User Guide
Synapse Rapid7 SonarSSL adds new Storm commands to download, index, and query Rapid7 SonarSSL data.
Getting Started
Check with your Admin to enable permissions.
Examples
Download files by a pattern
This requires the user has the power-ups.rapid7.sonarssl.download
permission for downloading
and indexing files.
> rapid7.sonar.ssl.download 2020-11-30-1606761591
Query SonarSSL data and yield inet:ssl:cert
nodes
This requires the user has the power-ups.rapid7.sonarssl.user
permission for downloading
and indexing files.
> [ inet:fqdn=capsula.com ] | rapid7.sonar.ssl.enrich --yield | limit 2
WARNING: The form inet:ssl:cert is deprecated or using a deprecated type and will be removed in 3.0.0
inet:ssl:cert=('tcp://107.154.151.230:7002', 'guid:49349ef82f7f3e1a5d500ecda1540673')
.created = 2024/04/09 17:41:42.683
.seen = ('2020/11/30 00:00:00.000', '2020/11/30 00:00:00.001')
:file = guid:49349ef82f7f3e1a5d500ecda1540673
:server = tcp://107.154.151.230:7002
:server:ipv4 = 107.154.151.230
:server:port = 7002
inet:ssl:cert=('tcp://45.60.33.206:7002', 'guid:5e33068fc82ad37679537187f7bde48b')
.created = 2024/04/09 17:41:42.790
.seen = ('2020/11/30 00:00:00.000', '2020/11/30 00:00:00.001')
:file = guid:5e33068fc82ad37679537187f7bde48b
:server = tcp://45.60.33.206:7002
:server:ipv4 = 45.60.33.206
:server:port = 7002
Use of meta:source
nodes
Synapse Rapid7 SonarSSL uses a meta:source
node and -(seen)>
light
weight edges to track nodes observed from the indexed Rapid7 SonarSSL data.
> meta:source=6105fdeb648a21a2152e45713bee319e
meta:source=6105fdeb648a21a2152e45713bee319e
.created = 2024/04/09 17:41:41.197
:name = rapid7 open data
Storm can be used to filter nodes to include/exclude nodes which have been observed by Synapse Rapid7 SonarSSL. The following example shows how to filter the results of a query to include only results observed by Synapse Rapid7 SonarSSL:
> inet:ipv4=107.154.151.230 -> inet:ssl:cert +{ <(seen)- meta:source=6105fdeb648a21a2152e45713bee319e }
inet:ssl:cert=('tcp://107.154.151.230:7002', 'guid:49349ef82f7f3e1a5d500ecda1540673')
.created = 2024/04/09 17:41:42.683
.seen = ('2020/11/30 00:00:00.000', '2020/11/30 00:00:00.001')
:file = guid:49349ef82f7f3e1a5d500ecda1540673
:server = tcp://107.154.151.230:7002
:server:ipv4 = 107.154.151.230
:server:port = 7002