Package Documentation
Storm Package: synapse-alienvault
The following Commands are available from this package. This documentation is generated for version 1.16.2 of the package.
Storm Commands
This package implements the following Storm Commands.
alienvault.otx.domain
Enrich a URL or domain using the OTX API.
Examples:
// Retrieve info about a FQDN, yielding out the nodes created
inet:fqdn=vertex.link | alienvault.otx.domain --yield
Usage: alienvault.otx.domain [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--asof <asof> : This argument is deprecated and no longer has any effect.
The command is accessible to users with one or more of the following permissions:
power-ups.alienvault.user
alienvault.otx.files
Enrich a file or hash using the OTX API.
Examples:
// Retrieve info about a file, yielding out nodes created
file:bytes | alienvault.otx.files --yield
Usage: alienvault.otx.files [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--asof <asof> : This argument is deprecated and no longer has any effect.
Inputs:
file:bytes : A file:bytes node with a compatible hash property to enrich
hash:md5 : An MD5 hash to enrich
hash:sha1 : A SHA1 hash to enrich
hash:sha256 : A SHA256 hash to enrich
The command is accessible to users with one or more of the following permissions:
power-ups.alienvault.user
alienvault.otx.ip
Enrich an IP address using the OTX API.
Examples:
// Retrieve info about an ipv4 address, yielding out the nodes created
inet:ipv4=8.8.8.8 | alienvault.otx.ip --yield
// Retrieve info about all ipv6 addresses
inet:ipv6 | alienvault.otx.ip --yield
Usage: alienvault.otx.ip [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--asof <asof> : This argument is deprecated and no longer has any effect.
The command is accessible to users with one or more of the following permissions:
power-ups.alienvault.user
alienvault.otx.pdns
Lookup Passive DNS records for inbound inet:fqdn, inet:ipv4, or inet:ipv6 nodes.
Examples:
// Query a specific fqdn
inet:fqdn=vertex.link | alienvault.otx.pdns
// Query an IP address
inet:ipv4=1.2.3.4 | alienvault.otx.pdns
Usage: alienvault.otx.pdns [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size (per-node).
--yield : Yield the newly created nodes.
--asof <asof> : This argument is deprecated and no longer has any effect.
Inputs:
inet:fqdn : Query Passive DNS records for FQDNs
The command is accessible to users with one or more of the following permissions:
power-ups.alienvault.user
alienvault.otx.pulses
Retrieve AlienVault OTX Pulses subscribed to by the API key user.
Examples:
// Retrieve the latest pulses
alienvault.otx.pulses
// Retrieve the latest pulses, and yield up to 2 of the created nodes
alienvault.otx.pulses --yield --size 2
// Re-download the entire list of pulses.
alienvault.otx.pulses --resync --yield
Usage: alienvault.otx.pulses [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--resync : Redownload the entire list of subscribed pulses, starting from the beginning of time.
The command is accessible to users with one or more of the following permissions:
power-ups.alienvault.user
alienvault.otx.pulses.byid
Retrieve specific AlienVault OTX Pulses by ID.
Examples:
// Download and ingest AlienVault Pulse ID 61090c601d7bda90aed534df
alienvault.otx.pulses.byid 61090c601d7bda90aed534df
Usage: alienvault.otx.pulses.byid [options] <pulseids>
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--yield : Yield the newly created nodes.
Arguments:
<pulseids> [<pulseids> ...] : The pulse IDs
The command is accessible to users with one or more of the following permissions:
power-ups.alienvault.user
alienvault.otx.url
Enrich a URL using the OTX API.
Examples:
// Retrieve info about a URL, yielding out nodes created
inet:url=https://images.google.com | alienvault.otx.url --yield
Usage: alienvault.otx.url [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--asof <asof> : This argument is deprecated and no longer has any effect.
The command is accessible to users with one or more of the following permissions:
power-ups.alienvault.user
alienvault.setup.apikey
Set the AlienVault API key.
Usage: alienvault.setup.apikey [options] <apikey>
Options:
--help : Display the command usage.
--self : Set the key as a user variable. If not used, the key is set globally.
Arguments:
<apikey> : The AlienVault API key string.
The command is accessible to users with one or more of the following permissions:
power-ups.alienvault.user
alienvault.setup.tagprefix
Set the tag prefix used when recording AlienVault pulse data as tags.
The default tag prefix is "rep.alienvault" if not specified.
For example, the AlienVault tag "apt32" would result in
"#rep.alienvault.apt32". Any characters incompatible with
tag names are replaced with "_".
Usage: alienvault.setup.tagprefix [options] <tagname>
Options:
--help : Display the command usage.
--self : Set the tag prefix as a user variable. If not used, the prefix is set globally.
Arguments:
<tagname> : The tag prefix to use.
The command is accessible to users with one or more of the following permissions:
power-ups.alienvault.user
Storm Modules
This package does not export any Storm APIs.