Admin Guide

Synapse-Group-IB Admin Guide

Configuration

Synapse-Group-IB requires a Group-IB TI API key. For information on how to generate a Group-IB TI API key and configure the necessary IP access rules, please visit the Group-IB TI API Starting Guide.

Setting API credentials for global use

To set-up global API credentials for Group-IB Threat Intelligence:

> groupib.ti.setup.apikey mylogin myapikey
Setting Group-IB TI credentials for all users.

Using per-user API credentials

A user may set-up their own API key:

> groupib.ti.setup.apikey --self mylogin myapikey
Setting Group-IB TI credentials for the current user.

Dependencies

Synapse-Group-IB does not have any dependencies.

Permissions

Package (synapse-group-ib) defines the following permissions:
power-ups.groupib.ti.user        : Controls user access to Synapse-Group-IB Threat Intelligence. ( default: false )

You may add rules to users/roles directly from storm:

> auth.user.addrule visi power-ups.groupib.ti.user
Added rule power-ups.groupib.ti.user to user visi.

or:

> auth.role.addrule ninjas power-ups.groupib.ti.user
Added rule power-ups.groupib.ti.user to role ninjas.

Exported APIs

Synapse-Group-IB does not currently export any APIs.

Workflows

Synapse-Group-IB provides the following workflows in Optic:

Title: Configuration

Node Actions

Synapse-Group-IB provides the following node actions in Optic:

Name : ti.threat.actors
Desc : Search for threat actors using Synapse-Group-IB
Forms: inet:fqdn, inet:ipv4, hash:sha256, hash:md5, hash:sha1, risk:threat, it:sec:cve, file:bytes

Name : ti.threat.reports
Desc : Search for threat reports using Synapse-Group-IB
Forms: inet:fqdn, inet:ipv4, hash:sha256, hash:md5, hash:sha1, risk:threat, it:sec:cve, file:bytes, pol:country

Name : ti.malware.configs
Desc : Search for malware configs using Synapse-Group-IB
Forms: inet:fqdn, inet:ipv4, hash:sha256, hash:md5, hash:sha1, file:bytes

Name : ti.vulns
Desc : Search for vulnerabilities using Synapse-Group-IB
Forms: it:sec:cve, risk:vuln

Name : ti.iocs
Desc : Search for IOCs using Synapse-Group-IB
Forms: inet:fqdn, inet:ipv4, hash:sha256, hash:md5, hash:sha1, file:bytes

Onload Events

Synapse-Group-IB does not use any onload events.