Storm Libraries

Storm Libraries represent powerful tools available inside of the Storm query language.

$lib

The Base Storm Library. This mainly contains utility functionality.

$lib.cast(name, valu)

Normalize a value as a Synapse Data Model Type.

Args:

name (str): The name of the model type to normalize the value as.

valu (any): The value to normalize.

Returns:
The normalized value. The return type is prim.

$lib.debug

True if the current runtime has debugging enabled.

Note:
The debug state is inherited by sub-runtimes at instantiation time. Any changes to a runtime’s debug state do not percolate automatically.
Examples:

Check if the runtime is in debug and print a message:

if $lib.debug {
    $lib.print('Doing stuff!")
}

Update the current runtime to enable debugging:

$lib.debug = $lib.true
Returns:
The type is boolean.

$lib.dict(**kwargs)

Get a Storm Dict object.

Args:
**kwargs (any): Initial set of keyword argumetns to place into the dict.
Returns:
A dictionary object. The return type is dict.

$lib.exit(mesg=None, **kwargs)

Cause a Storm Runtime to stop running.

Args:

mesg (str): Optional string to warn.

**kwargs (any): Keyword arguments to substitute into the mesg.

Returns:
The return type is null.

$lib.false

This constant represents a value of False that can be used in Storm.

Examples:

Conditionally print a statement based on the constant value:

cli> storm if $lib.false { $lib.print('Is True') } else { $lib.print('Is False') }
Is False
Returns:
The type is boolean.

$lib.fire(name, **info)

Fire an event onto the runtime.

Notes:
This fires events as storm:fire event types. The name of the event is placed into a type key, and any additional keyword arguments are added to a dictionary under the data key.
Examples:

Fire an event called demo with some data:

cli> storm $foo='bar' $lib.fire('demo', foo=$foo, knight='ni')
...
('storm:fire', {'type': 'demo', 'data': {'foo': 'bar', 'knight': 'ni'}})
...
Args:

name (str): The name of the event to fire.

**info (any): Additional keyword arguments containing data to add to the event.

Returns:
The return type is null.

$lib.guid(*args)

Get a random guid, or generate a guid from the arguments.

Args:
*args (prim): Arguments which are hashed to create a guid.
Returns:
A guid. The return type is str.

$lib.import(name, debug=False)

Import a Storm Package.

Args:

name (str): Name of the package to import.

debug (boolean): Enable debugging in the module.

Returns:
A storm:lib instance representing the imported package. The return type is storm:lib.

$lib.len(item)

Get the length of a item.

This could represent the size of a string, or the number of keys in a dictionary, or the number of elements in an array.

Args:
item (prim): The item to get the length of.
Returns:
The length of the item. The return type is int.

$lib.list(*vals)

Get a Storm List object.

Args:
*vals (any): Initial values to place in the list.
Returns:
A new list object. The return type is list.

$lib.max(*args)

Get the maximum value in a list of arguments.

Args:
*args (any): List of arguments to evaluate.
Returns:
The largest argument. The return type is int.

$lib.min(*args)

Get the minimum value in a list of arguments.

Args:
*args (any): List of arguments to evaluate.
Returns:
The smallest argument. The return type is int.

$lib.null

This constant represents a value of None that can be used in Storm.

Examples:

Create a dictionary object with a key whose value is null, and call $lib.fire() with it:

cli> storm $d=$lib.dict(key=$lib.null) $lib.fire('demo', d=$d)
('storm:fire', {'type': 'demo', 'data': {'d': {'key': None}}})
Returns:
The type is null.

$lib.pprint(item, prefix=, clamp=None)

The pprint API should not be considered a stable interface.

Args:

item (any): Item to pprint

prefix (str): Line prefix.

clamp (int): Line clamping length.

Returns:
The return type is null.

$lib.print(mesg, **kwargs)

Print a message to the runtime.

Examples:

Print a simple string:

cli> storm $lib.print("Hello world!")
Hello world!

Format and print string based on variables:

cli> storm $d=$lib.dict(key1=(1), key2="two")
     for ($key, $value) in $d { $lib.print('{k} => {v}', k=$key, v=$value) }
key1 => 1
key2 => two

Use values off of a node to format and print string:

cli> storm inet:ipv4:asn
     $lib.print("node: {ndef}, asn: {asn}", ndef=$node.ndef(), asn=:asn) | spin
node: ('inet:ipv4', 16909060), asn: 1138
Notes:
Arbitrary objects can be printed as well. They will have their Python __repr()__ printed.
Args:

mesg (str): String to print.

**kwargs (any): Keyword argumetns to substitue into the mesg.

Returns:
The return type is null.

$lib.range(stop, start=None, step=None)

Generate a range of integers.

Examples:

Generate a sequence of integers based on the size of an array:

cli> storm $a=(foo,bar,(2)) for $i in $lib.range($lib.len($a)) {$lib.fire('test', indx=$i, valu=$a.$i)}
Executing query at 2021/03/22 19:25:48.835
('storm:fire', {'type': 'test', 'data': {'index': 0, 'valu': 'foo'}})
('storm:fire', {'type': 'test', 'data': {'index': 1, 'valu': 'bar'}})
('storm:fire', {'type': 'test', 'data': {'index': 2, 'valu': 2}})
Notes:
The range behavior is the same as the Python3 range() builtin Sequence type.
Args:

stop (integer): The value to stop at.

start (integer): The value to start at.

step (integer): The range step size.

Yields:
The sequence of integers. The return type is intger.

$lib.set(*vals)

Get a Storm Set object.

Args:
*vals (any): Initial values to place in the set.
Returns:
The new set. The return type is set.

$lib.sorted(valu, reverse=False)

Yield sorted values.

Args:

valu (any): An iterable object to sort.

reverse (boolean): Reverse the sort order.

Yields:
Yields the sorted output. The return type is any.

$lib.text(*args)

Get a Storm Text object.

Args:
*args (str): An initial set of values to place in the Text. These values are joined together with an empty string.
Returns:
The new Text object. The return type is storm:text.

$lib.true

This constant represents a value of True that can be used in Storm.

Examples:

Conditionally print a statement based on the constant value:

cli> storm if $lib.true { $lib.print('Is True') } else { $lib.print('Is False') }
Is True
Returns:
The type is boolean.

$lib.trycast(name, valu)

Attempt to normalize a value and return status and the normalized value.

Examples:

Do something if the value is a valid IPV4:

($ok, $ipv4) = $lib.trycast(inet:ipv4, 1.2.3.4)
if $ok { $dostuff($ipv4) }
Args:

name (str): The name of the model type to normalize the value as.

valu (any): The value to normalize.

Returns:
A list of (<bool>, <prim>) for status and normalized value. The return type is list.

$lib.undef

This constant can be used to unset variables and derefs.

Examples:

Unset the variable $foo:

$foo = $lib.undef

Remove a dictionary key bar:

$foo.bar = $lib.undef

Remove a list index of 0:

$foo.0 = $lib.undef
Returns:
The type is undef.

