<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <title>Indicators lookup</title> <link rel="shortcut icon" href="/en-US/static/@4EAB67D171EF0F268537B07472A600B957BA5791405CEF63525C4E27D3E44D74/img/favicon.ico" /> <link rel="stylesheet" type="text/css" href="{{SPLUNKWEB_URL_PREFIX}}/static/build/css/bootstrap-enterprise.css" /> <link rel="stylesheet" type="text/css" href="{{SPLUNKWEB_URL_PREFIX}}/static/build/css/splunkjs-dashboard.css" /> <meta name="referrer" content="never" /> <meta name="referrer" content="no-referrer" /> <script> (function () { window._splunk_metrics_events = []; window._splunk_metrics_events.active = true; function onLoadSwa() { new SWA({"deploymentID": "38255b58-9e6d-5dfa-8d85-b49d0a12bf26", "userID": "88dc5753653ca0684944db586ae6839c9919d788bf6408b4cca2a8e79949adac", "version": "4", "instanceGUID": "2255A6A4-6BBF-4F0C-8DE8-ABF5E956C44B", "visibility": "anonymous,support", "url": "https://e1345286.api.splkmobile.com/1.0/e1345286"}); }; document.addEventListener("DOMContentLoaded", function(event) { var s = document.createElement('script'); s.type = 'text/javascript'; s.async = true; s.src='/en-US/static/app/splunk_instrumentation/build/pages/swa.js'; s.addEventListener('load', onLoadSwa); var x = document.getElementsByTagName('script')[0]; x.parentNode.insertBefore(s, x); }); }()); </script> </head> <body class="simplexml preload locale-en" data-splunk-version="8.0.2.1" data-splunk-product="enterprise"> <!-- BEGIN LAYOUT This section contains the layout for the dashboard. Splunk uses proprietary styles in <div> tags, similar to Bootstrap's grid system. --> <header> <a aria-label="Screen reader users, click here to skip the navigation bar" class="navSkip" href="#navSkip" tabIndex="1">Skip Navigation &gt;</a> <div class="header splunk-header"> <div id="placeholder-splunk-bar"> <a href="{{SPLUNKWEB_URL_PREFIX}}/app/launcher/home" class="brand" title="splunk &gt; listen to your data">splunk<strong>&gt;</strong></a> </div> <div id="placeholder-app-bar"></div> </div> <a id="navSkip"></a> </header> <div class="dashboard-body container-fluid main-section-body" data-role="main"> <div class="dashboard-header clearfix"> <h2>Indicators lookup</h2> </div> <div class="fieldset"> <div> <legend><b>Kaspersky CyberTrace connection settings</b></legend> <div class="kl-panel-body"> <div class="input input-text" id="settings-ct-host"> <label>Kaspersky CyberTrace address</label> </div> <div class="input input-text" id="settings-ct-port"> <label>Kaspersky CyberTrace port</label> </div> </div> </div> <div></div> <div id="input1" class="html"> <div class="fieldset"> <legend><b>Kaspersky CyberTrace lookup indicator</b></legend> <div class="panel-body html"> <p>Enter indicator, that you want to lookup in the Kaspersky CyberTrace</p> </div> </div> <div class="input input-text" id="input2"> <label>Indicator</label> </div> <div class="form-submit" id="search_btn"> <button class="btn btn-primary submit">Lookup</button> </div> </div> </div> <div id="row1" class="dashboard-row dashboard-row1"> <div id="panel1" class="dashboard-cell" style="width: 100%;"> <div class="dashboard-panel clearfix"> <div class="panel-element-row"> <div id="element1" class="dashboard-element table" style="width: 100%"> <div class="panel-head"> <h3>Matching events</h3> </div> <div class="panel-body"></div> </div> </div> </div> </div> </div> </div> <!