synapse 2.160.0__py311-none-any.whl → 2.162.0__py311-none-any.whl

synapse/lib/stormtypes.py

@@ -40,6 +40,7 @@ import synapse.lib.provenance as s_provenance
 logger = logging.getLogger(__name__)
 
 class Undef:
+    _storm_typename = 'undef'
     async def stormrepr(self):
         return '$lib.undef'
 
@@ -51,8 +52,8 @@ def confirm(perm, gateiden=None):
 def allowed(perm, gateiden=None):
     return s_scope.get('runt').allowed(perm, gateiden=gateiden)
 
-def confirmEasyPerm(item, perm):
-    return s_scope.get('runt').confirmEasyPerm(item, perm)
+def confirmEasyPerm(item, perm, mesg=None):
+    return s_scope.get('runt').confirmEasyPerm(item, perm, mesg=mesg)
 
 def allowedEasyPerm(item, perm):
     return s_scope.get('runt').allowedEasyPerm(item, perm)
@@ -1085,13 +1086,6 @@ class LibBase(Lib):
                       {'name': '*vals', 'type': 'any', 'desc': 'Initial values to place in the set.', },
                   ),
                   'returns': {'type': 'set', 'desc': 'The new set.', }}},
-        {'name': 'dict', 'desc': 'Get a Storm Dict object.',
-         'type': {'type': 'function', '_funcname': '_dict',
-                  'args': (
-                      {'name': '**kwargs', 'type': 'any',
-                       'desc': 'Initial set of keyword argumetns to place into the dict.', },
-                  ),
-                  'returns': {'type': 'dict', 'desc': 'A dictionary object.', }}},
         {'name': 'exit', 'desc': 'Cause a Storm Runtime to stop running.',
          'type': {'type': 'function', '_funcname': '_exit',
                   'args': (
@@ -1147,7 +1141,7 @@ class LibBase(Lib):
             Examples:
                 Create a dictionary object with a key whose value is null, and call ``$lib.fire()`` with it::
 
-                    cli> storm $d=$lib.dict(key=$lib.null) $lib.fire('demo', d=$d)
+                    cli> storm $d=({"key": $lib.null}) $lib.fire('demo', d=$d)
                     ('storm:fire', {'type': 'demo', 'data': {'d': {'key': None}}})
             ''',
             'type': 'null', },
@@ -1227,7 +1221,7 @@ class LibBase(Lib):
 
                 Format and print string based on variables::
 
-                    cli> storm $d=$lib.dict(key1=(1), key2="two")
+                    cli> storm $d=({"key1": (1), "key2": "two"})
                          for ($key, $value) in $d { $lib.print('{k} => {v}', k=$key, v=$value) }
                     key1 => 1
                     key2 => two
@@ -1377,7 +1371,6 @@ class LibBase(Lib):
             'max': self._max,
             'set': self._set,
             'copy': self._copy,
-            'dict': self._dict,
             'exit': self._exit,
             'guid': self._guid,
             'fire': self._fire,
@@ -1677,16 +1670,125 @@ class LibBase(Lib):
         mesg = await self._get_mesg(mesg, **kwargs)
         await self.runt.warn(mesg, log=False)
 
-    @stormfunc(readonly=True)
-    async def _dict(self, **kwargs):
-        return Dict(kwargs)
-
     @stormfunc(readonly=True)
     async def _fire(self, name, **info):
         info = await toprim(info)
         s_common.reqjsonsafe(info)
         await self.runt.snap.fire('storm:fire', type=name, data=info)
 
