsIm1hbHdhcmUiOiJNYWx3YXJlIiwiZnJhdWQiOiJGcmF1ZCIsInByb3h5IjoiUHJveHkiLCJncm91cCI6Ikdyb3VwIiwiZmFtaWx5IjoiTWFsd2FyZSBGYW1pbHkiLCJwdXAiOiJQVVAiLCJ0b29sIjoiVG9vbCIsImNyaW1lIjoiQ3JpbWUiLCJ2dWxuZXJhYmlsaXR5IjoiVnVsbmVyYWJpbGl0eSIsInJlY29ubmFpc3NhbmNlIjoiUmVjb25uYWlzc2FuY2UiLCJjYW1wYWlnbiI6IkNhbXBhaWduIiwiYWJ1c2UiOiJBYnVzZSIsInNweXdhcmUiOiJTcHl3YXJlIn19LCJhdHRyaWJ1dGVzIjp7InRlY2huaXF1ZSI6IlRlY2huaXF1ZSIsInRlY2hub2xvZ3kiOiJUZWNobm9sb2d5IiwiaW5kdXN0cnkiOiJJbmR1c3RyeSIsImNvdW50cnljb2RlIjoiQ291bnRyeSBDb2RlIiwicG9ydCI6IlBvcnQiLCJwcm90b2NvbCI6IlByb3RvY29sIiwiZmlsZXR5cGUiOiJGaWxlIFR5cGUiLCJ0YWN0aWMiOiJUYWN0aWMiLCJ5YXJhIjoiWUFSQSBSdWxlIiwiZmlsZW5hbWUiOiJGaWxlIE5hbWUiLCJob3N0dHlwZSI6Ikhvc3QgVHlwZSJ9LCJ2YWxpZGF0aW9uIjp7ImNvdW50cnljb2RlIjoiXC9eW0EtWl17Mn0kXC8ifX0='>  <header data-hide="0">  <a class='logo' data-enterprise=0 href='https://pulsedive.com'> <img style='max-height:35px; max-width:10em;' class='logo bigscreen' src='https://pulsedive.com/img/logo_community_light.svg?v=6.3.06' alt="Pulsedive logo"> <img style='max-height:35px;' class='logo smallscreen midscreen' src='https://pulsedive.com/img/heart.svg?v=6.3.06' alt="Pulsedive logo"> </a> <a class='logo' data-enterprise=1 href='/dashboard/'> <img style='max-height:35px; max-width:10em;' class='logo bigscreen' src='https://pulsedive.com/img/logo_community_light.svg?v=6.3.06' alt="Pulsedive logo"> <img style='max-height:35px;' class='logo smallscreen midscreen' src='https://pulsedive.com/img/heart.svg?v=6.3.06' alt="Pulsedive logo"> </a>  <nav class='bigscreen'> <a href='/dashboard/'><i class='fas fa-stream'></i>Dashboard</a> <div class='dropdown'> <a href='/explore/'><i class='fas fa-explore'></i>Explore</a> <div> <a href='/explore/'><i class='fas fa-indicator'></i>Indicators</a> <a href='/explore/threats/'><i class='fas fa-threat'></i>Threats</a>  <a href='/api/explore' class='sep-top'><i class='fas fa-product-api'></i>API</a> </div> </div> <a href='/analyze/'><i class='fas fa-code-branch'></i>Analyze</a> <div class='dropdown'> <a href='/api/'><i class='fas fa-product-api'></i>API</a> <div> <a href='/api/'><i class='fas fa-info-circle'></i>Overview</a> <a href='/api/indicators' class='sep-top'><i class='fas fa-indicator'></i>Indicators</a> <a href='/api/threats'><i class='fas fa-threat'></i>Threats</a> <a href='/api/explore'><i class='fas fa-explore'></i>Explore</a> <a data-enterprise=0 href='/about/api' class='sep-top'><i class='fas fa-clock'></i>Rate Limits</a> <a href='/api/taxii'><i class='fas fa-taxii'></i>STIX/TAXII 2.1</a> <a data-enterprise=0 href='/about/feed'><i class='fas fa-product-feed'></i>Bulk Export</a> </div> </div> <div data-enterprise=1 class='dropdown'> <a onclick="Form.feedDownload().modal(true);" data-enterprise=1 data-auth=1><i class='fas fa-product-feed'></i>Export</a> <div> <a onclick="Form.feedDownload().modal(true);" data-enterprise=1 data-auth=1><i class='fas fa-product-feed'></i>Configure CSV</a> <a href='/api/taxii'><i class='fas fa-taxii'></i>STIX/TAXII 2.1</a> </div> </div> <div data-enterprise=0 class='dropdown'> <a href='/about/'><i class='fas fa-info-circle'></i>About</a> <div> <a href='/about/'><i class='fas fa-info-circle'></i>Overview</a> <a href='/pro' class='sep-top' style='min-width:10em;'><i class='fas fa-product-pro'></i>Pro<span data-pro="0" style='float:right;' class='success'>30% OFF</span><span data-pro="1" style='opacity:0.5; float:right;'>$29/mo</span></a> <a href='/about/api'><i class='fas fa-product-api'></i>API</a> <a href='/about/feed'><i class='fas fa-product-feed'></i>Feed</a> <a href='/enterprise'><i class='fas fa-product-enterprise'></i>Enterprise TIP</a> <a href='/addon' class='sep-top'><i class='fab fa-chrome'></i>Add-On</a> <a href='/integrations'><i class='fas fa-puzzle-piece'></i>Integrations</a> <a href='/company'><i class='fas fa-copyright'></i>Company</a> <a href='https://blog.pulsedive.com' target='_blank'><i class='fas fa-rss'></i>Blog</a> </div> </div> </nav> <nav class='midscreen'> <a href='/explore/' alt="Explore"><i class='fas fa-explore'></i></a> <a href='/analyze/' alt="Analyze"><i class='fas fa-code-branch'></i></a> <a href='/api/' alt="API"><i class='fas fa-product-api'></i></a> <a href='/about/pro' alt='Pro' data-enterprise=0 data-pro=0 data-admin=0><i class='fas fa-product-pro'></i></a> <a href='/about/feed' alt="Feed" data-enterprise=0 data-pro=1 data-admin=0><i class='fas fa-product-feed'></i></a> <a onclick="Form.feedDownload().modal(true);" alt="Feed" data-enterprise=1 data-auth=1><i class='fas fa-product-feed'></i></a> <a href='/configuration/' alt="Admin" data-admin=1><i class='fas fa-cogs'></i></a> <a href='/about/' data-enterprise=0 alt="About"><i class='fas fa-info-circle'></i></a> </nav> <aside>  <span class='bigscreen'> <div data-auth=0 data-enterprise=0 class='dropdown'> <a href='/register' class='success'><i class='fas fa-user-plus'></i>Sign Up</a> <div> <a data-action='login'><i class='fas fa-sign-in-alt'></i>Sign In</a> <a data-action='theme'><i class='fas fa-adjust'></i>Change Theme</a> <a data-action='contact'><i class='fas fa-envelope'></i>Contact Us</a> </div> </div> <div data-auth=1 class='dropdown'> <a href='/account/'><i class='fas fa-user-cog' data-pro=0 data-admin=0></i><i class='fas fa-user-shield' data-pro=1 data-admin=0></i><i class='fas fa-users-cog' data-admin=1></i><span style='display:inline-block; text-overflow:ellipsis; overflow:hidden; vertical-align:bottom; max-width:5em;'></span></a> <div> <a href='/account/'><i class='fas fa-user'></i>Account</a> <a data-enterprise=1 onclick="window.page.forms.keys.modal(true);"><i class='fas fa-puzzle-piece'></i>Third-Party API Keys</a> <a data-enterprise=0 data-pro=1 onclick="window.page.forms.keys.modal(true);"><i class='fas fa-product-pro'></i>Pro Integrations</a> <a data-action='theme'><i class='fas fa-adjust'></i>Change Theme</a> <a data-action='contact' data-enterprise=0 data-admin=0><i class='fas fa-envelope'></i>Contact Us</a> <a data-action='contact' data-enterprise=1><i class='fas fa-life-ring'></i>Support</a> <a data-enterprise=0 data-admin=0 data-pro=0 data-api=0 data-feed=0 href='/purchase' class='success'><i class='fa fa-plus-circle'></i>Upgrade</a> <a href='/pulsedive/data.php?get=indicators' target='_blank' class='sep-top'><i class='fas fa-upload'></i>Export Submissions</a> <a data-feed=1 data-enterprise=0 onclick="Form.feedDownload().modal(true);"><i class='fas