synapse.lib.stormlib package

Submodules

synapse.lib.stormlib.auth module

synapse.lib.stormlib.backup module

class synapse.lib.stormlib.backup.BackupLib(runt, name=())

Bases: Lib

A Storm Library for interacting with the backup APIs in the Cortex.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.basex module

class synapse.lib.stormlib.basex.BaseXLib(runt, name=())

Bases: Lib

A Storm library which implements helpers for encoding and decoding strings using an arbitrary charset.

async decode(text, charset)

async encode(byts, charset)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.cell module

class synapse.lib.stormlib.cell.CellLib(runt, name=())

Bases: Lib

A Storm Library for interacting with the Cortex.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.cell.getMaxHotFixes()

synapse.lib.stormlib.compression module

class synapse.lib.stormlib.compression.Bzip2Lib(runt, name=())

Bases: Lib

A Storm library which implements helpers for bzip2 compression.

async en(valu)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async un(valu)

class synapse.lib.stormlib.compression.GzipLib(runt, name=())

Bases: Lib

A Storm library which implements helpers for gzip compression.

async en(valu)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async un(valu)

class synapse.lib.stormlib.compression.ZlibLib(runt, name=())

Bases: Lib

A Storm library which implements helpers for zlib compression.

async en(valu)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async un(valu)

synapse.lib.stormlib.easyperm module

class synapse.lib.stormlib.easyperm.LibEasyPerm(runt, name=())

Bases: Lib

A Storm Library for interacting with easy perm dictionaries.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.ethereum module

class synapse.lib.stormlib.ethereum.EthereumLib(runt, name=())

Bases: Lib

A Storm library which implements helpers for Ethereum.

async eip55(addr)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.gen module

class synapse.lib.stormlib.gen.LibGen(runt, name=())

Bases: Lib

A Storm Library for secondary property based deconfliction.

synapse.lib.stormlib.graph module

class synapse.lib.stormlib.graph.GraphLib(runt, name=())

Bases: Lib

A Storm Library for interacting with graph projections in the Cortex.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.hashes module

class synapse.lib.stormlib.hashes.LibHashes(runt, name=())

Bases: Lib

A Storm Library for hashing bytes

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

class synapse.lib.stormlib.hashes.LibHmac(runt, name=())

Bases: Lib

A Storm library for computing RFC2104 HMAC values.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.hex module

class synapse.lib.stormlib.hex.HexLib(runt, name=())

Bases: Lib

A Storm library which implements helpers for hexadecimal encoded strings.

async decode(valu)

async encode(valu)

async fromint(valu, length, signed=False)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async signext(valu, length)

async toint(valu, signed=False)

async trimext(valu)

synapse.lib.stormlib.imap module

class synapse.lib.stormlib.imap.ImapLib(runt, name=())

Bases: Lib

A Storm library to connect to an IMAP server.

async connect(host, port=993, timeout=30, ssl=True)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

class synapse.lib.stormlib.imap.ImapServer(runt, imap_cli, path=None)

Bases: StormType

An IMAP server for retrieving email messages.

async delete(uid_set)

async fetch(uid)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async list(reference_name='""', pattern='*')

async login(user, passwd)

async markSeen(uid_set)

async search(*args, charset='utf-8')

async select(mailbox='INBOX')

async synapse.lib.stormlib.imap.run_imap_coro(coro)

Raises or returns data.

synapse.lib.stormlib.infosec module

synapse.lib.stormlib.infosec.CVSS2_calc(vdict)

synapse.lib.stormlib.infosec.CVSS2_round(x)

synapse.lib.stormlib.infosec.CVSS3_0_calc(vdict)

synapse.lib.stormlib.infosec.CVSS3_0_round(x)

Round up to the nearest one decimal place. From the JS reference implementation: https://www.first.org/cvss/calculator/cvsscalc30.js

synapse.lib.stormlib.infosec.CVSS3_1_calc(vdict)

synapse.lib.stormlib.infosec.CVSS3_1_round(x)

Round up to the nearest one decimal place. From the JS reference implementation: https://www.first.org/cvss/calculator/cvsscalc31.js

synapse.lib.stormlib.infosec.CVSS_get_coefficients(vdict, vers)

class synapse.lib.stormlib.infosec.CvssLib(runt, name=())

Bases: Lib

A Storm library which implements CVSS score calculations.

async calculate(node, save=True, vers='3.1')

async calculateFromProps(props, vers='3.1')

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async saveVectToNode(node, text)

async vectToProps(text)

async vectToScore(vect, vers=None)

synapse.lib.stormlib.infosec.roundup(x)

synapse.lib.stormlib.ipv6 module

class synapse.lib.stormlib.ipv6.LibIpv6(runt, name=())

