Package Documentation¶
Storm Package: synapse-alienvault¶
The following Commands are available from this package. This documentation is generated for version 1.9.0 of the package.
Storm Commands¶
This package implements the following Storm Commands.
alienvault.otx.domain¶
Enrich a url or domain using the OTX API
Examples:
// Retrieve info about a domain, yielding out the nodes created
inet:fqdn=vertex.link | alienvault.otx.domain --yield
// Retrieve info about a FQDN, bypassing any caching
inet:fqdn=vertex.link | alienvault.otx.domain --asof now --yield
Usage: alienvault.otx.domain [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--asof <asof> : Specify the maximum age for a cached result. To disable caching, use --asof now. (default: -30days)
alienvault.otx.files¶
Enrich a file or hash using the OTX Api.
Examples:
// Retrieve info about a file, yielding out nodes created
file:bytes | alienvault.otx.files --yield
Usage: alienvault.otx.files [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--asof <asof> : Specify the maximum age for a cached result. To disable caching, use --asof now. (default: -30days)
alienvault.otx.ip¶
Enrich an IP address using the OTX Api
Examples:
// Retrieve info about an ipv4 address, yielding out the nodes created
inet:ipv4=8.8.8.8 | alienvault.otx.ip --yield
// Retrieve info about all ipv6 addresses, bypassing any caching
inet:ipv6 | alienvault.otx.ip --asof now --yield
Usage: alienvault.otx.ip [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--asof <asof> : Specify the maximum age for a cached result. To disable caching, use --asof now. (default: -30days)
alienvault.otx.pdns¶
Lookup Passive DNS records for inbound inet:fqdn, inet:ipv4, or inet:ipv6 nodes.
Examples:
// Query a specific fqdn
inet:fqdn=vertex.link | alienvault.otx.pdns
// Bypass the cache and yield the produced nodes
inet:fqdn=vertex.link | alienvault.otx.pdns --yield --asof now | limit 10
// Query an IP address
inet:ipv4=1.2.3.4 | alienvault.otx.pdns
Usage: alienvault.otx.pdns [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size (per-node).
--yield : Yield the newly created nodes.
--asof <asof> : Specify the maximum age for a cached result. To disable caching, use --asof now. (default: -30days)
alienvault.otx.pulses¶
Retrieve AlienVault OTX Pulses subscribed to by the API key user.
Examples:
// Retrieve the latest pulses
alienvault.otx.pulses
// Retrieve the latest pulses, and yield up to 2 of the created nodes
alienvault.otx.pulses --yield --size 2
// Re-download the entire list of pulses.
alienvault.otx.pulses --resync --yield
Usage: alienvault.otx.pulses [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--resync : Redownload the entire list of subscribed pulses, starting from the beginning of time.
alienvault.otx.pulses.byid¶
Retrieve specific AlienVault OTX Pulses by ID.
Examples:
// Download and ingest AlienVault Pulse ID 61090c601d7bda90aed534df
alienvault.otx.pulses.byid 61090c601d7bda90aed534df
Usage: alienvault.otx.pulses.byid [options] <pulseids>
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--yield : Yield the newly created nodes.
Arguments:
<pulseids> [<pulseids> ...] : The pulse IDs
alienvault.otx.url¶
Enrich a url using the OTX Api
Examples:
// Retrieve info about a URL, yielding out nodes created
inet:url=https://images.google.com | alienvault.otx.url --yield
// Retrieve info about a URL, bypassing any caching
inet:url=https://news.ycombinator.com | alienvault.otx.url --asof now --yield
Usage: alienvault.otx.url [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--asof <asof> : Specify the maximum age for a cached result. To disable caching, use --asof now. (default: -30days)
alienvault.setup.apikey¶
Set the AlienVault API key.
Usage: alienvault.setup.apikey [options] <apikey>
Options:
--help : Display the command usage.
--self : Set the key as a user variable. If not used, the key is set globally.
Arguments:
<apikey> : The AlienVault API key string.
alienvault.setup.tagprefix¶
Set the tag prefix used when recording AlienVault pulse data as tags.
The default tag prefix is "rep.alienvault" if not specified.
For example, the AlienVault tag "apt31" would result in
"#rep.alienvault.apt32". Any characters incompatible with
tag names are replaced with "_".
Usage: alienvault.setup.tagprefix [options] <tagname>
Options:
--help : Display the command usage.
--self : Set the tag prefix as a user variable. If not used, the prefix is set globally.
Arguments:
<tagname> : The tag prefix to use.