Create Your First Result Filter
#Overview Now that you have created your first security task and sync task, let's go ahead and walk through how you can create a few custom Result filters.
Saved filtered allow saving a set of criteria used to filter results so it can easily be accessed and shared. Additionally, saved filters can have a list of subscribers, who can receive email updates when new matching results are identified.
Saved Filters are created from the results list page. To create a saved filter perform a search as normal. Let's go ahead and add some filters to make our saved filter more interesting.
You'll remember earlier creating a curl analyzer security task. Let's see if we can narrow in on any result that was flagged by that analyzer.
Navigate to the Results page. Let's first search for the url we used for our curl analyzer task (exp. scottbehrens or whatever url you used). URL and Title filters are like based searches so you don't need to specify the whole domain.
Next, after you confirm the Filter looks good, click the Save button in the lower right. Next you can customize the filter with some additional options. For this example, I'll just discuss a few of the options you can set here that are most common:
Self explanatory!
If you have configured email notifications, you can select which user's you would like to receive email notifications when new Results are identified that match this filter.
This will allow your Filter to be used by other Scumblr users.
We can customize the Result view by including Result data we care about. If we toggle the Save Columns? boolean, any time this Result filter is loaded the Result view columns will change.
Although this is covered in great detail in the Metadata portion of the wiki, we'll discuss a few ways we can leverage result metadata to make our Saved Filter more useful.
Metadata is a jsonb compatible hash that we can store arbitrary data within to enrich result details, create vulnerabilities, etc. For this example, we'll take a quick look at one of our Result's metadata hash and use that to customize our Saved Filter.
First navigate to the original Result we identified in the Search. Click on the Result. Append the following (get_metadata.json) to the Result URL:
https://www.your_scumblr.com/results/<result_id>/get_metadata.json
When you view that page you should see something similar which contains all of the Result metadata:
{
vulnerabilities: [{
id: "93b3a646767263013680688d81e8844f",
url: "http://www.scottbehrens.com",
term: "Apache",
type: ""
Apache " - Headers Match",
after: {
7: "Last-Modified: Tue, 02 Sep 2014 15:57:58 GMT",
8: "ETag: "3411-502172ef0e7b9"",
9: "Accept-Ranges: bytes"
},
before: {
3: "Connection: keep-alive",
4: "Keep-Alive: timeout=15",
5: "Date: Mon, 03 Oct 2016 20:51:06 GMT"
},
source: [
"curl"
],
status: "Open",
payload: "",
task_id: "70",
severity: "observation",
identified: "2016-10-03T20:51:07.618+00:00",
key_suffix: "test",
line_number: 6,
status_code: "200",
code_fragment: "Server: Apache",
attack_vectors: [],
match_location: "headers"
}],
vulnerability_count: {
low: 0,
high: 0,
open: 1,
closed: 0,
medium: 0,
source: {
curl: 1
},
task_id: {
70: 1
},
critical: 0,
key_suffix: {
test: 1
},
observation: 1,
informational: 0
}
}We can build search filters based on any of this data. As you can imagine this becomes very powerful when we start running many different task types as well as the same task types with different settings.
For our example, let's consider showing the count of observational vulnerabilities and open vulnerabilities.
First enable the Save columns? toggle.
You can then add the following to the Index Columns section under Metadata
vulnerability_count:open vulnerability_count:observation
Next click Update Saved Filter.
Now you can select your Saved Filter from the Result Filter dropdown. Once selected, you should see the expected results with a newly customized view to give you more context.
To modify an existing filter, click "Manage" in the Saved Filters menu. Saved Filters can be modified by clicking the "Edit" button or deleted by clicking "Delete".
Public filters created by other users can be added to your Saved Filters menu. To do this, first click "Manage" under the "Saved Filters" menu at the top of the page. From here, at the bottom of this page will be a list of public filters, if any exist. Clicking "Add" next to any of any of these filters will add it to your list (under Saved Filters, Public Filters).