Bases: Lib

A Storm Library for providing ipv6 helpers.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.iters module

class synapse.lib.stormlib.iters.LibIters(runt, name=())

Bases: Lib

A Storm library for providing iterator helpers.

async enum(genr)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.json module

class synapse.lib.stormlib.json.JsonLib(runt, name=())

Bases: Lib

A Storm Library for interacting with Json data.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

class synapse.lib.stormlib.json.JsonSchema(runt, schema, use_default=True)

Bases: StormType

A JsonSchema validation object for use in validating data structures in Storm.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async stormrepr()

synapse.lib.stormlib.json.compileJsSchema(schema, use_default=True)

synapse.lib.stormlib.json.runJsSchema(schema, item, use_default=True)

synapse.lib.stormlib.log module

class synapse.lib.stormlib.log.LoggerLib(runt, name=())

Bases: Lib

A Storm library which implements server side logging. These messages are logged to the synapse.storm.log logger.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.macro module

class synapse.lib.stormlib.macro.LibMacro(runt, name=())

Bases: Lib

A Storm Library for interacting with the Storm Macros in the Cortex.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

class synapse.lib.stormlib.macro.MacroExecCmd(runt, runtsafe)

Bases: Cmd

Execute a named macro.

Example

inet:ipv4#cno.threat.t80 | macro.exec enrich_foo

async execStormCmd(runt, genr)

Abstract base method

getArgParser()

name = 'macro.exec'

readonly = True

synapse.lib.stormlib.math module

class synapse.lib.stormlib.math.MathLib(runt, name=())

Bases: Lib

A Storm library for performing math operations.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.mime module

class synapse.lib.stormlib.mime.LibMimeHtml(runt, name=())

Bases: Lib

A Storm library for manipulating HTML text.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async totext(html)

synapse.lib.stormlib.mime.htmlToText(html)

synapse.lib.stormlib.model module

class synapse.lib.stormlib.model.LibModel(runt, name=())

Bases: Lib

A Storm Library for interacting with the Data Model in the Cortex.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

class synapse.lib.stormlib.model.LibModelDeprecated(runt, name=())

Bases: Lib

A storm library for interacting with the model deprecation mechanism.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

class synapse.lib.stormlib.model.LibModelEdge(runt, name=())

Bases: Lib

A Storm Library for interacting with light edges and manipulating their key-value attributes.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

hivepath = ('cortex', 'model', 'edges')

validedgekeys = ('doc',)

class synapse.lib.stormlib.model.LibModelTags(runt, name=())

Bases: Lib

A Storm Library for interacting with tag specifications in the Cortex Data Model.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

class synapse.lib.stormlib.model.ModelForm(form, path=None)

Bases: Prim

Implements the Storm API for a Form.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

value()

class synapse.lib.stormlib.model.ModelProp(prop, path=None)

Bases: Prim

Implements the Storm API for a Property.

value()

class synapse.lib.stormlib.model.ModelTagProp(tagprop, path=None)

Bases: Prim

Implements the Storm API for a Tag Property.

value()

class synapse.lib.stormlib.model.ModelType(valu, path=None)

Bases: Prim

A Storm types wrapper around a lib.types.Type

value()

synapse.lib.stormlib.modelext module

class synapse.lib.stormlib.modelext.LibModelExt(runt, name=())

Bases: Lib

A Storm library for manipulating extended model elements.

async addExtModel(model)

async addForm(formname, basetype, typeopts, typeinfo)

async addFormProp(formname, propname, typedef, propinfo)

async addTagProp(propname, typedef, propinfo)

async addUnivProp(propname, typedef, propinfo)

async delForm(formname)

async delFormProp(formname, propname)

async delTagProp(propname)

async delUnivProp(propname)

async getExtModel()

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.notifications module

class synapse.lib.stormlib.notifications.NotifyLib(runt, name=())

Bases: Lib

A Storm library for a user interacting with their notifications.

async get(indx)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async list(size=None)

synapse.lib.stormlib.oauth module

class synapse.lib.stormlib.oauth.OAuthV1Client(runt, ckey, csecret, atoken, asecret, sigtype, path=None)

Bases: StormType

A client for doing OAuth V1 Authentication from Storm.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

class synapse.lib.stormlib.oauth.OAuthV1Lib(runt, name=())

Bases: Lib

A Storm library to handle OAuth v1 authentication.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

class synapse.lib.stormlib.oauth.OAuthV2Lib(runt, name=())

Bases: Lib

A Storm library for managing OAuth V2 clients.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.pack module

class synapse.lib.stormlib.pack.LibPack(runt, name=())

Bases: Lib

Packing / unpacking structured bytes.

async en(fmt, items)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async un(fmt, byts, offs=0)

synapse.lib.stormlib.project module

class synapse.lib.stormlib.project.LibProjects(runt, name=())

