Synapse Snippets

Helpful Storm code for the Synapse threat intelligence framework.

Reverse order of returned results in a query

reverse (<query>)

Inject a text filter into a query with Storm eval

See this gist for some extra info.

$filter="-#test.tag"
$iden=$lib.null
$instruction=`\{ yield $iden {$filter} return($node) }`
it:app:yara:rule:enabled=true
$iden = $node.iden()
+$lib.storm.eval($instruction)