Package Documentation

Storm Package: synapse-vxintel

The following Commands are available from this package. This documentation is generated for version 1.2.0 of the package.

Storm Commands

This package implements the following Storm Commands.

vxintel.avreport

Ingest the AV reports for a particular file/hash from the VXIntel API.

Examples:

// Enrich a file and ingest the various AV reports for a set of files
file:bytes#my.cool.tag | vxintel.avreport --yield

// Download the AV report for an specifc hash, but still return the input node
hash:sha1=b71215c99256a683a589620d98cdebb14b1d1ab0 | vxintel.avreport


Usage: vxintel.avreport [options]

Options:

  --help                      : Display the command usage.
  --yield                     : Yield the newly created it:av:filehit nodes.
  --debug                     : Print debugging messages.

vxintel.details

Enrich inbound file or hash nodes.

Examples:

// Download the details report for a set of files
file:bytes#my.cool.tag | vxintel.details

// Download the details report for an specifc hash
hash:sha1=b71215c99256a683a589620d98cdebb14b1d1ab0 | vxintel.details


Usage: vxintel.details [options]

Options:

  --help                      : Display the command usage.
  --yield                     : Yield the newly created nodes.
  --debug                     : Print debugging messages.

vxintel.download

Download the bytes for the inbound file or hash nodes.

Examples:

  // Download the bytes for a file specified by a hash:md5 node
  hash:md5#myhash | vxintel.download

  // Download bytes, bypassing cache and yielding the produced file:bytes node
  hash:md5#myhash | vxintel.download --yield --asof now


Usage: vxintel.download [options]

Options:

  --help                      : Display the command usage.
  --yield                     : Yield the newly created nodes.
  --asof <asof>               : Specify the maximum age for a cached result. To disable caching, use --asof now. (default: -30days)
  --debug                     : Print debugging messages.

vxintel.files.daily

Run a progress tracked ingest of the last 7 days of file details.

This command will immediately create the file:bytes nodes from the details
returned by the VXIntel API and queue the files for downloading in the
background.

Examples:

  // Ingest the last 7 days of file details
  vxintel.files.daily


Usage: vxintel.files.daily [options]

Options:

  --help                      : Display the command usage.
  --yield                     : Yield the newly created nodes.
  --debug                     : Print debugging messages.

vxintel.setup.apikey

Set the VXIntel API key.

Usage: vxintel.setup.apikey [options] <apikey>

Options:

  --help                      : Display the command usage.
  --self                      : Set the key as a user variable. If not used, the key is set globally.

Arguments:

  <apikey>                    : The VXIntel API key string.