<form>
<label>Threat Map Overview</label>
<row>
<html>
<h3>How it works</h3>
<p>This page visualizes the geo information of blacklisted IP's which have been found in your machine data. Filter down if requiered. </p>
<p>Search Command executed: </p>
<p><pre> <b>$filter$</b> | iplocation <b>$lookupfield$</b> | lookup threatscore clientip as <b>$lookupfield$</b>| where threatscore>0 | geostats count by threatscore</pre></p>
</html>
</row>
<fieldset autoRun="false" submitButton="true">
<input type="time" searchWhenChanged="true">
<default>Last 24 hours</default>
</input>
<input type="text" token="filter">
<label>Filter-Search</label>
<default>eventtype=ip_check</default>
</input>
<input type="text" token="lookupfield">
<label>IP-Address Field to lookup:</label>
<default>dst_ip</default>
</input>
</fieldset>
<row>
<map>
<title>Threat Map</title>
<searchString>$filter$ | iplocation $lookupfield$ | lookup threatscore clientip as $lookupfield$ | where threatscore>0 | geostats count by threatscore</searchString>
<option name="height">400px</option>
<!-- use custom colors -->
<option name="mapping.seriesColors">[0x5379af,0x9ac23c,0xf7902b,0x956d95,0x6ab7c7,0xd85d3c,0xfac51c,0xdd86af]</option>
<!-- adjust marker opacity and size range -->
<option name="mapping.markerLayer.markerOpacity">0.8</option>
<option name="mapping.markerLayer.markerMinSize">10</option>
<option name="mapping.markerLayer.markerMaxSize">60</option>
<!-- set initial map center and zoom level -->
<option name="mapping.map.center">(30.810646,-10.556976)</option>
<option name="mapping.map.zoom">2</option>
</map>
</row>
</form>
... View more