Cibervault EDR

Overview

Dashboard

Incidents

Endpoints

Entities

Detection

Dark Web

Threat Hunting

Detection Rules

UEBA

Response

Active Response

Threat Intel

SOAR

Firewall

Management

Agents

Vulnerabilities

Compliance

AI Analyst

Wazuh

Settings

Active Agents

Open Incidents

Alerts (24h)

Endpoints

Event Trend

Events over time

Severity Distribution

Alert breakdown

Top Hosts by Alerts

Most active endpoints

Event Types

Category breakdown

MITRE ATT&CK Tactics

Detection coverage

Recent Alerts

Time	Host	Event	Severity	Score	Details
🔍 No alerts yet

Agents Status

💻

No agents

Time	Host	Event	MITRE	Tactic	Rule	Severity	Score	Details

Hostname	IP	OS	Status	Last Seen	Actions

Events

Alerts

Events

Time	Type	MITRE	Rule	Severity	Score	Detail

Active Response

Command

Events (24h)

Critical/High

Auth Failures

Auth Success

Results

Time	Host	Type	MITRE ID	Tactic	Rule	Severity	Score	Details

Total

Enabled

Custom

Critical

ID	Name	MITRE	Tactic	Severity	Score	Type	Status	Actions

Resolved Entities

Alerts

Tracked Users

High Risk

Anomaly Types

User Profiles

👤

No profiles yet

Recent UEBA Alerts

Time	User	Type	Score	MITRE

🧠 AI Behavior Analysis

Loading AI baselines...

AI BEHAVIORAL PROFILES (click to investigate)

🕵 User Investigation

Enter a username to get an AI-powered compromise assessment

Total Packages

Critical CVEs

High CVEs

Last Scan

Detected Vulnerabilities

Package	Version	CVE	Severity	CVSS	Description
🛡 Click Scan Now

Score %

Grade

Passed

Failed

CIS Benchmark Results

Check ID	Title	Severity	Status	Output
Click Run Checks

Checking AI status...

🤖 AI Security Assistant

The AI has access to your live SIEM data — ask anything about your current alerts, threats, or how to respond.

Ask me anything about your security environment...

Examples:
"What are the most critical threats right now?"
"Explain what T1110 attack is happening"
"Write a PowerShell script to block IP 45.33.32.156"
"Is the suspicious port scan a false positive?"
"What should I investigate first?"

VirusTotal Key Quota (managed by Wazuh)

🔑

Loading VT quota...

AbuseIPDB + OTX Keys (Cibervault)

🔑

Enrichment Stats (24h)

Recent Threats Found

Command

Agent

Command

Output

No output yet

Automation Rules

Active Blocks

Hostname	Agent ID	OS	IP	Status	Last Seen	Actions

User	Email	Role & Permissions	Status	Last Login	Actions

Wazuh API Connection

Wazuh API URL

Username

Password

Connection Status

🔌

Not connected

Configure connection to the left

Wazuh Agents

ID	Name	IP	OS	Status	Last Seen
Connect Wazuh to see agents

Recent Wazuh Alerts

Time	Agent	Rule	Level	Description
No alerts

Integration Guide

① Enable Wazuh API

On your Wazuh manager:
systemctl status wazuh-manager

Default API port: 55000
Default user: wazuh-wui

② Forward Wazuh Alerts to Cibervault

Add to /var/ossec/etc/ossec.conf:

<integration>
  <name>custom-cibervault</name>
  <hook_url>http://CIBERVAULT_IP:8081/api/v1/wazuh/alert</hook_url>
  <level>7</level>
  <alert_format>json</alert_format>
</integration>

③ Agent Enrollment

Install Cibervault agent on Wazuh-monitored hosts to get EDR + SIEM coverage on the same endpoint.

④ Unified View

Wazuh alerts appear in Incidents page with source=wazuh tag. Cibervault EDR alerts appear in Wazuh via syslog forwarding.

🔑 Agent Enrollment

Use these credentials when installing the Cibervault agent on Windows endpoints.

SIEM Server URL

Agent Secret

Windows install command:

Server Info

Server:

SMTP Alerts

Host

Port

Username

Password

Recipients

var _navFW=document.getElementById("nav-firewall");if(_navFW)_navFW.addEventListener("click",function(){showPage("firewall");}); function showIntelTab(t){var tabs=["sessions","lateral","exfil"];for(var i=0;i

"+d.total_sessions+"

Sessions (24h)

0?"var(--crit)":"var(--low)")+"\">"+d.risky_sessions+"

Risky Sessions

0?"var(--high)":"var(--low)")+"\">"+d.lateral_chains+"

Lateral Chains

=50?"var(--crit)":"var(--low)")+"\">"+d.exfiltration_indicators+"

Exfil Indicators

";setHtml("intel-summary",html);}).catch(function(){});} function loadIntelSessions(){apiFetch("/api/v1/ueba/intel/sessions?hours=24").then(function(d){var s=d.sessions||[];if(!s.length){setHtml("intel-sessions-list","

No sessions reconstructed

");return;}var h="";s.slice(0,20).forEach(function(ss){var rc=ss.risk_score>=70?"var(--crit)":ss.risk_score>=40?"var(--high)":ss.risk_score>=20?"var(--med)":"var(--low)";h+="

"+ss.risk_score+"

RISK

"+ss.user+"@"+ss.hostname+"

"+ss.event_count+" events · "+ss.command_count+" cmds · "+ss.file_count+" files · "+ss.duration_minutes+"min

"+ss.max_severity+"

";});setHtml("intel-sessions-list",h);}).catch(function(e){setHtml("intel-sessions-list","

Error: "+e.message+"

");});} function loadIntelLateral(){apiFetch("/api/v1/ueba/intel/lateral-movement?hours=24").then(function(d){var c=d.chains||[];if(!c.length){setHtml("intel-lateral-list","

No lateral movement detected

");return;}var h="";c.forEach(function(ch){var rc=ch.risk_score>=70?"var(--crit)":ch.risk_score>=40?"var(--high)":"var(--med)";var hosts=(ch.hosts||[]).map(function(x){return x.hostname;}).join(" → ");h+="

"+ch.risk_score+"

"+(ch.user||ch.source_ip)+" → "+ch.host_count+" hosts

"+hosts+"

"+ch.description+"

";});setHtml("intel-lateral-list",h);}).catch(function(){});} function loadIntelExfil(){apiFetch("/api/v1/ueba/intel/exfiltration?hours=24").then(function(d){var inds=d.indicators||[];if(!inds.length){setHtml("intel-exfil-list","

No exfiltration indicators

");return;}var h="";inds.forEach(function(ind){var rc=ind.risk_score>=70?"var(--crit)":ind.risk_score>=40?"var(--high)":"var(--med)";h+="

"+ind.risk_score+"

"+ind.type.replace(/_/g," ")+"

"+ind.description+"

"+ind.mitre_id+"

";});setHtml("intel-exfil-list",h);}).catch(function(){});} function aiInvestigateSession(username){var panel=document.getElementById("intel-detail");if(panel){panel.style.display="block";panel.innerHTML="

AI investigating sessions for "+_esc(username)+"...