$lib.warn(mesg, **kwargs)

Print a warning message to the runtime.

Notes:
Arbitrary objects can be warned as well. They will have their Python __repr()__ printed.
Args:

mesg (str): String to warn.

**kwargs (any): Keyword arguments to substitute into the mesg.

Returns:
The return type is null.

$lib.auth

A Storm Library for interacting with Auth in the Cortex.

$lib.auth.ruleFromText(text)

Get a rule tuple from a text string.

Args:
text (str): The string to process.
Returns:
A tuple containing a bool and a list of permission parts. The return type is list.

$lib.auth.gates

A Storm Library for interacting with Auth Gates in the Cortex.

$lib.auth.gates.get(iden)

Get a specific Gate by iden.

Args:
iden (str): The iden of the gate to retrieve.
Returns:
The storm:auth:gate if it exists, otherwise null. The return type may be one of the following: null, storm:auth:gate.

$lib.auth.gates.list()

Get a list of Gates in the Cortex.

Returns:
A list of storm:auth:gate objects. The return type is list.

$lib.auth.roles

A Storm Library for interacting with Auth Roles in the Cortex.

$lib.auth.roles.add(name)

Add a Role to the Cortex.

Args:
name (str): The name of the role.
Returns:
The new role object. The return type is storm:auth:role.

$lib.auth.roles.byname(name)

Get a specific Role by name.

Args:
name (str): The name of the role to retrieve.
Returns:
The role by name, or null if it does not exist. The return type may be one of the following: null, storm:auth:role.

$lib.auth.roles.del(iden)

Delete a Role from the Cortex.

Args:
iden (str): The iden of the role to delete.
Returns:
The return type is null.

$lib.auth.roles.get(iden)

Get a specific Role by iden.

Args:
iden (str): The iden of the role to retrieve.
Returns:
The storm:auth:role object; or null if the role does not exist. The return type may be one of the following: null, storm:auth:role.

$lib.auth.roles.list()

Get a list of Roles in the Cortex.

Returns:
A list of storm:auth:role objects. The return type is list.

$lib.auth.users

A Storm Library for interacting with Auth Users in the Cortex.

$lib.auth.users.add(name, passwd=None, email=None, iden=None)

Add a User to the Cortex.

Args:

name (str): The name of the user.

passwd (str): The users password.

email (str): The users email address.

iden (str): The iden to use to create the user.

Returns:
The storm:auth:user object for the new user. The return type is storm:auth:user.

$lib.auth.users.byname(name)

Get a specific user by name.

Args:
name (str): The name of the user to retrieve.
Returns:
The storm:auth:user object, or none if the user does not exist. The return type may be one of the following: null, storm:auth:user.

$lib.auth.users.del(iden)

Delete a User from the Cortex.

Args:
iden (str): The iden of the user to delete.
Returns:
The return type is null.

$lib.auth.users.get(iden)

Get a specific User by iden.

Args:
iden (str): The iden of the user to retrieve.
Returns:
The storm:auth:user object, or none if the user does not exist. The return type may be one of the following: null, storm:auth:user.

$lib.auth.users.list()

Get a list of Users in the Cortex.

Returns:
A list of storm:auth:user objects. The return type is list.

$lib.axon

A Storm library for interacting with the Cortex’s Axon.

$lib.axon.del(sha256)

Remove the bytes from the Cortex’s Axon by sha256.

Example:

Delete files from the axon based on a tag:

file:bytes#foo +:sha256 $lib.axon.del(:sha256)
Args:
sha256 (hash:sha256): The sha256 of the bytes to remove from the Axon.
Returns:
True if the bytes were found and removed. The return type is bool.

$lib.axon.dels(sha256s)

Remove multiple byte blobs from the Cortex’s Axon by a list of sha256 hashes.

Example:

Delete a list of files (by hash) from the Axon:

$list = ($hash0, $hash1, $hash2)
$lib.axon.dels($list)
Args:
sha256s (list): A list of sha256 hashes to remove from the Axon.
Returns:
A list of boolean values that are True if the bytes were found. The return type is list.

$lib.axon.list(offs=0)

List (offset, sha256, size) tuples for files in the Axon in added order.

Example:

List files:

for ($offs, $sha256, $size) in $lib.axon.list() {
    $lib.print($sha256)
}

Start list from offset 10:

for ($offs, $sha256, $size) in $lib.axon.list(10) {
    $lib.print($sha256)
}
Args:
offs (int): The offset to start from.
yields:
Tuple of (offset, sha256, size) in added order. The return type is list.

$lib.axon.urlfile(*args, **kwargs)

Retrive the target URL using the wget() function and construct an inet:urlfile node from the response.

Notes:
This accepts the same arguments as $lib.axon.wget().
Args:

*args (any): Args from $lib.axon.wget().

**kwargs (any): Args from $lib.axon.wget().

Returns:
The inet:urlfile node on success, null on error. The return type may be one of the following: storm:node, ``null ``.

$lib.axon.wget(url, headers=None, params=None, method=GET, json=None, body=None, ssl=True, timeout=None)

A method to download an HTTP(S) resource into the Cortex’s Axon.

Notes:
The response body will be stored regardless of the status code. See the Axon.wget() API documentation to see the complete structure of the response dictionary.
Example:

Get the Vertex Project website:

$headers = $lib.dict()
$headers."User-Agent" = Foo/Bar

$resp = $lib.axon.wget("http://vertex.link", method=GET, headers=$headers)
if $resp.ok { $lib.print("Downloaded: {size} bytes", size=$resp.size) }
Args:

url (str): The URL to download

headers (dict): An optional dictionary of HTTP headers to send.

params (dict): An optional dictionary of URL parameters to add.

method (str): The HTTP method to use.

json (dict): A JSON object to send as the body.

body (bytes): Bytes to send as the body.

ssl (boolean): Set to False to disable SSL/TLS certificate verification.

timeout (int): Timeout for the download operation.

Returns:
A status dictionary of metadata. The return type is dict.

$lib.backup

A Storm Library for interacting with the backup APIs in the Cortex.

$lib.backup.del(name)

Remove a backup by name.

Args:
name (str): The name of the backup to remove.
Returns:
The return type is null.

$lib.backup.list()

Get a list of backup names.

Returns:
A list of backup names. The return type is list.

$lib.backup.run(name=None, wait=True)

Run a Cortex backup.

Args:

name (str): The name of the backup to generate.

wait (boolean): If true, wait for the backup to complete before returning.

Returns:
The name of the newly created backup. The return type is str.

$lib.base64

A Storm Library for encoding and decoding base64 data.

$lib.base64.decode(valu, urlsafe=True)

Decode a base64 string into a bytes object.

Args:

valu (str): The string to decode.

urlsafe (boolean): Perform the decoding in a urlsafe manner if true.

Returns:
A bytes object for the decoded data. The return type is bytes.

