synapse.models package

Subpackages

• synapse.models.gov package
  • Submodules
  • synapse.models.gov.cn module
    • GovCnModule
      • GovCnModule.getModelDefs()
  • synapse.models.gov.intl module
    • GovIntlModule
      • GovIntlModule.getModelDefs()
  • synapse.models.gov.us module
    • GovUsModule
      • GovUsModule.getModelDefs()

Submodules

synapse.models.auth module

class synapse.models.auth.AuthModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.base module

class synapse.models.base.BaseModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.belief module

class synapse.models.belief.BeliefModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.biz module

class synapse.models.biz.BizModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.crypto module

class synapse.models.crypto.CryptoModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.dns module

class synapse.models.dns.DnsModule(core, conf=None)

Bases: CoreModule

getModelDefs()

class synapse.models.dns.DnsName(modl, name, info, opts)

Bases: Str

postTypeInit()

synapse.models.economic module

class synapse.models.economic.EconModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.files module

class synapse.models.files.FileBase(modl, name, info, opts)

Bases: Str

postTypeInit()

class synapse.models.files.FileBytes(modl, name, info, opts)

Bases: Str

postTypeInit()

class synapse.models.files.FileModule(core, conf=None)

Bases: CoreModule

getModelDefs()

async initCoreModule()

Module implementers may override this method to initialize the module after the Cortex has completed and is accessible to perform storage operations.

Notes

This is the preferred function to override for implementing custom code that needs to be executed during Cortex startup.

Any exception raised within this method will remove the module from the list of currently loaded modules.

This is called for modules after getModelDefs() and getStormCmds() has been called, in order to allow for model loading and storm command loading prior to code execution offered by initCoreModule.

A failure during initCoreModule will not unload data model or storm commands registered by the module.

Returns:

None

class synapse.models.files.FilePath(modl, name, info, opts)

Bases: Str

postTypeInit()

synapse.models.geopol module

class synapse.models.geopol.PolModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.geospace module

class synapse.models.geospace.Area(modl, name, info, opts)

Bases: Int

postTypeInit()

repr(norm)

Return a printable representation for the value. This may return a string or a tuple of values for display purposes.

class synapse.models.geospace.Dist(modl, name, info, opts)

Bases: Int

postTypeInit()

repr(norm)

Return a printable representation for the value. This may return a string or a tuple of values for display purposes.

class synapse.models.geospace.GeoModule(core, conf=None)

Bases: CoreModule

getModelDefs()

class synapse.models.geospace.LatLong(modl, name, info, opts)

Bases: Type

postTypeInit()

repr(norm)

Return a printable representation for the value. This may return a string or a tuple of values for display purposes.

stortype: int = 14

synapse.models.inet module

class synapse.models.inet.Addr(modl, name, info, opts)

Bases: Str

postTypeInit()

class synapse.models.inet.Cidr4(modl, name, info, opts)

Bases: Str

postTypeInit()

class synapse.models.inet.Cidr6(modl, name, info, opts)

Bases: Str

postTypeInit()

class synapse.models.inet.Email(modl, name, info, opts)

Bases: Str

postTypeInit()

class synapse.models.inet.Fqdn(modl, name, info, opts)

Bases: Type

postTypeInit()

repr(valu)

Return a printable representation for the value. This may return a string or a tuple of values for display purposes.

stortype: int = 17

class synapse.models.inet.HttpCookie(modl, name, info, opts)

Bases: Str

getTypeVals(valu)

class synapse.models.inet.IPv4(modl, name, info, opts)

Bases: Type

The base type for an IPv4 address.

getCidrRange(text)

getNetRange(text)

getTypeVals(valu)

postTypeInit()

repr(norm)

Return a printable representation for the value. This may return a string or a tuple of values for display purposes.

stortype: int = 4

class synapse.models.inet.IPv4Range(modl, name, info, opts)

Bases: Range

postTypeInit()

class synapse.models.inet.IPv6(modl, name, info, opts)

Bases: Type

getCidrRange(text)

getNetRange(text)

getTypeVals(valu)

postTypeInit()

stortype: int = 18

class synapse.models.inet.IPv6Range(modl, name, info, opts)

Bases: Range

postTypeInit()

class synapse.models.inet.InetModule(core, conf=None)

Bases: CoreModule

getModelDefs()

async initCoreModule()

Module implementers may override this method to initialize the module after the Cortex has completed and is accessible to perform storage operations.

Notes

This is the preferred function to override for implementing custom code that needs to be executed during Cortex startup.

Any exception raised within this method will remove the module from the list of currently loaded modules.

This is called for modules after getModelDefs() and getStormCmds() has been called, in order to allow for model loading and storm command loading prior to code execution offered by initCoreModule.

A failure during initCoreModule will not unload data model or storm commands registered by the module.

