Admin Guide
Synapse-AssemblyLine Admin Guide
Configuration
Synapse-AssemblyLine requires an AssemblyLine API key and username. For information on how to sign up, please see your AssemblyLine instance.
Setting API username and key for global use
To set-up a global API key:
> assemblyline.setup.apikey myapiuser myapikey
Setting AssemblyLine API username and key for all users.
Setting the API Endpoint for global use
To configure a global API endpoint:
> assemblyline.setup.endpoint "https://assembly.mydomain.com/"
Setting AssemblyLine API Endpoint for all users
Using per-user API keys
A user may set-up their own API key:
> assemblyline.setup.apikey --self myapiuser myapikey
Setting AssemblyLine API username and key for the current user.
Dependencies
Synapse-AssemblyLine does not have any dependencies.
Permissions
Package (synapse-assemblyline) defines the following permissions:
power-ups.assemblyline.user : Controls user access to Synapse-AssemblyLine. ( default: false )
power-ups.assemblyline.admin : Controls access to Synapse-AssemblyLine proxy settings. ( default: false )
You may add rules to users/roles directly from Storm:
> auth.user.addrule visi power-ups.assemblyline.user
Added rule power-ups.assemblyline.user to user visi.
or:
> auth.role.addrule ninjas power-ups.assemblyline.user
Added rule power-ups.assemblyline.user to role ninjas.
Workflows
Synapse-AssemblyLine provides the following workflows in Optic:
Title: Configuration
Node Actions
Synapse-AssemblyLine provides the following node actions in Optic:
Name : assemblyline.enrich
Desc : Enrich file:bytes and inet:url nodes using Synapse-AssemblyLine
Forms: inet:fqdn, inet:url, file:bytes, hash:sha256
Name : assemblyline.download
Desc : Download files from an AssemblyLine instance into the configured Axon.
Forms: file:bytes, hash:sha256
Name : assemblyline.submit
Desc : Submit a file in the configured Axon or an inet:url for processing.
Forms: file:bytes, inet:url, inet:fqdn
Onload Events
Synapse-AssemblyLine does not use any onload events.