fa-product-feed'></i>Download Feed</a> <a data-feed=0 data-enterprise=0 onclick="Form.feedDownload().modal(true);"><i class='fas fa-product-feed'></i>Feed Sample</a> <a onclick="window.page.forms.threat.modal(true);" data-contributor=1 data-enterprise=0 class='sep-top'><i class='fas fa-threat'></i>Add a threat</a> <a onclick="window.page.forms.threat.modal(true);" data-enterprise=1 class='sep-top'><i class='fas fa-threat'></i>Add a threat</a>  <a href='/configuration/' data-admin=1><i class='fas fa-cogs'></i>Admin</a> <a data-action='logout' class='error sep-top'><i class='fas fa-sign-out-alt'></i>Sign Out</a> </div> </div> <a data-action='toolbox' alt="Toolbox"><i class='fas fa-hammer'></i></a> </span>  <span class='midscreen'> <a data-action='login' data-auth=0 data-enterprise=0 class='success' alt="Sign In"><i class='fas fa-user-plus'></i></a> <a data-action='account' data-auth=1 href='/account/' alt="Account"><i class='fas fa-user-cog' data-pro=0 data-admin=0></i><i class='fas fa-user-shield' data-pro=1 data-admin=0></i><i class='fas fa-users-cog' data-admin=1></i></a> <a data-action='toolbox' alt="Toolbox"><i class='fas fa-hammer'></i></a> <a data-action='theme' alt="Toggle theme"><i class='fas fa-adjust'></i></a> <a data-action='contact' class='bigscreen' data-enterprise=0 alt="Contact"><i class='fas fa-envelope'></i></a> <a data-action='contact' data-enterprise=1 alt="Support"><i class='fas fa-life-ring'></i></a> </span>  <div class='text-wrapper'> <i class='fas fa-search' onclick="this.parentElement.querySelector('input[type=text]').focus();"></i><input name='search' type='text' autocomplete='none' aria-label='search'> </div>  <span class='smallscreen'> <a onclick="document.querySelector('header nav.mobile').style.display = 'block'; window.page.url('nav', { anchor:true });"><i class='fas fa-bars'></i></a> </span> </aside>  <nav class='mobile'> <a name='closeNav' onclick="this.parentElement.style.display = 'none'; window.page.url('', { anchor:true });"><i class='fas fa-times'></i></a> <a href='/dashboard/'><i class='fas fa-stream'></i>Dashboard</a> <a href='/explore/'><i class='fas fa-explore'></i>Explore</a> <a href='/analyze/'><i class='fas fa-code-branch'></i>Analyze</a> <a href='/api/' data-enterprise=1><i class='fas fa-product-api'></i>API</a> <a href='/about/api' data-enterprise=0 data-admin=0><i class='fas fa-product-api'></i>API</a> <a href='/about/pro' data-enterprise=0 data-admin=0><i class='fas fa-product-pro'></i>Pro</a> <a href='/about/feed' data-enterprise=0 data-admin=0><i class='fas fa-product-feed'></i>Feed</a> <a onclick="Form.feedDownload().modal(true);" data-enterprise=1 data-auth=1><i class='fas fa-product-feed'></i>Feed</a> <a href='/configuration/' data-admin=1><i class='fas fa-cogs'></i>Admin</a> <a class='sep-bottom' href='/about/' data-enterprise=0><i class='fas fa-info-circle'></i>About</a> <a data-action='register' data-auth=0 data-enterprise=0><i class='fas fa-user-plus'></i>Register</a> <a data-action='login' data-auth=0 data-enterprise=0><i class='fas fa-sign-in-alt'></i>Sign In</a> <a data-action='account' data-auth=1 href='/account/'><i class='fas fa-user-cog' data-pro=0 data-admin=0></i><i class='fas fa-user-shield' data-pro=1 data-admin=0></i><i class='fas fa-users-cog' data-admin=1></i>Account</a> <a data-action='logout' data-auth=1><i class='fas fa-sign-out-alt'></i>Sign Out</a> <a data-action='theme' onclick="this.parentElement.style.display = 'none';"><i class='fas fa-adjust'></i>Toggle Theme</a> <a data-action='contact' onclick="this.parentElement.style.display = 'none';"><i class='fas fa-envelope'></i>Contact</a> </nav> </header>  <script defer src='https://pulsedive.com/js/events.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/functions.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/page.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/docs.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/forms.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/preview.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/data.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/premium.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/integrations.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/suggestions.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/api/api.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/api/explore.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/api/indicator.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/api/threat.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/api/feed.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/api/action.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/api/submit.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/api/search.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/ui/ui.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/ui/card.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/ui/autocomplete.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/ui/stamp.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/ui/taglist.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/ui/table.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/ui/grid.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/ui/tree.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/ui/cloner.js?v=6.3.06'></script><script defer src='https://pulsedive.com/js/ui/regex.js?v=6.3.06'></script>  <aside data-show=1 class='search midscreen bigscreen'> </aside>  <main>  <div id='unsupported-browser-warning' class='sep-bottom error' style='padding:10px; display:none;'> <div class='inline' style='margin-left:5px;'> <i class='fas fa-exclamation-circle'></i> </div> <div class='inline' style='width:calc(100% - 40px);'> We detected an unsupported browser. Some features and functionality might not work properly. We strongly recommend you upgrade your browser. </div> </div> <section> <script> // user services var services; // default maximum number of results var max = 10000; // search object var explore; // query history table var qhistory; // query hints var hints_indicators; var hints_threats; // query textbox var query; // autocomplete var autocomplete; // results table var results; // query guide var guide; // search type toggle var toggle; // action object var bulk; // progress bar var