synapse.lib.stormlib package

Submodules

synapse.lib.stormlib.aha module

class synapse.lib.stormlib.aha.AhaLib(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with AHA.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.aha.AhaPool(runt, poolinfo)[source]

Bases: StormType

Implements the Storm API for an AHA pool.

async stormrepr()[source]

class synapse.lib.stormlib.aha.AhaPoolLib(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with AHA service pools.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.auth module

class synapse.lib.stormlib.auth.Gate(runt, valu, path=None)[source]

Bases: Prim

Implements the Storm API for an AuthGate.

class synapse.lib.stormlib.auth.LibAuth(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with Auth in the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async getPermDef(perm)[source]

async getPermDefs()[source]

static ruleFromText(text)[source]

async textFromRule(rule)[source]

class synapse.lib.stormlib.auth.LibGates(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with Auth Gates in the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.auth.LibRoles(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with Auth Roles in the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.auth.LibUser(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with data about the current user.

addLibFuncs()[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.auth.LibUsers(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with Auth Users in the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.auth.Role(runt, valu, path=None)[source]

Bases: Prim

Implements the Storm API for a Role.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async stormrepr()[source]

async value()[source]

class synapse.lib.stormlib.auth.User(runt, valu, path=None)[source]

Bases: Prim

Implements the Storm API for a User.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async stormrepr()[source]

async value()[source]

class synapse.lib.stormlib.auth.UserJson(runt, valu)[source]

Bases: Prim

Implements per-user JSON storage.

async get(path, prop=None)[source]

async has(path)[source]

async iter(path=None)[source]

async set(path, valu, prop=None)[source]

class synapse.lib.stormlib.auth.UserProfile(runt, valu, path=None)[source]

Bases: Prim

The Storm deref/setitem/iter convention on top of User profile information.

async deref(name)[source]

async iter()[source]

async setitem(name, valu)[source]

async value()[source]

class synapse.lib.stormlib.auth.UserVars(runt, valu, path=None)[source]

Bases: Prim

The Storm deref/setitem/iter convention on top of User vars information.

async deref(name)[source]

async iter()[source]

async setitem(name, valu)[source]

synapse.lib.stormlib.auth.ruleFromText(text)[source]

Get a rule tuple from a text string.

Parameters:: text (str) – The string to process.
Returns:: A tuple containing a bool and a list of permission parts.
Return type:: (bool, tuple)

synapse.lib.stormlib.backup module

class synapse.lib.stormlib.backup.BackupLib(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with the backup APIs in the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.basex module

class synapse.lib.stormlib.basex.BaseXLib(runt, name=())[source]

Bases: Lib

A Storm library which implements helpers for encoding and decoding strings using an arbitrary charset.

async decode(text, charset)[source]

async encode(byts, charset)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.cache module

class synapse.lib.stormlib.cache.FixedCache(runt, query, size=10000)[source]

Bases: StormType

A StormLib API instance of a Storm Fixed Cache.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async stormrepr()[source]

class synapse.lib.stormlib.cache.LibCache(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with Cache Objects.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.cell module

class synapse.lib.stormlib.cell.CellLib(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.cell.getMaxHotFixes()[source]

synapse.lib.stormlib.compression module

class synapse.lib.stormlib.compression.Bzip2Lib(runt, name=())[source]

Bases: Lib

A Storm library which implements helpers for bzip2 compression.

async en(valu)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async un(valu)[source]

class synapse.lib.stormlib.compression.GzipLib(runt, name=())[source]

Bases: Lib

A Storm library which implements helpers for gzip compression.

async en(valu)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async un(valu)[source]

class synapse.lib.stormlib.compression.ZlibLib(runt, name=())[source]

Bases: Lib

A Storm library which implements helpers for zlib compression.

async en(valu)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async un(valu)[source]

synapse.lib.stormlib.cortex module

class synapse.lib.stormlib.cortex.CortexHttpApi(runt, name=())[source]

Bases: Lib

Library for interacting with the Extended HTTP API.

async addHttpApi(path, name='', desc='', runas='owner', authenticated=True, readonly=False)[source]

async delHttpApi(iden)[source]

async getHttpApi(iden)[source]

async getHttpApiByPath(path)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async listHttpApis()[source]

async makeHttpResponse(requestinfo)[source]

async setHttpApiIndx(iden, index=0)[source]

class synapse.lib.stormlib.cortex.HttpApi(runt, info)[source]

Bases: StormType

Extended HTTP API object.

