MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-modules/search/search_index.json

1 line
141 KiB
JSON
Raw Normal View History

Deployed d275ec5 with MkDocs version: 1.4.2
2023-03-21 18:17:58 +01:00
{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":"<p> </p> <p>MISP modules are autonomous modules that can be used for expansion and other services in MISP.</p> <p>The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration.</p> <p>MISP modules support is included in MISP starting from version <code>2.4.28</code>.</p> <p>For more information: Extending MISP with Python modules slides from MISP training.</p>"},{"location":"#existing-misp-modules","title":"Existing MISP modules","text":""},{"location":"#expansion-modules","title":"Expansion modules","text":"<ul> <li>Backscatter.io - a hover and expansion module to expand an IP address with mass-scanning observations.</li> <li>BGP Ranking - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking.</li> <li>BTC scam check - An expansion hover module to instantly check if a BTC address has been abused.</li> <li>BTC transactions - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP.</li> <li>CIRCL Passive DNS - a hover and expansion module to expand hostname and IP addresses with passive DNS information.</li> <li>CIRCL Passive SSL - a hover and expansion module to expand IP addresses with the X.509 certificate seen.</li> <li>countrycode - a hover module to tell you what country a URL belongs to.</li> <li>CrowdStrike Falcon - an expansion module to expand using CrowdStrike Falcon Intel Indicator API.</li> <li>CVE - a hover module to give more information about a vulnerability (CVE).</li> <li>CVE advanced - An expansion module to query the CIRCL CVE search API for more information about a vulnerability (CVE).</li> <li>Cuckoo submit - A hover module to submit malware sample, url, attachment, domain to Cuckoo Sandbox.</li> <li>DBL Spamhaus - a hover module to check Spamhaus DBL for a domain name.</li> <li>DNS - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes.</li> <li>docx-enrich - an enrichment module to get text out of Word document into MISP (using free-text parser).</li> <li>DomainTools - a hover and expansion module to get information from DomainTools whois.</li> <li>EUPI - a hover and expansion module to get information about an URL from the Phishing Initiative project.</li> <li>EQL - an expansion module to generate event query language (EQL) from an attribute. Event Query Language</li> <li>Farsight DNSDB Passive DNS - a hover and expansion module to expand hostname and IP addresses with passive DNS information.</li> <li>GeoIP - a hover and expansion module to get GeoIP information from geolite/maxmind.</li> <li>Greynoise - a hover to get information from greynoise.</li> <li>hashdd - a hover module to check file hashes against hashdd.com including NSLR dataset.</li> <li>hibp - a hover module to lookup against Have I Been Pwned?</li> <li>intel471 - an expansion module to get info from Intel471.</li> <li>IPASN - a hover and expansion to get the BGP ASN of an IP address.</li> <li>iprep - an expansion module to get IP reputation from packetmail.net.</li> <li>Joe Sandbox submit - Submit files and URLs to Joe Sandbox.</li> <li>Joe Sandbox query - Query Joe Sandbox with the link of an analysis and get the parsed data.</li> <li>macaddress.io - a hover module to retrieve vendor details and other information regarding a given MAC address or an OUI from MAC address Vendor Lookup. See integration tutorial here.</li> <li>macvendors - a hover module to retrieve mac vendor information.</li> <li>ocr-enrich - an enrichment module to get OCRized data from images into MISP.</li> <li>ods-enrich - an enrichment module to get text out of OpenOffice spreadsheet document into MISP (using free-text parser).</li> <li>odt-enrich - an enrichment module