Admin Guide
Synapse-PassiveTotal Admin Guide
Configuration
Synapse-PassiveTotal requires you to have a PassiveTotal API key. For more information on how to signup, please visit the PassiveTotal API documentation.
Setting API key for global use
To set-up a global API key:
> passivetotal.setup.apikey myapiuser myapikey
Setting PassiveTotal API key for all users.
Using per-user API keys
A user may set-up their own API key:
> passivetotal.setup.apikey --self myapiuser myapikey
Setting PassiveTotal API key for the current user.
Permissions
Package (synapse-passivetotal) defines the following permissions:
power-ups.passivetotal.user : Allows a user to issue queries to the PassiveTotal API. ( default: false )
You may add rules to users/roles directly from storm:
> auth.user.addrule visi power-ups.passivetotal.user
Added rule power-ups.passivetotal.user to user visi.
or:
> auth.role.addrule ninjas power-ups.passivetotal.user
Added rule power-ups.passivetotal.user to role ninjas.
Exported APIs
Synapse-PassiveTotal does not currently export any APIs.
Node Actions
Synapse-PassiveTotal provides the following node actions in Optic:
Name : pdns
Desc : Get passive DNS information from PassiveTotal
Forms: inet:ipv4, inet:fqdn
Name : malware
Desc : Get malware data from PassiveTotal
Forms: inet:fqdn, inet:ipv4, inet:ipv6
Name : osint
Desc : Get OSINT data from PassiveTotal
Forms: inet:fqdn, inet:ipv4, inet:ipv6
Name : enrich
Desc : Get enrichment data from PassiveTotal
Forms: inet:fqdn, inet:ipv4, inet:ipv6
Name : subdomains
Desc : Get subdomains from PassiveTotal
Forms: inet:fqdn
Name : trackers
Desc : Get tracker data from PassiveTotal
Forms: inet:fqdn, inet:ipv4, inet:ipv6
Name : ssl.get
Desc : Get an SSL certificate from PassiveTotal
Forms: hash:sha1
Name : ssl.history
Desc : Get SSL certificate history from PassiveTotal
Forms: inet:ipv4, inet:server, file:bytes, inet:ssl:cert, crypto:x509:cert, hash:sha1
Name : whois
Desc : Get WHOIS information from PassiveTotal
Forms: inet:fqdn
Name : whois history
Desc : Get historical WHOIS information from PassiveTotal
Forms: inet:fqdn
Onload Events
Synapse-PassiveTotal does not use any onload events.