mirror of https://github.com/MISP/misp-modules
Deployed 4e36bc6
with MkDocs version: 1.0.4
parent
c06963410c
commit
65932ca350
|
@ -533,6 +533,13 @@
|
||||||
macvendors
|
macvendors
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="md-nav__item">
|
||||||
|
<a href="#malwarebazaar" title="malwarebazaar" class="md-nav__link">
|
||||||
|
malwarebazaar
|
||||||
|
</a>
|
||||||
|
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
<li class="md-nav__item">
|
<li class="md-nav__item">
|
||||||
|
@ -673,6 +680,13 @@
|
||||||
threatminer
|
threatminer
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="md-nav__item">
|
||||||
|
<a href="#trustar_enrich" title="trustar_enrich" class="md-nav__link">
|
||||||
|
trustar_enrich
|
||||||
|
</a>
|
||||||
|
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
<li class="md-nav__item">
|
<li class="md-nav__item">
|
||||||
|
@ -1134,6 +1148,13 @@
|
||||||
macvendors
|
macvendors
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="md-nav__item">
|
||||||
|
<a href="#malwarebazaar" title="malwarebazaar" class="md-nav__link">
|
||||||
|
malwarebazaar
|
||||||
|
</a>
|
||||||
|
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
<li class="md-nav__item">
|
<li class="md-nav__item">
|
||||||
|
@ -1274,6 +1295,13 @@
|
||||||
threatminer
|
threatminer
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="md-nav__item">
|
||||||
|
<a href="#trustar_enrich" title="trustar_enrich" class="md-nav__link">
|
||||||
|
trustar_enrich
|
||||||
|
</a>
|
||||||
|
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
<li class="md-nav__item">
|
<li class="md-nav__item">
|
||||||
|
@ -2011,6 +2039,20 @@ Additional information about the MAC address.
|
||||||
<a href="https://macvendors.com/">https://macvendors.com/</a>, <a href="https://macvendors.com/api">https://macvendors.com/api</a></p>
|
<a href="https://macvendors.com/">https://macvendors.com/</a>, <a href="https://macvendors.com/api">https://macvendors.com/api</a></p>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
<hr />
|
<hr />
|
||||||
|
<h4 id="malwarebazaar"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/malwarebazaar.py">malwarebazaar</a><a class="headerlink" href="#malwarebazaar" title="Permanent link">¶</a></h4>
|
||||||
|
<p>Query the MALWAREbazaar API to get additional information about the input hash attribute.
|
||||||
|
- <strong>features</strong>:</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>The module takes a hash attribute as input and queries MALWAREbazaar's API to fetch additional data about it. The result, if the payload is known on the databases, is at least one file object describing the file the input hash is related to.</p>
|
||||||
|
<p>The module is using the new format of modules able to return object since the result is one or multiple MISP object(s).
|
||||||
|
- <strong>input</strong>:
|
||||||
|
A hash attribute (md5, sha1 or sha256).
|
||||||
|
- <strong>output</strong>:
|
||||||
|
File object(s) related to the input attribute found on MALWAREbazaar databases.
|
||||||
|
- <strong>references</strong>:
|
||||||
|
<a href="https://bazaar.abuse.ch/">https://bazaar.abuse.ch/</a></p>
|
||||||
|
</blockquote>
|
||||||
|
<hr />
|
||||||
<h4 id="ocr-enrich"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ocr-enrich.py">ocr-enrich</a><a class="headerlink" href="#ocr-enrich" title="Permanent link">¶</a></h4>
|
<h4 id="ocr-enrich"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/ocr-enrich.py">ocr-enrich</a><a class="headerlink" href="#ocr-enrich" title="Permanent link">¶</a></h4>
|
||||||
<p>Module to process some optical character recognition on pictures.
|
<p>Module to process some optical character recognition on pictures.