$lib.base64.encode(valu, urlsafe=True)

Encode a bytes object to a base64 encoded string.

Args:

valu (bytes): The object to encode.

urlsafe (boolean): Perform the encoding in a urlsafe manner if true.

Returns:
A base64 encoded string. The return type is str.

$lib.bytes

A Storm Library for interacting with bytes storage.

$lib.bytes.has(sha256)

Check if the Axon the Cortex is configured to use has a given sha256 value.

Examples:

Check if the Axon has a given file:

# This example assumes the Axon does have the bytes
cli> storm if $lib.bytes.has(9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08) {
        $lib.print("Has bytes")
    } else {
        $lib.print("Does not have bytes")
    }

Has bytes
Args:
sha256 (str): The sha256 value to check.
Returns:
True if the Axon has the file, false if it does not. The return type is boolean.

$lib.bytes.put(byts)

Save the given bytes variable to the Axon the Cortex is configured to use.

Examples:

Save a base64 encoded buffer to the Axon:

cli> storm $s='dGVzdA==' $buf=$lib.base64.decode($s) ($size, $sha256)=$lib.bytes.put($buf)
     $lib.print('size={size} sha256={sha256}', size=$size, sha256=$sha256)

size=4 sha256=9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
Args:
byts (bytes): The bytes to save.
Returns:
A tuple of the file size and sha256 value. The return type is list.

$lib.bytes.size(sha256)

Return the size of the bytes stored in the Axon for the given sha256.

Examples:

Get the size for a give variable named $sha256:

$size = $lib.bytes.size($sha256)
Args:
sha256 (str): The sha256 value to check.
Returns:
The size of the file or null if the file is not found. The return type may be one of the following: int, null.

$lib.bytes.upload(genr)

Upload a stream of bytes to the Axon as a file.

Examples:

Upload bytes from a generator:

($size, $sha256) = $lib.bytes.upload($getBytesChunks())
Args:
genr (generator): A generator which yields bytes.
Returns:
A tuple of the file size and sha256 value. The return type is list.

$lib.cell

A Storm Library for interacting with Json data.

$lib.cell.getBackupInfo()

Get information about recent backup activity.

Returns:
A dictionary containing backup information. The return type is dict.

$lib.cell.getCellInfo()

Return metadata specific for the Cortex.

Returns:
A dictionary containing metadata. The return type is dict.

$lib.cell.getHealthCheck()

Get healthcheck information about the Cortex.

Returns:
A dictionary containing healthcheck information. The return type is dict.

$lib.cell.getSystemInfo()

Get info about the system in which the Cortex is running.

Returns:
A dictionary containing system information. The return type is dict.

$lib.cron

A Storm Library for interacting with Cron Jobs in the Cortex.

$lib.cron.add(**kwargs)

Add a recurring Cron Job to the Cortex.

Args:
**kwargs (any): Key-value parameters used to add the cron job.
Returns:
The new Cron Job. The return type is storm:cronjob.

$lib.cron.at(**kwargs)

Add a non-recurring Cron Job to the Cortex.

Args:
**kwargs (any): Key-value parameters used to add the cron job.
Returns:
The new Cron Job. The return type is storm:cronjob.

$lib.cron.del(prefix)

Delete a CronJob from the Cortex.

Args:
prefix (str): A prefix to match in order to identify a cron job to delete. Only a single matching prefix will be deleted.
Returns:
The return type is null.

$lib.cron.disable(prefix)

Disable a CronJob in the Cortex.

Args:
prefix (str): A prefix to match in order to identify a cron job to disable. Only a single matching prefix will be disabled.
Returns:
The iden of the CronJob which was disabled. The return type is str.

$lib.cron.enable(prefix)

Enable a CronJob in the Cortex.

Args:
prefix (str): A prefix to match in order to identify a cron job to enable. Only a single matching prefix will be enabled.
Returns:
The iden of the CronJob which was enabled. The return type is str.

$lib.cron.get(prefix)

Get a CronJob in the Cortex.

Args:
prefix (str): A prefix to match in order to identify a cron job to get. Only a single matching prefix will be retrieved.
Returns:
The requested cron job. The return type is storm:cronjob.

$lib.cron.list()

List CronJobs in the Cortex.

Returns:
A list of storm:cronjob objects.. The return type is list.

$lib.cron.mod(prefix, query)

Modify the Storm query for a CronJob in the Cortex.

Args:

prefix (str): A prefix to match in order to identify a cron job to modify. Only a single matching prefix will be modified.

query: The new Storm query for the Cron Job. The input type may one one of the following: str, storm:query.

Returns:
The iden of the CronJob which was modified. The return type is str.

$lib.cron.move(prefix, view)

Move a cron job to a new view.

Args:

prefix (str): A prefix to match in order to identify a cron job to move. Only a single matching prefix will be modified.

view (str): The iden of the view to move the CrobJob to

Returns:
The iden of the CronJob which was moved. The return type is str.

$lib.csv

A Storm Library for interacting with csvtool.

$lib.csv.emit(*args, table=None)

Emit a csv:row event to the Storm runtime for the given args.

Args:

*args (any): Items which are emitted as a csv:row event.

table (str): The name of the table to emit data too. Optional.

Returns:
The return type is null.

$lib.dmon

A Storm Library for interacting with StormDmons.

$lib.dmon.add(text, name=noname)

Add a Storm Dmon to the Cortex.

Examples:

Add a dmon that executes a query:

$lib.dmon.add(${ myquery }, name='example dmon')
Args:

text: The Storm query to execute in the Dmon loop. The input type may one one of the following: str, storm:query.

name (str): The name of the Dmon.

Returns:
The iden of the newly created Storm Dmon. The return type is str.

$lib.dmon.bump(iden)

Restart the Dmon.

Args:
iden (str): The GUID of the dmon to restart.
Returns:
True if the Dmon is restarted; False if the iden does not exist. The return type is boolean.

$lib.dmon.del(iden)

Delete a Storm Dmon by iden.

Args:
iden (str): The iden of the Storm Dmon to delete.
Returns:
The return type is null.

$lib.dmon.get(iden)

Get a Storm Dmon definition by iden.

Args:
iden (str): The iden of the Storm Dmon to get.
Returns:
A Storm Dmon definition dict. The return type is dict.

$lib.dmon.list()

Get a list of Storm Dmons.

Returns:
A list of Storm Dmon definitions. The return type is list.

$lib.dmon.log(iden)

Get the messages from a Storm Dmon.

Args:
iden (str): The iden of the Storm Dmon to get logs for.
Returns:
A list of messages from the StormDmon. The return type is list.

$lib.dmon.start(iden)

Start a storm dmon.

Args:
iden (str): The GUID of the dmon to start.
Returns:
Returns True. The return type is boolean.

$lib.dmon.stop(iden)

Stop a Storm Dmon.

Args:
iden (str): The GUID of the Dmon to stop.
Returns:
True if the Dmon is stopped; False if the iden does not exist. The return type is boolean.