-- END LAYOUT --> <script src="{{SPLUNKWEB_URL_PREFIX}}/config?autoload=1" crossorigin="use-credentials"></script> <script src="{{SPLUNKWEB_URL_PREFIX}}/static/js/i18n.js"></script> <script src="{{SPLUNKWEB_URL_PREFIX}}/i18ncatalog?autoload=1"></script> <script src="{{SPLUNKWEB_URL_PREFIX}}/static/build/simplexml/index.js"></script> <script type="text/javascript"> // <![CDATA[ // <![CDATA[ // // LIBRARY REQUIREMENTS // // In the require function, we include the necessary libraries and modules for // the HTML dashboard. Then, we pass variable names for these libraries and // modules as function parameters, in order. // // When you add libraries or modules, remember to retain this mapping order // between the library or module and its function parameter. You can do this by // adding to the end of these lists, as shown in the commented examples below. require([ "splunkjs/mvc", "splunkjs/mvc/utils", "splunkjs/mvc/tokenutils", "underscore", "jquery", "splunkjs/mvc/simplexml", "splunkjs/mvc/layoutview", "splunkjs/mvc/simplexml/dashboardview", "splunkjs/mvc/simplexml/dashboard/panelref", "splunkjs/mvc/simplexml/element/chart", "splunkjs/mvc/simplexml/element/event", "splunkjs/mvc/simplexml/element/html", "splunkjs/mvc/simplexml/element/list", "splunkjs/mvc/simplexml/element/map", "splunkjs/mvc/simplexml/element/single", "splunkjs/mvc/simplexml/element/table", "splunkjs/mvc/simplexml/element/visualization", "splunkjs/mvc/simpleform/formutils", "splunkjs/mvc/simplexml/eventhandler", "splunkjs/mvc/simplexml/searcheventhandler", "splunkjs/mvc/simpleform/input/dropdown", "splunkjs/mvc/simpleform/input/radiogroup", "splunkjs/mvc/simpleform/input/linklist", "splunkjs/mvc/simpleform/input/multiselect", "splunkjs/mvc/simpleform/input/checkboxgroup", "splunkjs/mvc/simpleform/input/text", "splunkjs/mvc/simpleform/input/timerange", "splunkjs/mvc/simpleform/input/submit", "splunkjs/mvc/searchmanager", "splunkjs/mvc/savedsearchmanager", "splunkjs/mvc/postprocessmanager", "splunkjs/mvc/simplexml/urltokenmodel" // Add comma-separated libraries and modules manually here, for example: // ..."splunkjs/mvc/simplexml/urltokenmodel", // "splunkjs/mvc/tokenforwarder" ], function( mvc, utils, TokenUtils, _, $, DashboardController, LayoutView, Dashboard, PanelRef, ChartElement, EventElement, HtmlElement, ListElement, MapElement, SingleElement, TableElement, VisualizationElement, FormUtils, EventHandler, SearchEventHandler, DropdownInput, RadioGroupInput, LinkListInput, MultiSelectInput, CheckboxGroupInput, TextInput, TimeRangeInput, SubmitButton, SearchManager, SavedSearchManager, PostProcessManager, UrlTokenModel // Add comma-separated parameter names here, for example: // ...UrlTokenModel, // TokenForwarder ) { var pageLoading = true; // // TOKENS // // Create token namespaces var urlTokenModel = new UrlTokenModel(); mvc.Components.registerInstance('url', urlTokenModel); var defaultTokenModel = mvc.Components.getInstance('default', {create: true}); var submittedTokenModel = mvc.Components.getInstance('submitted', {create: true}); urlTokenModel.on('url:navigate', function() { defaultTokenModel.set(urlTokenModel.toJSON()); if (!_.isEmpty(urlTokenModel.toJSON()) && !_.all(urlTokenModel.toJSON(), _.isUndefined)) { submitTokens(); } else { submittedTokenModel.clear(); } }); // Initialize tokens defaultTokenModel.set(urlTokenModel.toJSON()); function submitTokens() { // Copy the contents of the defaultTokenModel to the submittedTokenModel and urlTokenModel FormUtils.submitForm({ replaceState: pageLoading }); } function setToken(name, value) { defaultTokenModel.set(name, value); submittedTokenModel.set(name, value); } function unsetToken(name) { defaultTokenModel.unset(name); submittedTokenModel.unset(name); } setToken("run",false); // // SEARCH MANAGERS // var search1 = new SearchManager({ "id": "search1", "earliest_time": "-30d@d", "latest_time": "now", "autostart": false, "sample_ratio": null, "search": "| klsearch $indicator$ | rename _raw as DetectedEvent | table LookupIndicator, DetectedEvent", "status_buckets": 0, "cancelOnUnload": true, "app": utils.getCurrentApp(), "auto_cancel": 90, "preview": true, "tokenDependencies": { }, "runWhenTimeIsUndefined": false }, {tokens: true, tokenNamespace: "submitted"}); // // SERVICE OBJECT // // Create a service object REST request using the Splunk SDK for