mihari 5.4.5 → 5.4.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c21e0cc46aa56c0b38742049ff9fb25d8375b8c555d26dc9c5893205f80947b0
-  data.tar.gz: 452122ef77d5e839a105b01c8ac703924c8488945f8a6d26dffb328efe758418
+  metadata.gz: 2734178f12752f0a1e966694b19f9e92f624ef4c1f6151a52ad273534af66878
+  data.tar.gz: fae4bee7d76464ea8dde6ad6641c048351d1e8b1781df91424c5b9006bdae543
 SHA512:
-  metadata.gz: '0488ab7be1fd505ffb6c1bf174bf4eb51a2809b39d014206a9078c2b25b635d1b1cecf71db54870cbe41f363f3016be0116193963a83f8038d8f87fd990075ad'
-  data.tar.gz: 392f31818f021e205a70e315e430dec4864edf7a37245651a2e516be4f41afb2c9572d73a0275574cb4917036398686f2da917d5c5386084a7527f0c2a68abb3
+  metadata.gz: ea57655f55af23df3176888e2bf3702e84a6e2fdd880859dd0bf51f373fab11632c2a99d92f34cf92e82152ac730ca3b15aa7c6a2a556d875beb2f9a8e31a99a
+  data.tar.gz: 32a1f0e2b6ed965a6c684cbcb6c6bfe8b51ba86d61903143805426af240309a73201a0905b9b992f9e11d3e23b77a8c8edf7caf36d903679e78a8498989e92d5

data/docs/analyzers/binaryedge.md

@@ -7,7 +7,7 @@ tags:
 
 - [https://www.binaryedge.io/](https://www.binaryedge.io/)
 
-This analyzer uses [BinaryEdge API V2](https://docs.binaryedge.io/api-v2/) and [/v2/query/search](https://docs.binaryedge.io/api-v2/#v2querysearch) API endpoint to search.
+This analyzer uses [BinaryEdge API V2](https://docs.binaryedge.io/api-v2/) (`/v2/query/search`) to search. Pagination is supported.
 
 ```yaml
 analyzer: binaryedge
@@ -15,7 +15,12 @@ query: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default                   | Desc.        |
-| ------- | ------ | --------- | ------------------------- | ------------ |
-| query   | String | Yes       |                           | Search query |
-| api_key | String | No        | ENV[”BINARYEDGE_API_KEY"] | API key      |
+## Components
+
+### Query
+
+`query` is a search query.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”BINARYEDGE_API_KEY"]`.

data/docs/analyzers/censys.md

@@ -7,7 +7,7 @@ tags:
 
 - [https://censys.io/](https://censys.io/)
 
-The analyzer uses [Censys Search 2.0 REST API](https://search.censys.io/api) to search.
+This analyzer uses [Censys Search 2.0 REST API](https://search.censys.io/api) to search. Pagination is supported.
 
 ```yaml
 analyzer: censys
@@ -16,8 +16,16 @@ id: ...
 secret: ...
 ```
 
-| Name   | Type   | Required? | Default              | Desc.         |
-| ------ | ------ | --------- | -------------------- | ------------- |
-| query  | String | Yes       |                      | Search query  |
-| id     | String | No        | ENV[”CENSYS_ID”]     | Censys ID     |
-| secret | String | No        | ENV[”CENSYS_SECRET”] | Censys secret |
+## Components
+
+### Query
+
+`query` is a search query.
+
+### ID
+
+`id` is a Cencys ID. Optional. Defaults to `ENV[”CENSYS_ID”]`.
+
+### Secret
+
+`secret` is a Cencys secret. Optional. Defaults to `ENV[”CENSYS_SECRET”]`.

data/docs/analyzers/circl.md

@@ -22,8 +22,16 @@ password: ...
 username: ...
 ```
 
