add: Started filling some expansion modules documentation

4 years ago · 07a4faf67a
parent 8817de4765
commit 07a4faf67a
9 changed files with 37 additions and 7 deletions
--- a/doc/expansion/asn_history.json
+++ b/doc/expansion/asn_history.json
@ -1,4 +1,8 @@
 {
    "description": "Query an ASN description history service (https://github.com/CIRCL/ASN-Description-History.git).",
-    "requirements": ["asnhistory"]
+    "requirements": ["asnhistory python library"],
+    "features": "The module takes an AS number attribute as input and displays its description and history.\n\nFor a proper working, a communication with a redis database is needed, thus 3 parameters are needed:\n- host, the address of the redis server\n- port, the port used by redis\n- db, the index of the database used\n",
+    "references": ["https://github.com/CIRCL/ASN-Description-History.git"],
+    "input": "Autonomous system number.",
+    "output": "Text containing a description of the ASN and its history."
 }
--- a/doc/expansion/btc.json
+++ b/doc/expansion/btc.json
@ -1,3 +1,6 @@
 {
-    "description": "An expansion hover module to get a blockchain balance from a BTC address in MISP."
+    "description": "An expansion hover module to get a blockchain balance from a BTC address in MISP.",
+    "logo": "logos/bitcoin.png",
+    "input": "btc address attribute.",
+    "output": "Text to describe the blockchain balance and the transactions related to the btc address in input."
 }
--- a/doc/expansion/circl_passivedns.json
+++ b/doc/expansion/circl_passivedns.json
@ -1,4 +1,9 @@
 {
    "description": "Module to access CIRCL Passive DNS.",
-    "logo": "logos/passivedns.png"
+    "logo": "logos/passivedns.png",
+    "requirements": ["pypdns: Passive DNS python library", "A CIRCL passive DNS account with username & password"],
+    "input": "Hostname, domain, or ip-address attribute.",
+    "ouput": "Text describing passive DNS information related to the input attribute.",
+    "features": "This module takes a hostname, domain or ip-address (ip-src or ip-dst) attribute as input, and queries the CIRCL Passive DNS REST API to get and display information about this input.\n\nTo make it work a username and a password are thus required to authenticate to the CIRCL Passive DNS API.",
+    "references": ["https://www.circl.lu/services/passive-dns/", "https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/"]
 }
--- a/doc/expansion/circl_passivessl.json
+++ b/doc/expansion/circl_passivessl.json
@ -1,4 +1,9 @@
 {
    "description": "Modules to access CIRCL Passive SSL.",
-    "logo": "logos/passivessl.png"
+    "logo": "logos/passivessl.png",
+    "requirements": ["pypssl: Passive SSL python library", "A CIRCL passive SSL account with username & password"],
+    "input": "Ip-address attribute.",
+    "output": "Text describing passive SSL information related to the input attribute.",
+    "features": "This module takes an ip-address (ip-src or ip-dst) attribute as input, and queries the CIRCL Passive SSL REST API to get and display information about this input.\n\nTo make it work a username and a password are thus required to authenticate to the CIRCL Passive SSL API.",
+    "references": ["https://www.circl.lu/services/passive-ssl/"]
 }
--- a/doc/expansion/countrycode.json
+++ b/doc/expansion/countrycode.json
@ -1,3 +1,6 @@
 {
-    "description": "Module to expand country codes."
+    "description": "Module to expand country codes.",
+    "input": "Hostname or domain attribute.",
+    "output": "Text with the country code the input belongs to.",
+    "features": "The module takes a domain or a hostname as input, and returns the country it belongs to.\n\nFor non country domains, a list of the most common possible extensions is used."
 }
--- a/doc/expansion/crowdstrike_falcon.json
+++ b/doc/expansion/crowdstrike_falcon.json
@ -1,4 +1,9 @@
 {
    "description": "Module to query Crowdstrike Falcon.",
-    "logo": "logos/crowdstrike.png"
+    "logo": "logos/crowdstrike.png",
+    "requirements": ["A CrowdStrike API access (API id & key)"],
+    "input": "A MISP attribute included in the following list:\n- domain\n- email-attachment\n- email-dst\n- email-reply-to\n- email-src\n- email-subject\n- filename\n- hostname\n- ip-src\n- ip-dst\n- md5\n- mutex\n- regkey\n- sha1\n- sha256\n- uri\n- url\n- user-agent\n- whois-registrant-email\n- x509-fingerprint-md5",
+    "output": "MISP attributes fetched after the CrowdStrike API has been queried, included in the following list:\n- hostname\n- email-src\n- email-subject\n- filename\n- md5\n- sha1\n- sha256\n- ip-dst\n- ip-dst\n- mutex\n- regkey\n- url\n- user-agent\n- x509-fingerprint-md5",
+    "references": ["https://www.crowdstrike.com/products/crowdstrike-falcon-faq/"],
+    "features": "This module takes a MISP attribute as input to query a CrowdStrike Falcon API, using an api_id and an apikey.\n\nThe API returns then the result of the query with some types we map into compatible types we add as MISP attributes."
 }
--- a/doc/expansion/cve.json
+++ b/doc/expansion/cve.json
@ -1,3 +1,8 @@
 {
-    "description": "An expansion hover module to expand information about CVE id."
+    "description": "An expansion hover module to expand information about CVE id.",
+    "logo": "logos/cve.png",
+    "input": "Vulnerability attribute.",
+    "output": "Text giving information about the CVE related to the Vulnerability.",
+    "references": ["https://cve.circl.lu/", "https://cve.mitre.org/"],
+    "features": "The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to get information about the vulnerability as it is described in the list of CVEs."
 }
--- a/doc/logos/bitcoin.png
+++ b/doc/logos/bitcoin.png
--- a/doc/logos/cve.png
+++ b/doc/logos/cve.png