synapse 2.165.0__py311-none-any.whl → 2.166.0__py311-none-any.whl

synapse/lib/stormlib/cortex.py

@@ -3,6 +3,7 @@ import json
 import logging
 
 import synapse.exc as s_exc
+import synapse.telepath as s_telepath
 
 import synapse.lib.storm as s_storm
 import synapse.lib.stormtypes as s_stormtypes
@@ -86,6 +87,7 @@ stormcmds = [
             $lib.print(`!View: No view found ({$err.info.iden})`)
         }
         $lib.print(`Readonly: {$api.readonly}`)
+        $lib.print(`Pool enabled: {$api.pool}`)
         $lib.print(`Authenticated: {$api.authenticated}`)
         $lib.print(`Name: {$api.name}`)
         $lib.print(`Description: {$api.desc}`)
@@ -224,6 +226,9 @@ class HttpApi(s_stormtypes.StormType):
         ''',
          'type': {'type': ['stor', 'gtor'], '_storfunc': '_storPath', '_gtorfunc': '_gtorPath',
                   'returns': {'type': 'str'}}},
+        {'name': 'pool', 'desc': 'Boolean value indicating if the handler responses may be executed as part of a Storm pool.',
+         'type': {'type': ['stor', 'gtor'], '_storfunc': '_storPool', '_gtorfunc': '_gtorPool',
+                  'returns': {'type': 'boolean'}}},
         {'name': 'vars', 'desc': 'The Storm runtime variables specific for the API instance.',
          'type': {'type': ['stor', 'ctor'], '_storfunc': '_storVars', '_ctorfunc': '_ctorVars',
                   'returns': {'type': 'http:api:vars'}}},
@@ -242,6 +247,8 @@ class HttpApi(s_stormtypes.StormType):
         {'name': 'authenticated', 'desc': 'Boolean value indicating if the Extended HTTP API requires an authenticated user or session.',
          'type': {'type': ['stor', 'gtor'], '_storfunc': '_storAuthenticated', '_gtorfunc': '_gtorAuthenticated',
                   'returns': {'type': 'boolean'}}},
+        {'name': 'methods', 'desc': 'The dictionary containing the Storm code used to implement the HTTP methods.',
+         'type': {'type': ['ctor'], '_ctorfunc': '_ctorMethods', 'returns': {'type': 'http:api:methods'}}}
     )
 
     def __init__(self, runt, info):
@@ -257,6 +264,7 @@ class HttpApi(s_stormtypes.StormType):
             'name': self._storName,
             'desc': self._storDesc,
             'path': self._storPath,
+            'pool': self._storPool,
             'vars': self._storVars,
             'view': self._storView,
             'runas': self._storRunas,
@@ -270,6 +278,7 @@ class HttpApi(s_stormtypes.StormType):
             'name': self._gtorName,
             'desc': self._gtorDesc,
             'path': self._gtorPath,
+            'pool': self._gtorPool,
             'view': self._gtorView,
             'runas': self._gtorRunas,
             'owner': self._gtorOwner,
@@ -292,6 +301,13 @@ class HttpApi(s_stormtypes.StormType):
             'created': self.info.get('created'),
         })
 
+    async def stormrepr(self):
+        name = await self._gtorName()
+        if not name:
+            name = '<no name>'
+        path = await self._gtorPath()
+        return f'{self._storm_typename}: {name} ({self.iden}), path={path}'
+
     def getObjLocals(self):
         return {
             'pack': self._methPack,
@@ -299,7 +315,10 @@ class HttpApi(s_stormtypes.StormType):
 
     @s_stormtypes.stormfunc(readonly=True)
     async def _methPack(self):
-        return copy.deepcopy(self.info)
+        # TODO: Remove this when we've migrated the HTTPAPI data to set this value.
+        ret = copy.deepcopy(self.info)
+        ret.setdefault('pool', False)
+        return ret
 
     @s_stormtypes.stormfunc(readonly=True)
     def _ctorMethods(self, path=None):
@@ -316,6 +335,17 @@ class HttpApi(s_stormtypes.StormType):
     async def _gtorPath(self):
         return self.info.get('path')
 
