This Synapse Rapid Power-up adds support for using the iocparser.com service for quick ingestion of IOCs into Synapse from raw text and URLs.
This extension is in WIP stage
There are 2 commands available:
For a given inbound inet:url fetches and parses IOCs from the page, creating a media:news node as well as the following other nodes:
inet:fqdninet:ipv6inet:ipv4inet:emailfile:baseinet:urlhash:md5hash:sha1hash:sha256inet:asnit:sec:cveinet:mac
Optionally takes a --yield argument to yield the generated nodes instead of the inbound inet:url.
[inet:url=https://pylos.co/2022/11/23/detailing-daily-domain-hunting/] | ex.iocparser.url --yield
Scrapes text provided as a command line argument, creates an it:exec:query node and scrapes the same types of IOCs as ex.iocparser.url
ex.iocparser.text "example.com 1.1.1.1"
The easiest way to use this Power-Up is to load the JSON package into the Cortex by running:
pkg.load --raw "https://raw.githubusercontent.com/EXC3L-ONE/synapse-iocparser/main/synapse_iocparser.json"
Alternatively, you can also clone this repo, and load the package via python -m synapse.tools.genpkg (see reference in Synapse docs here)