$lib.feed

A Storm Library for interacting with Cortex feed functions.

$lib.feed.genr(name, data)

Yield nodes being added to the graph by adding data with a given ingest type.

Notes:
This is using the Runtimes’s Snap to call addFeedNodes(). This only yields nodes if the feed function yields nodes. If the generator is not entirely consumed there is no guarantee that all of the nodes which should be made by the feed function will be made.
Args:

name (str): Name of the ingest function to send data too.

data (prim): Data to send to the ingest function.

Yields:
Yields Nodes as they are created by the ingest function. The return type is storm:node.

$lib.feed.ingest(name, data)

Add nodes to the graph with a given ingest type.

Notes:
This is using the Runtimes’s Snap to call addFeedData(), after setting the snap.strict mode to False. This will cause node creation and property setting to produce warning messages, instead of causing the Storm Runtime to be torn down.
Args:

name (str): Name of the ingest function to send data too.

data (prim): Data to send to the ingest function.

Returns:
The return type is null.

$lib.feed.list()

Get a list of feed functions.

Returns:
A list of feed functions. The return type is list.

$lib.globals

A Storm Library for interacting with global variables which are persistent across the Cortex.

$lib.globals.get(name, default=None)

Get a Cortex global variables.

Args:

name (str): Name of the variable.

default (prim): Default value to return if the variable is not set.

Returns:
The variable value. The return type is prim.

$lib.globals.list()

Get a list of variable names and values.

Returns:
A list of tuples with variable names and values that the user can access. The return type is list.

$lib.globals.pop(name, default=None)

Delete a variable value from the Cortex.

Args:

name (str): Name of the variable.

default (prim): Default value to return if the variable is not set.

Returns:
The variable value. The return type is prim.

$lib.globals.set(name, valu)

Set a variable value in the Cortex.

Args:

name (str): The name of the variable to set.

valu (prim): The value to set.

Returns:
The variable value. The return type is prim.

$lib.inet.http

A Storm Library exposing an HTTP client API.

$lib.inet.http.connect(url, headers=None, ssl_verify=True, timeout=300)

Connect a web socket to tx/rx JSON messages.

Args:

url (str): The URL to retrieve.

headers (dict): HTTP headers to send with the request.

ssl_verify (boolean): Perform SSL/TLS verification.

timeout (int): Total timeout for the request in seconds.

Returns:
A websocket object. The return type is storm:http:socket.

$lib.inet.http.get(url, headers=None, ssl_verify=True, params=None, timeout=300, allow_redirects=True)

Get the contents of a given URL.

Args:

url (str): The URL to retrieve.

headers (dict): HTTP headers to send with the request.

ssl_verify (boolean): Perform SSL/TLS verification.

params (dict): Optional parameters which may be passed to the request.

timeout (int): Total timeout for the request in seconds.

allow_redirects (bool): If set to false, do not follow redirects.

Returns:
The response object. The return type is storm:http:resp.

$lib.inet.http.head(url, headers=None, ssl_verify=True, params=None, timeout=300, allow_redirects=False)

Get the HEAD response for a URL.

Args:

url (str): The URL to retrieve.

headers (dict): HTTP headers to send with the request.

ssl_verify (boolean): Perform SSL/TLS verification.

params (dict): Optional parameters which may be passed to the request.

timeout (int): Total timeout for the request in seconds.

allow_redirects (bool): If set to true, follow redirects.

Returns:
The response object. The return type is storm:http:resp.

$lib.inet.http.post(url, headers=None, json=None, body=None, ssl_verify=True, params=None, timeout=300, allow_redirects=True)

Post data to a given URL.

Args:

url (str): The URL to post to.

headers (dict): HTTP headers to send with the request.

json (prim): The data to post, as JSON object.

body (bytes): The data to post, as binary object.

ssl_verify (boolean): Perform SSL/TLS verification.

params (dict): Optional parameters which may be passed to the request.

timeout (int): Total timeout for the request in seconds.

allow_redirects (bool): If set to false, do not follow redirects.

Returns:
The response object. The return type is storm:http:resp.

$lib.inet.http.request(meth, url, headers=None, json=None, body=None, ssl_verify=True, params=None, timeout=300, allow_redirects=True)

Make an HTTP request using the given HTTP method to the url.

Args:

meth (str): The HTTP method. (ex. PUT)

url (str): The URL to send the request to.

headers (dict): HTTP headers to send with the request.

json (prim): The data to include in the body, as JSON object.

body (bytes): The data to include in the body, as binary object.

ssl_verify (boolean): Perform SSL/TLS verification.

params (dict): Optional parameters which may be passed to the request.

timeout (int): Total timeout for the request in seconds.

allow_redirects (bool): If set to false, do not follow redirects.

Returns:
The response object. The return type is storm:http:resp.

$lib.inet.whois

A Storm Library for providing a consistent way to generate guids for WHOIS / Registration Data in Storm.

$lib.inet.whois.guid(props, form)

Provides standard patterns for creating guids for certain inet:whois forms.

Raises:
StormRuntimeError: If form is not supported in this method.
Args:

props (dict): Dictionary of properties used to create the form.

form (str): The inet:whois form to create the guid for.

Returns:
A guid for creating a the node for. The return type is str.

$lib.infosec.cvss

A Storm library which implements CVSS score calculations.

$lib.infosec.cvss.calculate(node, save=True, vers=3.1)

Calculate the CVSS score values for an input risk:vuln node.

Args:

node (storm:node): A risk:vuln node from the Storm runtime.

save (boolean): If true, save the computed scores to the node properties.

vers (str): The version of CVSS calculations to execute.

Returns:
A dictionary containing the computed score and subscores. The return type is dict.

$lib.infosec.cvss.saveVectToNode(node, text)

Parse a CVSS vector and record properties on a risk:vuln node.

Args:

node (storm:node): A risk:vuln node to record the CVSS properties on.

text (str): A CVSS vector string.

Returns:
The return type is null.

$lib.infosec.cvss.vectToProps(text)

Parse a CVSS vector and return a dictionary of risk:vuln props.

Args:
text (str): A CVSS vector string.
Returns:
A dictionary of risk:vuln secondary props. The return type is dict.

$lib.json

A Storm Library for interacting with Json data.

$lib.json.load(text)

Parse a JSON string and return the deserialized data.

Args:
text (str): The string to be deserialized.
Returns:
The JSON deserialized object. The return type is prim.

$lib.json.save(item)

Save an object as a JSON string.

Args:
item (any): The item to be serialized as a JSON string.
Returns:
The JSON serialized object. The return type is str.

$lib.layer

A Storm Library for interacting with Layers in the Cortex.

$lib.layer.add(ldef=None)

Add a layer to the Cortex.

Args:
ldef (dict): The layer definition dictionary.
Returns:
A storm:layer object representing the new layer. The return type is storm:layer.

$lib.layer.del(iden)

Delete a layer from the Cortex.

