diff --git a/contribute/index.html b/contribute/index.html index f55edc4..07cd6c0 100644 --- a/contribute/index.html +++ b/contribute/index.html @@ -830,47 +830,47 @@
The MISP module service returns the available modules in a JSON array containing each module name along with their supported input attributes.
Based on this information, a query can be built in a JSON format and saved as body.json:
-{
- "hostname": "www.foo.be",
- "module": "dns"
-}
+{
+ "hostname": "www.foo.be",
+ "module": "dns"
+}
Then you can POST this JSON format query towards the MISP object server:
-curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @body.json -X POST
+curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @body.json -X POST
The module should output the following JSON:
-{
- "results": [
- {
- "types": [
- "ip-src",
- "ip-dst"
- ],
- "values": [
- "188.65.217.78"
- ]
- }
- ]
-}
+{
+ "results": [
+ {
+ "types": [
+ "ip-src",
+ "ip-dst"
+ ],
+ "values": [
+ "188.65.217.78"
+ ]
+ }
+ ]
+}
It is also possible to restrict the category options of the resolved attributes by passing a list of categories along (optional):
-{
- "results": [
- {
- "types": [
- "ip-src",
- "ip-dst"
- ],
- "values": [
- "188.65.217.78"
- ],
- "categories": [
- "Network activity",
- "Payload delivery"
- ]
- }
- ]
-}
+{
+ "results": [
+ {
+ "types": [
+ "ip-src",
+ "ip-dst"
+ ],
+ "values": [
+ "188.65.217.78"
+ ],
+ "categories": [
+ "Network activity",
+ "Payload delivery"
+ ]
+ }
+ ]
+}
For both the type and the category lists, the first item in the list will be the default setting on the interface.
Enable your module in the web interface¶
@@ -914,12 +914,12 @@ Recommended Plugin.Import_ocr_enabled true Enable or disable the ocr
SSH into the machine (Login info on training page)
Go into the misp-modules directory
-cd /usr/local/src/misp-modules
+cd /usr/local/src/misp-modules
Set the git repo to your fork and checkout your development branch. If you SSH'ed in as the misp user you will have to use sudo.
-sudo git remote set-url origin https://github.com/YourRepo/misp-modules.git
-sudo git pull
-sudo git checkout MyModBranch
+sudo git remote set-url origin https://github.com/YourRepo/misp-modules.git
+sudo git pull
+sudo git checkout MyModBranch
Remove the contents of the build directory and re-install misp-modules.
sudo rm -fr build/*
@@ -930,9 +930,9 @@ sudo git checkout
misp-modules -d
In your original terminal you can now run your tests manually and see any errors that arrive
-cd tests/
-curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @MY_TEST_FILE.json -X POST
-cd ../
+cd tests/
+curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @MY_TEST_FILE.json -X POST
+cd ../
diff --git a/install/index.html b/install/index.html
index b5f8cc4..df1314f 100644
--- a/install/index.html
+++ b/install/index.html
@@ -560,88 +560,88 @@
How to install and start MISP modules (in a Python virtualenv)?¶
SUDO_WWW="sudo -u www-data"
-sudo apt-get install -y \
- git \
- libpq5 \
- libjpeg-dev \
- tesseract-ocr \
- libpoppler-cpp-dev \
- imagemagick virtualenv \
- libopencv-dev \
- zbar-tools \
- libzbar0 \
- libzbar-dev \
- libfuzzy-dev \
- libcaca-dev
+sudo apt-get install -y \
+ git \
+ libpq5 \
+ libjpeg-dev \
+ tesseract-ocr \
+ libpoppler-cpp-dev \
+ imagemagick virtualenv \
+ libopencv-dev \
+ zbar-tools \
+ libzbar0 \
+ libzbar-dev \
+ libfuzzy-dev \
+ libcaca-dev
# BEGIN with virtualenv:
-$SUDO_WWW virtualenv -p python3 /var/www/MISP/venv
+$SUDO_WWW virtualenv -p python3 /var/www/MISP/venv
# END with virtualenv
-cd /usr/local/src/
+cd /usr/local/src/
# Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp
-sudo adduser misp staff
-sudo chmod 2775 /usr/local/src
-sudo chown root:staff /usr/local/src
-git clone https://github.com/MISP/misp-modules.git
-git clone git://github.com/stricaud/faup.git faup
-git clone git://github.com/stricaud/gtcaca.git gtcaca
+sudo adduser misp staff
+sudo chmod 2775 /usr/local/src
+sudo chown root:staff /usr/local/src
+git clone https://github.com/MISP/misp-modules.git
+git clone git://github.com/stricaud/faup.git faup
+git clone git://github.com/stricaud/gtcaca.git gtcaca
# Install gtcaca/faup
-cd gtcaca
-mkdir -p build
-cd build
-cmake .. && make
-sudo make install
-cd ../../faup
-mkdir -p build
-cd build
-cmake .. && make
-sudo make install
-sudo ldconfig
+cd gtcaca
+mkdir -p build
+cd build
+cmake .. && make
+sudo make install
+cd ../../faup
+mkdir -p build
+cd build
+cmake .. && make
+sudo make install
+sudo ldconfig
-cd ../../misp-modules
+cd ../../misp-modules
# BEGIN with virtualenv:
-$SUDO_WWW /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
-$SUDO_WWW /var/www/MISP/venv/bin/pip install .
