Add Malpedia entry

TheHive-Project · Apr 18, 2018 · 14707bb · 14707bb
1 parent 7ad1144
commit 14707bb
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/analyzer_requirements.md b/analyzer_requirements.md
@@ -196,6 +196,18 @@ an API key/secret pair.
 Provide the API key as a value for the `key` parameter and the secret as a
 value to the `secret` parameter.
 
+### Malpedia
+Scan files against YARA rules automatically downloaded every 10 hours by the analyzer from [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/).
+
+If a rule matches, the analyzer tries to retrieve more info from Malpedia such as the malware family (currently more than 600) and the actor group (tracked through [MISP Galaxies](https://github.com/MISP/misp-galaxy)).
+
+This analyzer comes in only one flavor.
+
+#### Requirements
+You need access to Malpedia to use this analyzer. Please note that Malpedia does not feature open registration. It is operated as an invite-only trust group. If you believe you qualify for an account, please see Malpedia's [Terms of Services](https://malpedia.caad.fkie.fraunhofer.de/terms_of_service) for contact details.
+
+If you have access to Malpedia, provide your username as the value for the `username` parameter and the associated password as the value of the `password` parameter then specify a location where the analyzer will download the YARA rules to using the `path` parameter.
+
 ### MaxMind
 Geolocate an IP Address via [MaxMind](https://www.maxmind.com/en/home)
 GeoLite2 **free** City and Country databases.