diff --git a/README.md b/README.md index 1bc8d1f5..8aed0b20 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj ### Expansion modules * [apiosintDS](misp_modules/modules/expansion/apiosintds.py) - a hover and expansion module to query the OSINT.digitalside.it API. +* [AssemblyLine submit](misp_modules/modules/expansion/assemblyline_submit.py) - an expansion module to submit samples and urls to AssemblyLine. * [Backscatter.io](misp_modules/modules/expansion/backscatter_io.py) - a hover and expansion module to expand an IP address with mass-scanning observations. * [BGP Ranking](misp_modules/modules/expansion/bgpranking.py) - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking. * [BTC scam check](misp_modules/modules/expansion/btc_scam_check.py) - An expansion hover module to instantly check if a BTC address has been abused. diff --git a/doc/README.md b/doc/README.md index 7cf7a7c1..520e8f7b 100644 --- a/doc/README.md +++ b/doc/README.md @@ -22,6 +22,26 @@ On demand query API for OSINT.digitalside.it project. ----- +#### [assemblyline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/assemblyline_submit.py) + + + +A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission. +- **features**: +>The module requires the address of the AssemblyLine server you want to query as well as your credentials in this instance. Credentials include the user-ID and an API key or the password associated to the user-ID. +> +>If the sample or url is correctly submitted, you get then the link of the submission. +- **input**: +>Sample, url (or domain) to submit to AssemblyLine. +- **output**: +>Link of the report generated in AssemblyLine. +- **references**: +>https://www.cyber.gc.ca/en/assemblyline +- **requirements**: +>assemblyline_client: Python library to query the AssemblyLine rest API. + +----- + #### [backscatter_io](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py) @@ -536,7 +556,7 @@ A module to submit files or URLs to Joe Sandbox for an advanced analysis, and re - **input**: >Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis. - **output**: ->Link of the data in input submitted to Joe Sandbox. +>Link of the report generated in Joe Sandbox. - **references**: >https://www.joesecurity.org, https://www.joesandbox.com/ - **requirements**: diff --git a/doc/expansion/assemblyline_submit.json b/doc/expansion/assemblyline_submit.json new file mode 100644 index 00000000..66bf7cc2 --- /dev/null +++ b/doc/expansion/assemblyline_submit.json @@ -0,0 +1,9 @@ +{ + "description": "A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission.", + "logo": "logos/assemblyline.png", + "requirements": ["assemblyline_client: Python library to query the AssemblyLine rest API."], + "input": "Sample, url (or domain) to submit to AssemblyLine.", + "output": "Link of the report generated in AssemblyLine.", + "references": ["https://www.cyber.gc.ca/en/assemblyline"], + "features": "The module requires the address of the AssemblyLine server you want to query as well as your credentials in this instance. Credentials include the user-ID and an API key or the password associated to the user-ID.\n\nIf the sample or url is correctly submitted, you get then the link of the submission." +} diff --git a/doc/expansion/joesandbox_submit.json b/doc/expansion/joesandbox_submit.json index ce0cb1f6..ad59239e 100644 --- a/doc/expansion/joesandbox_submit.json +++ b/doc/expansion/joesandbox_submit.json @@ -3,7 +3,7 @@ "logo": "logos/joesandbox.png", "requirements": ["jbxapi: Joe Sandbox API python3 library"], "input": "Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.", - "output": "Link of the data in input submitted to Joe Sandbox.", + "output": "Link of the report generated in Joe Sandbox.", "references": ["https://www.joesecurity.org", "https://www.joesandbox.com/"], "features": "The module requires a Joe Sandbox API key to submit files or URL, and returns the link of the submitted analysis.\n\nIt is then possible, when the analysis is completed, to query the Joe Sandbox API to get the data related to the analysis, using the [joesandbox_query module](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) directly on this submission link." }