Skip to content

Commit

Permalink
Modified documentation of IntelOwl to include NERD observable analyzer (
Browse files Browse the repository at this point in the history 
#6)

Co-authored-by: Matteo Lodi <[email protected]>
  • Loading branch information
@Michalsus @mlodic
Michalsus and mlodic authored Nov 11, 2024
1 parent 221edde commit 44c475c
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
7 changes: 7 additions & 0 deletions docs/IntelOwl/advanced_usage.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,13 @@ Some analyzers could require a special configuration:
- The `repositories` values is what will be used to actually run the analysis: if you have added private repositories, remember to add the url in `repositories` too!
- You can add local rules inside the directory at `/opt/deploy/files_required/yara/YOUR_USERNAME/custom_rules/`. Please remember that these rules are not synced in a cluster deploy: for this reason is advised to upload them on GitHub and use the `repositories` or `private_repositories` attributes.

- `NERD` :
- The `nerd_analysis` parameter allows you to customize the level of detail in the analysis response. Available options are:
- `basic` (default): Provides a simplified response from the database.
- `full`: Includes all available information about the IP from the database.
- `fmp`: Returns only the FMP (Future Misbehavior Probability) score.
- `rep`: Returns only the reputation score of the IP.

## Notifications

Since v4, IntelOwl integrated the notification system from the `certego_saas` package, allowing the admins to create notification that every user will be able to see.
Expand Down
2 changes: 1 addition & 1 deletion docs/IntelOwl/usage.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@ The following is the list of the available analyzers you can run out-of-the-box.
- `Mnemonic_PassiveDNS` : Look up a domain or IP using the [Mnemonic PassiveDNS public API](https://docs.mnemonic.no/display/public/API/Passive+DNS+Overview).
- `MWDB_Get`: [mwdblib](https://mwdb.readthedocs.io/en/latest/) Retrieve malware file analysis by hash from repository maintained by CERT Polska MWDB.
- `Netlas`: search an IP against [Netlas](https://netlas.io/api)
- `NERD_analyzer`: scan an IP address against [NERD](https://nerd.cesnet.cz/) database
- `NERD_analyzer`: search an IP against NERD reputation database [NERD](https://nerd.cesnet.cz/)
- `ONYPHE`: search an observable in [ONYPHE](https://www.onyphe.io/)
- `OpenCTI`: scan an observable on an [OpenCTI](https://github.com/OpenCTI-Platform/opencti) instance
- `OTXQuery`: scan an observable on [Alienvault OTX](https://otx.alienvault.com/)
Expand Down

0 comments on commit 44c475c

Please sign in to comment.