From 9a1140c67151c62da399b82968d5fa9033124e02 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Wed, 13 Dec 2023 11:28:20 +0100
Subject: [PATCH] chg: [documentation] updated

---
 documentation/README.md           | 75 ++++++++++++++++++++++++++++++-
 documentation/mkdocs/expansion.md | 75 ++++++++++++++++++++++++++++++-
 2 files changed, 148 insertions(+), 2 deletions(-)

diff --git a/documentation/README.md b/documentation/README.md
index ec9366f..0016f25 100644
--- a/documentation/README.md
+++ b/documentation/README.md
@@ -58,7 +58,7 @@ A module tu query the AssemblyLine API with a submission ID to get the submissio
 - **output**:
 >MISP attributes & objects parsed from the AssemblyLine submission.
 - **references**:
->https://www.cyber.cg.ca/en/assemblyline
+>https://www.cyber.gc.ca/en/assemblyline
 - **requirements**:
 >assemblyline_client: Python library to query the AssemblyLine rest API.
 
@@ -207,6 +207,39 @@ Modules to access CIRCL Passive SSL.
 
 -----
 
+#### [cluster25_expand](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cluster25_expand.py)
+
+<img src=logos/cluster25.png height=60>
+
+Module to query Cluster25 CTI.
+- **features**:
+>This module takes a MISP attribute value as input to query the Cluster25CTI API. The result is then mapped into compatible MISP Objects and relative attributes.
+>
+- **input**:
+>An Indicator value of type included in the following list:
+>- domain
+>- email-src
+>- email-dst
+>- filename
+>- md5
+>- sha1
+>- sha256
+>- ip-src
+>- ip-dst
+>- url
+>- vulnerability
+>- btc
+>- xmr
+> ja3-fingerprint-md5
+- **output**:
+>A series of c25 MISP Objects with colletion of attributes mapped from Cluster25 CTI query result.
+- **references**:
+>
+- **requirements**:
+>A Cluster25 API access (API id & key)
+
+-----
+
 #### [countrycode](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/countrycode.py)
 
 Module to expand country codes.
@@ -780,6 +813,28 @@ Module to access intelmqs eventdb.
 
 -----
 
+#### [ip2locationio](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ip2locationio.py)
+
+<img src=logos/ip2locationio.png height=60>
+
+An expansion module to query IP2Location.io to gather more information on a given IP address.
+- **features**:
+>The module takes an IP address attribute as input and queries the IP2Location.io API.  
+>Free plan user will get the basic geolocation informaiton, and different subsription plan will get more information on the IP address. 
+> Refer to [pricing page](https://www.ip2location.io/pricing) for more information on data available for each plan. 
+>
+>More information on the responses content is available in the [documentation](https://www.ip2location.io/ip2location-documentation).
+- **input**:
+>IP address attribute.
+- **output**:
+>Additional information on the IP address, such as geolocation, proxy and so on. Refer to the Response Format section in https://www.ip2location.io/ip2location-documentation to find out the full format of the data returned.
+- **references**:
+>https://www.ip2location.io/ip2location-documentation
+- **requirements**:
+>An IP2Location.io token
+
+-----
+
 #### [ipasn](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py)
 
 Module to query an IP ASN history service (https://github.com/D4-project/IPASN-History).
@@ -1459,6 +1514,24 @@ An expansion hover module to perform a syntax check on sigma rules.
 
 -----
 
+#### [sigmf-expand](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigmf-expand.py)
+
+Enrichs a SigMF Recording or extracts a SigMF Archive into a SigMF Recording.
+- **features**:
+>This module can be used to expand a SigMF Recording object into a SigMF Expanded Recording object with a waterfall plot or to extract a SigMF Archive object into a SigMF Recording objet.
+- **input**:
+>Object of sigmf-archive or sigmf-recording template.
+- **output**:
+>Object of sigmf-expanded-recording or sigmf-recording template.
+- **references**:
+>https://github.com/sigmf/SigMF
+- **requirements**:
+> - matplotlib: For plotting the waterfall plot of the recording.
+> - numpy: For the waterfall plot of the recording.
+> - sigmf: For validating SigMF files.
+
+-----
+
 #### [socialscan](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/socialscan.py)
 