+@registry.registerLib
+class LibDict(Lib):
+    '''
+    A Storm Library for interacting with dictionaries.
+    '''
+    _storm_locals = (
+        {'name': 'keys', 'desc': 'Retrieve a list of keys in the specified dictionary.',
+         'type': {'type': 'function', '_funcname': '_keys',
+                  'args': (
+                      {'name': 'valu', 'type': 'dict', 'desc': 'The dictionary to operate on.'},
+                  ),
+                  'returns': {'type': 'list', 'desc': 'List of keys in the specified dictionary.', }}},
+        {'name': 'pop', 'desc': 'Remove specified key and return the corresponding value.',
+         'type': {'type': 'function', '_funcname': '_pop',
+                  'args': (
+                      {'name': 'valu', 'type': 'dict', 'desc': 'The dictionary to operate on.'},
+                      {'name': 'key', 'type': 'str', 'desc': 'The key name of the value to pop.'},
+                      {'name': 'default', 'type': 'any', 'default': '$lib.undef',
+                       'desc': 'Optional default value to return if the key does not exist in the dictionary.'},
+                  ),
+                  'returns': {'type': 'any', 'desc': 'The popped value.', }}},
+        {'name': 'update', 'desc': 'Update the specified dictionary with keys/values from another dictionary.',
+         'type': {'type': 'function', '_funcname': '_update',
+                  'args': (
+                      {'name': 'valu', 'type': 'dict', 'desc': 'The target dictionary (update to).'},
+                      {'name': 'other', 'type': 'dict', 'desc': 'The source dictionary (update from).'},
+                  ),
+                  'returns': {'type': 'null'}}},
+        {'name': 'values', 'desc': 'Retrieve a list of values in the specified dictionary.',
+         'type': {'type': 'function', '_funcname': '_values',
+                  'args': (
+                      {'name': 'valu', 'type': 'dict', 'desc': 'The dictionary to operate on.'},
+                  ),
+                  'returns': {'type': 'list', 'desc': 'List of values in the specified dictionary.', }}},
+    )
+    _storm_lib_path = ('dict',)
+
+    def getObjLocals(self):
+        return {
+            'has': self._has,
+            'keys': self._keys,
+            'pop': self._pop,
+            'update': self._update,
+            'values': self._values,
+        }
+
+    async def _check_type(self, valu, name='valu'):
+        if isinstance(valu, (dict, Dict)):
+            return
+
+        typ = getattr(valu, '_storm_typename', None)
+        if typ is None:
+            prim = await toprim(valu)
+            typ = type(prim).__name__
+
+        mesg = f'{name} argument must be a dict, not {typ}.'
+        raise s_exc.BadArg(mesg=mesg)
+
+    @stormfunc(readonly=True)
+    async def _has(self, valu, name):
+        await self._check_type(valu)
+        valu = await toprim(valu)
+        return name in valu
+
+    @stormfunc(readonly=True)
+    async def _keys(self, valu):
+        await self._check_type(valu)
+        valu = await toprim(valu)
+        return list(valu.keys())
+
+    @stormfunc(readonly=True)
+    async def _pop(self, valu, key, default=undef):
+        await self._check_type(valu)
+
+        real = await toprim(valu)
+        key = await tostr(key)
+
+        if key not in real:
+            if default == undef:
+                mesg = f'Key {key} does not exist in dictionary.'
+                raise s_exc.BadArg(mesg=mesg)
+            return await toprim(default)
+
+        # Make sure we have a storm Dict
+        valu = fromprim(valu)
+
+        ret = await valu.deref(key)
+        await valu.setitem(key, undef)
+        return ret
+
+    @stormfunc(readonly=True)
+    async def _update(self, valu, other):
+        await self._check_type(valu)
+        await self._check_type(other, name='other')
+
+        valu = fromprim(valu)
+        other = await toprim(other)
+
+        for k, v in other.items():
+            await valu.setitem(k, v)
+
+    @stormfunc(readonly=True)
+    async def _values(self, valu):
+        await self._check_type(valu)
+
+        valu = await toprim(valu)
+        return list(valu.values())
+
+    async def __call__(self, **kwargs):
+        s_common.deprecated('$lib.dict()', curv='2.161.0')
+        await self.runt.snap.warnonce('$lib.dict() is deprecated. Use ({}) instead.')
+        return Dict(kwargs)
+
 @registry.registerLib
 class LibPs(Lib):
     '''
@@ -1700,7 +1802,7 @@ class LibPs(Lib):
                        'desc': 'The prefix of the task to stop. '
                                'Tasks will only be stopped if there is a single prefix match.'},
                   ),
-                  'returns': {'type': 'boolean', 'desc': ' True if the task was cancelled, False otherwise.', }}},
+                  'returns': {'type': 'boolean', 'desc': 'True if the task was cancelled, False otherwise.', }}},
         {'name': 'list', 'desc': 'List tasks the current user can access.',
          'type': {'type': 'function', '_funcname': '_list',
                   'returns': {'type': 'list', 'desc': 'A list of task definitions.', }}},
@@ -1826,7 +1928,7 @@ class LibAxon(Lib):
             Example:
                 Get the Vertex Project website::
 
