superducktoes · June 24, 2024 18:17
diff --git a/greynoise_country_dashboard.xml b/greynoise_country_dashboard.xml
 <form version="1.1">
  <label>Country Report</label>
  <fieldset submitButton="false">
    <input type="dropdown" token="field1" searchWhenChanged="true">
      <label>Country</label>
      <fieldForLabel>source_country</fieldForLabel>
      <fieldForValue>source_country</fieldForValue>
      <search>
        <query>|inputlookup greynoise_indicators_collection| dedup source_country | table source_country | sort  source_country</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <choice value="*">All</choice>
    </input>
    <input type="dropdown" token="field2">
      <label>Classification</label>
      <choice value="*">All</choice>
      <choice value="malicious">malicious</choice>
      <choice value="unknown">unknown</choice>
      <default>*</default>
    </input>
    <input type="dropdown" token="field3">
      <label>OS</label>
      <search>
        <query/>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
      <choice value="*">All</choice>
      <choice value="Windows*">Windows</choice>
      <choice value="Linux*">Linux</choice>
      <choice value="*Embedded*">Embedded</choice>
      <choice value="Free BSD*">FreeBSD</choice>
      <default>*</default>
    </input>
    <input type="dropdown" token="field4">
      <label>Tags</label>
      <fieldForLabel>tags</fieldForLabel>
      <fieldForValue>tags</fieldForValue>
      <search>
        <query>|inputlookup greynoise_indicators_collection | mvexpand tags | dedup tags | table tags | sort  tags</query>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </search>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Spoofable</title>
      <chart>
        <search>
          <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ | stats count by spoofable</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">pie</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="refresh.display">progressbar</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
    <panel>
      <title>Category</title>
      <chart>
        <search>
          <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$  | stats count by category</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">pie</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="refresh.display">progressbar</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
    <panel>
      <title>Dest Country Percentage</title>
      <single>
        <search>
          <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" | fields destination_countries | mvexpand destination_countries | dedup destination_countries | stats count(destination_countries) | rename count(destination_countries)  as count | eval total=(count/46)*100 | table total</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="colorBy">value</option>
        <option name="colorMode">none</option>
        <option name="drilldown">none</option>
        <option name="numberPrecision">0.0</option>
        <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xd41f1f","0xdc4e41"]</option>
        <option name="rangeValues">[0,30,70,100]</option>
        <option name="refresh.display">progressbar</option>
        <option name="showSparkline">1</option>
        <option name="showTrendIndicator">1</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
        <option name="trendColorInterpretation">standard</option>
        <option name="trendDisplayMode">absolute</option>
        <option name="unitPosition">after</option>
        <option name="useColors">1</option>
        <option name="useThousandSeparators">1</option>
      </single>
    </panel>
    <panel>
      <title>VPN Count</title>
      <single>
        <search>
          <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ vpn=true | stats count(*)</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="colorBy">value</option>
        <option name="colorMode">none</option>
        <option name="drilldown">none</option>
        <option name="numberPrecision">0</option>
        <option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option>
        <option name="rangeValues">[0,30,70,100]</option>
        <option name="refresh.display">progressbar</option>
        <option name="showSparkline">1</option>
        <option name="showTrendIndicator">1</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
        <option name="trendColorInterpretation">standard</option>