 A hover module to get information on the availability of an email address or username on some online platforms.
diff --git a/documentation/mkdocs/expansion.md b/documentation/mkdocs/expansion.md
index 701c79d..5379c82 100644
--- a/documentation/mkdocs/expansion.md
+++ b/documentation/mkdocs/expansion.md
@@ -55,7 +55,7 @@ A module tu query the AssemblyLine API with a submission ID to get the submissio
 - **output**:
 >MISP attributes & objects parsed from the AssemblyLine submission.
 - **references**:
->https://www.cyber.cg.ca/en/assemblyline
+>https://www.cyber.gc.ca/en/assemblyline
 - **requirements**:
 >assemblyline_client: Python library to query the AssemblyLine rest API.
 
@@ -204,6 +204,39 @@ Modules to access CIRCL Passive SSL.
 
 -----
 
+#### [cluster25_expand](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/cluster25_expand.py)
+
+<img src=../logos/cluster25.png height=60>
+
+Module to query Cluster25 CTI.
+- **features**:
+>This module takes a MISP attribute value as input to query the Cluster25CTI API. The result is then mapped into compatible MISP Objects and relative attributes.
+>
+- **input**:
+>An Indicator value of type included in the following list:
+>- domain
+>- email-src
+>- email-dst
+>- filename
+>- md5
+>- sha1
+>- sha256
+>- ip-src
+>- ip-dst
+>- url
+>- vulnerability
+>- btc
+>- xmr
+> ja3-fingerprint-md5
+- **output**:
+>A series of c25 MISP Objects with colletion of attributes mapped from Cluster25 CTI query result.
+- **references**:
+>
+- **requirements**:
+>A Cluster25 API access (API id & key)
+
+-----
+
 #### [countrycode](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/countrycode.py)
 
 Module to expand country codes.
@@ -777,6 +810,28 @@ Module to access intelmqs eventdb.
 
 -----
 
+#### [ip2locationio](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ip2locationio.py)
+
+<img src=../logos/ip2locationio.png height=60>
+
+An expansion module to query IP2Location.io to gather more information on a given IP address.
+- **features**:
+>The module takes an IP address attribute as input and queries the IP2Location.io API.  
+>Free plan user will get the basic geolocation informaiton, and different subsription plan will get more information on the IP address. 
+> Refer to [pricing page](https://www.ip2location.io/pricing) for more information on data available for each plan. 
+>
+>More information on the responses content is available in the [documentation](https://www.ip2location.io/ip2location-documentation).
+- **input**:
+>IP address attribute.
+- **output**:
+>Additional information on the IP address, such as geolocation, proxy and so on. Refer to the Response Format section in https://www.ip2location.io/ip2location-documentation to find out the full format of the data returned.
+- **references**:
+>https://www.ip2location.io/ip2location-documentation
+- **requirements**:
+>An IP2Location.io token
+
+-----
+
 #### [ipasn](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/ipasn.py)
 
 Module to query an IP ASN history service (https://github.com/D4-project/IPASN-History).
@@ -1456,6 +1511,24 @@ An expansion hover module to perform a syntax check on sigma rules.
 
 -----
 
+#### [sigmf-expand](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigmf-expand.py)
+
+Enrichs a SigMF Recording or extracts a SigMF Archive into a SigMF Recording.
+- **features**:
+>This module can be used to expand a SigMF Recording object into a SigMF Expanded Recording object with a waterfall plot or to extract a SigMF Archive object into a SigMF Recording objet.
+- **input**:
+>Object of sigmf-archive or sigmf-recording template.
+- **output**:
+>Object of sigmf-expanded-recording or sigmf-recording template.
+- **references**:
+>https://github.com/sigmf/SigMF
+- **requirements**:
+> - matplotlib: For plotting the waterfall plot of the recording.
+> - numpy: For the waterfall plot of the recording.
+> - sigmf: For validating SigMF files.
+
+-----
+
 #### [socialscan](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/socialscan.py)
 
 A hover module to get information on the availability of an email address or username on some online platforms.