-| Name     | Type   | Required? | Default                       | Desc.                                  |
-| -------- | ------ | --------- | ----------------------------- | -------------------------------------- |
-| query    | String | Yes       |                               | Domain or SHA1 certificate fingerprint |
-| username | String | No        | ENV[”CIRCL_PASSIVE_USERNAME”] | Username                               |
-| password | String | Noe       | ENV[”CIRCL_PASSIVE_PASSWORD”] | Password                               |
+## Components
+
+### Query
+
+`query` is a domain or SHA1 certificate fingerprint.
+
+### Username
+
+`username` is a username. Optional. Defaults to `ENV[”CIRCL_PASSIVE_USERNAME”]`.
+
+### Password
+
+`password` is a password. Optional. Defaults to `ENV[”CIRCL_PASSIVE_PASSWORD”]`.

data/docs/analyzers/crtsh.md

@@ -15,11 +15,12 @@ query: ...
 exclude_expired: ...
 ```
 
-| Name            | Type               | Default | Desc.                                     |
-| --------------- | ------------------ | ------- | ----------------------------------------- |
-| query           | String             |         | Search query                              |
-| exclude_expired | Boolean (optional) | True    | Whether to exclude expired domains or not |
+## Components
 
-!!! tip
+### Query
 
-    if `exclude_expired` is set as `true`, expired domains are excluded from search results.
+`query` is a search query.
+
+### Exclude Expired
+
+`exclude_expired` (boolean) determines whether to exclude expired domains or not. Optional. Defaults to `true`.

data/docs/analyzers/dnstwister.md

@@ -14,9 +14,11 @@ analyzer: dnstwister
 query: ...
 ```
 
-| Name  | Type   | Required? | Default | Desc.  |
-| ----- | ------ | --------- | ------- | ------ |
-| query | String | Yes       |         | Domain |
+## Components
+
+### Query
+
+`query` is a search query.
 
 !!! tip
 

data/docs/analyzers/feed.md

@@ -7,40 +7,64 @@ Note that you should write a selector to get proper IoCs from a feed. A selector
 ```yaml
 analyzer: feed
 query: ...
-http_request_method: ...
-http_request_payload: ...
-http_request_payload_type: ...
-http_request_headers: ...
 selector: ...
+method: ...
+headers: ...
+params: ...
+data: ...
+json: ...
 ```
 
-| Name                      | Type   | Required? | Default | Desc.                                |
-| ------------------------- | ------ | --------- | ------- | ------------------------------------ |
-| query                     | String | Yes       |         | URL                                  |
-| http_request_method       | String | No        | GET     | HTTP request method (GET or POST)    |
-| http_request_headers      | Hash   | No        |         | HTTP request headers                 |
-| http_request_payload      | Hash   | No        |         | HTTP request payload                 |
-| http_request_payload_type | String | No        |         | Content-type of HTTP request payload |
-| selector                  | String | Yes       |         | `jr` selector                        |
+## Components
+
+### Query
+
+`query` is a URL of a feed.
+
+!!! note
+
+    I know this is a strange naming. It's just for keeping the convention with other analyzers.
+
+### Method
+
+`method` is an HTTP method. Defaults to `GET`.
+
+### Selector
+
+`selector` is a `jr` selector.
+
+### Headers
+
+`headers` (hash) is an HTTP headers. Optional.
+
+### Params
+
+`params` (hash) is an HTTP query params. Optional.
+
+### Data
+
+`data` (hash) is an HTTP form data. Optional.
+
+### JSON
+
+`json` (hash) is an JSON body. Optional.
 
 ## Examples
 
-**ThreatFox**
+### ThreatFox
 
 ```yaml
 analyzer: feed
 query: "https://threatfox-api.abuse.ch/api/v1/"
-http_request_method: "POST"
-http_request_payload:
-  query: "get_iocs"
+method: POST
+json:
+  query: get_iocs
   days: 1
-http_request_payload_type: "application/json"
-http_request_headers:
-  "api-key": "YOUR_API_KEY"
+headers:
 selector: "map(&:data).unwrap.map(&:ioc).map { |v| v.start_with?('http://', 'https://') ? v :  v.split(':').first }"
 ```
 
-**URLhaus**
+### URLhaus
 
 ```yaml
 analyzer: feed

data/docs/analyzers/greynoise.md

@@ -7,7 +7,7 @@ tags:
 
 - [https://www.greynoise.io/](https://www.greynoise.io/)
 
-This analyzer uses GreyNoise API and `[https://api.greynoise.io/v2/experimental/gnql](https://api.greynoise.io/v2/experimental/gnql)` API endpoint to search.
+This analyzer uses GreyNoise API (`/v2/experimental/gnql`) to search. Pagination is supported.
 