This object represents an extended HTTP API that has been configured on the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async stormrepr()[source]

class synapse.lib.stormlib.cortex.HttpApiMethods(httpapi: HttpApi)[source]

Bases: Prim

Accessor dictionary for getting and setting Extended HTTP API methods.
Notes:
The Storm code used to run these methods will have a $request object injected into them. This allows the method to send data back to the caller when it is run.

Examples:
Setting a simple GET method:
$api.methods.get = ${
    $data = ({"someKey": "someValue})
    $headers = ({"someHeader": "someOtherValue"})
    $request.reply(200, headers=$headers, body=$data)
}
Removing a PUT method:
$api.methods.put = $lib.undef
Crafting a custom text response:
$api.methods.get = ${
    // Create the body
    $data = 'some value'
    // Encode the response as bytes
    $data = $data.encode()
    // Set the headers
    $headers = ({"Content-Type": "text/plain", "Content-Length": $lib.len($data})
    $request.reply(200, headers=$headers, body=$data)
}
Streaming multiple chunks of data as JSON lines. This sends the code, headers and body separately:
$api.methods.get = ${
    $request.sendcode(200)
    $request.sendheaders(({"Content-Type": "text/plain; charset=utf8"}))
    $values = ((1), (2), (3))
    for $i in $values {
        $body=`{$lib.json.save(({"value": $i}))}

`: $request.sendbody($body.encode())

}

}

async iter()[source]

class synapse.lib.stormlib.cortex.HttpApiVars(httpapi, path=None)[source]

Bases: Dict

Accessor dictionary for getting and setting Extended HTTP API variables.

This can be used to set, unset or iterate over the runtime variables that are set for an Extended HTTP API endpoint. These variables are set in the Storm runtime for all of the HTTP methods configured to be executed by the endpoint.

Example

Set a few variables on a given API:

$api.vars.foo = 'the foo string'
$api.vars.bar = (1234)

Remove a variable:

$api.vars.foo = $lib.undef

Iterate over the variables set for the endpoint:

for ($key, $valu) in $api.vars {
    $lib.print(`{$key) -> {$valu}`)
}

Overwrite all of the variables for a given API with a new dictionary:

$api.vars = ({"foo": "a new string", "bar": (137)})

async setitem(name, valu)[source]

class synapse.lib.stormlib.cortex.HttpHeaderDict(valu, path=None)[source]

Bases: Dict

Immutable lowercase key access dictionary for HTTP request headers.

Example

Request headers can be accessed in a case insensitive manner:

$valu = $request.headers.Cookie
// or the lower case value
$valu = $request.headers.cookie

async deref(name)[source]

async setitem(name, valu)[source]

class synapse.lib.stormlib.cortex.HttpPermsList(httpapi, path=None)[source]

Bases: List

Accessor list for getting and setting http:api permissions.

async setitem(name, valu)[source]

class synapse.lib.stormlib.cortex.HttpReq(runt, rnfo)[source]

Bases: StormType

Extended HTTP API Request object.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.cortex.StormPoolDelCmd(runt, runtsafe)[source]

Bases: Cmd

Remove a Storm query offload mirror pool configuration.

