Improve table docs (#29)

.github/workflows/steampipe-anywhere.yml

@@ -0,0 +1,12 @@
+name: Release Steampipe Anywhere Components
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+
+jobs:
+  anywhere_publish_workflow:
+    uses: turbot/steampipe-workflows/.github/workflows/steampipe-anywhere.yml@main
+    secrets: inherit

README.md

@@ -30,6 +30,18 @@ where
   ip_address = '76.76.21.21'
 ```
 
+## Engines
+
+This plugin is available for the following engines:
+
+| Engine        | Description
+|---------------|------------------------------------------
+| [Steampipe](https://steampipe.io/docs) | The Steampipe CLI exposes APIs and services as a high-performance relational database, giving you the ability to write SQL-based queries to explore dynamic data. Mods extend Steampipe's capabilities with dashboards, reports, and controls built with simple HCL. The Steampipe CLI is a turnkey solution that includes its own Postgres database, plugin management, and mod support.
+| [Postgres FDW](https://steampipe.io/docs/steampipe_postgres/index) | Steampipe Postgres FDWs are native Postgres Foreign Data Wrappers that translate APIs to foreign tables. Unlike Steampipe CLI, which ships with its own Postgres server instance, the Steampipe Postgres FDWs can be installed in any supported Postgres database version.
+| [SQLite Extension](https://steampipe.io/docs//steampipe_sqlite/index) | Steampipe SQLite Extensions provide SQLite virtual tables that translate your queries into API calls, transparently fetching information from your API or service as you request it.
+| [Export](https://steampipe.io/docs/steampipe_export/index) | Steampipe Plugin Exporters provide a flexible mechanism for exporting information from cloud services and APIs. Each exporter is a stand-alone binary that allows you to extract data using Steampipe plugins without a database.
+| [Turbot Pipes](https://turbot.com/pipes/docs) | Turbot Pipes is the only intelligence, automation & security platform built specifically for DevOps. Pipes provide hosted Steampipe database instances, shared dashboards, snapshots, and more.
+
 ## Developing
 
 Prerequisites:
@@ -69,11 +81,17 @@ Further reading:
 - [Writing plugins](https://steampipe.io/docs/develop/writing-plugins)
 - [Writing your first table](https://steampipe.io/docs/develop/writing-your-first-table)
 
-## Contributing
+## Open Source & Contributing
+
+This repository is published under the [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0) (source code) and [CC BY-NC-ND](https://creativecommons.org/licenses/by-nc-nd/2.0/) (docs) licenses. Please see our [code of conduct](https://github.com/turbot/.github/blob/main/CODE_OF_CONDUCT.md). We look forward to collaborating with you!
+
+[Steampipe](https://steampipe.io) is a product produced from this open source software, exclusively by [Turbot HQ, Inc](https://turbot.com). It is distributed under our commercial terms. Others are allowed to make their own distribution of the software, but cannot use any of the Turbot trademarks, cloud services, etc. You can learn more in our [Open Source FAQ](https://turbot.com/open-source).
+
+## Get Involved
 
-Please see the [contribution guidelines](https://github.com/turbot/steampipe/blob/main/CONTRIBUTING.md) and our [code of conduct](https://github.com/turbot/steampipe/blob/main/CODE_OF_CONDUCT.md). All contributions are subject to the [Apache 2.0 open source license](https://github.com/turbot/steampipe-plugin-abuseipdb/blob/main/LICENSE).
+**[Join #steampipe on Slack →](https://turbot.com/community/join)**
 
-`help wanted` issues:
+Want to help but don't know where to start? Pick up one of the `help wanted` issues:
 
 - [Steampipe](https://github.com/turbot/steampipe/labels/help%20wanted)
 - [AbuseIPDB Plugin](https://github.com/turbot/steampipe-plugin-abuseipdb/labels/help%20wanted)

docs/index.md

@@ -8,13 +8,14 @@ short_name: "abuseipdb"
 description: "Steampipe plugin to query IP address abuse data and more from AbuseIPDB."
 og_description: "Query AbuseIPDB with SQL! Open source CLI. No DB required."
 og_image: "/images/plugins/turbot/abuseipdb-social-graphic.png"
+engines: ["steampipe", "sqlite", "postgres", "export"]
 ---
 
 # AbuseIPDB + Steampipe
 
 [AbuseIPDB](https://abuseipdb.com) allows users to report and identify IP addresses that have been associated with malicious activity online.
 
-[Steampipe](https://steampipe.io) is an open source CLI to instantly query cloud APIs using SQL.
+[Steampipe](https://steampipe.io) is an open-source zero-ETL engine to instantly query cloud APIs using SQL.
 
 Query IP address base data from AbuseIPDB:
 
@@ -64,7 +65,4 @@ connection "abuseipdb" {
 
 - `api_key` - Free API key for authenticated access.
 
-## Get involved
 
-- Open source: https://github.com/turbot/steampipe-plugin-abuseipdb
-- Community: [Join #steampipe on Slack →](https://turbot.com/community/join)

docs/tables/abuseipdb_category.md

@@ -1,16 +1,35 @@
-# Table: abuseipdb_category
+---
+title: "Steampipe Table: abuseipdb_category - Query AbuseIPDB Categories using SQL"
+description: "Allows users to query AbuseIPDB Categories, specifically to retrieve details about the categories of IP addresses reported for abusive behavior."
+---
 
-Abuse categories used in reports.
+# Table: abuseipdb_category - Query AbuseIPDB Categories using SQL
+
+AbuseIPDB is a service that allows users to report and check IP addresses for known malicious activity. It categorizes IP addresses based on the types of abuse reported, such as fraud orders, DDoS attacks, spam emails, etc. This categorization helps in identifying the nature of the threat posed by a particular IP address.
+
+## Table Usage Guide
+
+The `abuseipdb_category` table provides insights into the categories of IP addresses reported for abusive behavior in the AbuseIPDB. As a security analyst, explore category-specific details through this table, including the types of abuse associated with each category. Utilize it to enhance your understanding of the threat landscape and to aid in decision-making for threat mitigation strategies.
 
 ## Examples
 
 ### List the categories
+Explore all the categories available in the AbuseIPDB to understand the types of abusive behavior that are tracked, allowing for more efficient and targeted security measures.
 
-```sql
+```sql+postgres
 select
   *
 from
   abuseipdb_category
 order by
-  id
+  id;
 ```
+
+```sql+sqlite
+select
+  *
+from
+  abuseipdb_category
+order by
+  id;
+```