JavaScript var service = mvc.createService({ owner: 'nobody' }); setToken('update', false); service.get( 'storage/collections/data/kl_cybertrace_settings/', null, function(err, result) { if (err) { console.error(err); } else { if (result.data.length > 0) { setToken('update', true); setToken('_key', result.data[0]._key); setToken('KTCHost', result.data[0].KTCHost || '127.0.0.1'); setToken('KTCPort', result.data[0].KTCPort || 9999); } } }); // // SPLUNK LAYOUT // $('header').remove(); new LayoutView({"hideChrome": false, "hideSplunkBar": false, "hideAppBar": false}) .render() .getContainerElement() .appendChild($('.dashboard-body')[0]); // // DASHBOARD EDITOR // new Dashboard({ id: 'dashboard', el: $('.dashboard-body'), showTitle: true, editable: true }, {tokens: true}).render(); // // VIEWS: VISUALIZATION ELEMENTS // var element1 = new TableElement({ "id": "element1", "count": 50, "managerid": "search1", "el": $('#element1') }, {tokens: true, tokenNamespace: "submitted"}).render(); element1.on("click", function(e) { if (e.field !== undefined) { e.preventDefault(); var url = TokenUtils.replaceTokenNames("http://tip.kaspersky.com/search?searchString=$click.value$", _.extend(submittedTokenModel.toJSON(), e.data), TokenUtils.getEscaper('url'), TokenUtils.getFilters(mvc.Components)); utils.redirect(url, false, "_blank"); } }); // // VIEWS: FORM INPUTS // var settingsktcaddr = new TextInput({ "id": "settings-ct-host", "searchWhenChanged": false, "default": "127.0.0.1", "value": "$KTCHost$", "el": $('#settings-ct-host') }, {tokens: true}).render(); var settingsktcport = new TextInput({ "id": "settings-ct-port", "searchWhenChanged": false, "default": "9999", "value": "$KTCPort$", "el": $('#settings-ct-port') }, {tokens: true}).render(); var input1 = new HtmlElement({ "id": "input1", "useTokens": true, "el": $('#input1') }, {tokens: true, tokenNamespace: "submitted"}).render(); DashboardController.addReadyDep(input1.contentLoaded()); input1.on("change", function(newValue) { FormUtils.handleValueChange(input1); }); var input2 = new TextInput({ "id": "input2", "searchWhenChanged": true, "default": "", "value": "$indicator$", "el": $('#input2') }, {tokens: true}).render(); input2.on("change", function(newValue) { FormUtils.handleValueChange(input2); }); // // SUBMIT FORM DATA // var submit = new SubmitButton({ id: 'submit', el: $('#search_btn'), text: 'Lookup' }, {tokens: true}).render(); submit.on("submit", function() { var collectionEndpoint, headers, method, record, tokens; tokens = mvc.Components.getInstance('default'); if (tokens.get('KTCHost') === "" ){ alert ("Incorrect value for Kaspersky CyberTrace address"); return; } if (tokens.get('KTCPort') === "" ){ alert ("Incorrect value for Kaspersky CyberTrace port"); return; } record = { KTCHost: tokens.get('KTCHost'), KTCPort: tokens.get('KTCPort') }; /* add/update record */ headers = { 'Content-Type': 'application/json' }; if (tokens.get('update')) { collectionEndpoint = 'storage/collections/data/kl_cybertrace_settings/' + tokens.get('_key'); } else { collectionEndpoint = 'storage/collections/data/kl_cybertrace_settings'; } method = 'POST'; service.request(collectionEndpoint, method, null, null, JSON.stringify(record), headers, null) .done(function(data) { data = JSON.parse(data); if (data._key) { submitTokens(); search1.startSearch(); } else { console.error('no key returned in data', data._key); } }) .fail(function(data) { console.error(data.statusText); statusMessage('error', data.statusText); }); }); // Initialize time tokens to default if (!defaultTokenModel.has('earliest') && !defaultTokenModel.has('latest')) { defaultTokenModel.set({ earliest: '0', latest: '' }); } if (!_.isEmpty(urlTokenModel.toJSON())){ submitTokens(); } // // DASHBOARD READY // DashboardController.ready(); pageLoading = false; } ); // ]]> </script> </body> </html> ... View more