misp-modules/misp_modules/modules/expansion/__init__.py

import os
import sys

sys.path.append('{}/lib'.format('/'.join((os.path.realpath(__file__)).split('/')[:-3])))

__all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'circl_passivessl',
           'countrycode', 'cve', 'cve_advanced', 'cpe', 'dns', 'btc_steroids', 'domaintools', 'eupi',
           'eql', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',
           'whois', 'shodan', 'reversedns', 'geoip_asn', 'geoip_city', 'geoip_country', 'wiki', 'iprep',
           'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon',
           'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl',
           'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator',
           'sigma_queries', 'dbl_spamhaus', 'vulners', 'yara_query', 'macaddress_io',
           'intel471', 'backscatter_io', 'btc_scam_check', 'hibp', 'greynoise', 'macvendors',
           'qrcode', 'ocr_enrich', 'pdf_enrich', 'docx_enrich', 'xlsx_enrich', 'pptx_enrich',
           'ods_enrich', 'odt_enrich', 'joesandbox_submit', 'joesandbox_query', 'urlhaus',
           'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails', 'apivoid',
           'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar',
           'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich',
           'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh',
           'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring',
           'clamav', 'jinja_template_rendering','hyasinsight', 'variotdbs', 'crowdsec',
           'extract_url_components', 'ipinfo', 'whoisfreaks']


minimum_required_fields = ('type', 'uuid', 'value')

checking_error = 'containing at least a "type" field and a "value" field'
standard_error_message = 'This module requires an "attribute" field as input'


def check_input_attribute(attribute, requirements=minimum_required_fields):
    return all(feature in attribute for feature in requirements)
fix: Making pep8 happy + added joe_import module in the init list 2019-06-04 03:33:42 +02:00			`import os`
			`import sys`
initial commit. not a working product. need to create a class to manage the MISP event and TruStar client 2020-05-30 02:21:20 +02:00
fix: Making pep8 happy + added joe_import module in the init list 2019-06-04 03:33:42 +02:00			`sys.path.append('{}/lib'.format('/'.join((os.path.realpath(__file__)).split('/')[:-3])))`
Multiple clanges in the vmray modules. * Generic fix to load modules requiring a local library * Fix python3 support * PEP8 related cleanups 2016-11-15 16:43:11 +01:00
Update __init__.py 2019-04-18 14:25:05 +02:00			`__all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'circl_passivessl',`
fix: [cpe] Typos and variable name issues fixed + Making the module available in MISP 2020-10-24 02:40:31 +02:00			`'countrycode', 'cve', 'cve_advanced', 'cpe', 'dns', 'btc_steroids', 'domaintools', 'eupi',`
			`'eql', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal',`
Added geoip_asn and geoip_city to load 2020-02-13 04:31:41 +01:00			`'whois', 'shodan', 'reversedns', 'geoip_asn', 'geoip_city', 'geoip_country', 'wiki', 'iprep',`
new: Intel471 module 2018-12-11 13:30:52 +01:00			`'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon',`
			`'yara_syntax_validator', 'hashdd', 'onyphe', 'onyphe_full', 'rbl',`
			`'xforceexchange', 'sigma_syntax_validator', 'stix2_pattern_syntax_validator',`
			`'sigma_queries', 'dbl_spamhaus', 'vulners', 'yara_query', 'macaddress_io',`
chg: [init] removed trailing whitespace 2019-04-24 14:01:48 +02:00			`'intel471', 'backscatter_io', 'btc_scam_check', 'hibp', 'greynoise', 'macvendors',`
fix: Fixed module names with - to avoid errors with python paths 2019-10-18 11:09:10 +02:00			`'qrcode', 'ocr_enrich', 'pdf_enrich', 'docx_enrich', 'xlsx_enrich', 'pptx_enrich',`
			`'ods_enrich', 'odt_enrich', 'joesandbox_submit', 'joesandbox_query', 'urlhaus',`
new: Enrichment module for querying APIVoid with domain attributes 2019-12-18 17:11:13 +01:00			`'virustotal_public', 'apiosintds', 'urlscan', 'securitytrails', 'apivoid',`
new: Expansion module to query MALWAREbazaar API with some hash attribute 2020-03-18 18:05:57 +01:00			`'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar',`
initial commit. not a working product. need to create a class to manage the MISP event and TruStar client 2020-05-30 02:21:20 +02:00			`'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich',`
feature: add qintel qsentry expansion module 2021-11-22 21:46:46 +01:00			`'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh',`
fix: [variotdbs] Fixed some typos, missing imports, and some issues in the main parsing process 2022-10-24 14:53:00 +02:00			`'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup', 'ipqs_fraud_and_risk_scoring',`
add: [expansion modules] Added `ipinfo` to the expansion modules list in `__init__` 2023-05-16 16:09:04 +02:00			`'clamav', 'jinja_template_rendering','hyasinsight', 'variotdbs', 'crowdsec',`
added whoisfreaks module in MISP 2023-06-12 16:00:41 +02:00			`'extract_url_components', 'ipinfo', 'whoisfreaks']`
add: Specific error message for misp_standard format expansion modules - Checking if the input format is respected and displaying an error message if it is not 2020-07-28 11:47:53 +02:00

			`minimum_required_fields = ('type', 'uuid', 'value')`

			`checking_error = 'containing at least a "type" field and a "value" field'`
			`standard_error_message = 'This module requires an "attribute" field as input'`

fix: Fixed pep8 + some copy paste issues introduced with the latest commits 2020-07-28 15:06:25 +02:00
add: Specific error message for misp_standard format expansion modules - Checking if the input format is respected and displaying an error message if it is not 2020-07-28 11:47:53 +02:00			`def check_input_attribute(attribute, requirements=minimum_required_fields):`
Module to push malware samples to a MWDB instance - Upload of attachment or malware sample to MWDB - Tags of events and/or attributes are added to MWDB. - Comment of the MISP attribute is added to MWDB. - A link back to the MISP event is added to MWDB via the MWDB attribute. - A link to the MWDB attribute is added as an enriched attribute to the MISP event. 2021-12-26 23:34:00 +01:00			`return all(feature in attribute for feature in requirements)`