Admin Guide

Synapse-AlienVault Admin Guide

Configuration

Synapse-AlienVault requires a AlienVault API key. For information on how to signup, please visit the AlienVault API documentation.

Setting API key for global use

To set-up a global API key:

> alienvault.setup.apikey myapikey
Setting Synapse-AlienVault API key for all users.

Using per-user API keys

A user may set-up their own API key:

> alienvault.setup.apikey --self myapikey
Setting Synapse-AlienVault API key for the current user.

Permissions

Package (synapse-alienvault) defines the following permissions:
power-ups.alienvault.user        : Controls user access to Synapse-AlienVault.

You may add rules to users/roles directly from storm:

> auth.user.addrule visi power-ups.alienvault.user
User (visi) added rule: power-ups.alienvault.user

or:

> auth.role.addrule ninjas power-ups.alienvault.user
Role (ninjas) added rule: power-ups.alienvault.user

Exported APIs

Synapse-AlienVault does not currently export any APIs.

Node Actions

Synapse-AlienVault provides the following node actions in Optic:

Name : pDNS API
Desc : Enrich inet:fqdn, inet:ipv4, or inet:ipv6 nodes using the AlienVault pDNS API.
Forms: inet:fqdn, inet:ipv4, inet:ipv6

Name : domain API
Desc : Enrich inet:fqdn nodes using the AlienVault domain API.
Forms: inet:fqdn

Name : files API
Desc : Enrich file:bytes, hash:md5, hash:sha1, and hash:sha256 nodes using the AlienVault files API.
Forms: file:bytes, hash:sha256, hash:sha1, hash:md5

Name : url API
Desc : Enrich inet:url nodes using the AlienVault url API.
Forms: inet:url

Name : ip API
Desc : Enrich inet:ipv4 and inet:ipv6 nodes using the AlienVault ip API.
Forms: inet:ipv4, inet:ipv6

Onload Events

Synapse-AlienVault does not use any onload events.