-                    $headers = $lib.dict()
+                    $headers = ({})
                     $headers."User-Agent" = Foo/Bar
 
                     $resp = $lib.axon.wget("http://vertex.link", method=GET, headers=$headers)
@@ -1872,7 +1974,7 @@ class LibAxon(Lib):
                   ),
                   'returns': {'type': 'dict', 'desc': 'A status dictionary of metadata.'}}},
         {'name': 'urlfile', 'desc': '''
-            Retrive the target URL using the wget() function and construct an inet:urlfile node from the response.
+            Retrieve the target URL using the wget() function and construct an inet:urlfile node from the response.
 
             Notes:
                 This accepts the same arguments as ``$lib.axon.wget()``.
@@ -2365,6 +2467,9 @@ class LibBytes(Lib):
         }
 
     async def _libBytesUpload(self, genr):
+
+        self.runt.confirm(('axon', 'upload'), default=True)
+
         await self.runt.snap.core.getAxon()
         async with await self.runt.snap.core.axon.upload() as upload:
             async for byts in s_coro.agen(genr):
@@ -2378,6 +2483,8 @@ class LibBytes(Lib):
         if sha256 is None:
             return None
 
+        self.runt.confirm(('axon', 'has'), default=True)
+
         await self.runt.snap.core.getAxon()
         todo = s_common.todo('has', s_common.uhex(sha256))
         ret = await self.dyncall('axon', todo)
@@ -2386,6 +2493,9 @@ class LibBytes(Lib):
     @stormfunc(readonly=True)
     async def _libBytesSize(self, sha256):
         sha256 = await tostr(sha256)
+
+        self.runt.confirm(('axon', 'has'), default=True)
+
         await self.runt.snap.core.getAxon()
         todo = s_common.todo('size', s_common.uhex(sha256))
         ret = await self.dyncall('axon', todo)
@@ -2396,6 +2506,8 @@ class LibBytes(Lib):
             mesg = '$lib.bytes.put() requires a bytes argument'
             raise s_exc.BadArg(mesg=mesg)
 
+        self.runt.confirm(('axon', 'upload'), default=True)
+
         await self.runt.snap.core.getAxon()
         todo = s_common.todo('put', byts)
         size, sha2 = await self.dyncall('axon', todo)
@@ -2405,6 +2517,9 @@ class LibBytes(Lib):
     @stormfunc(readonly=True)
     async def _libBytesHashset(self, sha256):
         sha256 = await tostr(sha256)
+
+        self.runt.confirm(('axon', 'has'), default=True)
+
         await self.runt.snap.core.getAxon()
         todo = s_common.todo('hashset', s_common.uhex(sha256))
         ret = await self.dyncall('axon', todo)
@@ -3207,7 +3322,7 @@ class Pipe(StormType):
         {'name': 'put', 'desc': 'Add a single item to the Pipe.',
          'type': {'type': 'function', '_funcname': '_methPipePut',
                   'args': (
-                      {'name': 'item', 'type': 'any', 'desc': ' An object to add to the Pipe.', },
+                      {'name': 'item', 'type': 'any', 'desc': 'An object to add to the Pipe.', },
                   ),
                   'returns': {'type': 'null', }}},
         {'name': 'puts', 'desc': 'Add a list of items to the Pipe.',
@@ -4056,6 +4171,9 @@ class Str(Prim):
                        'desc': 'Keyword values which are substituted into the string.', },
                   ),
                   'returns': {'type': 'str', 'desc': 'The new string.', }}},
+        {'name': 'json', 'desc': 'Parse a JSON string and return the deserialized data.',
+         'type': {'type': 'function', '_funcname': '_methStrJson', 'args': (),
+                  'returns': {'type': 'prim', 'desc': 'The JSON deserialized object.', }}},
     )
     _storm_typename = 'str'
     _ismutable = False
@@ -4085,6 +4203,7 @@ class Str(Prim):
             'slice': self._methStrSlice,
             'reverse': self._methStrReverse,
             'format': self._methStrFormat,
+            'json': self._methStrJson,
         }
 
     def __int__(self):
@@ -4200,6 +4319,14 @@ class Str(Prim):
     async def _methStrReverse(self):
         return self.valu[::-1]
 
