Package Documentation

Storm Package: synapse-spur

The following Commands are available from this package. This documentation is generated for version 0.4.0 of the package.

Storm Commands

This package implements the following Storm Commands.

spur.ipcontext

Query the Spur API to get additional information about an IP.

This command takes inet:ipv4 or inet:ipv6 nodes as input and enriches
them with additional context information from the Spur /v2/context
API which specializes in tracking and attributing anonymization
infrastructure (e.g. VPNs and Proxies.)

If tunnel information is present in the context information, this command
will create associated `inet:tunnel`, `inet:ipv4` or `inet:ipv6`, `inet:server`,
and `ps:contact` nodes. Each of these nodes will be tagged with `<prefix>.tunnel`.

Examples:

  // Query the IP context API using an inet:ipv4 node
  inet:ipv4=161.117.234.232 | spur.ipcontext

  // Query the IP context API using an inet:ipv6 node and skip adding tags
  inet:ipv6=2a01:6340:2:501::10 | spur.ipcontext --no-tags


Usage: spur.ipcontext [options]

Options:

  --help                      : Display the command usage.
  --debug                     : Show verbose debug output.
  --yield                     : Yield the newly created nodes.
  --no-tags                   : Do not record tags returned by the Spur API.
  --asof <asof>               : Specify the maximum age for a cached result. To disable caching, use --asof now. (default: -30days)

spur.setup.apikey

Manage the Spur API key.

Examples

    // Set a global Spur API key
    spur.setup.apikey abcd1234

    // Set a Spur API key for the current user
    spur.setup.apikey --self abcd1234

    // Display the API key scope of the current key
    spur.setup.apikey --show-scope

    // Display the current API key.
    spur.setup.apikey --show-apikey

    // Remove the current global API key.
    spur.setup.apikey --remove

    // Remove the per-user API key for the current user.
    spur.setup.apikey --self --remove


Usage: spur.setup.apikey [options] <apikey>

Options:

  --help                      : Display the command usage.
  --self                      : Set or remove the key as a user variable. If not used, the key is set globally.
  --show-scope                : Display the API key scope in use (global vs self).
  --show-apikey               : Display the API key value (requires admin perms or a "self" scope key).
  --remove                    : Remove the configured API key. May be used with --self.

Arguments:

  [apikey]                    : The API key string.

spur.setup.tagprefix

Set the tag prefix used when recording Spur tags.
The default tag prefix is "rep.spur" if not specified.

Any tags provided by a Spur API will be added within the given namespace.
For example, an IP address with the service "IPSEC" would result in
"#rep.spur.ipsec".  Any characters incompatible with tag names are replaced
with "_".


Usage: spur.setup.tagprefix [options] <tagname>

Options:

  --help                      : Display the command usage.

Arguments:

  <tagname>                   : The tag prefix to use.

Storm Modules

This package implements the following Storm Modules.

spur

ingestIpContext(resp, addtags=$lib.true)

Add a Spur IP context record to the Cortex.

Example:

Iterate over a list of Spur responses to make nodes:

init { $spur=$lib.import(spur) }
for $resp in $resps {
  yield $spur.ingestIpContext($resp)
}

Args:

resp (dict): The API response from the Spur v2/context API endpoint.

addtags (bool): Add Spur related tags to the node created by the record.

Returns:

The IPv4 or IPv6 node created from the record. The return type is node.