Package Documentation

Storm Package: synapse-malshare

The following Commands are available from this package. This documentation is generated for version 1.3.1 of the package.

Storm Commands

This package implements the following Storm Commands.

malshare.details

Retrieve the details for a particular file.

Takes as input a file:bytes node or hash:* node, yields file:bytes nodes,
and can also create file:subfile, inet:urlfile, and it:app:yara:match nodes.

Examples:

  // Retrieve details for a set of files
  file:bytes#my.cool.tag | malshare.details --yield


Usage: malshare.details [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node).
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : This argument is deprecated and no longer has any effect.

malshare.download

Download a file into the Cortex's configured axon.

Takes as input a file:bytes node or hash:* node, and yields out the
populated file:bytes nodes.

Examples:

  // Download 10 of the files tagged with foo.bar
  file:bytes#foo.bar | malshare.download --yield --size 10


Usage: malshare.download [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node).
  --yield                     : Yield the newly created nodes.
  --no-parse                  : Do not attempt to parse downloaded files using Synapse-FileParser.

malshare.lastday

Ingest the list of hashes from the past 24 hours as file:bytes nodes.

Takes no input, but produces file:bytes nodes.

Examples:

  // Yield out the file hashes for the last day
  malshare.lastday --yield


Usage: malshare.lastday [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node).
  --yield                     : Yield the newly created nodes.

malshare.quota

Print out details on usage limits.

Examples:

  // Print out usage stats for the configured Malshare key
  malshare.quota


Usage: malshare.quota [options]

Options:

  --help                      : Display the command usage.

malshare.setup.apikey

Set the Malshare API key.


Usage: malshare.setup.apikey [options] <apikey>

Options:

  --help                      : Display the command usage.
  --self                      : Set the key as a user variable. If not used, the key is set globally.

Arguments:

  <apikey>                    : The Malshare API key string.

malshare.sources

Retrive a list of sample sources from the last 24 hours.

Takes no nodes as input, and yields out inet:url nodes.

Examples:

  // Retrieve the list of source from the last 24 hours
  // But only ingest 100 of them
  malshare.sources --yield --size 100


Usage: malshare.sources [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --size <size>               : Limit the number of results ingested to the given size (per-node).
  --yield                     : Yield the newly created nodes.

Storm Modules

This package does not export any Storm APIs.