Fix deploy documentation

MISP · Aug 24, 2024 · 37300f7 · 37300f7
1 parent ba28722
commit 37300f7
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 96 deletions.
diff --git a/.github/workflows/release-package.yml b/.github/workflows/release-package.yml
@@ -35,7 +35,7 @@ jobs:
       - name: Upload documentation artifact
         uses: actions/upload-pages-artifact@v3
         with:
-          path: docs/
+          path: site/
 
   deploy-gh-pages:
       runs-on: ubuntu-latest
@@ -48,11 +48,11 @@ jobs:
       environment:
         name: github-pages
         url: ${{ steps.deployment.outputs.page_url }}
-  
+
       steps:
         - name: Deploy to GitHub Pages
           id: deployment
-          uses: actions/deploy-pages@v2
+          uses: actions/deploy-pages@v4
 
   build:
     runs-on: ubuntu-latest

diff --git a/README.md b/README.md
@@ -51,7 +51,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
 * [Cluster25 Expand](https://misp.github.io/misp-modules/expansion/#cluster25-expand) - Module to query Cluster25 CTI.
 * [Country Code](https://misp.github.io/misp-modules/expansion/#country-code) - Module to expand country codes.
 * [CPE Lookup](https://misp.github.io/misp-modules/expansion/#cpe-lookup) - An expansion module to query the CVE search API with a cpe code to get its related vulnerabilities.
-* [CrowdSec CTI](https://misp.github.io/misp-modules/expansion/#crowdsec-cti) - Hover module to lookup an IP in CrowdSec's CTI
+* [CrowdSec CTI](https://misp.github.io/misp-modules/expansion/#crowdsec-cti) - Module to access CrowdSec CTI API.
 * [CrowdStrike Falcon](https://misp.github.io/misp-modules/expansion/#crowdstrike-falcon) - Module to query CrowdStrike Falcon.
 * [Cuckoo Submit](https://misp.github.io/misp-modules/expansion/#cuckoo-submit) - Submit files and URLs to Cuckoo Sandbox
 * [CVE Lookup](https://misp.github.io/misp-modules/expansion/#cve-lookup) - An expansion hover module to expand information about CVE id.
@@ -90,7 +90,7 @@ For further Information see the [license file](https://misp.github.io/misp-modul
 * [Lastline Submit](https://misp.github.io/misp-modules/expansion/#lastline-submit) - Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.  Module to submit a file or URL to Lastline.
 * [Macaddress.io Lookup](https://misp.github.io/misp-modules/expansion/#macaddress.io-lookup) - MISP hover module for macaddress.io
 * [Macvendors Lookup](https://misp.github.io/misp-modules/expansion/#macvendors-lookup) - Module to access Macvendors API.
-* [Malshare Upload](https://misp.github.io/misp-modules/expansion/#malshare-upload) - Module to push malware samples to malshare.com .
+* [MalShare Upload](https://misp.github.io/misp-modules/expansion/#malshare-upload) - Module to push malware samples to MalShare
 * [Malware Bazaar Lookup](https://misp.github.io/misp-modules/expansion/#malware-bazaar-lookup) - Query Malware Bazaar to get additional information about the input hash.
 * [McAfee MVISION Insights Lookup](https://misp.github.io/misp-modules/expansion/#mcafee-mvision-insights-lookup) - Lookup McAfee MVISION Insights Details
 * [GeoIP Enrichment](https://misp.github.io/misp-modules/expansion/#geoip-enrichment) - A hover and expansion module to enrich an ip with geolocation and ASN information from an mmdb server instance, such as CIRCL's ip.circl.lu.
@@ -124,14 +124,14 @@ For further Information see the [license file](https://misp.github.io/misp-modul
 * [ThreatCrowd Lookup](https://misp.github.io/misp-modules/expansion/#threatcrowd-lookup) - Module to get information from ThreatCrowd.
 * [ThreadFox Lookup](https://misp.github.io/misp-modules/expansion/#threadfox-lookup) - Module to search for an IOC on ThreatFox by abuse.ch.
 * [ThreatMiner Lookup](https://misp.github.io/misp-modules/expansion/#threatminer-lookup) - Module to get information from ThreatMiner.