+    async def _storPool(self, pool):
+        s_stormtypes.confirm(('storm', 'lib', 'cortex', 'httpapi', 'set'))
+        pool = await s_stormtypes.tobool(pool)
+        adef = await self.runt.snap.core.modHttpExtApi(self.iden, 'pool', pool)
+        self.info['pool'] = pool
+        self.info['updated'] = adef.get('updated')
+
+    @s_stormtypes.stormfunc(readonly=True)
+    async def _gtorPool(self):
+        return self.info.get('pool')
+
     async def _storName(self, name):
         s_stormtypes.confirm(('storm', 'lib', 'cortex', 'httpapi', 'set'))
         name = await s_stormtypes.tostr(name)
@@ -1055,7 +1085,7 @@ class CortexHttpApi(s_stormtypes.Lib):
                       {'name': 'readonly', 'type': 'boolean',
                        'desc': 'Run the Extended HTTP Storm methods in readonly mode.', 'default': False},
                   ),
-                  'returns': {'type': 'http:api', 'desc': 'A new http:api object.'}}},
+                  'returns': {'type': 'http:api', 'desc': 'A new ``http:api`` object.'}}},
         {'name': 'del', 'desc': 'Delete an Extended HTTP API endpoint.',
          'type': {'type': 'function', '_funcname': 'delHttpApi',
                   'args': (
@@ -1063,16 +1093,29 @@ class CortexHttpApi(s_stormtypes.Lib):
                        'desc': 'The iden of the API to delete.'},
                   ),
                   'returns': {'type': 'null'}}},
-        {'name': 'get', 'desc': 'Get an Extended HTTP API object.',
+        {'name': 'get', 'desc': 'Get an Extended ``http:api`` object.',
          'type': {'type': 'function', '_funcname': 'getHttpApi',
                   'args': (
                       {'name': 'iden', 'type': 'string',
-                       'desc': 'The iden of the API to retreive.'},
+                       'desc': 'The iden of the API to retrieve.'},
+                  ),
+                  'returns': {'type': 'http:api', 'desc': 'The ``http:api`` object.'}}},
+        {'name': 'getByPath', 'desc': '''
+        Get an Extended ``http:api`` object by path.
+
+        Notes:
+            The path argument is evaluated as a regular expression input, and will be
+            used to get the first HTTP API handler whose path value has a match.
+        ''',
+         'type': {'type': 'function', '_funcname': 'getHttpApiByPath',
+                  'args': (
+                      {'name': 'path', 'type': 'string',
+                       'desc': 'Path to use to retrieve an object.'},
                   ),
-                  'returns': {'type': 'http:api', 'desc': 'The http:api object.'}}},
-        {'name': 'list', 'desc': 'Get all the Extneded HTTP APIs on the Cortex',
+                  'returns': {'type': ['http:api', 'null'], 'desc': 'The ``http:api`` object or ``$lib.null`` if there is no match.'}}},
+        {'name': 'list', 'desc': 'Get all the Extended HTTP APIs on the Cortex',
          'type': {'type': 'function', '_funcname': 'listHttpApis', 'args': (),
-                  'returns': {'type': 'list', 'desc': 'A list of http:api objects'}}},
+                 'returns': {'type': 'list', 'desc': 'A list of ``http:api`` objects'}}},
         {'name': 'index', 'desc': 'Set the index for a given Extended HTTP API.',
          'type': {'type': 'function', '_funcname': 'setHttpApiIndx',
                   'args': (
@@ -1111,6 +1154,7 @@ class CortexHttpApi(s_stormtypes.Lib):
             'list': self.listHttpApis,
             'index': self.setHttpApiIndx,
             'response': self.makeHttpResponse,
+            'getByPath': self.getHttpApiByPath,
         }
 
     @s_stormtypes.stormfunc(readonly=True)
@@ -1125,6 +1169,15 @@ class CortexHttpApi(s_stormtypes.Lib):
         adef = await self.runt.snap.core.getHttpExtApi(iden)
         return HttpApi(self.runt, adef)
 