        <option name="trendDisplayMode">absolute</option>
        <option name="unitPosition">after</option>
        <option name="useColors">0</option>
        <option name="useThousandSeparators">1</option>
      </single>
    </panel>
    <panel>
      <title>Tor Exit Nodes</title>
      <single>
        <search>
          <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ tor=true | stats count(*)</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="drilldown">none</option>
        <option name="refresh.display">progressbar</option>
      </single>
    </panel>
  </row>
  <row>
    <panel>
      <title>Destination Scans</title>
      <map>
        <search>
          <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ | mvexpand destination_countries | stats count by destination_countries | geom geo_countries featureIdField="destination_countries"</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="drilldown">none</option>
        <option name="mapping.choroplethLayer.colorBins">5</option>
        <option name="mapping.choroplethLayer.colorMode">auto</option>
        <option name="mapping.choroplethLayer.maximumColor">0xaf575a</option>
        <option name="mapping.choroplethLayer.minimumColor">0x62b3b2</option>
        <option name="mapping.choroplethLayer.neutralPoint">0</option>
        <option name="mapping.choroplethLayer.shapeOpacity">0.75</option>
        <option name="mapping.choroplethLayer.showBorder">1</option>
        <option name="mapping.data.maxClusters">100</option>
        <option name="mapping.legend.placement">bottomright</option>
        <option name="mapping.map.center">(0,0)</option>
        <option name="mapping.map.panning">1</option>
        <option name="mapping.map.scrollZoom">0</option>
        <option name="mapping.map.zoom">2</option>
        <option name="mapping.markerLayer.markerMaxSize">50</option>
        <option name="mapping.markerLayer.markerMinSize">10</option>
        <option name="mapping.markerLayer.markerOpacity">0.8</option>
        <option name="mapping.showTiles">1</option>
        <option name="mapping.tileLayer.maxZoom">7</option>
        <option name="mapping.tileLayer.minZoom">0</option>
        <option name="mapping.tileLayer.tileOpacity">1</option>
        <option name="mapping.type">choropleth</option>
        <option name="refresh.display">progressbar</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </map>
    </panel>
  </row>
  <row>
    <panel>
      <title>Rare rdns</title>
      <table>
        <search>
          <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ | rex field=rdns "(?&lt;dest_host&gt;\.[A-z0-9]+\.[A-z0-9]+)$$" | where NOT match(dest_host,"\d+$$") | search dest_host!=""| rare limit=500 dest_host | table dest_host</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">10</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">none</option>
        <option name="percentagesRow">false</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
    <panel>
      <title>CVE's</title>
      <chart>
        <search>
          <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ cve!="" | mvexpand cve | stats count by cve | sort -count</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">pie</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">none</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">0</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="refresh.display">progressbar</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
    <panel>
      <title>Tags</title>
      <table>
        <search>
          <query>|inputlookup greynoise_indicators_collection| search source_country="$field1$" classification=$field2$ os=$field3$ tags!="" | mvexpand tags | stats count by tags | sort - count</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">10</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">none</option>
        <option name="percentagesRow">false</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <title>Top Organizations</title>
      <chart>
        <search>
          <query>|inputlookup greynoise_indicators_collection | search source_country="$field1$" classification=$field2$ os=$field3$ organization!="" | stats count by organization | head 20 | sort - count</query>
          <earliest>-24h@h</earliest>
          <latest>now</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
        <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
        <option name="charting.axisTitleX.visibility">visible</option>
