Docs update

anteater · Mar 13, 2018 · aa51d36 · aa51d36
1 parent 1a8975f
commit aa51d36
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 21 deletions.
diff --git a/docs/user_guide.rst b/docs/user_guide.rst
@@ -13,6 +13,7 @@ Anteaters configuration exists witin ``anteater.conf``::
     anteater_log = %(anteater_files)s/.reports/anteater.log
     flag_list =  %(anteater_files)s/flag_list.yaml
     ignore_list = %(anteater_files)s/ignore_list.yaml
+    vt_rate_type = public
 
 * ``anteater_files``: Main location to store anteater ``flag_list``,
   ``ignore_list`` and reports. This location is ignored by anteater when
@@ -21,6 +22,7 @@ Anteaters configuration exists witin ``anteater.conf``::
 * ``anteater_log``: anteater application logging output file.
 * ``flag_list``: Regular Expressions to flag. See RegExp Framework.
 * ``ignore_list``: Regular Expressions to overwrite / cancel ``flag_list``.
+* ``vt_rate_type``: ``public`` or ``private`` VirusTotal API limiting.
 
 The ``anteater.conf`` file should always be in the directory from where the
 anteater command is run from. ``anteater`` will look for ``anteater.conf``
@@ -34,10 +36,11 @@ Anteater uses a simple argument system in the standard POSIX format.
 The main usage  parameters are ``--project`` and either ``---path`` or
 ``--patchset``.
 
-An optional parameter is ``--bincheck`` which is the binary check system. When
-this argument is passed, all binaries / blobs will result in a CI build failure
+Optional parameters are ``--bincheck`` which is the binary check system. When
+this argument is passed, all binaries / blobs will result in a VirusTotal scan 
 - unless a sha256 checksum of the binary is listed in one of the exeception
-files (``ignore_list`` or a ``project_exceptions`` file.
+files (``ignore_list`` or a ``project_exceptions`` file. ``--ips`` peforms a
+scan of IP addresses, and ``--urls`` for any URL's found within file contents.
 
 Refer to `binary exceptions`_ for more details on the binary blocking feature of
 anteater.
@@ -278,6 +281,25 @@ file_names exceptions
 As with ``file_contents``, ``file_names`` incorrectly flagged as false postives may
 also be removed using a regular expression.
 
+Public IP Addresses
+-------------------
+
+If `--ips` is passed as arguments, anteater will perform a scan for 
+public / external IP Addresses. Once an address is found, the IP is sent to 
+the Virus Total API and if the IP Address has past assocations with malicous 
+or malware hosting domains, a failure is registered and a report is provided.
+
+An example report can be seen `here <https://www.virustotal.com/#/ip-address/90.156.201.27>`_.
+
+URLs
+----
+
+If ``--urls`` is passed as arguments, anteater will perform a scan for URL's. 
+If an URL is found, the URL is sent to the Virus Total API which then 
+compares the URL to a large list of URL blacklisting services.
+
+An example report can be seen `here <https://www.virustotal.com/#/url/fb69ecad84eb86b1afddcca17aec38daea196e7c883b22ff88a7c39fd8fbdf1a/detection>`_.
+
 binary exceptions
 -----------------
 

diff --git a/docs/virus_total_api.rst b/docs/virus_total_api.rst
@@ -5,13 +5,13 @@ Virus Total API
 API Key
 -------
 
-In order to the VirusTotal, you will require an API key. These are free to get
+In order to use VirusTotal, you will first require an API key. These are free to get
 and can be obtained by signing up to the service `here <https://www.virustotal.com/#/join-us>`_. 
 
 Once you have your key, it needs to be set as an environment variable.
 
-If you're using CI, then see each CI document section in these docs for
-examples of how to do this.
+If you're using CI, then see refer to the relevant CI document section in 
+these docs for examples of how to achieve this.
 
 If either `--ips`, ``--urls`` or ``--bincheck`` are called as arguments (in 
 any combination including all three at once), then the VirusTotal API will be
@@ -20,37 +20,43 @@ queried for information on the following:
 Public IP Addresses
 -------------------
 
-If ``--ips`` is used, anteater will perform a scan for public / external IP
-Addresses. Once an address is found, the IP is sent to the Virus Total API
-and if the IP Address has past assocations with malicous or malware hosting
-domains, a failure is registered and a report is provided.
+If `--ips` is passed as arguments, anteater will perform a scan for 
+public / external IP Addresses. Once an address is found, the IP is sent to 
+the Virus Total API and if the IP Address has past assocations with malicous 
+or malware hosting domains, a failure is registered and a report is provided.
 
 
 An example report can be seen `here <https://www.virustotal.com/#/ip-address/90.156.201.27>`_.
 
 URLs
 ----
 
-If ``--urls`` is used, anteater will perform a scan for URL's. If an URL is
-found, the URL is sent to the Virus Total API which then compares the URL to
-a large list of URL blacklisting services.
+If ``--urls`` is passed as arguments, anteater will perform a scan for URL's. 
+If an URL is found, the URL is sent to the Virus Total API which then 
+compares the URL to a large list of URL blacklisting services.
 
 An example report can be seen `here <https://www.virustotal.com/#/url/fb69ecad84eb86b1afddcca17aec38daea196e7c883b22ff88a7c39fd8fbdf1a/detection>`_.
 
 Binaries
 --------
 
-If ``--bincheck`` is used, anteater will send a hash of the binary to the Virus
-Total API which then compares the binary to an aggregation of Virus Scanner
-results. If no existing report is available, anteater will send the complete
-binary file to Virus Total.
+If ``--bincheck`` is passed as arguments, anteater will send a hash of the 
+binary to the Virus Total API which then compares the binary to an aggregation 
+of Virus Scanner results. If no existing report is available, anteater will 
+send the complete binary file to Virus Total for a new scan.
 
-Redis Server
-------------
+Rate limit
+----------
 
 Use of the public Virus Total API requires a rate limit of no more than three
-requests per minute. In order to achieve this, we use Redis as means to track
-global rate requests and implement a rate limit.
+requests per minute, unless you have use of a private API account.
+
+Public or Private can be set within the `anteater.conf` file, and anteater
+will then use the appropriate rate limit:
+
+``vt_rate_type = public``
+
+Redis is requried for rate litmiting as means to track global rate requests.
 
 All that is required for the Redis set up, is the installation of Redis and 
 running redis with its default values.