chg: [misp-modules] doc updated

docs/index.md

@@ -65,7 +65,6 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
 * [Sigma queries](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigma_queries.py) - Experimental expansion module querying a sigma rule to convert it into all the available SIEM signatures.
 * [Sigma syntax validator](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sigma_syntax_validator.py) - Sigma syntax validator.
 * [sourcecache](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/sourcecache.py) - a module to cache a specific link from a MISP instance.
-* [stairwell](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/stairwell.py) - an expansion module to enrich hash observables with the Stairwell API
 * [STIX2 pattern syntax validator](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/stix2_pattern_syntax_validator.py) - a module to check a STIX2 pattern syntax.
 * [ThreatCrowd](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/threatcrowd.py) - an expansion module for [ThreatCrowd](https://www.threatcrowd.org/).
 * [threatminer](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/threatminer.py) - an expansion module to expand from [ThreatMiner](https://www.threatminer.org/).
@@ -76,7 +75,6 @@ For more information: [Extending MISP with Python modules](https://www.circl.lu/
 * [VMray](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py) - a module to submit a sample to VMray.
 * [VulnDB](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) - a module to query [VulnDB](https://www.riskbasedsecurity.com/).
 * [Vulners](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulners.py) - an expansion module to expand information about CVEs using Vulners API.
-* [Vysion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py) - an expansion module to add dark web intelligence using Vysion API.
 * [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py) - a module to query a local instance of [uwhois](https://github.com/rafiot/uwhoisd).
 * [wikidata](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/wiki.py) - a [wikidata](https://www.wikidata.org) expansion module.
 * [xforce](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/xforceexchange.py) - an IBM X-Force Exchange expansion module.

documentation/README.md

@@ -1586,19 +1586,18 @@ Module to cache web pages of analysis reports, OSINT sources. The module returns
 
 <img src=logos/stairwell.png height=60>
 
-An expansion module to enrich hash observables with the Stairwell API.
+Module to query the Stairwell API to get additional information about the input hash attribute
 - **features**:
->This module takes a file hash as input and queries the Stairwell API. It will create a misp-object with the additional enrichment intel.
+>The module takes a hash attribute as input and queries Stariwell's API to fetch additional data about it. The result, if the payload is observed in Stariwell, is a file object describing the file the input hash is related to.
 - **input**:
->MD5, SHA1, or SHA256
+>A hash attribute (md5, sha1, sha256).
 - **output**:
->A stairwell misp-object with additional enrichment intel.
+>File object related to the input attribute found on Stairwell platform.
 - **references**:
->https://docs.stairwell.com
+> - https://stairwell.com
+> - https://docs.stairwell.com
 - **requirements**:
->- json
+>Access to Stairwell platform (apikey)
->- pymisp
->- requests
 
 -----
 
@@ -1924,23 +1923,24 @@ An expansion hover module to expand information about CVE id using Vulners API.
 
 -----
 
-#### [Vysion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py)
+#### [vysion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py)
 
 <img src=logos/vysion.png height=60>
 
 Module to enrich the information by making use of the Vysion API.
 - **features**:
 >This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack.
->MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
 - **input**:
 >MISP Attribute which include: company(target-org), country, info.
 - **output**:
 >MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
 - **references**:
->https://vysion.ai/
+> - https://vysion.ai/
+> - https://developers.vysion.ai/
+> - https://github.com/ByronLabs/vysion-cti/tree/main
 - **requirements**:
-> Vysion python library
+> - Vysion python library
-> Vysion API Key
+> - Vysion API Key
 
 -----
 

documentation/mkdocs/expansion.md

@@ -1579,6 +1579,25 @@ Module to cache web pages of analysis reports, OSINT sources. The module returns
 
 -----
 
+#### [stairwell](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/stairwell.py)
+
+<img src=../logos/stairwell.png height=60>
+
+Module to query the Stairwell API to get additional information about the input hash attribute
+- **features**:
+>The module takes a hash attribute as input and queries Stariwell's API to fetch additional data about it. The result, if the payload is observed in Stariwell, is a file object describing the file the input hash is related to.
+- **input**:
+>A hash attribute (md5, sha1, sha256).
+- **output**:
+>File object related to the input attribute found on Stairwell platform.
+- **references**:
+> - https://stairwell.com
+> - https://docs.stairwell.com
+- **requirements**:
+>Access to Stairwell platform (apikey)
+
+-----
+
 #### [stix2_pattern_syntax_validator](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/stix2_pattern_syntax_validator.py)
 
 <img src=../logos/stix.png height=60>
@@ -1901,6 +1920,27 @@ An expansion hover module to expand information about CVE id using Vulners API.
 
 -----
 
+#### [vysion](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py)
+
+<img src=../logos/vysion.png height=60>
+
+Module to enrich the information by making use of the Vysion API.
+- **features**:
+>This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack.
+- **input**:
+>MISP Attribute which include: company(target-org), country, info.
+- **output**:
+>MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
+- **references**:
+> - https://vysion.ai/
+> - https://developers.vysion.ai/
+> - https://github.com/ByronLabs/vysion-cti/tree/main
+- **requirements**:
+> - Vysion python library
+> - Vysion API Key
+
+-----
+
 #### [whois](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py)
 
 Module to query a local instance of uwhois (https://github.com/rafiot/uwhoisd).