chg: [documentation] updated

2021-10-27 22:25:41 +02:00 · 2021-10-27 22:25:41 +02:00 · 7cb7a9bd52
parent 04a6e89813
commit 7cb7a9bd52
1 changed files with 105 additions and 10 deletions
--- a/documentation/README.md
+++ b/documentation/README.md
@ -606,24 +606,19 @@ Module to query a local copy of Maxmind's Geolite database.
 <img src=logos/greynoise.png height=60>
-Module to access GreyNoise.io API
+Module to query IP and CVE information from GreyNoise
 - **features**:
-> - Query an IP from GreyNoise to see if it is internet background noise or a common business service
+>This module supports: 1) Query an IP from GreyNoise to see if it is internet background noise or a common business service 2) Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days.
 > - Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days
 > - Supports Enterprise (Paid) and Community API for IP lookup
 > - CVE Lookup is only supported with an Enterprise API Key
 - **input**:
->An IP address or CVE ID.
+>An IP address or CVE ID
 - **output**:
-> - For IPs: IP Lookup Details
+>IP Lookup information or CVE scanning profile for past 7 days
 > - FOR CVEs: Scanner Count for last 7 days
 - **references**:
 > - https://greynoise.io/
 > - https://docs.greyniose.io/
 > - https://www.greynoise.io/viz/account/
 - **requirements**:
-> - A Greynoise API key.
+>A Greynoise API key. Both Enterprise (Paid) and Community (Free) API keys are supported, however Community API users will only be able to perform IP lookups.
 > - Selection of API Key type: `enterprise` (for Paid users) or `community` (for Free users)
 -----
@ -641,6 +636,25 @@ A hover module to check hashes against hashdd.com including NSLR dataset.
 -----
 #### [hashlookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashlookup.py)
 <img src=logos/circl.png height=60>
 An expansion module to query the CIRCL hashlookup services to find it if a hash is part of a known set such as NSRL.
 - **features**:
 >The module takes file hashes as input such as a MD5 or SHA1.
 > It queries the public CIRCL.lu hashlookup service and return all the hits if the hashes are known in an existing dataset. The module can be configured with a custom hashlookup url if required.
 > The module can be used an hover module but also an expansion model to add related MISP objects.
 >
 - **input**:
 >File hashes (MD5, SHA1)
 - **output**:
 >Object with the filename associated hashes if the hash is part of a known set.
 - **references**:
 >https://www.circl.lu/services/hashlookup/
 -----
 #### [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py)
 <img src=logos/hibp.png height=60>
@ -808,6 +822,8 @@ A module to submit files or URLs to Joe Sandbox for an advanced analysis, and re
 <img src=logos/lastline.png height=60>
 Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
 Query Lastline with an analysis link and parse the report into MISP attributes and objects.
 The analysis link can also be retrieved from the output of the [lastline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_submit.py) expansion module.
 - **features**:
@ -827,6 +843,8 @@ The analysis link can also be retrieved from the output of the [lastline_submit]
 <img src=logos/lastline.png height=60>
 Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
 Module to submit a file or URL to Lastline.
 - **features**:
 >The module requires a Lastline Analysis `api_token` and `key`.
@ -1022,6 +1040,25 @@ Module to get information from AlienVault OTX.
 -----
 #### [passivessh](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivessh.py)
 <img src=logos/passivessh.png height=60>
 An expansion module to query the CIRCL Passive SSH.
 - **features**:
 >The module queries the Passive SSH service from CIRCL.
 > 
 > The module can be used an hover module but also an expansion model to add related MISP objects.
 >
 - **input**:
 >IP addresses or SSH fingerprints
 - **output**:
 >SSH key materials, complementary IP addresses with similar SSH key materials
 - **references**:
 >https://github.com/D4-project/passive-ssh
 -----
 #### [passivetotal](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivetotal.py)
 <img src=logos/passivetotal.png height=60>
@ -1573,6 +1610,26 @@ Module to submit a sample to VMRay.
 -----
 #### [vmware_nsx](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmware_nsx.py)
 <img src=logos/vmware_nsx.png height=60>
 Module to enrich a file or URL with VMware NSX Defender.
 - **features**:
 >This module takes an IoC such as file hash, file attachment, malware-sample or url as input to query VMware NSX Defender.
 >
 >The IoC is then enriched with data from VMware NSX Defender.
 - **input**:
 >File hash, attachment or URL to be enriched with VMware NSX Defender.
 - **output**:
 >Objects and tags generated by VMware NSX Defender.
 - **references**:
 >https://www.vmware.com
 - **requirements**:
 >The module requires a VMware NSX Defender Analysis `api_token` and `key`.
 -----
 #### [vulndb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py)
 <img src=logos/vulndb.png height=60>
@ -1726,6 +1783,26 @@ An expansion hover module to perform a syntax check on if yara rules are valid o
 -----
 #### [yeti](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/yeti.py)
 <img src=logos/yeti.png height=60>
 Module to process a query on Yeti.
 - **features**:
 >This module add context and links between observables using yeti
 - **input**:
 >A domain, hostname,IP, sha256,sha1, md5, url of MISP attribute.
 - **output**:
 >MISP attributes and objects fetched from the Yeti instances.
 - **references**:
 > - https://github.com/yeti-platform/yeti
 > - https://github.com/sebdraven/pyeti
 - **requirements**:
 > - pyeti
 > - API key 
 -----
 ## Export Modules
 #### [cef_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cef_export.py)
@ -1958,6 +2035,22 @@ This module is used to create a VirusTotal Graph from a MISP event.
 ## Import Modules
 #### [cof2misp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/cof2misp.py)
 Passive DNS Common Output Format (COF) MISP importer
 - **features**:
 >Takes as input a valid COF file or the output of the dnsdbflex utility and creates MISP objects for the input.
 - **input**:
 >Passive DNS output in Common Output Format (COF)
 - **output**:
 >MISP objects
 - **references**:
 >https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-08.html
 - **requirements**:
 >PyMISP
 -----
 #### [csvimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/csvimport.py)
 Module to import MISP attributes from a csv file.
@ -2050,6 +2143,8 @@ A module to import data from a Joe Sandbox analysis json report.
 <img src=logos/lastline.png height=60>
 Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
 Module to import and parse reports from Lastline analysis links.
 - **features**:
 >The module requires a Lastline Portal `username` and `password`.