sentinelone-validin is a Synapse Rapid Power-Up for Validin. It provides commands to query for and model DNS records, HTTP crawl data, TLS certificates, and WHOIS information.
# Load into Synapse
storm> pkg.load --path /path/to/s1-validin.yaml
# Configure API key
storm> s1.validin.setup.apikey <YOUR_API_KEY>
# Test connection
storm> inet:fqdn=example.com | s1.validin.dns- DNS History - Forward/reverse DNS lookups with historical data
- HTTP Crawling - HTTP bodies, headers, favicons, and certificates from 850M+ daily crawls
- TLS Certificates - Certificates from the Certificate Transparency Stream
- WHOIS Data - Registration and ownership history
- Bulk Enrichment - Combined DNS, HTTP, and WHOIS data in one command
- Admin Guide - Installation and configuration
- User Guide - Commands and usage examples
- Package Documentation - Technical details
- Synapse
>=2.144.0,<3.0.0 - Validin API key
- Synapse Axon (for download features)
- Synapse FileParser (for parsing downloaded content)
# Install dev dependencies
pip install -e .
# Run tests
pytest
# Debug mode
storm> $lib.debug = $lib.trueIn order to run the power-up in a minimal runtime environment, you can use the following command:
docker compose run --rm stormThis will start a storm shell facing the cortex with the power-up loaded. Synapse-axon is not included in the minimal runtime setup, however you can still use the download command to download HTTP bodies, certificates, and favicons, then parse.
First load your Api Key
storm> s1.validin.setup.apikey <YOUR_API_KEY>
Then you use the powerup as below:
storm> [inet:fqdn=example.com] | s1.validin.dns
- Requires Synapse FileParser to process downloaded content (e.g.,
inet:http:body,crypto:x509:cert)- FileParser is not included in the minimal runtime setup