Admin Guide

Synapse-SpyCloud Admin Guide

Configuration

Synapse-SpyCloud requires an API key. For information on how to signup, please visit the SpyCloud API documentation.

Setting API keys for global use

To set-up a global API key, for the consumer API endpoint:

> spycloud.setup.consumer.key myapikey
Setting SpyCloud Consumer API key for all users.

To set-up a global API key, for the investigations API endpoint:

> spycloud.setup.investigative.key myapikey
Setting SpyCloud Investigative API key for all users.

Using per-user API keys

A user may set-up their own API key:

> spycloud.setup.investigative.key --self myapikey
Setting SpyCloud Investigative API key for the current user.

Permissions

Package (synapse-spycloud) defines the following permissions:
power-ups.spycloud.user          : Allows a user to issue queries to the SpyCloud API. ( default: false )

You may add rules to users/roles directly from storm:

> auth.user.addrule visi power-ups.spycloud.user
Added rule power-ups.spycloud.user to user visi.

or:

> auth.role.addrule ninjas power-ups.spycloud.user
Added rule power-ups.spycloud.user to role ninjas.

Exported APIs

Synapse-SpyCloud does not currently export any APIs.

Onload Events

Synapse-SpyCloud does not use any onload events.

Node Actions

The SpyCloud Power-Up provides the following node actions in Optic:

Name : investigations
Desc : Enrich the node with SpyCloud Investigations breach data.
Forms: inet:email, inet:fqdn, inet:ipv4, inet:passwd, inet:user, it:auth:passwdhash, tel:phone

Name : consumer.ato
Desc : Enrich the node with SpyCloud Consumer ATO Prevention breach data.
Forms: inet:email, inet:ipv4, inet:user