diff --git a/docs/IntelOwl/advanced_usage.md b/docs/IntelOwl/advanced_usage.md index 4982837..42fd7b5 100644 --- a/docs/IntelOwl/advanced_usage.md +++ b/docs/IntelOwl/advanced_usage.md @@ -241,6 +241,13 @@ Some analyzers could require a special configuration: - The `repositories` values is what will be used to actually run the analysis: if you have added private repositories, remember to add the url in `repositories` too! - You can add local rules inside the directory at `/opt/deploy/files_required/yara/YOUR_USERNAME/custom_rules/`. Please remember that these rules are not synced in a cluster deploy: for this reason is advised to upload them on GitHub and use the `repositories` or `private_repositories` attributes. +- `NERD` : + - The `nerd_analysis` parameter allows you to customize the level of detail in the analysis response. Available options are: + - `basic` (default): Provides a simplified response from the database. + - `full`: Includes all available information about the IP from the database. + - `fmp`: Returns only the FMP (Future Misbehavior Probability) score. + - `rep`: Returns only the reputation score of the IP. + ## Notifications Since v4, IntelOwl integrated the notification system from the `certego_saas` package, allowing the admins to create notification that every user will be able to see. diff --git a/docs/IntelOwl/usage.md b/docs/IntelOwl/usage.md index d7420dd..b1144a5 100644 --- a/docs/IntelOwl/usage.md +++ b/docs/IntelOwl/usage.md @@ -209,7 +209,7 @@ The following is the list of the available analyzers you can run out-of-the-box. - `Mnemonic_PassiveDNS` : Look up a domain or IP using the [Mnemonic PassiveDNS public API](https://docs.mnemonic.no/display/public/API/Passive+DNS+Overview). - `MWDB_Get`: [mwdblib](https://mwdb.readthedocs.io/en/latest/) Retrieve malware file analysis by hash from repository maintained by CERT Polska MWDB. - `Netlas`: search an IP against [Netlas](https://netlas.io/api) -- `NERD_analyzer`: scan an IP address against [NERD](https://nerd.cesnet.cz/) database +- `NERD_analyzer`: search an IP against NERD reputation database [NERD](https://nerd.cesnet.cz/) - `ONYPHE`: search an observable in [ONYPHE](https://www.onyphe.io/) - `OpenCTI`: scan an observable on an [OpenCTI](https://github.com/OpenCTI-Platform/opencti) instance - `OTXQuery`: scan an observable on [Alienvault OTX](https://otx.alienvault.com/)