2021-04-19 10:28:49 +02:00
<!doctype html>
< html lang = "en" class = "no-js" >
< head >
< meta charset = "utf-8" >
< meta name = "viewport" content = "width=device-width,initial-scale=1" >
< meta name = "description" content = "MISP Modules Project" >
< meta name = "author" content = "MISP Project" >
2022-01-07 12:10:48 +01:00
< link rel = "canonical" href = "https://www.misp-project.org/contribute/" >
2021-11-24 11:08:10 +01:00
2023-01-23 10:27:40 +01:00
< link rel = "prev" href = "../install/" >
< link rel = "next" href = "../license/" >
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< link rel = "icon" href = "../img/favicon.ico" >
2024-12-19 17:42:48 +01:00
< meta name = "generator" content = "mkdocs-1.6.1, mkdocs-material-9.5.45" >
2021-04-19 10:28:49 +02:00
< title > Contribute - MISP Modules Documentation< / title >
2024-12-19 17:42:48 +01:00
< link rel = "stylesheet" href = "../assets/stylesheets/main.0253249f.min.css" >
2021-04-19 10:28:49 +02:00
2023-12-13 11:30:58 +01:00
< link rel = "stylesheet" href = "../assets/stylesheets/palette.06af60db.min.css" >
2021-04-19 10:28:49 +02:00
2023-01-23 10:27:40 +01:00
2023-12-13 11:30:58 +01:00
2021-04-19 10:28:49 +02:00
2023-12-13 11:30:58 +01:00
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
2023-01-23 10:27:40 +01:00
2022-01-07 12:10:48 +01:00
< link rel = "preconnect" href = "https://fonts.gstatic.com" crossorigin >
2023-01-23 10:27:40 +01:00
< link rel = "stylesheet" href = "https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback" >
2022-01-07 12:10:48 +01:00
< style > : root { --md-text-font : "Roboto" ; --md-code-font : "Roboto Mono" } < / style >
2021-04-19 10:28:49 +02:00
2024-12-19 17:42:48 +01:00
< script > _ _md _scope = new URL ( ".." , location ) , _ _md _hash = e => [ ... e ] . reduce ( ( ( e , _ ) => ( e << 5 ) - e + _ . charCodeAt ( 0 ) ) , 0 ) , _ _md _get = ( e , _ = localStorage , t = _ _md _scope ) => JSON . parse ( _ . getItem ( t . pathname + "." + e ) ) , _ _md _set = ( e , _ , t = localStorage , a = _ _md _scope ) => { try { t . setItem ( a . pathname + "." + e , JSON . stringify ( _ ) ) } catch ( e ) { } } < / script >
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
2021-04-19 10:28:49 +02:00
2023-01-23 10:27:40 +01:00
2021-04-19 10:28:49 +02:00
< / head >
2022-01-07 12:10:48 +01:00
2021-04-19 10:28:49 +02:00
2023-12-13 11:49:48 +01:00
< body dir = "ltr" data-md-color-scheme = "default" data-md-color-primary = "indigo" data-md-color-accent = "indigo" >
2021-10-27 22:17:30 +02:00
2022-01-07 12:10:48 +01:00
2021-10-27 22:17:30 +02:00
< input class = "md-toggle" data-md-toggle = "drawer" type = "checkbox" id = "__drawer" autocomplete = "off" >
< input class = "md-toggle" data-md-toggle = "search" type = "checkbox" id = "__search" autocomplete = "off" >
2022-01-07 12:10:48 +01:00
< label class = "md-overlay" for = "__drawer" > < / label >
< div data-md-component = "skip" >
< a href = "#how-to-add-your-own-misp-modules" class = "md-skip" >
Skip to content
< / a >
< / div >
< div data-md-component = "announce" >
< / div >
2021-10-27 22:17:30 +02:00
2022-01-07 12:10:48 +01:00
2023-12-13 11:30:58 +01:00
< header class = "md-header md-header--shadow" data-md-component = "header" >
2022-01-07 12:10:48 +01:00
< nav class = "md-header__inner md-grid" aria-label = "Header" >
< a href = ".." title = "MISP Modules Documentation" class = "md-header__button md-logo" aria-label = "MISP Modules Documentation" data-md-component = "logo" >
< img src = "../img/misp.png" alt = "logo" >
< / a >
< label class = "md-header__button md-icon" for = "__drawer" >
2023-12-13 11:30:58 +01:00
2024-12-19 17:42:48 +01:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z" / > < / svg >
2022-01-07 12:10:48 +01:00
< / label >
< div class = "md-header__title" data-md-component = "header-title" >
< div class = "md-header__ellipsis" >
< div class = "md-header__topic" >
< span class = "md-ellipsis" >
MISP Modules Documentation
< / span >
< / div >
< div class = "md-header__topic" data-md-component = "header-topic" >
< span class = "md-ellipsis" >
Contribute
< / span >
2021-11-24 11:08:10 +01:00
< / div >
< / div >
2022-01-07 12:10:48 +01:00
< / div >
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< div class = "md-header__source" >
< a href = "https://github.com/MISP/misp-modules/" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
2024-12-19 17:42:48 +01:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 448 512" > <!-- ! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc. --> < path d = "M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81" / > < / svg >
2022-01-07 12:10:48 +01:00
< / div >
2021-04-19 10:28:49 +02:00
< div class = "md-source__repository" >
MISP/misp-modules
< / div >
< / a >
2022-01-07 12:10:48 +01:00
< / div >
2021-04-19 10:28:49 +02:00
< / nav >
2022-01-07 12:10:48 +01:00
2021-04-19 10:28:49 +02:00
< / header >
2022-01-07 12:10:48 +01:00
< div class = "md-container" data-md-component = "container" >
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
2021-11-24 11:08:10 +01:00
2022-01-07 12:10:48 +01:00
< main class = "md-main" data-md-component = "main" >
< div class = "md-main__inner md-grid" >
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
< div class = "md-sidebar md-sidebar--primary" data-md-component = "sidebar" data-md-type = "navigation" >
2021-04-19 10:28:49 +02:00
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
2022-01-07 12:10:48 +01:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< nav class = "md-nav md-nav--primary" aria-label = "Navigation" data-md-level = "0" >
< label class = "md-nav__title" for = "__drawer" >
< a href = ".." title = "MISP Modules Documentation" class = "md-nav__button md-logo" aria-label = "MISP Modules Documentation" data-md-component = "logo" >
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
< img src = "../img/misp.png" alt = "logo" >
2021-04-19 10:28:49 +02:00
< / a >
MISP Modules Documentation
< / label >
< div class = "md-nav__source" >
2022-01-07 12:10:48 +01:00
< a href = "https://github.com/MISP/misp-modules/" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
2024-12-19 17:42:48 +01:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 448 512" > <!-- ! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc. --> < path d = "M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81" / > < / svg >
2022-01-07 12:10:48 +01:00
< / div >
2021-04-19 10:28:49 +02:00
< div class = "md-source__repository" >
MISP/misp-modules
< / div >
< / a >
< / div >
< ul class = "md-nav__list" data-md-scrollfix >
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< li class = "md-nav__item" >
< a href = ".." class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Home
< / span >
2022-01-07 12:10:48 +01:00
< / a >
< / li >
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< li class = "md-nav__item md-nav__item--nested" >
2023-12-13 11:30:58 +01:00
< input class = "md-nav__toggle md-toggle " type = "checkbox" id = "__nav_2" >
2021-04-19 10:28:49 +02:00
2023-12-13 11:30:58 +01:00
< label class = "md-nav__link" for = "__nav_2" id = "__nav_2_label" tabindex = "0" >
< span class = "md-ellipsis" >
Modules
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "1" aria-labelledby = "__nav_2_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_2" >
< span class = "md-nav__icon md-icon" > < / span >
Modules
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
2022-01-07 12:10:48 +01:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< li class = "md-nav__item" >
2024-08-13 09:17:16 +02:00
< a href = "../action_mod/" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
2024-08-13 09:17:16 +02:00
Action Modules
2023-12-13 11:30:58 +01:00
< / span >
2022-01-07 12:10:48 +01:00
< / a >
< / li >
2021-04-19 10:28:49 +02:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< li class = "md-nav__item" >
2024-08-13 09:17:16 +02:00
< a href = "../expansion/" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
2024-08-13 09:17:16 +02:00
Expansion Modules
2023-12-13 11:30:58 +01:00
< / span >
2022-01-07 12:10:48 +01:00
< / a >
< / li >
2021-04-19 10:28:49 +02:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< li class = "md-nav__item" >
2024-08-13 09:17:16 +02:00
< a href = "../export_mod/" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
2024-08-13 09:17:16 +02:00
Export Modules
2023-12-13 11:30:58 +01:00
< / span >
2022-01-07 12:10:48 +01:00
< / a >
< / li >
2021-11-24 11:08:10 +01:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
2024-08-13 08:21:34 +02:00
< li class = "md-nav__item" >
2024-08-13 09:17:16 +02:00
< a href = "../import_mod/" class = "md-nav__link" >
2024-08-13 08:21:34 +02:00
< span class = "md-ellipsis" >
2024-08-13 09:17:16 +02:00
Import Modules
2024-08-13 08:21:34 +02:00
< / span >
< / a >
< / li >
2023-12-13 11:30:58 +01:00
< / ul >
< / nav >
2022-01-07 12:10:48 +01:00
< / li >
2021-04-19 10:28:49 +02:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< li class = "md-nav__item" >
< a href = "../install/" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Install Guides
< / span >
2022-01-07 12:10:48 +01:00
< / a >
< / li >
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
2021-11-24 11:08:10 +01:00
2022-01-07 12:10:48 +01:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< li class = "md-nav__item md-nav__item--active" >
2023-12-13 11:30:58 +01:00
< input class = "md-nav__toggle md-toggle" type = "checkbox" id = "__toc" >
2022-01-07 12:10:48 +01:00
< label class = "md-nav__link md-nav__link--active" for = "__toc" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Contribute
< / span >
2022-01-07 12:10:48 +01:00
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< a href = "./" class = "md-nav__link md-nav__link--active" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Contribute
< / span >
2022-01-07 12:10:48 +01:00
< / a >
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
< nav class = "md-nav md-nav--secondary" aria-label = "Table of contents" >
2021-10-27 22:17:30 +02:00
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
< label class = "md-nav__title" for = "__toc" >
< span class = "md-nav__icon md-icon" > < / span >
Table of contents
< / label >
< ul class = "md-nav__list" data-md-component = "toc" data-md-scrollfix >
2021-04-19 10:28:49 +02:00
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#how-to-add-your-own-misp-modules" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
How to add your own MISP modules?
< / span >
2021-04-19 10:28:49 +02:00
< / a >
2022-01-07 12:10:48 +01:00
< nav class = "md-nav" aria-label = "How to add your own MISP modules?" >
2021-04-19 10:28:49 +02:00
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#introspection" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
introspection
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#version" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
version
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#additional-configuration-values" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Additional Configuration Values
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#handler" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
handler
< / span >
2021-04-19 10:28:49 +02:00
< / a >
2022-01-07 12:10:48 +01:00
< nav class = "md-nav" aria-label = "handler" >
2021-04-19 10:28:49 +02:00
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#export-module" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
export module
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< / ul >
< / nav >
< / li >
2022-09-06 14:31:37 +02:00
< li class = "md-nav__item" >
< a href = "#module-type" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Module type
< / span >
2022-09-06 14:31:37 +02:00
< / a >
2021-04-19 10:28:49 +02:00
< / li >
2022-09-06 14:31:37 +02:00
2023-01-23 10:27:40 +01:00
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#testing-your-modules" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Testing your modules?
< / span >
2021-04-19 10:28:49 +02:00
< / a >
2022-01-07 12:10:48 +01:00
< nav class = "md-nav" aria-label = "Testing your modules?" >
2021-04-19 10:28:49 +02:00
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#enable-your-module-in-the-web-interface" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Enable your module in the web interface
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#set-any-other-required-settings-for-your-module" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Set any other required settings for your module
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< / ul >
< / nav >
< / li >
2023-01-23 10:27:40 +01:00
< li class = "md-nav__item" >
2024-08-13 08:21:34 +02:00
< a href = "#install-misp-module-on-an-offline-instance" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
2024-08-13 08:21:34 +02:00
Install misp-module on an offline instance.
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#how-to-contribute-your-own-module" class = "md-nav__link" >
< span class = "md-ellipsis" >
How to contribute your own module?
2023-12-13 11:30:58 +01:00
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
2023-01-23 10:27:40 +01:00
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#tips-for-developers-creating-modules" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Tips for developers creating modules
< / span >
2021-04-19 10:28:49 +02:00
< / a >
2024-08-13 08:21:34 +02:00
< / li >
< li class = "md-nav__item" >
< a href = "#documentation" class = "md-nav__link" >
< span class = "md-ellipsis" >
Documentation
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#licenses" class = "md-nav__link" >
< span class = "md-ellipsis" >
Licenses
< / span >
< / a >
2021-04-19 10:28:49 +02:00
< / li >
< / ul >
< / nav >
2022-01-07 12:10:48 +01:00
< / li >
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< li class = "md-nav__item md-nav__item--nested" >
2023-12-13 11:30:58 +01:00
< input class = "md-nav__toggle md-toggle " type = "checkbox" id = "__nav_5" >
2021-11-24 11:08:10 +01:00
2023-12-13 11:30:58 +01:00
< label class = "md-nav__link" for = "__nav_5" id = "__nav_5_label" tabindex = "0" >
< span class = "md-ellipsis" >
About
< / span >
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" data-md-level = "1" aria-labelledby = "__nav_5_label" aria-expanded = "false" >
< label class = "md-nav__title" for = "__nav_5" >
< span class = "md-nav__icon md-icon" > < / span >
About
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
2022-01-07 12:10:48 +01:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< li class = "md-nav__item" >
< a href = "../license/" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
License
< / span >
2022-01-07 12:10:48 +01:00
< / a >
< / li >
2021-11-24 11:08:10 +01:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
2023-12-13 11:30:58 +01:00
< / ul >
< / nav >
2022-01-07 12:10:48 +01:00
< / li >
2021-04-19 10:28:49 +02:00
< / ul >
< / nav >
< / div >
< / div >
< / div >
2022-01-07 12:10:48 +01:00
< div class = "md-sidebar md-sidebar--secondary" data-md-component = "sidebar" data-md-type = "toc" >
2021-04-19 10:28:49 +02:00
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
2022-01-07 12:10:48 +01:00
< nav class = "md-nav md-nav--secondary" aria-label = "Table of contents" >
2021-04-19 10:28:49 +02:00
2021-10-27 22:17:30 +02:00
2022-01-07 12:10:48 +01:00
< label class = "md-nav__title" for = "__toc" >
< span class = "md-nav__icon md-icon" > < / span >
Table of contents
< / label >
< ul class = "md-nav__list" data-md-component = "toc" data-md-scrollfix >
2021-04-19 10:28:49 +02:00
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#how-to-add-your-own-misp-modules" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
How to add your own MISP modules?
< / span >
2021-04-19 10:28:49 +02:00
< / a >
2022-01-07 12:10:48 +01:00
< nav class = "md-nav" aria-label = "How to add your own MISP modules?" >
2021-04-19 10:28:49 +02:00
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#introspection" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
introspection
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#version" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
version
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#additional-configuration-values" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Additional Configuration Values
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#handler" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
handler
< / span >
2021-04-19 10:28:49 +02:00
< / a >
2022-01-07 12:10:48 +01:00
< nav class = "md-nav" aria-label = "handler" >
2021-04-19 10:28:49 +02:00
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#export-module" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
export module
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< / ul >
< / nav >
< / li >
2022-09-06 14:31:37 +02:00
< li class = "md-nav__item" >
< a href = "#module-type" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Module type
< / span >
2022-09-06 14:31:37 +02:00
< / a >
2021-04-19 10:28:49 +02:00
< / li >
2022-09-06 14:31:37 +02:00
2023-01-23 10:27:40 +01:00
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#testing-your-modules" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Testing your modules?
< / span >
2021-04-19 10:28:49 +02:00
< / a >
2022-01-07 12:10:48 +01:00
< nav class = "md-nav" aria-label = "Testing your modules?" >
2021-04-19 10:28:49 +02:00
< ul class = "md-nav__list" >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#enable-your-module-in-the-web-interface" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Enable your module in the web interface
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#set-any-other-required-settings-for-your-module" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Set any other required settings for your module
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
< / ul >
< / nav >
< / li >
2023-01-23 10:27:40 +01:00
< li class = "md-nav__item" >
2024-08-13 08:21:34 +02:00
< a href = "#install-misp-module-on-an-offline-instance" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
2024-08-13 08:21:34 +02:00
Install misp-module on an offline instance.
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#how-to-contribute-your-own-module" class = "md-nav__link" >
< span class = "md-ellipsis" >
How to contribute your own module?
2023-12-13 11:30:58 +01:00
< / span >
2021-04-19 10:28:49 +02:00
< / a >
< / li >
2023-01-23 10:27:40 +01:00
< li class = "md-nav__item" >
2022-01-07 12:10:48 +01:00
< a href = "#tips-for-developers-creating-modules" class = "md-nav__link" >
2023-12-13 11:30:58 +01:00
< span class = "md-ellipsis" >
Tips for developers creating modules
< / span >
2021-04-19 10:28:49 +02:00
< / a >
2024-08-13 08:21:34 +02:00
< / li >
< li class = "md-nav__item" >
< a href = "#documentation" class = "md-nav__link" >
< span class = "md-ellipsis" >
Documentation
< / span >
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "#licenses" class = "md-nav__link" >
< span class = "md-ellipsis" >
Licenses
< / span >
< / a >
2021-04-19 10:28:49 +02:00
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
2023-01-23 10:27:40 +01:00
< div class = "md-content" data-md-component = "content" >
< article class = "md-content__inner md-typeset" >
2021-04-19 10:28:49 +02:00
2023-01-23 10:27:40 +01:00
2023-05-31 14:33:17 +02:00
2023-01-23 10:27:40 +01:00
< h1 > Contribute< / h1 >
2022-01-07 12:10:48 +01:00
< h2 id = "how-to-add-your-own-misp-modules" > How to add your own MISP modules?< a class = "headerlink" href = "#how-to-add-your-own-misp-modules" title = "Permanent link" > ¶ < / a > < / h2 >
2024-08-13 08:21:34 +02:00
< p > Create your module in < a href = "https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/" > misp_modules/modules/expansion/< / a > , < a href = "https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/" > misp_modules/modules/export_mod/< / a > , or < a href = "https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/" > misp_modules/modules/import_mod/< / a > . The module should have at minimum three functions:< / p >
2021-04-19 10:28:49 +02:00
< ul >
< li > < strong > introspection< / strong > function that returns a dict of the supported attributes (input and output) by your expansion module.< / li >
< li > < strong > handler< / strong > function which accepts a JSON document to expand the values and return a dictionary of the expanded values.< / li >
< li > < strong > version< / strong > function that returns a dict with the version and the associated meta-data including potential configurations required of the module.< / li >
< / ul >
< p > Don't forget to return an error key and value if an error is raised to propagate it to the MISP user-interface.< / p >
< p > Your module's script name should also be added in the < code > __all__< / code > list of < code > < module type folder> /__init__.py< / code > in order for it to be loaded.< / p >
2023-01-23 10:27:40 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "o" > ...< / span >
< span class = "c1" > # Checking for required value< / span >
< span class = "k" > if< / span > < span class = "ow" > not< / span > < span class = "n" > request< / span > < span class = "o" > .< / span > < span class = "n" > get< / span > < span class = "p" > (< / span > < span class = "s1" > ' ip-src' < / span > < span class = "p" > ):< / span >
< span class = "c1" > # Return an error message< / span >
< span class = "k" > return< / span > < span class = "p" > {< / span > < span class = "s1" > ' error' < / span > < span class = "p" > :< / span > < span class = "s2" > " A source IP is required" < / span > < span class = "p" > }< / span >
< span class = "o" > ...< / span >
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< h3 id = "introspection" > introspection< a class = "headerlink" href = "#introspection" title = "Permanent link" > ¶ < / a > < / h3 >
< p > The function that returns a dict of the supported attributes (input and output) by your expansion module.< / p >
2023-01-23 10:27:40 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "n" > mispattributes< / span > < span class = "o" > =< / span > < span class = "p" > {< / span > < span class = "s1" > ' input' < / span > < span class = "p" > :< / span > < span class = "p" > [< / span > < span class = "s1" > ' link' < / span > < span class = "p" > ,< / span > < span class = "s1" > ' url' < / span > < span class = "p" > ],< / span >
< span class = "s1" > ' output' < / span > < span class = "p" > :< / span > < span class = "p" > [< / span > < span class = "s1" > ' attachment' < / span > < span class = "p" > ,< / span > < span class = "s1" > ' malware-sample' < / span > < span class = "p" > ]}< / span >
< span class = "k" > def< / span > < span class = "nf" > introspection< / span > < span class = "p" > ():< / span >
< span class = "k" > return< / span > < span class = "n" > mispattributes< / span >
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< h3 id = "version" > version< a class = "headerlink" href = "#version" title = "Permanent link" > ¶ < / a > < / h3 >
< p > The function that returns a dict with the version and the associated meta-data including potential configurations required of the module.< / p >
< h3 id = "additional-configuration-values" > Additional Configuration Values< a class = "headerlink" href = "#additional-configuration-values" title = "Permanent link" > ¶ < / a > < / h3 >
< p > If your module requires additional configuration (to be exposed via the MISP user-interface), you can define those in the moduleconfig value returned by the version function.< / p >
2023-01-23 10:27:40 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "c1" > # config fields that your code expects from the site admin< / span >
< span class = "n" > moduleconfig< / span > < span class = "o" > =< / span > < span class = "p" > [< / span > < span class = "s2" > " apikey" < / span > < span class = "p" > ,< / span > < span class = "s2" > " event_limit" < / span > < span class = "p" > ]< / span >
< span class = "k" > def< / span > < span class = "nf" > version< / span > < span class = "p" > ():< / span >
< span class = "n" > moduleinfo< / span > < span class = "p" > [< / span > < span class = "s1" > ' config' < / span > < span class = "p" > ]< / span > < span class = "o" > =< / span > < span class = "n" > moduleconfig< / span >
< span class = "k" > return< / span > < span class = "n" > moduleinfo< / span >
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > When you do this a config array is added to the meta-data output containing all the potential configuration values:< / p >
2023-01-23 10:27:40 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > " meta" : {
" description" : " PassiveTotal expansion service to expand values with multiple Passive DNS sources" ,
" config" : [
" username" ,
" password"
],
" module-type" : [
" expansion" ,
" hover"
2021-04-19 10:28:49 +02:00
],
2023-01-23 10:27:40 +01:00
...
2022-01-07 12:10:48 +01:00
< / code > < / pre > < / div >
2023-01-23 10:27:40 +01:00
< p > If you want to use the configuration values set in the web interface they are stored in the key < code > config< / code > in the JSON object passed to the handler.< / p >
< div class = "highlight" > < pre > < span > < / span > < code > def handler(q=False):
# Check if we were given a configuration
config = q.get(" config" , {})
2022-09-06 14:31:37 +02:00
2023-01-23 10:27:40 +01:00
# Find out if there is a username field
username = config.get(" username" , None)
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< h3 id = "handler" > handler< a class = "headerlink" href = "#handler" title = "Permanent link" > ¶ < / a > < / h3 >
< p > The function which accepts a JSON document to expand the values and return a dictionary of the expanded values.< / p >
2023-01-23 10:27:40 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "k" > def< / span > < span class = "nf" > handler< / span > < span class = "p" > (< / span > < span class = "n" > q< / span > < span class = "o" > =< / span > < span class = "kc" > False< / span > < span class = "p" > ):< / span >