docs/tables/abuseipdb_check_cidr.md

@@ -1,12 +1,22 @@
-# Table: abuseipdb_check_cidr
+---
+title: "Steampipe Table: abuseipdb_check_cidr - Query AbuseIPDB CIDR Reports using SQL"
+description: "Allows users to query CIDR Reports in AbuseIPDB, specifically the reports of IP addresses that have been reported as abusive, providing insights into potential security threats."
+---
 
-Query the abuse confidence score for all IPs in a CIDR range.
+# Table: abuseipdb_check_cidr - Query AbuseIPDB CIDR Reports using SQL
+
+AbuseIPDB is a service that allows users to report and check IP addresses that have been involved in malicious activities like hacking attempts, spamming, and brute force attacks. It offers a comprehensive database of internet protocol addresses that have been reported as abusive. It helps in identifying potential security threats and aids in taking appropriate preventative measures.
+
+## Table Usage Guide
+
+The `abuseipdb_check_cidr` table provides insights into CIDR reports within AbuseIPDB. As a security analyst, explore CIDR-specific details through this table, including the number of reports, abuse confidence score, and associated metadata. Utilize it to uncover information about potential security threats, such as the most reported IP addresses, the nature of the reported abuse, and the geographical location of the reported IPs.
 
 ## Examples
 
 ### List information about IPs in a CIDR range
+Identify instances where specific IP addresses within a certain range have been reported for abuse. This can help in assessing potential security threats and taking necessary preventive actions.
 
-```sql
+```sql+postgres
 select
   ip_address,
   abuse_confidence_score,
@@ -15,5 +25,9 @@ select
 from
   abuseipdb_check_cidr
 where
-  cidr = '76.76.21.20/30'
+  cidr = '76.76.21.20/30';
 ```
+
+```sql+sqlite
+Error: SQLite does not support CIDR operations.
+```

docs/tables/abuseipdb_check_ip.md

@@ -1,25 +1,47 @@
-# Table: abuseipdb_check_ip
+---
+title: "Steampipe Table: abuseipdb_check_ip - Query AbuseIPDB IP Reports using SQL"
+description: "Allows users to query IP Reports in AbuseIPDB, specifically the IP address details, providing insights into IP reputation and potential abuse activities."
+---
 
-Query the abuse confidence score and other information about an IP address.
+# Table: abuseipdb_check_ip - Query AbuseIPDB IP Reports using SQL
+
+AbuseIPDB is a service that helps system administrators, IT security analysts, and developers to understand whether a specific IP address has been reported for suspicious activity. It provides an API to check and report IP addresses associated with malicious activities like spamming, brute-force attacks, and other forms of abuse. AbuseIPDB helps in identifying potential threats and taking necessary actions to prevent cyber attacks.
+
+## Table Usage Guide
+
+The `abuseipdb_check_ip` table provides insights into IP addresses reported for suspicious activities in AbuseIPDB. As a system administrator or IT security analyst, explore IP-specific details through this table, including abuse reports, reputation score, and associated metadata. Utilize it to uncover information about reported IPs, such as their reputation, the number of times they've been reported, and the categories of abuse they've been associated with.
 
 ## Examples
 
 ### Get information about an IP
+Analyze the settings to understand the potential abuse history and confidence score for a specific IP address. This query is useful for identifying potential security risks and recent abuse reports associated with that IP.
 
-```sql
+```sql+postgres
 select
   ip_address,
   abuse_confidence_score,
   last_reported_at
 from
   abuseipdb_check_ip
 where
-  ip_address = '76.76.21.21'
+  ip_address = '76.76.21.21';
+```
+
+```sql+sqlite
+select
+  ip_address,
+  abuse_confidence_score,
+  last_reported_at
+from
+  abuseipdb_check_ip
+where
+  ip_address = '76.76.21.21';
 ```
 
