User Guide
Synapse-DomainIQ User Guide
Synapse-DomainIQ adds new Storm commands to allow you to query the DomainIQ API using your existing API key.
Getting Started
Check with your Admin to enable permissions and find out if you need a personal API key.
Examples
Setting your personal API key
To set-up a personal use API key:
> domainiq.setup.apikey --self myapikey
Setting DomainIQ API key for the current user.
Enrich an FQDN node with WHOIS data
Enrich some nodes with domainiq.whois and yield the results:
> [ inet:fqdn=google.com ] | domainiq.whois --yield
inet:whois:rec=('google.com', '2019/09/09 00:00:00.000')
.created = 2024/12/20 17:59:50.684
:asof = 2019/09/09 00:00:00.000
:created = 1997/09/15 00:00:00.000
:expires = 2028/09/14 00:00:00.000
:fqdn = google.com
:registrant =
:registrar = markmonitor
:text = domain name: google.com
registry domain id: 2138514_domain_com-vrsn
registrar whois server: whois.markmonitor.com
registrar url: http://www.markmonitor.com
updated date: 2019-09-09t15:39:04z
creation date: 1997-09-15t04:00:00z
registry expiry date: 2028-09-14t04:00:00z
registrar: markmonitor inc.
registrar iana id: 292
registrar abuse contact email: [email protected]
registrar abuse contact phone: +1.2083895740
domain status: clientdeleteprohibited https://icann.org/epp#clientdeleteprohibited
domain status: clienttransferprohibited https://icann.org/epp#clienttransferprohibited
domain status: clientupdateprohibited https://icann.org/epp#clientupdateprohibited
domain status: serverdeleteprohibited https://icann.org/epp#serverdeleteprohibited
domain status: servertransferprohibited https://icann.org/epp#servertransferprohibited
domain status: serverupdateprohibited https://icann.org/epp#serverupdateprohibited
name server: ns1.google.com
name server: ns2.google.com
name server: ns3.google.com
name server: ns4.google.com
dnssec: unsigned
url of the icann whois inaccuracy complaint form: https://www.icann.org/wicf/
>>> last update of whois database: 2020-06-30t12:05:29z <<<
domain name: google.com
registry domain id: 2138514_domain_com-vrsn
registrar whois server: whois.markmonitor.com
registrar url: http://www.markmonitor.com
updated date: 2019-09-09t08:39:04-0700
creation date: 1997-09-15t00:00:00-0700
registrar registration expiration date: 2028-09-13t00:00:00-0700
registrar: markmonitor, inc.
registrar iana id: 292
registrar abuse contact email: [email protected]
registrar abuse contact phone: +1.2083895770
domain status: clientupdateprohibited (https://www.icann.org/epp#clientupdateprohibited)
domain status: clienttransferprohibited (https://www.icann.org/epp#clienttransferprohibited)
domain status: clientdeleteprohibited (https://www.icann.org/epp#clientdeleteprohibited)
domain status: serverupdateprohibited (https://www.icann.org/epp#serverupdateprohibited)
domain status: servertransferprohibited (https://www.icann.org/epp#servertransferprohibited)
domain status: serverdeleteprohibited (https://www.icann.org/epp#serverdeleteprohibited)
registrant organization: google llc
registrant state/province: ca
registrant country: us
registrant email: select request email form at https://domains.markmonitor.com/whois/google.com
admin organization: google llc
admin state/province: ca
admin country: us
admin email: select request email form at https://domains.markmonitor.com/whois/google.com
tech organization: google llc
tech state/province: ca
tech country: us
tech email: select request email form at https://domains.markmonitor.com/whois/google.com
name server: ns3.google.com
name server: ns4.google.com
name server: ns1.google.com
name server: ns2.google.com
dnssec: unsigned
url of the icann whois data problem reporting system: http://wdprs.internic.net/
:updated = 2019/09/09 00:00:00.000
Use of meta:source
nodes
Synapse-DomainIQ uses a meta:source
node and -(seen)>
light
weight edges to track nodes observed from the DomainIQ API.
> meta:source=6db396fb2a85daf8985b85f7921620b5
meta:source=6db396fb2a85daf8985b85f7921620b5
.created = 2024/12/20 17:59:50.628
:name = domainiq api
Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-DomainIQ. The following example shows how to filter the results of a query to include only results observed by Synapse-DomainIQ:
> inet:whois:rec:fqdn=google.com +{ <(seen)- meta:source=6db396fb2a85daf8985b85f7921620b5 } -> inet:whois:recns
inet:whois:recns=('ns1.google.com', ('google.com', '2019/09/09 00:00:00.000'))
.created = 2024/12/20 17:59:50.718
:ns = ns1.google.com
:rec = ('google.com', '2019/09/09 00:00:00.000')
:rec:asof = 2019/09/09 00:00:00.000
:rec:fqdn = google.com
inet:whois:recns=('ns2.google.com', ('google.com', '2019/09/09 00:00:00.000'))
.created = 2024/12/20 17:59:50.728
:ns = ns2.google.com
:rec = ('google.com', '2019/09/09 00:00:00.000')
:rec:asof = 2019/09/09 00:00:00.000
:rec:fqdn = google.com