MISP
/
PyMISP
mirror of https://github.com/MISP/PyMISP
2
0
Fork 0
Code Issues Releases Wiki Activity
2,373 Commits
13 Branches
164 Tags
92 MiB
Commit Graph

1242 Commits (60ba85852763ea1de965438f18fbd9743c0910c3)

Author SHA1 Message Date
Raphaël Vinot c8cb3bb589
chg: remove trailing space 2020-11-28 11:28:22 +01:00
Raphaël Vinot 201eeeb729
Update mispevent.py 2020-11-28 02:06:48 +01:00
Raphaël Vinot fe91e10ced chg: on-demand decryption of malware-binary, speeds up pythonify. 2020-11-26 13:31:10 +01:00
Raphaël Vinot 4c2ee4fd2f fix: Properly match IO in load event 2020-11-25 13:34:13 +01:00
Raphaël Vinot f254e15bd4 fix: Typing on recent mypy 2020-11-25 13:19:19 +01:00
Raphaël Vinot 3e1cfc1461 fix: Typing edge case 2020-11-25 09:23:33 +01:00
Raphaël Vinot ded44278af fix: Add attribute dict as proposal 2020-11-24 20:03:01 +01:00
Raphaël Vinot ad40915a79 chg: Bump version 2020-11-24 15:03:13 +01:00
Raphaël Vinot 9046b08a3c fix: Do not fail on PyMISP import when mail-parser is not present 2020-11-24 14:56:29 +01:00
Raphaël Vinot 7b2e78246a chg: Improve typing 2020-11-24 14:40:00 +01:00
Raphaël Vinot 35860b49bd chg: Improve add_attribute with a list 
Related: #655
 2020-11-24 13:50:14 +01:00
Raphaël Vinot 346f8d4b03 chg: Bump version 2020-11-24 12:39:05 +01:00
Alexandre Dulaunoy 39d471b58d
chg: [type] process-state added 2020-11-24 12:22:37 +01:00
Raphaël Vinot 71fe62b466 fix: Make mail-parser really optional 2020-11-24 12:18:35 +01:00
Alexandre Dulaunoy 0a08925a1a
chg: [misp-objects] updated 2020-11-24 11:57:16 +01:00
Alexandre Dulaunoy f3a408ce11
chg: [types] jarm-fingerprint added 2020-11-24 11:28:02 +01:00
Raphaël Vinot 80e13df3fa chg: Bump version, travis install 2020-11-24 11:17:23 +01:00
Raphaël Vinot 9fed66eb2b chg: Make mail-parser an optional dependency 2020-11-24 11:17:23 +01:00
Raphaël Vinot 5b0d42d6b2 chg: Bump version 2020-11-23 10:05:32 +01:00
Raphaël Vinot 75a7774887 chg: Improve documentation of search_index 
Related: #656
 2020-11-19 11:48:18 +01:00
Raphaël Vinot b55370cdad chg: Improve error handling for Outlook emails 
Related: #631
 2020-11-19 11:38:35 +01:00
Raphaël Vinot ac9b117f36
Merge pull request #631 from JakubOnderka/emailobject-tool-upgrade 
Emailobject tool upgrade
 2020-11-19 10:46:42 +01:00
Raphaël Vinot 02eff91c1e chg: Bump object templates 2020-11-18 00:24:23 +01:00
Raphaël Vinot ef845926b1 chg: Do not split a string into a list in complex query builder 
fix #597
 2020-11-17 14:39:58 +01:00
Jakub Onderka 2d4debe23c
fix: Path for event creating and editing 2020-11-16 17:22:10 +01:00
Raphaël Vinot 3b130bd973 fix: object_uuid could be None 
Fix #640
 2020-11-10 12:04:45 +01:00
Raphaël Vinot b646f0c5da
Merge pull request #651 from JakubOnderka/new-api 
New API
 2020-11-09 10:53:34 +01:00
Jakub Onderka 6c1f476bdd new: Method to check attribute and object existence 2020-11-07 10:17:16 +01:00
Raphaël Vinot 0d8467920f fix: Missing f-string marker 2020-11-06 11:01:08 +01:00
Raphaël Vinot 70de680912 chg: Use REST search for the tags 
Related to comments on a1326f2cf2
 2020-11-05 16:51:58 +01:00
Raphaël Vinot bdcc19c5fb chg: Add typing meta 2020-11-03 13:30:50 +01:00
Remy Dewailly be2b8b4ce7 We can now upload stix object directly. File is not necessary. 2020-11-03 13:17:16 +01:00
Remy Dewailly 115bc59425 We can now upload stix object directly. File is not necessary. 2020-11-03 13:13:32 +01:00
Jakub Onderka 5e4dd2b974 new: Allow to get just event metadata after add_event and edit_event 2020-11-03 12:10:38 +01:00
Jakub Onderka 495af1fd9c new: Method to check event existence 2020-11-03 12:10:37 +01:00
Raphaël Vinot 7e84c36406 fix: Docstring improvment based on @chrisinmtown's feedback 2020-11-02 14:48:51 +01:00
Raphaël Vinot a1326f2cf2 new: Add method to search for tags. 
fix #648
 2020-11-02 12:47:56 +01:00
Raphaël Vinot 15b9569ccb chg: Bump version 2020-11-02 10:52:04 +01:00
Raphaël Vinot d1a2dd10ab chg: Bump misp-objects 2020-11-02 10:47:50 +01:00
Raphaël Vinot f46d44aaa6
Merge pull request #649 from JakubOnderka/keep-alive 
chg: Keep connection alive between requests
 2020-11-02 09:55:24 +01:00
Jakub Onderka 9aa119e080 chg: Keep connection alive between requests 2020-10-29 13:40:23 +01:00
Lott, Christopher (cl778h) aa206d0009 chg: format docstrings in mispevent.py 
Add ":param " prefix to parameters to improve ReadTheDocs output.
Fix some minor typos in docstrings.
 2020-10-27 11:14:06 -04:00
Friedrich Lindenberg 5016858201 Drop `encoding=` in Python 3.9 2020-10-27 12:24:29 +01:00
Jakub Onderka 9fd3d8a3e3 fix: [emailobject] Correctly parse multiple addresses 2020-10-24 17:24:18 +02:00
Jakub Onderka 055ef16e41 new: Test parsing just email header 2020-10-24 17:24:18 +02:00
Jakub Onderka 5e0ad0a47f new: Test parsing outlook message format 2020-10-24 17:24:18 +02:00
Jakub Onderka f598865ce4 new: Refactored emailobject generator 2020-10-24 17:24:17 +02:00
Jakub Onderka d39d4caf7d new: Export display name from email 2020-10-24 17:16:16 +02:00
Jakub Onderka c2fedc3850 new: Parse date from email 2020-10-24 17:16:16 +02:00
Raphaël Vinot d428858f1e fix: Do now fail on requests returning plain text 
Fix #639
 2020-10-21 15:16:17 +02:00
Raphaël Vinot 624c6e0422 chg: Bump object templates 2020-10-16 13:13:43 +02:00
Raphaël Vinot e683ceabf7 chg: Bump version 2020-10-16 13:09:29 +02:00
Raphaël Vinot 8392a84c83 Merge branch 'main' of github.com:MISP/PyMISP into main 2020-10-16 13:01:29 +02:00
Alexandre Dulaunoy 83b8172dc6
chg: [type] updated 2020-10-15 15:12:47 +02:00
Tom King e5d413ca4f Merge remote-tracking branch 'upstream/main' into feature/tagdelete_searchsg 2020-10-14 17:14:52 +01:00
Alexandre Dulaunoy 1d83f38725
chg: [data] misp-objects updated 2020-10-13 22:57:38 +02:00
Alexandre Dulaunoy 85c2600bd7
new: [attribute type] telfhash added 2020-10-13 22:34:24 +02:00
Alexandre Dulaunoy 77e7111c29
chg: [type] new type added 2020-10-01 15:08:45 +02:00
garanews cd785aab09 fix typo 
fix typo
 2020-10-01 13:45:29 +02:00
Raphaël Vinot 516e7472bb chg: Bump deps, objects 2020-09-29 11:17:16 +02:00
Raphaël Vinot c39328f30a fix: Do not modify default_attributes_parameters in MISPObject 2020-09-15 17:01:56 +02:00
Lott, Christopher (cl778h) f1de0fb794 chg: add docstrings and extend conf.py for RTD 
Add minimal docstrings to public methods so ReadTheDocs will display them.
Add autodoc mock import for lief so RTD can generate HTML for tools.