+    @stormfunc(readonly=True)
+    async def _methStrJson(self):
+        try:
+            return json.loads(self.valu, strict=True)
+        except Exception as e:
+            mesg = f'Text is not valid JSON: {self.valu}'
+            raise s_exc.BadJsonText(mesg=mesg)
+
 @registry.registerType
 class Bytes(Prim):
     '''
@@ -5536,7 +5663,7 @@ class NodeData(Prim):
                       {'name': 'name', 'type': 'str', 'desc': 'Name of the data to get.', },
                   ),
                   'returns': {'type': 'prim', 'desc': 'The stored node data.', }}},
-        {'name': 'pop', 'desc': ' Pop (remove) a the Node data from the Node.',
+        {'name': 'pop', 'desc': 'Pop (remove) a the Node data from the Node.',
          'type': {'type': 'function', '_funcname': '_popNodeData',
                   'args': (
                       {'name': 'name', 'type': 'str', 'desc': 'The name of the data to remove from the node.', },
@@ -7177,6 +7304,17 @@ class View(Prim):
                   'args': (),
                   'returns': {'type': 'null', }}},
 
+        {'name': 'getMergeRequestSummary',
+         'desc': 'Return the merge request, votes, parent quorum definition, and current layer offset.',
+         'type': {'type': 'function', '_funcname': 'getMergeRequestSummary',
+                  'args': (),
+                  'returns': {'type': 'dict', 'desc': 'The summary info.'}}},
+
+        {'name': 'getMergeRequest', 'desc': 'Return the existing merge request or null.',
+         'type': {'type': 'function', '_funcname': 'getMergeRequest',
+                  'args': (),
+                  'returns': {'type': 'dict', 'desc': 'The merge request.'}}},
+
         {'name': 'setMergeRequest', 'desc': 'Setup a merge request for the view in the current state.',
          'type': {'type': 'function', '_funcname': 'setMergeRequest',
                   'args': (
@@ -7188,6 +7326,7 @@ class View(Prim):
          'type': {'type': 'function', '_funcname': 'delMergeRequest',
                   'args': (),
                   'returns': {'type': 'dict', 'desc': 'The deleted merge request.'}}},
+
         {'name': 'setMergeVote', 'desc': 'Register a vote for or against the current merge request.',
          'type': {'type': 'function', '_funcname': 'setMergeVote',
                   'args': (
@@ -7197,6 +7336,7 @@ class View(Prim):
                        'desc': 'A comment attached to the vote.'},
                   ),
                   'returns': {'type': 'dict', 'desc': 'The vote record that was created.'}}},
+
         {'name': 'delMergeVote', 'desc': '''
             Remove a previously created merge vote.
 
@@ -7256,6 +7396,8 @@ class View(Prim):
             'getMerges': self.getMerges,
             'delMergeVote': self.delMergeVote,
             'setMergeVote': self.setMergeVote,
+            'getMergeRequest': self.getMergeRequest,
+            'getMergeRequestSummary': self.getMergeRequestSummary,
             'delMergeRequest': self.delMergeRequest,
             'setMergeRequest': self.setMergeRequest,
         }
@@ -7516,6 +7658,28 @@ class View(Prim):
         async for merge in view.getMerges():
             yield merge
 
