add: Started filling some expansion modules documentation

pipenv
chrisr3d 4 years ago
parent 8817de4765
commit 07a4faf67a
  1. 6
      doc/expansion/asn_history.json
  2. 5
      doc/expansion/btc.json
  3. 7
      doc/expansion/circl_passivedns.json
  4. 7
      doc/expansion/circl_passivessl.json
  5. 5
      doc/expansion/countrycode.json
  6. 7
      doc/expansion/crowdstrike_falcon.json
  7. 7
      doc/expansion/cve.json
  8. BIN
      doc/logos/bitcoin.png
  9. BIN
      doc/logos/cve.png

@ -1,4 +1,8 @@
{
"description": "Query an ASN description history service (https://github.com/CIRCL/ASN-Description-History.git).",
"requirements": ["asnhistory"]
"requirements": ["asnhistory python library"],
"features": "The module takes an AS number attribute as input and displays its description and history.\n\nFor a proper working, a communication with a redis database is needed, thus 3 parameters are needed:\n- host, the address of the redis server\n- port, the port used by redis\n- db, the index of the database used\n",
"references": ["https://github.com/CIRCL/ASN-Description-History.git"],
"input": "Autonomous system number.",
"output": "Text containing a description of the ASN and its history."
}

@ -1,3 +1,6 @@
{
"description": "An expansion hover module to get a blockchain balance from a BTC address in MISP."
"description": "An expansion hover module to get a blockchain balance from a BTC address in MISP.",
"logo": "logos/bitcoin.png",
"input": "btc address attribute.",
"output": "Text to describe the blockchain balance and the transactions related to the btc address in input."
}

@ -1,4 +1,9 @@
{
"description": "Module to access CIRCL Passive DNS.",
"logo": "logos/passivedns.png"
"logo": "logos/passivedns.png",
"requirements": ["pypdns: Passive DNS python library", "A CIRCL passive DNS account with username & password"],
"input": "Hostname, domain, or ip-address attribute.",
"ouput": "Text describing passive DNS information related to the input attribute.",
"features": "This module takes a hostname, domain or ip-address (ip-src or ip-dst) attribute as input, and queries the CIRCL Passive DNS REST API to get and display information about this input.\n\nTo make it work a username and a password are thus required to authenticate to the CIRCL Passive DNS API.",
"references": ["https://www.circl.lu/services/passive-dns/", "https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/"]
}

@ -1,4 +1,9 @@
{
"description": "Modules to access CIRCL Passive SSL.",
"logo": "logos/passivessl.png"
"logo": "logos/passivessl.png",
"requirements": ["pypssl: Passive SSL python library", "A CIRCL passive SSL account with username & password"],
"input": "Ip-address attribute.",
"output": "Text describing passive SSL information related to the input attribute.",
"features": "This module takes an ip-address (ip-src or ip-dst) attribute as input, and queries the CIRCL Passive SSL REST API to get and display information about this input.\n\nTo make it work a username and a password are thus required to authenticate to the CIRCL Passive SSL API.",
"references": ["https://www.circl.lu/services/passive-ssl/"]
}

@ -1,3 +1,6 @@
{
"description": "Module to expand country codes."
"description": "Module to expand country codes.",
"input": "Hostname or domain attribute.",
"output": "Text with the country code the input belongs to.",
"features": "The module takes a domain or a hostname as input, and returns the country it belongs to.\n\nFor non country domains, a list of the most common possible extensions is used."
}

@ -1,4 +1,9 @@
{
"description": "Module to query Crowdstrike Falcon.",
"logo": "logos/crowdstrike.png"
"logo": "logos/crowdstrike.png",
"requirements": ["A CrowdStrike API access (API id & key)"],
"input": "A MISP attribute included in the following list:\n- domain\n- email-attachment\n- email-dst\n- email-reply-to\n- email-src\n- email-subject\n- filename\n- hostname\n- ip-src\n- ip-dst\n- md5\n- mutex\n- regkey\n- sha1\n- sha256\n- uri\n- url\n- user-agent\n- whois-registrant-email\n- x509-fingerprint-md5",
"output": "MISP attributes fetched after the CrowdStrike API has been queried, included in the following list:\n- hostname\n- email-src\n- email-subject\n- filename\n- md5\n- sha1\n- sha256\n- ip-dst\n- ip-dst\n- mutex\n- regkey\n- url\n- user-agent\n- x509-fingerprint-md5",
"references": ["https://www.crowdstrike.com/products/crowdstrike-falcon-faq/"],
"features": "This module takes a MISP attribute as input to query a CrowdStrike Falcon API, using an api_id and an apikey.\n\nThe API returns then the result of the query with some types we map into compatible types we add as MISP attributes."
}

@ -1,3 +1,8 @@
{
"description": "An expansion hover module to expand information about CVE id."
"description": "An expansion hover module to expand information about CVE id.",
"logo": "logos/cve.png",
"input": "Vulnerability attribute.",
"output": "Text giving information about the CVE related to the Vulnerability.",
"references": ["https://cve.circl.lu/", "https://cve.mitre.org/"],
"features": "The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to get information about the vulnerability as it is described in the list of CVEs."
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.7 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 20 KiB

Loading…
Cancel
Save