";}apiFetch("/api/v1/ueba/intel/ai-investigate-session",{method:"POST",body:JSON.stringify({username:username,hours:24})}).then(function(d){if(!panel)return;var a=d.analysis||{};var vc={"compromised":{bg:"var(--crit)",l:"COMPROMISED"},"suspicious":{bg:"var(--high)",l:"SUSPICIOUS"},"legitimate":{bg:"var(--low)",l:"LEGITIMATE"},"needs_review":{bg:"var(--med)",l:"NEEDS REVIEW"}}[a.verdict]||{bg:"var(--text3)",l:"UNKNOWN"};var h="

"+vc.l+"

"+(a.risk_score||0)+"/100

";if(a.summary)h+="

"+_esc(a.summary)+"

";if(a.attack_narrative)h+="

ATTACK NARRATIVE

"+_esc(a.attack_narrative)+"

";if(a.session_highlights&&a.session_highlights.length){h+="

SESSION HIGHLIGHTS

";a.session_highlights.forEach(function(s){h+="

"+s+"

";});h+="

";}if(a.recommended_actions&&a.recommended_actions.length){h+="

RECOMMENDED ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";}h+="

Sessions: "+d.sessions_analyzed+" | Events: "+d.total_events+(d.lateral_movement?" | ⚠ LATERAL MOVEMENT DETECTED":"")+"

";panel.innerHTML=h;}).catch(function(e){if(panel)panel.innerHTML="

Error: "+e.message+"

";});} var _navEnt=document.getElementById("nav-entities");if(_navEnt)_navEnt.addEventListener("click",function(){showPage("entities");}); var ALL_ENTITIES=[]; function resolveEntities(){var b=document.getElementById("entity-resolve-btn");if(b){b.disabled=true;b.textContent="Resolving...";}apiFetch("/api/v1/entities/resolve",{method:"POST",body:JSON.stringify({days:30})}).then(function(d){if(b){b.disabled=false;b.textContent="Resolve Entities";}toast("Resolved "+d.entities_resolved+" entities from "+d.events_scanned+" events","success");loadEntities();}).catch(function(e){if(b){b.disabled=false;b.textContent="Resolve Entities";}toast("Error: "+e.message,"error");});} function loadEntities(){apiFetch("/api/v1/entities/summary/stats").then(function(d){var h="

"+_entStat("Entities",d.total_entities,"var(--accent)")+_entStat("Admins",d.admin_entities,"var(--med)")+_entStat("High Risk",d.high_risk_entities,d.high_risk_entities>0?"var(--crit)":"var(--low)")+_entStat("Hosts",d.unique_hosts,"var(--text1)")+_entStat("Sources",d.data_sources,"var(--accent)")+"

";setHtml("entity-stats",h);}).catch(function(){}); apiFetch("/api/v1/entities?limit=100").then(function(d){ALL_ENTITIES=d.entities||[];setText("entity-count","("+ALL_ENTITIES.length+")");renderEntityList(ALL_ENTITIES);}).catch(function(e){setHtml("entity-list","

"+e.message+"

");});} function _entStat(l,v,c){return "

"+v+"

"+l+"

";} function filterEntities(f){var list=ALL_ENTITIES;if(f==="high")list=ALL_ENTITIES.filter(function(e){return e.risk_level==="critical"||e.risk_level==="high";});if(f==="admin")list=ALL_ENTITIES.filter(function(e){return e.is_admin;});if(f==="multi")list=ALL_ENTITIES.filter(function(e){return(e.hostnames||[]).length>=2;});renderEntityList(list);} function renderEntityList(list){if(!list.length){setHtml("entity-list","

No entities

Click Resolve Entities to scan

");return;} var h="";list.forEach(function(e){var rc=e.risk_score>=50?"var(--crit)":e.risk_score>=25?"var(--high)":e.risk_score>=10?"var(--med)":"var(--low)";var hosts=(e.hostnames||[]).join(", ");var ips=(e.ip_addresses||[]).slice(0,2).join(", ");var tags=(e.tags||[]).map(function(t){return ""+t+"";}).join(""); h+="

"+e.display_name[0].toUpperCase()+"

"+e.display_name+(e.is_admin?" ADMIN":"")+"

"+hosts+" · "+e.total_events+" events"+(ips?" · "+ips:"")+"

"+tags+"

"+e.risk_score+"

"+e.risk_level+"

";});setHtml("entity-list",h);} function showEntityDetail(name){var card=document.getElementById("entity-detail-card");if(card)card.style.display=""; apiFetch("/api/v1/entities/"+encodeURIComponent(name)).then(function(d){var e=d.entity;var h="

"+e.display_name+"

"; h+="

"; (e.tags||[]).forEach(function(t){h+=""+t+"";}); h+="

"; h+="

HOSTS

"+(e.hostnames||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

IPs

"+(e.ip_addresses||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

SOURCES

"+(e.source_systems||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

STATS

Events: "+e.total_events+"

Risk: =50?"var(--crit)":"var(--low)")+"\">"+e.risk_score+"

First: "+(e.first_seen||"?").slice(0,10)+"

"; h+="

"; setHtml("entity-detail",h);}).catch(function(e){setHtml("entity-detail","Error: "+e.message);}); loadEntityTimeline(name);} function loadEntityTimeline(name){var card=document.getElementById("entity-timeline-card");if(card)card.style.display=""; apiFetch("/api/v1/entities/"+encodeURIComponent(name)+"/timeline?hours=24&limit=100").then(function(d){var tl=d.timeline||[];if(!tl.length){setHtml("entity-timeline","

No activity in 24h

");return;} var srcColors={auth:"var(--accent)",wazuh:"var(--med)",process:"var(--high)",fim:"var(--crit)",network:"var(--low)",soar:"var(--med)",correlation:"var(--crit)",other:"var(--text3)"}; var h="

"+d.total_events+" events across "+Object.keys(d.summary.by_source||{}).length+" sources

";var lastDate=""; tl.slice(0,80).forEach(function(t){var dateStr=(t.time||"").slice(0,10);if(dateStr!==lastDate){h+="

"+dateStr+"

";lastDate=dateStr;} var sc=srcColors[t.source]||"var(--text3)";var sevC={critical:"var(--crit)",high:"var(--high)",medium:"var(--med)",low:"var(--low)"}[t.severity]||"var(--text3)"; h+="

"; h+=""+(t.time||"").slice(11,19)+""; h+=""+t.icon+""; h+="

"+(t.description||t.type)+"

"; if(t.hostname||t.mitre_id)h+="

"+(t.hostname?t.hostname+" ":"")+(t.mitre_id?"["+t.mitre_id+"] ":"")+(t.source_ip?t.source_ip:"")+"

"; h+="

"; if(t.is_suspicious)h+=""; h+="

";});setHtml("entity-timeline",h);}).catch(function(e){setHtml("entity-timeline","Error: "+e.message);});} function aiInvestigateEntity(name){var det=document.getElementById("entity-detail");if(det)det.innerHTML="

AI investigating "+name+"...

"; apiFetch("/api/v1/entities/"+encodeURIComponent(name)+"/ai-investigate",{method:"POST"}).then(function(d){if(!det)return;var a=d.analysis||{};var vc={compromised:{bg:"var(--crit)",l:"COMPROMISED"},suspicious:{bg:"var(--high)",l:"SUSPICIOUS"},legitimate:{bg:"var(--low)",l:"LEGITIMATE"},attacker:{bg:"var(--crit)",l:"ATTACKER"},service_account:{bg:"var(--text3)",l:"SERVICE"},needs_review:{bg:"var(--med)",l:"NEEDS REVIEW"}}[a.verdict]||{bg:"var(--text3)",l:"UNKNOWN"}; var h="

"+vc.l+"

"+(a.risk_score||0)+"/100

"; if(a.summary)h+="

"+_esc(a.summary)+"

"; if(a.activity_narrative)h+="

ACTIVITY NARRATIVE

"+a.activity_narrative+"

"; if(a.risk_indicators&&a.risk_indicators.length){h+="

RISK INDICATORS

";a.risk_indicators.forEach(function(r){h+="

"+r+"

";});h+="

";} if(a.notable_findings&&a.notable_findings.length){h+="

NOTABLE FINDINGS

";a.notable_findings.forEach(function(f){h+="

"+f+"

";});h+="

";} if(a.recommended_actions&&a.recommended_actions.length){h+="

ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";} det.innerHTML=h;}).catch(function(e){if(det)det.innerHTML="

Error: "+e.message+"

";});} var _navFW=document.getElementById("nav-firewall");if(_navFW)_navFW.addEventListener("click",function(){showPage("firewall");}); function showIntelTab(t){var tabs=["sessions","lateral","exfil"];for(var i=0;i

