Package Documentation
Storm Package: synapse-vulncheck
The following Commands are available from this package. This documentation is generated for version 1.2.0 of the package.
Storm Commands
This package implements the following Storm Commands.
vulncheck.enrich
Enrich a node with additional information from Vulncheck.
This command accepts risk:vuln nodes as input and queries the Vulncheck
exploits, botnets, ransomware, threat-actors, and vulncheck-nvd2 indexe
to retrieve additional information about the CVE.
Examples:
// Enrich a risk:vuln node.
risk:vuln:cve=CVE-2019-3396 | vulncheck.enrich
// Enrich an it:sec:cve node and yield the results.
it:sec:cve=CVE-2019-3396 | vulncheck.enrich --yield
Usage: vulncheck.enrich [options]
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
vulncheck.index
Ingest an index from the Vulncheck API.
The --since-last option can be used to set up a cron job that will automatically
increment the last modified start date with a globally stored value. Only a
single cron job using --since-last should be implemented to ensure that results
are contiguous in the view it is running.
The first time --since-last is used the --lastModStartDate argument will define
the starting point, otherwise the --lastModStartDate argument is ignored when
--since-last is specified. The --lastModEndDate argument is always ignored
when --since-last is specified.
Supported Indexes:
botnets
exploits
ransomware
threat-actors
vulncheck-nvd2
Examples:
// Ingest the threat-actors index.
vulncheck.index threat-actors
// Ingest updated entries in the threat-actors index and yield the results.
vulncheck.index threat-actors --since-last --yield
// Create a cron job to ingest any new results every day.
cron.add --name "Vulncheck Actor Feed" --hour 4 { vulncheck.index threat-actors --since-last }
Usage: vulncheck.index [options] <name>
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
--since-last : Retrieve results modified since the last run of the command with --since-last
specified.
--lastModStartDate <lastModStartDate>: Specify a starting last modified date to filter with.
--lastModEndDate <lastModEndDate>: Specify an ending last modified date to filter with.
Arguments:
<name> : The name of the index to ingest.
vulncheck.search
Use a text string to query Vulncheck.
This command takes CVE IDs as a parameter to query the Vulncheck exploits
and vulerabilities APIs for information about the CVE.
Examples:
// Search for a CVE and yield the results.
vulncheck.search CVE-2019-3396 --yield
Usage: vulncheck.search [options] <query>
Options:
--help : Display the command usage.
--debug : Show verbose debug output.
--size <size> : Limit the number of results ingested to the given size.
--yield : Yield the newly created nodes.
Arguments:
<query> : The query string.
vulncheck.setup.apikey
Manage the Vulncheck API token.
Examples
// Set a global Vulncheck API token.
vulncheck.setup.apikey token
// Set a Vulncheck API token for the current user.
vulncheck.setup.apikey --self token
// Display the scope of the current API token.
vulncheck.setup.apikey --show-scope
// Display the current API token.
vulncheck.setup.apikey --show-apikey
// Remove the current global API token.
vulncheck.setup.apikey --remove
// Remove the per-user API token for the current user.
vulncheck.setup.apikey --self --remove
Usage: vulncheck.setup.apikey [options] <token>
Options:
--help : Display the command usage.
--self : Set or remove as a user variable. If not used, set globally.
--show-scope : Display the scope of the API token in use (global vs self).
--show-apikey : Display the API token (requires admin perms or a "self" scope key).
--remove : Remove the configured API token. May be used with --self.
Arguments:
[token] : The API token.
Storm Modules
This package does not export any Storm APIs.