Admin Guide

Synapse-PwC-ThreatIntel Admin Guide

Configuration

Synapse-PwC-ThreatIntel requires a PwC Threat Intel API key. For information on how to sign up, please visit the PwC Threat Intel API documentation.

Setting API key for global use

To set-up a global API key:

> pwc.threatintel.setup.apikey myclientid myclientsecret
Setting PwC Threat Intel client id and secret for all users.

Using per-user API keys

A user may set-up their own API key:

> pwc.threatintel.setup.apikey --self myclientid myclientsecret
Setting PwC Threat Intel client id and secret for the current user.

Dependencies

Synapse-PwC-ThreatIntel requires the following Power-Ups to be installed:

Name   : synapse-fileparser
Version: >=4.2.1,<5.0.0
Desc   : Synapse-FileParser is required for parsing YARA rules.

Permissions

Package (synapse-pwc-threatintel) defines the following permissions:
power-ups.pwc-threatintel.user   : Controls user access to Synapse-PwC-ThreatIntel. ( default: false )

You may add rules to users/roles directly from storm:

> auth.user.addrule visi power-ups.pwc-threatintel.user
Added rule power-ups.pwc-threatintel.user to user visi.

or:

> auth.role.addrule ninjas power-ups.pwc-threatintel.user
Added rule power-ups.pwc-threatintel.user to role ninjas.

Exported APIs

Synapse-PwC-ThreatIntel does not currently export any APIs.

Workflows

Synapse-PwC-ThreatIntel provides the following workflows in Optic:

Title: Configuration

Node Actions

Synapse-PwC-ThreatIntel provides the following node actions in Optic:

Name : enrich
Desc : Enrich nodes using Synapse-PwC-ThreatIntel
Forms: inet:fqdn, inet:ipv4, hash:md5, hash:sha1, hash:sha256

Onload Events

Synapse-PwC-ThreatIntel does not use any onload events.