Args:
iden (str): The iden of the layer to delete.
Returns:
The return type is null.

$lib.layer.get(iden=None)

Get a Layer from the Cortex.

Args:
iden (str): The iden of the layer to get. If not set, this defaults to the top layer of the current View.
Returns:
The storm layer object. The return type is storm:layer.

$lib.layer.list()

List the layers in a Cortex

Returns:
List of storm:layer objects. The return type is list.

$lib.lift

A Storm Library for interacting with lift helpers.

$lib.lift.byNodeData(name)

Lift nodes which have a given nodedata name set on them.

Args:
name (str): The name to of the nodedata key to lift by.
Yields:
Yields nodes to the pipeline. This must be used in conjunction with the yield keyword. The return type is storm:node.

$lib.macro

A Storm Library for interacting with the Storm Macros in the Cortex.

$lib.macro.del(name)

Delete a Storm Macro by name from the Cortex.

Args:
name (str): The name of the macro to delete.
Returns:
The return type is null.

$lib.macro.get(name)

Get a Storm Macro definition by name from the Cortex.

Args:
name (str): The name of the macro to get.
Returns:
A macro definition. The return type is dict.

$lib.macro.list()

Get a list of Storm Macros in the Cortex.

Returns:
A list of dict objects containing Macro definitions. The return type is list.

$lib.macro.set(name, storm)

Add or modify an existing Storm Macro in the Cortex.

Args:

name (str): Name of the Storm Macro to add or modify.

storm: The Storm query to add to the macro. The input type may one one of the following: str, storm:query.

Returns:
The return type is null.

$lib.model

A Storm Library for interacting with the Data Model in the Cortex.

$lib.model.form(name)

Get a form object by name.

Args:
name (str): The name of the form to retrieve.
Returns:
The storm:model:form instance if the form is present or null. The return type may be one of the following: storm:model:form, null.

$lib.model.prop(name)

Get a prop object by name.

Args:
name (str): The name of the prop to retrieve.
Returns:
The storm:model:prop instance if the type if present or null. The return type may be one of the following: storm:model:prop, null.

$lib.model.tagprop(name)

Get a tag property object by name.

Args:
name (str): The name of the tag prop to retrieve.
Returns:
The storm:model:tagprop instance if the tag prop if present or null. The return type may be one of the following: storm:model:tagprop, null.

$lib.model.type(name)

Get a type object by name.

Args:
name (str): The name of the type to retrieve.
Returns:
The storm:model:type instance if the type if present on the form or null. The return type may be one of the following: storm:model:type, null.

$lib.model.deprecated

A storm library for interacting with the model deprecation mechanism.

$lib.model.deprecated.lock(name, locked)

Set the locked property for a deprecated model element.

Args:

name (str): The full path of the model element to lock.

locked (boolean): The lock status.

Returns:
The return type is null.

$lib.model.deprecated.locks()

Get a dictionary of the data model elements which are deprecated and their lock status in the Cortex.

Returns:
A dictionary of named elements to their boolean lock values. The return type is dict.

$lib.model.edge

A Storm Library for interacting with light edges and manipulating their key-value attributes.

$lib.model.edge.del(verb, key)

Delete a key from the key-value store for a verb.

Args:

verb (str): The name of the Edge verb to remove a key from.

key (str): The name of the key to remove from the key-value store.

Returns:
The return type is null.

$lib.model.edge.get(verb)

Get the key-value data for a given Edge verb.

Args:
verb (str): The Edge verb to look up.
Returns:
A dictionary representing the key-value data set on a verb. The return type is dict.

$lib.model.edge.list()

Get a list of (verb, key-value dictionary) pairs for Edge verbs in the current Cortex View.

Returns:
A list of (str, dict) tuples for each verb in the current Cortex View. The return type is list.

$lib.model.edge.set(verb, key, valu)

Set a key-value for a given Edge verb.

Args:

verb (str): The Edge verb to set a value for.

key (str): The key to set.

valu (str): The value to set.

Returns:
The return type is null.

$lib.model.edge.validkeys()

Get a list of the valid keys that can be set on an Edge verb.

Returns:
A list of the valid keys. The return type is list.

$lib.model.ext

A Storm library for manipulating extended model elements.

$lib.model.ext.addForm(formname, basetype, typeopts, typeinfo)

Add an extended form definition to the data model.

Args:

formname (str): The name of the form to add.

basetype (str): The base type the form is derived from.

typeopts (dict): A Synapse type opts dictionary.

typeinfo (dict): A Synapse form info dictionary.

Returns:
The return type is null.

$lib.model.ext.addFormProp(formname, propname, typedef, propinfo)

Add an extended property definition to the data model.

Args:

formname (str): The name of the form to add the property to.

propname (str): The name of the extended property.

typedef (list): A Synapse type definition tuple.

propinfo (dict): A synapse property definition dictionary.

Returns:
The return type is null.

$lib.model.ext.addTagProp(propname, typedef, propinfo)

Add an extended tag property definition to the data model.

Args:

propname (str): The name of the tag property.

typedef (list): A Synapse type definition tuple.

propinfo (dict): A synapse property definition dictionary.

Returns:
The return type is null.

$lib.model.ext.addUnivProp(propname, typedef, propinfo)

Add an extended universal property definition to the data model.

Args:

propname (str): The name of the universal property.

typedef (list): A Synapse type definition tuple.

propinfo (dict): A synapse property definition dictionary.

Returns:
The return type is null.

$lib.model.ext.delForm(formname)

Remove an extended form definition from the model.

Args:
formname (str): The extended form to remove.
Returns:
The return type is null.

$lib.model.ext.delFormProp(formname, propname)

Remove an extended property definition from the model.

Args:

formname (str): The form with the extended property.

propname (str): The extended property to remove.

Returns:
The return type is null.

$lib.model.ext.delTagProp(propname)

Remove an extended tag property definition from the model.

Args:
propname (str): Name of the tag propert to remove.
Returns:
The return type is null.

$lib.model.ext.delUnivProp(propname)

Remove an extended universal property definition from the model.

Args:
propname (str): Name of the universal property to remove.
Returns:
The return type is null.

$lib.model.tags

A Storm Library for interacting with tag specifications in the Cortex Data Model.

$lib.model.tags.del(tagname)

Delete a tag model specification.

Examples:

Delete the tag model specification for cno.threat:

$lib.model.tags.del(cno.threat)
Args:
tagname (str): The name of the tag.
Returns:
The return type is null.

$lib.model.tags.get(tagname)

Retrieve a tag model specification.

Examples:

Get the tag model specification for cno.threat:

$dict = $lib.model.tags.get(cno.threat)
Args:
tagname (str): The name of the tag.
Returns:
The tag model definition. The return type is dict.

$lib.model.tags.list()

List all tag model specifications.

Examples:

Iterate over the tag model specifications in the Cortex:

for ($name, $info) in $lib.model.tags.list() {
    ...
}
Returns:
List of tuples containing the tag name and model definition The return type is list.