"+d.total_sessions+"

Sessions (24h)

0?"var(--crit)":"var(--low)")+"\">"+d.risky_sessions+"

Risky Sessions

0?"var(--high)":"var(--low)")+"\">"+d.lateral_chains+"

Lateral Chains

=50?"var(--crit)":"var(--low)")+"\">"+d.exfiltration_indicators+"

Exfil Indicators

No sessions reconstructed

");return;}var h="";s.slice(0,20).forEach(function(ss){var rc=ss.risk_score>=70?"var(--crit)":ss.risk_score>=40?"var(--high)":ss.risk_score>=20?"var(--med)":"var(--low)";h+="

"+ss.risk_score+"

RISK

"+ss.user+"@"+ss.hostname+"

"+ss.event_count+" events · "+ss.command_count+" cmds · "+ss.file_count+" files · "+ss.duration_minutes+"min

"+ss.max_severity+"

";});setHtml("intel-sessions-list",h);}).catch(function(e){setHtml("intel-sessions-list","

Error: "+e.message+"

");});} function loadIntelLateral(){apiFetch("/api/v1/ueba/intel/lateral-movement?hours=24").then(function(d){var c=d.chains||[];if(!c.length){setHtml("intel-lateral-list","

No lateral movement detected

"+ch.risk_score+"

"+(ch.user||ch.source_ip)+" → "+ch.host_count+" hosts

"+hosts+"

"+ch.description+"

No exfiltration indicators

");return;}var h="";inds.forEach(function(ind){var rc=ind.risk_score>=70?"var(--crit)":ind.risk_score>=40?"var(--high)":"var(--med)";h+="

"+ind.risk_score+"

"+ind.type.replace(/_/g," ")+"

"+ind.description+"

"+ind.mitre_id+"

AI investigating sessions for "+_esc(username)+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

";if(a.summary)h+="

"+_esc(a.summary)+"

";if(a.attack_narrative)h+="

ATTACK NARRATIVE

"+_esc(a.attack_narrative)+"

";if(a.session_highlights&&a.session_highlights.length){h+="

SESSION HIGHLIGHTS

";a.session_highlights.forEach(function(s){h+="

"+s+"

";});h+="

";}if(a.recommended_actions&&a.recommended_actions.length){h+="

RECOMMENDED ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";}h+="

Sessions: "+d.sessions_analyzed+" | Events: "+d.total_events+(d.lateral_movement?" | ⚠ LATERAL MOVEMENT DETECTED":"")+"

";panel.innerHTML=h;}).catch(function(e){if(panel)panel.innerHTML="

Error: "+e.message+"

"+e.message+"

");});} function _entStat(l,v,c){return "

"+v+"

"+l+"

No entities

Click Resolve Entities to scan

"+e.display_name[0].toUpperCase()+"

"+e.display_name+(e.is_admin?" ADMIN":"")+"

"+hosts+" · "+e.total_events+" events"+(ips?" · "+ips:"")+"

"+tags+"

"+e.risk_score+"

"+e.risk_level+"

"+e.display_name+"

"; h+="

"; (e.tags||[]).forEach(function(t){h+=""+t+"";}); h+="

"; h+="

HOSTS

"+(e.hostnames||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

IPs

"+(e.ip_addresses||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

SOURCES

"+(e.source_systems||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

STATS

Events: "+e.total_events+"

Risk: =50?"var(--crit)":"var(--low)")+"\">"+e.risk_score+"

First: "+(e.first_seen||"?").slice(0,10)+"

"; h+="

No activity in 24h

"+d.total_events+" events across "+Object.keys(d.summary.by_source||{}).length+" sources

";var lastDate=""; tl.slice(0,80).forEach(function(t){var dateStr=(t.time||"").slice(0,10);if(dateStr!==lastDate){h+="

"+dateStr+"

";lastDate=dateStr;} var sc=srcColors[t.source]||"var(--text3)";var sevC={critical:"var(--crit)",high:"var(--high)",medium:"var(--med)",low:"var(--low)"}[t.severity]||"var(--text3)"; h+="

"; h+=""+(t.time||"").slice(11,19)+""; h+=""+t.icon+""; h+="

"+(t.description||t.type)+"

"; if(t.hostname||t.mitre_id)h+="

"+(t.hostname?t.hostname+" ":"")+(t.mitre_id?"["+t.mitre_id+"] ":"")+(t.source_ip?t.source_ip:"")+"

"; h+="

"; if(t.is_suspicious)h+=""; h+="

AI investigating "+name+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

"; if(a.summary)h+="

"+_esc(a.summary)+"

"; if(a.activity_narrative)h+="

ACTIVITY NARRATIVE

"+a.activity_narrative+"

"; if(a.risk_indicators&&a.risk_indicators.length){h+="

RISK INDICATORS

";a.risk_indicators.forEach(function(r){h+="

"+r+"

";});h+="

";} if(a.notable_findings&&a.notable_findings.length){h+="

NOTABLE FINDINGS

";a.notable_findings.forEach(function(f){h+="

"+f+"

";});h+="

";} if(a.recommended_actions&&a.recommended_actions.length){h+="

ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";} det.innerHTML=h;}).catch(function(e){if(det)det.innerHTML="

Error: "+e.message+"

"+d.total_sessions+"

Sessions (24h)

0?"var(--crit)":"var(--low)")+"\">"+d.risky_sessions+"

Risky Sessions

0?"var(--high)":"var(--low)")+"\">"+d.lateral_chains+"

Lateral Chains

=50?"var(--crit)":"var(--low)")+"\">"+d.exfiltration_indicators+"

Exfil Indicators

No sessions reconstructed

");return;}var h="";s.slice(0,20).forEach(function(ss){var rc=ss.risk_score>=70?"var(--crit)":ss.risk_score>=40?"var(--high)":ss.risk_score>=20?"var(--med)":"var(--low)";h+="

"+ss.risk_score+"

RISK

"+ss.user+"@"+ss.hostname+"

"+ss.event_count+" events · "+ss.command_count+" cmds · "+ss.file_count+" files · "+ss.duration_minutes+"min

"+ss.max_severity+"

";});setHtml("intel-sessions-list",h);}).catch(function(e){setHtml("intel-sessions-list","

Error: "+e.message+"

");});} function loadIntelLateral(){apiFetch("/api/v1/ueba/intel/lateral-movement?hours=24").then(function(d){var c=d.chains||[];if(!c.length){setHtml("intel-lateral-list","

No lateral movement detected

"+ch.risk_score+"

"+(ch.user||ch.source_ip)+" → "+ch.host_count+" hosts

"+hosts+"

"+ch.description+"

No exfiltration indicators

");return;}var h="";inds.forEach(function(ind){var rc=ind.risk_score>=70?"var(--crit)":ind.risk_score>=40?"var(--high)":"var(--med)";h+="

"+ind.risk_score+"

"+ind.type.replace(/_/g," ")+"

"+ind.description+"

"+ind.mitre_id+"

AI investigating sessions for "+_esc(username)+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

";if(a.summary)h+="

"+_esc(a.summary)+"

";if(a.attack_narrative)h+="

ATTACK NARRATIVE

"+_esc(a.attack_narrative)+"

";if(a.session_highlights&&a.session_highlights.length){h+="

SESSION HIGHLIGHTS

";a.session_highlights.forEach(function(s){h+="

"+s+"

";});h+="

";}if(a.recommended_actions&&a.recommended_actions.length){h+="

RECOMMENDED ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";}h+="

Sessions: "+d.sessions_analyzed+" | Events: "+d.total_events+(d.lateral_movement?" | ⚠ LATERAL MOVEMENT DETECTED":"")+"

";panel.innerHTML=h;}).catch(function(e){if(panel)panel.innerHTML="

Error: "+e.message+"

"+e.message+"

");});} function _entStat(l,v,c){return "

"+v+"

