User Guide

Synapse-Spur User Guide

Synapse-Spur adds new Storm commands to allow you to query the Spur API using your existing API key.

Getting Started

Check with your Admin to enable permissions and find out if you need a personal API key.

Examples

Setting your personal API key

To set-up a personal use API key:

> spur.setup.apikey --self myapikey
Setting Spur API key for the current user.

Enrich an `inet:ipv4` with data from the Spur IP Context API

> [ inet:ipv4=148.72.164.186 ] | spur.ipcontext
inet:ipv4=148.72.164.186
        .created = 2024/04/17 17:17:29.160
        :_spur:client:concentration:density = 0.34
        :_spur:client:concentration:geohash = dng
        :_spur:client:concentration:loc = us.indiana.vevay
        :_spur:client:concentration:skew = 445.0 km
        :_spur:client:count = 6
        :_spur:client:countries = 1
        :_spur:client:spread = 290972.0 km
        :_spur:infrastructure = datacenter
        :_spur:organization = heg us inc.
        :asn = 30083
        :loc = us.missouri.st louis
        :type = unicast
        #rep.spur.client.behavior.file_sharing
        #rep.spur.client.proxy.spider_proxy
        #rep.spur.client.type.desktop
        #rep.spur.client.type.mobile
        #rep.spur.risk.callback_proxy
        #rep.spur.risk.tunnel
        #rep.spur.service.ipsec
        #rep.spur.tunnel

Enrich an `inet:ipv6` with data from the Spur IP Context API

> [ inet:ipv6=2806:263:C486:915B:39FA:C9F0:85FA:11A4 ] | spur.ipcontext
inet:ipv6=2806:263:c486:915b:39fa:c9f0:85fa:11a4
        .created = 2024/04/17 17:17:29.935
        :asn = 13999
        :loc = mx.sonora.hermosillo
        :scope = global
        :type = unicast
        #rep.spur.client.proxy.soax_proxy
        #rep.spur.risk.callback_proxy

Use of `meta:source` nodes

Synapse-Spur uses a meta:source node and -(seen)> light weight edges to track nodes observed from the Spur API.

> meta:source=d2ca4923d5c72c753fcb391a92c9085c
meta:source=d2ca4923d5c72c753fcb391a92c9085c
        .created = 2024/04/17 17:17:29.276
        :name = spur api

Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-Spur. The following example shows how to filter the results of a query to include only results observed by Synapse-Spur:

> inet:ipv4#myips +{ <(seen)- meta:source=d2ca4923d5c72c753fcb391a92c9085c }
inet:ipv4=148.72.164.186
        .created = 2024/04/17 17:17:29.160
        :_spur:client:concentration:density = 0.34
        :_spur:client:concentration:geohash = dng
        :_spur:client:concentration:loc = us.indiana.vevay
        :_spur:client:concentration:skew = 445.0 km
        :_spur:client:count = 6
        :_spur:client:countries = 1
        :_spur:client:spread = 290972.0 km
        :_spur:infrastructure = datacenter
        :_spur:organization = heg us inc.
        :asn = 30083
        :loc = us.missouri.st louis
        :type = unicast
        #myips
        #rep.spur.client.behavior.file_sharing
        #rep.spur.client.proxy.spider_proxy
        #rep.spur.client.type.desktop
        #rep.spur.client.type.mobile
        #rep.spur.risk.callback_proxy
        #rep.spur.risk.tunnel
        #rep.spur.service.ipsec
        #rep.spur.tunnel
inet:ipv4=148.72.164.179
        .created = 2024/04/17 17:17:29.607
        :type = unicast
        #myips
        #rep.spur.tunnel

Read the Docs v: latest

Versions: latest; enterprise_docs

Downloads

On Read the Docs: Project Home; Builds