User Guide

Synapse Rapid7 SonarRDNS adds new Storm commands for downloading, indexing, adn querying Rapid7 SonarRDNS data.

Getting Started

Check with your Admin to enable permissions.

Examples

Download files by a pattern

> rapid7.sonar.rdns.download 2020-11-25
WARNING: $lib.dict() is deprecated. Use ({}) instead.

Query SonarRDNS data to enrich an inet:ipv4

> [ inet:ipv4=105.91.150.126 ] | rapid7.sonar.rdns.enrich
inet:ipv4=105.91.150.126
        .created = 2024/04/09 17:41:12.991
        :dns:rev = host-105.91.150.126.etisalat.com.eg
        :type = unicast

Use of meta:source nodes

Synapse Rapid7 SonarRDNS uses a meta:source node and -(seen)> light weight edges to track nodes observed from the indexed Rapid7 SonarRDNS data.

> meta:source=13eb2eb8e0bb5a321e9bdfcf5f03394f
meta:source=13eb2eb8e0bb5a321e9bdfcf5f03394f
        .created = 2024/04/09 17:41:12.869
        :name = rapid7 open data
        :type = rapid7.sonarrdns

Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse Rapid7 SonarRDNS. The following example shows how to filter the results of a query to include only results observed by Synapse Rapid7 SonarRDNS:

> inet:ipv4=105.91.150.126 -> inet:dns:rev +{ <(seen)- meta:source=13eb2eb8e0bb5a321e9bdfcf5f03394f }
inet:dns:rev=('105.91.150.126', 'host-105.91.150.126.etisalat.com.eg')
        .created = 2024/04/09 17:41:13.084
        .seen = ('2020/11/25 14:21:08.000', '2020/11/25 14:21:08.001')
        :fqdn = host-105.91.150.126.etisalat.com.eg
        :ipv4 = 105.91.150.126