"+l+"

No entities

Click Resolve Entities to scan

"+e.display_name[0].toUpperCase()+"

"+e.display_name+(e.is_admin?" ADMIN":"")+"

"+hosts+" · "+e.total_events+" events"+(ips?" · "+ips:"")+"

"+tags+"

"+e.risk_score+"

"+e.risk_level+"

"+e.display_name+"

"; h+="

"; (e.tags||[]).forEach(function(t){h+=""+t+"";}); h+="

"; h+="

HOSTS

"+(e.hostnames||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

IPs

"+(e.ip_addresses||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

SOURCES

"+(e.source_systems||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

STATS

Events: "+e.total_events+"

Risk: =50?"var(--crit)":"var(--low)")+"\">"+e.risk_score+"

First: "+(e.first_seen||"?").slice(0,10)+"

"; h+="

No activity in 24h

"+d.total_events+" events across "+Object.keys(d.summary.by_source||{}).length+" sources

";var lastDate=""; tl.slice(0,80).forEach(function(t){var dateStr=(t.time||"").slice(0,10);if(dateStr!==lastDate){h+="

"+dateStr+"

";lastDate=dateStr;} var sc=srcColors[t.source]||"var(--text3)";var sevC={critical:"var(--crit)",high:"var(--high)",medium:"var(--med)",low:"var(--low)"}[t.severity]||"var(--text3)"; h+="

"; h+=""+(t.time||"").slice(11,19)+""; h+=""+t.icon+""; h+="

"+(t.description||t.type)+"

"; if(t.hostname||t.mitre_id)h+="

"+(t.hostname?t.hostname+" ":"")+(t.mitre_id?"["+t.mitre_id+"] ":"")+(t.source_ip?t.source_ip:"")+"

"; h+="

"; if(t.is_suspicious)h+=""; h+="

AI investigating "+name+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

"; if(a.summary)h+="

"+_esc(a.summary)+"

"; if(a.activity_narrative)h+="

ACTIVITY NARRATIVE

"+a.activity_narrative+"

"; if(a.risk_indicators&&a.risk_indicators.length){h+="

RISK INDICATORS

";a.risk_indicators.forEach(function(r){h+="

"+r+"

";});h+="

";} if(a.notable_findings&&a.notable_findings.length){h+="

NOTABLE FINDINGS

";a.notable_findings.forEach(function(f){h+="

"+f+"

";});h+="

";} if(a.recommended_actions&&a.recommended_actions.length){h+="

ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";} det.innerHTML=h;}).catch(function(e){if(det)det.innerHTML="

Error: "+e.message+"

"+d.total_sessions+"

Sessions (24h)

0?"var(--crit)":"var(--low)")+"\">"+d.risky_sessions+"

Risky Sessions

0?"var(--high)":"var(--low)")+"\">"+d.lateral_chains+"

Lateral Chains

=50?"var(--crit)":"var(--low)")+"\">"+d.exfiltration_indicators+"

Exfil Indicators

No sessions reconstructed

");return;}var h="";s.slice(0,20).forEach(function(ss){var rc=ss.risk_score>=70?"var(--crit)":ss.risk_score>=40?"var(--high)":ss.risk_score>=20?"var(--med)":"var(--low)";h+="

"+ss.risk_score+"

RISK

"+ss.user+"@"+ss.hostname+"

"+ss.event_count+" events · "+ss.command_count+" cmds · "+ss.file_count+" files · "+ss.duration_minutes+"min

"+ss.max_severity+"

";});setHtml("intel-sessions-list",h);}).catch(function(e){setHtml("intel-sessions-list","

Error: "+e.message+"

");});} function loadIntelLateral(){apiFetch("/api/v1/ueba/intel/lateral-movement?hours=24").then(function(d){var c=d.chains||[];if(!c.length){setHtml("intel-lateral-list","

No lateral movement detected

"+ch.risk_score+"

"+(ch.user||ch.source_ip)+" → "+ch.host_count+" hosts

"+hosts+"

"+ch.description+"

No exfiltration indicators

");return;}var h="";inds.forEach(function(ind){var rc=ind.risk_score>=70?"var(--crit)":ind.risk_score>=40?"var(--high)":"var(--med)";h+="

"+ind.risk_score+"

"+ind.type.replace(/_/g," ")+"

"+ind.description+"

"+ind.mitre_id+"

AI investigating sessions for "+_esc(username)+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

";if(a.summary)h+="

"+_esc(a.summary)+"

";if(a.attack_narrative)h+="

ATTACK NARRATIVE

"+_esc(a.attack_narrative)+"

";if(a.session_highlights&&a.session_highlights.length){h+="

SESSION HIGHLIGHTS

";a.session_highlights.forEach(function(s){h+="

"+s+"

";});h+="

";}if(a.recommended_actions&&a.recommended_actions.length){h+="

RECOMMENDED ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";}h+="

Sessions: "+d.sessions_analyzed+" | Events: "+d.total_events+(d.lateral_movement?" | ⚠ LATERAL MOVEMENT DETECTED":"")+"

";panel.innerHTML=h;}).catch(function(e){if(panel)panel.innerHTML="

Error: "+e.message+"

"+e.message+"

");});} function _entStat(l,v,c){return "

"+v+"

"+l+"

No entities

Click Resolve Entities to scan

"+e.display_name[0].toUpperCase()+"

"+e.display_name+(e.is_admin?" ADMIN":"")+"

"+hosts+" · "+e.total_events+" events"+(ips?" · "+ips:"")+"

"+tags+"

"+e.risk_score+"

"+e.risk_level+"

"+e.display_name+"

"; h+="

"; (e.tags||[]).forEach(function(t){h+=""+t+"";}); h+="

"; h+="

HOSTS

"+(e.hostnames||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

IPs

"+(e.ip_addresses||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

SOURCES

"+(e.source_systems||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

STATS

Events: "+e.total_events+"

Risk: =50?"var(--crit)":"var(--low)")+"\">"+e.risk_score+"

First: "+(e.first_seen||"?").slice(0,10)+"

"; h+="

No activity in 24h

"+d.total_events+" events across "+Object.keys(d.summary.by_source||{}).length+" sources

";var lastDate=""; tl.slice(0,80).forEach(function(t){var dateStr=(t.time||"").slice(0,10);if(dateStr!==lastDate){h+="

"+dateStr+"

";lastDate=dateStr;} var sc=srcColors[t.source]||"var(--text3)";var sevC={critical:"var(--crit)",high:"var(--high)",medium:"var(--med)",low:"var(--low)"}[t.severity]||"var(--text3)"; h+="

"; h+=""+(t.time||"").slice(11,19)+""; h+=""+t.icon+""; h+="

"+(t.description||t.type)+"

"; if(t.hostname||t.mitre_id)h+="

"+(t.hostname?t.hostname+" ":"")+(t.mitre_id?"["+t.mitre_id+"] ":"")+(t.source_ip?t.source_ip:"")+"

"; h+="

"; if(t.is_suspicious)h+=""; h+="

AI investigating "+name+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

"; if(a.summary)h+="

"+_esc(a.summary)+"

"; if(a.activity_narrative)h+="

ACTIVITY NARRATIVE

"+a.activity_narrative+"

"; if(a.risk_indicators&&a.risk_indicators.length){h+="

RISK INDICATORS

";a.risk_indicators.forEach(function(r){h+="

"+r+"

";});h+="

";} if(a.notable_findings&&a.notable_findings.length){h+="

NOTABLE FINDINGS

";a.notable_findings.forEach(function(f){h+="

"+f+"

";});h+="

";} if(a.recommended_actions&&a.recommended_actions.length){h+="

ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";} det.innerHTML=h;}).catch(function(e){if(det)det.innerHTML="

Error: "+e.message+"

"+d.total_sessions+"

Sessions (24h)

0?"var(--crit)":"var(--low)")+"\">"+d.risky_sessions+"

