Package Documentation

Storm Package: synapse-alienvault

The following Commands are available from this package. This documentation is generated for version 1.14.0 of the package.

Storm Commands

This package implements the following Storm Commands.

alienvault.otx.domain

Enrich a URL or domain using the OTX API.

Examples:

  // Retrieve info about a FQDN, yielding out the nodes created
  inet:fqdn=vertex.link | alienvault.otx.domain --yield


Usage: alienvault.otx.domain [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size.
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : This argument is deprecated and no longer has any effect.

alienvault.otx.files

Enrich a file or hash using the OTX API.

Examples:

  // Retrieve info about a file, yielding out nodes created
  file:bytes | alienvault.otx.files --yield


Usage: alienvault.otx.files [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size.
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : This argument is deprecated and no longer has any effect.

alienvault.otx.ip

Enrich an IP address using the OTX API.

Examples:

  // Retrieve info about an ipv4 address, yielding out the nodes created
  inet:ipv4=8.8.8.8 | alienvault.otx.ip --yield

  // Retrieve info about all ipv6 addresses
  inet:ipv6 | alienvault.otx.ip --yield


Usage: alienvault.otx.ip [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size.
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : This argument is deprecated and no longer has any effect.

alienvault.otx.pdns

Lookup Passive DNS records for inbound inet:fqdn, inet:ipv4, or inet:ipv6 nodes.

Examples:

  // Query a specific fqdn
  inet:fqdn=vertex.link | alienvault.otx.pdns

  // Query an IP address
  inet:ipv4=1.2.3.4 | alienvault.otx.pdns


Usage: alienvault.otx.pdns [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node).
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : This argument is deprecated and no longer has any effect.

alienvault.otx.pulses

Retrieve AlienVault OTX Pulses subscribed to by the API key user.

Examples:

  // Retrieve the latest pulses
  alienvault.otx.pulses

  // Retrieve the latest pulses, and yield up to 2 of the created nodes
  alienvault.otx.pulses --yield --size 2

  // Re-download the entire list of pulses.
  alienvault.otx.pulses --resync --yield


Usage: alienvault.otx.pulses [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size.
  --yield                     : Yield the newly created nodes.
  --resync                    : Redownload the entire list of subscribed pulses, starting from the beginning of time.

alienvault.otx.pulses.byid

Retrieve specific AlienVault OTX Pulses by ID.

Examples:
  // Download and ingest AlienVault Pulse ID 61090c601d7bda90aed534df
  alienvault.otx.pulses.byid 61090c601d7bda90aed534df


Usage: alienvault.otx.pulses.byid [options] <pulseids>

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --yield                     : Yield the newly created nodes.

Arguments:

  <pulseids> [<pulseids> ...] : The pulse IDs

alienvault.otx.url

Enrich a URL using the OTX API.

Examples:

  // Retrieve info about a URL, yielding out nodes created
  inet:url=https://images.google.com | alienvault.otx.url --yield


Usage: alienvault.otx.url [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size.
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : This argument is deprecated and no longer has any effect.

alienvault.setup.apikey

Set the AlienVault API key.


Usage: alienvault.setup.apikey [options] <apikey>

Options:

  --help                      : Display the command usage.
  --self                      : Set the key as a user variable. If not used, the key is set globally.

Arguments:

  <apikey>                    : The AlienVault API key string.

alienvault.setup.tagprefix

Set the tag prefix used when recording AlienVault pulse data as tags.

The default tag prefix is "rep.alienvault" if not specified.
For example, the AlienVault tag "apt32" would result in
"#rep.alienvault.apt32".  Any characters incompatible with
tag names are replaced with "_".


Usage: alienvault.setup.tagprefix [options] <tagname>

Options:

  --help                      : Display the command usage.
  --self                      : Set the tag prefix as a user variable. If not used, the prefix is set globally.

Arguments:

  <tagname>                   : The tag prefix to use.

Storm Modules

This package does not export any Storm APIs.