MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-modules/search/search_index.json

1 line
212 KiB
JSON
Raw Normal View History

Deployed 525678e with MkDocs version: 1.0.4
2021-08-25 21:43:03 +02:00
{"config":{"lang":["en"],"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"Home \u00b6 MISP modules are autonomous modules that can be used for expansion and other services in MISP . The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration. MISP modules support is included in MISP starting from version 2.4.28 . For more information: Extending MISP with Python modules slides from MISP training. Existing MISP modules \u00b6 Expansion modules \u00b6 Backscatter.io - a hover and expansion module to expand an IP address with mass-scanning observations. BGP Ranking - a hover and expansion module to expand an AS number with the ASN description, its history, and position in BGP Ranking. BTC scam check - An expansion hover module to instantly check if a BTC address has been abused. BTC transactions - An expansion hover module to get a blockchain balance and the transactions from a BTC address in MISP. CIRCL Passive DNS - a hover and expansion module to expand hostname and IP addresses with passive DNS information. CIRCL Passive SSL - a hover and expansion module to expand IP addresses with the X.509 certificate seen. countrycode - a hover module to tell you what country a URL belongs to. CrowdStrike Falcon - an expansion module to expand using CrowdStrike Falcon Intel Indicator API. CVE - a hover module to give more information about a vulnerability (CVE). CVE advanced - An expansion module to query the CIRCL CVE search API for more information about a vulnerability (CVE). Cuckoo submit - A hover module to submit malware sample, url, attachment, domain to Cuckoo Sandbox. DBL Spamhaus - a hover module to check Spamhaus DBL for a domain name. DNS - a simple module to resolve MISP attributes like hostname and domain to expand IP addresses attributes. docx-enrich - an enrichment module to get text out of Word document into MISP (using free-text parser). DomainTools - a hover and expansion module to get information from DomainTools whois. EUPI - a hover and expansion module to get information about an URL from the Phishing Initiative project . EQL - an expansion module to generate event query language (EQL) from an attribute. Event Query Language Farsight DNSDB Passive DNS - a hover and expansion module to expand hostname and IP addresses with passive DNS information. GeoIP - a hover and expansion module to get GeoIP information from geolite/maxmind. Greynoise - a hover to get information from greynoise. hashdd - a hover module to check file hashes against hashdd.com including NSLR dataset. hibp - a hover module to lookup against Have I Been Pwned? intel471 - an expansion module to get info from Intel471 . IPASN - a hover and expansion to get the BGP ASN of an IP address. iprep - an expansion module to get IP reputation from packetmail.net. Joe Sandbox submit - Submit files and URLs to Joe Sandbox. Joe Sandbox query - Query Joe Sandbox with the link of an analysis and get the parsed data. macaddress.io - a hover module to retrieve vendor details and other information regarding a given MAC address or an OUI from MAC address Vendor Lookup . See integration tutorial here . macvendors - a hover module to retrieve mac vendor information. ocr-enrich - an enrichment module to get OCRized data from images into MISP. ods-enrich - an enrichment module to get text out of OpenOffice spreadsheet document into MISP (using free-text parser). odt-enrich - an enrichment module to get text out of OpenOffice document into MISP (using free-text parser). onyphe - a modules to process queries on Onyphe. onyphe_full - a modules to process full queries on Onyphe. OTX - an expansion module for OTX . passivetotal - a passivetotal module that queries a number of different PassiveTotal datasets. pdf-enrich - an enrichment module to extract text from PDF into MISP (using free-text parser). pptx-enrich - an enrichment modu