From c5a9a973549f1e62326e7f410ad09a646b67bc9c Mon Sep 17 00:00:00 2001
From: Jeroen Pinoy <jeroen.pinoy@fortitude.ninja>
Date: Wed, 23 Feb 2022 00:54:13 +0100
Subject: [PATCH] chg:[doc] update mmdb_lookup documentation

---
 documentation/website/expansion/mmdb_lookup.json | 11 +++++++++++
 misp_modules/modules/expansion/mmdb_lookup.py    |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 documentation/website/expansion/mmdb_lookup.json

diff --git a/documentation/website/expansion/mmdb_lookup.json b/documentation/website/expansion/mmdb_lookup.json
new file mode 100644
index 0000000..ebfbf49
--- /dev/null
+++ b/documentation/website/expansion/mmdb_lookup.json
@@ -0,0 +1,11 @@
+{
+    "description": "A hover and expansion module to enrich an ip with geolocation and ASN information from an mmdb server instance, such as CIRCL's ip.circl.lu.",
+    "logo": "circl.png",
+    "input": "An IP address attribute (for example ip-src or ip-src|port).",
+    "output": "Geolocation and asn objects.",
+    "references": [
+        "https://data.public.lu/fr/datasets/geo-open-ip-address-geolocation-per-country-in-mmdb-format/",
+        "https://github.com/adulau/mmdb-server"
+    ],
+    "features": "The module takes an IP address related attribute as input.\n It queries the public CIRCL.lu mmdb-server instance, available at ip.circl.lu, by default. The module can be configured with a custom mmdb server url if required.\n It is also possible to filter results on 1 db_source by configuring db_source_filter."
+}
\ No newline at end of file
diff --git a/misp_modules/modules/expansion/mmdb_lookup.py b/misp_modules/modules/expansion/mmdb_lookup.py
index 0c54ba8..e3a0eff 100644
--- a/misp_modules/modules/expansion/mmdb_lookup.py
+++ b/misp_modules/modules/expansion/mmdb_lookup.py
@@ -6,7 +6,7 @@ from pymisp import MISPEvent, MISPObject
 misperrors = {'error': 'Error'}
 mispattributes = {'input': ['ip-src', 'ip-src|port', 'ip-dst', 'ip-dst|port'], 'format': 'misp_standard'}
 moduleinfo = {'version': '1', 'author': 'Jeroen Pinoy',
-              'description': "An expansion module to enrich an ip with geolocation information from an mmdb server "
+              'description': "An expansion module to enrich an ip with geolocation and asn information from an mmdb server "
                              "such as ip.circl.lu.",
               'module-type': ['expansion', 'hover']}
 moduleconfig = ["custom_API", "db_source_filter"]