Skip to content
This repository has been archived by the owner on Sep 20, 2023. It is now read-only.

Commit

Permalink
Typos and updates
Browse files Browse the repository at this point in the history
  • Loading branch information
Saad Kadhi committed Jul 12, 2018
1 parent c50f1ce commit 3e12ee0
Showing 1 changed file with 8 additions and 9 deletions.
17 changes: 8 additions & 9 deletions analyzer_requirements.md
View file
Expand Up @@ -47,7 +47,7 @@ on is free or requires special access or valid subscription or product license.
* [ThreatCrowd](#threatcrowd)
* [Tor Blutmagie](#tor-blutmagie)
* [Tor Project](#tor-project)
* [URLHaus](#urlhaus)
* [URLhaus](#urlhaus)
* [Unshortenlink](#unshortenlink)
* [Virusshare](#virusshare)
* [WOT](#wot)
Expand Down Expand Up @@ -198,15 +198,14 @@ You need to [obtain an API key](https://developers.google.com/safe-browsing/)
Provide your API key as a value of the `key` parameter.

### Hashdd
Check file hashes against [Hashdd web service](https://www.hashdd.com/).
Check file hashes against the [Hashdd web service](https://www.hashdd.com/).

The analyzer comes in two flavors:
- Status: query hashdd without an API key for the threat level only.
- Detail: use an API key and receive more meta information about the sample.
- **Status**: query hashdd without an API key for the threat level only.
- **Detail**: use an API key and obtain additional meta data about the sample.

#### Requirements

As long as you are using _Status_ flavor you don't need API key. If you want more detail using _Detail_ flavor, you need to [sign up for a hashdd.com account and obtain an API](https://www.hashdd.com/).
As long as you are using the **Status** flavor you don't need API key. If you want more details using the **Detail** flavor, you need to [sign up for a hashdd.com account and obtain an API](https://www.hashdd.com/).

### Hippocampe
Query threat feeds through [Hippocampe](https://github.com/CERT-BDF/Hippocampe),
Expand Down Expand Up @@ -451,8 +450,8 @@ No configuration is required. It can be used out of the box.

**Warning**: using this analyzer without **extra caution** might lead to unexpected consequences. For example, if the URL you are seeking to unshorten is an attacker-controlled one, you may end up leaving undesired traces in the threat actor's infrastructure logs. The TLP values Cortex allows you to configure to prevent the use of an analyzer if the TLP associated with an observable is above the authorized level won't be of much help since Unshortenlink have to access the shortened URL. Please do not activate this analyzer unless you (and your fellow analysts) know what they are doing.

### URLHaus
Check if a domain, url or hash is known by Abuse.ch and stored in [URLHaus](https://urlhaus.abuse.ch/) database, and get a report about its maliciousness.
### URLhaus
Check if a domain, URL or hash is known by Abuse.ch and stored in the [URLhaus](https://urlhaus.abuse.ch/) database, and get a report about its 'maliciousness'.

This analyzer comes in only one flavor.

Expand Down Expand Up @@ -671,7 +670,7 @@ Provide your API key as a value to the `key` parameter.
Look up domain names, IP addresses, WHOIS records, etc. using the popular
[DomainTools](http://domaintools.com/) service API.

The analyzer comes in 5 flavors:
The analyzer comes in 7 flavors:
- DomainTools_**ReverseIP**: get a list of domain names sharing the same IP
address.
- DomainTools_**ReverseNameServer**: get a list of domain names that share
Expand Down

0 comments on commit 3e12ee0

Please sign in to comment.