Add documentation around the new sandboxes module and config

kevthehermit · Oct 4, 2019 · c33ab43 · c33ab43
1 parent 40d1ccf
commit c33ab43
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -22,4 +22,9 @@ Pastehunter supports several output modules:
  - Dump to CSV file.
  - Send to syslog.
 
+ ## Supported Sandboxes
+ Pastehunter supports several sandboxes that decoded data can be sent to:
+ - Cuckoo
+ - Viper
+
 For examples of data discovered using pastehunter check out my posts https://techanarchy.net/blog/hunting-pastebin-with-pastehunter and https://techanarchy.net/blog/pastehunter-the-results
diff --git a/docs/postprocess.rst b/docs/postprocess.rst
@@ -29,20 +29,7 @@ when the full paste is a base64 blob, i.e. it will not extract base64 code that
 
 - **rule_list**: List of rules that will trigger the postprocess module. 
 
-
-Cuckoo
-^^^^^^
-If the samples match a binary file format you can optionaly send the file for analysis by a Cuckoo Sandbox.
-
-- **api_host**: IP or hostname for a Cuckoo API endpoint. 
-- **api_port**: Port number for a Cuckoo API endpoint.
-
-Viper
-^^^^^
-If the samples match a binary file format you can optionaly send the file to a Viper instance for further analysis.
-
-- **api_host**: IP or hostname for a Cuckoo API endpoint. 
-- **api_port**: Port number for a Cuckoo API endpoint.
+See the `Sandboxes documentation <sandboxes.rst>`_ for information on how to configure the sandboxes used for scanning decoded base64 data.
 
 
 Entropy

diff --git a/docs/sandboxes.rst b/docs/sandboxes.rst
@@ -0,0 +1,25 @@
+Sandboxes
+=========
+
+There are a few sandboxes that can be configured and used in various post process steps.
+
+There are a few generic options for each input.
+
+- **enabled**: This turns the sandbox on and off. 
+- **module**: This is used internally by pastehunter.
+
+Cuckoo
+------
+
+If the samples match a binary file format you can optionaly send the file for analysis by a Cuckoo Sandbox.
+
+- **api_host**: IP or hostname for a Cuckoo API endpoint. 
+- **api_port**: Port number for a Cuckoo API endpoint.
+
+Viper
+-----
+
+If the samples match a binary file format you can optionaly send the file to a Viper instance for further analysis.
+
+- **api_host**: IP or hostname for a Viper API endpoint. 
+- **api_port**: Port number for a Viper API endpoint.