 ```yaml
 analyzer: greynoise
@@ -15,7 +15,12 @@ query: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default                  | Desc.        |
-| ------- | ------ | --------- | ------------------------ | ------------ |
-| query   | String | Yes       |                          | Search query |
-| api_key | String | No        | ENV[”GREYNOISE_API_KEY"] | API key      |
+## Components
+
+### Query
+
+`query` is a GNQL search query.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”GREYNOISE_API_KEY"]`.

data/docs/analyzers/hunterhow.md

@@ -7,7 +7,7 @@ tags:
 
 - [https://hunter.how/](https://hunter.how/)
 
-This analyzer uses `https://api.hunter.how/search` API endpoint to search.
+This analyzer uses Hunter How API (`https://api.hunter.how/search`) to search. Pagination is supported.
 
 ```yaml
 analyzer: hunterhow
@@ -17,9 +17,17 @@ start_time: ...
 end_time: ...
 ```
 
-| Name       | Type   | Required? | Default                  | Desc.        |
-| ---------- | ------ | --------- | ------------------------ | ------------ |
-| query      | String | Yes       |                          | Search query |
-| start_time | Date   | Yes       |                          |              |
-| end_time   | Date   | Yes       |                          |              |
-| api_key    | String | No        | ENV[”HUNTERHOW_API_KEY"] | API key      |
+## Components
+
+### Query
+
+`query` is a search query.
+
+### Start/End Time
+
+- `start_time` (date): Only show results after the given date.
+- `end_time` (date): Only show results after the given date.
+
+### API key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”HUNTERHOW_API_KEY"]`.

data/docs/analyzers/onyphe.md

@@ -15,7 +15,12 @@ query: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default               | Desc.        |
-| ------- | ------ | --------- | --------------------- | ------------ |
-| query   | String | Yes       |                       | Search query |
-| api_key | String | No        | ENV[”ONYPHE_API_KEY”] | API key      |
+## Components
+
+### Query
+
+`query` is a search query.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”ONYPHE_API_KEY”"]`.

data/docs/analyzers/otx.md

@@ -9,7 +9,7 @@ tags:
 
 - [https://otx.alienvault.com/](https://otx.alienvault.com/dashboard/new)
 
-This analyzer uses [OTX API v1](https://otx.alienvault.com/api) (`/api/v1/indicators/`) API endpoints to search.
+This analyzer uses [OTX API v1](https://otx.alienvault.com/api) (`/api/v1/indicators/`) API to search.
 
 ```yaml
 analyzer: otx
@@ -17,7 +17,12 @@ query: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default            | Desc.                |
-| ------- | ------ | --------- | ------------------ | -------------------- |
-| query   | String | Yes       |                    | Domain or IP address |
-| api_key | String | No        | ENV[”OTX_API_KEY”] | API key              |
+## Components
+
+### Query
+
+`query` is a passive DNS search query. Domain or IP address.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”OTX_API_KEY”"]`.

data/docs/analyzers/passivetotal.md

@@ -29,8 +29,20 @@ username: ...
 api_key: ...
 ```
 
-| Name     | Type   | Required? | Default                      | Desc.                                                            |
-| -------- | ------ | --------- | ---------------------------- | ---------------------------------------------------------------- |
-| query    | String | Yes       |                              | Domain, IP address, mail address or SHA1 certificate fingerprint |
-| username | String | No        | ENV[”PASSIVETOTAL_USERNAME"] | Username                                                         |
-| api_key  | String | No        | ENV[”PASSIVETOTAL_API_KEY"]  | API key                                                          |
+## Components
+
+### Query
+
+`query` is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
+
+- Passive DNS: Domain, IP Address
+- Passive SSL: SHA1 certificate fingerprint
+- Reverse whois: mail
+
+### Username
+
+`username` is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.