        <option name="charting.axisTitleY.visibility">visible</option>
        <option name="charting.axisTitleY2.visibility">visible</option>
        <option name="charting.axisX.abbreviation">none</option>
        <option name="charting.axisX.scale">linear</option>
        <option name="charting.axisY.abbreviation">none</option>
        <option name="charting.axisY.scale">linear</option>
        <option name="charting.axisY2.abbreviation">none</option>
        <option name="charting.axisY2.enabled">0</option>
        <option name="charting.axisY2.scale">inherit</option>
        <option name="charting.chart">column</option>
        <option name="charting.chart.bubbleMaximumSize">50</option>
        <option name="charting.chart.bubbleMinimumSize">10</option>
        <option name="charting.chart.bubbleSizeBy">area</option>
        <option name="charting.chart.nullValueMode">gaps</option>
        <option name="charting.chart.showDataLabels">minmax</option>
        <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
        <option name="charting.chart.stackMode">default</option>
        <option name="charting.chart.style">shiny</option>
        <option name="charting.drilldown">none</option>
        <option name="charting.layout.splitSeries">1</option>
        <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
        <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
        <option name="charting.legend.mode">standard</option>
        <option name="charting.legend.placement">right</option>
        <option name="charting.lineWidth">2</option>
        <option name="refresh.display">progressbar</option>
        <option name="trellis.enabled">0</option>
        <option name="trellis.scales.shared">1</option>
        <option name="trellis.size">medium</option>
      </chart>
    </panel>
  </row>
 </form>
	<form version="1.1">
	<label>Country Report</label>
	<fieldset submitButton="false">
	<input type="dropdown" token="field1" searchWhenChanged="true">
	<label>Country</label>
	<fieldForLabel>source_country</fieldForLabel>
	<fieldForValue>source_country</fieldForValue>
	<search>
	<query>\|inputlookup greynoise_indicators_collection\| dedup source_country \| table source_country \| sort source_country</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	</search>
	<choice value="*">All</choice>
	</input>
	<input type="dropdown" token="field2">
	<label>Classification</label>
	<choice value="*">All</choice>
	<choice value="malicious">malicious</choice>
	<choice value="unknown">unknown</choice>
	<default>*</default>
	</input>
	<input type="dropdown" token="field3">
	<label>OS</label>
	<search>
	<query/>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	</search>
	<choice value="*">All</choice>
	<choice value="Windows*">Windows</choice>
	<choice value="Linux*">Linux</choice>
	<choice value="Embedded">Embedded</choice>
	<choice value="Free BSD*">FreeBSD</choice>
	<default>*</default>
	</input>
	<input type="dropdown" token="field4">
	<label>Tags</label>
	<fieldForLabel>tags</fieldForLabel>
	<fieldForValue>tags</fieldForValue>
	<search>
	<query>\|inputlookup greynoise_indicators_collection \| mvexpand tags \| dedup tags \| table tags \| sort tags</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	</search>
	</input>
	</fieldset>
	<row>
	<panel>
	<title>Spoofable</title>
	<chart>
	<search>
	<query>\|inputlookup greynoise_indicators_collection \| search source_country="$field1$" classification=$field2$ os=$field3$ \| stats count by spoofable</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	<sampleRatio>1</sampleRatio>
	</search>
	<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
	<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
	<option name="charting.axisTitleX.visibility">visible</option>
	<option name="charting.axisTitleY.visibility">visible</option>
	<option name="charting.axisTitleY2.visibility">visible</option>
	<option name="charting.axisX.abbreviation">none</option>
	<option name="charting.axisX.scale">linear</option>
	<option name="charting.axisY.abbreviation">none</option>
	<option name="charting.axisY.scale">linear</option>
	<option name="charting.axisY2.abbreviation">none</option>
	<option name="charting.axisY2.enabled">0</option>
	<option name="charting.axisY2.scale">inherit</option>
	<option name="charting.chart">pie</option>
	<option name="charting.chart.bubbleMaximumSize">50</option>
	<option name="charting.chart.bubbleMinimumSize">10</option>
	<option name="charting.chart.bubbleSizeBy">area</option>
