MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [doc] updated

pull/667/head v2.4.192
Alexandre Dulaunoy 2024-06-06 07:43:55 +02:00
parent f023c2ba5d
commit 55d63f804a
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
3 changed files with 40 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -45,6 +45,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
* [GeoIP](misp_modules/modules/expansion/geoip_country.py) - a hover and expansion module to get GeoIP information from geolite/maxmind.
* [GeoIP_City](misp_modules/modules/expansion/geoip_city.py) - a hover and expansion module to get GeoIP City information from geolite/maxmind.
* [GeoIP_ASN](misp_modules/modules/expansion/geoip_asn.py) - a hover and expansion module to get GeoIP ASN information from geolite/maxmind.
* [Google Threat Intelligence] (https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/google_threat_intelligence.py) - An expansion module to have the observable's threat score assessed by Google Threat Intelligence.
* [GreyNoise](misp_modules/modules/expansion/greynoise.py) - a hover and expansion module to get IP and CVE information from GreyNoise.
* [hashdd](misp_modules/modules/expansion/hashdd.py) - a hover module to check file hashes against [hashdd.com](http://www.hashdd.com) including NSLR dataset.
* [Hashlookup](misp_modules/modules/expansion/hashlookup.py) - An expansion module to enrich a file hash with hashlookup.circl.lu services (NSRL and other sources)

15
documentation/README.md
View File

@ -640,7 +640,6 @@ Module to query a local copy of Maxmind's Geolite database.
#### [google_search](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/google_search.py)
<img src=logos/google.png height=60>
- **descrption**:
>A hover module to get information about an url using a Google search.
- **features**:
@ -660,20 +659,20 @@ Module to query a local copy of Maxmind's Geolite database.
<img src=logos/google_threat_intelligence.png height=60>
- **description**:
An expansion module to have the observable's threat score assessed by Google Threat Intelligence.
- **features**:
>The module gives the Google Threat Intelligence assessment including a verdict for the given obsevable. [Example screeshot](https://github.com/MISP/MISP/assets/4747608/e275db2f-bb1e-4413-8cc0-ec3cb05e0414)
]
>GTI assessment for the given observable, this include information about level of severity, a clear verdict (malicious, suspicious, undetected and bening) and additional information provided by the Mandiant expertise combined with the VirusTotal database.
>
>[Output example screeshot](https://github.com/MISP/MISP/assets/4747608/e275db2f-bb1e-4413-8cc0-ec3cb05e0414)
- **input**:
>'hostname', 'domain', 'ip-src', 'ip-dst', 'md5', 'sha1', 'sha256', 'url'.
>A domain, hash (md5, sha1, sha256 or sha512), hostname or IP address attribute.
- **output**:
>Text fields containing the threat score, the severity, the verdict and the threat label of the observable inspected.
- **references**:
>https://gtidocs.virustotal.com/reference
> - https://www.virustotal.com/
> - https://gtidocs.virustotal.com/reference
- **requirements**:
>- pymisp
>- vt
>An access to the Google Threat Intelligence API (apikey), with a high request rate limit.
-----

21
documentation/mkdocs/expansion.md
View File

@ -652,6 +652,27 @@ Module to query a local copy of Maxmind's Geolite database.
-----
#### [google_threat_intelligence](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/google_threat_intelligence.py)
<img src=../logos/google_threat_intelligence.png height=60>
An expansion module to have the observable's threat score assessed by Google Threat Intelligence.
- **features**:
>GTI assessment for the given observable, this include information about level of severity, a clear verdict (malicious, suspicious, undetected and bening) and additional information provided by the Mandiant expertise combined with the VirusTotal database.
>
>[Output example screeshot](https://github.com/MISP/MISP/assets/4747608/e275db2f-bb1e-4413-8cc0-ec3cb05e0414)
- **input**:
>A domain, hash (md5, sha1, sha256 or sha512), hostname or IP address attribute.
- **output**:
>Text fields containing the threat score, the severity, the verdict and the threat label of the observable inspected.
- **references**:
> - https://www.virustotal.com/
> - https://gtidocs.virustotal.com/reference
- **requirements**:
>An access to the Google Threat Intelligence API (apikey), with a high request rate limit.
-----
#### [greynoise](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/greynoise.py)
<img src=../logos/greynoise.png height=60>