+    @s_stormtypes.stormfunc(readonly=True)
+    async def getHttpApiByPath(self, path):
+        s_stormtypes.confirm(('storm', 'lib', 'cortex', 'httpapi', 'get'))
+        path = await s_stormtypes.tostr(path)
+        adef, _ = await self.runt.snap.core.getHttpExtApiByPath(path)
+        if adef is None:
+            return None
+        return HttpApi(self.runt, adef)
+
     @s_stormtypes.stormfunc(readonly=True)
     async def listHttpApis(self):
         s_stormtypes.confirm(('storm', 'lib', 'cortex', 'httpapi', 'get'))
@@ -1195,6 +1248,11 @@ class StormPoolSetCmd(s_storm.Cmd):
         async for node, path in genr: # pragma: no cover
             yield node, path
 
+        try:
+            s_telepath.chopurl(self.opts.url)
+        except s_exc.BadUrl as e:
+            raise s_exc.BadArg(mesg=f'Unable to set Storm pool URL from url={self.opts.url} : {e.get("mesg")}') from None
+
         opts = {
             'timeout:sync': self.opts.sync_timeout,
             'timeout:connection': self.opts.connection_timeout,
@@ -1206,6 +1264,10 @@ class StormPoolSetCmd(s_storm.Cmd):
 class StormPoolDelCmd(s_storm.Cmd):
     '''
     Remove a Storm query offload mirror pool configuration.
+
+    Notes:
+        This will result in tearing down any Storm queries currently being serviced by the Storm pool.
+        This may result in this command raising an exception if it was offloaded to a pool member. That would be an expected behavior.
     '''
     name = 'cortex.storm.pool.del'
 

synapse/lib/stormlib/spooled.py

@@ -0,0 +1,109 @@
+import synapse.exc as s_exc
+import synapse.lib.msgpack as s_msgpack
+import synapse.lib.spooled as s_spooled
+import synapse.lib.stormtypes as s_stormtypes
+
+@s_stormtypes.registry.registerLib
+class LibSpooled(s_stormtypes.Lib):
+    '''
+    A Storm Library for interacting with Spooled Objects.
+    '''
+    _storm_locals = (
+        {'name': 'set', 'desc': '''
+            Get a Spooled Storm Set object.
+
+            A Spooled Storm Set object is memory-safe to grow to extraordinarily large sizes,
+            as it will fallback to file backed storage, with two restrictions. First
+            is that all items in the set can be serialized to a file if the set grows too large,
+            so all items added must be a serializable Storm primitive. Second is that when an
+            item is added to the Set, because it could be immediately written disk,
+            do not hold any references to it outside of the Set itself, as the two objects could
+            differ.
+            ''',
+         'type': {'type': 'function', '_funcname': '_methSet',
+                  'args': (
+                      {'name': '*vals', 'type': 'any', 'desc': 'Initial values to place in the set.', },
+                  ),
+                  'returns': {'type': 'set', 'desc': 'The new set.'}}},
+    )
+    _storm_lib_path = ('spooled',)
+
+    def getObjLocals(self):
+        return {
+            'set': self._methSet,
+        }
+
+    @s_stormtypes.stormfunc(readonly=True)
+    async def _methSet(self, *vals):
+        core = self.runt.snap.core
+        spool = await s_spooled.Set.anit(dirn=core.dirn, cell=core, size=1000)
+
+        valu = list(vals)
+        for item in valu:
+            if s_stormtypes.ismutable(item):
+                mesg = f'{await s_stormtypes.torepr(item)} is mutable and cannot be used in a set.'
+                raise s_exc.StormRuntimeError(mesg=mesg)
+
+            if not s_msgpack.isok(item):
+                mesg = f'{await s_stormtypes.torepr(item)} is not safe to be used in a SpooledSet.'
+                raise s_exc.StormRuntimeError(mesg=mesg)
+
+            await spool.add(item)
+
+        return SpooledSet(spool)
+
+@s_stormtypes.registry.registerType
+class SpooledSet(s_stormtypes.Set):
+    '''
+    A StormLib API instance of a Storm Set object that can fallback to lmdb.
+    '''
+    _storm_typename = 'spooled:set'
+    _ismutable = True
+
+    def __init__(self, valu, path=None):
+
+        s_stormtypes.Prim.__init__(self, valu, path=path)
+        self.locls.update(self.getObjLocals())
+
+    async def iter(self):
+        async for item in self.valu:
+            yield item
+
+    @s_stormtypes.stormfunc(readonly=True)
+    async def _methSetAdd(self, *items):
+        for i in items:
+            if s_stormtypes.ismutable(i):
+                mesg = f'{await s_stormtypes.torepr(i)} is mutable and cannot be used in a set.'
+                raise s_exc.StormRuntimeError(mesg=mesg)
+
+            if not s_msgpack.isok(i):
+                mesg = f'{await s_stormtypes.torepr(i)} is not safe to be used in a SpooledSet.'
+                raise s_exc.StormRuntimeError(mesg=mesg)
+
+            await self.valu.add(i)
+
+    @s_stormtypes.stormfunc(readonly=True)
+    async def _methSetAdds(self, *items):
+        for item in items:
+            async for i in s_stormtypes.toiter(item):
+                if s_stormtypes.ismutable(i):
+                    mesg = f'{await s_stormtypes.torepr(i)} is mutable and cannot be used in a set.'
+                    raise s_exc.StormRuntimeError(mesg=mesg)
+
+                if not s_msgpack.isok(i):
+                    mesg = f'{await s_stormtypes.torepr(i)} is not safe to be used in a SpooledSet.'
+                    raise s_exc.StormRuntimeError(mesg=mesg)
+
+                await self.valu.add(i)
+
+    @s_stormtypes.stormfunc(readonly=True)
+    async def _methSetList(self):
+        return [x async for x in self.valu]
+
+    async def stormrepr(self):
+        reprs = [await s_stormtypes.torepr(k) async for k in self.valu]
+        rval = ', '.join(reprs)
+        return f'{{{rval}}}'
+
+    async def value(self):
+        return set([x async for x in self.valu])