Risky Sessions

0?"var(--high)":"var(--low)")+"\">"+d.lateral_chains+"

Lateral Chains

=50?"var(--crit)":"var(--low)")+"\">"+d.exfiltration_indicators+"

Exfil Indicators

No sessions reconstructed

");return;}var h="";s.slice(0,20).forEach(function(ss){var rc=ss.risk_score>=70?"var(--crit)":ss.risk_score>=40?"var(--high)":ss.risk_score>=20?"var(--med)":"var(--low)";h+="

"+ss.risk_score+"

RISK

"+ss.user+"@"+ss.hostname+"

"+ss.event_count+" events · "+ss.command_count+" cmds · "+ss.file_count+" files · "+ss.duration_minutes+"min

"+ss.max_severity+"

";});setHtml("intel-sessions-list",h);}).catch(function(e){setHtml("intel-sessions-list","

Error: "+e.message+"

");});} function loadIntelLateral(){apiFetch("/api/v1/ueba/intel/lateral-movement?hours=24").then(function(d){var c=d.chains||[];if(!c.length){setHtml("intel-lateral-list","

No lateral movement detected

"+ch.risk_score+"

"+(ch.user||ch.source_ip)+" → "+ch.host_count+" hosts

"+hosts+"

"+ch.description+"

No exfiltration indicators

");return;}var h="";inds.forEach(function(ind){var rc=ind.risk_score>=70?"var(--crit)":ind.risk_score>=40?"var(--high)":"var(--med)";h+="

"+ind.risk_score+"

"+ind.type.replace(/_/g," ")+"

"+ind.description+"

"+ind.mitre_id+"

AI investigating sessions for "+_esc(username)+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

";if(a.summary)h+="

"+_esc(a.summary)+"

";if(a.attack_narrative)h+="

ATTACK NARRATIVE

"+_esc(a.attack_narrative)+"

";if(a.session_highlights&&a.session_highlights.length){h+="

SESSION HIGHLIGHTS

";a.session_highlights.forEach(function(s){h+="

"+s+"

";});h+="

";}if(a.recommended_actions&&a.recommended_actions.length){h+="

RECOMMENDED ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";}h+="

Sessions: "+d.sessions_analyzed+" | Events: "+d.total_events+(d.lateral_movement?" | ⚠ LATERAL MOVEMENT DETECTED":"")+"

";panel.innerHTML=h;}).catch(function(e){if(panel)panel.innerHTML="

Error: "+e.message+"

"+e.message+"

");});} function _entStat(l,v,c){return "

"+v+"

"+l+"

No entities

Click Resolve Entities to scan

"+e.display_name[0].toUpperCase()+"

"+e.display_name+(e.is_admin?" ADMIN":"")+"

"+hosts+" · "+e.total_events+" events"+(ips?" · "+ips:"")+"

"+tags+"

"+e.risk_score+"

"+e.risk_level+"

"+e.display_name+"

"; h+="

"; (e.tags||[]).forEach(function(t){h+=""+t+"";}); h+="

"; h+="

HOSTS

"+(e.hostnames||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

IPs

"+(e.ip_addresses||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

SOURCES

"+(e.source_systems||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

STATS

Events: "+e.total_events+"

Risk: =50?"var(--crit)":"var(--low)")+"\">"+e.risk_score+"

First: "+(e.first_seen||"?").slice(0,10)+"

"; h+="

No activity in 24h

"+d.total_events+" events across "+Object.keys(d.summary.by_source||{}).length+" sources

";var lastDate=""; tl.slice(0,80).forEach(function(t){var dateStr=(t.time||"").slice(0,10);if(dateStr!==lastDate){h+="

"+dateStr+"

";lastDate=dateStr;} var sc=srcColors[t.source]||"var(--text3)";var sevC={critical:"var(--crit)",high:"var(--high)",medium:"var(--med)",low:"var(--low)"}[t.severity]||"var(--text3)"; h+="

"; h+=""+(t.time||"").slice(11,19)+""; h+=""+t.icon+""; h+="

"+(t.description||t.type)+"

"; if(t.hostname||t.mitre_id)h+="

"+(t.hostname?t.hostname+" ":"")+(t.mitre_id?"["+t.mitre_id+"] ":"")+(t.source_ip?t.source_ip:"")+"

"; h+="

"; if(t.is_suspicious)h+=""; h+="

AI investigating "+name+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

"; if(a.summary)h+="

"+_esc(a.summary)+"

"; if(a.activity_narrative)h+="

ACTIVITY NARRATIVE

"+a.activity_narrative+"

"; if(a.risk_indicators&&a.risk_indicators.length){h+="

RISK INDICATORS

";a.risk_indicators.forEach(function(r){h+="

"+r+"

";});h+="

";} if(a.notable_findings&&a.notable_findings.length){h+="

NOTABLE FINDINGS

";a.notable_findings.forEach(function(f){h+="

"+f+"

";});h+="

";} if(a.recommended_actions&&a.recommended_actions.length){h+="

ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";} det.innerHTML=h;}).catch(function(e){if(det)det.innerHTML="

Error: "+e.message+"

"+d.total_sessions+"

Sessions (24h)

0?"var(--crit)":"var(--low)")+"\">"+d.risky_sessions+"

Risky Sessions

0?"var(--high)":"var(--low)")+"\">"+d.lateral_chains+"

Lateral Chains

=50?"var(--crit)":"var(--low)")+"\">"+d.exfiltration_indicators+"

Exfil Indicators

No sessions reconstructed

");return;}var h="";s.slice(0,20).forEach(function(ss){var rc=ss.risk_score>=70?"var(--crit)":ss.risk_score>=40?"var(--high)":ss.risk_score>=20?"var(--med)":"var(--low)";h+="

"+ss.risk_score+"

RISK

"+ss.user+"@"+ss.hostname+"

"+ss.event_count+" events · "+ss.command_count+" cmds · "+ss.file_count+" files · "+ss.duration_minutes+"min

"+ss.max_severity+"

";});setHtml("intel-sessions-list",h);}).catch(function(e){setHtml("intel-sessions-list","

Error: "+e.message+"

");});} function loadIntelLateral(){apiFetch("/api/v1/ueba/intel/lateral-movement?hours=24").then(function(d){var c=d.chains||[];if(!c.length){setHtml("intel-lateral-list","

No lateral movement detected

"+ch.risk_score+"

"+(ch.user||ch.source_ip)+" → "+ch.host_count+" hosts

"+hosts+"

"+ch.description+"

No exfiltration indicators

");return;}var h="";inds.forEach(function(ind){var rc=ind.risk_score>=70?"var(--crit)":ind.risk_score>=40?"var(--high)":"var(--med)";h+="

"+ind.risk_score+"

"+ind.type.replace(/_/g," ")+"

"+ind.description+"

"+ind.mitre_id+"

AI investigating sessions for "+_esc(username)+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

";if(a.summary)h+="

"+_esc(a.summary)+"

";if(a.attack_narrative)h+="

ATTACK NARRATIVE

"+_esc(a.attack_narrative)+"

";if(a.session_highlights&&a.session_highlights.length){h+="

SESSION HIGHLIGHTS

";a.session_highlights.forEach(function(s){h+="

"+s+"

";});h+="

";}if(a.recommended_actions&&a.recommended_actions.length){h+="

RECOMMENDED ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";}h+="

Sessions: "+d.sessions_analyzed+" | Events: "+d.total_events+(d.lateral_movement?" | ⚠ LATERAL MOVEMENT DETECTED":"")+"

";panel.innerHTML=h;}).catch(function(e){if(panel)panel.innerHTML="

Error: "+e.message+"

"+e.message+"

");});} function _entStat(l,v,c){return "

"+v+"

"+l+"

No entities

Click Resolve Entities to scan

"+e.display_name[0].toUpperCase()+"

"+e.display_name+(e.is_admin?" ADMIN":"")+"

