Threat Intelligence dashboard

The dashboard at platform.ellio.tech/dashboard/cti is the interactive front end for the ELLIO Deception Network. This page is a guided tour of every screen so you know which one to reach for.

Search

The home of the CTI section. A single query field accepts either:

• A bare IPv4 address (66.240.219.146) - jumps straight to the IP detail page.
• A query expression in ELLIO's Lucene-like syntax - returns a paginated list of matching IPs.

Below the field you'll find:

• Example searches - curated starter queries (Mass Scanners from China/Russia, GPON exploits, recent malicious activity, Shodan/Academy for Internet Research observations).
• Search Fields Reference - a tabbed catalogue of all 29 searchable fields grouped into Core, HTTP, SSH, Fingerprints, Intelligence, Network, and Geolocation. Each field shows example values; clicking one inserts it into the query field.
• Query Operators & Tips - quick reference for : (equals), !: (not), AND, OR, * (wildcard), ? (single character).

For the full reference, see Search syntax.

Search results

A query produces a paginated list of IP cards. Each card shows the IP, status chips (Seen, Spoofable / Non-spoofable), country, ASN, the most prominent tags, the top CVEs, MITRE techniques, port summary, and fingerprint badges (MuonFP / JA3 / JA4 / JA4+).

The left rail summarises the entire result set - counts and percentages per classification, spoofable status, country, tag, ASN, MITRE technique/tactic, fingerprint. Click any aggregate to refine the query.

You can Export and Refine the result set from the top of the summary panel.

IP detail page

Clicking an IP card opens the IP detail page with two tabs:

• Overview - full enrichment for the IP: classification, location, ASN, MITRE mapping, CVE list, RDNS, tags, attributed actors, complete port activity (split into spoofable and non-spoofable, organised by Web / Mail / Database / File / Remote / Other), HTTP activity (paths grouped by purpose, plus User Agents), TCP and TLS fingerprint analysis, and the geographic distribution of destinations the IP was observed targeting.
• Timelines (preview) - six visual timelines: Unified, Ports, Fingerprints, Geography, HTTP Paths, User Agents. Each shows observation frequency over time.

Search History

platform.ellio.tech/dashboard/cti/history keeps every query you've issued, with a trend sparkline of result counts per search. You can star queries to save them as favourites.

Tags

platform.ellio.tech/dashboard/cti/tags is the canonical catalogue of every intelligence tag ELLIO publishes, with classification (Malicious / Promiscuous / Benign / Unknown), description, MITRE mapping, and a "Search IPs" shortcut to pivot into the results for that tag.

Filter by classification or MITRE tactic. Use the search field to find a tag by name, description, CVE reference, or technique.

The full reference page is Tags.

Exports

platform.ellio.tech/dashboard/cti/exports holds every timeline visualisation you've exported from an IP detail page. Exports stay available for download until you delete them.

My Fingerprints

A separate product at fingerprints.ellio.tech that lets you submit your own fingerprint observations and look them up against the ELLIO catalogue. Reachable from the sidebar.

What's next

• Search syntax reference - every field, operator, and pattern, with examples.
• IP detail page - full reference of the per-IP screen.
• Tags - the catalogue with usage guidance.
• CTI API - drive everything programmatically.