Bases: Lib

A Storm Library for interacting with Projects in the Cortex.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async iter()

class synapse.lib.stormlib.project.Project(runt, node, path=None)

Bases: Prim

Implements the Storm API for Project objects, which are used for managing a scrum style project in the Cortex

confirm(perm)

async nodes()

value()

class synapse.lib.stormlib.project.ProjectEpic(proj, node)

Bases: Prim

Implements the Storm API for a ProjectEpic

async nodes()

async value()

class synapse.lib.stormlib.project.ProjectEpics(proj)

Bases: Prim

Implements the Storm API for ProjectEpics objects, which are collections of ProjectEpic objects associated with a particular Project

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async iter()

class synapse.lib.stormlib.project.ProjectSprint(proj, node)

Bases: Prim

Implements the Storm API for a ProjectSprint

async nodes()

async value()

class synapse.lib.stormlib.project.ProjectSprints(proj)

Bases: Prim

Implements the Storm API for ProjectSprints objects, which are collections of sprints associated with a single project

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async iter()

class synapse.lib.stormlib.project.ProjectTicket(proj, node)

Bases: Prim

Implements the Storm API for a ProjectTicket.

async nodes()

async value()

class synapse.lib.stormlib.project.ProjectTicketComment(ticket, node)

Bases: Prim

Implements the Storm API for a ProjectTicketComment

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async nodes()

async value()

class synapse.lib.stormlib.project.ProjectTicketComments(ticket)

Bases: Prim

Implements the Storm API for ProjectTicketComments objects, which are collections of comments associated with a ticket.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async iter()

class synapse.lib.stormlib.project.ProjectTickets(proj)

Bases: Prim

Implements the Storm API for ProjectTickets objects, which are collections of tickets associated with a project

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async iter()

synapse.lib.stormlib.random module

class synapse.lib.stormlib.random.LibRandom(runt, name=())

Bases: Lib

A Storm library for generating random values.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.scrape module

class synapse.lib.stormlib.scrape.LibScrape(runt, name=())

Bases: Lib

A Storm Library for providing helpers for scraping nodes from text.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.smtp module

class synapse.lib.stormlib.smtp.SmtpLib(runt, name=())

Bases: Lib

A Storm Library for sending email messages via SMTP.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async message()

class synapse.lib.stormlib.smtp.SmtpMessage(runt)

Bases: StormType

An SMTP message to compose and send.

async send(host, port=25, user=None, passwd=None, usetls=False, starttls=False, timeout=60)

synapse.lib.stormlib.stix module

class synapse.lib.stormlib.stix.LibStix(runt, name=())

Bases: Lib

A Storm Library for interacting with Stix Version 2.1 CS02.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async liftBundle(bundle)

async validateBundle(bundle)

class synapse.lib.stormlib.stix.LibStixExport(runt, name=())

Bases: Lib

A Storm Library for exporting to STIX version 2.1 CS02.

async bundle(config=None)

async config()

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

timestamp(tick)

class synapse.lib.stormlib.stix.LibStixImport(runt, name=())

Bases: Lib

A Storm Library for importing Stix Version 2.1 data.

async config()

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async ingest(bundle, config=None)

class synapse.lib.stormlib.stix.StixBundle(libstix, runt, config, path=None)

Bases: Prim

Implements the Storm API for creating and packing a STIX bundle for v2.1

async add(node, stixtype=None)

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

pack()

size()

async value()

synapse.lib.stormlib.stix.uuid4(valu=None)

synapse.lib.stormlib.stix.uuid5(valu=None)

synapse.lib.stormlib.stix.validateStix(bundle, version='2.1')

synapse.lib.stormlib.storm module

class synapse.lib.stormlib.storm.LibStorm(runt, name=())

Bases: Lib

A Storm library for evaluating dynamic storm expressions.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

synapse.lib.stormlib.version module

class synapse.lib.stormlib.version.VersionLib(runt, name=())

Bases: Lib

A Storm Library for interacting with version information.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async matches(vertup, reqstr)

synapse.lib.stormlib.xml module

class synapse.lib.stormlib.xml.LibXml(runt, name=())

Bases: Lib

A Storm library for parsing XML.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async parse(valu)

class synapse.lib.stormlib.xml.XmlElement(runt, elem)

Bases: Prim

A Storm object for dealing with elements in an XML tree.

async find(name, nested=True)

async get(name)

async iter()

synapse.lib.stormlib.yaml module

class synapse.lib.stormlib.yaml.LibYaml(runt, name=())

Bases: Lib

A Storm Library for saving/loading YAML data.

getObjLocals()

Get the default list of key-value pairs which may be added to the object .locls dictionary.

Returns:

A key/value pairs.

Return type:

dict

async load(valu)

async save(valu, sort_keys=True)