diff --git a/doc/expansion/asn_history.json b/doc/expansion/asn_history.json index 936feba..b3eea26 100644 --- a/doc/expansion/asn_history.json +++ b/doc/expansion/asn_history.json @@ -1,4 +1,8 @@ { "description": "Query an ASN description history service (https://github.com/CIRCL/ASN-Description-History.git).", - "requirements": ["asnhistory"] + "requirements": ["asnhistory python library"], + "features": "The module takes an AS number attribute as input and displays its description and history.\n\nFor a proper working, a communication with a redis database is needed, thus 3 parameters are needed:\n- host, the address of the redis server\n- port, the port used by redis\n- db, the index of the database used\n", + "references": ["https://github.com/CIRCL/ASN-Description-History.git"], + "input": "Autonomous system number.", + "output": "Text containing a description of the ASN and its history." } diff --git a/doc/expansion/btc.json b/doc/expansion/btc.json index 3aeceab..fd264d8 100644 --- a/doc/expansion/btc.json +++ b/doc/expansion/btc.json @@ -1,3 +1,6 @@ { - "description": "An expansion hover module to get a blockchain balance from a BTC address in MISP." + "description": "An expansion hover module to get a blockchain balance from a BTC address in MISP.", + "logo": "logos/bitcoin.png", + "input": "btc address attribute.", + "output": "Text to describe the blockchain balance and the transactions related to the btc address in input." } diff --git a/doc/expansion/circl_passivedns.json b/doc/expansion/circl_passivedns.json index 664ca77..fda50eb 100644 --- a/doc/expansion/circl_passivedns.json +++ b/doc/expansion/circl_passivedns.json @@ -1,4 +1,9 @@ { "description": "Module to access CIRCL Passive DNS.", - "logo": "logos/passivedns.png" + "logo": "logos/passivedns.png", + "requirements": ["pypdns: Passive DNS python library", "A CIRCL passive DNS account with username & password"], + "input": "Hostname, domain, or ip-address attribute.", + "ouput": "Text describing passive DNS information related to the input attribute.", + "features": "This module takes a hostname, domain or ip-address (ip-src or ip-dst) attribute as input, and queries the CIRCL Passive DNS REST API to get and display information about this input.\n\nTo make it work a username and a password are thus required to authenticate to the CIRCL Passive DNS API.", + "references": ["https://www.circl.lu/services/passive-dns/", "https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/"] } diff --git a/doc/expansion/circl_passivessl.json b/doc/expansion/circl_passivessl.json index 2015b59..ec449ee 100644 --- a/doc/expansion/circl_passivessl.json +++ b/doc/expansion/circl_passivessl.json @@ -1,4 +1,9 @@ { "description": "Modules to access CIRCL Passive SSL.", - "logo": "logos/passivessl.png" + "logo": "logos/passivessl.png", + "requirements": ["pypssl: Passive SSL python library", "A CIRCL passive SSL account with username & password"], + "input": "Ip-address attribute.", + "output": "Text describing passive SSL information related to the input attribute.", + "features": "This module takes an ip-address (ip-src or ip-dst) attribute as input, and queries the CIRCL Passive SSL REST API to get and display information about this input.\n\nTo make it work a username and a password are thus required to authenticate to the CIRCL Passive SSL API.", + "references": ["https://www.circl.lu/services/passive-ssl/"] } diff --git a/doc/expansion/countrycode.json b/doc/expansion/countrycode.json index 367c14b..c6214e5 100644 --- a/doc/expansion/countrycode.json +++ b/doc/expansion/countrycode.json @@ -1,3 +1,6 @@ { - "description": "Module to expand country codes." + "description": "Module to expand country codes.", + "input": "Hostname or domain attribute.", + "output": "Text with the country code the input belongs to.", + "features": "The module takes a domain or a hostname as input, and returns the country it belongs to.\n\nFor non country domains, a list of the most common possible extensions is used." } diff --git a/doc/expansion/crowdstrike_falcon.json b/doc/expansion/crowdstrike_falcon.json index 0faa6c0..4392561 100644 --- a/doc/expansion/crowdstrike_falcon.json +++ b/doc/expansion/crowdstrike_falcon.json @@ -1,4 +1,9 @@ { "description": "Module to query Crowdstrike Falcon.", - "logo": "logos/crowdstrike.png" + "logo": "logos/crowdstrike.png", + "requirements": ["A CrowdStrike API access (API id & key)"], + "input": "A MISP attribute included in the following list:\n- domain\n- email-attachment\n- email-dst\n- email-reply-to\n- email-src\n- email-subject\n- filename\n- hostname\n- ip-src\n- ip-dst\n- md5\n- mutex\n- regkey\n- sha1\n- sha256\n- uri\n- url\n- user-agent\n- whois-registrant-email\n- x509-fingerprint-md5", + "output": "MISP attributes fetched after the CrowdStrike API has been queried, included in the following list:\n- hostname\n- email-src\n- email-subject\n- filename\n- md5\n- sha1\n- sha256\n- ip-dst\n- ip-dst\n- mutex\n- regkey\n- url\n- user-agent\n- x509-fingerprint-md5", + "references": ["https://www.crowdstrike.com/products/crowdstrike-falcon-faq/"], + "features": "This module takes a MISP attribute as input to query a CrowdStrike Falcon API, using an api_id and an apikey.\n\nThe API returns then the result of the query with some types we map into compatible types we add as MISP attributes." } diff --git a/doc/expansion/cve.json b/doc/expansion/cve.json index afc4c33..04f131f 100644 --- a/doc/expansion/cve.json +++ b/doc/expansion/cve.json @@ -1,3 +1,8 @@ { - "description": "An expansion hover module to expand information about CVE id." + "description": "An expansion hover module to expand information about CVE id.", + "logo": "logos/cve.png", + "input": "Vulnerability attribute.", + "output": "Text giving information about the CVE related to the Vulnerability.", + "references": ["https://cve.circl.lu/", "https://cve.mitre.org/"], + "features": "The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to get information about the vulnerability as it is described in the list of CVEs." } diff --git a/doc/logos/bitcoin.png b/doc/logos/bitcoin.png new file mode 100644 index 0000000..e80ad6d Binary files /dev/null and b/doc/logos/bitcoin.png differ diff --git a/doc/logos/cve.png b/doc/logos/cve.png new file mode 100644 index 0000000..315ccd8 Binary files /dev/null and b/doc/logos/cve.png differ