CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-11 18:53:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

update Readme.md

Browse Source
This commit is contained in:
Jackson
2023-12-14 10:37:04 -05:00
parent d5edf57ccb
commit 977081b6e7
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/sensoroni/files/analyzers/README.md
View File

@@ -9,13 +9,17 @@ The built-in analyzers support the following observable types:
| Name | Domain | EML | Hash | IP | Mail | Other | URI | URL | User Agent |
| ------------------------|--------|-------|-------|-------|-------|-------|-------|-------|-------|
| Alienvault OTX |✓ |✗|✓|✓|✗|✗|✗|✓|✗|
| EchoTrail |✗ |✗|✓|✗|✗|✓|✗|✗|✗|
| EmailRep |✗ |✗|✗|✗|✓|✗|✗|✗|✗|
| Elasticsearch |✓ |✓|✓|✓|✓|✓|✓|✓|✓|
| Greynoise |✗ |✗|✗|✓|✗|✗|✗|✗|✗|
| LocalFile |✓ |✗|✓|✓|✗|✓|✗|✓|✗|
| Malware Hash Registry |✗ |✗|✓|✗|✗|✗|✗|✓|✗|
| MalwareBazaar |✗ |✗|✓|✗|✗|✓|✗|✗|✗|
| Pulsedive |✓ |✗|✓|✓|✗|✗|✓|✓|✓|
| Spamhaus |✗ |✗|✗|✓|✗|✗|✗|✗|✗|
| Sublime Platform |✗ |✓|✗|✗|✗|✗|✗|✗|✗|
| ThreatFox |✓ |✗|✓|✓|✗|✗|✗|✗|✗|
| Urlhaus |✗ |✗|✗|✗|✗|✗|✗|✓|✗|
| Urlscan |✗ |✗|✗|✗|✗|✗|✗|✓|✗|
| Virustotal |✓ |✗|✓|✓|✗|✗|✗|✓|✗|
@@ -28,13 +32,17 @@ Many analyzers require authentication, via an API key or similar. The table belo
| Name | Authn Req'd|
--------------------------|------------|
[AlienVault OTX](https://otx.alienvault.com/api) |✓|
[EchoTrail](https://www.echotrail.io/docs/quickstart) |✓|
[EmailRep](https://emailrep.io/key) |✓|
[Elasticsearch](https://www.elastic.co/guide/en/elasticsearch/reference/7.17/setting-up-authentication.html) |✓|
[GreyNoise](https://www.greynoise.io/plans/community) |✓|
[LocalFile](https://github.com/Security-Onion-Solutions/securityonion/tree/fix/sublime_analyzer_documentation/salt/sensoroni/files/analyzers/localfile) |✗|
[Malware Hash Registry](https://hash.cymru.com/docs_whois) |✗|
[MalwareBazaar](https://bazaar.abuse.ch/) |✗|
[Pulsedive](https://pulsedive.com/api/) |✓|
[Spamhaus](https://www.spamhaus.org/dbl/) |✗|
[Sublime Platform](https://sublime.security) |✓|
[ThreatFox](https://threatfox.abuse.ch/) |✗|
[Urlhaus](https://urlhaus.abuse.ch/) |✗|
[Urlscan](https://urlscan.io/docs/api/) |✓|
[VirusTotal](https://developers.virustotal.com/reference/overview) |✓|