diff --git a/doc/modules.md b/doc/modules.md index c029accd..477b0b5a 100644 --- a/doc/modules.md +++ b/doc/modules.md @@ -19,13 +19,26 @@ The following capability modules are defined in SOARCA: All modules have an well known GUID for there target definition. SOARCA will also extent the `agent-target-type-ov` with the following vocab for `ssh`, `http-api` and `openc2` respectively. -- soarca-ssh--00010001-0001-0000-0000100010001 -- soarca-http-api--00020001-0001-0000-0000100010001 -- soarca-openc2--00030001-0001-0000-0000100010001 +- soarca--00010001-1000-1000-a000-000100010001 +- soarca--00020001-1000-1000-a000-000100010001 +- soarca--00030001-1000-1000-a000-000100010001 + +The capability will be selected on the capability name and it must be unique. ### SSH capability -Well know guid: `soarca-ssh--00010001-0001-0000-0000100010001` +Well know guid: `soarca--00010001-1000-1000-a000-000100010001` + +This module is defined in a playbook with the following TargetAgent definition: + +```json +"agent_definitons": { + "soarca--00010001-1000-1000-a000-000100010001": { + "type": "soarca", + "name": "soarca-ssh-capability" + } + }, +``` This modules does not define variables as input. I will have the following output variables: @@ -42,11 +55,23 @@ This modules does not define variables as input. I will have the following outpu If the connection to the target fail the structure will be set but be empty and an error will be returned. If no error occurred nil is returned. -### HTTP-API capability -Well know guid: `soarca-http-api--00020001-0001-0000-0000100010001` +## HTTP-API capability +Well know guid: `soarca--00020001-1000-1000-a000-000100010001` + +This module is defined in a playbook with the following TargetAgent definition: + +```json +"agent_definitons": { + "soarca--00020001-1000-1000-a000-000100010001": { + "type": "soarca", + "name": "soarca-http-api-capability" + }, + }, +``` + ```json { - "__soarca_http__result__": { + "__soarca_http_result__": { Type: "string", Name: "result", Value: "" @@ -55,54 +80,18 @@ Well know guid: `soarca-http-api--00020001-0001-0000-0000100010001` ``` ## OPEN-C2 capabilty -Well know guid: `soarca-openc2--00030001-0001-0000-0000100010001` - -T.B.D. - - +Well know guid: `soarca--00030001-1000-1000-a000-000100010001` -## Protocol buffer interface (about to change | not implemented) +This module is defined in a playbook with the following TargetAgent definition: -Protocol buffer - - -```proto -syntax = "proto3"; -package module; - -message Command { - repeated string command = 1; - repeated string variable = 2; - optional Result result = 3; -} - -message Return { - enum Result { - OK = 0; - RESPONSE = 1; - ERROR = 2; - } - optional Result result = 1 - optional int code = 2; - optional string message = 3; -} +```json +"agent_definitons": { + "soarca--00030001-1000-1000-a000-000100010001": { + "type": "soarca", + "name": "soarca-open-c2-capability" + }, + }, ``` - -## Variables -These `variables` are available within playbooks that use the module after it has outputted these variables. Varianames are __mod_$module_id$$_variable__ (example usage: virustotal returns a true/false for a malicious url and the affected ip. The variables would be __mod_virustotal_malicious__ and __mod_virustotal_ip__.) - -## Project structure -soarca -module_meta.json -protocol.proto -main.py - - -## Loading your module - -- Needs module ID, some string that uniquely identifies the module -- Needs return/ result typ definition -- Needs definition of exposed variables -- etc. +---