< span class = "s2" > " Fully functional rot-13 encoder" < / span >
< span class = "k" > if< / span > < span class = "n" > q< / span > < span class = "ow" > is< / span > < span class = "kc" > False< / span > < span class = "p" > :< / span >
< span class = "k" > return< / span > < span class = "kc" > False< / span >
< span class = "n" > request< / span > < span class = "o" > =< / span > < span class = "n" > json< / span > < span class = "o" > .< / span > < span class = "n" > loads< / span > < span class = "p" > (< / span > < span class = "n" > q< / span > < span class = "p" > )< / span >
< span class = "n" > src< / span > < span class = "o" > =< / span > < span class = "n" > request< / span > < span class = "o" > .< / span > < span class = "n" > get< / span > < span class = "p" > (< / span > < span class = "s1" > ' ip-src' < / span > < span class = "p" > )< / span >
< span class = "k" > if< / span > < span class = "n" > src< / span > < span class = "ow" > is< / span > < span class = "kc" > None< / span > < span class = "p" > :< / span >
< span class = "c1" > # Return an error message< / span >
< span class = "k" > return< / span > < span class = "p" > {< / span > < span class = "s1" > ' error' < / span > < span class = "p" > :< / span > < span class = "s2" > " A source IP is required" < / span > < span class = "p" > }< / span >
< span class = "k" > else< / span > < span class = "p" > :< / span >
< span class = "k" > return< / span > < span class = "p" > {< / span > < span class = "s1" > ' results' < / span > < span class = "p" > :< / span >
< span class = "n" > codecs< / span > < span class = "o" > .< / span > < span class = "n" > encode< / span > < span class = "p" > (< / span > < span class = "n" > src< / span > < span class = "p" > ,< / span > < span class = "s2" > " rot-13" < / span > < span class = "p" > )}< / span >
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< h4 id = "export-module" > export module< a class = "headerlink" href = "#export-module" title = "Permanent link" > ¶ < / a > < / h4 >
< p > For an export module, the < code > request["data"]< / code > object corresponds to a list of events (dictionaries) to handle.< / p >
< p > Iterating over events attributes is performed using their < code > Attribute< / code > key.< / p >
2023-01-23 10:27:40 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "o" > ...< / span >
< span class = "k" > for< / span > < span class = "n" > event< / span > < span class = "ow" > in< / span > < span class = "n" > request< / span > < span class = "p" > [< / span > < span class = "s2" > " data" < / span > < span class = "p" > ]:< / span >
< span class = "k" > for< / span > < span class = "n" > attribute< / span > < span class = "ow" > in< / span > < span class = "n" > event< / span > < span class = "p" > [< / span > < span class = "s2" > " Attribute" < / span > < span class = "p" > ]:< / span >
< span class = "c1" > # do stuff w/ attribute[' type' ], attribute[' value' ], ...< / span >
< span class = "o" > ...< / span >
< span class = "c1" > ### Returning Binary Data< / span >
< span class = "n" > If< / span > < span class = "n" > you< / span > < span class = "n" > want< / span > < span class = "n" > to< / span > < span class = "k" > return< / span > < span class = "n" > a< / span > < span class = "n" > file< / span > < span class = "ow" > or< / span > < span class = "n" > other< / span > < span class = "n" > data< / span > < span class = "n" > you< / span > < span class = "n" > need< / span > < span class = "n" > to< / span > < span class = "n" > add< / span > < span class = "n" > a< / span > < span class = "n" > data< / span > < span class = "n" > attribute< / span > < span class = "o" > .< / span >
< span class = "o" > ~~~< / span > < span class = "n" > python< / span >
< span class = "p" > {< / span > < span class = "s2" > " results" < / span > < span class = "p" > :< / span > < span class = "p" > {< / span > < span class = "s2" > " values" < / span > < span class = "p" > :< / span > < span class = "s2" > " filename.txt" < / span > < span class = "p" > ,< / span >
< span class = "s2" > " types" < / span > < span class = "p" > :< / span > < span class = "s2" > " attachment" < / span > < span class = "p" > ,< / span >
< span class = "s2" > " data" < / span > < span class = "p" > :< / span > < span class = "n" > base64< / span > < span class = "o" > .< / span > < span class = "n" > b64encode< / span > < span class = "p" > (< / span > < span class = "o" > < < / span > < span class = "n" > ByteIO< / span > < span class = "o" > > < / span > < span class = "p" > )< / span > < span class = "c1" > # base64 encode your data first< / span >
< span class = "s2" > " comment" < / span > < span class = "p" > :< / span > < span class = "s2" > " This is an attachment" < / span > < span class = "p" > }}< / span >
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > If the binary file is malware you can use 'malware-sample' as the type. If you do this the malware sample will be automatically zipped and password protected ('infected') after being uploaded.< / p >
2023-01-23 10:27:40 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "p" > {< / span > < span class = "s2" > " results" < / span > < span class = "p" > :< / span > < span class = "p" > {< / span > < span class = "s2" > " values" < / span > < span class = "p" > :< / span > < span class = "s2" > " filename.txt" < / span > < span class = "p" > ,< / span >
< span class = "s2" > " types" < / span > < span class = "p" > :< / span > < span class = "s2" > " malware-sample" < / span > < span class = "p" > ,< / span >
< span class = "s2" > " data" < / span > < span class = "p" > :< / span > < span class = "n" > base64< / span > < span class = "o" > .< / span > < span class = "n" > b64encode< / span > < span class = "p" > (< / span > < span class = "o" > < < / span > < span class = "n" > ByteIO< / span > < span class = "o" > > < / span > < span class = "p" > )< / span > < span class = "c1" > # base64 encode your data first< / span >
< span class = "s2" > " comment" < / span > < span class = "p" > :< / span > < span class = "s2" > " This is an attachment" < / span > < span class = "p" > }}< / span >
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > < a href = "https://github.com/MISP/PyMISP/blob/4f230c9299ad9d2d1c851148c629b61a94f3f117/pymisp/mispevent.py#L185-L200" > To learn more about how data attributes are processed you can read the processing code here.< / a > < / p >
< h3 id = "module-type" > Module type< a class = "headerlink" href = "#module-type" title = "Permanent link" > ¶ < / a > < / h3 >
< p > A MISP module can be of four types:< / p >
< ul >
< li > < strong > expansion< / strong > - service related to an attribute that can be used to extend and update an existing event.< / li >
< li > < strong > hover< / strong > - service related to an attribute to provide additional information to the users without updating the event.< / li >
< li > < strong > import< / strong > - service related to importing and parsing an external object that can be used to extend an existing event.< / li >
< li > < strong > export< / strong > - service related to exporting an object, event, or data.< / li >
< / ul >
< p > module-type is an array where the list of supported types can be added.< / p >
< h2 id = "testing-your-modules" > Testing your modules?< a class = "headerlink" href = "#testing-your-modules" title = "Permanent link" > ¶ < / a > < / h2 >
< p > MISP uses the < strong > modules< / strong > function to discover the available MISP modules and their supported MISP attributes:< / p >
2023-01-23 10:27:40 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > % curl -s http://127.0.0.1:6666/modules | jq .
