Added guid and agent definition for soarca native capabilities

COSSAS · Jan 30, 2024 · c7dc142 · c7dc142
1 parent db3f9d0
commit c7dc142
Showing 1 changed file with 42 additions and 53 deletions.
diff --git a/doc/modules.md b/doc/modules.md
@@ -19,13 +19,26 @@ The following capability modules are defined in SOARCA:
 
 All modules have an well known GUID for there target definition. SOARCA will also extent the `agent-target-type-ov` with the following vocab for `ssh`, `http-api` and `openc2` respectively.
 
-- soarca-ssh--00010001-0001-0000-0000100010001
-- soarca-http-api--00020001-0001-0000-0000100010001
-- soarca-openc2--00030001-0001-0000-0000100010001
+- soarca--00010001-1000-1000-a000-000100010001
+- soarca--00020001-1000-1000-a000-000100010001
+- soarca--00030001-1000-1000-a000-000100010001
+
+The capability will be selected on the capability name and it must be unique.
 
 
 ### SSH capability
-Well know guid: `soarca-ssh--00010001-0001-0000-0000100010001`
+Well know guid: `soarca--00010001-1000-1000-a000-000100010001`
+
+This module is defined in a playbook with the following TargetAgent definition:
+
+```json
+"agent_definitons": {
+        "soarca--00010001-1000-1000-a000-000100010001": {
+            "type": "soarca",
+            "name": "soarca-ssh-capability"
+        }
+    },
+```
 
 This modules does not define variables as input. I will have the following output variables:
 
@@ -42,11 +55,23 @@ This modules does not define variables as input. I will have the following outpu
 If the connection to the target fail the structure will be set but be empty and an error will be returned. If no error occurred nil is returned.
 
 
-### HTTP-API capability
-Well know guid: `soarca-http-api--00020001-0001-0000-0000100010001`
+## HTTP-API capability
+Well know guid: `soarca--00020001-1000-1000-a000-000100010001`
+
+This module is defined in a playbook with the following TargetAgent definition:
+
+```json
+"agent_definitons": {
+        "soarca--00020001-1000-1000-a000-000100010001": {
+            "type": "soarca",
+            "name": "soarca-http-api-capability"
+        },
+    },
+```
+
 ```json
 {
-    "__soarca_http__result__": {
+    "__soarca_http_result__": {
         Type: "string",
         Name: "result",
         Value: "<response from http-api here>"
@@ -55,54 +80,18 @@ Well know guid: `soarca-http-api--00020001-0001-0000-0000100010001`
 ```
 
 ## OPEN-C2 capabilty
-Well know guid: `soarca-openc2--00030001-0001-0000-0000100010001`
-
-T.B.D.
-
-
+Well know guid: `soarca--00030001-1000-1000-a000-000100010001`
 
-## Protocol buffer interface (about to change | not implemented)
+This module is defined in a playbook with the following TargetAgent definition:
 
-Protocol buffer 
-
-
-```proto
-syntax = "proto3";
-package module;
-
-message Command {
-    repeated string command = 1;
-    repeated string variable = 2;
-    optional Result result = 3;
-}
-
-message Return {
-    enum Result {
-        OK = 0;
-        RESPONSE = 1;
-        ERROR = 2;
-    }
-    optional Result result = 1
-    optional int code = 2;
-    optional string message = 3;
-}
+```json
+"agent_definitons": {
+        "soarca--00030001-1000-1000-a000-000100010001": {
+            "type": "soarca",
+            "name": "soarca-open-c2-capability"
+        },
+    },
 ```
 
-
-## Variables
-These `variables` are available within playbooks that use the module after it has outputted these variables. Varianames are __mod_$module_id$$_variable__ (example usage: virustotal returns a true/false for a malicious url and the affected ip. The variables would be __mod_virustotal_malicious__ and __mod_virustotal_ip__.)
-
-## Project structure
-soarca
-module_meta.json
-protocol.proto
-main.py
-
-
-## Loading your module
-
-- Needs module ID, some string that uniquely identifies the module
-- Needs return/ result typ definition
-- Needs definition of exposed variables
-- etc.
+---