+    async def getMergeRequestSummary(self):
+
+        view = self._reqView()
+        self.runt.confirm(('view', 'read'), gateiden=view.iden)
+
+        retn = {
+            'quorum': view.reqParentQuorum(),
+            'merge': view.getMergeRequest(),
+            'merging': view.merging,
+            'votes': [vote async for vote in view.getMergeVotes()],
+            'offset': await view.layers[0].getEditIndx(),
+        }
+        return retn
+
+    async def getMergeRequest(self):
+
+        view = self._reqView()
+        self.runt.confirm(('view', 'read'), gateiden=view.iden)
+
+        quorum = view.reqParentQuorum()
+        return view.getMergeRequest()
+
     async def delMergeRequest(self):
 
         view = self._reqView()
@@ -7554,6 +7718,8 @@ class View(Prim):
             mesg = 'You are not a member of a role with voting privileges for this merge request.'
             raise s_exc.AuthDeny(mesg=mesg)
 
+        view.reqValidVoter(self.runt.user.iden)
+
         vote = {'user': self.runt.user.iden, 'approved': await tobool(approved)}
 
         if comment is not None:

synapse/lib/trigger.py

@@ -49,6 +49,7 @@ TrigSchema = {
         'storm': {'type': 'string'},
         'async': {'type': 'boolean'},
         'enabled': {'type': 'boolean'},
+        'created': {'type': 'integer', 'minimum': 0},
     },
     'additionalProperties': True,
     'required': ['iden', 'user', 'storm', 'enabled'],
@@ -594,6 +595,7 @@ class Trigger:
             'storm': self.tdef.get('storm'),
             'enabled': self.tdef.get('enabled'),
             'user': self.tdef.get('user'),
+            '.created': self.tdef.get('created')
         }
 
         tag = self.tdef.get('tag')

synapse/lib/version.py

@@ -223,6 +223,6 @@ def reqVersion(valu, reqver,
 ##############################################################################
 # The following are touched during the release process by bumpversion.
 # Do not modify these directly.
-version = (2, 160, 0)
+version = (2, 162, 0)
 verstring = '.'.join([str(x) for x in version])
-commit = '26159d5e188ef3c0dbaf2abf2e1aec803e90e7f3'
+commit = '4f4fa04685adceb99beb700b2d51b0f99afe801b'

synapse/lib/view.py

@@ -190,17 +190,23 @@ class View(s_nexus.Pusher):  # type: ignore
         s_schemas.reqValidMerge(mergeinfo)
         lkey = self.bidn + b'merge:req'
         self.core.slab.put(lkey, s_msgpack.en(mergeinfo), db='view:meta')
+        await self.core.feedBeholder('view:merge:request:set', {'view': self.iden, 'merge': mergeinfo})
         return mergeinfo
 
-    @s_nexus.Pusher.onPushAuto('merge:del')
     async def delMergeRequest(self):
+        return await self._push('merge:del')
+
+    @s_nexus.Pusher.onPush('merge:del')
+    async def _delMergeRequest(self):
         self.reqParentQuorum()
         byts = self.core.slab.pop(self.bidn + b'merge:req', db='view:meta')
 
         await self._delMergeMeta()
 
         if byts is not None:
-            return s_msgpack.un(byts)
+            merge = s_msgpack.un(byts)
+            await self.core.feedBeholder('view:merge:request:del', {'view': self.iden, 'merge': merge})
+            return merge
 
     async def _delMergeMeta(self):
         for lkey in self.core.slab.scanKeysByPref(self.bidn + b'merge:', db='view:meta'):
@@ -262,15 +268,30 @@ class View(s_nexus.Pusher):  # type: ignore
         vote['offset'] = await self.layers[0].getEditIndx()
         return await self._push('merge:vote:set', vote)
 
+    def reqValidVoter(self, useriden):
+
+        merge = self.getMergeRequest()
+        if merge is None:
+            raise s_exc.BadState(mesg=f'View ({self.iden}) does not have a merge request.')
+
+        if merge.get('creator') == useriden:
+            raise s_exc.AuthDeny(mesg='A user may not vote for their own merge request.')
+
     @s_nexus.Pusher.onPush('merge:vote:set')
     async def _setMergeVote(self, vote):
 
         self.reqParentQuorum()
         s_schemas.reqValidVote(vote)
 
-        uidn = s_common.uhex(vote.get('user'))
+        useriden = vote.get('user')
+
+        self.reqValidVoter(useriden)
+
+        bidn = s_common.uhex(useriden)
 