 ### List all reports for a given IP over the last year
+Determine the reports associated with a specific IP address over the past year. This can be useful for understanding the history of suspicious activities and identifying recurring patterns or categories of abuse.
 
-```sql
+```sql+postgres
 select
   report ->> 'reportedAt' as reported_at,
   report ->> 'comment' as comment,
@@ -29,12 +51,26 @@ from
   jsonb_array_elements(reports) as report
 where
   ip_address = '76.76.21.21'
-  and max_age_in_days = 365
+  and max_age_in_days = 365;
+```
+
+```sql+sqlite
+select
+  json_extract(report.value, '$.reportedAt') as reported_at,
+  json_extract(report.value, '$.comment') as comment,
+  json_extract(report.value, '$.categories') as categories
+from
+  abuseipdb_check_ip,
+  json_each(reports) as report
+where
+  ip_address = '76.76.21.21'
+  and max_age_in_days = 365;
 ```
 
 ### Top categories for reports against this IP in the last year
+Determine the most frequently reported categories associated with a specific IP address over the past year. This can be useful for identifying trends or patterns in abusive behavior for cybersecurity purposes.
 
-```sql
+```sql+postgres
 select
   category_id.value as category,
   c.title,
@@ -52,5 +88,27 @@ group by
   category_id.value,
   c.title
 order by
-  count desc
+  count desc;
 ```
+
+```sql+sqlite
+select
+  json_extract(category_id.value, '$') as category,
+  c.title,
+  count(*)
+from
+  abuseipdb_check_ip as ch,
+  json_each(json_extract(ch.reports, '$')) as report,
+  json_each(json_extract(report.value, '$.categories')) as category_id,
+  abuseipdb_category as c
+where
+  ch.ip_address = '76.76.21.21'
+  and ch.max_age_in_days = 365
+  and c.id = cast(json_extract(category_id.value, '$') as int)
+group by
+  json_extract(category_id.value, '$'),
+  c.title
+order by
+  count(*) desc;
+```
+

docs/tables/abuseipdb_deny.md

@@ -1,31 +1,56 @@
-# Table: abuseipdb_deny
+---
+title: "Steampipe Table: abuseipdb_deny - Query AbuseIPDB Denylists using SQL"
+description: "Allows users to query AbuseIPDB Denylists, specifically the IP addresses that have been reported for abusive activities, providing insights into potential security threats."
+---
 
-List IPs with an abuse confidence score above a minimum. This list is often
-used as a deny list of IPs.
+# Table: abuseipdb_deny - Query AbuseIPDB Denylists using SQL
 
-Notes:
+AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet. Its primary function is to provide a platform for internet service providers, network administrators, and other interested parties to share and access data about abusive IP addresses. It aids in the identification of sources of malicious activities and helps in implementing preventive measures.
 
+## Table Usage Guide
+
+The `abuseipdb_deny` table provides insights into IP addresses that have been reported for abusive activities on the AbuseIPDB platform. As a network administrator or security analyst, explore details about these IP addresses through this table, including their abuse confidence score, country of origin, and associated reports. Utilize it to uncover information about potential security threats, such as those from known malicious sources, for effective threat intelligence and preventive measures.
+
+**Important Notes**
 - If not specified, the default `confidence_minimum` is 90.
 - The free tier limit is 5 requests per day.
 
 ## Examples
 
 ### Basic deny list (default confidence minimum of 90)
+Explore which IP addresses are considered malicious based on a default confidence score of 90 or above. This helps in enhancing your network's security by blocking potentially harmful traffic.
 
-```sql
+```sql+postgres
 select
   *
 from
-  abuseipdb_deny
+  abuseipdb_deny;
+```
+
+```sql+sqlite
+select
+  *
+from
+  abuseipdb_deny;
 ```
 
 ### List IPs with a confidence minimum of 95
+Discover the segments that have a high confidence level of 95, allowing you to focus on the most reliable data for your security analysis. This is particularly useful when you need to prioritize actions based on the degree of certainty in the data.
 
-```sql
+```sql+postgres
 select
   *
 from
   abuseipdb_deny
 where
-  confidence_minimum = 95
+  confidence_minimum = 95;
 ```
+
+```sql+sqlite
+select
+  *
+from
+  abuseipdb_deny
+where
+  confidence_minimum = 95;
+```