	<option name="charting.chart.nullValueMode">gaps</option>
	<option name="charting.chart.showDataLabels">none</option>
	<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
	<option name="charting.chart.stackMode">default</option>
	<option name="charting.chart.style">shiny</option>
	<option name="charting.drilldown">none</option>
	<option name="charting.layout.splitSeries">0</option>
	<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
	<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
	<option name="charting.legend.mode">standard</option>
	<option name="charting.legend.placement">right</option>
	<option name="charting.lineWidth">2</option>
	<option name="refresh.display">progressbar</option>
	<option name="trellis.enabled">0</option>
	<option name="trellis.scales.shared">1</option>
	<option name="trellis.size">medium</option>
	</chart>
	</panel>
	<panel>
	<title>Category</title>
	<chart>
	<search>
	<query>\|inputlookup greynoise_indicators_collection \| search source_country="$field1$" classification=$field2$ os=$field3$ \| stats count by category</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	<sampleRatio>1</sampleRatio>
	</search>
	<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
	<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
	<option name="charting.axisTitleX.visibility">visible</option>
	<option name="charting.axisTitleY.visibility">visible</option>
	<option name="charting.axisTitleY2.visibility">visible</option>
	<option name="charting.axisX.abbreviation">none</option>
	<option name="charting.axisX.scale">linear</option>
	<option name="charting.axisY.abbreviation">none</option>
	<option name="charting.axisY.scale">linear</option>
	<option name="charting.axisY2.abbreviation">none</option>
	<option name="charting.axisY2.enabled">0</option>
	<option name="charting.axisY2.scale">inherit</option>
	<option name="charting.chart">pie</option>
	<option name="charting.chart.bubbleMaximumSize">50</option>
	<option name="charting.chart.bubbleMinimumSize">10</option>
	<option name="charting.chart.bubbleSizeBy">area</option>
	<option name="charting.chart.nullValueMode">gaps</option>
	<option name="charting.chart.showDataLabels">none</option>
	<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
	<option name="charting.chart.stackMode">default</option>
	<option name="charting.chart.style">shiny</option>
	<option name="charting.drilldown">none</option>
	<option name="charting.layout.splitSeries">0</option>
	<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
	<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
	<option name="charting.legend.mode">standard</option>
	<option name="charting.legend.placement">right</option>
	<option name="charting.lineWidth">2</option>
	<option name="refresh.display">progressbar</option>
	<option name="trellis.enabled">0</option>
	<option name="trellis.scales.shared">1</option>
	<option name="trellis.size">medium</option>
	</chart>
	</panel>
	<panel>
	<title>Dest Country Percentage</title>
	<single>
	<search>
	<query>\|inputlookup greynoise_indicators_collection \| search source_country="$field1$" \| fields destination_countries \| mvexpand destination_countries \| dedup destination_countries \| stats count(destination_countries) \| rename count(destination_countries) as count \| eval total=(count/46)*100 \| table total</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	<sampleRatio>1</sampleRatio>
	</search>
	<option name="colorBy">value</option>
	<option name="colorMode">none</option>
	<option name="drilldown">none</option>
	<option name="numberPrecision">0.0</option>
	<option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xd41f1f","0xdc4e41"]</option>
	<option name="rangeValues">[0,30,70,100]</option>
	<option name="refresh.display">progressbar</option>
	<option name="showSparkline">1</option>
	<option name="showTrendIndicator">1</option>
	<option name="trellis.enabled">0</option>
	<option name="trellis.scales.shared">1</option>
	<option name="trellis.size">medium</option>
	<option name="trendColorInterpretation">standard</option>
	<option name="trendDisplayMode">absolute</option>
	<option name="unitPosition">after</option>
	<option name="useColors">1</option>
	<option name="useThousandSeparators">1</option>
	</single>
	</panel>
	<panel>
	<title>VPN Count</title>
	<single>
	<search>
	<query>\|inputlookup greynoise_indicators_collection \| search source_country="$field1$" classification=$field2$ os=$field3$ vpn=true \| stats count(*)</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	<sampleRatio>1</sampleRatio>
