User Guide

Synapse-DomainIQ User Guide

Synapse-DomainIQ adds new Storm commands to allow you to query the DomainIQ API using your existing API key.

Getting Started

Check with your Admin to enable permissions and find out if you need a personal API key.

Examples

Setting your personal API key

To set-up a personal use API key:

> domainiq.setup.apikey --self myapikey
Setting DomainIQ API key for the current user.

Enrich an FQDN node with WHOIS data

Enrich some nodes with domainiq.whois and yield the results:

> [ inet:fqdn=google.com ] | domainiq.whois --yield
inet:whois:rec=('google.com', '2019/09/09 00:00:00.000')
        .created = 2024/12/20 17:59:50.684
        :asof = 2019/09/09 00:00:00.000
        :created = 1997/09/15 00:00:00.000
        :expires = 2028/09/14 00:00:00.000
        :fqdn = google.com
        :registrant =
        :registrar = markmonitor
        :text = domain name: google.com
                registry domain id: 2138514_domain_com-vrsn
                registrar whois server: whois.markmonitor.com
                registrar url: http://www.markmonitor.com
                updated date: 2019-09-09t15:39:04z
                creation date: 1997-09-15t04:00:00z
                registry expiry date: 2028-09-14t04:00:00z
                registrar: markmonitor inc.
                registrar iana id: 292
                registrar abuse contact email: [email protected]
                registrar abuse contact phone: +1.2083895740
                domain status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
                domain status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
                domain status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
                domain status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
                domain status: servertransferprohibited https://icann.org/epp#servertransferprohibited
                domain status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
                name server: ns1.google.com
                name server: ns2.google.com
                name server: ns3.google.com
                name server: ns4.google.com
                dnssec: unsigned
                url of the icann whois inaccuracy complaint form: https://www.icann.org/wicf/
                >>> last update of whois database: 2020-06-30t12:05:29z <<<
                domain name: google.com
                registry domain id: 2138514_domain_com-vrsn
                registrar whois server: whois.markmonitor.com
                registrar url: http://www.markmonitor.com
                updated date: 2019-09-09t08:39:04-0700
                creation date: 1997-09-15t00:00:00-0700
                registrar registration expiration date: 2028-09-13t00:00:00-0700
                registrar: markmonitor, inc.
                registrar iana id: 292
                registrar abuse contact email: [email protected]
                registrar abuse contact phone: +1.2083895770
                domain status: clientupdateprohibited (https://www.icann.org/epp#clientupdateprohibited)
                domain status: clienttransferprohibited (https://www.icann.org/epp#clienttransferprohibited)
                domain status: clientdeleteprohibited (https://www.icann.org/epp#clientdeleteprohibited)
                domain status: serverupdateprohibited (https://www.icann.org/epp#serverupdateprohibited)
                domain status: servertransferprohibited (https://www.icann.org/epp#servertransferprohibited)
                domain status: serverdeleteprohibited (https://www.icann.org/epp#serverdeleteprohibited)
                registrant organization: google llc
                registrant state/province: ca
                registrant country: us
                registrant email: select request email form at https://domains.markmonitor.com/whois/google.com
                admin organization: google llc
                admin state/province: ca
                admin country: us
                admin email: select request email form at https://domains.markmonitor.com/whois/google.com
                tech organization: google llc
                tech state/province: ca
                tech country: us
                tech email: select request email form at https://domains.markmonitor.com/whois/google.com
                name server: ns3.google.com
                name server: ns4.google.com
                name server: ns1.google.com
                name server: ns2.google.com
                dnssec: unsigned
                url of the icann whois data problem reporting system: http://wdprs.internic.net/
        :updated = 2019/09/09 00:00:00.000

Use of meta:source nodes

Synapse-DomainIQ uses a meta:source node and -(seen)> light weight edges to track nodes observed from the DomainIQ API.

> meta:source=6db396fb2a85daf8985b85f7921620b5
meta:source=6db396fb2a85daf8985b85f7921620b5
        .created = 2024/12/20 17:59:50.628
        :name = domainiq api

Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-DomainIQ. The following example shows how to filter the results of a query to include only results observed by Synapse-DomainIQ:

> inet:whois:rec:fqdn=google.com +{ <(seen)- meta:source=6db396fb2a85daf8985b85f7921620b5 } -> inet:whois:recns
inet:whois:recns=('ns1.google.com', ('google.com', '2019/09/09 00:00:00.000'))
        .created = 2024/12/20 17:59:50.718
        :ns = ns1.google.com
        :rec = ('google.com', '2019/09/09 00:00:00.000')
        :rec:asof = 2019/09/09 00:00:00.000
        :rec:fqdn = google.com
inet:whois:recns=('ns2.google.com', ('google.com', '2019/09/09 00:00:00.000'))
        .created = 2024/12/20 17:59:50.728
        :ns = ns2.google.com
        :rec = ('google.com', '2019/09/09 00:00:00.000')
        :rec:asof = 2019/09/09 00:00:00.000
        :rec:fqdn = google.com