Fix OSINT Sweep dashboard drilldowns for HA and MalShare

ecstatic-nobel · Apr 20, 2019 · bc5f117 · bc5f117
1 parent a813a5a
commit bc5f117
Showing 1 changed file with 11 additions and 11 deletions.
diff --git a/default/data/ui/views/osintSweep.xml b/default/data/ui/views/osintSweep.xml
@@ -115,7 +115,7 @@
         <option name="refresh.display">preview</option>
         <option name="useColors">1</option>
         <drilldown>
-          <link target="_blank">/app/OSweep/urlhaus?form.group=no&amp;form.group_value=url&amp;form.group_key=payload&amp;form.ioc=$ioc$</link>
+          <link target="_blank">/app/OSweep/hybridAnalysis?form.group=no&amp;form.group_value=domain&amp;form.group_key=sha256&amp;form.ioc=$ioc$</link>
         </drilldown>
       </single>
     </panel>
@@ -137,19 +137,18 @@
         <option name="refresh.display">preview</option>
         <option name="useColors">1</option>
         <drilldown>
-          <link target="_blank">/app/OSweep/urlscan?form.group=no&amp;form.group_value=url&amp;form.group_key=ip&amp;form.ioc=$ioc$</link>
+          <link target="_blank">/app/OSweep/malshare?form.ioc=$ioc$</link>
         </drilldown>
       </single>
     </panel>
   </row>
   <row>
     <panel>
-      <title>Phishing Catcher (Score &gt; 75)</title>
+      <title>Pastebin Dump</title>
       <single>
-        <title>Scores Domains</title>
+        <title>Searches any IOC</title>
         <search>
-          <query>| phishingCatcher $ioc$ 
-| where score &gt; 75
+          <query>| psbdmp search $ioc$ 
 | search NOT ("no data"=* OR invalid=* OR error=*) 
 | stats count</query>
           <earliest>$earliest$</earliest>
@@ -162,16 +161,17 @@
         <option name="refresh.display">preview</option>
         <option name="useColors">1</option>
         <drilldown>
-          <link target="_blank">/app/OSweep/phishingCatcher?form.monitor=no&amp;form.time_range.earliest=-24h%40h&amp;form.time_range.latest=now&amp;form.ioc=$ioc$</link>
+          <link target="_blank">/app/OSweep/pastebinDump?form.ioc=$ioc$</link>
         </drilldown>
       </single>
     </panel>
     <panel>
-      <title>Pastebin Dump</title>
+      <title>Phishing Catcher (Score &gt; 75)</title>
       <single>
-        <title>Searches any IOC</title>
+        <title>Scores Domains</title>
         <search>
-          <query>| psbdmp search $ioc$ 
+          <query>| phishingCatcher $ioc$ 
+| where score &gt; 75
 | search NOT ("no data"=* OR invalid=* OR error=*) 
 | stats count</query>
           <earliest>$earliest$</earliest>
@@ -184,7 +184,7 @@
         <option name="refresh.display">preview</option>
         <option name="useColors">1</option>
         <drilldown>
-          <link target="_blank">/app/OSweep/pastebinDump?form.ioc=$ioc$</link>
+          <link target="_blank">/app/OSweep/phishingCatcher?form.monitor=no&amp;form.time_range.earliest=-24h%40h&amp;form.time_range.latest=now&amp;form.ioc=$ioc$</link>
         </drilldown>
       </single>
     </panel>