	</search>
	<option name="colorBy">value</option>
	<option name="colorMode">none</option>
	<option name="drilldown">none</option>
	<option name="numberPrecision">0</option>
	<option name="rangeColors">["0x53a051","0x0877a6","0xf8be34","0xf1813f","0xdc4e41"]</option>
	<option name="rangeValues">[0,30,70,100]</option>
	<option name="refresh.display">progressbar</option>
	<option name="showSparkline">1</option>
	<option name="showTrendIndicator">1</option>
	<option name="trellis.enabled">0</option>
	<option name="trellis.scales.shared">1</option>
	<option name="trellis.size">medium</option>
	<option name="trendColorInterpretation">standard</option>
	<option name="trendDisplayMode">absolute</option>
	<option name="unitPosition">after</option>
	<option name="useColors">0</option>
	<option name="useThousandSeparators">1</option>
	</single>
	</panel>
	<panel>
	<title>Tor Exit Nodes</title>
	<single>
	<search>
	<query>\|inputlookup greynoise_indicators_collection \| search source_country="$field1$" classification=$field2$ os=$field3$ tor=true \| stats count(*)</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	<sampleRatio>1</sampleRatio>
	</search>
	<option name="drilldown">none</option>
	<option name="refresh.display">progressbar</option>
	</single>
	</panel>
	</row>
	<row>
	<panel>
	<title>Destination Scans</title>
	<map>
	<search>
	<query>\|inputlookup greynoise_indicators_collection \| search source_country="$field1$" classification=$field2$ os=$field3$ \| mvexpand destination_countries \| stats count by destination_countries \| geom geo_countries featureIdField="destination_countries"</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	<sampleRatio>1</sampleRatio>
	</search>
	<option name="drilldown">none</option>
	<option name="mapping.choroplethLayer.colorBins">5</option>
	<option name="mapping.choroplethLayer.colorMode">auto</option>
	<option name="mapping.choroplethLayer.maximumColor">0xaf575a</option>
	<option name="mapping.choroplethLayer.minimumColor">0x62b3b2</option>
	<option name="mapping.choroplethLayer.neutralPoint">0</option>
	<option name="mapping.choroplethLayer.shapeOpacity">0.75</option>
	<option name="mapping.choroplethLayer.showBorder">1</option>
	<option name="mapping.data.maxClusters">100</option>
	<option name="mapping.legend.placement">bottomright</option>
	<option name="mapping.map.center">(0,0)</option>
	<option name="mapping.map.panning">1</option>
	<option name="mapping.map.scrollZoom">0</option>
	<option name="mapping.map.zoom">2</option>
	<option name="mapping.markerLayer.markerMaxSize">50</option>
	<option name="mapping.markerLayer.markerMinSize">10</option>
	<option name="mapping.markerLayer.markerOpacity">0.8</option>
	<option name="mapping.showTiles">1</option>
	<option name="mapping.tileLayer.maxZoom">7</option>
	<option name="mapping.tileLayer.minZoom">0</option>
	<option name="mapping.tileLayer.tileOpacity">1</option>
	<option name="mapping.type">choropleth</option>
	<option name="refresh.display">progressbar</option>
	<option name="trellis.enabled">0</option>
	<option name="trellis.scales.shared">1</option>
	<option name="trellis.size">medium</option>
	</map>
	</panel>
	</row>
	<row>
	<panel>
	<title>Rare rdns</title>
	<table>
	<search>
	<query>\|inputlookup greynoise_indicators_collection \| search source_country="$field1$" classification=$field2$ os=$field3$ \| rex field=rdns "(?<dest_host>\.[A-z0-9]+\.[A-z0-9]+)$$" \| where NOT match(dest_host,"\d+$$") \| search dest_host!=""\| rare limit=500 dest_host \| table dest_host</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	<sampleRatio>1</sampleRatio>
	</search>
	<option name="count">10</option>
	<option name="dataOverlayMode">none</option>
	<option name="drilldown">none</option>
	<option name="percentagesRow">false</option>
	<option name="refresh.display">progressbar</option>
	<option name="rowNumbers">false</option>
	<option name="totalsRow">false</option>
	<option name="wrap">true</option>
	</table>
	</panel>
	<panel>
	<title>CVE's</title>
	<chart>
	<search>
	<query>\|inputlookup greynoise_indicators_collection \| search source_country="$field1$" classification=$field2$ os=$field3$ cve!="" \| mvexpand cve \| stats count by cve \| sort -count</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	<sampleRatio>1</sampleRatio>
	</search>
	<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
	<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
	<option name="charting.axisTitleX.visibility">visible</option>