synapse/lib/stormtypes.py

@@ -36,7 +36,6 @@ import synapse.lib.trigger as s_trigger
 import synapse.lib.urlhelp as s_urlhelp
 import synapse.lib.version as s_version
 import synapse.lib.stormctrl as s_stormctrl
-import synapse.lib.provenance as s_provenance
 
 logger = logging.getLogger(__name__)
 
@@ -907,6 +906,18 @@ class LibService(Lib):
                   'returns': {'type': 'boolean', 'desc': 'Returns true if the service is available, false on a '
                                                          'timeout waiting for the service to be ready.', }}},
     )
+    _storm_lib_perms = (
+        {'perm': ('service', 'add'), 'gate': 'cortex',
+            'desc': 'Controls the ability to add a Storm Service to the Cortex.'},
+        {'perm': ('service', 'del'), 'gate': 'cortex',
+            'desc': 'Controls the ability to delete a Storm Service from the Cortex'},
+        {'perm': ('service', 'get'), 'gate': 'cortex',
+            'desc': 'Controls the ability to get the Service object for any Storm Service.'},
+        {'perm': ('service', 'get', '<iden>'), 'gate': 'cortex',
+            'desc': 'Controls the ability to get the Service object for a Storm Service by iden.'},
+        {'perm': ('service', 'list'), 'gate': 'cortex',
+         'desc': 'Controls the ability to list all available Storm Services and their service definitions.'},
+    )
     _storm_lib_path = ('service',)
 
     def getObjLocals(self):
@@ -931,6 +942,7 @@ class LibService(Lib):
             except s_exc.AuthDeny:
                 raise e from None
             else:
+                # TODO: Remove support for this permission in 3.0.0
                 mesg = 'Use of service.get.<servicename> permissions are deprecated.'
                 await self.runt.warnonce(mesg, svcname=ssvc.name, svciden=ssvc.iden)
 
@@ -3425,13 +3437,14 @@ class LibFeed(Lib):
         data = await toprim(data)
 
         self.runt.layerConfirm(('feed:data', *name.split('.')))
-        with s_provenance.claim('feed:data', name=name):
-            #  small work around for the feed API consistency
-            if name == 'syn.nodes':
-                async for node in self.runt.snap.addNodes(data):
-                    yield node
-                return
-            await self.runt.snap.addFeedData(name, data)
+
+        #  small work around for the feed API consistency
+        if name == 'syn.nodes':
+            async for node in self.runt.snap.addNodes(data):
+                yield node
+            return
+
+        await self.runt.snap.addFeedData(name, data)
 