This fixes issue #626
 2020-09-15 10:40:21 -04:00
Raphaël Vinot 18474a2144 chg: Add comments to ELF, PE, and MachO object generators. 2020-09-15 12:39:59 +02:00
Raphaël Vinot 50e5f156bd chg: Improve error message, add comments, rename whitelist->allowedlist 2020-09-15 12:31:22 +02:00
Raphaël Vinot 9c48079d88 new: Method to get the new version of the templates 2020-09-10 15:26:34 +02:00
Raphaël Vinot e3815a41f1 fix: Make flake8 happy 2020-09-09 15:41:42 +02:00
Raphaël Vinot cab202e1da
Merge pull request #624 from seamustuohy/fix-badly-encoded-emails 
Attempt to decode utf-8-sig encoded emails.
 2020-09-09 15:02:18 +02:00
seamus tuohy 07137209e2 Attempt to decode utf-8-sig encoded emails. 
eml files downloaded from Windows Online security on some Windows 11
systems are automatically encoded in UTF with a byte order mark (BOM)
at the front of the file. This will cause the email parser to fail.

This is a somewhat isolated problem. It only will affects a small
subset of Windows users who download and re-upload eml files. But,
this small subset of users is the target user-base for the MISP
email module: low expertiese users who wish to quickly share
high-value indicators on an ad-hoc basis.

