MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-modules/search/search_index.json

1 line
237 KiB
JSON
Raw Normal View History

Deployed 99646ee with MkDocs version: 1.0.4
2021-04-19 10:38:08 +02:00
{"config":{"lang":["en"],"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"MISP modules \u00b6 MISP modules are autonomous modules that can be used to extend MISP for new services such as expansion, import and export. The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration. For more information: Extending MISP with Python modules slides from MISP training . Existing MISP modules \u00b6 Expansion modules \u00b6 apiosintDS - a hover and expansion module to query the OSINT.digitalside.it API. API Void - an expansion and hover module to query API Void with a domain attribute. AssemblyLine submit - an expansion module to submit samples and urls to AssemblyLine. AssemblyLine query - an expansion module to query AssemblyLine and parse the full submission report. Backscatter.io - a hover and expansion module to expand an IP address with mass-scanning observations. BGP Ranking - a hover and expansion module to expand an AS number with the ASN description and its ranking and position in BGP Ranking. RansomcoinDB check - An expansion hover module to query the ransomcoinDB : it contains mapping between BTC addresses and malware hashes. Enrich MISP by querying for BTC -> hash or hash -> BTC addresses. BTC scam check - An expansion hover module to instantly check if a BTC address has been abused. BTC transactions - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP. Censys-enrich - An expansion and module to retrieve information from censys.io about a particular IP or certificate. CIRCL Passive DNS - a hover and expansion module to expand hostname and IP addresses with passive DNS information. CIRCL Passive SSL - a hover and expansion module to expand IP addresses with the X.509 certificate(s) seen. countrycode - a hover module to tell you what country a URL belongs to. CrowdStrike Falcon - an expansion module to expand using CrowdStrike Falcon Intel Indicator API. CPE - An expansion module to query the CVE Search API with a cpe code, to get its related vulnerabilities. CVE - a hover module to give more information about a vulnerability (CVE). CVE advanced - An expansion module to query the CIRCL CVE search API for more information about a vulnerability (CVE). Cuckoo submit - A hover module to submit malware sample, url, attachment, domain to Cuckoo Sandbox. Cytomic Orion - An expansion module to enrich attributes in MISP and share indicators of compromise with Cytomic Orion. DBL Spamhaus - a hover module to check Spamhaus DBL for a domain name. DNS - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes. docx-enrich - an enrichment module to get text out of Word document into MISP (using free-text parser). DomainTools - a hover and expansion module to get information from DomainTools whois. EQL - an expansion module to generate event query language (EQL) from an attribute. Event Query Language EUPI - a hover and expansion module to get information about an URL from the Phishing Initiative project . Farsight DNSDB Passive DNS - a hover and expansion module to expand hostname and IP addresses with passive DNS information. GeoIP - a hover and expansion module to get GeoIP information from geolite/maxmind. GeoIP_City - a hover and expansion module to get GeoIP City information from geolite/maxmind. GeoIP_ASN - a hover and expansion module to get GeoIP ASN information from geolite/maxmind. Greynoise - a hover to get information from greynoise. hashdd - a hover module to check file hashes against hashdd.com including NSLR dataset. hibp - a hover module to lookup against Have I Been Pwned? html_to_markdown - Simple HTML to markdown converter intel471 - an expansion module to get info from Intel471 . IPASN - a hover and expansion to get the BGP ASN of an IP address. iprep - an expansion module to get I