Returns:

None

class synapse.models.inet.Rfc2822Addr(modl, name, info, opts)

Bases: Str

An RFC 2822 compatible email address parser

postTypeInit()

class synapse.models.inet.Url(modl, name, info, opts)

Bases: Str

postTypeInit()

synapse.models.inet.getAddrScope(ipv6)

synapse.models.inet.getAddrType(ip)

synapse.models.infotech module

class synapse.models.infotech.Cpe22Str(modl, name, info, opts)

Bases: Str

CPE 2.2 Formatted String https://cpe.mitre.org/files/cpe-specification_2.2.pdf

class synapse.models.infotech.Cpe23Str(modl, name, info, opts)

Bases: Str

CPE 2.3 Formatted String

https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf

(Section 6.2)

cpe:2.3: part : vendor : product : version : update : edition :
    language : sw_edition : target_sw : target_hw : other

* = "any"
- = N/A

class synapse.models.infotech.ItModule(core, conf=None)

Bases: CoreModule

bruteVersionStr(valu)

This API is deprecated.

Brute force the version out of a string.

Parameters:

valu (str) – String to attempt to get version information for.

Notes

This first attempts to parse strings using the it:semver normalization before attempting to extract version parts out of the string.

Returns:

The system normalized version integer and a subs dictionary.

Return type:

int, dict

getModelDefs()

async initCoreModule()

Module implementers may override this method to initialize the module after the Cortex has completed and is accessible to perform storage operations.

Notes

This is the preferred function to override for implementing custom code that needs to be executed during Cortex startup.

Any exception raised within this method will remove the module from the list of currently loaded modules.

This is called for modules after getModelDefs() and getStormCmds() has been called, in order to allow for model loading and storm command loading prior to code execution offered by initCoreModule.

A failure during initCoreModule will not unload data model or storm commands registered by the module.

Returns:

None

class synapse.models.infotech.SemVer(modl, name, info, opts)

Bases: Int

Provides support for parsing a semantic version string into its component parts. This normalizes a version string into an integer to allow version ordering. Prerelease information is disregarded for integer comparison purposes, as we cannot map an arbitrary pre-release version into a integer value

Major, minor and patch levels are represented as integers, with a max width of 20 bits. The comparable integer value representing the semver is the bitwise concatenation of the major, minor and patch levels.

Prerelease and build information will be parsed out and available as strings if that information is present.

postTypeInit()

repr(valu)

Return a printable representation for the value. This may return a string or a tuple of values for display purposes.

synapse.models.infotech.chopCpe22(text)

CPE 2.2 Formatted String https://cpe.mitre.org/files/cpe-specification_2.2.pdf

synapse.models.infotech.cpesplit(text)

synapse.models.infotech.zipCpe22(parts)

synapse.models.language module

class synapse.models.language.LangModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.material module

A data model focused on material objects.

class synapse.models.material.MatModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.media module

class synapse.models.media.MediaModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.orgs module

class synapse.models.orgs.OuModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.person module

class synapse.models.person.PsModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.proj module

class synapse.models.proj.ProjectModule(core, conf=None)

Bases: CoreModule

getModelDefs()

async initCoreModule()

Module implementers may override this method to initialize the module after the Cortex has completed and is accessible to perform storage operations.

Notes

This is the preferred function to override for implementing custom code that needs to be executed during Cortex startup.

Any exception raised within this method will remove the module from the list of currently loaded modules.

This is called for modules after getModelDefs() and getStormCmds() has been called, in order to allow for model loading and storm command loading prior to code execution offered by initCoreModule.

A failure during initCoreModule will not unload data model or storm commands registered by the module.

Returns:

None

synapse.models.risk module

class synapse.models.risk.CvssV2(modl, name, info, opts)

Bases: Str

class synapse.models.risk.CvssV3(modl, name, info, opts)

Bases: Str

class synapse.models.risk.RiskModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.science module

class synapse.models.science.ScienceModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.syn module

class synapse.models.syn.SynModule(core, conf=None)

Bases: CoreModule

getModelDefs()

initCoreModule()

Module implementers may override this method to initialize the module after the Cortex has completed and is accessible to perform storage operations.

Notes

This is the preferred function to override for implementing custom code that needs to be executed during Cortex startup.

Any exception raised within this method will remove the module from the list of currently loaded modules.

This is called for modules after getModelDefs() and getStormCmds() has been called, in order to allow for model loading and storm command loading prior to code execution offered by initCoreModule.

A failure during initCoreModule will not unload data model or storm commands registered by the module.

Returns:

None

synapse.models.telco module

class synapse.models.telco.Imei(modl, name, info, opts)

Bases: Int

postTypeInit()

class synapse.models.telco.Imsi(modl, name, info, opts)

Bases: Int

postTypeInit()

class synapse.models.telco.Phone(modl, name, info, opts)

Bases: Str

postTypeInit()

repr(valu)

Return a printable representation for the value. This may return a string or a tuple of values for display purposes.

class synapse.models.telco.TelcoModule(core, conf=None)

Bases: CoreModule

getModelDefs()

synapse.models.telco.chop_imei(imei)

synapse.models.telco.digits(text)

synapse.models.telco.imeicsum(text)

Calculate the imei check byte.

synapse.models.transport module

class synapse.models.transport.TransportModule(core, conf=None)

Bases: CoreModule

getModelDefs()