-* [Triage Submit](https://misp.github.io/misp-modules/expansion/#triage-submit) - Module to submit samples to tria.ge .
+* [Triage Submit](https://misp.github.io/misp-modules/expansion/#triage-submit) - Module to submit samples to tria.ge
 * [TruSTAR Enrich](https://misp.github.io/misp-modules/expansion/#trustar-enrich) - Module to get enrich indicators with TruSTAR.
 * [URLhaus Lookup](https://misp.github.io/misp-modules/expansion/#urlhaus-lookup) - Query of the URLhaus API to get additional information about the input attribute.
 * [URLScan Lookup](https://misp.github.io/misp-modules/expansion/#urlscan-lookup) - An expansion module to query urlscan.io.
 * [VARIoT db Lookup](https://misp.github.io/misp-modules/expansion/#variot-db-lookup) - An expansion module to query the VARIoT db API for more information about a vulnerability.
 * [VirusTotal v3 Lookup](https://misp.github.io/misp-modules/expansion/#virustotal-v3-lookup) - Enrich observables with the VirusTotal v3 API
 * [VirusTotal Public API Lookup](https://misp.github.io/misp-modules/expansion/#virustotal-public-api-lookup) - Enrich observables with the VirusTotal v3 public API
-* [VirusTotal Upload](https://misp.github.io/misp-modules/expansion/#virustotal-upload) - Module to push malware samples to VirusTotal v3 public API
+* [VirusTotal Upload](https://misp.github.io/misp-modules/expansion/#virustotal-upload) - Module to push malware samples to VirusTotal
 * [VMRay Submit](https://misp.github.io/misp-modules/expansion/#vmray-submit) - Module to submit a sample to VMRay.
 * [VMware NSX Defender Enrich](https://misp.github.io/misp-modules/expansion/#vmware-nsx-defender-enrich) - Module to enrich a file or URL with VMware NSX Defender.
 * [VulnDB Lookup](https://misp.github.io/misp-modules/expansion/#vulndb-lookup) - Module to query VulnDB (RiskBasedSecurity.com).
@@ -185,3 +185,5 @@ For further Information see the [license file](https://misp.github.io/misp-modul
 * [Mattermost](https://misp.github.io/misp-modules/action_mod/#mattermost) - Simplistic module to send message to a Mattermost channel.
 * [Slack](https://misp.github.io/misp-modules/action_mod/#slack) - Simplistic module to send messages to a Slack channel.
 * [Test action](https://misp.github.io/misp-modules/action_mod/#test-action) - This module is merely a test, always returning true. Triggers on event publishing.
+
+
diff --git a/docs/index.md b/docs/index.md
@@ -30,7 +30,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 * [Cluster25 Expand](https://misp.github.io/misp-modules/expansion/#cluster25-expand) - Module to query Cluster25 CTI.
 * [Country Code](https://misp.github.io/misp-modules/expansion/#country-code) - Module to expand country codes.
 * [CPE Lookup](https://misp.github.io/misp-modules/expansion/#cpe-lookup) - An expansion module to query the CVE search API with a cpe code to get its related vulnerabilities.
-* [CrowdSec CTI](https://misp.github.io/misp-modules/expansion/#crowdsec-cti) - Hover module to lookup an IP in CrowdSec's CTI
+* [CrowdSec CTI](https://misp.github.io/misp-modules/expansion/#crowdsec-cti) - Module to access CrowdSec CTI API.
 * [CrowdStrike Falcon](https://misp.github.io/misp-modules/expansion/#crowdstrike-falcon) - Module to query CrowdStrike Falcon.
 * [Cuckoo Submit](https://misp.github.io/misp-modules/expansion/#cuckoo-submit) - Submit files and URLs to Cuckoo Sandbox
 * [CVE Lookup](https://misp.github.io/misp-modules/expansion/#cve-lookup) - An expansion hover module to expand information about CVE id.
@@ -69,6 +69,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 * [Lastline Submit](https://misp.github.io/misp-modules/expansion/#lastline-submit) - Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.  Module to submit a file or URL to Lastline.
