User Guide
Synapse-Intezer-Analyze User Guide
Synapse-Intezer-Analyze adds new Storm commands to allow you to query the Intezer-Analyze API using your existing API key.
Getting Started
Check with your Admin to enable permissions and find out if you need a personal API key.
Examples
Setting your personal API key
To set-up a personal use API key:
> intezer.analyze.setup.apikey --self myapikey
Setting Intezer-Analyze API key for the current user.
Query for an existing analysis
Query using a hash:sha256 node:
> [ hash:sha256=21c97688730d666e13f8b52aeec94371b7996cef7afcd2dd80d0ea1b76b5f3ec ] | intezer.analyze.enrich --yield
WARNING: Error getting Intezer Analyze API token: HTTP code -1
Include sub-analysis results:
> [ hash:sha256=01fe11c86a69bca1d91f1d6f3aa776bd7871c57973e6f98915f60dd514ddd913 ] | intezer.analyze.enrich --yield --sub-analyses
WARNING: Error getting Intezer Analyze API token: HTTP code 400
Get additional information about a malware family
> intezer.analyze.malwarefamily --name turla
WARNING: Error getting Intezer Analyze API token: HTTP code -1
Display information about the API key in use
> intezer.analyze.info
WARNING: Error getting Intezer Analyze API token: HTTP code -1
Use of meta:source
nodes
Synapse-Intezer-Analyze uses a meta:source
node and -(seen)>
light
weight edges to track nodes observed from the Intezer-Analyze API.
> meta:source=a9d556da6effb68642c7e353655d7da4
meta:source=a9d556da6effb68642c7e353655d7da4
.created = 2024/12/20 18:04:41.545
:name = intezer-analyze api
Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-Intezer-Analyze. The following example shows how to filter the results of a query to include only results observed by Synapse-Intezer-Analyze:
> it:prod:softver +{ <(seen)- meta:source=a9d556da6effb68642c7e353655d7da4 } | limit 3