-        self.core.slab.put(self.bidn + b'merge:vote' + uidn, s_msgpack.en(vote), db='view:meta')
+        self.core.slab.put(self.bidn + b'merge:vote' + bidn, s_msgpack.en(vote), db='view:meta')
+
+        await self.core.feedBeholder('view:merge:vote:set', {'view': self.iden, 'vote': vote})
 
         tick = vote.get('created')
         await self.tryToMerge(tick)
@@ -286,12 +307,16 @@ class View(s_nexus.Pusher):  # type: ignore
         self.reqParentQuorum()
         uidn = s_common.uhex(useriden)
 
+        vote = None
         byts = self.core.slab.pop(self.bidn + b'merge:vote' + uidn, db='view:meta')
 
+        if byts is not None:
+            vote = s_msgpack.un(byts)
+            await self.core.feedBeholder('view:merge:vote:del', {'view': self.iden, 'vote': vote})
+
         await self.tryToMerge(tick)
 
-        if byts is not None:
-            return s_msgpack.un(byts)
+        return vote
 
     async def initMergeTask(self):
 
@@ -1058,10 +1083,16 @@ class View(s_nexus.Pusher):  # type: ignore
                 # TODO hack a schema test until the setViewInfo API is updated to
                 # enforce ( which will need to be done very carefully to prevent
                 # existing non-compliant values from causing issues with existing views )
-                vdef = self.info.pack()
-                vdef['quorum'] = s_msgpack.deepcopy(valu)
-
-                s_schemas.reqValidView(vdef)
+                if valu is not None:
+                    vdef = self.info.pack()
+                    vdef['quorum'] = s_msgpack.deepcopy(valu)
+                    s_schemas.reqValidView(vdef)
+                else:
+                    for view in self.core.views.values():
+                        if view.parent != self:
+                            continue
+                        if view.getMergeRequest() is not None:
+                            await view._delMergeRequest()
 
             if valu is None:
                 await self.info.pop(name)
@@ -1387,6 +1418,7 @@ class View(s_nexus.Pusher):  # type: ignore
 
         root = await self.core.auth.getUserByName('root')
 
+        tdef.setdefault('created', s_common.now())
         tdef.setdefault('user', root.iden)
         tdef.setdefault('async', False)
         tdef.setdefault('enabled', True)

synapse/models/inet.py

@@ -1560,6 +1560,15 @@ class InetModule(s_module.CoreModule):
                         ('headers', ('array', {'type': 'inet:email:header'}), {
                             'doc': 'An array of email headers from the message.'}),
 
+                        ('received:from:ipv4', ('inet:ipv4', {}), {
+                            'doc': 'The sending SMTP server IPv4, potentially from the Received: header.'}),
+
+                        ('received:from:ipv6', ('inet:ipv6', {}), {
+                            'doc': 'The sending SMTP server IPv6, potentially from the Received: header.'}),
+
+                        ('received:from:fqdn', ('inet:fqdn', {}), {
+                            'doc': 'The sending server FQDN, potentially from the Received: header.'}),
+
                     )),
 
