Query Joe Sandbox API with a submission url to get the json report and extract its data that is parsed and converted into MISP attributes and objects.
-This url can by the way come from the result of the joesandbox_submit expansion module. +
This url can by the way come from the result of the joesandbox_submit expansion module. - features:
Module using the new format of modules able to return attributes and objects.
-The module returns the same results as the import module joe_import taking directly the json report as input.
+The module returns the same results as the import module joe_import taking directly the json report as input.
Even if the introspection will allow all kinds of links to call this module, obviously only the ones presenting a sample or url submission in the Joe Sandbox API will return results.
To make it work you will need to fill the 'apikey' configuration with your Joe Sandbox API key and provide a valid link as input. - input: @@ -2551,7 +2551,7 @@ jbxapi: Joe Sandbox API python3 library
- features:The module requires a Joe Sandbox API key to submit files or URL, and returns the link of the submitted analysis.
-It is then possible, when the analysis is completed, to query the Joe Sandbox API to get the data related to the analysis, using the joesandbox_query module directly on this submission link. +
It is then possible, when the analysis is completed, to query the Joe Sandbox API to get the data related to the analysis, using the joesandbox_query module directly on this submission link. - input: Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis. - output: @@ -2567,12 +2567,12 @@ jbxapi: Joe Sandbox API python3 library
Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
Query Lastline with an analysis link and parse the report into MISP attributes and objects. -The analysis link can also be retrieved from the output of the lastline_submit expansion module. +The analysis link can also be retrieved from the output of the lastline_submit expansion module. - features:
The module requires a Lastline Portal
usernameandpassword. The module uses the new format and it is able to return MISP attributes and objects. -The module returns the same results as the lastline_import import module. +The module returns the same results as the lastline_import import module. - input: Link to a Lastline analysis. - output: @@ -2588,7 +2588,7 @@ MISP attributes and objects parsed from the analysis report. - features:The module requires a Lastline Analysis
api_tokenandkey. -When the analysis is completed, it is possible to import the generated report by feeding the analysis link to the lastline_query module. +When the analysis is completed, it is possible to import the generated report by feeding the analysis link to the lastline_query module. - input: File or URL to submit to Lastline. - output: @@ -3299,7 +3299,7 @@ A VARIoT db API key (if you do not want to be limited to 100 queries / day)New format of modules able to return attributes and objects.
A module to take a MISP attribute as input and query the VirusTotal API to get additional data about it.
-Compared to the standard VirusTotal expansion module, this module is made for advanced parsing of VirusTotal report, with a recursive analysis of the elements found after the first request.
+Compared to the standard VirusTotal expansion module, this module is made for advanced parsing of VirusTotal report, with a recursive analysis of the elements found after the first request.
Thus, it requires a higher request rate limit to avoid the API to return a 204 error (Request rate limit exceeded), and the data parsed from the different requests are returned as MISP attributes and objects, with the corresponding relations between each one of them. - input: A domain, hash (md5, sha1, sha256 or sha512), hostname or IP address attribute. @@ -3319,7 +3319,7 @@ An access to the VirusTotal API (apikey), with a high request rate limit.
New format of modules able to return attributes and objects.
A module to take a MISP attribute as input and query the VirusTotal API to get additional data about it.
-Compared to the more advanced VirusTotal expansion module, this module is made for VirusTotal users who have a low request rate limit.
+Compared to the more advanced VirusTotal expansion module, this module is made for VirusTotal users who have a low request rate limit.
Thus, it only queries the API once and returns the results that is parsed into MISP attributes and objects. - input: A domain, hostname, ip, url or hash (md5, sha1, sha256 or sha512) attribute. diff --git a/import_mod/index.html b/import_mod/index.html index e06de32..e6141a5 100644 --- a/import_mod/index.html +++ b/import_mod/index.html @@ -699,7 +699,7 @@ PyMISP
- features:Module using the new format of modules able to return attributes and objects.
-The module returns the same results as the expansion module joesandbox_query using the submission link of the analysis to get the json report. +
The module returns the same results as the expansion module joesandbox_query using the submission link of the analysis to get the json report. - input: Json report of a Joe Sandbox analysis. - output: @@ -717,7 +717,7 @@ MISP attributes & objects parsed from the analysis report.
The module requires a Lastline Portal
usernameandpassword. The module uses the new format and it is able to return MISP attributes and objects. -The module returns the same results as the lastline_query expansion module. +The module returns the same results as the lastline_query expansion module. - input: Link to a Lastline analysis. - output: diff --git a/sitemap.xml b/sitemap.xml index 81f3f55..34dac3d 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -2,37 +2,37 @@\ No newline at end of file diff --git a/sitemap.xml.gz b/sitemap.xml.gz index 691aa7a..2334929 100644 Binary files a/sitemap.xml.gz and b/sitemap.xml.gz differ https://www.misp-project.org/ -2023-04-12 +2023-05-31 daily https://www.misp-project.org/contribute/ -2023-04-12 +2023-05-31 daily https://www.misp-project.org/expansion/ -2023-04-12 +2023-05-31 daily https://www.misp-project.org/export_mod/ -2023-04-12 +2023-05-31 daily https://www.misp-project.org/import_mod/ -2023-04-12 +2023-05-31 daily https://www.misp-project.org/install/ -2023-04-12 +2023-05-31 daily https://www.misp-project.org/license/ -2023-04-12 +2023-05-31 daily
