Add configuration requirements for various analyzers

2025-12-06 17:22:49 +01:00 · 2022-05-24 12:29:14 +00:00
parent 3e6dfcfaca
commit 92dee14ee8
6 changed files with 122 additions and 0 deletions
--- a/salt/sensoroni/files/analyzers/emailrep/README.md
+++ b/salt/sensoroni/files/analyzers/emailrep/README.md
@@ -0,0 +1,17 @@
+# EmailRep
+
+## Description
+Submit an email address to EmailRepIO for analysis.
+
+## Configuration Requirements
+
+``api_key`` - API key used for communication with the EmailRepIO API
+
+This value should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    emailrep:
+      api_key: $yourapikey
+```
--- a/salt/sensoroni/files/analyzers/greynoise/README.md
+++ b/salt/sensoroni/files/analyzers/greynoise/README.md
@@ -0,0 +1,19 @@
+# Greynoise
+
+## Description
+Submit an IP address to Greynoise for analysis.
+
+## Configuration Requirements
+
+``api_key`` - API key used for communication with the Greynoise API
+``api_version`` - Version of Greynoise API. Default is ``community``
+
+
+This value should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    greynoise:
+      api_key: $yourapikey
+```
--- a/salt/sensoroni/files/analyzers/localfile/README.md
+++ b/salt/sensoroni/files/analyzers/localfile/README.md
@@ -0,0 +1,32 @@
+# Localfile
+
+## Description
+Utilize a local CSV file (or multiple) for associating a value to contextual data.
+
+## Configuration Requirements
+
+``file_path`` - Path(s) used for CSV files containing associative data. CSV files can be dropped in the analyzer directory, with ``file_path`` specified like ``mycsv.csv``.
+
+- The value in the first column is used for matching
+- Header information should be supplied, as it is used for dynamically creating result sets
+- Matches will be aggregated from the provided CSV files
+
+The content of the CSV file(s) should be similar to the following:
+
+Ex.
+
+```
+MatchValue,MatchDescription,MatchReference
+abcd1234,ThisIsADescription,https://siteabouthings.abc
+```
+
+The ``file_path`` value(s) should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    localfile:
+      file_path:
+        - $file_path1
+        - $file_path2
+```
--- a/salt/sensoroni/files/analyzers/otx/README.md
+++ b/salt/sensoroni/files/analyzers/otx/README.md
@@ -0,0 +1,17 @@
+# Alienvault OTX
+
+## Description
+Submit a domain, hash, IP, or URL to Alienvault OTX for analysis.
+
+## Configuration Requirements
+
+``api_key`` - API key used for communication with the Alienvault API
+
+This value should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    otx:
+      api_key: $yourapikey
+```
--- a/salt/sensoroni/files/analyzers/pulsedive/README.md
+++ b/salt/sensoroni/files/analyzers/pulsedive/README.md
@@ -0,0 +1,17 @@
+# Pulsedive
+
+## Description
+Search Pulsedive for a domain, hash, IP, URI, URL, or User Agent.
+
+## Configuration Requirements
+
+``api_key`` - API key used for communication with the Virustotal API
+
+This value should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    pulsedive:
+      api_key: $yourapikey
+```
--- a/salt/sensoroni/files/analyzers/urlscan/README.md
+++ b/salt/sensoroni/files/analyzers/urlscan/README.md
@@ -0,0 +1,20 @@
+# Urlscan
+
+## Description
+Submit a URL to Urlscan for analysis.
+
+## Configuration Requirements
+
+``api_key`` - API key used for communication with the Virustotal API
+``enabled`` - Determines whether or not the analyzer is enabled. Defaults to ``False``
+``visibility`` - Determines whether or not scan results are visibile publicly. Defaults to ``public``
+``timeout`` - Time to wait for scan results. Defaults to ``180``s
+
+This value should be set in the pillar, like so:
+
+```
+sensoroni:
+  analyzers:
+    urlscan:
+      api_key: $yourapikey
+```