Admin Guide
Synapse-VMRay Admin Guide
Configuration
Synapse-VMRay requires a VMRay API key. For information on how to sign up, please visit the VMRay API documentation.
Setting API key for global use
To set-up a global API key:
> vmray.setup.apikey myapikey
Setting Synapse-VMRay API key for all users.
Using per-user API keys
A user may set-up their own API key:
> vmray.setup.apikey --self myapikey
Setting Synapse-VMRay API key for the current user.
Setting the API Endpoint for global use
To configure a global API endpoint:
> vmray.setup.endpoint "https://eu.cloud.vmray.com"
Setting Synapse-VMRay Endpoint for all users.
Using per-user Endpoints
A user may configure their own API endpoint:
> vmray.setup.endpoint --self "https://us.cloud.vmray.com"
Setting Synapse-VMRay Endpoint for the current user.
Permissions
Package (synapse-vmray) defines the following permissions:
power-ups.vmray.user : Controls user access to Synapse-VMRay. ( default: false )
power-ups.vmray.submitter : Controls user access to submitting files to VMRay from Synapse-VMRay. ( default: false )
You may add rules to users/roles directly from storm:
> auth.user.addrule visi power-ups.vmray.user
Added rule power-ups.vmray.user to user visi.
or:
> auth.role.addrule ninjas power-ups.vmray.user
Added rule power-ups.vmray.user to role ninjas.
Exported APIs
Synapse-VMRay does not currently export any APIs.
Node Actions
Synapse-VMRay provides the following node actions in Optic:
Name : vmray.sample.iocs
Desc : Fetch IOCs for a file/hash/url/fqdn
Forms: file:bytes, hash:sha256, hash:sha1, hash:md5, inet:url, inet:fqdn
Name : vmray.sample.mitre
Desc : Populate MITRE ATT&CK Techniques for a file/hash
Forms: file:bytes, hash:sha256, hash:sha1, hash:md5
Name : vmray.sample.vtis
Desc : Download the VMRay Threat Identifiers for a file/hash/url/fqdn
Forms: file:bytes, hash:sha256, hash:sha1, hash:md5, inet:url, inet:fqdn
Name : vmray.sample.submit
Desc : Submit a file:bytes to VMRay for analysis.
Forms: file:bytes, hash:sha256
Onload Events
Synapse-VMRay does not use any onload events.