From c33ab4318e3094a0bb5c069118148d83de4166fa Mon Sep 17 00:00:00 2001
From: Scott Knight <4534275+knightsc@users.noreply.github.com>
Date: Tue, 3 Sep 2019 14:50:46 -0400
Subject: [PATCH] Add documentation around the new sandboxes module and config

---
 README.md            |  5 +++++
 docs/postprocess.rst | 15 +--------------
 docs/sandboxes.rst   | 25 +++++++++++++++++++++++++
 3 files changed, 31 insertions(+), 14 deletions(-)
 create mode 100644 docs/sandboxes.rst

diff --git a/README.md b/README.md
index 84d0e7d..9b696e3 100644
--- a/README.md
+++ b/README.md
@@ -22,4 +22,9 @@ Pastehunter supports several output modules:
  - Dump to CSV file.
  - Send to syslog.
 
+ ## Supported Sandboxes
+ Pastehunter supports several sandboxes that decoded data can be sent to:
+ - Cuckoo
+ - Viper
+
 For examples of data discovered using pastehunter check out my posts https://techanarchy.net/blog/hunting-pastebin-with-pastehunter and https://techanarchy.net/blog/pastehunter-the-results
diff --git a/docs/postprocess.rst b/docs/postprocess.rst
index eaac1d5..15512d9 100644
--- a/docs/postprocess.rst
+++ b/docs/postprocess.rst
@@ -29,20 +29,7 @@ when the full paste is a base64 blob, i.e. it will not extract base64 code that
 
 - **rule_list**: List of rules that will trigger the postprocess module. 
 
-
-Cuckoo
-^^^^^^
-If the samples match a binary file format you can optionaly send the file for analysis by a Cuckoo Sandbox.
-
-- **api_host**: IP or hostname for a Cuckoo API endpoint. 
-- **api_port**: Port number for a Cuckoo API endpoint.
-
-Viper
-^^^^^
-If the samples match a binary file format you can optionaly send the file to a Viper instance for further analysis.
-
-- **api_host**: IP or hostname for a Cuckoo API endpoint. 
-- **api_port**: Port number for a Cuckoo API endpoint.
+See the `Sandboxes documentation <sandboxes.rst>`_ for information on how to configure the sandboxes used for scanning decoded base64 data.
 
 
 Entropy
diff --git a/docs/sandboxes.rst b/docs/sandboxes.rst
new file mode 100644
index 0000000..07d099c
--- /dev/null
+++ b/docs/sandboxes.rst
@@ -0,0 +1,25 @@
+Sandboxes
+=========
+
+There are a few sandboxes that can be configured and used in various post process steps.
+
+There are a few generic options for each input.
+
+- **enabled**: This turns the sandbox on and off. 
+- **module**: This is used internally by pastehunter.
+
+Cuckoo
+------
+
+If the samples match a binary file format you can optionaly send the file for analysis by a Cuckoo Sandbox.
+
+- **api_host**: IP or hostname for a Cuckoo API endpoint. 
+- **api_port**: Port number for a Cuckoo API endpoint.
+
+Viper
+-----
+
+If the samples match a binary file format you can optionaly send the file to a Viper instance for further analysis.
+
+- **api_host**: IP or hostname for a Viper API endpoint. 
+- **api_port**: Port number for a Viper API endpoint.