From d3206a048fd201dd709bc221a26a869d96fc5c6b Mon Sep 17 00:00:00 2001 From: weslambert Date: Tue, 17 May 2022 12:49:16 -0400 Subject: [PATCH] Add information for MHR and WhoisLookup, and other minor updates --- salt/sensoroni/files/analyzers/README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/salt/sensoroni/files/analyzers/README.md b/salt/sensoroni/files/analyzers/README.md index 88962bebd..a86730734 100644 --- a/salt/sensoroni/files/analyzers/README.md +++ b/salt/sensoroni/files/analyzers/README.md @@ -12,11 +12,13 @@ The built-in analyzers support the following observable types: | Greynoise |✗ |✗|✓|✗|✗|✗|✗|✗|✗| | JA3er |✗ |✗|✗|✓|✗|✗|✗|✗|✗| | LocalFile |✓ |✓|✓|✓|✗|✓|✗|✓|✗| +| Malware Hash Registry |✗ |✓|✗|✗|✗|✗|✗|✓|✗| | Pulsedive |✓ |✓|✓|✗|✗|✗|✓|✓|✓| | Spamhaus |✗ |✗|✓|✗|✗|✗|✗|✗|✗| | Urlhaus |✗ |✗|✗|✗|✗|✗|✗|✓|✗| | Urlscan |✗ |✗|✗|✗|✗|✗|✗|✓|✗| | Virustotal |✓ |✓|✓|✗|✗|✗|✗|✓|✗| +| WhoisLookup |✓ |✗|✗|✗|✗|✗|✓|✗|✗| ## Authentication Many analyzers require authentication, via an API key or similar. The table below illustrates which analyzers require authentication. @@ -26,13 +28,15 @@ Many analyzers require authentication, via an API key or similar. The table belo [AlienVault OTX](https://otx.alienvault.com/api) |✓| [EmailRep](https://emailrep.io/key) |✓| [GreyNoise](https://www.greynoise.io/plans/community) |✓| -JA3er |✗| +[JA3er](https://ja3er.com/) |✗| LocalFile |✗| +[Malware Hash Registry](https://hash.cymru.com/docs_whois) |✗| [Pulsedive](https://pulsedive.com/api/) |✓| -Spamhaus |✗| -Urlhaus |✗| +[Spamhaus](https://www.spamhaus.org/dbl/) |✗| +[Urlhaus](https://urlhaus.abuse.ch/) |✗| [Urlscan](https://urlscan.io/docs/api/) |✓| [VirusTotal](https://developers.virustotal.com/reference/overview) |✓| +[WhoisLookup](https://github.com/meeb/whoisit) |✗| ## Developer Guide