Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GreyNoise.io Integration #75

Open
co-devs opened this issue Feb 3, 2019 · 2 comments
Open

GreyNoise.io Integration #75

co-devs opened this issue Feb 3, 2019 · 2 comments

Comments

@co-devs
Copy link

co-devs commented Feb 3, 2019
edited
Loading

Add API integration for GreyNoise.io. I used the wizard and believe that I got a good result, raw schema included below. Not sure if this is the correct way to share new integrations, the documentation mentioned creating a new issue to do so.

{
    "lookupName": "GreyNoise",
    "lookupVariable": "GREYNOISE",
    "lookupType": "IPV4",
    "lookupUrl": "http://api.greynoise.io:8888/v1/query/ip",
    "httpHeaders": "",
    "httpType": "POST",
    "dataType": "JSON",
    "dataSchema": {
        "0_GreyNoise.io": {
            "title": "GreyNoise.io",
            "mapping": "${PINCH.LINKURL}",
            "order": 0,
            "linkTitle": "${PINCH.HOVERITEM}",
            "linkUrl": "https://www.google.com/search?q=${PINCH.HOVERITEM}"
        },
        "1_returned_count": {
            "title": "returned_count",
            "mapping": "${PINCH.RESPONSE.returned_count}",
            "order": 1
        },
        "2_name": {
            "title": "name",
            "mapping": "${PINCH.LOOP.name}",
            "order": 2,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "3_first_seen": {
            "title": "first_seen",
            "mapping": "${PINCH.LOOP.first_seen}",
            "order": 3,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "4_last_updated": {
            "title": "last_updated",
            "mapping": "${PINCH.LOOP.last_updated}",
            "order": 4,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "5_confidence": {
            "title": "confidence",
            "mapping": "${PINCH.LOOP.confidence}",
            "order": 5,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "6_intention": {
            "title": "intention",
            "mapping": "${PINCH.LOOP.intention}",
            "order": 6,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "7_category": {
            "title": "category",
            "mapping": "${PINCH.LOOP.category}",
            "order": 7,
            "jsonpath": "$.records[:10]",
            "jsonpathloop": true,
            "condition": "true"
        },
        "8_org": {
            "title": "org",
            "mapping": "${PINCH.LOOP.org}",
            "order": 8,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "9_rdns": {
            "title": "rdns",
            "mapping": "${PINCH.LOOP.rdns}",
            "order": 9,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "10_rdns_parent": {
            "title": "rdns_parent",
            "mapping": "${PINCH.LOOP.rdns_parent}",
            "order": 10,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "11_datacenter": {
            "title": "datacenter",
            "mapping": "${PINCH.LOOP.datacenter}",
            "order": 11,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "12_asn": {
            "title": "asn",
            "mapping": "${PINCH.LOOP.asn}",
            "order": 12,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "13_os": {
            "title": "os",
            "mapping": "${PINCH.LOOP.os}",
            "order": 13,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "14_link": {
            "title": "link",
            "mapping": "${PINCH.LOOP.link}",
            "order": 14,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        },
        "15_tor": {
            "title": "tor",
            "mapping": "${PINCH.LOOP.tor}",
            "order": 15,
            "jsonpath": "$.records[:10].metadata",
            "jsonpathloop": true,
            "condition": "true"
        }
    },
    "disabled": false,
    "iocs": true,
    "authorizationType": "DEFAULT",
    "requestGroup": "INTERNET",
    "httpPostData": "ip=${PINCH.HOVERITEM}",
    "excludePivots": [],
    "sample": "119.29.198.201",
    "order": 999999
}
@cloudtracer
Copy link
Owner

Hi @co-devs,

Very cool, thanks for creating this. I was able to add it pretty easily and it looks to work great! I'll see about adding it the next time I push a release.

For future reference, on the settings page there is actually a "Share" button for all the API integrations, which will open a page that you can just copy the URL and share it with other people. If the integration has "User Defined" settings - such as API keys/passwords - these settings won't be shared, the person receiving the link will just need to add their own details to the user defined bits.

