forked from Joshua-Yu/cyber
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathThreat Intelligence Analysis.json
1 lines (1 loc) · 10.7 KB
/
Threat Intelligence Analysis.json
1
{"name":"Threat Intelligence Analysis","id":"dd319f10-ae8a-11ed-8242-118bf6a9b5c1","categories":[{"id":1,"name":"pulse","labels":["pulse"],"properties":[{"name":"id","exclude":false,"dataType":"string"},{"name":"name","exclude":false,"dataType":"string"},{"name":"create_time","exclude":false,"dataType":"string"},{"name":"description","exclude":false,"dataType":"string"}],"createdAt":1676614695883,"lastEditedAt":1676614695883,"color":"#98bac7","size":1,"icon":"0A33EA93-739C-4AEC-9B53-2B43B5ADF1A9","captionKeys":["0_CATEGORY_NAME_CAPTION_KEY","name"]},{"id":2,"name":"indicator","labels":["indicator"],"properties":[{"name":"id","exclude":false,"dataType":"bigint"},{"name":"indicator","exclude":false,"dataType":"string"},{"name":"type","exclude":false,"dataType":"string"},{"name":"title","exclude":false,"dataType":"string"},{"name":"content","exclude":false,"dataType":"string"},{"name":"is_active","exclude":false,"dataType":"bigint"},{"name":"create_time","exclude":false,"dataType":"string"},{"name":"description","exclude":false,"dataType":"string"},{"name":"url","exclude":false,"dataType":"string"}],"createdAt":1676614695883,"lastEditedAt":1676634532320,"color":"#C990C0","size":1,"icon":"no-icon","captionKeys":["0_CATEGORY_NAME_CAPTION_KEY","indicator"],"styleRules":[{"id":"rule:1676631972967","type":"unique-values","size":1,"minSize":1,"maxSize":2,"minColor":"#D5EEE2","midColor":"#81CCA8","maxColor":"#428C6A","minPoint":"unprocessed","maxPoint":"unprocessed","applyColor":true,"applySize":false,"applyCaption":false,"captionKeys":["0_CATEGORY_NAME_CAPTION_KEY"],"color":"#8DCC93","isTimeZoneConvertEnabled":false,"selectedTimeZone":"Z","basedOn":"type_string","valuesMapper":[{"value":"CVE","color":"#FFE081","hasMore":false},{"value":"FileHash-MD5","color":"#C990C0","hasMore":false},{"value":"FileHash-SHA1","color":"#F79767","hasMore":false},{"value":"FileHash-SHA256","color":"#57C7E3","hasMore":false},{"value":"URL","color":"#F16667","hasMore":false},{"value":"domain","color":"#D9C8AE","hasMore":false},{"value":"hostname","color":"#8DCC93","hasMore":false},{"value":"YARA","color":"#ECB5C9","hasMore":false}],"existingValues":["CVE","FileHash-MD5","FileHash-SHA1","FileHash-SHA256","URL","domain","hostname","YARA"],"conditionValue":null,"rangeValue":null}]},{"id":3,"name":"pulse_collection","labels":["pulse_collection"],"properties":[{"name":"indicator","exclude":false,"dataType":"bigint"},{"name":"count","exclude":false,"dataType":"bigint"}],"createdAt":1676614695883,"lastEditedAt":1676614695883,"color":"#F79767","size":1,"icon":"no-icon","captionKeys":["0_CATEGORY_NAME_CAPTION_KEY","count"]},{"id":5,"name":"indicator_collection","labels":["indicator_collection"],"properties":[{"name":"pulse_id","exclude":false,"dataType":"string"},{"name":"type","exclude":false,"dataType":"string"},{"name":"count","exclude":false,"dataType":"bigint"}],"createdAt":1676621155206,"lastEditedAt":1676621155206,"color":"#F16667","size":1,"icon":"no-icon","captionKeys":["0_CATEGORY_NAME_CAPTION_KEY","count","type"],"styleRules":[{"id":"rule:1676627085600","type":"range","size":0.9595959595959596,"minSize":0.5,"maxSize":4,"minColor":"#D5EEE2","midColor":"#81CCA8","maxColor":"#428C6A","minPoint":"1","maxPoint":"18","applyColor":false,"applySize":true,"applyCaption":false,"captionKeys":["0_CATEGORY_NAME_CAPTION_KEY"],"color":"#FFE081","isTimeZoneConvertEnabled":false,"selectedTimeZone":"Z","basedOn":"count_bigint","valuesMapper":[],"existingValues":[