From a7157d0e7efdbfdb9b15bd0e1a4787e335e8e133 Mon Sep 17 00:00:00 2001 From: Michalius Date: Wed, 16 Oct 2024 09:39:30 +0200 Subject: [PATCH] Modified documentation of IntelOwl to include NERD observable analyzer --- docs/IntelOwl/advanced_usage.md | 7 +++++++ docs/IntelOwl/usage.md | 1 + 2 files changed, 8 insertions(+) diff --git a/docs/IntelOwl/advanced_usage.md b/docs/IntelOwl/advanced_usage.md index 128b092..e314aed 100644 --- a/docs/IntelOwl/advanced_usage.md +++ b/docs/IntelOwl/advanced_usage.md @@ -213,6 +213,13 @@ Some analyzers could require a special configuration: - The `repositories` values is what will be used to actually run the analysis: if you have added private repositories, remember to add the url in `repositories` too! - You can add local rules inside the directory at `/opt/deploy/files_required/yara/YOUR_USERNAME/custom_rules/`. Please remember that these rules are not synced in a cluster deploy: for this reason is advised to upload them on GitHub and use the `repositories` or `private_repositories` attributes. +- `NERD` : + - The `nerd_analysis` parameter allows you to customize the level of detail in the analysis response. Available options are: + - `basic` (default): Provides a simplified response from the database. + - `full`: Includes all available information about the IP from the database. + - `fmp`: Returns only the FMP (Future Misbehavior Probability) score. + - `rep`: Returns only the reputation score of the IP. + ## Notifications Since v4, IntelOwl integrated the notification system from the `certego_saas` package, allowing the admins to create notification that every user will be able to see. diff --git a/docs/IntelOwl/usage.md b/docs/IntelOwl/usage.md index 0b28053..d59f23d 100644 --- a/docs/IntelOwl/usage.md +++ b/docs/IntelOwl/usage.md @@ -207,6 +207,7 @@ The following is the list of the available analyzers you can run out-of-the-box. - `Mnemonic_PassiveDNS` : Look up a domain or IP using the [Mnemonic PassiveDNS public API](https://docs.mnemonic.no/display/public/API/Passive+DNS+Overview). - `MWDB_Get`: [mwdblib](https://mwdb.readthedocs.io/en/latest/) Retrieve malware file analysis by hash from repository maintained by CERT Polska MWDB. - `Netlas`: search an IP against [Netlas](https://netlas.io/api) +- `NERD` : search an IP against NERD reputation database [NERD](https://nerd.cesnet.cz/) - `ONYPHE`: search an observable in [ONYPHE](https://www.onyphe.io/) - `OpenCTI`: scan an observable on an [OpenCTI](https://github.com/OpenCTI-Platform/opencti) instance - `OTXQuery`: scan an observable on [Alienvault OTX](https://otx.alienvault.com/)