Rephrase Maltiverse explanation

wazuh · Jul 21, 2023 · 86d449f · 86d449f
1 parent 7a9f9dc
commit 86d449f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 11 deletions.
diff --git a/source/user-manual/manager/manual-integration.rst b/source/user-manual/manager/manual-integration.rst
@@ -8,7 +8,7 @@
 Integration with external APIs
 ==============================
 
-The *Integrator* daemon allows Wazuh to connect to external APIs and alerting tools such as Slack, PagerDuty, VirusTotal, Shuffle and Maltiverse.
+The *Integrator* daemon allows Wazuh to connect to external APIs and alerting tools such as Slack, PagerDuty, VirusTotal, Shuffle, and Maltiverse.
 
 Configuration
 -------------
@@ -19,9 +19,9 @@ The integrations are configured on the Wazuh manager ``ossec.conf`` file. You ca
 
   <integration>
     <name> </name>
-    <hook_url> </hook_url> <!-- Required for Slack, Shuffle and Maltiverse -->
-    <api_key> </api_key> <!-- Required for PagerDuty, VirusTotal and Maltiverse -->
-    <alert_format>json</alert_format> <!-- Required for Slack, VirusTotal, Shuffle and Maltiverse -->
+    <hook_url> </hook_url> <!-- Required for Slack, Shuffle, and Maltiverse -->
+    <api_key> </api_key> <!-- Required for PagerDuty, VirusTotal, and Maltiverse -->
+    <alert_format>json</alert_format> <!-- Required for Slack, VirusTotal, Shuffle, and Maltiverse -->
 
     <!-- Optional filters -->
     <rule_id> </rule_id>
@@ -182,7 +182,9 @@ Once the configuration is complete, alerts start showing in the email inbox.
 Maltiverse
 ----------
 
-`Maltiverse <https://whatis.maltiverse.com/>`__ is an open and collaborative platform for indexing and searching Indicators of Compromise (IoCs) which works as a broker for Threat intelligence sources that are aggregated from more than a hundred different public, private and community sources. This integration enriches any alert generated by Wazuh via the Maltiverse API, inserting new fields in case of match and following the threat taxonomy of the ECS standard (Elastic Common Schema).
+`Maltiverse <https://whatis.maltiverse.com/>`__ is an open and collaborative platform for indexing and searching Indicators of Compromise (IoCs). It works as a broker for Threat intelligence sources. Maltiverse aggregates information from more than a hundred different public, private and community sources.
+
+This integration identifies IoCs in Wazuh alerts via the Maltiverse API and generates new enriched ones inserting new fields, following the threat taxonomy of the ECS standard (Elastic Common Schema).
 
 To set up this integration, do the following.
 
@@ -191,7 +193,7 @@ To set up this integration, do the following.
 #. Edit ``/var/ossec/etc/ossec.conf`` in the Wazuh server and include a configuration block such as the following. Replace ``API_KEY`` with your Maltiverse API key. The rule level filter is optional. You can remove it or set another level value for the integration.
 
    .. code-block:: xml
-      :emphasize-lines: 3
+      :emphasize-lines: 5
 
       <integration>
          <name>custom-maltiverse</name>
@@ -205,7 +207,7 @@ To set up this integration, do the following.
 
    .. include:: /_templates/common/restart_manager.rst
 
-Once the configuration is complete, if any alerts contain fields matching any IoC, these will be enriched and displayed in the Wazuh Dashboard.
+Once the configuration is complete, enriched alerts start showing in the Wazuh Dashboard if applicable.
 
 .. thumbnail:: /images/manual/integration/maltiverse.png
    :title: Maltiverse alert

diff --git a/source/user-manual/reference/ossec-conf/integration.rst b/source/user-manual/reference/ossec-conf/integration.rst
@@ -15,7 +15,7 @@ integration
     <integration>
     </integration>
 
-This configures the manager to :ref:`connect Wazuh to external APIs <manual_integration>` and alerting tools such as Slack, PagerDuty, VirusTotal, Shuffle and Maltiverse.
+This configures the manager to :ref:`connect Wazuh to external APIs <manual_integration>` and alerting tools such as Slack, PagerDuty, VirusTotal, Shuffle, and Maltiverse.
 
 Options
 -------
@@ -47,7 +47,7 @@ This indicates the service to integrate with.
 hook_url
 ^^^^^^^^
 
-This is the URL that is used for communication with the software being integrated. It's mandatory for the `Slack`, `Shuffle`  and `Maltiverse` integrations.
+This is the URL that is used for communication with the software being integrated. It's mandatory for the `Slack`, `Shuffle`,  and `Maltiverse` integrations.
 
 +--------------------+----------------------------------------+
 | **Default value**  | n/a                                    |
@@ -58,7 +58,7 @@ This is the URL that is used for communication with the software being integrate
 api_key
 ^^^^^^^
 
-This is the key that you would have retrieved from the PagerDuty, VirusTotal or Maltiverse API. This is **mandatory for PagerDuty, VirusTotal and Maltiverse.**
+This is the key that you would have retrieved from the PagerDuty, VirusTotal, or Maltiverse API. This is **mandatory for PagerDuty, VirusTotal, and Maltiverse.**
 
 +--------------------+-----------------------------------------+
 | **Default value**  | n/a                                     |
@@ -124,7 +124,7 @@ This writes the alert file in the JSON format. The Integrator makes use of this
 | **Allowed values** | json                                                      |
 +--------------------+-----------------------------------------------------------+
 
-.. note:: This option must be set to ``json`` for Slack, VirusTotal, Shuffle and Maltiverse integrations.
+.. note:: This option must be set to ``json`` for Slack, VirusTotal, Shuffle, and Maltiverse integrations.
 
 max_log
 ^^^^^^^