From ef6542c62939c465e26f55f000a578c4ff6d1791 Mon Sep 17 00:00:00 2001
From: chrisr3d <chris.studer.68@gmail.com>
Date: Wed, 20 Nov 2019 09:48:27 -0500
Subject: [PATCH] add: Added documentation and description in readme for the
 AssemblyLine submit module

---
 README.md                              |  1 +
 doc/README.md                          | 22 +++++++++++++++++++++-
 doc/expansion/assemblyline_submit.json |  9 +++++++++
 doc/expansion/joesandbox_submit.json   |  2 +-
 4 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 doc/expansion/assemblyline_submit.json

diff --git a/README.md b/README.md
index 1bc8d1f..8aed0b2 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 ### Expansion modules
 
 * [apiosintDS](misp_modules/modules/expansion/apiosintds.py) - a hover and expansion module to query the OSINT.digitalside.it API.
+* [AssemblyLine submit](misp_modules/modules/expansion/assemblyline_submit.py) - an expansion module to submit samples and urls to AssemblyLine.
 * [Backscatter.io](misp_modules/modules/expansion/backscatter_io.py) - a hover and expansion module to expand an IP address with mass-scanning observations.
 * [BGP Ranking](misp_modules/modules/expansion/bgpranking.py) - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking.
 * [BTC scam check](misp_modules/modules/expansion/btc_scam_check.py) - An expansion hover module to instantly check if a BTC address has been abused.
diff --git a/doc/README.md b/doc/README.md
index 7cf7a7c..520e8f7 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -22,6 +22,26 @@ On demand query API for OSINT.digitalside.it project.
 
 -----
 
+#### [assemblyline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/assemblyline_submit.py)
+
+<img src=logos/assemblyline.png height=60>
+
+A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission.
+- **features**:
+>The module requires the address of the AssemblyLine server you want to query as well as your credentials in this instance. Credentials include the user-ID and an API key or the password associated to the user-ID.
+>
+>If the sample or url is correctly submitted, you get then the link of the submission.
+- **input**:
+>Sample, url (or domain) to submit to AssemblyLine.
+- **output**:
+>Link of the report generated in AssemblyLine.
+- **references**:
+>https://www.cyber.gc.ca/en/assemblyline
+- **requirements**:
+>assemblyline_client: Python library to query the AssemblyLine rest API.
+
+-----
+
 #### [backscatter_io](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py)
 
 <img src=logos/backscatter_io.png height=60>
@@ -536,7 +556,7 @@ A module to submit files or URLs to Joe Sandbox for an advanced analysis, and re
 - **input**:
 >Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.
 - **output**:
->Link of the data in input submitted to Joe Sandbox.
+>Link of the report generated in Joe Sandbox.
 - **references**:
 >https://www.joesecurity.org, https://www.joesandbox.com/
 - **requirements**:
diff --git a/doc/expansion/assemblyline_submit.json b/doc/expansion/assemblyline_submit.json
new file mode 100644
index 0000000..66bf7cc
--- /dev/null
+++ b/doc/expansion/assemblyline_submit.json
@@ -0,0 +1,9 @@
+{
+    "description": "A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission.",
+    "logo": "logos/assemblyline.png",
+    "requirements": ["assemblyline_client: Python library to query the AssemblyLine rest API."],
+    "input": "Sample, url (or domain) to submit to AssemblyLine.",
+    "output": "Link of the report generated in AssemblyLine.",
+    "references": ["https://www.cyber.gc.ca/en/assemblyline"],
+    "features": "The module requires the address of the AssemblyLine server you want to query as well as your credentials in this instance. Credentials include the user-ID and an API key or the password associated to the user-ID.\n\nIf the sample or url is correctly submitted, you get then the link of the submission."
+}
diff --git a/doc/expansion/joesandbox_submit.json b/doc/expansion/joesandbox_submit.json
index ce0cb1f..ad59239 100644
--- a/doc/expansion/joesandbox_submit.json
+++ b/doc/expansion/joesandbox_submit.json
@@ -3,7 +3,7 @@
     "logo": "logos/joesandbox.png",
     "requirements": ["jbxapi: Joe Sandbox API python3 library"],
     "input": "Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.",
-    "output": "Link of the data in input submitted to Joe Sandbox.",
+    "output": "Link of the report generated in Joe Sandbox.",
     "references": ["https://www.joesecurity.org", "https://www.joesandbox.com/"],
     "features": "The module requires a Joe Sandbox API key to submit files or URL, and returns the link of the submitted analysis.\n\nIt is then possible, when the analysis is completed, to query the Joe Sandbox API to get the data related to the analysis, using the [joesandbox_query module](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/joesandbox_query.py) directly on this submission link."
 }