From 50e0b5cf129d01ca6735741d02c126a1e0476245 Mon Sep 17 00:00:00 2001
From: megan201296 <megansroddie@gmail.com>
Date: Thu, 24 Aug 2017 15:37:54 -0500
Subject: [PATCH 1/4] Create Analyzer_Requirements.md

created and started filling in this doc
---
 Analyzer_Requirements.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 Analyzer_Requirements.md

diff --git a/Analyzer_Requirements.md b/Analyzer_Requirements.md
new file mode 100644
index 000000000..715e0313b
--- /dev/null
+++ b/Analyzer_Requirements.md
@@ -0,0 +1,33 @@
+# Cortex Analyzer Requirements
+This document outlines the different information that needs to be provided for each analyzer, such as API keys, usernames, instances, etc. It will also specify whether the service is paid, free, or requires special access. This will assist users in deciding what analyzers they want to enable and what information they need to gather in order to enable them.
+
+## Free
+
+### Abuse_Finder
+**Configuration Paramenters**: None
+
+### CuckooSandbox
+**Configuration Paramenters**: <fill in>
+
+The CuckooSandbox analyzer requires you to have a local instance of Cuckoo Sandbox deployed. It is an open-source tool that is free for use but needs to be manually deployed in your environment. More information on setting up Cuckoo Sandbox can be found [here](https://cuckoosandbox.org/).
+
+## Paid  
+
+## Special Access
+
+### CERTatPassiveDNS
+**Configuration Parameters**: None
+
+From [TheHive blog](https://blog.thehive-project.org/2017/07/05/all-fresh-cortexutils-new-cortex-analyzers/):
+```
+Access to the CERT.at service is allowed to trusted partners only.  
+If you think you qualify, please contact CERT.at.  You do not need to add specific information 
+into the Cortex configuration file to benefit from this analyzer as it calls the whois system 
+command to perform the pDNS requests.
+```
+
+### CIRCLPassiveDNS
+**Configuration Paramenters**: 
+
+### CIRCLPassiveSSL
+**Configuration Paramenters**: 

From 783dba8af10746c62792284ffc480d061fd4369b Mon Sep 17 00:00:00 2001
From: megan201296 <megansroddie@gmail.com>
Date: Thu, 24 Aug 2017 15:39:32 -0500
Subject: [PATCH 2/4] Rename Analyzer_Requirements.md to
 analyzer_requirements.md

---
 Analyzer_Requirements.md => analyzer_requirements.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename Analyzer_Requirements.md => analyzer_requirements.md (100%)

diff --git a/Analyzer_Requirements.md b/analyzer_requirements.md
similarity index 100%
rename from Analyzer_Requirements.md
rename to analyzer_requirements.md

From 48e0dd03b4a8b32e3ac863cb03f9314a80253f6f Mon Sep 17 00:00:00 2001
From: megan201296 <megansroddie@gmail.com>
Date: Thu, 24 Aug 2017 19:22:50 -0500
Subject: [PATCH 3/4] Update analyzer_requirements.md

---
 analyzer_requirements.md | 124 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 121 insertions(+), 3 deletions(-)

diff --git a/analyzer_requirements.md b/analyzer_requirements.md
index 715e0313b..d4d9bf70d 100644
--- a/analyzer_requirements.md
+++ b/analyzer_requirements.md
@@ -7,11 +7,116 @@ This document outlines the different information that needs to be provided for e
 **Configuration Paramenters**: None
 
 ### CuckooSandbox
-**Configuration Paramenters**: <fill in>
+**Configuration Paramenters**: Url
 
 The CuckooSandbox analyzer requires you to have a local instance of Cuckoo Sandbox deployed. It is an open-source tool that is free for use but needs to be manually deployed in your environment. More information on setting up Cuckoo Sandbox can be found [here](https://cuckoosandbox.org/).
 
