From 204f59de137bd85cf2c9e833743a75db04083f27 Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Thu, 7 Nov 2019 09:54:32 +0100
Subject: [PATCH] add: Updated documentation with the EQL export module

---
 doc/README.md                       | 22 +++++++++++++++++++---
 doc/export_mod/mass_eql_export.json |  5 +++--
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/doc/README.md b/doc/README.md
index 54100c0..7cf7a7c 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -330,13 +330,13 @@ DomainTools MISP expansion module.
 
 <img src=logos/eql.png height=60>
 
-Generates EQL queries from attributes
+EQL query generation for a MISP attribute.
 - **features**:
->The module simply generates EQL rules out of the input attribute.
+>This module adds a new attribute to a MISP event containing an EQL query for a network or file attribute.
 - **input**:
 >A filename or ip attribute.
 - **output**:
->The EQL query generated from the input attribute.
+>Attribute containing EQL for a network or file attribute.
 - **references**:
 >https://eql.readthedocs.io/en/latest/
 
@@ -1378,6 +1378,22 @@ Lite export of a MISP event.
 
 -----
 
+#### [mass_eql_export](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/mass_eql_export.py)
+
+<img src=logos/eql.png height=60>
+
+Mass EQL query export for a MISP event.
+- **features**:
+>This module produces EQL queries for all relevant attributes in a MISP event.
+- **input**:
+>MISP Event attributes
+- **output**:
+>Text file containing one or more EQL queries
+- **references**:
+>https://eql.readthedocs.io/en/latest/
+
+-----
+
 #### [nexthinkexport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/nexthinkexport.py)
 
 <img src=logos/nexthink.svg height=60>
diff --git a/doc/export_mod/mass_eql_export.json b/doc/export_mod/mass_eql_export.json
index ae18938..5eadd23 100644
--- a/doc/export_mod/mass_eql_export.json
+++ b/doc/export_mod/mass_eql_export.json
@@ -1,8 +1,9 @@
 {
     "description": "Mass EQL query export for a MISP event.",
+    "logo": "logos/eql.png",
     "requirements": [],
     "features": "This module produces EQL queries for all relevant attributes in a MISP event.",
-    "references": [],
+    "references": ["https://eql.readthedocs.io/en/latest/"],
     "input": "MISP Event attributes",
     "output": "Text file containing one or more EQL queries"
-  }
\ No newline at end of file
+  }