$lib.model.tags.pop(tagname, propname)

Pop and return a tag model property.

Examples:

Remove the regex list from the cno.threat tag model:

$regxlist = $lib.model.tags.pop(cno.threat, regex)
Args:

tagname (str): The name of the tag.

propname (str): The name of the tag model property.

Returns:
The value of the property. The return type is prim.

$lib.model.tags.set(tagname, propname, propvalu)

Set a tag model property for a tag.

Examples:

Create a tag model for the cno.cve tag:

$regx = ($lib.null, $lib.null, "[0-9]{4}", "[0-9]{5}")
$lib.model.tags.set(cno.cve, regex, $regx)
Args:

tagname (str): The name of the tag.

propname (str): The name of the tag model property.

propvalu (prim): The value to set.

Returns:
The return type is null.

$lib.pipe

A Storm library for interacting with non-persistent queues.

$lib.pipe.gen(filler, size=10000)

Generate and return a Storm Pipe.

Notes:
The filler query is run in parallel with $pipe. This requires the permission storm.pipe.gen to use.
Examples:

Fill a pipe with a query and consume it with another:

$pipe = $lib.pipe.gen(${ $pipe.puts((1, 2, 3)) })

for $items in $pipe.slices(size=2) {
    $dostuff($items)
}
Args:

filler: A Storm query to fill the Pipe. The input type may one one of the following: str, storm:query.

size (int): Maximum size of the pipe.

Returns:
The pipe containing query results. The return type is storm:pipe.

$lib.pkg

A Storm Library for interacting with Storm Packages.

$lib.pkg.add(pkgdef)

Add a Storm Package to the Cortex.

Args:
pkgdef (dict): A Storm Package definition.
Returns:
The return type is null.

$lib.pkg.del(name)

Delete a Storm Package from the Cortex.

Args:
name (str): The name of the package to delete.
Returns:
The return type is null.

$lib.pkg.get(name)

Get a Storm Package from the Cortex.

Args:
name (str): A Storm Package name.
Returns:
The Storm package definition. The return type is dict.

$lib.pkg.has(name)

Check if a Storm Package is available in the Cortex.

Args:
name (str): A Storm Package name to check for the existence of.
Returns:
True if the package exists in the Cortex, False if it does not. The return type is boolean.

$lib.pkg.list()

Get a list of Storm Packages loaded in the Cortex.

Returns:
A list of Storm Package definitions. The return type is list.

$lib.projects

A Storm Library for interacting with Projects in the Cortex.

$lib.projects.add(name, desc=)

Add a new project

Args:

name (str): The name of the Project to add

desc (str): A description of the overall project

Returns:
The newly created storm:project object The return type is storm:project.

$lib.projects.del(name)

Delete an existing project

Args:
name (str): The name of the Project to delete
Returns:
True if the project exists and gets deleted, otherwise False The return type is boolean.

$lib.projects.get(name)

Retrieve a project by name

Args:
name (str): The name of the Project to get
Returns:
The storm:project `object, if it exists, otherwise null The return type is ``storm:project`.

$lib.ps

A Storm Library for interacting with running tasks on the Cortex.

$lib.ps.kill(prefix)

Stop a running task on the Cortex.

Args:
prefix (str): The prefix of the task to stop. Tasks will only be stopped if there is a single prefix match.
Returns:
True if the task was cancelled, False otherwise. The return type is boolean.

$lib.ps.list()

List tasks the current user can access.

Returns:
A list of task definitions. The return type is list.

$lib.queue

A Storm Library for interacting with persistent Queues in the Cortex.

$lib.queue.add(name)

Add a Queue to the Cortex with a given name.

Args:
name (str): The name of the queue to add.
Returns:
The return type is storm:queue.

$lib.queue.del(name)

Delete a given named Queue.

Args:
name (str): The name of the queue to delete.
Returns:
The return type is null.

$lib.queue.gen(name)

Add or get a Storm Queue in a single operation.

Args:
name (str): The name of the Queue to add or get.
Returns:
The return type is storm:queue.

$lib.queue.get(name)

Get an existing Storm Queue object.

Args:
name (str): The name of the Queue to get.
Returns:
A storm:queue object. The return type is storm:queue.

$lib.queue.list()

Get a list of the Queues in the Cortex.

Returns:
A list of queue definitions the current user is allowed to interact with. The return type is list.

$lib.regex

A Storm library for searching/matching with regular expressions.

$lib.regex.findall(pattern, text, flags=0)

Search the given text for the patterns and return a list of matching strings.

Note:
If multiple matching groups are specified, the return value is a list of lists of strings.

Example:

Extract the matching strings from a piece of text:

for $x in $lib.regex.findall("G[0-9]{4}", "G0006 and G0001") {
    $dostuff($x)
}
Args:

pattern (str): The regular expression pattern.

text (str): The text to match.

flags (int): Regex flags to control the match behavior.

Returns:
A list of lists of strings for the matching groups in the pattern. The return type is list.

$lib.regex.flags.i

Regex flag to indicate that case insensitive matches are allowed.

Returns:
The type is int.

$lib.regex.flags.m

Regex flag to indicate that multiline matches are allowed.

Returns:
The type is int.

$lib.regex.matches(pattern, text, flags=0)

Check if text matches a pattern. Returns $lib.true if the text matches the pattern, otherwise $lib.false.

Notes:
This API requires the pattern to match at the start of the string.
Example:

Check if the variable matches a expression:

if $lib.regex.matches("^[0-9]+.[0-9]+.[0-9]+$", $text) {
    $lib.print("It's semver! ...probably")
}
Args:

pattern (str): The regular expression pattern.

text (str): The text to match.

flags (int): Regex flags to control the match behavior.

Returns:
True if there is a match, False otherwise. The return type is boolean.

$lib.regex.replace(pattern, replace, text, flags=0)

Replace any substrings that match the given regular expression with the specified replacement.

Example:

Replace a portion of a string with a new part based on a regex:

$norm = $lib.regex.replace("\sAND\s", " & ", "Ham and eggs!", $lib.regex.flags.i)
Args:

pattern (str): The regular expression pattern.

replace (str): The text to replace matching sub strings.

text (str): The input text to search/replace.

flags (int): Regex flags to control the match behavior.

Returns:
The new string with matches replaced. The return type is str.

$lib.regex.search(pattern, text, flags=0)

Search the given text for the pattern and return the matching groups.

Note:
In order to get the matching groups, patterns must use parentheses to indicate the start and stop of the regex to return portions of. If groups are not used, a successful match will return a empty list and a unsuccessful match will return $lib.null.
Example:

Extract the matching groups from a piece of text:

$m = $lib.regex.search("^([0-9])+.([0-9])+.([0-9])+$", $text)
if $m {
    ($maj, $min, $pat) = $m
}
Args:

pattern (str): The regular expression pattern.

text (str): The text to match.

flags (int): Regex flags to control the match behavior.

Returns:
A list of strings for the matching groups in the pattern. The return type is list.