 * [Macaddress.io Lookup](https://misp.github.io/misp-modules/expansion/#macaddress.io-lookup) - MISP hover module for macaddress.io
 * [Macvendors Lookup](https://misp.github.io/misp-modules/expansion/#macvendors-lookup) - Module to access Macvendors API.
+* [MalShare Upload](https://misp.github.io/misp-modules/expansion/#malshare-upload) - Module to push malware samples to MalShare
 * [Malware Bazaar Lookup](https://misp.github.io/misp-modules/expansion/#malware-bazaar-lookup) - Query Malware Bazaar to get additional information about the input hash.
 * [McAfee MVISION Insights Lookup](https://misp.github.io/misp-modules/expansion/#mcafee-mvision-insights-lookup) - Lookup McAfee MVISION Insights Details
 * [GeoIP Enrichment](https://misp.github.io/misp-modules/expansion/#geoip-enrichment) - A hover and expansion module to enrich an ip with geolocation and ASN information from an mmdb server instance, such as CIRCL's ip.circl.lu.
@@ -102,12 +103,14 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
 * [ThreatCrowd Lookup](https://misp.github.io/misp-modules/expansion/#threatcrowd-lookup) - Module to get information from ThreatCrowd.
 * [ThreadFox Lookup](https://misp.github.io/misp-modules/expansion/#threadfox-lookup) - Module to search for an IOC on ThreatFox by abuse.ch.
 * [ThreatMiner Lookup](https://misp.github.io/misp-modules/expansion/#threatminer-lookup) - Module to get information from ThreatMiner.
+* [Triage Submit](https://misp.github.io/misp-modules/expansion/#triage-submit) - Module to submit samples to tria.ge
 * [TruSTAR Enrich](https://misp.github.io/misp-modules/expansion/#trustar-enrich) - Module to get enrich indicators with TruSTAR.
 * [URLhaus Lookup](https://misp.github.io/misp-modules/expansion/#urlhaus-lookup) - Query of the URLhaus API to get additional information about the input attribute.
 * [URLScan Lookup](https://misp.github.io/misp-modules/expansion/#urlscan-lookup) - An expansion module to query urlscan.io.
 * [VARIoT db Lookup](https://misp.github.io/misp-modules/expansion/#variot-db-lookup) - An expansion module to query the VARIoT db API for more information about a vulnerability.
 * [VirusTotal v3 Lookup](https://misp.github.io/misp-modules/expansion/#virustotal-v3-lookup) - Enrich observables with the VirusTotal v3 API
 * [VirusTotal Public API Lookup](https://misp.github.io/misp-modules/expansion/#virustotal-public-api-lookup) - Enrich observables with the VirusTotal v3 public API
+* [VirusTotal Upload](https://misp.github.io/misp-modules/expansion/#virustotal-upload) - Module to push malware samples to VirusTotal
 * [VMRay Submit](https://misp.github.io/misp-modules/expansion/#vmray-submit) - Module to submit a sample to VMRay.
 * [VMware NSX Defender Enrich](https://misp.github.io/misp-modules/expansion/#vmware-nsx-defender-enrich) - Module to enrich a file or URL with VMware NSX Defender.
 * [VulnDB Lookup](https://misp.github.io/misp-modules/expansion/#vulndb-lookup) - Module to query VulnDB (RiskBasedSecurity.com).

diff --git a/docs/install.md b/docs/install.md
@@ -8,24 +8,7 @@ Once the virtual environment is loaded just use the command:
 pip install misp-modules
 ~~~~
 
-Note that the dependencies will require a number of system packages installed. On Ubuntu these packages are `libpoppler-cpp-dev`, `libzbar0`, and `tesseract-ocr`. For an updated list, check the github action used to test the build inside `.github/workflows`.
-
-Because PyPI does not support git for direct dependencies, the following packages will not be installed by default `otdreader`, `google-search-api`, `trustar`, `pydnstrails`, `pyonyphe`. You can either install them manually or let the modules depending on them gracefully fail.