+### File_Info
+**Configuration Paramenters**: None
+
+### FireHOL Blocklist 
+**Configuration Paramenters**: Path to FireHOL blocklists
+
+FireHOL blocklists can be downloaded from [here](https://iplists.firehol.org)
+
+### Fortiguard
+**Configuration Paramenters**: None
+
+### Google SafeBrowsing
+**Configuration Paramenters**: API Key
+
+An account with Google is required to get an API key.
+
+### Hippocampe
+**Configuration Paramenters**: Url
+
+The Hippocampe analyzer requires you to have a local instance of Hippocampe deployed/configured. It is an open-source tool that is free for use but needs to be manually deployed in your environment. More information on setting up Hippocampe can be found [here](https://github.com/CERT-BDF/Hippocampe).
+
+### JoeSandbox
+**Configuration Paramenters**: _TBD_
+
+JoeSandbox has both a free and a paid version. 
+
+### MISP
+**Configuration Paramenters**: Url, API key
+
+The MISP analyzer requires you to have a local instance of MISP deployed/configured. It is an open-source tool that is free for use but needs to be manually deployed in your environment. More information on setting up MISP can be found [here](http://www.misp-project.org/).
+
+### Msg_Parser
+**Configuration Paramenters**: None
+
+### OTXQuery
+**Configuration Paramenters**: API Key
+
+An account with AlienVault OTX is required to get an API key. You can sign up for an account [here](https://otx.alienvault.com).
+
+### PassiveTotal
+**Configuration Paramenters**: Username, API Key
+
+An account with PassiveTotal is required to get an API key. You can sign up for an account [here](https://community.riskiq.com/registration).
+
+### PhishTank
+**Configuration Paramenters**: API Key
+
+An account with PhishTank is required to get an API key. You can sign up for an account [here](https://www.phishtank.com/index.php).
+
+### Phishing Intiative
+**Configuration Paramenters**: API Key
+
+An account with Phishing Intiative is required to get an API key. You can sign up for an account [here](https://phishing-initiative.fr/register).
+
+### VirusTotal
+**Configuration Paramenters**: API Key
+
+An account with VirusTotal is required to get an API key. You can sign up for an account [here](https://www.virustotal.com/en/).
+
+### Virusshare
+**Configuration Paramenters**: Path to Virusshare hash lists
+
+Virusshare hash lists can be downloaded using the `download_hashes.py` program in the Virusshare analyzer directory.
+
+### WOT
+**Configuration Paramenters**: API Key
+
+An account with Web of Trust is required to get an API key. You can sign up for an account [here](https://www.mywot.com/en/signup?destination=profile/api).
+
+### Yara
+**Configuration Paramenters**: Path to Yara rules
+
+You have to have Yara rules downloaded in order to use this analyzer. 
+
+### YETI
+**Configuration Paramenters**: Url 
+
+The YETI analyzer requires you to have a local instance of YETI deployed/configured. It is an open-source tool that is free for use but needs to be manually deployed in your environment. More information on setting up YETI can be found [here](https://yeti-platform.github.io/).
+
 ## Paid  
+### DNSDB
+**Configuration Paramenters**: Server name, API key
+
+This is a paid service that can be purchased from [here](https://www.farsightsecurity.com/order-services/). 
+
+### DomainTools
+**Configuration Paramenters**: Username, API key
+
+This is a paid service that can be purchased from [here](https://www.domaintools.com/products/api-integration/). There is also a free API that can be used (needs to be set to free in analyzer config) and does not require a username/API key. 
+
+### MaxMind
+**Configuration Paramenters**: _TBD_
+
+This is a paid service that can be purchased from [here](https://www.maxmind.com/en/home). 
+
+### Nessus
+**Configuration Paramenters**: Url, login, password, policy
+
+This is a paid service that can be purchased from [here](https://www.tenable.com/products/nessus-vulnerability-scanner). 
+
+### VMRay
+**Configuration Paramenters**: Url, API key
+
+This is a paid service that can be purchased from [here](https://www.vmray.com/). 
+
+
 
 ## Special Access
 
@@ -27,7 +132,20 @@ command to perform the pDNS requests.
 ```
 
 ### CIRCLPassiveDNS
-**Configuration Paramenters**: 
+**Configuration Paramenters**: Username, Password
+
+From [CIRCL](https://www.circl.lu/services/passive-dns/)
+```
+Access to CIRCL Passive DNS is only allowed to trusted partners in Luxembourg and abroad. 
+Contact us if you would like access. Include your affiliation and the foreseen use of the 
+Passive DNS data.
+```
 
 ### CIRCLPassiveSSL
-**Configuration Paramenters**: 
+**Configuration Paramenters**: Username, Password
+
+From [CIRCL](https://www.circl.lu/services/passive-ssl/)
+```
+Access to CIRCL Passive SSL is allowed to partners including security researchers or 
+incident analysts worldwide. Contact us if you would like to obtain access.
+```

From 23ddf8b9be65539542ec309d9d367e0fbe48fc11 Mon Sep 17 00:00:00 2001
From: megan201296 <megansroddie@gmail.com>
Date: Thu, 24 Aug 2017 19:25:00 -0500
Subject: [PATCH 4/4] Update analyzer_requirements.md

---
 analyzer_requirements.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/analyzer_requirements.md b/analyzer_requirements.md
index d4d9bf70d..95ce44429 100644
--- a/analyzer_requirements.md
+++ b/analyzer_requirements.md
@@ -149,3 +149,6 @@ From [CIRCL](https://www.circl.lu/services/passive-ssl/)
 Access to CIRCL Passive SSL is allowed to partners including security researchers or 
 incident analysts worldwide. Contact us if you would like to obtain access.
 ```
+
+
+**NOTE**: If there are any errors on this page or changes you would like to see, please submit a pull request or email megansroddie[at]gmail.com