+$SUDO_WWW /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
+$SUDO_WWW /var/www/MISP/venv/bin/pip install .
# END with virtualenv
# BEGIN without virtualenv:
-sudo pip install -I -r REQUIREMENTS
-sudo pip install .
+sudo pip install -I -r REQUIREMENTS
+sudo pip install .
# END without virtualenv
# Start misp-modules as a service
-sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
-sudo systemctl daemon-reload
-sudo systemctl enable --now misp-modules
-/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s & #to start the modules
+sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl enable --now misp-modules
+/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s & #to start the modules
How to install and start MISP modules on RHEL-based distributions ?¶
As of this writing, the official RHEL repositories only contain Ruby 2.0.0 and Ruby 2.1 or higher is required. As such, this guide installs Ruby 2.2 from the SCL repository.
SUDO_WWW="sudo -u apache"
-sudo yum install \
- rh-ruby22 \
- openjpeg-devel \
- rubygem-rouge \
- rubygem-asciidoctor \
- zbar-devel \
- opencv-devel \
- gcc-c++ \
- pkgconfig \
- poppler-cpp-devel \
- python-devel \
- redhat-rpm-config
-cd /usr/local/src/
-sudo git clone https://github.com/MISP/misp-modules.git
-cd misp-modules
-$SUDO_WWW /usr/bin/scl enable rh-python36 "virtualenv -p python3 /var/www/MISP/venv"
-$SUDO_WWW /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
-$SUDO_WWW /var/www/MISP/venv/bin/pip install -U .
+sudo yum install \
+ rh-ruby22 \
+ openjpeg-devel \
+ rubygem-rouge \
+ rubygem-asciidoctor \
+ zbar-devel \
+ opencv-devel \
+ gcc-c++ \
+ pkgconfig \
+ poppler-cpp-devel \
+ python-devel \
+ redhat-rpm-config
+cd /usr/local/src/
+sudo git clone https://github.com/MISP/misp-modules.git
+cd misp-modules
+$SUDO_WWW /usr/bin/scl enable rh-python36 "virtualenv -p python3 /var/www/MISP/venv"
+$SUDO_WWW /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
+$SUDO_WWW /var/www/MISP/venv/bin/pip install -U .
Create the service file /etc/systemd/system/misp-modules.service :
-echo "[Unit]
+echo "[Unit]
Description=MISP's modules
After=misp-workers.service
@@ -654,30 +654,30 @@ sudo git clone RestartSec=10
[Install]
-WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-modules.service
+WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-modules.service
The After=misp-workers.service must be changed or removed if you have not created a misp-workers service. Then, enable the misp-modules service and start it:
-systemctl daemon-reload
-systemctl enable --now misp-modules
+systemctl daemon-reload
+systemctl enable --now misp-modules
How to use an MISP modules Docker container¶
Docker build¶
-docker build -t misp-modules \
- --build-arg BUILD_DATE=$(date -u +"%Y-%m-%d") \
- docker/
+docker build -t misp-modules \
+ --build-arg BUILD_DATE=$(date -u +"%Y-%m-%d") \
+ docker/
Docker run¶
# Start Redis
-docker run --rm -d --name=misp-redis redis:alpine
+docker run --rm -d --name=misp-redis redis:alpine
# Start MISP-modules
-docker run \
- --rm -d --name=misp-modules \
- -e REDIS_BACKEND=misp-redis \
- -e REDIS_PORT="6379" \
- -e REDIS_PW="" \
- -e REDIS_DATABASE="245" \
- -e MISP_MODULES_DEBUG="false" \
- dcso/misp-dockerized-misp-modules
+docker run \
+ --rm -d --name=misp-modules \
+ -e REDIS_BACKEND=misp-redis \
+ -e REDIS_PORT="6379" \
+ -e REDIS_PW="" \
+ -e REDIS_DATABASE="245" \
+ -e MISP_MODULES_DEBUG="false" \
+ dcso/misp-dockerized-misp-modules
Docker-compose¶
services:
diff --git a/sitemap.xml b/sitemap.xml
index 35f6959..6917916 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -2,37 +2,37 @@
https://www.misp-project.org/
- 2023-01-23
+ 2023-03-20
daily
https://www.misp-project.org/contribute/
- 2023-01-23
+ 2023-03-20
daily
https://www.misp-project.org/expansion/
- 2023-01-23
+ 2023-03-20
daily
https://www.misp-project.org/export_mod/
- 2023-01-23
+ 2023-03-20
daily
https://www.misp-project.org/import_mod/
- 2023-01-23
+ 2023-03-20
daily
https://www.misp-project.org/install/
- 2023-01-23
+ 2023-03-20
daily
https://www.misp-project.org/license/
- 2023-01-23
+ 2023-03-20
daily
\ No newline at end of file
diff --git a/sitemap.xml.gz b/sitemap.xml.gz
index 7c3418a..c918776 100644
Binary files a/sitemap.xml.gz and b/sitemap.xml.gz differ