Package Documentation
Storm Package: synapse-spur
The following Commands are available from this package. This documentation is generated for version 0.5.0 of the package.
Storm Commands
This package implements the following Storm Commands.
spur.ipcontext
Query the Spur API to get additional information about an IP.
This command takes inet:ipv4 or inet:ipv6 nodes as input and enriches
them with additional context information from the Spur /v2/context
API which specializes in tracking and attributing anonymization
infrastructure (e.g. VPNs and Proxies.)
If tunnel information is present in the context information, this command
will create associated `inet:tunnel`, `inet:ipv4` or `inet:ipv6`, `inet:server`,
and `ps:contact` nodes. Each of these nodes will be tagged with `<prefix>.tunnel`.
Examples:
// Query the IP context API using an inet:ipv4 node
inet:ipv4=161.117.234.232 | spur.ipcontext
// Perform the above query, overriding the default property set behavior for inet:asn:owner to "notset"
inet:ipv4=161.117.234.232 | spur.ipcontext --prop-behavior inet:asn:owner=notset
// Query the IP context API using an inet:ipv6 node and skip adding tags
inet:ipv6=2a01:6340:2:501::10 | spur.ipcontext --no-tags
Usage: spur.ipcontext [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--yield : Yield the newly created nodes.
--no-tags : Do not record tags returned by the Spur API.
--asof <asof> : Specify the maximum age for a cached result. To disable caching, use --asof now.
(default: -30days)
--prop-behavior <prop_behavior>: Override the global node property set behavior. (Specify multiple times to override
multiple behaviors.) (default: None)
spur.setup.apikey
Manage the Spur API key.
Examples
// Set a global Spur API key
spur.setup.apikey abcd1234
// Set a Spur API key for the current user
spur.setup.apikey --self abcd1234
// Display the API key scope of the current key
spur.setup.apikey --show-scope
// Display the current API key.
spur.setup.apikey --show-apikey
// Remove the current global API key.
spur.setup.apikey --remove
// Remove the per-user API key for the current user.
spur.setup.apikey --self --remove
Usage: spur.setup.apikey [options] <apikey>
Options:
--help : Display the command usage.
--self : Set or remove the key as a user variable. If not used, the key is set globally.
--show-scope : Display the API key scope in use (global vs self).
--show-apikey : Display the API key value (requires admin perms or a "self" scope key).
--remove : Remove the configured API key. May be used with --self.
Arguments:
[apikey] : The API key string.
spur.setup.prop.behavior
Manage the Spur node property set behavior.
Valid property set behaviors are:
- always: Always set the property.
- never: Never set the property.
- notset: Set the property if it's not already set.
Examples:
// List property set behavior
spur.setup.prop.behavior --list
// Change property set behavior for a form
spur.setup.prop.behavior inet:asn:owner notset
Usage: spur.setup.prop.behavior [options] <property> <behavior>
Options:
--help : Display the command usage.
--list : List all defined properties and their behaviors for this power-up.
Arguments:
[property] : The property to set behavior for.
[behavior] : The behavior to set for the specified property. (choices: always, never, notset)
spur.setup.tagprefix
Set the tag prefix used when recording Spur tags.
The default tag prefix is "rep.spur" if not specified.
Any tags provided by a Spur API will be added within the given namespace.
For example, an IP address with the service "IPSEC" would result in
"#rep.spur.ipsec". Any characters incompatible with tag names are replaced
with "_".
Usage: spur.setup.tagprefix [options] <tagname>
Options:
--help : Display the command usage.
Arguments:
<tagname> : The tag prefix to use.
Storm Modules
This package implements the following Storm Modules.