In [None]:
import os, sys
try:
    from synapse.lib.jupyter import *
except ImportError as e:
    # Insert the root path of the repository to sys.path.
    # This assumes the notebook is located two directories away
    # From the root synapse directory. It may need to be varied
    synroot = os.path.abspath('../../../')
    sys.path.insert(0, synroot)
    from synapse.lib.jupyter import *

In [None]:
import synapse.lib.module as s_module

class ExampleModule(s_module.CoreModule):

    async def initCoreModule(self):
        # by this time we have a reference to the Cortex as self.core
        print(f'hello cortex!')


In [None]:
import synapse
# Don't do this in real setattr trick in real production code...
setattr(synapse, ExampleModule.__name__, ExampleModule)
core = await getTempCoreProx(mods=('synapse.ExampleModule',))
mods = await core.getCoreMods()
assert 'synapse.ExampleModule' in {mod for mod, conf in mods}
_ = await core.fini()

In [None]:
import synapse.lib.module as s_module

class ExampleModule(s_module.CoreModule):

    def getModelDefs(self):

        # we return a tuple of (name, modeldef) tuples...

        return (

            ('foomodel', {

                'types': (

                    # declare a type for our form primary property
                    ('x:foo:event', ('str', {'regex': '[a-z]{2}-[0-9]{5}'}), {
                        'doc': 'A custom event ID from some other system.'}),

                    ('x:foo:bar', ('int', {'min': 100, 'max': 10000}), {
                        'doc': 'A custom integer property with a fixed range.'}),
                ),

                'forms': (

                    # declare a new node type

                    ('x:foo:event', {}, (

                        # declare secondary properties
                        ('time', ('time', {}), {
                            'doc': 'The time of the custom event.'}),

                        ('ipv4', ('inet:ipv4', {}), {
                            'doc': 'The ipv4 associated with the custom event.'}),

                        ('bar', ('x:foo:bar', {}), {
                            'doc': 'The custom bar property associated with the custom event.'}),
                    )),
                ),

            }),
        )

In [None]:
setattr(synapse, ExampleModule.__name__, ExampleModule)
cmdr = await getTempCoreCmdr(mods=('synapse.ExampleModule',))
mods = await cmdr.core.getCoreMods()
assert 'synapse.ExampleModule' in {mod for mod, conf in mods}
# Validate the data model
model = await cmdr.core.getModelDict()
assert model['types'].get('x:foo:event') is not None
assert model['types'].get('x:foo:bar') is not None
assert model['forms'].get('x:foo:event') is not None

# Load some data in for the next demo
q = '[x:foo:event="ab-00001" :time=201905051200 :ipv4="1.2.3.4" :bar=3001]'
podes = await cmdr.eval(q, num=1, cmdr=False)

In [None]:
q = '--hide-props x:foo:event:time*range=(20190505, 20190506) -> inet:ipv4'
podes = await cmdr.eval(q, num=1, cmdr=True)
_ = await cmdr.fini()

In [None]:
import synapse.lib.storm as s_storm
import synapse.lib.module as s_module

async def dostuff(x):
    # just an example... :)
    return 10

class ExampleCommand(s_storm.Cmd):
    '''
    This doc string becomes the command description.
    '''

    # we set the command name as a class local
    name = 'example'

    def getArgParser(self):
        # always use the parent getArgParser() not argparse!
        # ( we sublcass argparse classes to prevent them from
        # calling sys.exit() on --help and syntax error events)
        pars = s_storm.Cmd.getArgParser(self)
        pars.add_argument('--send-woot', default=False, action='store_true',
                          help='Send the woot value in the nodes metadata.')
        return pars

    async def execStormCmd(self, runt, genr):
        # we get a synapse.lib.storm.Runtime instance and
        # a (synapse.lib.node.Node, synapse.lib.node.Path) generator

        async for node, path in genr:

            woot = await dostuff(node)

            # we can send messages out to the caller/user
            await runt.printf('doing stuff...')

            if self.opts.send_woot:
                # nodes returned from storm will include 'woot' metadata
                path.meta('woot', woot)

            yield node, path

class ExampleModule(s_module.CoreModule):

    def getStormCmds(self):
        # we return a list of StormCmd subclasses.
        return [ ExampleCommand ]

In [None]:
setattr(synapse, ExampleModule.__name__, ExampleModule)
cmdr = await getTempCoreCmdr(mods=('synapse.ExampleModule',))
mods = await cmdr.core.getCoreMods()
assert 'synapse.ExampleModule' in {mod for mod, conf in mods}
# Validate the command is loaded
assert cmdr.core._core.stormcmds.get('example') is not None
# Load some data in for the next demo
q = '[inet:ipv4="1.2.3.4"]'
podes = await cmdr.eval(q, num=1, cmdr=False)

In [None]:
q = 'example --help'
_ = await cmdr.eval(q, num=0, cmdr=True)
q = 'inet:ipv4 | limit 10 | example'
q = '--debug inet:ipv4 | limit 10 | example --send-woot'
podes = await cmdr.eval(q, num=1, cmdr=True)
assert podes[0][1].get('path', {}).get('woot') == 10
_ = await cmdr.fini()

In [None]:
import synapse.lib.module as s_module

class ExampleModule(s_module.CoreModule):

    async def initCoreModule(self):
        # by this time we have a reference to the Cortex as self.core
        # still best to use a namespace prefix...
        self.core.setFeedFunc('x:foo:pdns', self._feedFooPdns)

    async def _feedFooPdns(self, snap, items):

        # we get a synapse.lib.snap.Snap to interface with the cortex
        # and a list of our pdns records ( to minimize round trips )
        for pdns in items:

            fqdn = pdns.get('fqdn')
            ipv4 = pdns.get('ipv4')

            tick = pdns.get('min_time_seen')
            tock = pdns.get('max_time_seen')

            node = await snap.addNode('inet:dns:a', (fqdn, ipv4))

            # the time window prop ".seen" will move outward to include
            # individual values when set to a single time...
            await node.set('.seen', tick)
            await node.set('.seen', tock)
            # the .seen property is now (tick, tock) or the min/max existing values...

In [None]:
setattr(synapse, ExampleModule.__name__, ExampleModule)
cmdr = await getTempCoreCmdr(mods=('synapse.ExampleModule',))
mods = await cmdr.core.getCoreMods()
assert 'synapse.ExampleModule' in {mod for mod, conf in mods}
# Validate the feed function is loaded
assert cmdr.core._core.feedfuncs.get('x:foo:pdns') is not None
# Load some data in for the next demo

In [None]:
import sys
import asyncio
import synapse.telepath as s_telepath

# a list (of just one) custom pdns record
data = [
    {
        'fqdn': 'vertex.link',
        'ipv4': '1.2.3.4',
        'min_time_seen': '2017/05/05 12:00:00.333',
        'max_time_seen': '2019/05/05 14:22:22.222',
    }
]

async def main(url):

    async with await s_telepath.openurl(url) as core:

        # We can now feed data the Cortex with the ingest function.
        await core.addFeedData('x:foo:pdns', data)

if __name__ == '__main__':
    if 'ipykernel' not in sys.modules:
        url = 'tcp://visi:secretsauce@1.2.3.4:27492'
        asyncio.run(main(url))

In [None]:
curl = cmdr.core._core.getLocalUrl()
await main(curl)
q = 'inet:dns:a -+> *'
podes = await cmdr.eval(q, num=3, cmdr=False)
_ = await cmdr.fini()