Notes

This will result in tearing down any Storm queries currently being serviced by the Storm pool. This may result in this command raising an exception if it was offloaded to a pool member. That would be an expected behavior.

async execStormCmd(runt, genr)[source]: Abstract base method

name = 'cortex.storm.pool.del'

class synapse.lib.stormlib.cortex.StormPoolGetCmd(runt, runtsafe)[source]

Bases: Cmd

Display the current Storm query offload mirror pool configuration.

async execStormCmd(runt, genr)[source]: Abstract base method

name = 'cortex.storm.pool.get'

class synapse.lib.stormlib.cortex.StormPoolSetCmd(runt, runtsafe)[source]

Bases: Cmd

Setup a Storm query offload mirror pool for the Cortex.

async execStormCmd(runt, genr)[source]: Abstract base method

getArgParser()[source]

name = 'cortex.storm.pool.set'

synapse.lib.stormlib.easyperm module

class synapse.lib.stormlib.easyperm.LibEasyPerm(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with easy perm dictionaries.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.ethereum module

class synapse.lib.stormlib.ethereum.EthereumLib(runt, name=())[source]

Bases: Lib

A Storm library which implements helpers for Ethereum.

async eip55(addr)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.gen module

class synapse.lib.stormlib.gen.LibGen(runt, name=())[source]

Bases: Lib

A Storm Library for secondary property based deconfliction.

synapse.lib.stormlib.gis module

class synapse.lib.stormlib.gis.GisLib(runt, name=())[source]

Bases: Lib

A Storm library which implements helpers for earth based geospatial calculations.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.graph module

class synapse.lib.stormlib.graph.GraphLib(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with graph projections in the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.hashes module

class synapse.lib.stormlib.hashes.LibHashes(runt, name=())[source]

Bases: Lib

A Storm Library for hashing bytes

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.hashes.LibHmac(runt, name=())[source]

Bases: Lib

A Storm library for computing RFC2104 HMAC values.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.hex module

class synapse.lib.stormlib.hex.HexLib(runt, name=())[source]

Bases: Lib

A Storm library which implements helpers for hexadecimal encoded strings.

async decode(valu)[source]

async encode(valu)[source]

async fromint(valu, length, signed=False)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async signext(valu, length)[source]

async toint(valu, signed=False)[source]

async trimext(valu)[source]

synapse.lib.stormlib.imap module

class synapse.lib.stormlib.imap.ImapLib(runt, name=())[source]

Bases: Lib

A Storm library to connect to an IMAP server.

async connect(host, port=993, timeout=30, ssl=True)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.imap.ImapServer(runt, imap_cli, path=None)[source]

Bases: StormType

An IMAP server for retrieving email messages.

async delete(uid_set)[source]

async fetch(uid)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async list(reference_name='""', pattern='*')[source]

async login(user, passwd)[source]

async markSeen(uid_set)[source]

async search(*args, charset='utf-8')[source]

async select(mailbox='INBOX')[source]

async synapse.lib.stormlib.imap.run_imap_coro(coro)[source]: Raises or returns data.

synapse.lib.stormlib.infosec module

synapse.lib.stormlib.infosec.CVSS2_calc(vdict)[source]

synapse.lib.stormlib.infosec.CVSS2_round(x)[source]

synapse.lib.stormlib.infosec.CVSS3_0_calc(vdict)[source]

synapse.lib.stormlib.infosec.CVSS3_0_round(x)[source]: Round up to the nearest one decimal place. From the JS reference implementation: https://www.first.org/cvss/calculator/cvsscalc30.js

synapse.lib.stormlib.infosec.CVSS3_1_calc(vdict)[source]

synapse.lib.stormlib.infosec.CVSS3_1_round(x)[source]: Round up to the nearest one decimal place. From the JS reference implementation: https://www.first.org/cvss/calculator/cvsscalc31.js

synapse.lib.stormlib.infosec.CVSS_get_coefficients(vdict, vers)[source]

class synapse.lib.stormlib.infosec.CvssLib(runt, name=())[source]

Bases: Lib

A Storm library which implements CVSS score calculations.

async calculate(node, save=True, vers='3.1')[source]

async calculateFromProps(props, vers='3.1')[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async saveVectToNode(node, text)[source]

async vectToProps(text)[source]

async vectToScore(vect, vers=None)[source]

class synapse.lib.stormlib.infosec.MitreAttackFlowLib(runt, name=())[source]

