Proxy support for Python API module

The newversion of the Python module is now proxy aware. If you run it from an internal network and need to set a proxy, do it like this:

st = ShadowTrackr(api_key=API_KEY)
st.set_proxy(“10.0.0.1:8080”)

You can find the code on Github or just update it with:

pip install shadowtrackr —upgrade 

Group by field in search results

Again more search options this week. The first and most important one is that you can now group by any field in the data model with the keyword by.

For example if you want to get a list of all the registrars you used to buy your domain names, you do:

  index=whois by registrar

Or if you want to have a list of ISPs you use:

  index=hosts by isp

The results will automatically have a field called count that shows the number of search results grouped in the by field. This is quite useful input for pie charts too.

Other new additions are the earliest and latest keywords. They allow you to specify date ranges the easy way. For example if you want all certificate issuers used in the last month:

  index=certificates by issuer latest=-1m

More details on the Search and Queries page.

New search options

This weeks update brings more search options. Until now you could search some fields, but not all. And the query language was functional but limited. That all changed.

First, you should have a look at the updated Data Model. It shows all types of data (indexes) that you can search and the fields that are available.

Searching should be easy and we don’t want you to learn yet another query language. So, instead you can use both Elastic Search (also known as Lucene) syntax and Splunk SPL syntax. The ShadowTracker query parser is quite forgiving and even allows mixing the two styles. And of course it’s backwards compatible with the old search style. Details and examples are on the Search and Queries page.