"+hosts+" · "+e.total_events+" events"+(ips?" · "+ips:"")+"

"+tags+"

"+e.risk_score+"

"+e.risk_level+"

"+e.display_name+"

"; h+="

"; (e.tags||[]).forEach(function(t){h+=""+t+"";}); h+="

"; h+="

HOSTS

"+(e.hostnames||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

IPs

"+(e.ip_addresses||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

SOURCES

"+(e.source_systems||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

STATS

Events: "+e.total_events+"

Risk: =50?"var(--crit)":"var(--low)")+"\">"+e.risk_score+"

First: "+(e.first_seen||"?").slice(0,10)+"

"; h+="

No activity in 24h

"+d.total_events+" events across "+Object.keys(d.summary.by_source||{}).length+" sources

";var lastDate=""; tl.slice(0,80).forEach(function(t){var dateStr=(t.time||"").slice(0,10);if(dateStr!==lastDate){h+="

"+dateStr+"

";lastDate=dateStr;} var sc=srcColors[t.source]||"var(--text3)";var sevC={critical:"var(--crit)",high:"var(--high)",medium:"var(--med)",low:"var(--low)"}[t.severity]||"var(--text3)"; h+="

"; h+=""+(t.time||"").slice(11,19)+""; h+=""+t.icon+""; h+="

"+(t.description||t.type)+"

"; if(t.hostname||t.mitre_id)h+="

"+(t.hostname?t.hostname+" ":"")+(t.mitre_id?"["+t.mitre_id+"] ":"")+(t.source_ip?t.source_ip:"")+"

"; h+="

"; if(t.is_suspicious)h+=""; h+="

AI investigating "+name+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

"; if(a.summary)h+="

"+_esc(a.summary)+"

"; if(a.activity_narrative)h+="

ACTIVITY NARRATIVE

"+a.activity_narrative+"

"; if(a.risk_indicators&&a.risk_indicators.length){h+="

RISK INDICATORS

";a.risk_indicators.forEach(function(r){h+="

"+r+"

";});h+="

";} if(a.notable_findings&&a.notable_findings.length){h+="

NOTABLE FINDINGS

";a.notable_findings.forEach(function(f){h+="

"+f+"

";});h+="

";} if(a.recommended_actions&&a.recommended_actions.length){h+="

ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";} det.innerHTML=h;}).catch(function(e){if(det)det.innerHTML="

Error: "+e.message+"

"+d.total_sessions+"

Sessions (24h)

0?"var(--crit)":"var(--low)")+"\">"+d.risky_sessions+"

Risky Sessions

0?"var(--high)":"var(--low)")+"\">"+d.lateral_chains+"

Lateral Chains

=50?"var(--crit)":"var(--low)")+"\">"+d.exfiltration_indicators+"

Exfil Indicators

No sessions reconstructed

");return;}var h="";s.slice(0,20).forEach(function(ss){var rc=ss.risk_score>=70?"var(--crit)":ss.risk_score>=40?"var(--high)":ss.risk_score>=20?"var(--med)":"var(--low)";h+="

"+ss.risk_score+"

RISK

"+ss.user+"@"+ss.hostname+"

"+ss.event_count+" events · "+ss.command_count+" cmds · "+ss.file_count+" files · "+ss.duration_minutes+"min

"+ss.max_severity+"

";});setHtml("intel-sessions-list",h);}).catch(function(e){setHtml("intel-sessions-list","

Error: "+e.message+"

");});} function loadIntelLateral(){apiFetch("/api/v1/ueba/intel/lateral-movement?hours=24").then(function(d){var c=d.chains||[];if(!c.length){setHtml("intel-lateral-list","

No lateral movement detected

"+ch.risk_score+"

"+(ch.user||ch.source_ip)+" → "+ch.host_count+" hosts

"+hosts+"

"+ch.description+"

No exfiltration indicators

");return;}var h="";inds.forEach(function(ind){var rc=ind.risk_score>=70?"var(--crit)":ind.risk_score>=40?"var(--high)":"var(--med)";h+="

"+ind.risk_score+"

"+ind.type.replace(/_/g," ")+"

"+ind.description+"

"+ind.mitre_id+"

AI investigating sessions for "+_esc(username)+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

";if(a.summary)h+="

"+_esc(a.summary)+"

";if(a.attack_narrative)h+="

ATTACK NARRATIVE

"+_esc(a.attack_narrative)+"

";if(a.session_highlights&&a.session_highlights.length){h+="

SESSION HIGHLIGHTS

";a.session_highlights.forEach(function(s){h+="

"+s+"

";});h+="

";}if(a.recommended_actions&&a.recommended_actions.length){h+="

RECOMMENDED ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";}h+="

Sessions: "+d.sessions_analyzed+" | Events: "+d.total_events+(d.lateral_movement?" | ⚠ LATERAL MOVEMENT DETECTED":"")+"

";panel.innerHTML=h;}).catch(function(e){if(panel)panel.innerHTML="

Error: "+e.message+"

"+e.message+"

");});} function _entStat(l,v,c){return "

"+v+"

"+l+"

No entities

Click Resolve Entities to scan

"+e.display_name[0].toUpperCase()+"

"+e.display_name+(e.is_admin?" ADMIN":"")+"

"+hosts+" · "+e.total_events+" events"+(ips?" · "+ips:"")+"

"+tags+"

"+e.risk_score+"

"+e.risk_level+"

"+e.display_name+"

"; h+="

"; (e.tags||[]).forEach(function(t){h+=""+t+"";}); h+="

"; h+="

HOSTS

"+(e.hostnames||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

IPs

"+(e.ip_addresses||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

SOURCES

"+(e.source_systems||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

STATS

Events: "+e.total_events+"

Risk: =50?"var(--crit)":"var(--low)")+"\">"+e.risk_score+"

First: "+(e.first_seen||"?").slice(0,10)+"

"; h+="

No activity in 24h

"+d.total_events+" events across "+Object.keys(d.summary.by_source||{}).length+" sources

";var lastDate=""; tl.slice(0,80).forEach(function(t){var dateStr=(t.time||"").slice(0,10);if(dateStr!==lastDate){h+="

"+dateStr+"

";lastDate=dateStr;} var sc=srcColors[t.source]||"var(--text3)";var sevC={critical:"var(--crit)",high:"var(--high)",medium:"var(--med)",low:"var(--low)"}[t.severity]||"var(--text3)"; h+="

"; h+=""+(t.time||"").slice(11,19)+""; h+=""+t.icon+""; h+="

"+(t.description||t.type)+"

"; if(t.hostname||t.mitre_id)h+="

"+(t.hostname?t.hostname+" ":"")+(t.mitre_id?"["+t.mitre_id+"] ":"")+(t.source_ip?t.source_ip:"")+"

"; h+="

"; if(t.is_suspicious)h+=""; h+="

AI investigating "+name+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

"; if(a.summary)h+="

"+_esc(a.summary)+"

"; if(a.activity_narrative)h+="

ACTIVITY NARRATIVE

"+a.activity_narrative+"

"; if(a.risk_indicators&&a.risk_indicators.length){h+="

RISK INDICATORS

";a.risk_indicators.forEach(function(r){h+="

"+r+"

";});h+="

";} if(a.notable_findings&&a.notable_findings.length){h+="

NOTABLE FINDINGS

";a.notable_findings.forEach(function(f){h+="

"+f+"

";});h+="

";} if(a.recommended_actions&&a.recommended_actions.length){h+="

ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";} det.innerHTML=h;}).catch(function(e){if(det)det.innerHTML="

Error: "+e.message+"

"+d.total_sessions+"

Sessions (24h)

0?"var(--crit)":"var(--low)")+"\">"+d.risky_sessions+"

Risky Sessions

0?"var(--high)":"var(--low)")+"\">"+d.lateral_chains+"

Lateral Chains

=50?"var(--crit)":"var(--low)")+"\">"+d.exfiltration_indicators+"