data/docs/analyzers/pulsedive.md

@@ -17,7 +17,12 @@ query: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default                  | Desc.                |
-| ------- | ------ | --------- | ------------------------ | -------------------- |
-| query   | String | Yes       |                          | Domain or IP address |
-| api_key | String | No        | ENV[”PULSEDIVE_API_KEY"] | API key              |
+## Components
+
+### Query
+
+`query` is a passive DNS search query. Domain or IP address.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”PULSEDIVE_API_KEY"]`.

data/docs/analyzers/securitytrails.md

@@ -26,7 +26,12 @@ query: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default                       | Desc.                              |
-| ------- | ------ | --------- | ----------------------------- | ---------------------------------- |
-| query   | String | Yes       |                               | Domain, IP address or mail address |
-| api_key | String | No        | ENV[”SECURITYTRAILS_API_KEY"] | API key                            |
+## Components
+
+### Query
+
+`query` is a passive DNS search/reverse whois query. Domain, IP address or mail.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”SECURITYTRAILS_API_KEY"]`.

data/docs/analyzers/shodan.md

@@ -7,7 +7,7 @@ tags:
 
 - [https://shodan.io/](https://shodan.io/)
 
-This analyzer uses [Shodan REST AP](https://developer.shodan.io/api) (`/shodan/host/search`) API to search.
+This analyzer uses [Shodan REST AP](https://developer.shodan.io/api) (`/shodan/host/search`) API to search. Pagination is supported.
 
 ```yaml
 analyzer: shodan
@@ -15,7 +15,12 @@ query: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default               | Desc.        |
-| ------- | ------ | --------- | --------------------- | ------------ |
-| query   | String | Yes       |                       | Search query |
-| api_key | String | No        | ENV[”SHODAN_API_KEY"] | API key      |
+## Components
+
+### Query
+
+`query` is a search query.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”SHODAN_API_KEY"]`.

data/docs/analyzers/urlscan.md

@@ -9,7 +9,7 @@ tags:
 
 - [https://urlscan.io/](https://urlscan.io/)
 
-This analyzer uses [urlscan.io](http://urlscan.io) API (`/api/v1/search`) to search.
+This analyzer uses [urlscan.io](http://urlscan.io) API (`/api/v1/search`) to search. Pagination is supported.
 
 ```yaml
 analyzer: urlscan
@@ -17,7 +17,12 @@ query: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default                | Desc.        |
-| ------- | ------ | --------- | ---------------------- | ------------ |
-| query   | String | Yes       |                        | Search query |
-| api_key | String | No        | ENV[”URLSCAN_API_KEY"] | API key      |
+## Components
+
+### Query
+
+`query` is a search query.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”URLSCAN_API_KEY"]`.

data/docs/analyzers/virustotal.md

@@ -9,7 +9,7 @@ tags:
 
 - [https://www.virustotal.com](https://www.virustotal.com/gui/home/search)
 
-The analyzer uses VirusTotal API v3.
+This analyzer uses VirusTotal API v3.
 
 An API endpoint to use is changed based on a type of a query.
 
@@ -28,7 +28,12 @@ query: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default                   | Desc.                |
-| ------- | ------ | --------- | ------------------------- | -------------------- |
-| query   | String | Yes       |                           | Domain or IP address |
-| api_key | String | No        | ENV[”VIRUSTOTAL_API_KEY"] | API key              |
+## Components
+
+### Query
+
+`query` is a passive DNS search query. Domain or IP address.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.

data/docs/analyzers/virustotal_intelligence.md

@@ -10,13 +10,20 @@ tags:
 
 - [https://www.virustotal.com](https://www.virustotal.com/gui/home/search)
 