progress; window.addEventListener('load', function(event) { // retrieve user services data services = JSON.parse(window.page.user.services); // set max results if (services.api && services.api.limits && services.api.limits.explore) { max = services.api.limits.explore; } // initialize explore object explore = new Explore(); window.page.header('Explore'); // search type toggle outputSearchToggle(); // query history outputSide(); // query box outputQuery(); // results outputResults(); // query info outputInfo(); // result actions outputActions(); // result limits outputLimits(); // query guide outputGuide(); // manage data outputManage(); // hide actions and sort menu by default window.page.cards.results.actions().dataset.hide = 1; if (window.page.user.role > 1) { window.page.cards.results.sort().dataset.hide = 1; } // hide results card when first loading window.page.cards.results.card.dataset.hide = 1; // load query from query string load(); // update query value when navigating history window.addEventListener('popstate', function(event) { load(); }); }); function qs() { // adjust page based on search type var page = '/explore/'; if (explore.type == 'threats') { page += 'threats/'; } // update URL window.page.url(page + '?q=' + encodeURIComponent(query.textbox.value)); } function load() { // set toggle if (window.page.page == 'threats') { threatMode(true); } // query suggestion provided if (window.page.qs.s !== undefined && window.page.qs.s !== null) { query.textbox.value = Explore.clause('', window.page.qs.s.trim(), '', true); // show autocomplete query.textbox.focus(); return; } // no query provided if (window.page.qs.q === undefined || window.page.qs.q === null || window.page.qs.q.trim() == '') { query.textbox.value = ''; // hide results window.page.cards.results.card.dataset.hide = 1; // show query guide guide.dataset.hide = 0; return; } // update search box try { query.textbox.value = Explore.legacy(window.page.qs.q); // update query string qs(); } catch (err) { query.textbox.value = window.page.qs.q; } // update hints filterHints(); // run search if (query.textbox.value.length > 0) { execute(); } } function execute(limit) { // no query provided if (!query.textbox.value.trim()) { // hide results window.page.cards.results.card.dataset.hide = 1; // show query guide guide.dataset.hide = 0; return; } // update canonical URL window.page.canon('/explore/' + (explore.type == 'threats' ? 'threat/' : '') + '?q=' + encodeURIComponent(query.textbox.value.trim())); // hide guide guide.dataset.hide = 1; // show results card window.page.cards.results.card.dataset.hide = 0; // hide header, actions, and sort menu window.page.cards.results.header().dataset.hide = 1; window.page.cards.results.actions().dataset.hide = 1; if (window.page.user.role > 1) { window.page.cards.results.sort().dataset.hide = 1; } // hide "query changed" notice var querychanged = window.page.cards.querychanged.card; if (querychanged) { querychanged.dataset.hide = 1; } // remove any call-to-action var cta = window.page.sections.main.querySelectorAll('div.p.cta'); for (var i = 0; i < cta.length; i++) { window.page.sections.main.removeChild(cta[i]); } // clear existing results and add loading animation results.clear().note("Our trained professionals are fetching your results, please be patient."); // set results limit explore.limit = limit || (max > 250 ? 250 : max); // get start time to measure request duration var startTime = new Date(); // new search request explore.execute(query.textbox.value, function(error, response) { // update query info window.page.forms.qinfo.ui.inputs.limit.textContent = explore.limit; window.page.forms.qinfo.ui.inputs.count.textContent = 0; window.page.forms.qinfo.ui.inputs.time.textContent = '-1 s'; window.page.forms.qinfo.ui.inputs.query.textContent = response ? response.query : ''; // print error message results.clear().error(error.message); // print affected clause if (response && response.clause) { results.error(response.clause); } // show guide guide.dataset.hide = 0; }, function(startTime, message, data) { if (data.results === undefined || data.results === null) { data.results = []; } // clear all notes, errors, and results results.clear(); // update query info window.page.forms.qinfo.ui.inputs.limit.textContent = explore.limit; window.page.forms.qinfo.ui.inputs.count.textContent = data.results.length; window.page.forms.qinfo.ui.inputs.query.textContent = data.query; // measure query duration try { window.page.forms.qinfo.ui.inputs.time.textContent = ((new Date() - startTime) / 1000).toFixed(2) + ' s'; } catch (err) { window.page.forms.qinfo.ui.inputs.time.textContent = '-1 s' } // update result limit window.page.cards.results.update({ header:{ title:explore.type == 'threats' ? 'Threats' : 'Indicators', icon:explore.type == 'threats' ? 'threat' : 'indicator', aside:data.results.length.toLocaleString('en-US') + (data.results.length >= explore.limit ? '+' : '') + ' ' + (explore.type == 'threats' ? 'threat' : 'indicator') + (data.results.length == 1 ? '' : 's') } }); // no results if (data.results.length <= 0) { // show how we interpreted their query results.note(UI.p([UI.div().add("This is how we interpreted your query: "), UI.element('samp', data.query || "No query.", { class:!data.query ? 'error' : '', style:{ display:'block', margin:'1em' } })])); // show guide guide.dataset.hide = 0; } else { // show header, actions, and sort menu window.page.cards.results.header().dataset.hide = 0; window.page.cards.results.actions().dataset.hide = 0; if (window.page.user.role > 1 && explore.type != 'threats') { window.page.cards.results.sort().dataset.hide = 0; if (window.page.cards.results.ui.actions.bulk) { window.page.cards.results.ui.actions.bulk.dataset.hide = 0; } } // hide guide guide.dataset.hide = 1; } // print results results.add(data.results).print(); // results are cut off and user is using free API if (data.results.length >= explore.limit && window.page.user.uid <= 0 && !window.page.sections.main.querySelector('div.p.cta')) { // create call-to-action container var cta = UI.div('p cta').appendChild(UI.element('section', [], { class:'center' })); // notice for limited results cta.add(UI.heading("Your results are limited to " + explore.limit + " rows.", { level:3 })); // not logged in or registered if (window.page.user.uid <= 0) { cta.add(UI.p("Create a free account to increase your limit.")); // view rate