crowdsecurity
diff --git a/‎crowdsec-docs/static/img/misp/config.png‎
62.9 KB b/‎crowdsec-docs/static/img/misp/config.png‎
62.9 KB
diff --git a/‎crowdsec-docs/static/img/misp/enrich-event-from-left-menu-popup.png‎
10.1 KB b/‎crowdsec-docs/static/img/misp/enrich-event-from-left-menu-popup.png‎
10.1 KB
diff --git a/‎crowdsec-docs/static/img/misp/enriched-ip-event-2.png‎
202 KB b/‎crowdsec-docs/static/img/misp/enriched-ip-event-2.png‎
202 KB
diff --git a/‎crowdsec-docs/static/img/misp/enriched-ip-event.png‎
176 KB b/‎crowdsec-docs/static/img/misp/enriched-ip-event.png‎
176 KB
diff --git a/‎crowdsec-docs/static/img/misp_crowdsec_knowledge.png‎
-59.1 KB b/‎crowdsec-docs/static/img/misp_crowdsec_knowledge.png‎
-59.1 KB
diff --git a/‎crowdsec-docs/static/img/misp_hover.png‎
-30.6 KB b/‎crowdsec-docs/static/img/misp_hover.png‎
-30.6 KB
diff --git a/‎crowdsec-docs/unversioned/cti_api/integration_misp.md‎
Lines changed: 41 additions & 16 deletions b/‎crowdsec-docs/unversioned/cti_api/integration_misp.md‎
Lines changed: 41 additions & 16 deletions
@@ -4,41 +4,66 @@ title: MISP Plugin
 sidebar_position: 2
 ---
 
-MISP hover plugin allows you to get knowledge from CrowdSec's CTI API upon hovering an IP in your MISP instance.
+MISP plugin lets you enrich the knowledge of IP attributes using CrowdSec's CTI API.
 
 ## Installation
 
+### Requirements
+
+- A CrowdSec CTI API key. See [instructions to obtain it](https://docs.crowdsec.net/docs/next/cti_api/getting_started/#getting-an-api-key)
+
 ### Setting up plugin server
 
 The plugin is included in MISP's [official plugin repo](https://github.com/MISP/misp-modules).
 
-The development version can be found on [crowdsec's fork](https://github.com/crowdsecurity/misp-modules).
-
-Install the fork via by following instructions given [here](https://github.com/MISP/misp-modules#how-to-install-and-start-misp-modules-in-a-python-virtualenv-recommended)
-. Make sure to subsitute repository address as required.
 
 ### Configure the plugin
 
-1. Navigate to plugin settings page at `http://<your_misp_address>/servers/serverSettings/Plugin`
+You can activate this module by accessing the “Plugins” tab of your MISP instance:
 
-2. Click on Enrichment.
+1. Navigate to plugin settings page at `http://<your-misp-address>/servers/serverSettings/Plugin`
+2. Click on Enrichment
+3. Set the value of `Plugin.Enrichment_crowdsec_enabled` to `true`
+4. Set the value of `Plugin.Enrichment_crowdsec_api_key` to your CrowdSec CTI API key
+   
+For more details on the settings available, please refer to the [Configurations](#configurations) part.
 
-3. Set the value of Plugin.Enrichment_crowdsec_enabled to `true`
 
-4. Set the value of Plugin.Enrichment_crowdsec_api_key to your CTI API key. See [instructions to obtain it](/cti_api/getting_started.mdx)
+## Usage
 
-5. Set the value of Plugin.Enrichment_crowdsec_api_version to "v2".
+Thanks to the CrowdSec Threat Intelligence, you can enrich your IP attributes.
 
-Done !
+![Enrich IP](/img/misp/enrich-event-from-left-menu-popup.png)
 
+Once enriched, you will find a `crowdsec-ip-context` object with all attributes retrieved from CrowdSec.
 
-## Usage
+For more details about this object, please refer to the [Misp project documentation](https://www.misp-project.org/objects.html#_crowdsec_ip_context).
+
+
+![Enriched IP part 1](/img/misp/enriched-ip-event.png)
+
+![Enriched IP part 2](/img/misp/enriched-ip-event-2.png)
+
+
+## Configurations
+
+You will find the settings page at `http://<your-misp-address>/servers/serverSettings/Plugin`
+
+![Configurations](/img/misp/config.png)
+
+Configuration parameters are described below:
 
-1. Simply click on hover button on any IP attribute.
 
-![MISP hover](/img/misp_hover.png)
+| Setting name                                         | Mandatory | Type    | Description                                                                                                                                |
+|------------------------------------------------------|-----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------|
+| `Plugin.Enrichment_crowdsec_enabled`                 | Yes       | Boolean | Enable or disable the crowdsec module                                                                                                      |
+| `Plugin.Enrichment_crowdsec_restrict`                | No        | String  | Restrict the crowdsec module to the given organisation.                                                                                    |
+| `Plugin.Enrichment_crowdsec_api_key`                 | Yes       | String  | CrowdSec CTI  API key. See [instructions to obtain it](https://docs.crowdsec.net/docs/next/cti_api/getting_started/#getting-an-api-key)    |
+| `Plugin.Enrichment_crowdsec_add_reputation_tag`      | No        | String  | Enable/disable the creation of a reputation tag for the IP attribute. You can use  `True` or `False` as string value. Default: `True`      |
+| `Plugin.Enrichment_crowdsec_add_behavior_tag`        | No        | String  | Enable/disable the creation of a behavior tag for the IP attribute. You can use  `True` or `False` as string value. Default: `True`        |
+| `Plugin.Enrichment_crowdsec_add_classification_tag`  | No        | String  | Enable/disable the creation of a classification tag for the IP attribute. You can use  `True` or `False` as string value. Default: `True`  |
+| `Plugin.Enrichment_crowdsec_add_mitre_technique_tag` | No        | String  | Enable/disable the creation of a mitre technique tag for the IP attribute. You can use  `True` or `False` as string value. Default: `True` |
+| `Plugin.Enrichment_crowdsec_add_cve_tag`             | No        | String  | Enable/disable the creation of a cve tag for the IP attribute. You can use  `True` or `False` as string value. Default: `True`             |
 
-2. Upon clicking the hover icon, you will see the enrichements on this IP obtained from CrowdSec's CTI.
 
-![MISP CrowdSec Hover](/img/misp_crowdsec_knowledge.png)