$lib.service

A Storm Library for interacting with Storm Services.

$lib.service.add(name, url)

Add a Storm Service to the Cortex.

Args:

name (str): Name of the Storm Service to add.

url (str): The Telepath URL to the Storm Service.

Returns:
The Storm Service definition. The return type is dict.

$lib.service.del(iden)

Remove a Storm Service from the Cortex.

Args:
iden (str): The iden of the service to remove.
Returns:
The return type is null.

$lib.service.get(name)

Get a Storm Service definition.

Args:
name (str): The local name, local iden, or remote name, of the service to get the definition for.
Returns:
A Storm Service definition. The return type is dict.

$lib.service.has(name)

Check if a Storm Service is available in the Cortex.

Args:
name (str): The local name, local iden, or remote name, of the service to check for the existence of.
Returns:
True if the service exists in the Cortex, False if it does not. The return type is boolean.

$lib.service.list()

List the Storm Service definitions for the Cortex.

Notes:
The definition dictionaries have an additional ready key added to them to indicate if the Cortex is currently connected to the Storm Service or not.
Returns:
A list of Storm Service definitions. The return type is list.

$lib.service.wait(name)

Wait for a given service to be ready.

Args:
name (str): The name, or iden, of the service to wait for.
Returns:
Returns null when the service is available. The return type is null.

$lib.stats

A Storm Library for statistics related functionality.

$lib.stats.tally()

Get a Tally object.

Returns:
A new tally object. The return type is storm:stat:tally.

$lib.stix

A Storm Library for interacting with Stix Version 2.1 CS02.

$lib.stix.lift(bundle)

Lift nodes from a STIX Bundle made by Synapse.

Notes:
This lifts nodes using the Node definitions embedded into the bundle when created by Synapse using custom extension properties.
Examples:

Lifting nodes from a STIX bundle:

yield $lib.stix($bundle)
Args:
bundle (dict): The stix bundle to lift nodes from.
Yields:
Yields nodes The return type is storm:node.

$lib.stix.validate(bundle)

Validate a STIX Bundle.

Notes:

This returns a dictionary containing the following values:

{
    'ok': <boolean> - False if bundle is invalid, True otherwise.
    'mesg': <str> - An error message if there was an error when validating the bundle.
    'results': The results of validating the bundle.
}
Args:
bundle (dict): The stix bundle to validate.
Returns:
Results dictionary. The return type is dict.

$lib.stix.export

A Storm Library for exporting to STIX version 2.1 CS02.

$lib.stix.export.bundle(config=None)

Return a new empty STIX bundle.

The config argument maps synapse forms to stix types and allows you to specify how to resolve STIX properties and relationships. The config expects to following format:

{
    "maxsize": 10000,

    "forms": {
        <formname>: {
            "default": <stixtype0>,
            "stix": {
                <stixtype0>: {
                    "props": {
                        <stix_prop_name>: <storm_with_return>,
                        ...
                    },
                    "rels": (
                        ( <relname>, <target_stixtype>, <storm> ),
                        ...
                    )
                },
                <stixtype1>: ...
            },
        },
    },
},

For example, the default config includes the following entry to map ou:campaign nodes to stix campaigns:

{ "forms": {
    "ou:campaign": {
        "default": "campaign",
        "stix": {
            "campaign": {
                "props": {
                    "name": "{+:name return(:name)} return($node.repr())",
                    "description": "+:desc return(:desc)",
                    "objective": "+:goal :goal -> ou:goal +:name return(:name)",
                    "created": "return($lib.stix.export.timestamp(.created))",
                    "modified": "return($lib.stix.export.timestamp(.created))",
                },
                "rels": (
                    ("attributed-to", "threat-actor", ":org -> ou:org"),
                    ("originates-from", "location", ":org -> ou:org :hq -> geo:place"),
                    ("targets", "identity", "-> risk:attack :target:org -> ou:org"),
                    ("targets", "identity", "-> risk:attack :target:person -> ps:person"),
                ),
            },
        },
}},
Note:
The default config is an evolving set of mappings. If you need to guarantee stable output please specify a config.
Args:
config (dict): The STIX bundle export config to use.
Returns:
A new storm:stix:bundle instance. The return type is storm:stix:bundle.

$lib.stix.export.config()

Construct a default STIX bundle export config.

Returns:
A default STIX bundle export config. The return type is dict.

$lib.stix.export.timestamp(tick)

Format an epoch milliseconds timestamp for use in STIX output.

Args:
tick (time): The epoch milliseconds timestamp.
Returns:
A STIX formatted timestamp string. The return type is str.

$lib.storm

A Storm library for evaluating dynamic storm expressions.

$lib.storm.eval(text, cast=None)

Evaluate a storm runtime value and optionally cast/coerce it.

Args:

text (str): A storm expression string.

cast (str): A type to cast the result to.

Returns:
The value of the expression and optional cast. The return type is item.

$lib.str

A Storm Library for interacting with strings.

$lib.str.concat(*args)

Concatenate a set of strings together.

Args:
*args (any): Items to join together.
Returns:
The joined string. The return type is str.

$lib.str.format(text, **kwargs)

Format a text string.

Examples:

Format a string with a fixed argument and a variable:

cli> storm $list=(1,2,3,4)
     $str=$lib.str.format('Hello {name}, your list is {list}!', name='Reader', list=$list)
     $lib.print($str)

Hello Reader, your list is ['1', '2', '3', '4']!
Args:

text (str): The base text string.

**kwargs (any): Keyword values which are substituted into the string.

Returns:
The new string. The return type is str.

$lib.str.join(sepr, items)

Join items into a string using a separator.

Examples:

Join together a list of strings with a dot separator:

cli> storm $foo=$lib.str.join('.', ('rep', 'vtx', 'tag')) $lib.print($foo)

rep.vtx.tag
Args:

sepr (str): The separator used to join strings with.

items (list): A list of items to join together.

Returns:
The joined string. The return type is str.

$lib.tags

Storm utility functions for tags.

$lib.tags.prefix(names, prefix)

Normalize and prefix a list of syn:tag:part values so they can be applied.

Examples:

Add tag prefixes and then use them to tag nodes:

$tags = $lib.tags.prefix($result.tags, vtx.visi)
{ for $tag in $tags { [ +#$tag ] } }
Args:

names (list): A list of syn:tag:part values to normalize and prefix.

prefix (str): The string prefix to add to the syn:tag:part values.

Returns:
A list of normalized and prefixed syn:tag values. The return type is list.

$lib.telepath

A Storm Library for making Telepath connections to remote services.

$lib.telepath.open(url)

Open and return a Telepath RPC proxy.

Args:
url (str): The Telepath URL to connect to.
Returns:
A object representing a Telepath Proxy. The return type is storm:proxy.

$lib.time

A Storm Library for interacting with timestamps.

$lib.time.format(valu, format)

Format a Synapse timestamp into a string value using datetime.strftime().