	<option name="charting.axisTitleY.visibility">visible</option>
	<option name="charting.axisTitleY2.visibility">visible</option>
	<option name="charting.axisX.abbreviation">none</option>
	<option name="charting.axisX.scale">linear</option>
	<option name="charting.axisY.abbreviation">none</option>
	<option name="charting.axisY.scale">linear</option>
	<option name="charting.axisY2.abbreviation">none</option>
	<option name="charting.axisY2.enabled">0</option>
	<option name="charting.axisY2.scale">inherit</option>
	<option name="charting.chart">pie</option>
	<option name="charting.chart.bubbleMaximumSize">50</option>
	<option name="charting.chart.bubbleMinimumSize">10</option>
	<option name="charting.chart.bubbleSizeBy">area</option>
	<option name="charting.chart.nullValueMode">gaps</option>
	<option name="charting.chart.showDataLabels">none</option>
	<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
	<option name="charting.chart.stackMode">default</option>
	<option name="charting.chart.style">shiny</option>
	<option name="charting.drilldown">none</option>
	<option name="charting.layout.splitSeries">0</option>
	<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
	<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
	<option name="charting.legend.mode">standard</option>
	<option name="charting.legend.placement">right</option>
	<option name="charting.lineWidth">2</option>
	<option name="refresh.display">progressbar</option>
	<option name="trellis.enabled">0</option>
	<option name="trellis.scales.shared">1</option>
	<option name="trellis.size">medium</option>
	</chart>
	</panel>
	<panel>
	<title>Tags</title>
	<table>
	<search>
	<query>\|inputlookup greynoise_indicators_collection\| search source_country="$field1$" classification=$field2$ os=$field3$ tags!="" \| mvexpand tags \| stats count by tags \| sort - count</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	<sampleRatio>1</sampleRatio>
	</search>
	<option name="count">10</option>
	<option name="dataOverlayMode">none</option>
	<option name="drilldown">none</option>
	<option name="percentagesRow">false</option>
	<option name="refresh.display">progressbar</option>
	<option name="rowNumbers">false</option>
	<option name="totalsRow">false</option>
	<option name="wrap">true</option>
	</table>
	</panel>
	</row>
	<row>
	<panel>
	<title>Top Organizations</title>
	<chart>
	<search>
	<query>\|inputlookup greynoise_indicators_collection \| search source_country="$field1$" classification=$field2$ os=$field3$ organization!="" \| stats count by organization \| head 20 \| sort - count</query>
	<earliest>-24h@h</earliest>
	<latest>now</latest>
	<sampleRatio>1</sampleRatio>
	</search>
	<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
	<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
	<option name="charting.axisTitleX.visibility">visible</option>
	<option name="charting.axisTitleY.visibility">visible</option>
	<option name="charting.axisTitleY2.visibility">visible</option>
	<option name="charting.axisX.abbreviation">none</option>
	<option name="charting.axisX.scale">linear</option>
	<option name="charting.axisY.abbreviation">none</option>
	<option name="charting.axisY.scale">linear</option>
	<option name="charting.axisY2.abbreviation">none</option>
	<option name="charting.axisY2.enabled">0</option>
	<option name="charting.axisY2.scale">inherit</option>
	<option name="charting.chart">column</option>
	<option name="charting.chart.bubbleMaximumSize">50</option>
	<option name="charting.chart.bubbleMinimumSize">10</option>
	<option name="charting.chart.bubbleSizeBy">area</option>
	<option name="charting.chart.nullValueMode">gaps</option>
	<option name="charting.chart.showDataLabels">minmax</option>
	<option name="charting.chart.sliceCollapsingThreshold">0.01</option>
	<option name="charting.chart.stackMode">default</option>
	<option name="charting.chart.style">shiny</option>
	<option name="charting.drilldown">none</option>
	<option name="charting.layout.splitSeries">1</option>
	<option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
	<option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
	<option name="charting.legend.mode">standard</option>
	<option name="charting.legend.placement">right</option>
	<option name="charting.lineWidth">2</option>
	<option name="refresh.display">progressbar</option>
	<option name="trellis.enabled">0</option>
	<option name="trellis.scales.shared">1</option>
	<option name="trellis.size">medium</option>
	</chart>
	</panel>
	</row>
	</form>