MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [documentation] Updated the farsight-passivedns documentation

pull/450/head
chrisr3d 2020-11-15 19:23:47 +01:00
parent dfec0e5cf4
commit bedd6dcfd6
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/README.md
View File

@ -505,12 +505,15 @@ A module to query the Phishing Initiative service (https://phishing-initiative.l
Module to access Farsight DNSDB Passive DNS. Module to access Farsight DNSDB Passive DNS.
- **features**: - **features**:
>This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API. >This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API.
> The results of rdata and rrset lookups are then returned and parsed into passive-dns objects. >The results of rdata and rrset lookups are then returned and parsed into passive-dns objects.
> >
>An API key is required to submit queries to the API. >An API key is required to submit queries to the API.
> It is also possible to define a custom server URL, and to set a limit of results to get. >It is also possible to define a custom server URL, and to set a limit of results to get.
> This limit is set for each lookup, which means we can have an up to the limit number of passive-dns objects resulting from an rdata query about an IP address, but an up to the limit number of passive-dns objects for each lookup queries about a domain or a hostname (== twice the limit). >This limit is set for each lookup, which means we can have an up to the limit number of passive-dns objects resulting from an rdata query about an IP address, but an up to the limit number of passive-dns objects for each lookup queries about a domain or a hostname (== twice the limit).
>
>Additionally to the lookup queries, responses from flex queries can be returned with the results.
>To get this additional data with the results, there is a `flex_queries` configuration parameter to set to `true`. The module submit then regex queries to the API, using the domain, hostname or IP address as keyword for the search. Passive-dns objects are returned next to the ones resulting from the lookup queries.
- **input**: - **input**:
>A domain, hostname or IP address MISP attribute. >A domain, hostname or IP address MISP attribute.
- **output**: - **output**:
@ -518,7 +521,7 @@ Module to access Farsight DNSDB Passive DNS.
- **references**: - **references**:
>https://www.farsightsecurity.com/, https://docs.dnsdb.info/dnsdb-api/ >https://www.farsightsecurity.com/, https://docs.dnsdb.info/dnsdb-api/
- **requirements**: - **requirements**:
>An access to the Farsight Passive DNS API (apikey) >An access to the Farsight Passive DNS API (apikey), The dnsdb2 python library
----- -----

4
doc/expansion/farsight_passivedns.json
View File

@ -1,9 +1,9 @@
{ {
"description": "Module to access Farsight DNSDB Passive DNS.", "description": "Module to access Farsight DNSDB Passive DNS.",
"logo": "logos/farsight.png", "logo": "logos/farsight.png",
"requirements": ["An access to the Farsight Passive DNS API (apikey)"], "requirements": ["An access to the Farsight Passive DNS API (apikey)", "The dnsdb2 python library"],
"input": "A domain, hostname or IP address MISP attribute.", "input": "A domain, hostname or IP address MISP attribute.",
"output": "Passive-dns objects, resulting from the query on the Farsight Passive DNS API.", "output": "Passive-dns objects, resulting from the query on the Farsight Passive DNS API.",
"references": ["https://www.farsightsecurity.com/", "https://docs.dnsdb.info/dnsdb-api/"], "references": ["https://www.farsightsecurity.com/", "https://docs.dnsdb.info/dnsdb-api/"],
"features": "This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API.\n The results of rdata and rrset lookups are then returned and parsed into passive-dns objects.\n\nAn API key is required to submit queries to the API.\n It is also possible to define a custom server URL, and to set a limit of results to get.\n This limit is set for each lookup, which means we can have an up to the limit number of passive-dns objects resulting from an rdata query about an IP address, but an up to the limit number of passive-dns objects for each lookup queries about a domain or a hostname (== twice the limit)." "features": "This module takes a domain, hostname or IP address MISP attribute as input to query the Farsight Passive DNS API. \nThe results of rdata and rrset lookups are then returned and parsed into passive-dns objects.\n\nAn API key is required to submit queries to the API. \nIt is also possible to define a custom server URL, and to set a limit of results to get. \nThis limit is set for each lookup, which means we can have an up to the limit number of passive-dns objects resulting from an rdata query about an IP address, but an up to the limit number of passive-dns objects for each lookup queries about a domain or a hostname (== twice the limit).\n\nAdditionally to the lookup queries, responses from flex queries can be returned with the results. \nTo get this additional data with the results, there is a `flex_queries` configuration parameter to set to `true`. The module submit then regex queries to the API, using the domain, hostname or IP address as keyword for the search. Passive-dns objects are returned next to the ones resulting from the lookup queries."
} }