image

chrome-extension://ljdgplocfnmnofbhpkjclbefmjoikgke/src/options/wizard.html?RL=eyJsb29rdXBOYW1lIjoiR3JleU5vaXNlIiwibG9va3VwVmFyaWFibGUiOiJHUkVZTk9JU0UiLCJsb29rdXBUeXBlIjoiSVBWNCIsImxvb2t1cFVybCI6Imh0dHA6Ly9hcGkuZ3JleW5vaXNlLmlvOjg4ODgvdjEvcXVlcnkvaXAiLCJodHRwSGVhZGVycyI6IiIsImh0dHBUeXBlIjoiUE9TVCIsImRhdGFUeXBlIjoiSlNPTiIsImRhdGFTY2hlbWEiOnsiMF9HcmV5Tm9pc2UuaW8iOnsidGl0bGUiOiJHcmV5Tm9pc2UuaW8iLCJtYXBwaW5nIjoiJHtQSU5DSC5MSU5LVVJMfSIsIm9yZGVyIjowLCJsaW5rVGl0bGUiOiIke1BJTkNILkhPVkVSSVRFTX0iLCJsaW5rVXJsIjoiaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS9zZWFyY2g/cT0ke1BJTkNILkhPVkVSSVRFTX0ifSwiMV9yZXR1cm5lZF9jb3VudCI6eyJ0aXRsZSI6InJldHVybmVkX2NvdW50IiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UucmV0dXJuZWRfY291bnR9Iiwib3JkZXIiOjF9LCIyX25hbWUiOnsidGl0bGUiOiJuYW1lIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5uYW1lfSIsIm9yZGVyIjoyLCJqc29ucGF0aCI6IiQucmVjb3Jkc1s6MTBdIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjNfZmlyc3Rfc2VlbiI6eyJ0aXRsZSI6ImZpcnN0X3NlZW4iLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLmZpcnN0X3NlZW59Iiwib3JkZXIiOjMsImpzb25wYXRoIjoiJC5yZWNvcmRzWzoxMF0iLCJqc29ucGF0aGxvb3AiOnRydWUsImNvbmRpdGlvbiI6InRydWUifSwiNF9sYXN0X3VwZGF0ZWQiOnsidGl0bGUiOiJsYXN0X3VwZGF0ZWQiLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLmxhc3RfdXBkYXRlZH0iLCJvcmRlciI6NCwianNvbnBhdGgiOiIkLnJlY29yZHNbOjEwXSIsImpzb25wYXRobG9vcCI6dHJ1ZSwiY29uZGl0aW9uIjoidHJ1ZSJ9LCI1X2NvbmZpZGVuY2UiOnsidGl0bGUiOiJjb25maWRlbmNlIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5jb25maWRlbmNlfSIsIm9yZGVyIjo1LCJqc29ucGF0aCI6IiQucmVjb3Jkc1s6MTBdIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjZfaW50ZW50aW9uIjp7InRpdGxlIjoiaW50ZW50aW9uIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5pbnRlbnRpb259Iiwib3JkZXIiOjYsImpzb25wYXRoIjoiJC5yZWNvcmRzWzoxMF0iLCJqc29ucGF0aGxvb3AiOnRydWUsImNvbmRpdGlvbiI6InRydWUifSwiN19jYXRlZ29yeSI6eyJ0aXRsZSI6ImNhdGVnb3J5IiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5jYXRlZ29yeX0iLCJvcmRlciI6NywianNvbnBhdGgiOiIkLnJlY29yZHNbOjEwXSIsImpzb25wYXRobG9vcCI6dHJ1ZSwiY29uZGl0aW9uIjoidHJ1ZSJ9LCI4X29yZyI6eyJ0aXRsZSI6Im9yZyIsIm1hcHBpbmciOiIke1BJTkNILkxPT1Aub3JnfSIsIm9yZGVyIjo4LCJqc29ucGF0aCI6IiQucmVjb3Jkc1s6MTBdLm1ldGFkYXRhIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjlfcmRucyI6eyJ0aXRsZSI6InJkbnMiLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLnJkbnN9Iiwib3JkZXIiOjksImpzb25wYXRoIjoiJC5yZWNvcmRzWzoxMF0ubWV0YWRhdGEiLCJqc29ucGF0aGxvb3AiOnRydWUsImNvbmRpdGlvbiI6InRydWUifSwiMTBfcmRuc19wYXJlbnQiOnsidGl0bGUiOiJyZG5zX3BhcmVudCIsIm1hcHBpbmciOiIke1BJTkNILkxPT1AucmRuc19wYXJlbnR9Iiwib3JkZXIiOjEwLCJqc29ucGF0aCI6IiQucmVjb3Jkc1s6MTBdLm1ldGFkYXRhIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjExX2RhdGFjZW50ZXIiOnsidGl0bGUiOiJkYXRhY2VudGVyIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5kYXRhY2VudGVyfSIsIm9yZGVyIjoxMSwianNvbnBhdGgiOiIkLnJlY29yZHNbOjEwXS5tZXRhZGF0YSIsImpzb25wYXRobG9vcCI6dHJ1ZSwiY29uZGl0aW9uIjoidHJ1ZSJ9LCIxMl9hc24iOnsidGl0bGUiOiJhc24iLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLmFzbn0iLCJvcmRlciI6MTIsImpzb25wYXRoIjoiJC5yZWNvcmRzWzoxMF0ubWV0YWRhdGEiLCJqc29ucGF0aGxvb3AiOnRydWUsImNvbmRpdGlvbiI6InRydWUifSwiMTNfb3MiOnsidGl0bGUiOiJvcyIsIm1hcHBpbmciOiIke1BJTkNILkxPT1Aub3N9Iiwib3JkZXIiOjEzLCJqc29ucGF0aCI6IiQucmVjb3Jkc1s6MTBdLm1ldGFkYXRhIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjE0X2xpbmsiOnsidGl0bGUiOiJsaW5rIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUC5saW5rfSIsIm9yZGVyIjoxNCwianNvbnBhdGgiOiIkLnJlY29yZHNbOjEwXS5tZXRhZGF0YSIsImpzb25wYXRobG9vcCI6dHJ1ZSwiY29uZGl0aW9uIjoidHJ1ZSJ9LCIxNV90b3IiOnsidGl0bGUiOiJ0b3IiLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLnRvcn0iLCJvcmRlciI6MTUsImpzb25wYXRoIjoiJC5yZWNvcmRzWzoxMF0ubWV0YWRhdGEiLCJqc29ucGF0aGxvb3AiOnRydWUsImNvbmRpdGlvbiI6InRydWUifX0sImRpc2FibGVkIjpmYWxzZSwiaW9jcyI6dHJ1ZSwiYXV0aG9yaXphdGlvblR5cGUiOiJERUZBVUxUIiwicmVxdWVzdEdyb3VwIjoiSU5URVJORVQiLCJodHRwUG9zdERhdGEiOiJpcD0ke1BJTkNILkhPVkVSSVRFTX0iLCJleGNsdWRlUGl2b3RzIjpbXSwic2FtcGxlIjoiMTE5LjI5LjE5OC4yMDEiLCJvcmRlciI6NTh9

@co-devs
Copy link
Author

co-devs commented Feb 3, 2019

I totally missed that share button, thanks for the follow up!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@co-devs @cloudtracer