Synper Content #
SNYPR Content is a set of out-of-the-box connectors, parsers, reports, dashboards, policies, and threat models for datasources that can be ingested and used in SNYPR. SNYPR 6.4 introduces Content Management to update and deploy content in a couple of steps. The Securonix content team has a master repository where they upload new content to share. Customers have their own local content repository in the file system located at “$SECURONIX_HOME/content/data”. Content administrators or detection engineers can efficiently download new updates and deploy new content in their SNYPR environment.
Example #
- Getting Started
- Commit Content # SNYPR content is categorized by functionality. Functionality is a category that defines a datasource type. For example: Web Proxy is a functionality and Blue Coat Proxy is a datasource. By categorizing datasources by functionality, SNYPR can apply similar parsers, policies, and threat models to all datasources with similar functionality. The functionality determines what content is available when you import the datasource. For a list of functionality supported by SNYPR, see Supported Functionality.
- Connectors
- Connectors # SNYPR provides out-of-box connectors to import activity events from various datasources. Before you can setup the ingestion process, you have to check if an out-of-box connector is available for the datasource. There are three scenarios that can occur: The out-of-box connector is available. The out-of-box connector is available but parser is not available. The out-of-box connector is not available.
- Data Dictionary
- Data Dictionary # Data Dictionary simplifies the ingestion, analytics, and hunting processes by providing consistent and easy to understand labels for data ingested from various datasources. These labels provide uniformity to data ingested from multiple datasources within a functionality. Content developers can use these mapped labels to create policies that can be used for multiple datasources. This reduces the time and effort a content developer has to spend on creating policies for different datasources.