limits cta.add(UI.button("Result Limits", function() { window.open('/about/api', '_blank'); })); // register call-to-action cta.add(UI.button("Register", function() { window.page.forms.login.modal(true).tab('register'); }, { class:'calltoaction' })); // free API } else if (window.page.user.api <= 0) { cta.add(UI.p("Upgrade your API tier to increase your limit.")); // upgrade cta.add(UI.button("Learn More", function() { window.open('/about/api', '_blank'); }, { class:'calltoaction' })); } // add below results window.page.sections.main.appendChild(cta.parentElement); } // fetch updated history if (window.page.user.uid > 0) { explore.history(function(error, response) { }, function(message, data) { // add query to table qhistory.clear().add(data.results).sort('stamp', 'descending').print(); }); } }.bind(this, startTime)); } function updateIndicators(input, action, done, form) { // perform bulk action bulk.reset().update(input).process('indicator', action, function(err) { done(); this.result(err.message, 'error'); }.bind(form), function() { done(); Card.hideOverlay(); outputForms(); }, function(completed, total, errors) { // show progress bar window.page.cards.progress.card.dataset.hide = 0; // update progress progress.update(completed, total, "Updating " + completed + '/' + total); }, function() { // hide progress bar window.page.cards.progress.card.dataset.hide = 1; // refresh results execute(); }); } function outputSide() { // header window.page.aside.appendChild(UI.heading('Your Queries', { class:'sep-bottom' })); // user is not registered if (window.page.user.uid <= 0) { window.page.aside.appendChild(UI.p([UI.a("Create an account", '', { attribute:{ 'data-action':'register' } }), " to use query history."])); return; } // table object for query history qhistory = new Table([], function(row, data) { // add query and search type to metadata row.dataset.query = data.query; row.dataset.type = data.type // callback row.onclick = function() { // change search type if (toggle.selection() != this.dataset.type) { if (this.dataset.type == 'threats') { threatMode(true); } else { indicatorMode(true); } } // run query query.textbox.value = this.dataset.query; execute(); qs(); }.bind(row); // add search type icon row.appendChild(UI.div('note', { margin:0 }).add(UI.icon(data.type == 'threats' ? 'threat' : 'indicator'))); // add query and time information row.appendChild(UI.div().add(UI.descriptor(data.query, new Stamp(data.stamp)))); return row; }, { loading:true, empty:"No recent queries." }); // add history table to side window.page.aside.appendChild(qhistory.element); // fetch history if (window.page.user.uid > 0) { explore.history(function(error, response) { // show no empty table message if (qhistory.data.length <= 0) { qhistory.print(); } }, function(message, data) { // add query to table qhistory.add(data.results).sort('stamp', 'descending').print(); }); } } function indicatorMode(passive) { // already indicator mode if (toggle.selection() == 'indicators') { return; } // switch toggle toggle.select('indicators'); // update header window.page.cards.results.update({ header:{ title:'Indicators', icon:'indicator' } }); // show hints if (hints_indicators.querySelector('.tag:not(.note)')) { hints_indicators.parentElement.dataset.hide = 0; } hints_threats.parentElement.dataset.hide = 1; // show bulk management button if (window.page.cards.results.ui.actions.bulk) { window.page.cards.results.ui.actions.bulk.dataset.hide = 0; } // show sort menu if (window.page.cards.results.sort()) { window.page.cards.results.sort().dataset.hide = 0; } // show checkboxes depending on role if (window.page.user.role > 1) { results.select = true; } else { results.select = null; } // change search type explore.type = 'indicators'; // update default autocomplete suggestions updateSuggestions(); // update URL window.page.url('', { page:true, replace:true }); // update guide outputGuide(); // run search if (!passive) { execute(explore.limit); } } function threatMode(passive) { // already indicator mode if (toggle.selection() == 'threats') { return; } // switch toggle toggle.select('threats'); // update header window.page.cards.results.update({ header:{ title:'Threats', icon:'threat' } }); // hide hints if (hints_threats.querySelector('.tag:not(.note)')) { hints_threats.parentElement.dataset.hide = 0; } hints_indicators.parentElement.dataset.hide = 1; // hide bulk management button if (window.page.cards.results.ui.actions.bulk) { window.page.cards.results.ui.actions.bulk.dataset.hide = 1; } // hide sort menu if (window.page.cards.results.sort()) { window.page.cards.results.sort().dataset.hide = 1; } // hide checkboxes results.select = null; // change search type explore.type = 'threats'; // update default autocomplete suggestions updateSuggestions(); // update URL window.page.url('threats/', { page:true, replace:true }); // update guide outputGuide(); // run search if (!passive) { execute(explore.limit); } } function outputSearchToggle() { // add search type toggle toggle = new Taglist({ toggle:true, radio:true, select:'indicators' }, [{ name:'indicators', display:'Indicators', icon:'indicator', callback:function(tag) { // change search mode indicatorMode(); } }, { name:'threats', display:'Threats', icon:'threat', callback:function(tag) { // change search mode threatMode(); } }]).taglist; // add search type toggle window.page.sections.main.appendChild(UI.div('center', { position:'absolute', top:'20px', right:'55px', zIndex:'10' }).add(UI.label("Search mode:", { class:'note midscreen bigscreen', style:{ marginRight:'1em' } })).add(toggle)); window.page.sections.main.style.position = 'relative'; } function filterHints() { // remove hints if terms are already used if (query.textbox.value.indexOf('risk=') >= 0) { hints_indicators.remove('risk'); } if (query.textbox.value.indexOf('seen=') >= 0) { hints_indicators.remove('seen'); } if (query.textbox.value.indexOf('retired=') >= 0 || query.textbox.value.indexOf('active') >= 0) { hints_indicators.remove('active'); } if (query.textbox.value.indexOf('type=') >= 0) { hints_indicators.remove('hosts'); } if (query.textbox.value.indexOf('threat=') >= 0) { hints_indicators.remove('phishing'); hints_threats.remove('all'); } if (query.textbox.value.indexOf('feed=') >= 0) { hints_threats.remove('mitre'); } if (query.textbox.value.indexOf('technology=') >= 