From b2fcc3374db474f0a6f387eb542718d3df3909c9 Mon Sep 17 00:00:00 2001 From: chrisr3d Date: Mon, 19 Nov 2018 17:05:55 +0100 Subject: [PATCH] add: Updated more expansion documentation files --- doc/expansion/hashdd.json | 2 +- doc/expansion/intelmq_eventdb.json | 8 +++++++- doc/expansion/ipasn.json | 7 ++++++- doc/expansion/iprep.json | 7 ++++++- doc/expansion/onyphe.json | 7 ++++++- doc/expansion/onyphe_full.json | 7 ++++++- 6 files changed, 32 insertions(+), 6 deletions(-) diff --git a/doc/expansion/hashdd.json b/doc/expansion/hashdd.json index 5f9c837..d963820 100644 --- a/doc/expansion/hashdd.json +++ b/doc/expansion/hashdd.json @@ -1,6 +1,6 @@ { "description": "A hover module to check hashes against hashdd.com including NSLR dataset.", - "input": "A hash MISP attribute (md5)", + "input": "A hash MISP attribute (md5).", "output": "Text describing the known level of the hash in the hashdd databases.", "references": ["https://hashdd.com/"], "features": "This module takes a hash attribute as input to check its known level, using the hashdd API. This information is then displayed." diff --git a/doc/expansion/intelmq_eventdb.json b/doc/expansion/intelmq_eventdb.json index 7746551..bc48414 100644 --- a/doc/expansion/intelmq_eventdb.json +++ b/doc/expansion/intelmq_eventdb.json @@ -1,3 +1,9 @@ { - "description": "Module to access intelmqs eventdb." + "description": "Module to access intelmqs eventdb.", + "logo": "logos/intelmq.png", + "requirements": ["psycopg2: Python library to support PostgreSQL", "An access to the IntelMQ database (username, password, hostname and database reference)"], + "input": "A hostname, domain, IP address or AS attribute.", + "output": "Text giving information about the input using IntelMQ database.", + "references": ["https://github.com/certtools/intelmq", "https://intelmq.readthedocs.io/en/latest/Developers-Guide/"], + "features": "/!\\ EXPERIMENTAL MODULE, some features may not work /!\\\n\nThis module takes a domain, hostname, IP address or Autonomous system MISP attribute as input to query the IntelMQ database. The result of the query gives then additional information about the input." } diff --git a/doc/expansion/ipasn.json b/doc/expansion/ipasn.json index 1ab9cdd..aa9d0b1 100644 --- a/doc/expansion/ipasn.json +++ b/doc/expansion/ipasn.json @@ -1,3 +1,8 @@ { - "description": "Module to query an IP ASN history service (https://github.com/CIRCL/IP-ASN-history.git)." + "description": "Module to query an IP ASN history service (https://github.com/CIRCL/IP-ASN-history.git).", + "requirements": ["ipasn_redis: Python library to access IP-ASN-history instance via redis", "An IP-ASN-history instance information (host, port and database index)"], + "input": "An IP address MISP attribute.", + "output": "Text describing additional information about the input after a query on the IP-ASN-history database.", + "references": ["https://www.circl.lu/services/ip-asn-history/"], + "features": "This module takes an IP address attribute as input and queries the CIRCL IP ASN service to get additional information about the input." } diff --git a/doc/expansion/iprep.json b/doc/expansion/iprep.json index 343ce4d..95250e0 100644 --- a/doc/expansion/iprep.json +++ b/doc/expansion/iprep.json @@ -1,3 +1,8 @@ { - "description": "Module to query IPRep data for IP addresses." + "description": "Module to query IPRep data for IP addresses.", + "requirements": ["An access to the packetmail API (apikey)"], + "input": "An IP address MISP attribute.", + "output": "Text describing additional information about the input after a query on the IPRep API.", + "references": ["https://github.com/mahesh557/packetmail"], + "features": "This module takes an IP address attribute as input and queries the database from packetmail.net to get some information about the reputation of the IP." } diff --git a/doc/expansion/onyphe.json b/doc/expansion/onyphe.json index 4c00866..04ebdd3 100644 --- a/doc/expansion/onyphe.json +++ b/doc/expansion/onyphe.json @@ -1,4 +1,9 @@ { "description": "Module to process a query on Onyphe.", - "logo": "logos/onyphe.jpg" + "logo": "logos/onyphe.jpg", + "requirements": ["onyphe python library", "An access to the Onyphe API (apikey)"], + "input": "A domain, hostname or IP address MISP attribute.", + "output": "MISP attributes fetched from the Onyphe query.", + "references": ["https://www.onyphe.io/", "https://github.com/sebdraven/pyonyphe"], + "features": "This module takes a domain, hostname, or IP address attribute as input in order to query the Onyphe API. Data fetched from the query is then parsed and MISP attributes are extracted." } diff --git a/doc/expansion/onyphe_full.json b/doc/expansion/onyphe_full.json index 15f07f1..4b722fa 100644 --- a/doc/expansion/onyphe_full.json +++ b/doc/expansion/onyphe_full.json @@ -1,4 +1,9 @@ { "description": "Module to process a full query on Onyphe.", - "logo": "logos/onyphe.jpg" + "logo": "logos/onyphe.jpg", + "requirements": ["onyphe python library", "An access to the Onyphe API (apikey)"], + "input": "A domain, hostname or IP address MISP attribute.", + "output": "MISP attributes fetched from the Onyphe query.", + "references": ["https://www.onyphe.io/", "https://github.com/sebdraven/pyonyphe"], + "features": "This module takes a domain, hostname, or IP address attribute as input in order to query the Onyphe API. Data fetched from the query is then parsed and MISP attributes are extracted.\n\nThe parsing is here more advanced than the one on onyphe module, and is returning more attributes, since more fields of the query result are watched and parsed." }