Bases: Lib

A Storm library which implements modeling MITRE ATT&CK Flow diagrams.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.infosec.roundup(x)[source]

synapse.lib.stormlib.ipv6 module

class synapse.lib.stormlib.ipv6.LibIpv6(runt, name=())[source]

Bases: Lib

A Storm Library for providing ipv6 helpers.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.iters module

class synapse.lib.stormlib.iters.LibIters(runt, name=())[source]

Bases: Lib

A Storm library for providing iterator helpers.

async enum(genr)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.json module

class synapse.lib.stormlib.json.JsonLib(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with Json data.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.json.JsonSchema(runt, schema, use_default=True)[source]

Bases: StormType

A JsonSchema validation object for use in validating data structures in Storm.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async stormrepr()[source]

synapse.lib.stormlib.json.compileJsSchema(schema, use_default=True)[source]

synapse.lib.stormlib.json.runJsSchema(schema, item, use_default=True)[source]

synapse.lib.stormlib.log module

class synapse.lib.stormlib.log.LoggerLib(runt, name=())[source]

Bases: Lib

A Storm library which implements server side logging. These messages are logged to the synapse.storm.log logger.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.macro module

class synapse.lib.stormlib.macro.LibMacro(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with the Storm Macros in the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.macro.MacroExecCmd(runt, runtsafe)[source]

Bases: Cmd

Execute a named macro.

Example

inet:ipv4#cno.threat.t80 | macro.exec enrich_foo

async execStormCmd(runt, genr)[source]: Abstract base method

getArgParser()[source]

name = 'macro.exec'

readonly = True

synapse.lib.stormlib.math module

class synapse.lib.stormlib.math.MathLib(runt, name=())[source]

Bases: Lib

A Storm library for performing math operations.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.mime module

class synapse.lib.stormlib.mime.LibMimeHtml(runt, name=())[source]

Bases: Lib

A Storm library for manipulating HTML text.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async totext(html)[source]

synapse.lib.stormlib.mime.htmlToText(html)[source]

synapse.lib.stormlib.model module

class synapse.lib.stormlib.model.LibModel(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with the Data Model in the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.model.LibModelDeprecated(runt, name=())[source]

Bases: Lib

A storm library for interacting with the model deprecation mechanism.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.model.LibModelEdge(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with light edges and manipulating their key-value attributes.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

hivepath = ('cortex', 'model', 'edges')

validedgekeys = ('doc',)

class synapse.lib.stormlib.model.LibModelTags(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with tag specifications in the Cortex Data Model.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.model.ModelForm(form, path=None)[source]

Bases: Prim

Implements the Storm API for a Form.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

value()[source]

class synapse.lib.stormlib.model.ModelProp(prop, path=None)[source]

Bases: Prim

Implements the Storm API for a Property.

value()[source]

class synapse.lib.stormlib.model.ModelTagProp(tagprop, path=None)[source]

Bases: Prim

Implements the Storm API for a Tag Property.

value()[source]

class synapse.lib.stormlib.model.ModelType(valu, path=None)[source]

Bases: Prim

A Storm types wrapper around a lib.types.Type

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

value()[source]

synapse.lib.stormlib.modelext module

class synapse.lib.stormlib.modelext.LibModelExt(runt, name=())[source]

Bases: Lib

A Storm library for manipulating extended model elements.

async addExtModel(model)[source]

async addForm(formname, basetype, typeopts, typeinfo)[source]

async addFormProp(formname, propname, typedef, propinfo)[source]

async addTagProp(propname, typedef, propinfo)[source]

async addUnivProp(propname, typedef, propinfo)[source]

async delForm(formname)[source]

async delFormProp(formname, propname)[source]

async delTagProp(propname)[source]

async delUnivProp(propname)[source]

async getExtModel()[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.notifications module

class synapse.lib.stormlib.notifications.NotifyLib(runt, name=())[source]

Bases: Lib

A Storm library for a user interacting with their notifications.

async get(indx)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async list(size=None)[source]

synapse.lib.stormlib.oauth module

class synapse.lib.stormlib.oauth.OAuthV1Client(runt, ckey, csecret, atoken, asecret, sigtype, path=None)[source]

