From bedd6dcfd61c0f20eb00066b8072ff290cc8beb3 Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Sun, 15 Nov 2020 19:23:47 +0100
Subject: [PATCH] chg: [documentation] Updated the farsight-passivedns
 documentation

---
 doc/README.md                          | 15 +++++++++------
 doc/expansion/farsight_passivedns.json |  4 ++--
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/doc/README.md b/doc/README.md
index 3b2bceb..736c6f8 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -505,12 +505,15 @@ A module to query the Phishing Initiative service (https://phishing-initiative.l
 
 Module to access Farsight DNSDB Passive DNS.
 - **features**:
->This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API.
->  The results of rdata and rrset lookups are then returned and parsed into passive-dns objects.
+>This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API.  
+>The results of rdata and rrset lookups are then returned and parsed into passive-dns objects.
 >
->An API key is required to submit queries to the API.
->  It is also possible to define a custom server URL, and to set a limit of results to get.
->  This limit is set for each lookup, which means we can have an up to the limit number of passive-dns objects resulting from an rdata query about an IP address, but an up to the limit number of passive-dns objects for each lookup queries about a domain or a hostname (== twice the limit).
+>An API key is required to submit queries to the API.  
+>It is also possible to define a custom server URL, and to set a limit of results to get.  
+>This limit is set for each lookup, which means we can have an up to the limit number of passive-dns objects resulting from an rdata query about an IP address, but an up to the limit number of passive-dns objects for each lookup queries about a domain or a hostname (== twice the limit).
+>
+>Additionally to the lookup queries, responses from flex queries can be returned with the results.  
+>To get this additional data with the results, there is a `flex_queries` configuration parameter to set to `true`. The module submit then regex queries to the API, using the domain, hostname or IP address as keyword for the search. Passive-dns objects are returned next to the ones resulting from the lookup queries.
 - **input**:
 >A domain, hostname or IP address MISP attribute.
 - **output**:
@@ -518,7 +521,7 @@ Module to access Farsight DNSDB Passive DNS.
 - **references**:
 >https://www.farsightsecurity.com/, https://docs.dnsdb.info/dnsdb-api/
 - **requirements**:
->An access to the Farsight Passive DNS API (apikey)
+>An access to the Farsight Passive DNS API (apikey), The dnsdb2 python library
 
 -----
 
diff --git a/doc/expansion/farsight_passivedns.json b/doc/expansion/farsight_passivedns.json
index 2dbc64e..fe241e6 100644
--- a/doc/expansion/farsight_passivedns.json
+++ b/doc/expansion/farsight_passivedns.json
@@ -1,9 +1,9 @@
 {
     "description": "Module to access Farsight DNSDB Passive DNS.",
     "logo": "logos/farsight.png",
-    "requirements": ["An access to the Farsight Passive DNS API (apikey)"],
+    "requirements": ["An access to the Farsight Passive DNS API (apikey)", "The dnsdb2 python library"],
     "input": "A domain, hostname or IP address MISP attribute.",
     "output": "Passive-dns objects, resulting from the query on the Farsight Passive DNS API.",
     "references": ["https://www.farsightsecurity.com/", "https://docs.dnsdb.info/dnsdb-api/"],
-    "features": "This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API.\n  The results of rdata and rrset lookups are then returned and parsed into passive-dns objects.\n\nAn API key is required to submit queries to the API.\n  It is also possible to define a custom server URL, and to set a limit of results to get.\n  This limit is set for each lookup, which means we can have an up to the limit number of passive-dns objects resulting from an rdata query about an IP address, but an up to the limit number of passive-dns objects for each lookup queries about a domain or a hostname (== twice the limit)."
+    "features": "This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API.  \nThe results of rdata and rrset lookups are then returned and parsed into passive-dns objects.\n\nAn API key is required to submit queries to the API.  \nIt is also possible to define a custom server URL, and to set a limit of results to get.  \nThis limit is set for each lookup, which means we can have an up to the limit number of passive-dns objects resulting from an rdata query about an IP address, but an up to the limit number of passive-dns objects for each lookup queries about a domain or a hostname (== twice the limit).\n\nAdditionally to the lookup queries, responses from flex queries can be returned with the results.  \nTo get this additional data with the results, there is a `flex_queries` configuration parameter to set to `true`. The module submit then regex queries to the API, using the domain, hostname or IP address as keyword for the search. Passive-dns objects are returned next to the ones resulting from the lookup queries."
 }