From ec9e6b8d486d2bffd7c6c7cea2b657b021f1e3df Mon Sep 17 00:00:00 2001
From: "Juan C. Montes" <33036804+juancmontes@users.noreply.github.com>
Date: Fri, 23 Feb 2018 09:48:20 +0100
Subject: [PATCH 1/3] Use Modules Controller

Documentation to use the new feature to can call misp-modules from API.
---
 automation/README.md | 116 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 116 insertions(+)

diff --git a/automation/README.md b/automation/README.md
index 170b901..2a0813c 100644
--- a/automation/README.md
+++ b/automation/README.md
@@ -1978,6 +1978,122 @@ An example output of https://<misp url>/users/statistics.json:
 }
 ~~~~
 
+# MISP modules
+## Description
+It is possible call misp-modules directly from API.
+If the module needs credentials, API will get the information directly from MISP configuration.
 
+### GET /modules/
+Retrieve a list of all modules enabled.
 
+#### Example 
+~~~bash
+curl --header "Authorization: <APIKEY> " --header "Accept: application/json" --header "Content-Type: application/json" -X GET http://<MISP>/modules/
+~~~
+
+#### Output
+~~~json
+[
+  {
+    "name": "passivetotal",
+    "type": "expansion",
+    "mispattributes": {
+      "input": [
+        "hostname",
+        "domain",
+        "ip-src",
+        "ip-dst"
+      ],
+      "output": [
+        "ip-src",
+        "ip-dst",
+        "hostname",
+        "domain"
+      ]
+    },
+    "meta": {
+      "description": "PassiveTotal expansion service to expand values with multiple Passive DNS sources",
+      "config": [
+        "username",
+        "password"
+      ],
+      "author": "Alexandre Dulaunoy",
+      "version": "0.1"
+    }
+  },
+  {
+    "name": "sourcecache",
+    "type": "expansion",
+    "mispattributes": {
+      "input": [
+        "link"
+      ],
+      "output": [
+        "link"
+      ]
+    },
+    "meta": {
+      "description": "Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.",
+      "author": "Alexandre Dulaunoy",
+      "version": "0.1"
+    }
+  },
+  {
+    "name": "dns",
+    "type": "expansion",
+    "mispattributes": {
+      "input": [
+        "hostname",
+        "domain"
+      ],
+      "output": [
+        "ip-src",
+        "ip-dst"
+      ]
+    },
+    "meta": {
+      "description": "Simple DNS expansion service to resolve IP address from MISP attributes",
+      "author": "Alexandre Dulaunoy",
+      "version": "0.1"
+    }
+  }
+]
+~~~
+
+### POST /modules/query
+Call any enabled module.
+
+#### Example
+
+Content of dns.json
+~~~json
+{
+  "hostname": "www.foo.be",
+  "module": "dns"
+}
+~~~
+
+Query using MISP API
+
+~~~bash
+curl --header "Authorization: <APIKEY> " --header "Accept: application/json" --header "Content-Type: application/json" --data @dns.json -X POST http://<MISP>/modules/query
+~~~
+
+The output will be following JSON:
+
+~~~json
+{
+  "results": [
+    {
+      "types": [
+        "ip-src",
+        "ip-dst"
+      ],
+      "values": [
+        "188.65.217.78"
+      ]
+    }
+  ]
+}
+~~~
 

From 2cb4f2bb51f1945e36d75f5ee87e402101034579 Mon Sep 17 00:00:00 2001
From: "Juan C. Montes" <33036804+juancmontes@users.noreply.github.com>
Date: Fri, 23 Feb 2018 09:50:56 +0100
Subject: [PATCH 2/3] Use new Modules Controller

Documentation to use the new feature to can call misp-modules from API.
---
 automation/README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/automation/README.md b/automation/README.md
index 2a0813c..ce59664 100644
--- a/automation/README.md
+++ b/automation/README.md
@@ -27,7 +27,6 @@ The authorization is performed by using the following header:
 ~~~~
 Authorization: YOUR API KEY
 ~~~~
-
 ### Accept and Content-Type headers
 
 When performing your request, depending on the type of request, you might need to explicitly specify in what content type you want to get your results. This is done by setting one of the below Accept headers:

From df9b4f7f75a19d00dec9c6f8023e5a29696cda2e Mon Sep 17 00:00:00 2001
From: "Juan C. Montes" <33036804+juancmontes@users.noreply.github.com>
Date: Fri, 23 Feb 2018 10:10:58 +0100
Subject: [PATCH 3/3] Use new Modules Controller

---
 automation/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/automation/README.md b/automation/README.md
index ce59664..25cd36a 100644
--- a/automation/README.md
+++ b/automation/README.md
@@ -2059,7 +2059,7 @@ curl --header "Authorization: <APIKEY> " --header "Accept: application/json" --h
 ]
 ~~~
 
-### POST /modules/query
+### POST /modules/queryEnrichment
 Call any enabled module.
 
 #### Example
@@ -2075,7 +2075,7 @@ Content of dns.json
 Query using MISP API
 
 ~~~bash
-curl --header "Authorization: <APIKEY> " --header "Accept: application/json" --header "Content-Type: application/json" --data @dns.json -X POST http://<MISP>/modules/query
+curl --header "Authorization: <APIKEY> " --header "Accept: application/json" --header "Content-Type: application/json" --data @dns.json -X POST http://<MISP>/modules/queryEnrichment
 ~~~
 
 The output will be following JSON: