mirror of https://github.com/MISP/misp-modules
parent
8817de4765
commit
07a4faf67a
9 changed files with 37 additions and 7 deletions
@ -1,4 +1,8 @@ |
||||
{ |
||||
"description": "Query an ASN description history service (https://github.com/CIRCL/ASN-Description-History.git).", |
||||
"requirements": ["asnhistory"] |
||||
"requirements": ["asnhistory python library"], |
||||
"features": "The module takes an AS number attribute as input and displays its description and history.\n\nFor a proper working, a communication with a redis database is needed, thus 3 parameters are needed:\n- host, the address of the redis server\n- port, the port used by redis\n- db, the index of the database used\n", |
||||
"references": ["https://github.com/CIRCL/ASN-Description-History.git"], |
||||
"input": "Autonomous system number.", |
||||
"output": "Text containing a description of the ASN and its history." |
||||
} |
||||
|
@ -1,3 +1,6 @@ |
||||
{ |
||||
"description": "An expansion hover module to get a blockchain balance from a BTC address in MISP." |
||||
"description": "An expansion hover module to get a blockchain balance from a BTC address in MISP.", |
||||
"logo": "logos/bitcoin.png", |
||||
"input": "btc address attribute.", |
||||
"output": "Text to describe the blockchain balance and the transactions related to the btc address in input." |
||||
} |
||||
|
@ -1,4 +1,9 @@ |
||||
{ |
||||
"description": "Module to access CIRCL Passive DNS.", |
||||
"logo": "logos/passivedns.png" |
||||
"logo": "logos/passivedns.png", |
||||
"requirements": ["pypdns: Passive DNS python library", "A CIRCL passive DNS account with username & password"], |
||||
"input": "Hostname, domain, or ip-address attribute.", |
||||
"ouput": "Text describing passive DNS information related to the input attribute.", |
||||
"features": "This module takes a hostname, domain or ip-address (ip-src or ip-dst) attribute as input, and queries the CIRCL Passive DNS REST API to get and display information about this input.\n\nTo make it work a username and a password are thus required to authenticate to the CIRCL Passive DNS API.", |
||||
"references": ["https://www.circl.lu/services/passive-dns/", "https://datatracker.ietf.org/doc/draft-dulaunoy-dnsop-passive-dns-cof/"] |
||||
} |
||||
|
@ -1,4 +1,9 @@ |
||||
{ |
||||
"description": "Modules to access CIRCL Passive SSL.", |
||||
"logo": "logos/passivessl.png" |
||||
"logo": "logos/passivessl.png", |
||||
"requirements": ["pypssl: Passive SSL python library", "A CIRCL passive SSL account with username & password"], |
||||
"input": "Ip-address attribute.", |
||||
"output": "Text describing passive SSL information related to the input attribute.", |
||||
"features": "This module takes an ip-address (ip-src or ip-dst) attribute as input, and queries the CIRCL Passive SSL REST API to get and display information about this input.\n\nTo make it work a username and a password are thus required to authenticate to the CIRCL Passive SSL API.", |
||||
"references": ["https://www.circl.lu/services/passive-ssl/"] |
||||
} |
||||
|
@ -1,3 +1,6 @@ |
||||
{ |
||||
"description": "Module to expand country codes." |
||||
"description": "Module to expand country codes.", |
||||
"input": "Hostname or domain attribute.", |
||||
"output": "Text with the country code the input belongs to.", |
||||
"features": "The module takes a domain or a hostname as input, and returns the country it belongs to.\n\nFor non country domains, a list of the most common possible extensions is used." |
||||
} |
||||
|
@ -1,4 +1,9 @@ |
||||
{ |
||||
"description": "Module to query Crowdstrike Falcon.", |
||||
"logo": "logos/crowdstrike.png" |
||||
"logo": "logos/crowdstrike.png", |
||||
"requirements": ["A CrowdStrike API access (API id & key)"], |
||||
"input": "A MISP attribute included in the following list:\n- domain\n- email-attachment\n- email-dst\n- email-reply-to\n- email-src\n- email-subject\n- filename\n- hostname\n- ip-src\n- ip-dst\n- md5\n- mutex\n- regkey\n- sha1\n- sha256\n- uri\n- url\n- user-agent\n- whois-registrant-email\n- x509-fingerprint-md5", |
||||
"output": "MISP attributes fetched after the CrowdStrike API has been queried, included in the following list:\n- hostname\n- email-src\n- email-subject\n- filename\n- md5\n- sha1\n- sha256\n- ip-dst\n- ip-dst\n- mutex\n- regkey\n- url\n- user-agent\n- x509-fingerprint-md5", |
||||
"references": ["https://www.crowdstrike.com/products/crowdstrike-falcon-faq/"], |
||||
"features": "This module takes a MISP attribute as input to query a CrowdStrike Falcon API, using an api_id and an apikey.\n\nThe API returns then the result of the query with some types we map into compatible types we add as MISP attributes." |
||||
} |
||||
|
@ -1,3 +1,8 @@ |
||||
{ |
||||
"description": "An expansion hover module to expand information about CVE id." |
||||
"description": "An expansion hover module to expand information about CVE id.", |
||||
"logo": "logos/cve.png", |
||||
"input": "Vulnerability attribute.", |
||||
"output": "Text giving information about the CVE related to the Vulnerability.", |
||||
"references": ["https://cve.circl.lu/", "https://cve.mitre.org/"], |
||||
"features": "The module takes a vulnerability attribute as input and queries the CIRCL CVE search API to get information about the vulnerability as it is described in the list of CVEs." |
||||
} |
||||
|
After Width: | Height: | Size: 9.7 KiB |
After Width: | Height: | Size: 20 KiB |
Loading…
Reference in new issue