+This analyzer uses VirusTotal Intelligence API. Pagination is supported.
+
 ```yaml
 analyzer: virustotal_intelligence
 query: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default                   | Desc.        |
-| ------- | ------ | --------- | ------------------------- | ------------ |
-| query   | String | Yes       |                           | Search query |
-| api_key | String | No        | ENV[”VIRUSTOTAL_API_KEY"] | API key      |
+## Components
+
+### Query
+
+`query` is a search query.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”VIRUSTOTAL_API_KEY"]`.

data/docs/analyzers/zoomeye.md

@@ -2,7 +2,7 @@
 
 - [https://zoomeye.org/](https://zoomeye.org/)
 
-The analyzer uses ZoomEye API v3.
+This analyzer uses ZoomEye API v3. Pagination is supported.
 
 An API endpoint to use is changed based on a `type` option.
 
@@ -18,8 +18,16 @@ type: ...
 api_key: ...
 ```
 
-| Name    | Type                     | Required? | Default                | Desc.        |
-| ------- | ------------------------ | --------- | ---------------------- | ------------ |
-| query   | String                   | Yes       |                        | Search query |
-| type    | String (`web` or `host`) | Yes       |                        | Query type   |
-| api_key | String                   | No        | ENV[”ZOOMEYE_API_KEY"] | API key      |
+## Components
+
+### Query
+
+`query` is a search query.
+
+### Type
+
+`type` determines a search type. `web` or `host`.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”ZOOMEYE_API_KEY"]`.

data/docs/configuration.md

@@ -2,34 +2,34 @@
 
 Configuration can be done via environment variables.
 
-| Environmental Variable | Description                     | Default              |
-| ---------------------- | ------------------------------- | -------------------- |
-| DATABASE_URL           | Database URL                    | sqlite3:///mihari.db |
-| BINARYEDGE_API_KEY     | BinaryEdge API key              |                      |
-| CENSYS_ID              | Censys API ID                   |                      |
-| CENSYS_SECRET          | Censys secret                   |                      |
-| CIRCL_PASSIVE_PASSWORD | CIRCL passive DNS/SSL password  |                      |
-| CIRCL_PASSIVE_USERNAME | CIRCL passive DNS/SSL username, |                      |
-| IPINFO_API_KEY         | IPInfo API key (token)          |                      |
-| MISP_URL               | MISP URL                        |                      |
-| MISP_API_KEY           | MISP API key                    |                      |
-| ONYPHE_API_KEY         | Onyphe API key                  |                      |
-| OTX_API_KEY            | OTX API key                     |                      |
-| PASSIVETOTAL_API_KEY   | PassiveTotal API key            |                      |
-| PASSIVETOTAL_USERNAME  | PassiveTotal username           |                      |
-| PULSEDIVE_API_KEY      | Pulsedive API key               |                      |
-| SECURITYTRAILS_API_KEY | SecurityTrails API key          |                      |
-| SHODAN_API_KEY         | Shodan API key                  |                      |
-| SLACK_CHANNEL          | Slack channel name              | #general             |
-| SLACK_WEBHOOK_URL      | Slack Webhook URL               |                      |
-| THEHIVE_URL            | TheHive URL,                    |                      |
-| THEHIVE_API_KEY        | TheHive API key,                |                      |
-| URLSCAN_API_KEY        | urlscan.io API key,             |                      |
-| VIRUSTOTAL_API_KEY     | VirusTotal API key              |                      |
-| ZOOMEYE_API_KEY        | ZoomEye API key                 |                      |
-| SENTRY_DSN             | Sentry DSN                      |                      |
-| RETRY_INTERVAL         | Retry interval                  | 5                    |
-| RETRY_TIMES            | Retry times                     | 3                    |
-| PAGINATION_LIMIT       | Pagination limit                | 100                  |
+| Environmental Variable | Description                     | Default                |
+| ---------------------- | ------------------------------- | ---------------------- |
+| DATABASE_URL           | Database URL                    | `sqlite3:///mihari.db` |
+| BINARYEDGE_API_KEY     | BinaryEdge API key              |                        |
+| CENSYS_ID              | Censys API ID                   |                        |
+| CENSYS_SECRET          | Censys secret                   |                        |
+| CIRCL_PASSIVE_PASSWORD | CIRCL passive DNS/SSL password  |                        |
+| CIRCL_PASSIVE_USERNAME | CIRCL passive DNS/SSL username, |                        |
+| IPINFO_API_KEY         | IPInfo API key (token)          |                        |
+| MISP_URL               | MISP URL                        |                        |
+| MISP_API_KEY           | MISP API key                    |                        |
+| ONYPHE_API_KEY         | Onyphe API key                  |                        |
+| OTX_API_KEY            | OTX API key                     |                        |
+| PASSIVETOTAL_API_KEY   | PassiveTotal API key            |                        |
+| PASSIVETOTAL_USERNAME  | PassiveTotal username           |                        |
+| PULSEDIVE_API_KEY      | Pulsedive API key               |                        |
+| SECURITYTRAILS_API_KEY | SecurityTrails API key          |                        |
+| SHODAN_API_KEY         | Shodan API key                  |                        |
+| SLACK_CHANNEL          | Slack channel name              | `#general`             |
+| SLACK_WEBHOOK_URL      | Slack Webhook URL               |                        |
+| THEHIVE_URL            | TheHive URL,                    |                        |
+| THEHIVE_API_KEY        | TheHive API key,                |                        |
+| URLSCAN_API_KEY        | urlscan.io API key,             |                        |
+| VIRUSTOTAL_API_KEY     | VirusTotal API key              |                        |
+| ZOOMEYE_API_KEY        | ZoomEye API key                 |                        |
+| SENTRY_DSN             | Sentry DSN                      |                        |
+| RETRY_INTERVAL         | Retry interval                  | 5                      |
+| RETRY_TIMES            | Retry times                     | 3                      |
+| PAGINATION_LIMIT       | Pagination limit                | 100                    |
 
