User Guide
Synapse Rapid7 SonarRDNS adds new Storm commands for downloading, indexing, adn querying Rapid7 SonarRDNS data.
Getting Started
Check with your Admin to enable permissions.
Examples
Download files by a pattern
> rapid7.sonar.rdns.download 2020-11-25
WARNING: $lib.dict() is deprecated. Use ({}) instead.
Query SonarRDNS data to enrich an inet:ipv4
> [ inet:ipv4=105.91.150.126 ] | rapid7.sonar.rdns.enrich
inet:ipv4=105.91.150.126
.created = 2024/04/09 17:41:12.991
:dns:rev = host-105.91.150.126.etisalat.com.eg
:type = unicast
Use of meta:source
nodes
Synapse Rapid7 SonarRDNS uses a meta:source
node and -(seen)>
light
weight edges to track nodes observed from the indexed Rapid7 SonarRDNS data.
> meta:source=13eb2eb8e0bb5a321e9bdfcf5f03394f
meta:source=13eb2eb8e0bb5a321e9bdfcf5f03394f
.created = 2024/04/09 17:41:12.869
:name = rapid7 open data
:type = rapid7.sonarrdns
Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse Rapid7 SonarRDNS. The following example shows how to filter the results of a query to include only results observed by Synapse Rapid7 SonarRDNS:
> inet:ipv4=105.91.150.126 -> inet:dns:rev +{ <(seen)- meta:source=13eb2eb8e0bb5a321e9bdfcf5f03394f }
inet:dns:rev=('105.91.150.126', 'host-105.91.150.126.etisalat.com.eg')
.created = 2024/04/09 17:41:13.084
.seen = ('2020/11/25 14:21:08.000', '2020/11/25 14:21:08.001')
:fqdn = host-105.91.150.126.etisalat.com.eg
:ipv4 = 105.91.150.126