Proxy support for Python API module
14 February 2022
The newversion of the Python module is now proxy aware. If you run it from an internal network and need to set a proxy, do it like this:
st = ShadowTrackr(api_key=API_KEY)
st.set_proxy(“10.0.0.1:8080”)
You can find the code on
Github or just update it with:
pip install shadowtrackr —upgrade
Group by field in search results
31 January 2022
Again more search options this week. The first and most important one is that you can now group by any field in the
data model with the keyword
by.
For example if you want to get a list of all the registrars you used to buy your domain names, you do:
index=whois by registrar
Or if you want to have a list of ISPs you use:
index=hosts by isp
The results will automatically have a field called
count that shows the number of search results grouped in the
by field. This is quite useful input for pie charts too.
Other new additions are the
earliest and
latest keywords. They allow you to specify date ranges the easy way. For example if you want all certificate issuers used in the last month:
index=certificates by issuer latest=-1m
More details on the
Search and Queries page.
New search options
24 January 2022
This weeks update brings more search options. Until now you could search some fields, but not all. And the query language was functional but limited. That all changed.
First, you should have a look at the updated
Data Model. It shows all types of data (indexes) that you can search and the fields that are available.
Searching should be easy and we don’t want you to learn yet another query language. So, instead you can use both Elastic Search (also known as Lucene) syntax and Splunk SPL syntax. The ShadowTracker query parser is quite forgiving and even allows mixing the two styles. And of course it’s backwards compatible with the old search style. Details and examples are on the
Search and Queries page.