Welcome to the EdgeRun.Ai Dream Team! 🎉
Congratulations on joining our security operations platform
Platform Overview
Platform Introduction Video
Video will be embedded herePlatform Capabilities
SOC Hunter
Investigate security incidents, collect indicators of compromise (IOCs), and perform deep-dive analysis on suspicious activities.
Access SOC Hunter →SOC Manager
Manage investigations, assign tasks, review reports, and oversee your security operations team's activities.
Access SOC Manager →Browser Extension
Collect data directly from web pages, capture screenshots, extract selectors, and send findings to your investigations.
Download Extension →API Integration
Integrate EdgeRun.Ai with your existing security tools and workflows using our comprehensive REST API.
View API Docs →Quick Start Guide
Install the Chrome Extension
Download the extension ZIP file from the sidebar, extract it, and load it into Chrome as an unpacked extension. Don't forget to configure the API endpoint!
https://test004.api.edgerun.org/docs
Log in to SOC Hunter
Access the SOC Hunter portal to start investigating security incidents. Use your credentials to log in and begin creating investigations.
Collect Data with the Extension
Navigate to any webpage, click the extension icon, and start collecting IOCs, screenshots, and other security-relevant data.
Review in SOC Manager
Use the SOC Manager dashboard to review investigations, assign tasks to team members, and track your security operations.
Chrome Extension Features
The EdgeRun.Ai Chrome extension is your primary tool for collecting security data directly from web pages. Here's what you can do:
🔍 Automatic IOC Detection
The extension automatically scans web pages for Indicators of Compromise (IOCs):
- IP Addresses: IPv4 and IPv6 addresses
- Domains: Domain names and subdomains
- URLs: Full URLs and suspicious links
- File Hashes: MD5, SHA1, SHA256 hashes
- Email Addresses: Email patterns
📸 Screenshot Capture
Capture visual evidence of suspicious pages or important findings:
- Full page screenshots
- Visible viewport screenshots
- Automatic attachment to investigations
- Timestamped captures
🎯 Selector Search
Extract structured data from web pages using CSS selectors:
- Find and extract data from HTML tables
- Search for specific patterns across multiple pages
- Automated data collection
- Export results to investigations
🔗 Quick Bookmark
Quickly save suspicious URLs to investigations:
- One-click bookmarking
- Automatic IOC extraction
- Context preservation
- Dwell time tracking
📊 Behavioral Analytics
The extension tracks your investigation behavior:
- Time spent on pages (dwell time)
- Scroll interactions
- Click patterns
- Focus time analysis
- Engagement scoring
⚙️ Configuration
Customize the extension to your needs:
- Set API endpoint URL
- Configure default investigation
- Enable/disable features
- Import/export settings
Common Workflows
Step-by-step guides for common security investigation tasks:
📋 Creating a New Investigation
- Log in to SOC Hunter
- Click the "New Investigation" button
- Fill in the investigation details:
- Title: Descriptive name for the investigation
- Description: Brief overview of the incident
- Priority: Set the investigation priority level
- Click "Create Investigation"
- You'll be redirected to the investigation detail page
🌐 Collecting Data from a Web Page
- Navigate to the suspicious webpage in Chrome
- Click the EdgeRun.Ai extension icon in your toolbar
- Select the investigation you want to add data to
- The extension will automatically:
- Detect all IOCs on the page
- Capture a screenshot
- Record the URL
- Track your interaction time
- Review the detected IOCs and click "Send to Investigation"
- View the collected data in SOC Hunter
🔎 Performing a Selector Search
- In SOC Hunter, open an investigation
- Navigate to the "Selector Search" section
- Enter the target URL(s) to search
- Define your CSS selector (e.g.,
table tr tdfor table data) - Specify what to search for (e.g., email addresses, IPs, specific text)
- Click "Start Search"
- The worker will process the search and notify you when complete
- Review results in the investigation timeline
👔 Reviewing Team Performance (Managers)
- Log in to SOC Manager (requires manager role)
- View the dashboard for team-wide metrics:
- Active contributors
- Investigation counts
- Session statistics
- Behavioral alerts
- Filter by date range (day, week, month, quarter)
- Click on individual contributors to see detailed profiles
- Review engagement scores and session quality metrics
- Use insights to identify training needs or workload imbalances
🔗 Using the API
- Access the API Documentation
- Authenticate using your credentials:
POST /api/v1/frontend/auth/login { "email": "your@email.com", "password": "your_password" } - Use the returned JWT token in subsequent requests:
Authorization: Bearer YOUR_JWT_TOKEN - Explore available endpoints for:
- Creating investigations
- Adding IOCs
- Querying threat intelligence
- Managing users
- Test endpoints directly in the Swagger UI
Troubleshooting
Common issues and their solutions:
🔴 Extension Not Connecting to API
Problem: The extension shows connection errors or can't send data.
