In [1]:
import os, sys
try:
    from synapse.lib.jupyter import *
except ImportError as e:
    # Insert the root path of the repository to sys.path.
    # This assumes the notebook is located three directories away
    # From the root synapse directory. It may need to be varied
    synroot = os.path.abspath('../../../')
    sys.path.insert(0, synroot)
    from synapse.lib.jupyter import *

In [2]:
# Get a temp cortex and make some nodes
core = await getTempCoreCmdr()
q = '[inet:fqdn=hurr.derp.woot.com inet:fqdn=um.wut.woot.com inet:fqdn=vertex.link inet:ipv4=1.2.3.4 inet:ipv4=5.6.7.8]'
# This runs the query via the CLI, rips out the nodes, makes sure we got the right # of nodes on the output :)
podes = await core.eval(q, num=5, cmdr=True)

cli> storm [inet:fqdn=hurr.derp.woot.com inet:fqdn=um.wut.woot.com inet:fqdn=vertex.link inet:ipv4=1.2.3.4 inet:ipv4=5.6.7.8]

inet:fqdn=hurr.derp.woot.com
        .created = 2019/01/04 23:52:07.478
        :domain = derp.woot.com
        :host = hurr
        :issuffix = False
        :iszone = False
        :zone = woot.com
inet:fqdn=um.wut.woot.com
        .created = 2019/01/04 23:52:07.480
        :domain = wut.woot.com
        :host = um
        :issuffix = False
        :iszone = False
        :zone = woot.com
inet:fqdn=vertex.link
        .created = 2019/01/04 23:52:07.482
        :domain = link
        :host = vertex
        :issuffix = False
        :iszone = True
        :zone = vertex.link
inet:ipv4=1.2.3.4
        .created = 2019/01/04 23:52:07.483
        :asn = 0
        :loc = ??
        :type = unicast
inet:ipv4=5.6.7.8
        .created = 2019/01/04 23:52:07.484
        :asn = 0
        :loc = ??
        :type = unicast
complete. 5 nodes in 17 ms (294/sec).


In [4]:
# Use previous temp cortex, define and print test query
q = '<inet:fqdn> '
q1 = 'inet:fqdn=woot.com '
q2 = '-> inet:fqdn:zone'
print(q + q2)
# Execute the query to test it and get the packed nodes (podes).
podes = await core.eval(q1 + q2, num=5, cmdr=False)

<inet:fqdn> -> inet:fqdn:zone


In [5]:
# Make some DNS A records:
q = '[inet:dns:a=(woot.com,1.2.3.4)]'
q1 = '[inet:dns:a=(woot.com,5.6.7.8)]'
q2 = '[inet:dns:a=(woot.com,8.8.8.8)]'
# Run the query and test
podes = await core.eval(q, num=1, cmdr=True)
podes = await core.eval(q1, num=1, cmdr=True)
podes = await core.eval(q2, num=1, cmdr=True)

cli> storm [inet:dns:a=(woot.com,1.2.3.4)]

inet:dns:a=('woot.com', '1.2.3.4')
        .created = 2019/01/04 23:57:09.316
        :fqdn = woot.com
        :ipv4 = 1.2.3.4
complete. 1 nodes in 21 ms (47/sec).
cli> storm [inet:dns:a=(woot.com,5.6.7.8)]

inet:dns:a=('woot.com', '5.6.7.8')
        .created = 2019/01/04 23:57:09.354
        :fqdn = woot.com
        :ipv4 = 5.6.7.8
complete. 1 nodes in 16 ms (62/sec).
cli> storm [inet:dns:a=(woot.com,8.8.8.8)]

inet:dns:a=('woot.com', '8.8.8.8')
        .created = 2019/01/04 23:57:09.383
        :fqdn = woot.com
        :ipv4 = 8.8.8.8
complete. 1 nodes in 14 ms (71/sec).


In [6]:
# Define and print test query
q = '<inet:fqdn> '
q1 = 'inet:fqdn=woot.com '
q2 = '-> inet:dns:a:fqdn'
print(q + q2)
# Execute the query to test it and get the packed nodes (podes).
podes = await core.eval(q1 + q2, num=3, cmdr=False)

<inet:fqdn> -> inet:dns:a:fqdn


In [7]:
# Define and print test query using previous data
q = '<inet:dns:a> '
q1 = 'inet:dns:a:fqdn=woot.com '
q2 = ':ipv4 -> inet:ipv4'
print(q + q2)
# Execute the query to test it and get the packed nodes (podes).
podes = await core.eval(q1 + q2, num=3, cmdr=False)

<inet:dns:a> :ipv4 -> inet:ipv4


In [8]:
# Make some WHOIS records and related nodes:
q = '[inet:whois:rec=(woot.com,2018/05/22) :registrant="woot hostmaaster" :registrar="markmonitor"]'
# Run the query and test
podes = await core.eval(q, num=1, cmdr=True)

cli> storm [inet:whois:rec=(woot.com,2018/05/22) :registrant="woot hostmaaster" :registrar="markmonitor"]

inet:whois:rec=('woot.com', '2018/05/22 00:00:00.000')
        .created = 2019/01/05 00:05:22.966
        :asof = 2018/05/22 00:00:00.000
        :fqdn = woot.com
        :registrant = woot hostmaaster
        :registrar = markmonitor
complete. 1 nodes in 28 ms (35/sec).


In [9]:
# Define and print test query
q = '<inet:whois:rec> '
q1 = 'inet:whois:rec:fqdn=woot.com '
q2 = '-> *'
print(q + q2)
# Execute the query to test it and get the packed nodes (podes).
podes = await core.eval(q1 + q2, num=3, cmdr=False)

<inet:whois:rec> -> *


In [10]:
# Define and print test query using existing data
q = '<inet:whois:rec> '
q1 = 'inet:whois:rec:fqdn=woot.com '
q2 = ':fqdn -> inet:dns:a:fqdn'
print(q + q2)
# Execute the query to test it and get the packed nodes (podes).
podes = await core.eval(q1 + q2, num=3, cmdr=False)

<inet:whois:rec> :fqdn -> inet:dns:a:fqdn


In [14]:
# Define and print test query using existing data
q = '<inet:fqdn> '
q1 = 'inet:fqdn=woot.com '
q2 = '<- *'
print(q + q2)
# Execute the query to test it and get the packed nodes (podes).
podes = await core.eval(q1 + q2, num=11, cmdr=False)

<inet:fqdn> <- *