     @stormfunc(readonly=True)
     async def _libList(self):
@@ -3443,11 +3456,12 @@ class LibFeed(Lib):
         data = await toprim(data)
 
         self.runt.layerConfirm(('feed:data', *name.split('.')))
-        with s_provenance.claim('feed:data', name=name):
-            strict = self.runt.snap.strict
-            self.runt.snap.strict = False
-            await self.runt.snap.addFeedData(name, data)
-            self.runt.snap.strict = strict
+
+        # TODO this should be a reentrent safe with block
+        strict = self.runt.snap.strict
+        self.runt.snap.strict = False
+        await self.runt.snap.addFeedData(name, data)
+        self.runt.snap.strict = strict
 
 @registry.registerLib
 class LibPipe(Lib):
@@ -7486,7 +7500,7 @@ class View(Prim):
 
         {'name': 'getPropArrayCount',
          'desc': '''
-            Get the number of invidivual array property values in the View for the given array property name.
+            Get the number of individual array property values in the View for the given array property name.
 
             Notes:
                This is a fast approximate count calculated by summing the number of
@@ -7580,6 +7594,10 @@ class View(Prim):
                   'args': (),
                   'returns': {'name': 'Yields', 'type': 'dict',
                               'desc': 'Yields previously successful merges into the view.'}}},
+        {'name': 'getMergingViews', 'desc': 'Get a list of idens of Views that have open merge requests to this View.',
+         'type': {'type': 'function', '_funcname': 'getMergingViews',
+                  'args': (),
+                  'returns': {'name': 'idens', 'type': 'list', 'desc': 'The list of View idens that have an open merge request into this View.'}}},
         {'name': 'setMergeVoteComment', 'desc': 'Set the comment associated with your vote on a merge request.',
          'type': {'type': 'function', '_funcname': 'setMergeVoteComment',
                   'args': ({'name': 'comment', 'type': 'str', 'desc': 'The text comment to set for the merge vote'},),
@@ -7634,6 +7652,7 @@ class View(Prim):
             'delMergeRequest': self.delMergeRequest,
             'setMergeRequest': self.setMergeRequest,
             'setMergeComment': self.setMergeComment,
+            'getMergingViews': self.getMergingViews,
         }
 
     async def addNode(self, form, valu, props=None):
@@ -7951,6 +7970,12 @@ class View(Prim):
 
         return await view.setMergeComment((await tostr(comment)))
 
+    async def getMergingViews(self):
+        view = self._reqView()
+        self.runt.confirm(('view', 'read'), gateiden=view.iden)
+
+        return await view.getMergingViews()
+
     async def setMergeVote(self, approved=True, comment=None):
         view = self._reqView()
         quorum = view.reqParentQuorum()
@@ -8664,7 +8689,7 @@ class LibCron(Lib):
                   'returns': {'type': 'str', 'desc': 'The iden of the CronJob which was moved.'}}},
         {'name': 'list', 'desc': 'List CronJobs in the Cortex.',
          'type': {'type': 'function', '_funcname': '_methCronList',
-                  'returns': {'type': 'list', 'desc': 'A list of ``cronjob`` objects..', }}},
+                  'returns': {'type': 'list', 'desc': 'A list of ``cronjob`` objects.', }}},
         {'name': 'enable', 'desc': 'Enable a CronJob in the Cortex.',
          'type': {'type': 'function', '_funcname': '_methCronEnable',
                   'args': (
@@ -8855,6 +8880,7 @@ class LibCron(Lib):
         incunit = None
         incval = None
         reqdict = {}
+        pool = await tobool(kwargs.get('pool', False))
         valinfo = {  # unit: (minval, next largest unit)
             'month': (1, 'year'),
             'dayofmonth': (1, 'month'),
@@ -8960,6 +8986,7 @@ class LibCron(Lib):
 
         cdef = {'storm': query,
                 'reqs': reqdict,
+                'pool': pool,
                 'incunit': incunit,
                 'incvals': incval,
                 'creator': self.runt.user.iden
@@ -9208,6 +9235,7 @@ class CronJob(Prim):
             'view': view,
             'viewshort': view[:8] + '..',
             'query': self.valu.get('query') or '<missing>',
+            'pool': self.valu.get('pool', False),
             'isrecur': 'Y' if self.valu.get('recur') else 'N',
             'isrunning': 'Y' if self.valu.get('isrunning') else 'N',
             'enabled': 'Y' if self.valu.get('enabled', True) else 'N',

synapse/lib/trigger.py

@@ -11,7 +11,6 @@ import synapse.lib.chop as s_chop
 import synapse.lib.cache as s_cache
 import synapse.lib.config as s_config
 import synapse.lib.grammar as s_grammar
-import synapse.lib.provenance as s_provenance
 
 logger = logging.getLogger(__name__)
 
