Admin Guide

Synapse-HybridAnalysis Admin Guide

Configuration

Synapse-HybridAnalysis requires a Hybrid Analysis API key. For information on how to signup, please visit the Hybrid Analysis API documentation.

Setting API key for global use

To set-up a global API key:

> hybridanalysis.setup.apikey myapikey
Setting Synapse-HybridAnalysis API key for all users.

Using per-user API keys

A user may set-up their own API key:

> hybridanalysis.setup.apikey --self myapikey
Setting Synapse-HybridAnalysis API key for the current user.

Setting a tag prefix for global use

Note: If not set, this will default to rep.hybridanalysis.

> hybridanalysis.setup.tagprefix my.prefix
Setting Hybrid Analysis tagprefix to my.prefix.

Permissions

Package (synapse-hybridanalysis) defines the following permissions:
power-ups.hybridanalysis.user    : Allows a user to issue queries to the Hybrid Analysis API. ( default: false )

You may add rules to users/roles directly from storm:

> auth.user.addrule visi power-ups.hybridanalysis.user
Added rule power-ups.hybridanalysis.user to user visi.

or:

> auth.role.addrule ninjas power-ups.hybridanalysis.user
Added rule power-ups.hybridanalysis.user to role ninjas.

Exported APIs

Synapse-HybridAnalysis does not currently export any APIs.

Node Actions

Synapse-HybridAnalysis provides the following node actions in Optic:

Name : byhash
Desc : Query Hybrid Analysis jobs by hash
Forms: file:bytes, hash:md5, hash:sha1, hash:sha256

Name : overview
Desc : Query Hybrid Analysis overview API by SHA-256
Forms: file:bytes, hash:sha256

Name : download sample
Desc : Download sample file from Hybrid Analysis API by SHA-256
Forms: file:bytes, hash:sha256

Name : report summary
Desc : Query Hybrid Analysis report summaries by hash
Forms: file:bytes, hash:md5, hash:sha1, hash:sha256

Onload Events

Synapse-HybridAnalysis uses the onload event to run required data migrations.

On-demand Migrations

AV Hit Migration

The previously available migrateAvHit() function in the hybridanalysis module has been deprecated. It does not perform any migrations and will simply print a warning message indicating that the it:av:filehit migration is now automatic.