search

matanolabs / matano

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
https://matano.dev
Apache License 2.0
1.44k stars 97 forks source link

Snyk API calls using bad URL formatting and GET instead of POST #107

Closed timoguin closed 1 year ago

timoguin commented 1 year ago

Overview

I encountered two main issues with testing the Snyk log pullers:

Details

Bad string formatting

The Snyk audit log puller is calling badly formatted URLs and swallowing errors.

Example URL that was being used:

https://api.snyk.io/api/v1/group/2023-01-22/audit?from=2023-02-20&to=SYNK-GROUP-ID-IS-HERE&page=1&sortOrder=ASC

(Notice the transposition of the group ID and the to query string arg.)

GET instead of POST requests

All the API calls are using GET requests instead of the required POST requests. The POST requests also require a JSON body for easy requests, to allow passing filters. Even if you want no filters, the API expects you to pass an empty JSON body, or it will fail.