Changelog

Synapse-PassiveTotal Changelog

v4.0.1 - 2025-04-14

Announcements

  • The Synapse-PassiveTotal Power-Up is being deprecated and will no longer be available after 2025-07-15. This is due to PassiveTotal being replaced by Microsoft Defender Threat Intelligence, and the introduction of the Synapse-Microsoft-Defender Power-Up which integrates with related APIs.

Features and Enhancements

  • Updated passivetotal.articles.search.storm, passivetotal.comp.addr.storm, passivetotal.comp.host.storm, passivetotal.osint.storm, passivetotal.ssl.keyword.storm, passivetotal.ssl.search.storm, passivetotal.tracker.addr.storm, passivetotal.tracker.host.storm, passivetotal.whois.keyword.storm, passivetotal.whois.search.storm to populate the it:exec:query:synuser property.

v4.0.0 - 2025-01-17

Automatic Migrations

  • Migrated all inet:ssl:cert created by Synapse-PassiveTotal to inet:tls:servercert nodes. The migrated inet:ssl:cert nodes are removed by this migration if they don’t have any other meta:source -(seen)> edges.

Features and Enhancements

  • Updated deprecated $lib.list() usage to JSON style syntax.

  • Updated Power-Up to make inet:tls:servercert nodes instead of deprecated inet:ssl:cert nodes.

  • Updated commands that accept inet:ssl:cert nodes as inputs to accept inet:tls:servercert nodes instead.

v3.16.0 - 2024-05-15

Features and Enhancements

  • Update $lib.bytes usage with $lib.axon APIs.

v3.15.0 - 2024-02-20

Features and Enhancements

  • Update deprecated $lib.dict() usage to JSON style syntax.

Deprecations

  • Caching has been removed from the following commands, so the --asof argument has been deprecated and will no longer have any effect:

    passivetotal.comp.addr

    passivetotal.comp.host

    passivetotal.enrich

    passivetotal.malware

    passivetotal.osint

    passivetotal.pdns

    passivetotal.services

    passivetotal.ssl.get

    passivetotal.ssl.history

    passivetotal.ssl.hosts

    passivetotal.ssl.keyword

    passivetotal.ssl.search

    passivetotal.subdomains

    passivetotal.tracker.add

    passivetotal.tracker.host

    passivetotal.trackers

    passivetotal.whois.keyword

    passivetotal.whois.search

    passivetotal.whois

This release contains an automatic cache cleanup that will run when the package is first upgraded. This will remove cached API response data from the jsonstor for commands which no longer perform caching.

v3.14.0 - 2023-06-20

Features and Enhancements

  • The passivetotal.ssl.search, passivetotal.whois.search, and passivetotal.articles commands will now page until all results are consumed from the Passivetotal API.

v3.13.0 - 2023-03-13

Features and Enhancements

  • Add passivetotal.articles and passivetotal.articles.search commands for ingesting PassiveTotal articles and their related indicators.

v3.12.0 - 2022-10-27

Features and Enhancements

  • Update passivetotal.osint to use it:exec:query and media:news nodes.

Bugfixes

  • Update API key example in userguide.

  • Handle invalid SSL certificate serial numbers in query results.

v3.11.0 - 2022-09-02

Features and Enhancements

  • Add passivetotal.ssl.hosts command to get hosts by the SHA1 hash of their SSL certificate.

  • Update the crypto:x509:certificate:serial behavior to reflect the modeling change in Synapse v2.104.0.

  • Add --text argument to passivetotal.whois.search to allow specifying query text rather than using inbound nodes.

  • Update passivetotal.comp.addr, passivetotal.comp.host, passivetotal.ssl.keyword, passivetotal.ssl.search, passivetotal.tracker.addr, passivetotal.tracker.host, and passivetotal.whois.keyword to use it:exec:query nodes.

  • Update passivetotal.setup.apikey command arg names to match current PassiveTotal naming convention.

v3.10.0 - 2022-07-13

Features and Enhancements

  • Create inet:cidr4 and inet:cidr6 nodes from passivetotal.enrich response.

  • Populate inet:flow:dst:handshake with the first 4KiB from the most recent response.

Bugfixes

  • Fix issue where inet:dns:soa:ns property was not set from SOA records.

v3.9.0 - 2022-06-13

Features and Enhancements

  • Add passivetotal.services command to query for exposed services.

Bugfixes

  • Normalize all PassiveTotal tags as syn:tag:part to avoid unintentional hierarchies.

v3.8.0 - 2022-05-19

Features and Enhancements

  • Add passivetotal.tracker.addr and passivetotal.tracker.host commands to query the /v2/trackers endpoint.

  • Update input inet:fqdn or inet:ipv4 .seen property based on global firstSeen and lastSeen keys in PDNS response.

v3.7.0 - 2022-05-17

Features and Enhancements

  • Cached API responses are now stored in the JsonStor instead of in nodedata.

v3.6.0 - 2022-04-27

Features and Enhancements

  • Add documentation for --time argument usage.

  • Support JARM hash types in the passivetotal.trackers response.

Bugfixes

  • If a timebox is specified to passivetotal.pdns include it in the cache key.

  • Do not create inet:urlfile nodes if the passivetotal.trackers response does not have a hostname.

v3.5.0 - 2022-03-07

Features and Enhancements

  • Add support for passivetotal.pdns lookups on inet:ipv6 address nodes.

  • Add support for DNS AAAA records to passivetotal.pdns.

  • Extract additional details on inet:ipv4 via passivetotal.enrich

v3.4.0 - 2022-03-02

Features and Enhancements

  • Set inet:ipv4:asn during passivetotal.enrich

  • Add additional debug output to display raw JSON responses.

v3.3.0 - 2021-12-16

Features and Enhancements

  • Add --time arg for timeboxing queries to passivetotal.pdns, passivetotal.malware, passivetotal.trackers, passivetotal.comp.host, passivetotal.comp.addr, passivetotal.ssl.history, and passivetotal.ssl.search commands.

  • Set .seen prop on crypto:x509:cert nodes created by passivetotal.ssl.search.

v3.2.1 - 2021-10-19

Bugfixes

  • Add missing DNS record type handlers to passivetotal.pdns.

v3.2.0 - 2021-09-15

Features and Enhancements

  • Add Optic node actions for querying WHOIS data.

Bugfixes

  • Fix an issue where passivetotal.pdns was incorrectly setting the .seen time on nodes.

v3.1.0 - 2021-08-23

Features and Enhancements

  • Add commands for querying WHOIS data from the PassiveTotal API.

v3.0.0 - 2021-08-13

Features and Enhancements

  • Initial release of Synapse-PassiveTotal v3.0.0.

Updating from 2.x.x

The previous 2.x.x version of Synapse-PassiveTotal was distributed as a Storm Service using a Docker container. This service must be removed from the Cortex prior to updating.

See the Admin Guide for details on setting up the API key and user permissions.