Guide to Synapse and Storm Resources

by thesilence | 2024-10-15


The Synapse central intelligence system includes a broad range of features and functionality. Similarly, the Storm query language used to interact with Synapse can be used for basic queries that are easy to master, as well as for advanced tasks such as creating Synapse Power-Ups.

With so many available options, it can be challenging to know where to start! This blog will point you to the most useful resources to get up and running with Synapse and Storm.

Basics

Tip

Synapse has a passionate and supportive community willing to share knowledge and help others! If you have questions or simply can't find what you're looking for, the Slack channel is a great place to ask.

Getting Started with Synapse

Overview

Customize your Synapse environment

  • Learn how to customize your UI with our video.

  • Learn how to customize your UI with our user guide.

Fork a View

Use Cases

  • Our video library highlights a range of Synapse features and capabilities, including videos that focus on a variety of specific use cases.

  • Our blog describes use cases as well as helpful overviews of Synapse features. Some blogs include sample data you can download as a .nodes file that can be imported into your demo instance.

Working with Power-Ups

Getting Started with Storm

Learn Synapse and Storm with Real-World Examples

The best way to learn Synapse and Storm is to jump right in! There are several resources to help you learn Synapse, the Synapse UI, and Storm, using real-world data. You will need a demo instance for the following:

  • APT1 Scavenger Hunt: Answer a series of analytical challenges based on Mandiant's (now part of Google Cloud) APT1 report. The Scavenger Hunt includes step-by-step setup instructions and questions (challenges), hints (if you need them!), answers, and detailed explanations. Download the Scavenger Hunt document here.

  • KC7 EnvolveLabs: Created in partnership with the KC7 Foundation, EnvolveLabs is a KC7 Cyber Game module that uses Synapse to investigate a security incident. The scenario walks you through some basics, but then challenges you to use your Synapse and Storm skills to answer a series of questions. Register on the KC7 website to access the learning exercises.

  • Synapse Bootcamp: Synapse Bootcamp is a guided introdction to Synapse. Bootcamp was developed (and is still offered) as an online training course that combines instructor presentations and demos with hands-on student exercises. The Vertex Project offers the course materials (slides, exercises, and exercise answer keys) for download for individuals to work through the course on their own. Visit the Bootcamp page of our website for additional information and download links.

Useful Synapse Background

Learn about Synapse's data model

Learn about Synapse's analytical model (tags)

Learn about automation in Synapse

Help

Synapse's documentation is quite extensive, which is why we've listed several of our most useful resources above. That said, you can always refer directly to our Help resources:

To learn more about Synapse, join our Slack Community, check out our videos on YouTube, and follow us on Twitter.