User Guide
Synapse-RSS User Guide
Synapse-RSS adds new Storm commands to allow you to ingest RSS feeds.
- RSS feeds must conform to one of the following specifications:
RSS v1.0, RSS v2.0, Atom v1.0
Getting Started
Check with your Admin to enable permissions.
Examples
Ingest feeds from tagged inet:url nodes
In this example the --static-html option is specified to disable using Synapse-Playwright
to ingest the article pages. If Synapse-Playwright is installed it is recommended to use
the default behavior so that pages with dynamic content are rendered properly.
> inet:url#rss.feed | rss.read --yield --static-html
fileparser parsing sha256: 95d72de520979f33b5512cc26d94b52a15ca74d8cbf9654081969d652a8cce08
media:news=17a6c15969fe63d9f1b257a99d9260e2
.created = 2024/12/20 18:14:36.731
.seen = ('2024/12/20 18:14:36.736', '2024/12/20 18:14:36.737')
:file = sha256:95d72de520979f33b5512cc26d94b52a15ca74d8cbf9654081969d652a8cce08
:published = 2022/09/06 17:15:08.000
:rss:feed = https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss-analyzed.xml
:summary = TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.
:title = cve-2022-40110 (a3002r_firmware)
:url = https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40110
:url:fqdn = web.nvd.nist.gov
fileparser parsing sha256: 95437c2a3170529153dd8b2c2255dc3dce9d13383572893c3b981723e3f5bb80
media:news=9aefdfba4e55096cf2c14aac3e760aec
.created = 2024/12/20 18:14:46.038
.seen = ('2024/12/20 18:14:46.041', '2024/12/20 18:14:46.042')
:file = sha256:95437c2a3170529153dd8b2c2255dc3dce9d13383572893c3b981723e3f5bb80
:published = 2022/09/06 17:15:08.000
:rss:feed = https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss-analyzed.xml
:summary = In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the shadow.sample file, root is hardcoded in the firmware.
:title = cve-2022-40111 (a3002r_firmware)
:url = https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40111
:url:fqdn = web.nvd.nist.gov
References from Synapse-FileParser are also populated as -(refs)> light weight
edges on the media:news node.
> media:news:url:fqdn=web.nvd.nist.gov -(refs)> it:sec:cve
it:sec:cve=cve-2022-40110
.created = 2024/12/20 18:14:40.831
it:sec:cve=cve-2022-40111
.created = 2024/12/20 18:14:50.080
This command can also be used to create a cron job to regularly ingest the feeds.
> cron.add --name "RSS feeds" --hour +4 { inet:url#rss.feed | rss.read --yield }
Created cron job: c612aabe778fc00ce8095ec03d13716b
Use of meta:source nodes
Synapse-RSS uses a meta:source node and -(seen)> light
weight edges to track nodes observed Synapse-RSS.
> meta:source=9cb22511aeaa70528a78f067a7da5c2a
meta:source=9cb22511aeaa70528a78f067a7da5c2a
.created = 2024/12/20 18:14:36.564
:name = rss feeds
Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-RSS. The following example shows how to filter the results of a query to include only results observed by Synapse-RSS:
> media:news:title~="cve-2022-40110" +{ <(seen)- meta:source=9cb22511aeaa70528a78f067a7da5c2a }
media:news=17a6c15969fe63d9f1b257a99d9260e2
.created = 2024/12/20 18:14:36.731
.seen = ('2024/12/20 18:14:36.736', '2024/12/20 18:14:36.737')
:file = sha256:95d72de520979f33b5512cc26d94b52a15ca74d8cbf9654081969d652a8cce08
:published = 2022/09/06 17:15:08.000
:rss:feed = https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss-analyzed.xml
:summary = TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable to Buffer Overflow via /bin/boa.
:title = cve-2022-40110 (a3002r_firmware)
:url = https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40110
:url:fqdn = web.nvd.nist.gov