From 92dee14ee8e482b366eea23b9d3416e40dfcb10f Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Tue, 24 May 2022 12:29:14 +0000
Subject: [PATCH] Add configuration requirements for various analyzers

---
 .../files/analyzers/emailrep/README.md        | 17 ++++++++++
 .../files/analyzers/greynoise/README.md       | 19 +++++++++++
 .../files/analyzers/localfile/README.md       | 32 +++++++++++++++++++
 salt/sensoroni/files/analyzers/otx/README.md  | 17 ++++++++++
 .../files/analyzers/pulsedive/README.md       | 17 ++++++++++
 .../files/analyzers/urlscan/README.md         | 20 ++++++++++++
 6 files changed, 122 insertions(+)
 create mode 100644 salt/sensoroni/files/analyzers/emailrep/README.md
 create mode 100644 salt/sensoroni/files/analyzers/greynoise/README.md
 create mode 100644 salt/sensoroni/files/analyzers/localfile/README.md
 create mode 100644 salt/sensoroni/files/analyzers/otx/README.md
 create mode 100644 salt/sensoroni/files/analyzers/pulsedive/README.md
 create mode 100644 salt/sensoroni/files/analyzers/urlscan/README.md

diff --git a/salt/sensoroni/files/analyzers/emailrep/README.md b/salt/sensoroni/files/analyzers/emailrep/README.md
new file mode 100644
index 000000000..7a8eade99
--- /dev/null
+++ b/salt/sensoroni/files/analyzers/emailrep/README.md
@@ -0,0 +1,17 @@
+# EmailRep
+
+## Description
+Submit an email address to EmailRepIO for analysis.
+
+## Configuration Requirements
+
+``api_key`` - API key used for communication with the EmailRepIO API
+
+This value should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    emailrep:
+      api_key: $yourapikey
+```
diff --git a/salt/sensoroni/files/analyzers/greynoise/README.md b/salt/sensoroni/files/analyzers/greynoise/README.md
new file mode 100644
index 000000000..cdaf1a8c2
--- /dev/null
+++ b/salt/sensoroni/files/analyzers/greynoise/README.md
@@ -0,0 +1,19 @@
+# Greynoise
+
+## Description
+Submit an IP address to Greynoise for analysis.
+
+## Configuration Requirements
+
+``api_key`` - API key used for communication with the Greynoise API
+``api_version`` - Version of Greynoise API. Default is ``community``
+
+
+This value should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    greynoise:
+      api_key: $yourapikey
+```
diff --git a/salt/sensoroni/files/analyzers/localfile/README.md b/salt/sensoroni/files/analyzers/localfile/README.md
new file mode 100644
index 000000000..3670fd986
--- /dev/null
+++ b/salt/sensoroni/files/analyzers/localfile/README.md
@@ -0,0 +1,32 @@
+# Localfile
+
+## Description
+Utilize a local CSV file (or multiple) for associating a value to contextual data.
+
+## Configuration Requirements
+
+``file_path`` - Path(s) used for CSV files containing associative data. CSV files can be dropped in the analyzer directory, with ``file_path`` specified like ``mycsv.csv``.
+
+- The value in the first column is used for matching
+- Header information should be supplied, as it is used for dynamically creating result sets
+- Matches will be aggregated from the provided CSV files
+
+The content of the CSV file(s) should be similar to the following:
+
+Ex.
+
+```
+MatchValue,MatchDescription,MatchReference
+abcd1234,ThisIsADescription,https://siteabouthings.abc
+```
+
+The ``file_path`` value(s) should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    localfile:
+      file_path:
+        - $file_path1
+        - $file_path2
+```
diff --git a/salt/sensoroni/files/analyzers/otx/README.md b/salt/sensoroni/files/analyzers/otx/README.md
new file mode 100644
index 000000000..2f1179dd8
--- /dev/null
+++ b/salt/sensoroni/files/analyzers/otx/README.md
@@ -0,0 +1,17 @@
+# Alienvault OTX
+
+## Description
+Submit a domain, hash, IP, or URL to Alienvault OTX for analysis.
+
+## Configuration Requirements
+
+``api_key`` - API key used for communication with the Alienvault API
+
+This value should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    otx:
+      api_key: $yourapikey
+```
diff --git a/salt/sensoroni/files/analyzers/pulsedive/README.md b/salt/sensoroni/files/analyzers/pulsedive/README.md
new file mode 100644
index 000000000..056889a06
--- /dev/null
+++ b/salt/sensoroni/files/analyzers/pulsedive/README.md
@@ -0,0 +1,17 @@
+# Pulsedive
+
+## Description
+Search Pulsedive for a domain, hash, IP, URI, URL, or User Agent.
+
+## Configuration Requirements
+
+``api_key`` - API key used for communication with the Virustotal API
+
+This value should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    pulsedive:
+      api_key: $yourapikey
+```
diff --git a/salt/sensoroni/files/analyzers/urlscan/README.md b/salt/sensoroni/files/analyzers/urlscan/README.md
new file mode 100644
index 000000000..1aa346ce2
--- /dev/null
+++ b/salt/sensoroni/files/analyzers/urlscan/README.md
@@ -0,0 +1,20 @@
+# Urlscan
+
+## Description
+Submit a URL to Urlscan for analysis.
+
+## Configuration Requirements
+
+``api_key`` - API key used for communication with the Virustotal API
+``enabled`` - Determines whether or not the analyzer is enabled. Defaults to ``False``
+``visibility`` - Determines whether or not scan results are visibile publicly. Defaults to ``public``
+``timeout`` - Time to wait for scan results. Defaults to ``180``s
+
+This value should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    urlscan:
+      api_key: $yourapikey
+```