{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":"<p> </p> <p>MISP modules are autonomous modules that can be used for expansion and other services in MISP.</p> <p>The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration.</p> <p>MISP modules support is included in MISP starting from version <code>2.4.28</code>.</p> <p>For more information: Extending MISP with Python modules slides from MISP training.</p>"},{"location":"#existing-misp-modules","title":"Existing MISP modules","text":""},{"location":"#expansion-modules","title":"Expansion modules","text":"<ul><li>Backscatter.io-ahoverandexpansionmoduletoexpandanIPaddresswithmass-scanningobservations.</li><li>BGPRanking-ahoverandexpansionmoduletoexpandanASnumberwiththeASNdescription,itshistory,andpositioninBGPRanking.</li><li>BTCscamcheck-AnexpansionhovermoduletoinstantlycheckifaBTCaddresshasbeenabused.</li><li>BTCtransactions-AnexpansionhovermoduletogetablockchainbalanceandthetransactionsfromaBTCaddressinMISP.</li><li>CIRCLPassiveDNS-ahoverandexpansionmoduletoexpandhostnameandIPaddresseswithpassiveDNSinformation.</li><li>CIRCLPassiveSSL-ahoverandexpansionmoduletoexpandIPaddresseswiththeX.509certificateseen.</li><li>countrycode-ahovermoduletotellyouwhatcountryaURLbelongsto.</li><li>CrowdStrikeFalcon-anexpansionmoduletoexpandusingCrowdStrikeFalconIntelIndicatorAPI.</li><li>CVE-ahovermoduletogivemoreinformationaboutavulnerability(CVE).</li><li>CVEadvanced-AnexpansionmoduletoquerytheCIRCLCVEsearchAPIformoreinformationaboutavulnerability(CVE).</li><li>Cuckoosubmit-Ahovermoduletosubmitmalwaresample,url,attachment,domaintoCuckooSandbox.</li><li>DBLSpamhaus-ahovermoduletocheckSpamhausDBLforadomainname.</li><li>DNS-asimplemoduletoresolveMISPattributeslikehostnameanddomaintoexpandIPaddressesattributes.</li><li>docx-enrich-anenrichmentmoduletogettextoutofWorddocumentintoMISP(usingfree-textparser).</li><li>DomainTools-ahoverandexpansionmoduletogetinformationfromDomainToolswhois.</li><li>EUPI-ahoverandexpansionmoduletogetinformationaboutanURLfromthePhishingInitiativeproject.</li><li>EQL-anexpansionmoduletogenerateeventquerylanguage(EQL)fromanattribute.EventQueryLanguage</li><li>FarsightDNSDBPassiveDNS-ahoverandexpansionmoduletoexpandhostnameandIPaddresseswithpassiveDNSinformation.</li><li>GeoIP-ahoverandexpansionmoduletogetGeoIPinformationfromgeolite/maxmind.</li><li>Greynoise-ahovertogetinformationfromgreynoise.</li><li>hashdd-ahovermoduletocheckfilehashesagainsthashdd.comincludingNSLRdataset.</li><li>hibp-ahovermoduletolookupagainstHaveIBeenPwned?</li><li>intel471-anexpansionmoduletogetinfofromIntel471.</li><li>IPASN-ahoverandexpansiontogettheBGPASNofanIPaddress.</li><li>iprep-anexpansionmoduletogetIPreputationfrompacketmail.net.</li><li>JoeSandboxsubmit-SubmitfilesandURLstoJoeSandbox.</li><li>JoeSandboxquery-QueryJoeSandboxwiththelinkofananalysisandgettheparseddata.</li><li>macaddress.io-ahovermoduletoretrievevendordetailsandotherinformationregardingagivenMACaddressoranOUIfromMACaddressVendorLookup.Seeintegrationtutorialhere.</li><li>macvendors-ahovermoduletoretrievemacvendorinformation.</li><li>ocr-enrich-anenrichmentmoduletogetOCRizeddatafromimagesintoMISP.</li><li>ods-enrich-anenrichmentmoduletogettextoutofOpenOfficespreadsheetdocumentintoMISP(usingfree-textparser).</li><li>odt-enrich-anenrichmentmodule