0) { hints_threats.remove('windows'); hints_threats.remove('macos'); hints_threats.remove('linux'); } // hide hints if empty if (!hints_indicators.querySelector('.tag:not(.note)')) { hints_indicators.parentElement.dataset.hide = 1; } if (!hints_threats.querySelector('.tag:not(.note)')) { hints_threats.parentElement.dataset.hide = 1; } } function outputQuery() { // indicator query hints hints_indicators = new Taglist({ note:"No hints.", callback:function(tag) { // remove clicked tag hints_indicators.remove(tag); // no more hints if (!hints_indicators.querySelector('.tag:not(.note)')) { // hide hints hints_indicators.parentElement.dataset.hide = 1; } } }, [{ name:'risk', display:'Higher risk', icon:'risk-up fa-risk-high', callback:function(tag) { window.page.explore({ type:'risk', value:'high+' }); } }, { name:'active', display:'Active only', icon:'hourglass-start', callback:function(tag) { window.page.explore({ type:'retired', value:'0' }); } }, { name:'seen', display:'Seen in last week', icon:'eye', callback:function(tag) { window.page.explore({ type:'seen', value:'week' }); } }, { name:'hosts', display:'IPs and domains', icon:'indicator', callback:function(tag) { window.page.explore({ type:'type', value:'ip,ipv6,domain' }); } }, { name:'phishing', display:'Phishing', icon:'threat', callback:function(tag) { window.page.explore({ type:'threat', value:'phishing' }); } }]).taglist; window.page.sections.main.appendChild(UI.div('', { width:'calc(100% - 40px)' }).add(UI.element('span', "Popular filters:", { class:'note', style:{ marginRight:'1.5em' } })).add(hints_indicators)); // threat query hints hints_threats = new Taglist({ note:"No hints.", callback:function(tag) { // remove clicked tag hints_threats.remove(tag); // no more hints if (!hints_threats.querySelector('.tag:not(.note)')) { // hide hints hints_threats.parentElement.dataset.hide = 1; } } }, [{ name:'all', display:'Show all threats', icon:'threat', callback:function(tag) { window.page.explore({ type:'threat', value:'*' }); } }, { name:'mitre', display:'MITRE ATT&CK', icon:'stream', callback:function(tag) { window.page.explore({ type:'feed', value:'mitre' }); } }, { name:'windows', display:'Windows', icon:'fab fa-windows', callback:function(tag) { window.page.explore({ type:'technology', value:'windows' }); } }, { name:'macos', display:'MacOS', icon:'fab fa-apple', callback:function(tag) { window.page.explore({ type:'technology', value:'macos' }); } }, { name:'linux', display:'Linux', icon:'fab fa-linux', callback:function(tag) { window.page.explore({ type:'technology', value:'linux' }); } }]).taglist; window.page.sections.main.appendChild(UI.div('', { width:'calc(100% - 40px)' }).add(UI.element('span', "Popular filters:", { class:'note', style:{ marginRight:'1.5em' } })).add(hints_threats)); hints_threats.parentElement.dataset.hide = 1; // search bar query = window.page.sections.main.appendChild(UI.iconBox('explore', { style:{ display:'block', width:'calc(100% - 75px)', padding:'10px 20px', marginTop:'1em' } }, { attribute:{ //autofocus:true }, style:{ padding:'5px', fontSize:'16px' } })); // to show when query text does not match results shown var querychanged = new Card({ class:'notice', name:'querychanged', full:true }).add(UI.div().add(UI.p(["The query has changed and no longer matches the results shown.", UI.button("Run Query", function() { // run query execute(); qs(); }, { class:'calltoaction' })], { icon:'info-circle' }))).append().card; // adjust spacing querychanged.style.marginTop = '40px'; // hide notice querychanged.dataset.hide = 1; // check if query matches results var checkQuery = function(event) { // update hints filterHints(); // query changed if (this.value.trim() != explore.q.trim() && this.value.trim() != '' && explore.q.trim() != '') { // show "query changed" notice querychanged.dataset.hide = 0; } else { // hide "query changed" notice querychanged.dataset.hide = 1; } }.bind(query.textbox); // listen for changes to query query.textbox.addEventListener('input', checkQuery); setInterval(checkQuery, 1000); // custom autocomplete autocomplete = new Autocomplete(query.textbox, { explore:true, callback:function(suggestion) { // query has not changed if (query.textbox.value.trim() == explore.q.trim()) { return; } // run query execute(); // update query string qs(); } }); // set default autocomplete suggestions updateSuggestions(); } function updateSuggestions() { // threat search if (explore.type == 'threats') { autocomplete.type = 'explore:threats'; autocomplete.default = [{ value:"threat=", icon:'threat', description:"Filter by threat. Wildcards accepted." }, { value:"tactic=", icon:'attribute', description:"Filter by tactic. MITRE ATT&CK IDs not supported yet. Wildcards accepted." }, { value:"technique=", icon:'attribute', description:"Filter by technique (or subtechnique). MITRE ATT&CK IDs not supported yet. Wildcards accepted." }, { value:"technology=", icon:'attribute', description:"Filter by operating system (from MITRE ATT&CK data). Wildcards accepted." }, { value:'feed=', icon:'feed', description:"Filter by feed name or organization. Wildcards accepted." }, { value:"ioc=", icon:'indicator', description:"Filter by indicator value. Wildcards accepted." }, { value:'category=', icon:'filter', description:"Filter by threat category." }, /*{ value:'risk=', icon:'filter', description:"Filter by risk score. You can use +, -, or specify a list." }, */{ value:'active=', icon:'filter', description:"Filter by active or retired." }]; // indicator search } else { autocomplete.type = 'explore'; autocomplete.default = [{ value:"ioc=", icon:'indicator', description:"Filter by indicator value. Wildcards accepted." }, { value:'attribute=', icon:'attribute', description:"Filter by attribute. Wildcards accepted." }, { value:'property=', icon:'property', description:"Filter by property. Wildcards accepted." }, { value:"threat=", icon:'threat', description:"Filter by threat. Wildcards accepted." }, { value:'feed=', icon:'feed', description:"Filter by feed name or organization. Wildcards accepted." }, { value:'type=', icon:'filter', description:"Filter by indicator type." }, { value:'risk=', icon:'filter', description:"Filter by risk score. You can use +, -, or specify a list." }, { value:'seen=', icon:'filter', description:"Filter by last seen. You can use +, -, or specify a range." }, { value:'active=', icon:'filter', description:"Filter