While this fix could be tacked onto the MISP email module instead of
here, I beleive that this fix is more appropriate in the PyMISP object
code. As the "email" object parser this object should be built to
parse all manner of emails that it may encounter. This includes common
malformations such as this one and, even horrors such as, the .msg
format. This commit adds a generically named "attempt_decoding"
function which can be expanded to address all manner of sins that
are encountered in the future.
 2020-09-09 07:45:07 -04:00
Raphaël Vinot 49aede3947 chg: Bump version 2020-09-08 12:43:25 +02:00
Raphaël Vinot 07fed2fbb4 chg: Bump objects 2020-09-08 11:18:40 +02:00
Raphaël Vinot 7cc868bc8d Merge branch 'main' of github.com:MISP/PyMISP into main 2020-09-08 10:55:32 +02:00
Raphaël Vinot cd93d6b868 chg: Bump objects 2020-09-08 10:55:20 +02:00
Alexandre Dulaunoy c7edf4e33a
chg: [describeTypes] updated 2020-09-04 16:33:11 +02:00
Alexandre Dulaunoy 5598351a8b
chg: [describeTypes] updated 2020-09-04 16:00:41 +02:00
Raphaël Vinot 3cbd906520 chg: Bump objects 2020-09-02 15:06:59 +02:00
Raphaël Vinot 918f841087 chg: Rename blacklist -> blocklist 2020-09-01 19:29:12 +02:00
Alexandre Dulaunoy 92c5d11f47
new: [describeTypes] sha3 added 2020-08-24 10:38:25 +02:00
Raphaël Vinot 29af8645f7 chg: Bump version 2020-08-20 13:01:00 +02:00
Raphaël Vinot f52ee0e0e7 chg: Bump objects 2020-08-20 12:44:35 +02:00
Raphaël Vinot 6e4bf35bda chg: Bump types 2020-08-20 12:22:12 +02:00
deku dd6922fd3a Exclude section correlation .rsrc and zero-filled 2020-08-14 11:13:53 -04:00
Raphaël Vinot be8c94e6e7 chg: Cleanup blocklist methods 2020-08-04 12:20:21 +02:00
Raphaël Vinot 2bbf888ca7 new: Blacklist methods 2020-08-03 15:59:54 +02:00
Raphaël Vinot 83273b6ce8 new: Add list of missing calls 2020-07-30 16:48:37 +02:00
Paal Braathen ff62f1c19c Linting/Add missing whitespace 2020-07-28 20:05:42 +02:00
Raphaël Vinot 706e553f5d
Merge pull request #607 from paalbra/remove-unnecessary-logic 
Remove explicit loglevel checking
 2020-07-28 12:42:44 +02:00
Paal Braathen e8d34ea337 Remove explicit loglevel checking 2020-07-28 11:18:43 +02:00
Paal Braathen 96881f216b Remove explicit traceback printing 2020-07-28 11:03:59 +02:00
Raphaël Vinot b2e8cffd0b fix: Add STIX XML output for the search 
Use stix-xml as return_format.

Fix #600 https://github.com/MISP/MISP/issues/5618
 2020-07-17 14:19:15 +02:00
louis b6322c0d0c chg: Make get_object return a not standalone object 2020-06-30 13:07:38 +02:00
louis f8589061cb chg: Remove standalone default value from MISPObject children c'tor 
MISPObject.__init__ sets standalone=True by default, so there is no
need to do it in its child classes.
 2020-06-30 12:40:08 +02:00
louis 67d2e47b3b chg: Make MISPObject standalone by default 
standalone defaults to True in MISPObject.__init__, and is set to False
when the object is added to an event.
 2020-06-30 12:36:19 +02:00
louis 86f758e5b4 new: Add MISPObject.standalone property 
Setting MISPObject.standalone updates MISPObject._standalone and
add/removes "ObjectReference" from AbstractMISP.__not_jsonable using
update_not_jsonable/_remove_from_not_jsonable.
 2020-06-29 18:55:07 +02:00
louis aa1c95f344 chg: Add MISPObject._standalone type 2020-06-29 18:38:27 +02:00
louis 0bbfac6143 new: Add AbstractMISP._remove_from_not_jsonable 2020-06-29 18:35:37 +02:00
Raphaël Vinot fc101aa790 chg: Bump version 2020-06-22 14:31:02 +02:00
Raphaël Vinot 3177d05c5d chg: Bump objects 2020-06-21 21:46:16 +02:00
Raphaël Vinot f94e247771 chg: Bump version 2020-06-19 15:33:23 +02:00
Raphaël Vinot ef91d3d966 chg: Bump misp-objects 2020-06-19 15:32:41 +02:00
Raphaël Vinot 578801e50d fix: Keep deleted key in MISPObject and MISPObjectAttribute 2020-06-19 14:12:03 +02:00