From 6acf9573e4b2ecfc947e6752a83037a6ee5a32fb Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Thu, 13 Sep 2018 18:18:05 +0200 Subject: [PATCH] add: Added documentation for expansion modules --- doc/expansion/asn_history.json | 4 ++++ doc/expansion/circl_passivedns.json | 4 ++++ doc/expansion/circl_passivessl.json | 4 ++++ doc/expansion/countrycode.json | 3 +++ doc/expansion/crowdstrike_falcon.json | 4 ++++ doc/expansion/cve.json | 3 +++ doc/expansion/dbl_spamhaus.json | 4 ++++ doc/expansion/dns.json | 3 +++ doc/expansion/domaintools.json | 4 ++++ doc/expansion/eupi.json | 4 ++++ doc/expansion/farsight_passivedns.json | 4 ++++ doc/expansion/geoip_country.json | 3 +++ doc/expansion/intelmq_eventdb.json | 3 +++ doc/expansion/ipasn.json | 3 +++ doc/expansion/iprep.json | 3 +++ doc/expansion/onyphe.json | 4 ++++ doc/expansion/onyphe_full.json | 4 ++++ doc/expansion/otx.json | 4 ++++ doc/expansion/passivetotal.json | 4 ++++ doc/expansion/rbl.json | 4 ++++ doc/expansion/reversedns.json | 3 +++ doc/expansion/shodan.json | 4 ++++ doc/expansion/sourcecache.json | 3 +++ doc/expansion/threatcrowd.json | 4 ++++ doc/expansion/threatminer.json | 4 ++++ doc/expansion/virustotal.json | 4 ++++ doc/expansion/vmray_submit.json | 4 ++++ doc/expansion/vulndb.json | 4 ++++ doc/expansion/whois.json | 4 ++++ doc/expansion/wiki.json | 4 ++++ doc/expansion/xforceexchange.json | 4 ++++ doc/expansion/yara_syntax_validator.json | 4 ++++ 32 files changed, 119 insertions(+) create mode 100644 doc/expansion/asn_history.json create mode 100644 doc/expansion/circl_passivedns.json create mode 100644 doc/expansion/circl_passivessl.json create mode 100644 doc/expansion/countrycode.json create mode 100644 doc/expansion/crowdstrike_falcon.json create mode 100644 doc/expansion/cve.json create mode 100644 doc/expansion/dbl_spamhaus.json create mode 100644 doc/expansion/dns.json create mode 100644 doc/expansion/domaintools.json create mode 100644 doc/expansion/eupi.json create mode 100644 doc/expansion/farsight_passivedns.json create mode 100644 doc/expansion/geoip_country.json create mode 100644 doc/expansion/intelmq_eventdb.json create mode 100644 doc/expansion/ipasn.json create mode 100644 doc/expansion/iprep.json create mode 100644 doc/expansion/onyphe.json create mode 100644 doc/expansion/onyphe_full.json create mode 100644 doc/expansion/otx.json create mode 100644 doc/expansion/passivetotal.json create mode 100644 doc/expansion/rbl.json create mode 100644 doc/expansion/reversedns.json create mode 100644 doc/expansion/shodan.json create mode 100644 doc/expansion/sourcecache.json create mode 100644 doc/expansion/threatcrowd.json create mode 100644 doc/expansion/threatminer.json create mode 100644 doc/expansion/virustotal.json create mode 100644 doc/expansion/vmray_submit.json create mode 100644 doc/expansion/vulndb.json create mode 100644 doc/expansion/whois.json create mode 100644 doc/expansion/wiki.json create mode 100644 doc/expansion/xforceexchange.json create mode 100644 doc/expansion/yara_syntax_validator.json diff --git a/doc/expansion/asn_history.json b/doc/expansion/asn_history.json new file mode 100644 index 0000000..936feba --- /dev/null +++ b/doc/expansion/asn_history.json @@ -0,0 +1,4 @@ +{ + "description": "Query an ASN description history service (https://github.com/CIRCL/ASN-Description-History.git).", + "requirements": ["asnhistory"] +} diff --git a/doc/expansion/circl_passivedns.json b/doc/expansion/circl_passivedns.json new file mode 100644 index 0000000..664ca77 --- /dev/null +++ b/doc/expansion/circl_passivedns.json @@ -0,0 +1,4 @@ +{ + "description": "Module to access CIRCL Passive DNS.", + "logo": "logos/passivedns.png" +} diff --git a/doc/expansion/circl_passivessl.json b/doc/expansion/circl_passivessl.json new file mode 100644 index 0000000..2015b59 --- /dev/null +++ b/doc/expansion/circl_passivessl.json @@ -0,0 +1,4 @@ +{ + "description": "Modules to access CIRCL Passive SSL.", + "logo": "logos/passivessl.png" +} diff --git a/doc/expansion/countrycode.json b/doc/expansion/countrycode.json new file mode 100644 index 0000000..367c14b --- /dev/null +++ b/doc/expansion/countrycode.json @@ -0,0 +1,3 @@ +{ + "description": "Module