#
# Search assistant text for custom search command
#

[options]
syntax = (wildcard_prefix=<column_names>)? | (wildcard_suffix=<column_names>)? | (wildcard_affix=<column_names>)? | (message=<string>)?
description = 'wildcard_*' controls which columns to have their value\
  affixed with wildcard character. Affixed value will be added to a\
  new column. 'message' adds a custom message to new column custom_message.

[message-option]
syntax = (message=<string>)?
description = 'message' adds a custom message to new column custom_message.

[geturlhausfilter-command]
syntax = geturlhausfilter <options>
description = Get urlhaus-filter from malware-filter.
usage = public
example = | geturlhausfilter wildcard_prefix="path" message="lorem ipsum"
related = getphishingfilter getpupfilter getvnbadsitefilter getbotnetfilter

[getphishingfilter-command]
syntax = getphishingfilter <options>
description = Get phishing-filter from malware-filter.
usage = public
example = | getphishingfilter wildcard_prefix="path" message="lorem ipsum"
related = geturlhausfilter getpupfilter getvnbadsitefilter getbotnetfilter

[getpupfilter-command]
syntax = getpupfilter <options>
description = Get pup-filter from malware-filter.
usage = public
example = | getpupfilter wildcard_prefix="path" message="lorem ipsum"
related = geturlhausfilter getphishingfilter getvnbadsitefilter getbotnetfilter

[getvnbadsitefilter-command]
syntax = getvnbadsitefilter <options>
description = Get vn-badsite-filter from malware-filter.
usage = public
example = | getvnbadsitefilter wildcard_prefix="path" message="lorem ipsum"
related = geturlhausfilter getphishingfilter getpupfilter getbotnetfilter

[getbotnetfilter-command]
syntax = getbotnetfilter <message-option>
shortdesc = Get botnet-filter from malware-filter.
description = Get botnet-filter from malware-filter.\
  Please use 'getbotnetip' whenever possible.
usage = public
example = | getbotnetfilter message="lorem ipsum"
related = geturlhausfilter getphishingfilter getpupfilter getvnbadsitefilter

[getbotnetip-command]
syntax = getbotnetip <message-option>
description = Get botnet ip from Feodo Tracker.
usage = public
example = | getbotnetip message="lorem ipsum"
related = getopendbl

[getopendbl-command]
syntax = getopendbl <message-option>
description = Get ip blocklists from Open Dynamic Block Lists (Opendbl).
usage = public
example = | getopendbl message="lorem ipsum"
related = getbotnetip