From ec9e6b8d486d2bffd7c6c7cea2b657b021f1e3df Mon Sep 17 00:00:00 2001 From: "Juan C. Montes" <33036804+juancmontes@users.noreply.github.com> Date: Fri, 23 Feb 2018 09:48:20 +0100 Subject: [PATCH] Use Modules Controller Documentation to use the new feature to can call misp-modules from API. --- automation/README.md | 116 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) diff --git a/automation/README.md b/automation/README.md index 170b901..2a0813c 100644 --- a/automation/README.md +++ b/automation/README.md @@ -1978,6 +1978,122 @@ An example output of https:///users/statistics.json: } ~~~~ +# MISP modules +## Description +It is possible call misp-modules directly from API. +If the module needs credentials, API will get the information directly from MISP configuration. +### GET /modules/ +Retrieve a list of all modules enabled. +#### Example +~~~bash +curl --header "Authorization: " --header "Accept: application/json" --header "Content-Type: application/json" -X GET http:///modules/ +~~~ + +#### Output +~~~json +[ + { + "name": "passivetotal", + "type": "expansion", + "mispattributes": { + "input": [ + "hostname", + "domain", + "ip-src", + "ip-dst" + ], + "output": [ + "ip-src", + "ip-dst", + "hostname", + "domain" + ] + }, + "meta": { + "description": "PassiveTotal expansion service to expand values with multiple Passive DNS sources", + "config": [ + "username", + "password" + ], + "author": "Alexandre Dulaunoy", + "version": "0.1" + } + }, + { + "name": "sourcecache", + "type": "expansion", + "mispattributes": { + "input": [ + "link" + ], + "output": [ + "link" + ] + }, + "meta": { + "description": "Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.", + "author": "Alexandre Dulaunoy", + "version": "0.1" + } + }, + { + "name": "dns", + "type": "expansion", + "mispattributes": { + "input": [ + "hostname", + "domain" + ], + "output": [ + "ip-src", + "ip-dst" + ] + }, + "meta": { + "description": "Simple DNS expansion service to resolve IP address from MISP attributes", + "author": "Alexandre Dulaunoy", + "version": "0.1" + } + } +] +~~~ + +### POST /modules/query +Call any enabled module. + +#### Example + +Content of dns.json +~~~json +{ + "hostname": "www.foo.be", + "module": "dns" +} +~~~ + +Query using MISP API + +~~~bash +curl --header "Authorization: " --header "Accept: application/json" --header "Content-Type: application/json" --data @dns.json -X POST http:///modules/query +~~~ + +The output will be following JSON: + +~~~json +{ + "results": [ + { + "types": [ + "ip-src", + "ip-dst" + ], + "values": [ + "188.65.217.78" + ] + } + ] +} +~~~