to expand country codes." +} diff --git a/doc/expansion/crowdstrike_falcon.json b/doc/expansion/crowdstrike_falcon.json new file mode 100644 index 0000000..0faa6c0 --- /dev/null +++ b/doc/expansion/crowdstrike_falcon.json @@ -0,0 +1,4 @@ +{ + "description": "Module to query Crowdstrike Falcon.", + "logo": "logos/crowdstrike.png" +} diff --git a/doc/expansion/cve.json b/doc/expansion/cve.json new file mode 100644 index 0000000..afc4c33 --- /dev/null +++ b/doc/expansion/cve.json @@ -0,0 +1,3 @@ +{ + "description": "An expansion hover module to expand information about CVE id." +} diff --git a/doc/expansion/dbl_spamhaus.json b/doc/expansion/dbl_spamhaus.json new file mode 100644 index 0000000..b691007 --- /dev/null +++ b/doc/expansion/dbl_spamhaus.json @@ -0,0 +1,4 @@ +{ + "description": "Module to check Spamhaus DBL for a domain name.", + "logo": "logos/spamhaus.jpg" +} diff --git a/doc/expansion/dns.json b/doc/expansion/dns.json new file mode 100644 index 0000000..2ca7e42 --- /dev/null +++ b/doc/expansion/dns.json @@ -0,0 +1,3 @@ +{ + "description": "A simple DNS expansion service to resolve IP address from MISP attributes." +} diff --git a/doc/expansion/domaintools.json b/doc/expansion/domaintools.json new file mode 100644 index 0000000..5ed0cb2 --- /dev/null +++ b/doc/expansion/domaintools.json @@ -0,0 +1,4 @@ +{ + "description": "DomainTools MISP expansion module.", + "logo": "logos/domaintools.png" +} diff --git a/doc/expansion/eupi.json b/doc/expansion/eupi.json new file mode 100644 index 0000000..42da8aa --- /dev/null +++ b/doc/expansion/eupi.json @@ -0,0 +1,4 @@ +{ + "description": "A module to query the Phishing Initiative service (https://phishing-initiative.lu).", + "logo": "logos/eupi.png" +} diff --git a/doc/expansion/farsight_passivedns.json b/doc/expansion/farsight_passivedns.json new file mode 100644 index 0000000..6fd038b --- /dev/null +++ b/doc/expansion/farsight_passivedns.json @@ -0,0 +1,4 @@ +{ + "description": "Module to access Farsight DNSDB Passive DNS.", + "logo": "logos/farsight.png" +} diff --git a/doc/expansion/geoip_country.json b/doc/expansion/geoip_country.json new file mode 100644 index 0000000..fb3bf33 --- /dev/null +++ b/doc/expansion/geoip_country.json @@ -0,0 +1,3 @@ +{ + "description": "Module to query a local copy of Maxminds Geolite database." +} diff --git a/doc/expansion/intelmq_eventdb.json b/doc/expansion/intelmq_eventdb.json new file mode 100644 index 0000000..7746551 --- /dev/null +++ b/doc/expansion/intelmq_eventdb.json @@ -0,0 +1,3 @@ +{ + "description": "Module to access intelmqs eventdb." +} diff --git a/doc/expansion/ipasn.json b/doc/expansion/ipasn.json new file mode 100644 index 0000000..1ab9cdd --- /dev/null +++ b/doc/expansion/ipasn.json @@ -0,0 +1,3 @@ +{ + "description": "Module to query an IP ASN history service (https://github.com/CIRCL/IP-ASN-history.git)." +} diff --git a/doc/expansion/iprep.json b/doc/expansion/iprep.json new file mode 100644 index 0000000..343ce4d --- /dev/null +++ b/doc/expansion/iprep.json @@ -0,0 +1,3 @@ +{ + "description": "Module to query IPRep data for IP addresses." +} diff --git a/doc/expansion/onyphe.json b/doc/expansion/onyphe.json new file mode 100644 index 0000000..4c00866 --- /dev/null +++ b/doc/expansion/onyphe.json @@ -0,0 +1,4 @@ +{ + "description": "Module to process a query on Onyphe.", + "logo": "logos/onyphe.jpg" +} diff --git a/doc/expansion/onyphe_full.json b/doc/expansion/onyphe_full.json new file mode 100644 index 0000000..15f07f1 --- /dev/null +++ b/doc/expansion/onyphe_full.json @@ -0,0 +1,4 @@ +{ + "description": "Module to process a full query on Onyphe.", + "logo": "logos/onyphe.jpg" +} diff --git a/doc/expansion/otx.json b/doc/expansion/otx.json new file mode 100644 index 0000000..16ee6d6 --- /dev/null +++ b/doc/expansion/otx.json @@ -0,0 +1,4 @@ +{ + "description": "Module to get information from AlienVault OTX.", + "logo": "logos/otx.png" +} diff --git a/doc/expansion/passivetotal.json b/doc/expansion/passivetotal.json new file mode 100644 index 0000000..5b09f56 --- /dev/null +++ b/doc/expansion/passivetotal.json @@ -0,0 +1,4 @@ +{ + "description": "The PassiveTotal MISP expansion module brings