Admin Guide

Synapse-RansomLook Admin Guide

Configuration

Synapse-RansomLook does not require an API key. For more information on the API, please visit the RansomLook API documentation.

Dependencies

Synapse-RansomLook has the following dependencies:

Name   : synapse-fileparser
Version: >=4.20.0,<=5.0.0
Desc   : Synapse-FileParser is required to parse the captured HTML and screenshot.

Permissions

Package (synapse-ransomlook) defines the following permissions:
power-ups.ransomlook.user        : Controls user access to Synapse-RansomLook. ( default: false )

You may add rules to users/roles directly from Storm:

> auth.user.addrule visi power-ups.ransomlook.user
Added rule power-ups.ransomlook.user to user visi.

or:

> auth.role.addrule ninjas power-ups.ransomlook.user
Added rule power-ups.ransomlook.user to role ninjas.

Workflows

Synapse-RansomLook provides the following workflows in Optic:

Title: Configuration

Node Actions

Synapse-RansomLook provides the following node actions in Optic:

Name : group
Desc : Ingest threat group details from the RansomLook API.
Forms: risk:threat, ou:org, ou:name

Onload Events

Synapse-RansomLook does not use any onload events.