Exfil Indicators

No sessions reconstructed

");return;}var h="";s.slice(0,20).forEach(function(ss){var rc=ss.risk_score>=70?"var(--crit)":ss.risk_score>=40?"var(--high)":ss.risk_score>=20?"var(--med)":"var(--low)";h+="

"+ss.risk_score+"

RISK

"+ss.user+"@"+ss.hostname+"

"+ss.event_count+" events · "+ss.command_count+" cmds · "+ss.file_count+" files · "+ss.duration_minutes+"min

"+ss.max_severity+"

";});setHtml("intel-sessions-list",h);}).catch(function(e){setHtml("intel-sessions-list","

Error: "+e.message+"

");});} function loadIntelLateral(){apiFetch("/api/v1/ueba/intel/lateral-movement?hours=24").then(function(d){var c=d.chains||[];if(!c.length){setHtml("intel-lateral-list","

No lateral movement detected

"+ch.risk_score+"

"+(ch.user||ch.source_ip)+" → "+ch.host_count+" hosts

"+hosts+"

"+ch.description+"

No exfiltration indicators

");return;}var h="";inds.forEach(function(ind){var rc=ind.risk_score>=70?"var(--crit)":ind.risk_score>=40?"var(--high)":"var(--med)";h+="

"+ind.risk_score+"

"+ind.type.replace(/_/g," ")+"

"+ind.description+"

"+ind.mitre_id+"

AI investigating sessions for "+_esc(username)+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

";if(a.summary)h+="

"+_esc(a.summary)+"

";if(a.attack_narrative)h+="

ATTACK NARRATIVE

"+_esc(a.attack_narrative)+"

";if(a.session_highlights&&a.session_highlights.length){h+="

SESSION HIGHLIGHTS

";a.session_highlights.forEach(function(s){h+="

"+s+"

";});h+="

";}if(a.recommended_actions&&a.recommended_actions.length){h+="

RECOMMENDED ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";}h+="

Sessions: "+d.sessions_analyzed+" | Events: "+d.total_events+(d.lateral_movement?" | ⚠ LATERAL MOVEMENT DETECTED":"")+"

";panel.innerHTML=h;}).catch(function(e){if(panel)panel.innerHTML="

Error: "+e.message+"

"+e.message+"

");});} function _entStat(l,v,c){return "

"+v+"

"+l+"

No entities

Click Resolve Entities to scan

"+e.display_name[0].toUpperCase()+"

"+e.display_name+(e.is_admin?" ADMIN":"")+"

"+hosts+" · "+e.total_events+" events"+(ips?" · "+ips:"")+"

"+tags+"

"+e.risk_score+"

"+e.risk_level+"

"+e.display_name+"

"; h+="

"; (e.tags||[]).forEach(function(t){h+=""+t+"";}); h+="

"; h+="

HOSTS

"+(e.hostnames||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

IPs

"+(e.ip_addresses||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

SOURCES

"+(e.source_systems||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

STATS

Events: "+e.total_events+"

Risk: =50?"var(--crit)":"var(--low)")+"\">"+e.risk_score+"

First: "+(e.first_seen||"?").slice(0,10)+"

"; h+="

No activity in 24h

"+d.total_events+" events across "+Object.keys(d.summary.by_source||{}).length+" sources

";var lastDate=""; tl.slice(0,80).forEach(function(t){var dateStr=(t.time||"").slice(0,10);if(dateStr!==lastDate){h+="

"+dateStr+"

";lastDate=dateStr;} var sc=srcColors[t.source]||"var(--text3)";var sevC={critical:"var(--crit)",high:"var(--high)",medium:"var(--med)",low:"var(--low)"}[t.severity]||"var(--text3)"; h+="

"; h+=""+(t.time||"").slice(11,19)+""; h+=""+t.icon+""; h+="

"+(t.description||t.type)+"

"; if(t.hostname||t.mitre_id)h+="

"+(t.hostname?t.hostname+" ":"")+(t.mitre_id?"["+t.mitre_id+"] ":"")+(t.source_ip?t.source_ip:"")+"

"; h+="

"; if(t.is_suspicious)h+=""; h+="

AI investigating "+name+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

"; if(a.summary)h+="

"+_esc(a.summary)+"

"; if(a.activity_narrative)h+="

ACTIVITY NARRATIVE

"+a.activity_narrative+"

"; if(a.risk_indicators&&a.risk_indicators.length){h+="

RISK INDICATORS

";a.risk_indicators.forEach(function(r){h+="

"+r+"

";});h+="

";} if(a.notable_findings&&a.notable_findings.length){h+="

NOTABLE FINDINGS

";a.notable_findings.forEach(function(f){h+="

"+f+"

";});h+="

";} if(a.recommended_actions&&a.recommended_actions.length){h+="

ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";} det.innerHTML=h;}).catch(function(e){if(det)det.innerHTML="

Error: "+e.message+"

"+d.total_sessions+"

Sessions (24h)

0?"var(--crit)":"var(--low)")+"\">"+d.risky_sessions+"

Risky Sessions

0?"var(--high)":"var(--low)")+"\">"+d.lateral_chains+"

Lateral Chains

=50?"var(--crit)":"var(--low)")+"\">"+d.exfiltration_indicators+"

Exfil Indicators

No sessions reconstructed

");return;}var h="";s.slice(0,20).forEach(function(ss){var rc=ss.risk_score>=70?"var(--crit)":ss.risk_score>=40?"var(--high)":ss.risk_score>=20?"var(--med)":"var(--low)";h+="

"+ss.risk_score+"

RISK

"+ss.user+"@"+ss.hostname+"

"+ss.event_count+" events · "+ss.command_count+" cmds · "+ss.file_count+" files · "+ss.duration_minutes+"min

"+ss.max_severity+"

";});setHtml("intel-sessions-list",h);}).catch(function(e){setHtml("intel-sessions-list","

Error: "+e.message+"

");});} function loadIntelLateral(){apiFetch("/api/v1/ueba/intel/lateral-movement?hours=24").then(function(d){var c=d.chains||[];if(!c.length){setHtml("intel-lateral-list","

No lateral movement detected

"+ch.risk_score+"

"+(ch.user||ch.source_ip)+" → "+ch.host_count+" hosts

"+hosts+"

"+ch.description+"

No exfiltration indicators

");return;}var h="";inds.forEach(function(ind){var rc=ind.risk_score>=70?"var(--crit)":ind.risk_score>=40?"var(--high)":"var(--med)";h+="

"+ind.risk_score+"

"+ind.type.replace(/_/g," ")+"

"+ind.description+"

"+ind.mitre_id+"

AI investigating sessions for "+_esc(username)+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

";if(a.summary)h+="

"+_esc(a.summary)+"

";if(a.attack_narrative)h+="

ATTACK NARRATIVE

"+_esc(a.attack_narrative)+"

";if(a.session_highlights&&a.session_highlights.length){h+="

SESSION HIGHLIGHTS

";a.session_highlights.forEach(function(s){h+="

"+s+"

";});h+="

";}if(a.recommended_actions&&a.recommended_actions.length){h+="

RECOMMENDED ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";}h+="

Sessions: "+d.sessions_analyzed+" | Events: "+d.total_events+(d.lateral_movement?" | ⚠ LATERAL MOVEMENT DETECTED":"")+"

";panel.innerHTML=h;}).catch(function(e){if(panel)panel.innerHTML="

Error: "+e.message+"

"+e.message+"

");});} function _entStat(l,v,c){return "

"+v+"

"+l+"

No entities

Click Resolve Entities to scan

"+e.display_name[0].toUpperCase()+"

"+e.display_name+(e.is_admin?" ADMIN":"")+"

"+hosts+" · "+e.total_events+" events"+(ips?" · "+ips:"")+"

"+tags+"

"+e.risk_score+"

"+e.risk_level+"

"+e.display_name+"

"; h+="

"; (e.tags||[]).forEach(function(t){h+=""+t+"";}); h+="