by active or retired." }]; } } function outputResults() { // results card with table new Card({ name:'results', full:true, header:{ title:'Indicators', icon:'indicator' } }).append(); // add sorting and bulk selection for admins if (window.page.user.role > 1) { window.page.cards.results.sort([{ key:'indicator', display:'Indicator' }, { key:'domain', display:'Domain' }, { key:'type', display:'Type' }, { key:'risk', display:'Risk' }, { key:'stamp_seen', display:'Last Seen', icon:'eye', class:'midscreen bigscreen' }]); } // add results table window.page.cards.results.add(new Table([], function(row, object) { // object URL row.href = object.url(); // risk row.appendChild(UI.div().add(UI.icon('risk-' + (object.risk.score || object.risk)))); // retired if (object.stamp.retired) { row.classList.add('retired'); } // object subtext var subtext = UI.div(); if (object instanceof Indicator) { // PTR record var ptr = object.properties.get('dns', 'ptr'); if (ptr.constructor === Array) { ptr = ptr[0]; } if (ptr && ptr.trim().indexOf(';;') < 0) { subtext.add(UI.p(object.properties.get('dns', 'ptr'), { icon:'location-arrow', class:'note' })); } // location var cc = object.countrycode(); if (cc) { subtext.add(UI.p([UI.flag(cc), object.location()], { class:'note' })); } } else { // aliases subtext.add(UI.p(object.aliases.join(' | '), { icon:'user-tag', class:'note' })); // category subtext.add(UI.p(Threat.categories()[object.category], { icon:'tag', class:'note' })); } // object name row.appendChild(UI.div('grow').add(UI.heading(object.display())).add(subtext)); // stamp row.appendChild(UI.div('right').add(UI.p(UI.stamp(object.stamp.seen), { icon:'eye' }))); return row; }, { name:'results', preview:true, loading:true, empty:"No results.", more:'scroll', sort:window.page.user.role > 1 ? window.page.cards.results.sort() : null, selection:window.page.user.role > 1 ? true : false })); // save results table for easier referencing results = window.page.cards.results.ui.objects.results; // adjust spacing window.page.cards.results.card.style.marginTop = '40px'; } function outputInfo() { var info = new Form('qinfo', "Query Info").add({ close:true }, [{ type:'p', value:"Below is more information on how your query was executed.", marginBottom:'2em' }, { name:'limit', label:'Result Limit', type:'label', value:'100' }, { name:'count', label:'Count', type:'label', value:'0' }, { name:'time', label:'Query Time', type:'label', value:'0' }, { name:'query', label:'Effective Query', type:UI.element('code', '[no query]', { style:{ maxWidth:'100%', marginTop:'10px' } }), marginTop:true, marginBottom:true }], []); // query info action window.page.cards.results.actions(UI.a(UI.element('span', 'Query Info'), '', { icon:'info-circle', alt:"View information on query execution.", attribute:{ onclick:"window.page.cards.qinfo.modal(true);" } })); } function outputActions() { // export menu if (window.page.user.uid > 0) { window.page.cards.results.actions(UI.dropdown(UI.a('Export', '', { icon:'file-export' }), [ UI.a('CSV via API', function(done) { // export CSV file window.open('/api/explore.php?format=csv&search=' + explore.type + '&limit=' + explore.limit + '&q=' + encodeURIComponent(explore.q), '_blank'); done(); }, { icon:'product-api' }), UI.a('JSON via API', function(done) { // pretty-print JSON window.open('/api/explore.php?pretty=1&search=' + explore.type + '&limit=' + explore.limit + '&q=' + encodeURIComponent(explore.q), '_blank'); done(); }, { icon:'product-api' }), UI.a('STIX 2.1 via API', function(done) { // pretty-print JSON window.open('/api/explore.php?format=stix&pretty=1&search=' + explore.type + '&limit=' + explore.limit + '&q=' + encodeURIComponent(explore.q), '_blank'); done(); }, { icon:'product-api' }) ])); // not logged in } else { window.page.cards.results.actions(UI.a('Export', function(done) { // show login form window.page.forms.login.modal(true); done(); }, { icon:'file-export', alt:"Log in to export to CSV, JSON, and STIX 2.1." })); } // open share dialogue if (navigator.share) { window.page.cards.results.actions(UI.a('Share', function(done) { navigator.share({ url:window.page.canon(), title:document.title, text:"View this Explore query on Pulsedive: " + trunc(explore.q, 100) }); done(); }, { icon:'fas fa-share-alt', alt:"Open your browser's share options." })); // show sharing options } else { window.page.cards.results.actions(UI.dropdown(UI.a('Share', '', { icon:'share-alt' }), [ UI.a('Copy URL', function(done) { window.page.copy(window.page.canon()); done('Copied!'); }, { icon:'copy' }), UI.a('Email', function(done) { window.open(encodeURI("mailto:?body=" + "Query:\n" + explore.q + "\n\n" + window.page.canon()), '_blank'); done(); }, { icon:'fas fa-envelope' }), UI.a('Tweet', function(done) { window.open(window.page.tweet("Check out what I found in @pulsedive: ", true), '_blank'); done(); }, { newTab:true, icon:'fab fa-twitter' }) ])); } } function outputLimits() { // first dropdown link to show current result max var label = UI.a((max > 250 ? 250 : max).toLocaleString('en-US') + " results", '', { icon:'list-ul' }) // update label when selecting result max var updateLabel = function(n) { label.textContent = ''; label.add([UI.icon('list-ul'), n.toLocaleString('en-US') + " results"]); }; // add max dropdown window.page.cards.results.actions(UI.element('aside', UI.dropdown(label, [ max < 250 ? UI.a(max.toLocaleString('en-US') + " results", function(done, event) { updateLabel(max); execute(max); done(); }, { icon:'list-ul' }) : null, window.page.user.uid <= 0 ? UI.a("Sign up for more", function(done, event) { window.page.forms.login.tab('register').modal(true); done(); }, { icon:'user-plus', class:'success' }) : null, window.page.user.uid > 0 && max > 10 && max < 250 ? UI.a("Upgrade for more", function(done, event) { window.open('/about/pro', '_blank'); done(); }, { icon:'chevron-circle-right', class:'success' }) : null, max >= 250 ? UI.a("250 results", function(done, event) { updateLabel(250); execute(250); done(); }, { icon:'list-ul' }) : null, max > 250 && max < 1000 ? UI.a(max.toLocaleString('en-US') + " results", function(done, event) { updateLabel(max); execute(max); done(); }, { icon:'list-ul' }) : null, max >= 1000 ? UI.a("1,000 results", function(done, event) { updateLabel(1000); execute(1000); done(); }, { icon:'list-ul' }) : null, max > 1000 && max < 