@@ -546,20 +545,19 @@ class Trigger:
 
         self.startcount += 1
 
-        with s_provenance.claim('trig', cond=cond, form=form, tag=tag, prop=prop):
-            try:
-                async with self.view.core.getStormRuntime(query, opts=opts) as runt:
+        try:
+            async with self.view.core.getStormRuntime(query, opts=opts) as runt:
 
-                    runt.addInput(node)
-                    await s_common.aspin(runt.execute())
+                runt.addInput(node)
+                await s_common.aspin(runt.execute())
 
-            except (asyncio.CancelledError, s_exc.RecursionLimitHit):
-                raise
+        except (asyncio.CancelledError, s_exc.RecursionLimitHit):
+            raise
 
-            except Exception as e:
-                self.errcount += 1
-                self.lasterrs.append(str(e))
-                logger.exception('Trigger encountered exception running storm query %s', storm)
+        except Exception as e:
+            self.errcount += 1
+            self.lasterrs.append(str(e))
+            logger.exception('Trigger encountered exception running storm query %s', storm)
 
     def pack(self):
         tdef = self.tdef.copy()

synapse/lib/types.py

@@ -1850,7 +1850,7 @@ class Tag(Str):
             mesg = f'Tag does not match tagre: [{s_grammar.tagre.pattern}]'
             raise s_exc.BadTypeValu(valu=norm, name=self.name, mesg=mesg)
 
-        return norm, {'subs': subs}
+        return norm, {'subs': subs, 'toks': toks}
 
     def _normPyStr(self, text):
         toks = text.strip('#').split('.')

synapse/lib/version.py

@@ -223,6 +223,6 @@ def reqVersion(valu, reqver,
 ##############################################################################
 # The following are touched during the release process by bumpversion.
 # Do not modify these directly.
-version = (2, 165, 0)
+version = (2, 166, 0)
 verstring = '.'.join([str(x) for x in version])
-commit = 'bdf3f6320106318fe52f1803e969090d950e0fdf'
+commit = '09f8a7b3ad1f2ed5949e7d1a9dc7d17161fab932'

synapse/lib/view.py

@@ -167,6 +167,18 @@ class View(s_nexus.Pusher):  # type: ignore
         if byts is not None:
             return s_msgpack.un(byts)
 
+    async def getMergingViews(self):
+        if self.info.get('quorum') is None:
+            mesg = f'View ({self.iden}) does not require quorum voting.'
+            raise s_exc.BadState(mesg=mesg)
+
+        idens = []
+        for view in list(self.core.views.values()):
+            await asyncio.sleep(0)
+            if view.parent == self and view.getMergeRequest() is not None:
+                idens.append(view.iden)
+        return idens
+
     async def setMergeRequest(self, mergeinfo):
         self.reqParentQuorum()
         mergeinfo['iden'] = s_common.guid()

synapse/models/inet.py

@@ -1304,8 +1304,8 @@ class InetModule(s_module.CoreModule):
                     }),
 
                     ('inet:ssl:cert', ('comp', {'fields': (('server', 'inet:server'), ('file', 'file:bytes'))}), {
-                        'doc': 'An SSL certificate file served by a server.',
-                        'ex': '(1.2.3.4:443, guid:d41d8cd98f00b204e9800998ecf8427e)',
+                        'deprecated': True,
+                        'doc': 'Deprecated. Please use inet:tls:servercert or inet:tls:clientcert',
                     }),
 
                     ('inet:port', ('int', {'min': 0, 'max': 0xffff}), {
@@ -1489,6 +1489,24 @@ class InetModule(s_module.CoreModule):
                     ('inet:ssl:jarmsample', ('comp', {'fields': (('server', 'inet:server'), ('jarmhash', 'inet:ssl:jarmhash'))}), {
                         'doc': 'A JARM hash sample taken from a server.'}),
 