"; h+="

HOSTS

"+(e.hostnames||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

IPs

"+(e.ip_addresses||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

SOURCES

"+(e.source_systems||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

STATS

Events: "+e.total_events+"

Risk: =50?"var(--crit)":"var(--low)")+"\">"+e.risk_score+"

First: "+(e.first_seen||"?").slice(0,10)+"

"; h+="

No activity in 24h

"+d.total_events+" events across "+Object.keys(d.summary.by_source||{}).length+" sources

";var lastDate=""; tl.slice(0,80).forEach(function(t){var dateStr=(t.time||"").slice(0,10);if(dateStr!==lastDate){h+="

"+dateStr+"

";lastDate=dateStr;} var sc=srcColors[t.source]||"var(--text3)";var sevC={critical:"var(--crit)",high:"var(--high)",medium:"var(--med)",low:"var(--low)"}[t.severity]||"var(--text3)"; h+="

"; h+=""+(t.time||"").slice(11,19)+""; h+=""+t.icon+""; h+="

"+(t.description||t.type)+"

"; if(t.hostname||t.mitre_id)h+="

"+(t.hostname?t.hostname+" ":"")+(t.mitre_id?"["+t.mitre_id+"] ":"")+(t.source_ip?t.source_ip:"")+"

"; h+="

"; if(t.is_suspicious)h+=""; h+="

AI investigating "+name+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

"; if(a.summary)h+="

"+_esc(a.summary)+"

"; if(a.activity_narrative)h+="

ACTIVITY NARRATIVE

"+a.activity_narrative+"

"; if(a.risk_indicators&&a.risk_indicators.length){h+="

RISK INDICATORS

";a.risk_indicators.forEach(function(r){h+="

"+r+"

";});h+="

";} if(a.notable_findings&&a.notable_findings.length){h+="

NOTABLE FINDINGS

";a.notable_findings.forEach(function(f){h+="

"+f+"

";});h+="

";} if(a.recommended_actions&&a.recommended_actions.length){h+="

ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";} det.innerHTML=h;}).catch(function(e){if(det)det.innerHTML="

Error: "+e.message+"

"+d.total_sessions+"

Sessions (24h)

0?"var(--crit)":"var(--low)")+"\">"+d.risky_sessions+"

Risky Sessions

0?"var(--high)":"var(--low)")+"\">"+d.lateral_chains+"

Lateral Chains

=50?"var(--crit)":"var(--low)")+"\">"+d.exfiltration_indicators+"

Exfil Indicators

No sessions reconstructed

");return;}var h="";s.slice(0,20).forEach(function(ss){var rc=ss.risk_score>=70?"var(--crit)":ss.risk_score>=40?"var(--high)":ss.risk_score>=20?"var(--med)":"var(--low)";h+="

"+ss.risk_score+"

RISK

"+ss.user+"@"+ss.hostname+"

"+ss.event_count+" events · "+ss.command_count+" cmds · "+ss.file_count+" files · "+ss.duration_minutes+"min

"+ss.max_severity+"

";});setHtml("intel-sessions-list",h);}).catch(function(e){setHtml("intel-sessions-list","

Error: "+e.message+"

");});} function loadIntelLateral(){apiFetch("/api/v1/ueba/intel/lateral-movement?hours=24").then(function(d){var c=d.chains||[];if(!c.length){setHtml("intel-lateral-list","

No lateral movement detected

"+ch.risk_score+"

"+(ch.user||ch.source_ip)+" → "+ch.host_count+" hosts

"+hosts+"

"+ch.description+"

No exfiltration indicators

");return;}var h="";inds.forEach(function(ind){var rc=ind.risk_score>=70?"var(--crit)":ind.risk_score>=40?"var(--high)":"var(--med)";h+="

"+ind.risk_score+"

"+ind.type.replace(/_/g," ")+"

"+ind.description+"

"+ind.mitre_id+"

AI investigating sessions for "+_esc(username)+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

";if(a.summary)h+="

"+_esc(a.summary)+"

";if(a.attack_narrative)h+="

ATTACK NARRATIVE

"+_esc(a.attack_narrative)+"

";if(a.session_highlights&&a.session_highlights.length){h+="

SESSION HIGHLIGHTS

";a.session_highlights.forEach(function(s){h+="

"+s+"

";});h+="

";}if(a.recommended_actions&&a.recommended_actions.length){h+="

RECOMMENDED ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";}h+="

Sessions: "+d.sessions_analyzed+" | Events: "+d.total_events+(d.lateral_movement?" | ⚠ LATERAL MOVEMENT DETECTED":"")+"

";panel.innerHTML=h;}).catch(function(e){if(panel)panel.innerHTML="

Error: "+e.message+"

"+e.message+"

");});} function _entStat(l,v,c){return "

"+v+"

"+l+"

No entities

Click Resolve Entities to scan

"+e.display_name[0].toUpperCase()+"

"+e.display_name+(e.is_admin?" ADMIN":"")+"

"+hosts+" · "+e.total_events+" events"+(ips?" · "+ips:"")+"

"+tags+"

"+e.risk_score+"

"+e.risk_level+"

"+e.display_name+"

"; h+="

"; (e.tags||[]).forEach(function(t){h+=""+t+"";}); h+="

"; h+="

HOSTS

"+(e.hostnames||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

IPs

"+(e.ip_addresses||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

SOURCES

"+(e.source_systems||[]).map(function(x){return "

"+x+"

";}).join("")+"

"; h+="

STATS

Events: "+e.total_events+"

Risk: =50?"var(--crit)":"var(--low)")+"\">"+e.risk_score+"

First: "+(e.first_seen||"?").slice(0,10)+"

"; h+="

No activity in 24h

"+d.total_events+" events across "+Object.keys(d.summary.by_source||{}).length+" sources

";var lastDate=""; tl.slice(0,80).forEach(function(t){var dateStr=(t.time||"").slice(0,10);if(dateStr!==lastDate){h+="

"+dateStr+"

";lastDate=dateStr;} var sc=srcColors[t.source]||"var(--text3)";var sevC={critical:"var(--crit)",high:"var(--high)",medium:"var(--med)",low:"var(--low)"}[t.severity]||"var(--text3)"; h+="

"; h+=""+(t.time||"").slice(11,19)+""; h+=""+t.icon+""; h+="

"+(t.description||t.type)+"

"; if(t.hostname||t.mitre_id)h+="

"+(t.hostname?t.hostname+" ":"")+(t.mitre_id?"["+t.mitre_id+"] ":"")+(t.source_ip?t.source_ip:"")+"

"; h+="

"; if(t.is_suspicious)h+=""; h+="

AI investigating "+name+"...

"+vc.l+"

"+(a.risk_score||0)+"/100

"; if(a.summary)h+="

"+_esc(a.summary)+"

"; if(a.activity_narrative)h+="

ACTIVITY NARRATIVE

"+a.activity_narrative+"

"; if(a.risk_indicators&&a.risk_indicators.length){h+="

RISK INDICATORS

";a.risk_indicators.forEach(function(r){h+="

"+r+"

";});h+="

";} if(a.notable_findings&&a.notable_findings.length){h+="

NOTABLE FINDINGS

";a.notable_findings.forEach(function(f){h+="

"+f+"

";});h+="

";} if(a.recommended_actions&&a.recommended_actions.length){h+="

ACTIONS

";a.recommended_actions.forEach(function(r){h+="

→ "+_esc(r)+"

";});h+="

";} det.innerHTML=h;}).catch(function(e){if(det)det.innerHTML="

Error: "+e.message+"

";});}

Incidents

Endpoints

Agent Detail

Threat Hunting

Detection Rules

Entities

UEBA

Vulnerability Detection

CIS Compliance

AI Security Analyst

Dark Web Monitor

Threat Intelligence

Active Response

SOAR — Automated Response

Firewall Management

Agents

Users

Wazuh Integration

Settings