2021-04-19 10:28:49 +02:00
[
{
2023-01-23 10:27:40 +01:00
" name" : " passivetotal" ,
" type" : " expansion" ,
" mispattributes" : {
" input" : [
" hostname" ,
" domain" ,
" ip-src" ,
" ip-dst"
2021-04-19 10:28:49 +02:00
],
2023-01-23 10:27:40 +01:00
" output" : [
" ip-src" ,
" ip-dst" ,
" hostname" ,
" domain"
2021-04-19 10:28:49 +02:00
]
},
2023-01-23 10:27:40 +01:00
" meta" : {
" description" : " PassiveTotal expansion service to expand values with multiple Passive DNS sources" ,
" config" : [
" username" ,
" password"
2021-04-19 10:28:49 +02:00
],
2023-01-23 10:27:40 +01:00
" author" : " Alexandre Dulaunoy" ,
" version" : " 0.1"
2021-04-19 10:28:49 +02:00
}
},
{
2023-01-23 10:27:40 +01:00
" name" : " sourcecache" ,
" type" : " expansion" ,
" mispattributes" : {
" input" : [
" link"
2021-04-19 10:28:49 +02:00
],
2023-01-23 10:27:40 +01:00
" output" : [
" link"
2021-04-19 10:28:49 +02:00
]
},
2023-01-23 10:27:40 +01:00
" meta" : {
" description" : " Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page." ,
" author" : " Alexandre Dulaunoy" ,
" version" : " 0.1"
2021-04-19 10:28:49 +02:00
}
},
{
2023-01-23 10:27:40 +01:00
" name" : " dns" ,
" type" : " expansion" ,
" mispattributes" : {
" input" : [
" hostname" ,
" domain"
2021-04-19 10:28:49 +02:00
],
2023-01-23 10:27:40 +01:00
" output" : [
" ip-src" ,
" ip-dst"
2021-04-19 10:28:49 +02:00
]
},
2023-01-23 10:27:40 +01:00
" meta" : {
" description" : " Simple DNS expansion service to resolve IP address from MISP attributes" ,
" author" : " Alexandre Dulaunoy" ,
" version" : " 0.1"
2021-04-19 10:28:49 +02:00
}
}
2023-01-23 10:27:40 +01:00
]
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > The MISP module service returns the available modules in a JSON array containing each module name along with their supported input attributes.< / p >
< p > Based on this information, a query can be built in a JSON format and saved as body.json:< / p >
2023-11-07 21:26:29 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "p" > {< / span >
< span class = "w" > < / span > < span class = "nt" > " hostname" < / span > < span class = "p" > :< / span > < span class = "w" > < / span > < span class = "s2" > " www.foo.be" < / span > < span class = "p" > ,< / span >
< span class = "w" > < / span > < span class = "nt" > " module" < / span > < span class = "p" > :< / span > < span class = "w" > < / span > < span class = "s2" > " dns" < / span >
< span class = "p" > }< / span >
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > Then you can POST this JSON format query towards the MISP object server:< / p >
2023-11-07 21:26:29 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > curl< span class = "w" > < / span > -s< span class = "w" > < / span > http://127.0.0.1:6666/query< span class = "w" > < / span > -H< span class = "w" > < / span > < span class = "s2" > " Content-Type: application/json" < / span > < span class = "w" > < / span > --data< span class = "w" > < / span > @body.json< span class = "w" > < / span > -X< span class = "w" > < / span > POST
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > The module should output the following JSON:< / p >
2023-11-07 21:26:29 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "p" > {< / span >
< span class = "w" > < / span > < span class = "nt" > " results" < / span > < span class = "p" > :< / span > < span class = "w" > < / span > < span class = "p" > [< / span >
< span class = "w" > < / span > < span class = "p" > {< / span >
< span class = "w" > < / span > < span class = "nt" > " types" < / span > < span class = "p" > :< / span > < span class = "w" > < / span > < span class = "p" > [< / span >
< span class = "w" > < / span > < span class = "s2" > " ip-src" < / span > < span class = "p" > ,< / span >
< span class = "w" > < / span > < span class = "s2" > " ip-dst" < / span >
< span class = "w" > < / span > < span class = "p" > ],< / span >
< span class = "w" > < / span > < span class = "nt" > " values" < / span > < span class = "p" > :< / span > < span class = "w" > < / span > < span class = "p" > [< / span >
< span class = "w" > < / span > < span class = "s2" > " 188.65.217.78" < / span >
< span class = "w" > < / span > < span class = "p" > ]< / span >
< span class = "w" > < / span > < span class = "p" > }< / span >
< span class = "w" > < / span > < span class = "p" > ]< / span >
< span class = "p" > }< / span >
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > It is also possible to restrict the category options of the resolved attributes by passing a list of categories along (optional):< / p >
2023-11-07 21:26:29 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "p" > {< / span >
< span class = "w" > < / span > < span class = "nt" > " results" < / span > < span class = "p" > :< / span > < span class = "w" > < / span > < span class = "p" > [< / span >
< span class = "w" > < / span > < span class = "p" > {< / span >
< span class = "w" > < / span > < span class = "nt" > " types" < / span > < span class = "p" > :< / span > < span class = "w" > < / span > < span class = "p" > [< / span >
< span class = "w" > < / span > < span class = "s2" > " ip-src" < / span > < span class = "p" > ,< / span >
< span class = "w" > < / span > < span class = "s2" > " ip-dst" < / span >
< span class = "w" > < / span > < span class = "p" > ],< / span >
< span class = "w" > < / span > < span class = "nt" > " values" < / span > < span class = "p" > :< / span > < span class = "w" > < / span > < span class = "p" > [< / span >
< span class = "w" > < / span > < span class = "s2" > " 188.65.217.78" < / span >
< span class = "w" > < / span > < span class = "p" > ],< / span >
< span class = "w" > < / span > < span class = "nt" > " categories" < / span > < span class = "p" > :< / span > < span class = "w" > < / span > < span class = "p" > [< / span >
< span class = "w" > < / span > < span class = "s2" > " Network activity" < / span > < span class = "p" > ,< / span >
< span class = "w" > < / span > < span class = "s2" > " Payload delivery" < / span >
< span class = "w" > < / span > < span class = "p" > ]< / span >
< span class = "w" > < / span > < span class = "p" > }< / span >
< span class = "w" > < / span > < span class = "p" > ]< / span >
< span class = "p" > }< / span >
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > For both the type and the category lists, the first item in the list will be the default setting on the interface.< / p >
< h3 id = "enable-your-module-in-the-web-interface" > Enable your module in the web interface< a class = "headerlink" href = "#enable-your-module-in-the-web-interface" title = "Permanent link" > ¶ < / a > < / h3 >
< p > For a module to be activated in the MISP web interface it must be enabled in the "Plugin Settings.< / p >
< p > Go to "Administration > Server Settings" in the top menu
- Go to "Plugin Settings" in the top "tab menu bar"
- Click on the name of the type of module you have created to expand the list of plugins to show your module.