+                    ('inet:tls:handshake', ('guid', {}), {
+                        'doc': 'An instance of a TLS handshake between a server and client.'}),
+
+                    ('inet:tls:ja3s:sample', ('comp', {'fields': (('server', 'inet:server'), ('ja3s', 'hash:md5'))}), {
+                        'doc': 'A JA3 sample taken from a server.'}),
+
+                    ('inet:tls:ja3:sample', ('comp', {'fields': (('client', 'inet:client'), ('ja3', 'hash:md5'))}), {
+                        'doc': 'A JA3 sample taken from a client.'}),
+
+                    ('inet:tls:servercert', ('comp', {'fields': (('server', 'inet:server'), ('cert', 'crypto:x509:cert'))}), {
+                        'doc': 'An x509 certificate sent by a server for TLS.',
+                        'ex': '(1.2.3.4:443, c7437790af01ae1bb2f8f3b684c70bf8)',
+                    }),
+
+                    ('inet:tls:clientcert', ('comp', {'fields': (('client', 'inet:client'), ('cert', 'crypto:x509:cert'))}), {
+                        'doc': 'An x509 certificate sent by a client for TLS.',
+                        'ex': '(1.2.3.4:443, 3fdf364e081c14997b291852d1f23868)',
+                    }),
                 ),
 
                 'interfaces': (
@@ -3234,6 +3252,60 @@ class InetModule(s_module.CoreModule):
                             'doc': 'The server that was sampled to compute the JARM hash.'}),
                     )),
 
+                    ('inet:tls:handshake', {}, (
+                        ('time', ('time', {}), {
+                            'doc': 'The time the handshake was initiated.'}),
+                        ('flow', ('inet:flow', {}), {
+                            'doc': 'The raw inet:flow associated with the handshake.'}),
+                        ('server', ('inet:server', {}), {
+                            'doc': 'The TLS server during the handshake.'}),
+                        ('server:cert', ('crypto:x509:cert', {}), {
+                            'doc': 'The x509 certificate sent by the server during the handshake.'}),
+                        ('server:fingerprint:ja3', ('hash:md5', {}), {
+                            'doc': 'The JA3S finger of the server.'}),
+                        ('client', ('inet:client', {}), {
+                            'doc': 'The TLS client during the handshake.'}),
+                        ('client:cert', ('crypto:x509:cert', {}), {
+                            'doc': 'The x509 certificate sent by the client during the handshake.'}),
+                        ('client:fingerprint:ja3', ('hash:md5', {}), {
+                            'doc': 'The JA3 fingerprint of the client.'}),
+                    )),
+
+                    ('inet:tls:ja3s:sample', {}, (
+                        ('server', ('inet:server', {}), {
+                            'ro': True,
+                            'doc': 'The server that was sampled to produce the JA3S hash.'}),
+                        ('ja3s', ('hash:md5', {}), {
+                            'ro': True,
+                            'doc': "The JA3S hash computed from the server's TLS hello packet."})
+                    )),
+
+                    ('inet:tls:ja3:sample', {}, (
+                        ('client', ('inet:client', {}), {
+                            'ro': True,
+                            'doc': 'The client that was sampled to produce the JA3 hash.'}),
+                        ('ja3', ('hash:md5', {}), {
+                            'ro': True,
+                            'doc': "The JA3 hash computed from the client's TLS hello packet."})
+                    )),
+
+                    ('inet:tls:servercert', {}, (
+                        ('server', ('inet:server', {}), {
+                            'ro': True,
+                            'doc': 'The server associated with the x509 certificate.'}),
+                        ('cert', ('crypto:x509:cert', {}), {
+                            'ro': True,
+                            'doc': 'The x509 certificate sent by the server.'})
+                    )),
+
+                    ('inet:tls:clientcert', {}, (
+                        ('client', ('inet:client', {}), {
+                            'ro': True,
+                            'doc': 'The client associated with the x509 certificate.'}),
+                        ('cert', ('crypto:x509:cert', {}), {
+                            'ro': True,
+                            'doc': 'The x509 certificate sent by the client.'})
+                    )),
                 ),
             }),
         )