Bases: StormType

A client for doing OAuth V1 Authentication from Storm.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.oauth.OAuthV1Lib(runt, name=())[source]

Bases: Lib

A Storm library to handle OAuth v1 authentication.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.oauth.OAuthV2Lib(runt, name=())[source]

Bases: Lib

A Storm library for managing OAuth V2 clients.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.pack module

class synapse.lib.stormlib.pack.LibPack(runt, name=())[source]

Bases: Lib

Packing / unpacking structured bytes.

async en(fmt, items)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async un(fmt, byts, offs=0)[source]

synapse.lib.stormlib.project module

class synapse.lib.stormlib.project.LibProjects(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with Projects in the Cortex.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async iter()[source]

class synapse.lib.stormlib.project.Project(runt, node, path=None)[source]

Bases: Prim

Implements the Storm API for Project objects, which are used for managing a scrum style project in the Cortex

confirm(perm)[source]

async nodes()[source]

value()[source]

class synapse.lib.stormlib.project.ProjectEpic(proj, node)[source]

Bases: Prim

Implements the Storm API for a ProjectEpic

async nodes()[source]

async value()[source]

class synapse.lib.stormlib.project.ProjectEpics(proj)[source]

Bases: Prim

Implements the Storm API for ProjectEpics objects, which are collections of ProjectEpic objects associated with a particular Project

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async iter()[source]

class synapse.lib.stormlib.project.ProjectSprint(proj, node)[source]

Bases: Prim

Implements the Storm API for a ProjectSprint

async nodes()[source]

async value()[source]

class synapse.lib.stormlib.project.ProjectSprints(proj)[source]

Bases: Prim

Implements the Storm API for ProjectSprints objects, which are collections of sprints associated with a single project

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async iter()[source]

class synapse.lib.stormlib.project.ProjectTicket(proj, node)[source]

Bases: Prim

Implements the Storm API for a ProjectTicket.

async nodes()[source]

async value()[source]

class synapse.lib.stormlib.project.ProjectTicketComment(ticket, node)[source]

Bases: Prim

Implements the Storm API for a ProjectTicketComment

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async nodes()[source]

async value()[source]

class synapse.lib.stormlib.project.ProjectTicketComments(ticket)[source]

Bases: Prim

Implements the Storm API for ProjectTicketComments objects, which are collections of comments associated with a ticket.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async iter()[source]

class synapse.lib.stormlib.project.ProjectTickets(proj)[source]

Bases: Prim

Implements the Storm API for ProjectTickets objects, which are collections of tickets associated with a project

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async iter()[source]

synapse.lib.stormlib.random module

class synapse.lib.stormlib.random.LibRandom(runt, name=())[source]

Bases: Lib

A Storm library for generating random values.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.scrape module

class synapse.lib.stormlib.scrape.LibScrape(runt, name=())[source]

Bases: Lib

A Storm Library for providing helpers for scraping nodes from text.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.smtp module

class synapse.lib.stormlib.smtp.SmtpLib(runt, name=())[source]

Bases: Lib

A Storm Library for sending email messages via SMTP.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async message()[source]

class synapse.lib.stormlib.smtp.SmtpMessage(runt)[source]

Bases: StormType

An SMTP message to compose and send.

async send(host, port=25, user=None, passwd=None, usetls=False, starttls=False, timeout=60)[source]

synapse.lib.stormlib.spooled module

class synapse.lib.stormlib.spooled.LibSpooled(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with Spooled Objects.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.spooled.SpooledSet(valu, path=None)[source]

Bases: Set

A StormLib API instance of a Storm Set object that can fallback to lmdb.

async iter()[source]

async stormrepr()[source]

async value()[source]

synapse.lib.stormlib.stats module

class synapse.lib.stormlib.stats.LibStats(runt, name=())[source]

Bases: Lib

A Storm Library for statistics related functionality.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async tally()[source]

class synapse.lib.stormlib.stats.StatTally(path=None)[source]

Bases: Prim

A tally object.