- Find the name of your plugin's "enabled" value in the Setting Column.
"Plugin.[MODULE NAME]_enabled"
- Double click on its "Value" column< / p >
2023-01-23 10:27:40 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > Priority Setting Value Description Error Message
2021-04-19 10:28:49 +02:00
Recommended Plugin.Import_ocr_enabled false Enable or disable the ocr module. Value not set.
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< ul >
< li > Use the drop-down to set the enabled value to 'true'< / li >
< / ul >
2023-01-23 10:27:40 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > Priority Setting Value Description Error Message
2021-04-19 10:28:49 +02:00
Recommended Plugin.Import_ocr_enabled true Enable or disable the ocr module. Value not set.
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< h3 id = "set-any-other-required-settings-for-your-module" > Set any other required settings for your module< a class = "headerlink" href = "#set-any-other-required-settings-for-your-module" title = "Permanent link" > ¶ < / a > < / h3 >
< p > In this same menu set any other plugin settings that are required for testing.< / p >
2024-08-13 08:21:34 +02:00
< h2 id = "install-misp-module-on-an-offline-instance" > Install misp-module on an offline instance.< a class = "headerlink" href = "#install-misp-module-on-an-offline-instance" title = "Permanent link" > ¶ < / a > < / h2 >
< p > First, you need to grab all necessary packages for example like this :< / p >
< p > Use pip wheel to create an archive
< div class = "highlight" > < pre > < span > < / span > < code > mkdir misp-modules-offline
pip3 wheel -r REQUIREMENTS shodan --wheel-dir=./misp-modules-offline
tar -cjvf misp-module-bundeled.tar.bz2 ./misp-modules-offline/*
< / code > < / pre > < / div >
On offline machine :
< div class = "highlight" > < pre > < span > < / span > < code > mkdir misp-modules-bundle
tar xvf misp-module-bundeled.tar.bz2 -C misp-modules-bundle
cd misp-modules-bundle
ls -1|while read line; do sudo pip3 install --force-reinstall --ignore-installed --upgrade --no-index --no-deps ${line};done
< / code > < / pre > < / div >
Next you can follow standard install procedure.< / p >
< h2 id = "how-to-contribute-your-own-module" > How to contribute your own module?< a class = "headerlink" href = "#how-to-contribute-your-own-module" title = "Permanent link" > ¶ < / a > < / h2 >
< p > Fork the project, add your module, test it and make a pull-request. Modules can be also private as you can add a module in your own MISP installation.< / p >
2021-04-19 10:28:49 +02:00
< h2 id = "tips-for-developers-creating-modules" > Tips for developers creating modules< a class = "headerlink" href = "#tips-for-developers-creating-modules" title = "Permanent link" > ¶ < / a > < / h2 >
< p > Download a pre-built virtual image from the < a href = "https://www.circl.lu/services/misp-training-materials/" > MISP training materials< / a > .< / p >
< ul >
< li > Create a Host-Only adapter in VirtualBox< / li >
< li > Set your Misp OVA to that Host-Only adapter< / li >
< li > Start the virtual machine< / li >
2024-08-13 08:21:34 +02:00
< li > Get the IP address of the virtual machine< / li >
2021-04-19 10:28:49 +02:00
< li > SSH into the machine (Login info on training page)< / li >
< li > Go into the misp-modules directory< / li >
< / ul >
2023-11-07 21:26:29 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "nb" > cd< / span > < span class = "w" > < / span > /usr/local/src/misp-modules
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > Set the git repo to your fork and checkout your development branch. If you SSH'ed in as the misp user you will have to use sudo.< / p >
2023-11-07 21:26:29 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > sudo< span class = "w" > < / span > git< span class = "w" > < / span > remote< span class = "w" > < / span > set-url< span class = "w" > < / span > origin< span class = "w" > < / span > https://github.com/YourRepo/misp-modules.git
sudo< span class = "w" > < / span > git< span class = "w" > < / span > pull
sudo< span class = "w" > < / span > git< span class = "w" > < / span > checkout< span class = "w" > < / span > MyModBranch
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > Remove the contents of the build directory and re-install misp-modules.< / p >
2024-08-13 08:21:34 +02:00
< div class = "highlight" > < pre > < span > < / span > < code > sudo< span class = "w" > < / span > rm< span class = "w" > < / span > -fr< span class = "w" > < / span > build/*
sudo< span class = "w" > < / span > -u< span class = "w" > < / span > www-data< span class = "w" > < / span > /var/www/MISP/venv/bin/pip< span class = "w" > < / span > install< span class = "w" > < / span > --upgrade< span class = "w" > < / span > .
