diff --git a/documentation/README.md b/documentation/README.md
index 6eefef5..4dea631 100644
--- a/documentation/README.md
+++ b/documentation/README.md
@@ -606,24 +606,19 @@ Module to query a local copy of Maxmind's Geolite database.
-Module to access GreyNoise.io API
+Module to query IP and CVE information from GreyNoise
- **features**:
-> - Query an IP from GreyNoise to see if it is internet background noise or a common business service
-> - Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days
-> - Supports Enterprise (Paid) and Community API for IP lookup
-> - CVE Lookup is only supported with an Enterprise API Key
+>This module supports: 1) Query an IP from GreyNoise to see if it is internet background noise or a common business service 2) Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days.
- **input**:
->An IP address or CVE ID.
+>An IP address or CVE ID
- **output**:
-> - For IPs: IP Lookup Details
-> - FOR CVEs: Scanner Count for last 7 days
+>IP Lookup information or CVE scanning profile for past 7 days
- **references**:
> - https://greynoise.io/
> - https://docs.greyniose.io/
> - https://www.greynoise.io/viz/account/
- **requirements**:
-> - A Greynoise API key.
-> - Selection of API Key type: `enterprise` (for Paid users) or `community` (for Free users)
+>A Greynoise API key. Both Enterprise (Paid) and Community (Free) API keys are supported, however Community API users will only be able to perform IP lookups.
-----
@@ -641,6 +636,25 @@ A hover module to check hashes against hashdd.com including NSLR dataset.
-----
+#### [hashlookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashlookup.py)
+
+
+
+An expansion module to query the CIRCL hashlookup services to find it if a hash is part of a known set such as NSRL.
+- **features**:
+>The module takes file hashes as input such as a MD5 or SHA1.
+> It queries the public CIRCL.lu hashlookup service and return all the hits if the hashes are known in an existing dataset. The module can be configured with a custom hashlookup url if required.
+> The module can be used an hover module but also an expansion model to add related MISP objects.
+>
+- **input**:
+>File hashes (MD5, SHA1)
+- **output**:
+>Object with the filename associated hashes if the hash is part of a known set.
+- **references**:
+>https://www.circl.lu/services/hashlookup/
+
+-----
+
#### [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py)
@@ -808,6 +822,8 @@ A module to submit files or URLs to Joe Sandbox for an advanced analysis, and re
+Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
+
Query Lastline with an analysis link and parse the report into MISP attributes and objects.
The analysis link can also be retrieved from the output of the [lastline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_submit.py) expansion module.
- **features**:
@@ -827,6 +843,8 @@ The analysis link can also be retrieved from the output of the [lastline_submit]
+Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
+
Module to submit a file or URL to Lastline.
- **features**:
>The module requires a Lastline Analysis `api_token` and `key`.
@@ -1022,6 +1040,25 @@ Module to get information from AlienVault OTX.
-----
+#### [passivessh](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivessh.py)
+
+
+
+An expansion module to query the CIRCL Passive SSH.
+- **features**:
+>The module queries the Passive SSH service from CIRCL.
+>
+> The module can be used an hover module but also an expansion model to add related MISP objects.
+>
+- **input**:
+>IP addresses or SSH fingerprints
+- **output**:
+>SSH key materials, complementary IP addresses with similar SSH key materials
+- **references**:
+>https://github.com/D4-project/passive-ssh
+
+-----
+
#### [passivetotal](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivetotal.py)
@@ -1573,6 +1610,26 @@ Module to submit a sample to VMRay.
-----
+#### [vmware_nsx](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmware_nsx.py)
+
+
+
+Module to enrich a file or URL with VMware NSX Defender.
+- **features**:
+>This module takes an IoC such as file hash, file attachment, malware-sample or url as input to query VMware NSX Defender.
+>
+>The IoC is then enriched with data from VMware NSX Defender.
+- **input**:
+>File hash, attachment or URL to be enriched with VMware NSX Defender.
+- **output**:
+>Objects and tags generated by VMware NSX Defender.
+- **references**:
+>https://www.vmware.com
+- **requirements**:
+>The module requires a VMware NSX Defender Analysis `api_token` and `key`.
+
+-----
+
#### [vulndb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py)
@@ -1726,6 +1783,26 @@ An expansion hover module to perform a syntax check on if yara rules are valid o
-----
+#### [yeti](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/yeti.py)
+
+
+
+Module to process a query on Yeti.
+- **features**:
+>This module add context and links between observables using yeti
+- **input**:
+>A domain, hostname,IP, sha256,sha1, md5, url of MISP attribute.
+- **output**:
+>MISP attributes and objects fetched from the Yeti instances.
+- **references**:
+> - https://github.com/yeti-platform/yeti
+> - https://github.com/sebdraven/pyeti
+- **requirements**:
+> - pyeti
+> - API key
+
+-----
+
## Export Modules
#### [cef_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cef_export.py)
@@ -1958,6 +2035,22 @@ This module is used to create a VirusTotal Graph from a MISP event.
## Import Modules
+#### [cof2misp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/cof2misp.py)
+
+Passive DNS Common Output Format (COF) MISP importer
+- **features**:
+>Takes as input a valid COF file or the output of the dnsdbflex utility and creates MISP objects for the input.
+- **input**:
+>Passive DNS output in Common Output Format (COF)
+- **output**:
+>MISP objects
+- **references**:
+>https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-08.html
+- **requirements**:
+>PyMISP
+
+-----
+
#### [csvimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/csvimport.py)
Module to import MISP attributes from a csv file.
@@ -2050,6 +2143,8 @@ A module to import data from a Joe Sandbox analysis json report.
+Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
+
Module to import and parse reports from Lastline analysis links.
- **features**:
>The module requires a Lastline Portal `username` and `password`.