Solutions:
- Verify the API endpoint is correctly configured in extension settings
- Check that the API URL is accessible from your browser (try opening it directly)
- Ensure you're logged in to the extension (check authentication status)
- Verify CORS settings on the backend allow your domain
- Check browser console for detailed error messages (F12 → Console)
🔴 Can't Log In to SOC Hunter/Manager
Problem: Login fails or you see authentication errors.
Solutions:
- Verify your credentials with your administrator
- Check that your account is active and not locked
- Clear browser cookies and cache, then try again
- Try using an incognito/private window
- Verify the frontend URL matches your deployment
- Check browser console for API error messages
🔴 Extension Not Detecting IOCs
Problem: The extension doesn't find IOCs on pages that clearly contain them.
Solutions:
- Refresh the page after installing/updating the extension
- Check that the extension is enabled in Chrome (chrome://extensions/)
- Verify the page has finished loading before clicking the extension
- Some dynamic content may require page interaction first
- Check extension permissions in Chrome settings
🔴 Selector Search Not Working
Problem: Selector searches fail or return no results.
Solutions:
- Verify your CSS selector syntax is correct (test in browser DevTools first)
- Check that the target URL is accessible
- Ensure the worker service is running
- Review the investigation timeline for error messages
- Some sites may block automated access - check robots.txt
- Verify API keys are configured if using external services
🔴 Screenshots Not Appearing
Problem: Screenshots are captured but don't show in investigations.
Solutions:
- Check that the investigation was created successfully
- Refresh the investigation page
- Verify file size limits aren't exceeded
- Check browser console for upload errors
- Ensure backend storage is properly configured
🔴 Manager Portal Shows "Access Denied"
Problem: You can't access SOC Manager even with valid credentials.
Solutions:
- Verify your user account has the
manager,admin, orownerrole - Contact your administrator to update your role
- Ensure you're logging in to the correct URL (port 3100 for SOC Manager)
- Check that role-based access control is properly configured
Frequently Asked Questions
What browsers are supported?
The Chrome extension works with Chrome 88+ and Chromium-based browsers (Edge, Brave, etc.). The web portals (SOC Hunter and SOC Manager) support all modern browsers including Chrome, Firefox, Safari, and Edge.
Do I need to install anything on my server?
No! EdgeRun.Ai is a cloud-based platform. You only need to install the Chrome extension in your browser. All data is stored securely in the cloud.
What data does the extension collect?
The extension only collects data you explicitly send to investigations. It detects IOCs on pages you visit, but only sends data when you click "Send to Investigation". Behavioral analytics (dwell time, scrolls, clicks) are tracked to help managers understand investigation quality, but no personal browsing data is collected.
Can I use the extension on multiple investigations?
Yes! You can select which investigation to send data to each time you use the extension. You can also set a default investigation in the extension settings.
How do I share investigations with my team?
Investigations are automatically visible to all users in your organization. Team members with appropriate permissions can view, edit, and contribute to investigations.
What threat intelligence feeds are integrated?
EdgeRun.Ai integrates with multiple threat intelligence sources including AbuseIPDB, OTX (AlienVault), and more. API keys can be configured by managers in the SOC Manager portal.
Is my data secure?
Yes! EdgeRun.Ai uses industry-standard security practices including:
- JWT-based authentication
- HTTPS encryption for all communications
- Role-based access control
- Secure API endpoints
- Regular security audits
Can I export investigation data?
Yes, investigation data can be exported through the API. Contact your administrator for API access or check the API documentation for export endpoints.
What's the difference between SOC Hunter and SOC Manager?
SOC Hunter is for security analysts and investigators who perform day-to-day security investigations. SOC Manager is for managers who need to monitor team performance, view analytics, and manage API keys. Both portals access the same data but provide different views optimized for each role.
How do I get help if I'm stuck?
If you encounter issues:
- Check the Troubleshooting section above
- Review the API Documentation for technical details
- Contact your EdgeRun.Ai administrator
- Check browser console (F12) for error messages
Need Help?
If you have any questions or need assistance getting started, please reach out to your EdgeRun.Ai administrator or consult the API documentation for technical details.