Admin Guide

Synapse-VMRay Admin Guide

Configuration

Synapse-VMRay requires a VMRay API key. For information on how to sign up, please visit the VMRay API documentation.

Setting API key for global use

To set-up a global API key:

> vmray.setup.apikey myapikey
Setting Synapse-VMRay API key for all users.

Using per-user API keys

A user may set-up their own API key:

> vmray.setup.apikey --self myapikey
Setting Synapse-VMRay API key for the current user.

Setting the API Endpoint for global use

To configure a global API endpoint:

> vmray.setup.endpoint "https://eu.cloud.vmray.com"
Setting Synapse-VMRay Endpoint for all users.

Using per-user Endpoints

A user may configure their own API endpoint:

> vmray.setup.endpoint --self "https://us.cloud.vmray.com"
Setting Synapse-VMRay Endpoint for the current user.

Permissions

Package (synapse-vmray) defines the following permissions:
power-ups.vmray.user             : Controls user access to Synapse-VMRay. ( default: false )
power-ups.vmray.submitter        : Controls user access to submitting files to VMRay from Synapse-VMRay. ( default: false )

You may add rules to users/roles directly from storm:

> auth.user.addrule visi power-ups.vmray.user
Added rule power-ups.vmray.user to user visi.

or:

> auth.role.addrule ninjas power-ups.vmray.user
Added rule power-ups.vmray.user to role ninjas.

Exported APIs

Synapse-VMRay does not currently export any APIs.

Node Actions

Synapse-VMRay provides the following node actions in Optic:

Name : vmray.sample.iocs
Desc : Fetch IOCs for a file/hash/url/fqdn
Forms: file:bytes, hash:sha256, hash:sha1, hash:md5, inet:url, inet:fqdn

Name : vmray.sample.mitre
Desc : Populate MITRE ATT&CK Techniques for a file/hash
Forms: file:bytes, hash:sha256, hash:sha1, hash:md5

Name : vmray.sample.vtis
Desc : Download the VMRay Threat Identifiers for a file/hash/url/fqdn
Forms: file:bytes, hash:sha256, hash:sha1, hash:md5, inet:url, inet:fqdn

Name : vmray.sample.submit
Desc : Submit a file:bytes to VMRay for analysis.
Forms: file:bytes, hash:sha256

Onload Events

Synapse-VMRay uses the onload event to run required data migrations.

On-demand Migrations

AV Hit Migration

The previously available migrateAvHit() function in the vmray module has been deprecated. It does not perform any migrations and will simply print a warning message indicating that the it:av:filehit migration is now automatic.