                     ('inet:email:header', {}, (

synapse/models/infotech.py

@@ -1143,10 +1143,11 @@ class ItModule(s_module.CoreModule):
                     ('url', ('inet:url', {}), {
                         'doc': 'The URL that documents the ATT&CK group.',
                     }),
+
                     ('tag', ('syn:tag', {}), {
-                        'doc': 'The synapse tag used to annotate nodes included in this ATT&CK group ID.',
-                        'ex': 'cno.mitre.g0100',
-                    }),
+                        'deprecated': True,
+                        'doc': 'Deprecated. Please use a risk:threat:tag.'}),
+
                     ('references', ('array', {'type': 'inet:url', 'uniq': True}), {
                         'doc': 'An array of URLs that document the ATT&CK group.',
                     }),
@@ -1171,12 +1172,12 @@ class ItModule(s_module.CoreModule):
                         'disp': {'hint': 'text'},
                     }),
                     ('url', ('inet:url', {}), {
-                        'doc': 'The URL that documents the ATT&CK tactic.',
-                    }),
+                        'doc': 'The URL that documents the ATT&CK tactic.'}),
+
                     ('tag', ('syn:tag', {}), {
-                        'doc': 'The synapse tag used to annotate nodes included in this ATT&CK tactic.',
-                        'ex': 'cno.mitre.ta0100',
-                    }),
+                        'deprecated': True,
+                        'doc': 'Deprecated.'}),
+
                     ('references', ('array', {'type': 'inet:url', 'uniq': True}), {
                         'doc': 'An array of URLs that document the ATT&CK tactic.',
                     }),
@@ -1199,12 +1200,12 @@ class ItModule(s_module.CoreModule):
                         'disp': {'hint': 'text'},
                     }),
                     ('url', ('inet:url', {}), {
-                        'doc': 'The URL that documents the ATT&CK technique.',
-                    }),
+                        'doc': 'The URL that documents the ATT&CK technique.'}),
+
                     ('tag', ('syn:tag', {}), {
-                        'doc': 'The synapse tag used to annotate nodes included in this ATT&CK technique.',
-                        'ex': 'cno.mitre.t0100',
-                    }),
+                        'deprecated': True,
+                        'doc': 'Deprecated. Please use ou:technique:tag.'}),
+
                     ('references', ('array', {'type': 'inet:url', 'uniq': True}), {
                         'doc': 'An array of URLs that document the ATT&CK technique.',
                     }),
@@ -1234,12 +1235,12 @@ class ItModule(s_module.CoreModule):
                         'doc': 'If deprecated, this field may contain the current value for the software.',
                     }),
                     ('url', ('inet:url', {}), {
-                        'doc': 'The URL that documents the ATT&CK software.',
-                    }),
+                        'doc': 'The URL that documents the ATT&CK software.'}),
+
                     ('tag', ('syn:tag', {}), {
-                        'doc': 'The synapse tag used to annotate nodes included in this ATT&CK software.',
-                        'ex': 'cno.mitre.s0100',
-                    }),
+                        'deprecated': True,
+                        'doc': 'Deprecated. Please use risk:tool:software:tag.'}),
+
                     ('references', ('array', {'type': 'inet:url', 'uniq': True}), {
                         'doc': 'An array of URLs that document the ATT&CK software.',
                     }),
@@ -1261,12 +1262,12 @@ class ItModule(s_module.CoreModule):
                         'disp': {'hint': 'text'},
                     }),
                     ('url', ('inet:url', {}), {
-                        'doc': 'The URL that documents the ATT&CK mitigation.',
-                    }),
+                        'doc': 'The URL that documents the ATT&CK mitigation.'}),
+
                     ('tag', ('syn:tag', {}), {
-                        'doc': 'The synapse tag used to annotate nodes included in this ATT&CK mitigation.',
-                        'ex': 'cno.mitre.m0100',
-                    }),
+                        'deprecated': True,
+                        'doc': 'Deprecated. Please use risk:mitigation:tag.'}),
+
                     ('references', ('array', {'type': 'inet:url', 'uniq': True}), {
                         'doc': 'An array of URLs that document the ATT&CK mitigation.',
                     }),
@@ -1314,10 +1315,11 @@ class ItModule(s_module.CoreModule):
                         'doc': 'The time that the campaign was created by Mitre.'}),
                     ('updated', ('time', {}), {
                         'doc': 'The time that the campaign was last updated by Mitre.'}),
+
                     ('tag', ('syn:tag', {}), {
-                        'doc': 'The synapse tag used to annotate nodes included in this ATT&CK campaign.',
-                        'ex': 'cno.mitre.c0028',
-                    }),
+                        'deprecated': True,
+                        'doc': 'Deprecated. Please use ou:campaign:tag.'}),
+
                 )),
                 ('it:mitre:attack:flow', {}, (
                     ('name', ('str', {}), {

synapse/models/orgs.py

@@ -346,6 +346,9 @@ class OuModule(s_module.CoreModule):
                     ('name', ('str', {}), {
                         'doc': 'The friendly name of the id number type.',
                     }),
+                    ('url', ('inet:url', {}), {
+                        'doc': 'The official URL of the issuer.',
+                    }),
                 )),
                 ('ou:id:number', {}, (
                     ('type', ('ou:id:type', {}), {