User Guide

Synapse-ZETAlytics User Guide

Synapse-ZETAlytics adds new Storm commands to allow you to query the ZETAlytics API using your existing API key.

Getting Started

Check with your Admin to enable permissions and find out if you need a personal API key.

Examples

Setting your personal API key

To set-up a personal use API key:

> zetalytics.setup.apikey --self myapikey
Setting Synapse-ZETAlytics API key for the current user.

Gather PDNS A/AAAA records for vertex.link

Enrich some nodes with zetalytics.enrich and yield the results:

> inet:fqdn=vertex.link | zetalytics.pdns --yield --size 2
inet:dns:a=('vertex.link', '137.184.16.9')
        .created = 2024/11/19 21:35:36.243
        .seen = ('2021/08/18 00:00:00.000', '2021/08/18 00:00:00.001')
        :fqdn = vertex.link
        :ipv4 = 137.184.16.9
inet:dns:a=('new.vertex.link', '137.184.16.9')
        .created = 2024/11/19 21:35:36.273
        .seen = ('2021/08/18 00:00:00.000', '2021/08/18 00:00:00.001')
        :fqdn = new.vertex.link
        :ipv4 = 137.184.16.9

Use of meta:source nodes

Synapse-ZETAlytics uses a meta:source node and -(seen)> light weight edges to track nodes observed from the ZETAlytics API.

> meta:source=9e36fef6fb5172bee14c06dc965ca11b
meta:source=9e36fef6fb5172bee14c06dc965ca11b
        .created = 2024/11/19 21:35:36.180
        :name = zetalytics api

Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse-ZETAlytics. The following example shows how to filter the results of a query to include only results observed by Synapse-ZETAlytics:

> #cool.tag.lift +{ <(seen)- meta:source=9e36fef6fb5172bee14c06dc965ca11b }