the datasets derived from Internet scanning directly into your MISP instance. This module supports passive DNS, historic SSL, WHOIS, and host attributes. In order to use the module, you must have a valid PassiveTotal account username and API key. Registration is free and can be done by visiting https://www.passivetotal.org/register", + "logo": "logos/passivetotal.png" +} diff --git a/doc/expansion/rbl.json b/doc/expansion/rbl.json new file mode 100644 index 0000000..0f67c2c --- /dev/null +++ b/doc/expansion/rbl.json @@ -0,0 +1,4 @@ +{ + "description": "Module to check an IPv4 address against known RBLs.", + "requirements": ["dnspython3"] +} diff --git a/doc/expansion/reversedns.json b/doc/expansion/reversedns.json new file mode 100644 index 0000000..96773ac --- /dev/null +++ b/doc/expansion/reversedns.json @@ -0,0 +1,3 @@ +{ + "description": "Simple Reverse DNS expansion service to resolve reverse DNS from MISP attributes." +} diff --git a/doc/expansion/shodan.json b/doc/expansion/shodan.json new file mode 100644 index 0000000..734d768 --- /dev/null +++ b/doc/expansion/shodan.json @@ -0,0 +1,4 @@ +{ + "description": "Module to query on Shodan.", + "logo": "logos/shodan.png" +} diff --git a/doc/expansion/sourcecache.json b/doc/expansion/sourcecache.json new file mode 100644 index 0000000..13c2a03 --- /dev/null +++ b/doc/expansion/sourcecache.json @@ -0,0 +1,3 @@ +{ + "description": "Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page." +} diff --git a/doc/expansion/threatcrowd.json b/doc/expansion/threatcrowd.json new file mode 100644 index 0000000..83af5fd --- /dev/null +++ b/doc/expansion/threatcrowd.json @@ -0,0 +1,4 @@ +{ + "description": "Module to get information from ThreatCrowd.", + "logo": "logos/threatcrowd.png" +} diff --git a/doc/expansion/threatminer.json b/doc/expansion/threatminer.json new file mode 100644 index 0000000..da75784 --- /dev/null +++ b/doc/expansion/threatminer.json @@ -0,0 +1,4 @@ +{ + "description": "Module to get information from ThreatMiner.", + "logo": "logos/threatminer.png" +} diff --git a/doc/expansion/virustotal.json b/doc/expansion/virustotal.json new file mode 100644 index 0000000..8c203eb --- /dev/null +++ b/doc/expansion/virustotal.json @@ -0,0 +1,4 @@ +{ + "description": "Module to get information from virustotal.", + "logo": "logos/virustotal.png" +} diff --git a/doc/expansion/vmray_submit.json b/doc/expansion/vmray_submit.json new file mode 100644 index 0000000..b977203 --- /dev/null +++ b/doc/expansion/vmray_submit.json @@ -0,0 +1,4 @@ +{ + "description": "Module to submit a sample to VMRay.", + "logo": "logos/vmray.png" +} diff --git a/doc/expansion/vulndb.json b/doc/expansion/vulndb.json new file mode 100644 index 0000000..a4fec3b --- /dev/null +++ b/doc/expansion/vulndb.json @@ -0,0 +1,4 @@ +{ + "description": "Module to query VulnDB (RiskBasedSecurity.com).", + "logo": "logos/vulndb.png" +} diff --git a/doc/expansion/whois.json b/doc/expansion/whois.json new file mode 100644 index 0000000..7c5c119 --- /dev/null +++ b/doc/expansion/whois.json @@ -0,0 +1,4 @@ +{ + "description": "Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).", + "requirements": ["uwhois"] +} diff --git a/doc/expansion/wiki.json b/doc/expansion/wiki.json new file mode 100644 index 0000000..14c4451 --- /dev/null +++ b/doc/expansion/wiki.json @@ -0,0 +1,4 @@ +{ + "description": "An expansion hover module to extract information from Wikidata to have additional information about particular term for analysis.", + "logo": "logos/wikidata.png" +} diff --git a/doc/expansion/xforceexchange.json b/doc/expansion/xforceexchange.json new file mode 100644 index 0000000..13d3622 --- /dev/null +++ b/doc/expansion/xforceexchange.json @@ -0,0 +1,4 @@ +{ + "description": "An expansion module for IBM X-Force Exchange.", + "logo": "logos/xforce.png" +} diff --git a/doc/expansion/yara_syntax_validator.json b/doc/expansion/yara_syntax_validator.json new file mode 100644 index 0000000..891aa5a --- /dev/null +++ b/doc/expansion/yara_syntax_validator.json @@ -0,0 +1,4 @@ +{ + "description": "An expansion hover module to perform a syntax check on if yara rules are valid or not.", + "logo": "logos/yara.png" +}