In beta: custom reports

After many request, it is finally here! The left hand menu of the GUI shows a new item: custom reports. Reports are query based. All query results you see in the GUI will be in the report too.

You can schedule reports daily, weekly or monthly. Output formats are Excel, csv, json and pdf. Note that the pdf version will switch to rows instead of columns for any output containing more than 5 columns. You can select your columns with the new keyword "table" in the query like this:

index=hosts ports=3306 | table ip  ports asn last_seen

First quirk to be solved: when you create a new report, you have to save it first before you can add email recipients.

Select your own table fields for queries and export

We’ve borrowed yet another keyword from SPL: table.

Table is a search modifier that allows you to select which fields you want to have shown in the GUI or exported in an Excel file. By default you get the fields that we think are most useful. Since “useful” depends a lot on what you are looking for you should be able to determine this yourself. Now you can. Here are a few examples:

If you want all titles on both the http and https version of your websites, try this:

   index=websites | table url https_title http_title

If you want all raw headers for your website, this query will do it:

   index=websites | table url https_headers

For a list of all nameservers specified at your domain registrar, try:

   index=whois | table domain nameservers

Proxy support for Python API module

The newversion of the Python module is now proxy aware. If you run it from an internal network and need to set a proxy, do it like this:

st = ShadowTrackr(api_key=API_KEY)
st.set_proxy(“10.0.0.1:8080”)

You can find the code on Github or just update it with:

pip install shadowtrackr —upgrade