 Or you can set values through `.env` file. Values in `.env` file will be automatically loaded.

data/docs/emitters/hive.md

@@ -11,8 +11,16 @@ api_key: ...
 api_version: ...
 ```
 
-| Name        | Type   | Required? | Default                    | Desc.               |
-| ----------- | ------ | --------- | -------------------------- | ------------------- |
-| url         | String | No        | ENV[”THEHIVE_URL”]         | TheHive API URL     |
-| api_key     | String | No        | ENV[”THEHIVE_API_KEY”]     | TheHive API key     |
-| api_version | String | No        | ENV[”THEHIVE_API_VERSION”] | TheHive API version |
+## Components
+
+### URL
+
+`url` is a TheHive URL. Optional. Defaults to `ENV[”THEHIVE_URL”]`.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”THEHIVE_API_KEY”]`.
+
+### API Version
+
+`api_version` is a version of The Hive API. Optional. Defaults to `ENV[”THEHIVE_API_VERSION”]`.

data/docs/emitters/misp.md

@@ -2,7 +2,7 @@
 
 - [https://www.misp-project.org/](https://www.misp-project.org/)
 
-This emitter creates an event on MISP based on an alert.
+This emitter creates an event on MISP based on an alert. MISP v2 is supported.
 
 ```yaml
 emitter: misp
@@ -10,7 +10,12 @@ url: ...
 api_key: ...
 ```
 
-| Name    | Type   | Required? | Default             | Desc.        |
-| ------- | ------ | --------- | ------------------- | ------------ |
-| url     | String | No        | ENV[”MISP_URL”]     | MISP API URL |
-| api_key | String | No        | ENV[”MISP_API_KEY”] | MISP API key |
+## Components
+
+### URL
+
+`url` is a MISP URL. Optional. Defaults to `ENV[MISP_URL]`.
+
+### API Key
+
+`api_key` is an API key. Optional. Defaults to `ENV[”MISP_API_KEY”]`.

data/docs/emitters/slack.md

@@ -14,3 +14,13 @@ channel: ...
 | ----------- | ------ | --------- | ------------------------------- | ----------------- |
 | webhook_url | String | No        | ENV[SLACK_WEBHOOK_URL]          | Slack webhook URL |
 | channel     | String | No        | ENV[SLACK_CHANNEL] / `#general` | Slack channel     |
+
+## Components
+
+### Webhook URL
+
+`url` is a Slack's incoming webhook URL. Optional. Defaults to `ENV[SLACK_WEBHOOK_URL]`.
+
+### API Key
+
+`channel` is a Slack channel to sent a message. Optional. Defaults to `ENV[SLACK_CHANNEL]` or `#general`.