Admin Guide¶
Synapse-VMRay Admin Guide¶
Configuration¶
Synapse-VMRay requires a VMRay API key. For information on how to sign up, please visit the VMRay API documentation.
Setting API key for global use¶
To set-up a global API key:
> vmray.setup.apikey myapikey
Setting Synapse-VMRay API key for all users.
Using per-user API keys¶
A user may set-up their own API key:
> vmray.setup.apikey --self myapikey
Setting Synapse-VMRay API key for the current user.
Setting the API Endpoint for global use¶
To configure a global API endpoint:
> vmray.setup.endpoint "https://eu.cloud.vmray.com"
Setting Synapse-VMRay Endpoint for all users.
Using per-user Endpoints¶
A user may configure their own API endpoint:
> vmray.setup.endpoint --self "https://us.cloud.vmray.com"
Setting Synapse-VMRay Endpoint for the current user.
Permissions¶
Package (synapse-vmray) defines the following permissions:
power-ups.vmray.user : Controls user access to Synapse-VMRay.
power-ups.vmray.submitter : Controls user access to submitting files to VMRay from Synapse-VMRay.
You may add rules to users/roles directly from storm:
> auth.user.addrule visi power-ups.vmray.user
User (visi) added rule: power-ups.vmray.user
or:
> auth.role.addrule ninjas power-ups.vmray.user
Role (ninjas) added rule: power-ups.vmray.user
Exported APIs¶
Synapse-VMRay does not currently export any APIs.
Node Actions¶
Synapse-VMRay provides the following node actions in Optic:
Name : vmray.sample.iocs
Desc : Fetch IOCs for a file/hash/url/fqdn
Forms: file:bytes, hash:sha256, hash:sha1, hash:md5, inet:url, inet:fqdn
Name : vmray.sample.mitre
Desc : Populate MITRE ATT&CK Techniques for a file/hash
Forms: file:bytes, hash:sha256, hash:sha1, hash:md5
Name : vmray.sample.vtis
Desc : Download the VMRay Threat Identifiers for a file/hash/url/fqdn
Forms: file:bytes, hash:sha256, hash:sha1, hash:md5, inet:url, inet:fqdn
Name : vmray.sample.submit
Desc : Submit a file:bytes to VMRay for analysis.
Forms: file:bytes, hash:sha256
Onload Events¶
Synapse-VMRay does not use any onload
events.