Browse Source

added module documentation

pull/409/head
Jesse Hedden 1 year ago
parent
commit
859bd19e24
  1. 29
      doc/README.md
  2. 12
      doc/expansion/trustar_enrich.json

29
doc/README.md

@ -1168,6 +1168,35 @@ Module to get information from ThreatMiner.
-----
#### [trustar_enrich](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/trustar_enrich.py)
<img src=logos/trustar.png height=60>
Module to get enrich indicators with TruSTAR.
- **features**:
>This module enriches MISP attributes with scoring and metadata from TruSTAR.
>
>The TruSTAR indicator summary is appended to the attributes along with links to any associated reports.
- **input**:
>Any of the following MISP attributes:
>- btc
>- domain
>- email-src
>- filename
>- hostname
>- ip-src
>- ip-dst
>- md5
>- sha1
>- sha256
>- url
- **output**:
>MISP attributes enriched with indicator summary data from the TruSTAR API. Data includes a severity level score and additional source and scoring info.
- **references**:
>https://docs.trustar.co/api/v13/indicators/get_indicator_summaries.html
-----
#### [urlhaus](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlhaus.py)
<img src=logos/urlhaus.png height=60>

12
doc/expansion/trustar_enrich.json

@ -1,8 +1,8 @@
{
"description": "Module to get information from ThreatMiner.",
"logo": "logos/threatminer.png",
"input": "A MISP attribute included in the following list:\n- hostname\n- domain\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- sha512",
"output": "MISP attributes mapped from the result of the query on ThreatMiner, included in the following list:\n- domain\n- ip-src\n- ip-dst\n- text\n- md5\n- sha1\n- sha256\n- sha512\n- ssdeep\n- authentihash\n- filename\n- whois-registrant-email\n- url\n- link",
"references": ["https://www.threatminer.org/"],
"features": "This module takes a MISP attribute as input and queries ThreatMiner with it.\n\nThe result of this query is then parsed and some data is mapped into MISP attributes in order to enrich the input attribute."
"description": "Module to get enrich indicators with TruSTAR.",
"logo": "logos/trustar.png",
"input": "Any of the following MISP attributes:\n- btc\n- domain\n- email-src\n- filename\n- hostname\n- ip-src\n- ip-dst\n- md5\n- sha1\n- sha256\n- url",
"output": "MISP attributes enriched with indicator summary data from the TruSTAR API. Data includes a severity level score and additional source and scoring info.",
"references": ["https://docs.trustar.co/api/v13/indicators/get_indicator_summaries.html"],
"features": "This module enriches MISP attributes with scoring and metadata from TruSTAR.\n\nThe TruSTAR indicator summary is appended to the attributes along with links to any associated reports."
}

Loading…
Cancel
Save