Synapse-AlienVault Changelog

v1.14.0 - 2024-02-20

Features and Enhancements

  • Update ingest logic to remove deprecated it:av:* forms in favor of it:av:scan:result.

  • Update deprecated $lib.dict() usage to JSON style syntax.

v1.13.0 - 2023-11-22


  • Caching has been removed from the following commands, so the --asof argument has been deprecated and will no longer have any effect:






This release contains an automatic cache cleanup that will run when the package is first upgraded. This will remove existing cached API response data from the jsonstor.

v1.12.0 - 2023-10-11

Features and Enhancements

  • Fall back to using the author_name field for tag generation in the case the author field isn’t populated.

  • Add additional debug printing for the various commands.

  • Add a name to the automatically generated it:host node used to tie sandbox data together.

v1.11.0 - 2023-08-11

Features and Enhancements

  • Reconstruct and set a pulse’s URL for the media:news node.

  • Record tags from third party pulse authors as <tagbase>.<author>.<tag>.

  • Set the pulse’s id as the :ext:id prop on the resultant media:news node.

  • Add the author of a pulse to the :authors array of the pulse’s media:news node.

v1.10.1 - 2023-06-16


  • Fix typos in the help output for alienvault.otx.files, alienvault.otx.ip, alienvault.otx.domain, and alienvault.otx.url

  • Handle invalid time values being returned by the whois endpoints.

v1.10.0 - 2023-03-22

Features and Enhancements

  • Update Power-Up to build with code signing.


  • Fix an issue where certain files would raise BadTypeValu exceptions.

v1.9.0 - 2023-01-05

Features and Enhancements

  • Updated alienvault.otx.domain, alienvault.otx.url, alienvault.otx.files, alienvault.otx.ip commands to automatically pull related pulse and tag information from their respective general endpoints.

  • Update documentation and help strings for Node Actions and the alienvault.otx.ip command.

  • Expand alienvault.otx.pdns command to accept inet:ipv4 and inet:ipv6 nodes.

  • Update alienvault.otx.domain to ingest http_scans endpoint data.


  • Fix how the malware endpoints iterate through the API pages.

  • Fix an issue in creation of inet:whois:contact nodes.

  • Fix an issue where it:prod:soft nodes created for it:av:filehit nodes would not have their :name property set.

v1.8.0 - 2022-09-28

Features and Enhancements

  • alienvault.otx.address and alienvault.otx.domain updated to link referenced malware files to the input node via a <(refs)- light edge.


  • Update modelling of alienvault.otx.domain to model returned domain information as inet:http:request

v1.7.0 - 2022-06-21

Features and Enhancements

  • Extract and link ou:name nodes for the “adversary” field in pulses.

  • Extract and link ou:industrname nodes for the “industries” field in pulses.

  • Extract and link it:prod:softname nodes for the “malware_families” field in pulses.

  • Extract and link it:mitre:attack:software nodes for the “malware_families” field in pulses.

  • Extract and link it:mitre:attack:technique nodes for the “attack_patterns” field in pulses.

  • Add the alienvault.otx.pulses.byid command to allow users to load specific pulses by id.

  • alienvault.otx.pdns --debug updated to print the raw response returned from the API.

  • alienvault.otx.urls --debug updated to print the raw response returned from the API.

  • alienvault.otx.files --debug updated to print the raw response returned from the API.

  • alienvault.otx.pulses --debug updated to print the raw response returned from the API.

v1.6.0 - 2022-05-11

Features and Enhancements

  • Update sandbox data ingestion to prefer the :sandbox:file property over :exe where appropriate.

  • Cached API responses are now stored in the JsonStor instead of in nodedata.


  • Fixed the displayed message for when the API key isn’t set.

v1.5.0 - 2022-03-07

Features and Enhancements

  • Added --resync option to the alienvault.otx.pulses to redownload the entire list of subscribed pulses.


  • Fixed an issue with alienvault.otx.files erroring out on files that lack certain file metadata.

  • Fixed documentation generation for the alienvault.otx.pulses command.

  • Fill in additional properties for sandbox information.

  • Update it:host guid generation to avoid collisions.

  • Removed a reference to a deprecated property.

  • Fixed an issue with alienvault.otx.ip erroring out on addresses that don’t include ASN information.

v1.4.1 - 2022-01-10


  • Fix debug behavior for alienvault.otx.ip.

v1.4.0 - 2021-12-30

Features and Enhancements

  • Updated alienvault.otx.files command to process hash:md5 hash:sha1 and hash:sh256 nodes.

  • Added Optic node action to execute alienvault.otx.ip on compatible nodes.

  • Added Optic node action to execute alienvault.otx.url on compatible nodes.

  • Added Optic node action to execute alienvault.otx.files on compatible nodes.

  • Added Optic node action to execute alienvault.otx.domain on compatible nodes.

v1.3.0 - 2021-12-16

Features and Enhancements

  • Fix wording for the help output of the alienvault.otx.pulses command.

  • Use the tags field to populate #rep.alienvault tags onto indicators created from Pulse data.

  • Add alienvault.setup.tagprefix command to customize the tag prefix used for pulse data.

  • Populate sandbox behavior data from the cuckoo sandbox runs.


  • Added better handling for empty file analysis data.

  • Properly populate it:app:yara:rule nodes with the correct rule text from pulse information.

v1.2.0 - 2021-10-13

Features and Enhancements

  • Populate the .seen property on inet:url nodes created via the alienvault.otx.domain command

  • Add seen light edges to nodes created as a result of the alienvault.otx commands

v1.1.0 - 2021-09-15

Features and Enhancements

  • Add alienvault.otx.ip for enriching inet:ipv4 and inet:ipv6 nodes using AlienVault’s IPv4/IPv6 endpoints.

  • Add alienvault.otx.url for enriching inet:url nodes using AlienVault’s URL endpoint.

  • Add alienvault.otx.files for enriching file:bytes nodes using AlienVault’s File endpoint.

  • Add alienvault.otx.domain for enriching inet:fqdn nodes using AlienVault’s Domain endpoint.

v1.0.1 - 2021-08-20


  • Added description to power-up definition

v1.0.0 - 2021-08-13

Features and Enhancements

  • Initial release of Synapse-AlienVault v1.0.0.