An example of using it:

$tally = $lib.stats.tally()

$tally.inc(foo)

for $name, $total in $tally {
    $doStuff($name, $total)
}

async get(name)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async inc(name, valu=1)[source]

async iter()[source]

async sorted(byname=False, reverse=False)[source]

value()[source]

class synapse.lib.stormlib.stats.StatsCountByCmd(runt, runtsafe)[source]

Bases: Cmd

Tally occurrences of values and display a bar chart of the results.

Examples

// Show counts of geo:name values referenced by media:news nodes. media:news -(refs)> geo:name | stats.countby

// Show counts of ASN values in a set of IPs. inet:ipv4#myips | stats.countby :asn

// Show counts of attacker names for risk:compromise nodes. risk:compromise | stats.countby :attacker::name

async execStormCmd(runt, genr)[source]: Abstract base method

getArgParser()[source]

name = 'stats.countby'

readonly = True

synapse.lib.stormlib.stix module

class synapse.lib.stormlib.stix.LibStix(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with Stix Version 2.1 CS02.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async liftBundle(bundle)[source]

async validateBundle(bundle)[source]

class synapse.lib.stormlib.stix.LibStixExport(runt, name=())[source]

Bases: Lib

A Storm Library for exporting to STIX version 2.1 CS02.

async bundle(config=None)[source]

async config()[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

timestamp(tick)[source]

class synapse.lib.stormlib.stix.LibStixImport(runt, name=())[source]

Bases: Lib

A Storm Library for importing Stix Version 2.1 data.

async config()[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async ingest(bundle, config=None)[source]

class synapse.lib.stormlib.stix.StixBundle(libstix, runt, config, path=None)[source]

Bases: Prim

Implements the Storm API for creating and packing a STIX bundle for v2.1

async add(node, stixtype=None)[source]

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

pack()[source]

size()[source]

async value()[source]

synapse.lib.stormlib.stix.uuid4(valu=None)[source]

synapse.lib.stormlib.stix.uuid5(valu=None)[source]

synapse.lib.stormlib.stix.validateStix(bundle, version='2.1')[source]

synapse.lib.stormlib.storm module

class synapse.lib.stormlib.storm.LibStorm(runt, name=())[source]

Bases: Lib

A Storm library for evaluating dynamic storm expressions.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

synapse.lib.stormlib.vault module

class synapse.lib.stormlib.vault.LibVault(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with vaults.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

class synapse.lib.stormlib.vault.Vault(runt, valu, path=None)[source]

Bases: Prim

Implements the Storm API for a Vault.

Callers (instantiation) of this class must have already checked that the user has at least PERM_READ to the vault.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async stormrepr()[source]

value()[source]

class synapse.lib.stormlib.vault.VaultConfigs(runt, valu, path=None)[source]

Bases: Prim

Implements the Storm API for Vault data. This is used for both vault configs and vault secrets.

async deref(name)[source]

async iter()[source]

async setitem(name, valu)[source]

async stormrepr()[source]

value()[source]

class synapse.lib.stormlib.vault.VaultSecrets(runt, valu, path=None)[source]

Bases: VaultConfigs

async setitem(name, valu)[source]

synapse.lib.stormlib.version module

class synapse.lib.stormlib.version.VersionLib(runt, name=())[source]

Bases: Lib

A Storm Library for interacting with version information.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async matches(vertup, reqstr)[source]

synapse.lib.stormlib.xml module

class synapse.lib.stormlib.xml.LibXml(runt, name=())[source]

Bases: Lib

A Storm library for parsing XML.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async parse(valu)[source]

class synapse.lib.stormlib.xml.XmlElement(runt, elem)[source]

Bases: Prim

A Storm object for dealing with elements in an XML tree.

async find(name, nested=True)[source]

async get(name)[source]

async iter()[source]

synapse.lib.stormlib.yaml module

class synapse.lib.stormlib.yaml.LibYaml(runt, name=())[source]

Bases: Lib

A Storm Library for saving/loading YAML data.

getObjLocals()[source]

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:: A key/value pairs.
Return type:: dict

async load(valu)[source]

async save(valu, sort_keys=True)[source]