10000 ? UI.a(max.toLocaleString('en-US') + " results", function(done, event) { updateLabel(max); execute(max); done(); }, { icon:'list-ul' }) : null, window.page.user.uid > 0 && max >= 250 && max < 10000 ? UI.a("Upgrade for more", function(done, event) { window.open('/about/api', '_blank'); done(); }, { icon:'chevron-circle-right', class:'success' }) : null, max >= 10000 ? UI.a("10,000 results", function(done, event) { updateLabel(10000); execute(10000); done(); }, { icon:'list-ul' }) : null ], { right:true }))); } function outputGuide() { // create guide container if (!guide) { guide = window.page.sections.main.appendChild(UI.div('p')); guide.style.padding = '20px'; guide.style.animation = 'fadein 0.2s'; } // hide by default guide.dataset.hide = 1; // guide to load var page = 'guide.html'; if (explore.type == 'threats') { page = 'threats.html'; } // clear guide content guide.textContent = ''; // fetch query guide content, add version to prevent caching new Request('GET', '/explore/' + page + '?v=' + window.page.version, {}, function(type, status, response) { // response arrived after search type changed if (type != explore.type) { return; } // print guide guide.innerHTML = response; // handle Explore example queries var examples = guide.querySelectorAll('a.explore'); for (var i = 0, len = examples.length; i < len; i++) { var a = examples[i]; // add URL a.href = '/explore/' + (explore.type == 'threats' ? 'threats/' : '') + '?q=' + encodeURIComponent(a.textContent); a.target = '_blank'; // set styling a.style.border = 'none'; a.style.fontFamily = 'monospace'; a.style.fontSize = '95%'; // add Explore icon if not inline if (!a.classList.contains('inline')) { a.insertBefore(UI.icon('explore', { class:'bigscreen', style:{ fontSize:'0.8em', marginRight:'0.5em' } }), a.firstChild); } } // handle category tags try { var categories = new Taglist({ icon:'explore', callback:function(tag) { // deselect all tags this.deselect(); // open a new search window.open('/explore/threats/?q=' + encodeURIComponent('category=' + tag.getAttribute('name'))); } }, Threat.categories(true), 'categories'); } catch (err) { } }.bind(this, explore.type)); } function outputManage() { // not an admin if (window.page.user.role <= 1) { return; } // initialize actions bulk = new Action(); // add progress bar, hidden by default progress = UI.progress(0, 0, "Updating"); var container = new Card({ name:'progress', full:true }).add(UI.p(progress)).card; container.style.marginBottom = 0; container.style.marginTop = '40px'; container.dataset.hide = 1; window.page.sections.main.insertBefore(container, window.page.cards.results.card); // add bulk management forms outputForms(); // add Manage dropdown window.page.cards.results.actions(UI.dropdown(UI.a("Manage", '', { name:'bulk', icon:'list-ul' }), [UI.a("Add Comment", function(done) { window.page.forms.addcomment.modal(true); done(); }, { icon:'comment', }), UI.a("Edit Risk", function(done) { window.page.forms.editrisk.modal(true); done(); }, { icon:'edit' }), UI.a("Add Data", function(done) { window.page.forms.adddata.modal(true); done(); }, { icon:'plus' }), UI.a("Remove Data", function(done) { window.page.forms.removedata.modal(true); done(); }, { icon:'minus' }), UI.a("Retire", function(done) { window.page.forms.retire.modal(true); done(); }, { icon:'hourglass-end' }), UI.a("Activate", function(done) { window.page.forms.activate.modal(true); done(); }, { icon:'hourglass-start' })])); } function outputForms() { // add comment new Form('addcomment', "Add Comment").add({ result:true, cancel:outputForms, note:window.page.user.enterprise > 0 ? "This is not shared outside your Enterprise instance." : "Please do not include any information that is sensitive to you or your organization." }, [{ name:'comment', label:'Comment', type:'textarea', required:true, guidance:true }, { name:'confirm', label:"I understand this will add my comment to the selected indicators.", type:'checkbox', required:true }], { name:'addcomment', text:"Add Comment", click:function(done) { // no selection if (results.selection().length <= 0) { this.result("No indicators selected.", 'error'); done(); return; } // confirm if (!this.ui.inputs.confirm.checked) { this.result("Please confirm you understand the impact.", 'error'); done(); return; } // perform bulk action updateIndicators({ iid:results.selection().map(function(row) { return row.iid; }), comment:this.ui.inputs.comment.value }, 'comment', done, this); } }); // edit risk new Form('editrisk', "Edit Risk").add({ result:true, cancel:outputForms }, [{ type:'p', value:"Unless Recommended is selected, this will update the risk scores of selected indicators and will override the recommended risk.", marginBottom:'1em' }, { type:'p', value:"If risk scores are manually set, selecting Recommended will revert indicators back to their recommended risk scores.", marginBottom:'1em' }, { name:'risk', label:'Risk', type:new Taglist({ radio:true, select:'recommended' }, [ { name:'recommended', display:'Recommended', icon:'heartbeat' }, { name:'unknown', display:'Unknown', icon:'risk-unknown' }, { name:'none', display:'Very Low', icon:'risk-none' }, { name:'low', display:'Low', icon:'risk-low' }, { name:'medium', display:'Medium', icon:'risk-medium' }, { name:'high', display:'High', icon:'risk-high' }, { name:'critical', display:'Critical', icon:'risk-critical' } ]).taglist, required:true, guidance:true }, { name:'replace_risk', label:"Only update indicators with lower risk score than selected.", type:'checkbox', required:true }, { name:'confirm', label:"I understand the impact of this change.", type:'checkbox', required:true }], { name:'edit', text:"Update", click:function(done) { // no selection if (results.selection().length <= 0) { this.result("No indicators selected.", 'error'); done(); return; } // confirm if (!this.ui.inputs.confirm.checked) { this.result("Please confirm you understand the impact.", 'error'); done(); return; } // perform bulk action updateIndicators({ iid:results.selection().map(function(row) { return row.iid; }), risk:this.ui.inputs.risk.selection(), replace_risk:this.ui.inputs.replace_risk.checked, }, 'quickedit', done, this); } }); // get attributes for indicators var attributes = []; for (var itype in window.page.data.schema.indicators) { for (var i = 0; i < window.page.data.schema.indicators[itype].attributes.length; i++) { var attribute = window.page.data.schema.indicators[itype].attributes[i]; if (attributes.indexOf(attribute) < 0 && ['yara'].indexOf(attribute) < 0) { attributes.push(attribute); } } } attributes.sort(); // create inputs for attributes var input_attributes = function() { var result = []; for (var i = 0; i < attributes.length; i++) { result.push({ name:attributes[i], label:UI.descriptor(UI.descriptor(window.page.data.schema.attributes[attributes[i]], window.page.data.schema.validation[attributes[i]] ? 