Examples:

Format a timestamp into a string:

cli> storm $now=$lib.time.now() $str=$lib.time.format($now, '%A %d, %B %Y') $lib.print($str)

Tuesday 14, July 2020
Args:

valu (int): A timestamp in epoch milliseconds.

format (str): The strftime format string.

Returns:
The formatted time string. The return type is str.

$lib.time.fromunix(secs)

Normalize a timestamp from a unix epoch time in seconds to milliseconds.

Examples:

Convert a timestamp from seconds to millis and format it:

cli> storm $seconds=1594684800 $millis=$lib.time.fromunix($seconds)
     $str=$lib.time.format($millis, '%A %d, %B %Y') $lib.print($str)

Tuesday 14, July 2020
Args:
secs (int): Unix epoch time in seconds.
Returns:
The normalized time in milliseconds. The return type is int.

$lib.time.now()

Get the current epoch time in milliseconds.

Returns:
Epoch time in milliseconds. The return type is int.

$lib.time.parse(valu, format, errok=False)

Parse a timestamp string using datetime.strptime() into an epoch timestamp.

Examples:

Parse a string as for its month/day/year value into a timestamp:

cli> storm $s='06/01/2020' $ts=$lib.time.parse($s, '%m/%d/%Y') $lib.print($ts)

1590969600000
Args:

valu (str): The timestamp string to parse.

format (str): The format string to use for parsing.

errok (boolean): If set, parsing errors will return $lib.null instead of raising an exception.

Returns:
The epoch timetsamp for the string. The return type is int.

$lib.time.sleep(valu)

Pause the processing of data in the storm query.

Notes:
This has the effect of clearing the Snap’s cache, so any node lifts performed after the $lib.time.sleep(...) executes will be lifted directly from storage.
Args:
valu (int): The number of seconds to pause for.
Returns:
The return type is null.

$lib.time.ticker(tick, count=None)

Periodically pause the processing of data in the storm query.

Notes:
This has the effect of clearing the Snap’s cache, so any node lifts performed after each tick will be lifted directly from storage.
Args:

tick (int): The amount of time to wait between each tick, in seconds.

count (int): The number of times to pause the query before exiting the loop. This defaults to None and will yield forever if not set.

Yields:
This yields the current tick count after each time it wakes up. The return type is int.

$lib.trigger

A Storm Library for interacting with Triggers in the Cortex.

$lib.trigger.add(tdef)

Add a Trigger to the Cortex.

Args:
tdef (dict): A Trigger definition.
Returns:
The new trigger. The return type is storm:trigger.

$lib.trigger.del(prefix)

Delete a Trigger from the Cortex.

Args:
prefix (str): A prefix to match in order to identify a trigger to delete. Only a single matching prefix will be deleted.
Returns:
The iden of the deleted trigger which matched the prefix. The return type is str.

$lib.trigger.disable(prefix)

Disable a Trigger in the Cortex.

Args:
prefix (str): A prefix to match in order to identify a trigger to disable. Only a single matching prefix will be disabled.
Returns:
The iden of the trigger that was disabled. The return type is str.

$lib.trigger.enable(prefix)

Enable a Trigger in the Cortex.

Args:
prefix (str): A prefix to match in order to identify a trigger to enable. Only a single matching prefix will be enabled.
Returns:
The iden of the trigger that was enabled. The return type is str.

$lib.trigger.get(iden)

Get a Trigger in the Cortex.

Args:
iden (str): The iden of the Trigger to get.
Returns:
The requested storm:trigger object. The return type is storm:trigger.

$lib.trigger.list()

Get a list of Triggers in the Cortex.

Returns:
A list of storm:trigger objects the user is allowed to access. The return type is list.

$lib.trigger.mod(prefix, query)

Modify an existing Trigger in the Cortex.

Args:

prefix (str): A prefix to match in order to identify a trigger to modify. Only a single matching prefix will be modified.

query: The new Storm query to set as the trigger query. The input type may one one of the following: str, storm:query.

Returns:
The iden of the modified Trigger The return type is str.

$lib.user

A Storm Library for interacting with data about the current user.

$lib.user.allowed(permname, gateiden=None)

Check if the current user has a given permission.

Args:

permname (str): The permission string to check.

gateiden (str): The authgate iden.

Returns:
True if the user has the requested permission, false otherwise. The return type is boolean.

$lib.user.iden

The user GUID for the current storm user.

Returns:
The type is guid.

$lib.user.name()

Get the name of the current runtime user.

Returns:
The username. The return type is str.

$lib.user.profile

Get a Hive dictionary representing the current users profile information.

Returns:
The type is storm:hive:dict.

$lib.user.vars

Get a Hive dictionary representing the current users persistent variables.

Returns:
The type is storm:hive:dict.

$lib.vars

A Storm Library for interacting with runtime variables.

$lib.vars.del(name)

Unset a variable in the current Runtime.

Args:
name (str): The variable name to remove.
Returns:
The return type is null.

$lib.vars.get(name, defv=None)

Get the value of a variable from the current Runtime.

Args:

name (str): Name of the variable to get.

defv (prim): The default value returned if the variable is not set in the runtime.

Returns:
The value of the variable. The return type is any.

$lib.vars.list()

Get a list of variables from the current Runtime.

Returns:
A list of variable names and their values for the current Runtime. The return type is list.

$lib.vars.set(name, valu)

Set the value of a variable in the current Runtime.

Args:

name (str): Name of the variable to set.

valu (prim): The value to set the variable too.

Returns:
The return type is null.

$lib.version

A Storm Library for interacting with version information.

$lib.version.commit()

The synapse commit hash for the local Cortex.

Returns:
The commit hash. The return type is str.

$lib.version.matches(vertup, reqstr)

Check if the given version triple meets the requirements string.

Examples:

Check if the synapse version is in a range:

$synver = $lib.version.synapse()
if $lib.version.matches($synver, ">=2.9.0") {
    $dostuff()
}
Args:

vertup (list): Triple of major, minor, and patch version integers.

reqstr (str): The version string to compare against.

Returns:
True if the version meets the requirements, False otherwise. The return type is boolean.

$lib.version.synapse()

The synapse version tuple for the local Cortex.

Returns:
The version triple. The return type is list.

$lib.view

A Storm Library for interacting with Views in the Cortex.

$lib.view.add(layers, name=None)

Add a View to the Cortex.

Args:

layers (list): A list of layer idens which make up the view.

name (str): The name of the view.

Returns:
A storm:view object representing the new View. The return type is storm:view.

$lib.view.del(iden)

Delete a View from the Cortex.

Args:
iden (str): The iden of the View to delete.
Returns:
The return type is null.

$lib.view.get(iden=None)

Get a View from the Cortex.

Args:
iden (str): The iden of the View to get. If not specified, returns the current View.
Returns:
The storm view object. The return type is storm:view.

$lib.view.list()

List the Views in the Cortex.

Returns:
List of storm:view objects. The return type is list.