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > SSH in with a different terminal and run < code > misp-modules< / code > with debugging enabled.< / p >
2024-08-13 08:21:34 +02:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "c1" > # In case misp-modules is not a service do:< / span >
< span class = "c1" > # sudo killall misp-modules< / span >
sudo< span class = "w" > < / span > systemctl< span class = "w" > < / span > disable< span class = "w" > < / span > --now< span class = "w" > < / span > misp-modules
sudo< span class = "w" > < / span > -u< span class = "w" > < / span > www-data< span class = "w" > < / span > /var/www/MISP/venv/bin/misp-modules< span class = "w" > < / span > -d
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2021-04-19 10:28:49 +02:00
< p > In your original terminal you can now run your tests manually and see any errors that arrive< / p >
2023-11-07 21:26:29 +01:00
< div class = "highlight" > < pre > < span > < / span > < code > < span class = "nb" > cd< / span > < span class = "w" > < / span > tests/
curl< span class = "w" > < / span > -s< span class = "w" > < / span > http://127.0.0.1:6666/query< span class = "w" > < / span > -H< span class = "w" > < / span > < span class = "s2" > " Content-Type: application/json" < / span > < span class = "w" > < / span > --data< span class = "w" > < / span > @MY_TEST_FILE.json< span class = "w" > < / span > -X< span class = "w" > < / span > POST
< span class = "nb" > cd< / span > < span class = "w" > < / span > ../
2023-01-23 10:27:40 +01:00
< / code > < / pre > < / div >
2024-08-13 08:21:34 +02:00
< h2 id = "documentation" > Documentation< a class = "headerlink" href = "#documentation" title = "Permanent link" > ¶ < / a > < / h2 >
2024-12-19 17:42:48 +01:00
< p > In order to provide documentation about some modules that require specific input / output / configuration, the < a href = "../" > index.md< / a > file contains detailed information about the general purpose, requirements, features, input and ouput of each of these modules:< / p >
2024-08-13 08:21:34 +02:00
< ul >
2024-08-13 09:17:16 +02:00
< li > < strong > description< / strong > - quick description of the general purpose of the module, as the one given by the moduleinfo< / li >
2024-08-13 08:21:34 +02:00
< li > < strong > requirements< / strong > - special libraries needed to make the module work< / li >
< li > < strong > features< / strong > - description of the way to use the module, with the required MISP features to make the module give the intended result< / li >
< li > < strong > references< / strong > - link(s) giving additional information about the format concerned in the module< / li >
< li > < strong > input< / strong > - description of the format of data used in input< / li >
< li > < strong > output< / strong > - description of the format given as the result of the module execution< / li >
< / ul >
< h2 id = "licenses" > Licenses< a class = "headerlink" href = "#licenses" title = "Permanent link" > ¶ < / a > < / h2 >
< p > For further Information see also the < a href = "license/" > license file< / a > .< / p >
2021-04-19 10:28:49 +02:00
2023-01-23 10:27:40 +01:00
2023-12-13 11:30:58 +01:00
2023-01-23 10:27:40 +01:00
< / article >
< / div >
2023-12-13 11:30:58 +01:00
< script > var target = document . getElementById ( location . hash . slice ( 1 ) ) ; target && target . name && ( target . checked = target . name . startsWith ( "__tabbed_" ) ) < / script >
2021-04-19 10:28:49 +02:00
< / div >
2022-01-07 12:10:48 +01:00
2021-04-19 10:28:49 +02:00
< / main >
2022-01-07 12:10:48 +01:00
< footer class = "md-footer" >
2021-04-19 10:28:49 +02:00
< div class = "md-footer-meta md-typeset" >
< div class = "md-footer-meta__inner md-grid" >
2022-01-07 12:10:48 +01:00
< div class = "md-copyright" >
< div class = "md-copyright__highlight" >
2024-08-13 08:21:34 +02:00
Copyright © 2019-2024 MISP Project
2022-01-07 12:10:48 +01:00
< / div >
Made with
< a href = "https://squidfunk.github.io/mkdocs-material/" target = "_blank" rel = "noopener" >
Material for MkDocs
< / a >
< / div >
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
< div class = "md-social" >
2021-10-27 22:20:00 +02:00
2021-10-27 22:22:29 +02:00
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
2021-10-27 22:20:00 +02:00
2022-01-07 12:10:48 +01:00
< a href = "https://twitter.com/MISPProject" target = "_blank" rel = "noopener" title = "twitter.com" class = "md-social__link" >
2024-12-19 17:42:48 +01:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 512 512" > <!-- ! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc. --> < path d = "M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253" / > < / svg >
2022-01-07 12:10:48 +01:00
< / a >
2023-12-13 11:30:58 +01:00
2022-01-07 12:10:48 +01:00
< a href = "https://github.com/MISP" target = "_blank" rel = "noopener" title = "github.com" class = "md-social__link" >
2024-12-19 17:42:48 +01:00
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 480 512" > <!-- ! Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc. --> < path d = "M186.1 328.7c0 20.9-10.9 55.1-36.7 55.1s-36.7-34.2-36.7-55.1 10.9-55.1 36.7-55.1 36.7 34.2 36.7 55.1M480 278.2c0 31.9-3.2 65.7-17.5 95-37.9 76.6-142.1 74.8-216.7 74.8-75.8 0-186.2 2.7-225.6-74.8-14.6-29-20.2-63.1-20.2-95 0-41.9 13.9-81.5 41.5-113.6-5.2-15.8-7.7-32.4-7.7-48.8 0-21.5 4.9-32.3 14.6-51.8 45.3 0 74.3 9 108.8 36 29-6.9 58.8-10 88.7-10 27 0 54.2 2.9 80.4 9.2 34-26.7 63-35.2 107.8-35.2 9.8 19.5 14.6 30.3 14.6 51.8 0 16.4-2.6 32.7-7.7 48.2 27.5 32.4 39 72.3 39 114.2m-64.3 50.5c0-43.9-26.7-82.6-73.5-82.6-18.9 0-37 3.4-56 6-14.9 2.3-29.8 3.2-45.1 3.2-15.2 0-30.1-.9-45.1-3.2-18.7-2.6-37-6-56-6-46.8 0-73.5 38.7-73.5 82.6 0 87.8 80.4 101.3 150.4 101.3h48.2c70.3 0 150.6-13.4 150.6-101.3m-82.6-55.1c-25.8 0-36.7 34.2-36.7 55.1s10.9 55.1 36.7 55.1 36.7-34.2 36.7-55.1-10.9-55.1-36.7-55.1" / > < / svg >
2022-01-07 12:10:48 +01:00
< / a >
< / div >
2021-04-19 10:28:49 +02:00
< / div >
< / div >
< / footer >
< / div >
2022-01-07 12:10:48 +01:00
< div class = "md-dialog" data-md-component = "dialog" >
< div class = "md-dialog__inner md-typeset" > < / div >
< / div >
2023-01-23 10:27:40 +01:00
2023-12-13 11:30:58 +01:00
2024-12-19 17:42:48 +01:00
< script id = "__config" type = "application/json" > { "base" : ".." , "features" : [ ] , "search" : "../assets/javascripts/workers/search.6ce7567c.min.js" , "translations" : { "clipboard.copied" : "Copied to clipboard" , "clipboard.copy" : "Copy to clipboard" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.placeholder" : "Type to start searching" , "search.result.term.missing" : "Missing" , "select.version" : "Select version" } } < / script >
2021-04-19 10:28:49 +02:00
2022-01-07 12:10:48 +01:00
2024-12-19 17:42:48 +01:00
< script src = "../assets/javascripts/bundle.83f73b43.min.js" > < / script >
2021-04-19 10:28:49 +02:00
< / body >
< / html >