'Regex validation' : ''), Object.keys(window.page.data.schema.indicators).sort().reduce(function(supported, itype) { if (window.page.data.schema.indicators[itype].attributes.indexOf(attributes[i]) >= 0) { supported.push(window.page.data.schema.indicators[itype].display); } return supported; }, []).join(', ')), type:'text', taglist:{ autocomplete:attributes[i], validation:window.page.data.schema.validation[attributes[i]] } }); } return result; }; // add data new Form('adddata', "Add Data").add({ result:true, cancel:outputForms }, [{ type:'p', value:"This will add the specified threats and attributes to the selected indicators.", marginBottom:'2em' }, { name:'threats', label:'Threats', type:'text', taglist:{ autocomplete:'threats' } }, { type:UI.p("Attributes will be added only to indicators that support them. If not supported, the attributes will be silently ignored.", { class:'note', icon:'info-circle', style:{ padding:0 } }), marginTop:'1em', marginBottom:'1em' }].concat(input_attributes()).concat([{ name:'confirm', type:'checkbox', label:"I understand the impact of this change.", required:true, marginTop:'2em' }]), { name:'adddata', text:"Add", click:function(done) { // no selection if (results.selection().length <= 0) { this.result("No indicators selected.", 'error'); done(); return; } // confirm if (!this.ui.inputs.confirm.checked) { this.result("Please confirm you understand the impact.", 'error'); done(); return; } // perform bulk action updateIndicators({ iid:results.selection().map(function(row) { return row.iid; }), threat:this.ui.inputs.threats.selection(), attributes:attributes.reduce(function(data, attribute) { data[attribute] = this.ui.inputs[attribute].selection(); return data; }.bind(this), {}) }, 'quickedit', done, this); } }); // remove data new Form('removedata', "Remove Data").add({ result:true, cancel:outputForms }, [{ type:'p', value:"This will remove the specified threats and attributes from the selected indicators.", marginBottom:'2em' }, { name:'threats', label:'Threats', type:'text', taglist:{ autocomplete:'threats' } }].concat(input_attributes()).concat([{ name:'confirm', label:"I understand the impact of this change.", type:'checkbox', required:true }]), { name:'removedata', text:"Remove", class:'danger', click:function(done) { // no selection if (results.selection().length <= 0) { this.result("No indicators selected.", 'error'); done(); return; } // confirm if (!this.ui.inputs.confirm.checked) { this.result("Please confirm you understand the impact.", 'error'); done(); return; } // perform bulk action updateIndicators({ iid:results.selection().map(function(row) { return row.iid; }), remove:{ threat:this.ui.inputs.threats.selection(), attributes:attributes.reduce(function(data, attribute) { data[attribute] = this.ui.inputs[attribute].selection(); return data; }.bind(this), {}) } }, 'quickedit', done, this); } }); // retire new Form('retire', "Retire").add({ result:true, cancel:outputForms, note:window.page.user.enterprise > 0 ? "This is not shared outside your Enterprise instance." : "Please do not include any information that is sensitive to you or your organization." }, [{ name:'comment', label:'Reason', type:'textarea', required:false, guidance:true }, { name:'confirm', label:"I understand this will retire the selected indicators.", type:'checkbox', required:true }], { name:'retire', text:"Retire", click:function(done) { // no selection if (results.selection().length <= 0) { this.result("No indicators selected.", 'error'); done(); return; } // confirm if (!this.ui.inputs.confirm.checked) { this.result("Please confirm you understand the impact.", 'error'); done(); return; } // perform bulk action updateIndicators({ iid:results.selection().map(function(row) { return row.iid; }), comment:this.ui.inputs.comment.value }, 'retire', done, this); } }); // activate new Form('activate', "Activate").add({ result:true, cancel:outputForms }, [{ type:'p', value:"This will activate the selected indicators if they are retired. Indicators that are already active will not change.", marginBottom:'2em' }, { name:'confirm', label:"I understand.", type:'checkbox', required:true }], { name:'activate', text:"Activate", click:function(done) { // no selection if (results.selection().length <= 0) { this.result("No indicators selected.", 'error'); done(); return; } // confirm if (!this.ui.inputs.confirm.checked) { this.result("Please confirm you understand the impact.", 'error'); done(); return; } // perform bulk action updateIndicators({ iid:results.selection().map(function(row) { return row.iid; }) }, 'activate', done, this); } }); } </script> </section>  <footer data-hide="0"> <a href='https://pulsedive.com' target='_blank'>©2024 Pulsedive LLC | v6.3.06 | October 1</a>  <aside> <a data-crawler=1 href='/recent' target='_blank'><i class='fas fa-history'></i>Recent</a> <a name='slack' href='https://join.slack.com/t/pulsedive/shared_invite/enQtMzI3NDQyMjEzMTY4LTBhNmE1NWIyMjdhNjVkYTc5OWMxZGExNWM3OWIxYzYyZGNlMGMwODBjNTZlNjc0M2RhOGQ3MjQwYjQ1Nzk3ZGE' target='_blank'><i class='fab fa-slack inline'></i></a> <a name='linkedin' href='https://linkedin.com/company/pulsedive' target='_blank'><i class='fab fa-linkedin inline'></i></a> <a name='blog' href='https://blog.pulsedive.com' target='_blank'><i class='fas fa-rss inline'></i></a> <span>|</span> <a name='company' href='https://pulsedive.com/about/company' target='_blank'><i class='fas fa-copyright'></i>Company</a> <a data-action='contact'><i class='fas fa-envelope'></i>Contact</a> <a href='/terms' target='_blank'><i class='fas fa-file'></i>Terms</a> <a data-enterprise=0 href='/privacy' target='_blank'><i class='fas fa-user-secret'></i>Privacy</a> <a data-enterprise=1 href='/enterprise-privacy' target='_blank'><i class='fas fa-user-secret'></i>Privacy</a> </aside> </footer> </main> </body> </html>

CINXE.COM

Explore - Pulsedive