-
-~~~~bash
-pip install \
-	git+https://github.com/cartertemm/ODTReader.git \
-	git+https://github.com/abenassi/Google-Search-API \
-	git+https://github.com/SteveClement/trustar-python.git \
-	git+https://github.com/sebdraven/pydnstrails.git \
-	git+https://github.com/sebdraven/pyonyphe.git
-~~~~
-
-You can now run `misp-modules` by invoking it (you might need to reload the virtual environment to update the search path used for executables).
-
-~~~~bash
-misp-modules
-~~~~
+Note: this install method might not yet be available.
 
 
 ## Install from cloned repository
@@ -37,11 +20,9 @@ Once `poetry` is installed, you can clone the repository and install `misp-modul
 ~~~~bash
 git clone https://github.com/MISP/misp-modules.git && cd misp-modules
 git submodule update --init
-poetry install --with unstable
+poetry install
 ~~~~
 
-The switch `--with unstable` will also install dependencies available only on `git` repositories (which are manually installed when using pip).
-
 Note that the dependencies will require a number of system packages installed. On Ubuntu these packages are `libpoppler-cpp-dev`, `libzbar0`, and `tesseract-ocr`. For an updated list, check the github action used to test the build inside `.github/workflows`.
 
 
@@ -77,7 +58,7 @@ systemctl enable --now misp-modules
 To run tests you need to install misp-modules from the cloned repository, run the server, and then run the tests. You can do all these step with `poetry`.
 
 ~~~~bash
-poetry install --with unstable
+poetry install
 poetry run misp-modules
 ~~~~
 
@@ -142,7 +123,7 @@ You have two choices, the first approach uses `poetry export` to export the enti
 This is quite straightforward but it assumes your target system is relatively similar (same distribution, architecture, libaries).
 
 ~~~~bash
-poetry install --with unstable
+poetry install
 poetry self add poetry-plugin-bundle
 poetry bundle venv /destination/path/
 ~~~~
@@ -165,8 +146,9 @@ Then, run the following commands to generate your very own `requirements.txt`.
 
 ~~~~bash
 poetry lock
+poetry install
 poetry self add poetry-plugin-export
-poetry export --with unstable --without-hashes -f requirements.txt -o requirements.txt
+poetry export --without-hashes -f requirements.txt -o requirements.txt
 ~~~~
 
 Note that `misp-modules` will not be part of the `requirements.txt` file and you will need to create the wheel yourself:

diff --git a/documentation/README.md b/documentation/README.md
@@ -415,14 +415,19 @@ An expansion module to query the CVE search API with a cpe code to get its relat
 
 <img src=logos/crowdsec.png height=60>
 
-Hover module to lookup an IP in CrowdSec's CTI
+Module to access CrowdSec CTI API.
 [[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/crowdsec.py)]
 
 - **features**:
 >This module enables IP lookup from CrowdSec CTI API. It provides information about the IP, such as what kind of attacks it has been participant of as seen by CrowdSec's network. It also includes enrichment by CrowdSec like background noise score, aggressivity over time etc.
 
 - **config**:
->api_key
+> - api_key
+> - add_reputation_tag
+> - add_behavior_tag
+> - add_classification_tag
+> - add_mitre_technique_tag
+> - add_cve_tag
 
 - **input**:
 >An IP address.
@@ -1542,6 +1547,19 @@ Module to access Macvendors API.
 
 -----
 
+#### [MalShare Upload](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malshare_upload.py)
+
+Module to push malware samples to MalShare
+[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malshare_upload.py)]
+
+- **config**:
+>malshare_apikey
+
+- **requirements**:
+>requests library
+
+-----
+
 #### [Malware Bazaar Lookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malwarebazaar.py)
 
 Query Malware Bazaar to get additional information about the input hash.
@@ -2437,6 +2455,17 @@ Module to get information from ThreatMiner.
