From d2f0d8027bd3f380198a22bbfb7ca300fd39b1fb Mon Sep 17 00:00:00 2001
From: Koen Van Impe <koen.vanimpe@cudeso.be>
Date: Wed, 11 Mar 2020 11:56:12 +0100
Subject: [PATCH] Documentation for Cytomic Orion

---
 doc/expansion/cytomic_orion.py |   9 +++++++++
 doc/logos/cytomic_orion.png    | Bin 0 -> 898 bytes
 2 files changed, 9 insertions(+)
 create mode 100644 doc/expansion/cytomic_orion.py
 create mode 100644 doc/logos/cytomic_orion.png

diff --git a/doc/expansion/cytomic_orion.py b/doc/expansion/cytomic_orion.py
new file mode 100644
index 0000000..6f87657
--- /dev/null
+++ b/doc/expansion/cytomic_orion.py
@@ -0,0 +1,9 @@
+{
+    "description": "An expansion module to enrich attributes in MISP by quering the Cytomic Orion API",
+    "logo": "logos/cytomic_orion.png",
+    "requirements": ["Access (license) to Cytomic Orion"],
+    "input": "MD5, hash of the sample / malware to search for.",
+    "output": "MISP objects with sightings of the hash in Cytomic Orion. Includes files and machines.",
+    "references": ["https://www.vanimpe.eu/2020/03/10/integrating-misp-and-cytomic-orion/", "https://www.cytomicmodel.com/solutions/"],
+    "features": "This module takes an MD5 hash and searches for occurrences of this hash in the Cytomic Orion database. Returns observed files and machines."
+}
diff --git a/doc/logos/cytomic_orion.png b/doc/logos/cytomic_orion.png
new file mode 100644
index 0000000000000000000000000000000000000000..45704e9278088bb5305b3b0b20fcb4158b8fe2ee
GIT binary patch
literal 898
zcmV-|1AY97P)<h;3K|Lk000e1NJLTq0077U002-30{{R3YqQFN0000pP)t-s|Ns9a
zBqYel$XZ%jF)=am@$r$7k=EAM<mBXbc6P0;tv^3MXlQ7<y1GnEOrM{hgM)((P=_V}
z00Rn1L_t(&f$f;twxb{rMMVKYaQOeP?JyUEXkyaqKGb;wv^cvMbr?`66bgkxp-?Ck
z3WY+UP$(4Y?~5dj|EEW`$cYd-9V@65<4be)oT(XwePe7WfA|6<hN`PsD9ol*KC#M)
zzP!q{Y#5lNu|u_|khTJvTau@dG&H>fVtcD<m+axmlya{;d8M3XZ7YRl$QG^Z!W^>?
zYC!oEge*lRQ+<$8WgRLQmX~&DAQ85>=1)@bO%R&r)SEd4S*k8mCidD-B(Y&t=*w~O
z;XcTeR4$)D$+J2)=BFSvN6ND|M32|YY?V2PiyQjV5Nq}ZH~WGw9F^OSNMlH3F?>0Q
z@M}P>toG{WoDSjU4Yc_bWRt1fD#q4Gya7Tas1l?LVoPKTTb+PjmogaJD4YdTYTlZb
zTOf0LGTGWRr^DO;Td?kexJ+sgQ75me@*y$<V+_2My`F=Nxtq*6&x@I}xbE5@+0?dT
z(d*oH2V`gBRxX!sf)uvTL7G$BYq^}^Zh<YsQKjQ+AmQz_CpAHA)cOQ<;_Wn7k5D&s
z<?;0xgu<|@4`R;=xHUk@W{<g4?6Ea;&p@UrrP&>5@)V?-^gAGHOjLcSJqB?jZSHq&
z5la3U2oGU;3Tv==+&u(wsWhjeo5JiIWIy!~8udwIkjq+iE&2|K@VjBS|D1z#7yI@0
zYjnUR`DKuB6AdGC4#L_|y;L<MtWG@Z<l-@iTN_)*)j5be5VtI38Uh{{TQI$CHA%y4
z59Iz8#k`n~4>fc_s_WDs(-p<vn`OMJzfx0^ya{qo@x^$4tbGu7+e;T*rr`zGZ?0-L
zqck6GoJ*45f`t9u7J49I*Wt$f?7n#ui6phk>HR6l<%iXj?D}4NAl(nE7D=@~eG1aa
z4GaqJ=UtHQr*8GJt9r@%35d(3xB*iBD53dfSZL718|U7yLCk6B&+H43fx!tRE3aao
z464#g`}l7Be7mDA2n;&MpK{{z2c6ip^SU>^{zP366bgkxp-?Ck3WY+UP$(1%h5AeS
Y2jOxQJ{Y2W1^@s607*qoM6N<$g6^}Z-~a#s

literal 0
HcmV?d00001