],"maxSizeValue":"100","maxColorValue":"18","minSizeValue":"1","minColorValue":"1","conditionValue":1,"rangeValue":19,"condition":"between"}]}],"labels":{"pulse":[{"propertyKey":"id","type":"pulse","dataType":"string"},{"propertyKey":"create_time","type":"pulse","dataType":"string"},{"propertyKey":"name","type":"pulse","dataType":"string"},{"propertyKey":"description","type":"pulse","dataType":"string"}],"indicator":[{"propertyKey":"title","type":"indicator","dataType":"string"},{"propertyKey":"content","type":"indicator","dataType":"string"},{"propertyKey":"id","type":"indicator","dataType":"bigint"},{"propertyKey":"indicator","type":"indicator","dataType":"string"},{"propertyKey":"type","type":"indicator","dataType":"string"}],"pulse_collection":[{"propertyKey":"indicator","type":"pulse_collection","dataType":"bigint"},{"propertyKey":"count","type":"pulse_collection","dataType":"bigint"}],"indicator_collection":[{"propertyKey":"pulse_id","type":"indicator_collection","dataType":"string"},{"propertyKey":"type","type":"indicator_collection","dataType":"string"},{"propertyKey":"count","type":"indicator_collection","dataType":"bigint"}],"malware_family":[],"reference":[],"country":[],"attack":[],"tag":[],"type":[]},"relationshipTypes":[{"id":"HAS_PULSES","name":"HAS_PULSES","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"]},{"id":"HAS_PULSE","name":"HAS_PULSE","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"]},{"id":"HAS_INDICATORS","name":"HAS_INDICATORS","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"]},{"id":"HAS_INDICATOR","name":"HAS_INDICATOR","properties":[],"color":"#848484","size":1,"captionKeys":["0_REL_TYPE_CAPTION_KEY"]}],"palette":{"colors":["#FFE081","#C990C0","#F79767","#57C7E3","#F16667","#D9C8AE","#8DCC93","#ECB5C9","#4C8EDA","#FFC454","#DA7194","#569480","#848484","#D9D9D9"],"currentIndex":6},"createdAt":1676614695810,"lastEditedAt":1676614695810,"templates":[{"name":"Search for CVE-yyyy-xxxx","id":"tmpl:1676635498069","createdAt":1676635498069,"text":"Search for CVE-$search","cypher":"CALL apoc.load.json(\n 'https://otx.alienvault.com/api/v1/indicator/cve' + '/CVE-' + toUpper($search)\n) YIELD value\nWITH value\nMERGE (i:indicator{id:value.base_indicator.id})\nON CREATE SET i.indicator = value.base_indicator.indicator, i.type = value.base_indicator.type, \n i.title = value.base_indicator.title, i.content = value.base_indicator.content\nMERGE (pc:pulse_collection{indicator:value.base_indicator.id}) \n SET pc.count = value.pulse_info.count\nMERGE (i) -[r1:HAS_PULSES]-> (pc)\nWITH i, r1, pc, value.pulse_info.pulses AS pulses\nUNWIND pulses AS pulse\nMERGE (pl:pulse{id:pulse.id})\nON CREATE SET pl.name = pulse.name, pl.create_time = pulse.created, pl.name = pulse.name, pl.description = pulse.description\nMERGE (pc) -[r2:HAS_PULSE]-> (pl)\nRETURN i,pc,pl,r1,r2;","isUpdateQuery":null,"params":[{"name":"$search","dataType":"String","collapsed":false,"suggestionLabel":null,"suggestionProp":null,"suggestionBoolean":false,"cypher":null}],"hasCypherErrors":false},{"name":"Search phrase that returns a sample of your data","id":"tmpl:1676614696239","createdAt":1676614696240,"text":"Show me a graph","cypher":"MATCH p=()-->() RETURN p LIMIT 100","isUpdateQuery":null,"params":[]}],"sceneActions":[{"name":"Get related IPs","id":"d7685d70-aeb8-11ed-8242-118bf6a9b5c1","createdAt":1676634442954,"cypher":"MATCH (p:indicator) \nWHERE id(p) IN $nodes\nWITH p, CASE WHEN p.type = 'domain' THEN 'https://otx.alienvault.com/api/v1/indicators/domain/' + p.indicator + '/url_list' \n WHEN p.type = 'hostname' THEN 'https://otx.alienvault.com/api/v1/indicators/hostname/' + p.indicator + '/url_list'\n END AS url\nCALL apoc.load.json(\n url\n) YIELD value\nWITH p, value\nMERGE (icollection:indicator_collection{pulse_id:p.id, type:'ipv4'})\n ON CREATE SET icollection.count = value.actual_size\nMERGE (p) -[r1:HAS_INDICATORS]-> (icollection)\nWITH p, r1, icollection, value, value.url_list AS urls\nUNWIND urls AS url\nMERGE (ind:indicator{indicator:coalesce(url.result.urlworker.ip, url.url)})\n ON CREATE SET ind.type = 'ipv4', ind.id = round(rand() * -10000000000), ind.url = url.url\nMERGE (icollection) -[r2:HAS_INDICATOR]-> (ind)\nRETURN p, icollection, ind, r1, r2; \n","isUpdateQuery":null,"categories":[2],"relationshipTypes":null,"hasCypherErrors":false},{"name":"Get pulse info","id":"2ea9a3b0-ae8b-11ed-8242-118bf6a9b5c1","createdAt":1676614832492,"cypher":"MATCH (p:pulse) \nWHERE id(p) IN $nodes\nWITH p\nCALL apoc.load.json(\n 'https://otx.alienvault.com/api/v1/pulses' + '/' + p.id\n) YIELD value\nWITH p, value.indicators AS indicators\nUNWIND indicators AS ind\nMERGE (id:indicator{id:ind.id})\n ON CREATE SET id.title = ind.title, id.is_active = ind.is_active, \n id.indicator = ind.indicator, id.create_time = ind.created,\n id.content = ind.content, id.description = ind.description,\n id.type = ind.type\nMERGE (icollection:indicator_collection{pulse_id:p.id, type:ind.type})\n ON CREATE SET icollection.count = 1\n ON MATCH SET icollection.count = icollection.count + 1\nMERGE (p) -[r1:HAS_INDICATORS]-> (icollection)\nMERGE (icollection) -[r2:HAS_INDICATOR]-> (id)\nRETURN p, id, icollection, r1, r2; ","isUpdateQuery":null,"categories":[1,2],"relationshipTypes":null,"hasCypherErrors":false}],"hiddenRelationshipTypes":[],"hiddenCategories":[],"hideUncategorisedData":false,"isAuto":false,"parentPerspectiveId":null,"metadata":{"pathSegments":[{"source":"indicator","relationshipType":"HAS_PULSES","target":"pulse_collection"},{"source":"pulse","relationshipType":"HAS_INDICATORS","target":"indicator_collection"},{"source":"pulse_collection","relationshipType":"HAS_PULSE","target":"pulse"},{"source":"indicator_collection","relationshipType":"HAS_INDICATOR","target":"indicator"}],"indexes":[{"label":"reference","type":"native","propertyKeys":[{"key":"url","metadataProp":false}]},{"label":"indicator","type":"native","propertyKeys":[{"key":"indicator","metadataProp":false},{"key":"id","metadataProp":false},{"key":"title","metadataProp":true},{"key":"content","metadataProp":true},{"key":"type","metadataProp":true}]},{"label":"tag","type":"native","propertyKeys":[{"key":"name","metadataProp":false}]},{"label":"malware_family","type":"native","propertyKeys":[{"key":"id","metadataProp":false}]},{"label":"pulse_collection","type":"native","propertyKeys":[{"key":"indicator","metadataProp":false},{"key":"count","metadataProp":true}]},{"label":"pulse","type":"native","propertyKeys":[{"key":"id","metadataProp":false},{"key":"is","metadataProp":false},{"key":"create_time","metadataProp":true},{"key":"name","metadataProp":true},{"key":"description","metadataProp":true}]},{"label":"type","type":"native","propertyKeys":[{"key":"name","metadataProp":false}]},{"label":"country","type":"native","propertyKeys":[{"key":"name","metadataProp":false}]},{"label":"attack","type":"native","propertyKeys":[{"key":"id","metadataProp":false}]},{"label":null,"type":"native","propertyKeys":[]},{"label":"indicator_collection","type":"native","isMetadataPropIndex":true,"propertyKeys":[{"key":"pulse_id","metadataProp":true},{"key":"type","metadataProp":true},{"key":"count","metadataProp":true}]}],"stats":{"labels":{},"relationshipTypes":{"HAS_INDICATOR":587,"HAS_INDICATORS":27,"HAS_PULSE":107,"HAS_PULSES":3}}},"version":"2.6.1"}