 
 -----
 
+#### [Triage Submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/triage_submit.py)
+
+Module to submit samples to tria.ge
+[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/triage_submit.py)]
+
+- **config**:
+> - apikey
+> - url_mode
+
+-----
+
 #### [TruSTAR Enrich](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/trustar_enrich.py)
 
 <img src=logos/trustar.png height=60>
@@ -2636,6 +2665,21 @@ Enrich observables with the VirusTotal v3 public API
 
 -----
 
+#### [VirusTotal Upload](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal_upload.py)
+
+<img src=logos/virustotal.png height=60>
+
+Module to push malware samples to VirusTotal
+[[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal_upload.py)]
+
+- **config**:
+>virustotal_apikey
+
+- **requirements**:
+>requests library
+
+-----
+
 #### [VMRay Submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmray_submit.py)
 
 <img src=logos/vmray.png height=60>

diff --git a/documentation/mkdocs/expansion.md b/documentation/mkdocs/expansion.md
@@ -412,14 +412,19 @@ An expansion module to query the CVE search API with a cpe code to get its relat
 
 <img src=../logos/crowdsec.png height=60>
 
-Hover module to lookup an IP in CrowdSec's CTI
+Module to access CrowdSec CTI API.
 [[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/crowdsec.py)]
 
 - **features**:
 >This module enables IP lookup from CrowdSec CTI API. It provides information about the IP, such as what kind of attacks it has been participant of as seen by CrowdSec's network. It also includes enrichment by CrowdSec like background noise score, aggressivity over time etc.
 
 - **config**:
->api_key
+> - api_key
+> - add_reputation_tag
+> - add_behavior_tag
+> - add_classification_tag
+> - add_mitre_technique_tag
+> - add_cve_tag
 
 - **input**:
 >An IP address.
@@ -1539,26 +1544,16 @@ Module to access Macvendors API.
 
 -----
 
-#### [Malshare Upload](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malshare_upload.py)
+#### [MalShare Upload](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malshare_upload.py)
 
-Module to push malware samples to MalShare.com
+Module to push malware samples to MalShare
 [[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/malshare_upload.py)]
 
-- **features**:
->The module requires a MalShare API key to upload files,  and returns the link of the MalShare analysis.
-
 - **config**:
->api_key
-
-- **input**:
->Attachment or malware sample
-
-- **output**:
->Link attribute that points to the sample at the MalShare analysis instance.
+>malshare_apikey
 
-- **references**:
-> - https://malshare.com/
-> - https://malshare.com/doc.php
+- **requirements**:
+>requests library
 
 -----
 
@@ -2455,41 +2450,16 @@ Module to get information from ThreatMiner.
 - **references**:
 >https://www.threatminer.org/
 
-
-
 -----
 
 #### [Triage Submit](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/triage_submit.py)
 
 Module to submit samples to tria.ge
 [[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/triage_submit.py)]
 
-- **features**:
-> Upload files, and returns the link of the uploaded analysis.
->
->The module can submit URLs to retrieve and analyze them directly in the browser or fetch and execute files in the sandbox.
-
-
 - **config**:
->apikey
->
->url_mode ( 'submit' or 'fetch' ) 
-
-- **input**:
->A MISP attribute included in the following list:
->- Attachment
->- malware-sample
->- url
-
-- **output**:
->Link attribute that points to the sample at the Triage analysis instance.
-
-- **references**:
-> - https://tria.ge/
-> - https://tria.ge/docs/cloud-api/submit/
-
-- **requirements**:
->An access to the Triage API (apikey)
+> - apikey
+> - url_mode
 
 -----
 
@@ -2690,34 +2660,20 @@ Enrich observables with the VirusTotal v3 public API
 - **requirements**:
 >An access to the VirusTotal API (apikey)
 
-
 -----
 
 #### [VirusTotal Upload](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal_upload.py)
 
 <img src=../logos/virustotal.png height=60>
 
-Module to push malware samples to VirusTotal v3 public API
+Module to push malware samples to VirusTotal
 [[source code](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/virustotal_upload.py)]
 
-- **features**:
->The module requires a VirusTotal API key to Upload files, and returns the link of the uploaded analysis.
-
 - **config**:
-> - apikey
-
-- **input**:
->Attachment or malware sample
-
-- **output**:
->Link attribute that points to the sample at the VirusTotal analysis instance.
-
-- **references**:
-> - https://www.virustotal.com
-> - https://docs.virustotal.com/reference/overview
+>virustotal_apikey
 
 - **requirements**:
->An access to the VirusTotal API (apikey)
+>requests library
 
 -----