add: Updated documentation with the EQL export module

pull/352/head
chrisr3d 2019-11-07 09:54:32 +01:00
parent 4608bcab45
commit 204f59de13
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
2 changed files with 22 additions and 5 deletions

View File

@ -330,13 +330,13 @@ DomainTools MISP expansion module.
<img src=logos/eql.png height=60> <img src=logos/eql.png height=60>
Generates EQL queries from attributes EQL query generation for a MISP attribute.
- **features**: - **features**:
>The module simply generates EQL rules out of the input attribute. >This module adds a new attribute to a MISP event containing an EQL query for a network or file attribute.
- **input**: - **input**:
>A filename or ip attribute. >A filename or ip attribute.
- **output**: - **output**:
>The EQL query generated from the input attribute. >Attribute containing EQL for a network or file attribute.
- **references**: - **references**:
>https://eql.readthedocs.io/en/latest/ >https://eql.readthedocs.io/en/latest/
@ -1378,6 +1378,22 @@ Lite export of a MISP event.
----- -----
#### [mass_eql_export](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/mass_eql_export.py)
<img src=logos/eql.png height=60>
Mass EQL query export for a MISP event.
- **features**:
>This module produces EQL queries for all relevant attributes in a MISP event.
- **input**:
>MISP Event attributes
- **output**:
>Text file containing one or more EQL queries
- **references**:
>https://eql.readthedocs.io/en/latest/
-----
#### [nexthinkexport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/nexthinkexport.py) #### [nexthinkexport](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/nexthinkexport.py)
<img src=logos/nexthink.svg height=60> <img src=logos/nexthink.svg height=60>

View File

@ -1,8 +1,9 @@
{ {
"description": "Mass EQL query export for a MISP event.", "description": "Mass EQL query export for a MISP event.",
"logo": "logos/eql.png",
"requirements": [], "requirements": [],
"features": "This module produces EQL queries for all relevant attributes in a MISP event.", "features": "This module produces EQL queries for all relevant attributes in a MISP event.",
"references": [], "references": ["https://eql.readthedocs.io/en/latest/"],
"input": "MISP Event attributes", "input": "MISP Event attributes",
"output": "Text file containing one or more EQL queries" "output": "Text file containing one or more EQL queries"
} }