|
||||||
- <strong>features</strong>:</p>
|
- <strong>features</strong>:</p>
|
||||||
|
@ -2428,6 +2470,32 @@ MISP attributes mapped from the result of the query on ThreatMiner, included in
|
||||||
<a href="https://www.threatminer.org/">https://www.threatminer.org/</a></p>
|
<a href="https://www.threatminer.org/">https://www.threatminer.org/</a></p>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
<hr />
|
<hr />
|
||||||
|
<h4 id="trustar_enrich"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/trustar_enrich.py">trustar_enrich</a><a class="headerlink" href="#trustar_enrich" title="Permanent link">¶</a></h4>
|
||||||
|
<p><img src=logos/trustar.png height=60></p>
|
||||||
|
<p>Module to get enrich indicators with TruSTAR.
|
||||||
|
- <strong>features</strong>:</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>This module enriches MISP attributes with scoring and metadata from TruSTAR.</p>
|
||||||
|
<p>The TruSTAR indicator summary is appended to the attributes along with links to any associated reports.
|
||||||
|
- <strong>input</strong>:
|
||||||
|
Any of the following MISP attributes:
|
||||||
|
- btc
|
||||||
|
- domain
|
||||||
|
- email-src
|
||||||
|
- filename
|
||||||
|
- hostname
|
||||||
|
- ip-src
|
||||||
|
- ip-dst
|
||||||
|
- md5
|
||||||
|
- sha1
|
||||||
|
- sha256
|
||||||
|
- url
|
||||||
|
- <strong>output</strong>:
|
||||||
|
MISP attributes enriched with indicator summary data from the TruSTAR API. Data includes a severity level score and additional source and scoring info.
|
||||||
|
- <strong>references</strong>:
|
||||||
|
<a href="https://docs.trustar.co/api/v13/indicators/get_indicator_summaries.html">https://docs.trustar.co/api/v13/indicators/get_indicator_summaries.html</a></p>
|
||||||
|
</blockquote>
|
||||||
|
<hr />
|
||||||
<h4 id="urlhaus"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlhaus.py">urlhaus</a><a class="headerlink" href="#urlhaus" title="Permanent link">¶</a></h4>
|
<h4 id="urlhaus"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/urlhaus.py">urlhaus</a><a class="headerlink" href="#urlhaus" title="Permanent link">¶</a></h4>
|
||||||
<p><img src=logos/urlhaus.png height=60></p>
|
<p><img src=logos/urlhaus.png height=60></p>
|
||||||
<p>Query of the URLhaus API to get additional information about the input attribute.
|
<p>Query of the URLhaus API to get additional information about the input attribute.
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 37 KiB |
Binary file not shown.
After Width: | Height: | Size: 37 KiB |
Binary file not shown.
After Width: | Height: | Size: 37 KiB |
|
@ -549,8 +549,28 @@ sudo apt-get install -y <span class="se">\</span>
|
||||||
<span class="c1"># END with virtualenv</span>
|
<span class="c1"># END with virtualenv</span>
|
||||||
|
|
||||||
<span class="nb">cd</span> /usr/local/src/
|
<span class="nb">cd</span> /usr/local/src/
|
||||||
sudo git clone https://github.com/MISP/misp-modules.git
|
<span class="c1"># Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp</span>
|
||||||
<span class="nb">cd</span> misp-modules
|
sudo adduser misp staff
|
||||||
|
sudo chmod <span class="m">2775</span> /usr/local/src
|
||||||
|
sudo chown root:staff /usr/local/src
|
||||||
|
git clone https://github.com/MISP/misp-modules.git
|
||||||
|
git clone git://github.com/stricaud/faup.git faup
|
||||||
|
git clone git://github.com/stricaud/gtcaca.git gtcaca
|
||||||
|
|
||||||
|
<span class="c1"># Install gtcaca/faup</span>
|
||||||
|
<span class="nb">cd</span> gtcaca
|
||||||
|
mkdir -p build
|
||||||
|
<span class="nb">cd</span> build
|
||||||
|
cmake .. <span class="o">&&</span> make
|
||||||
|
sudo make install
|
||||||
|
<span class="nb">cd</span> ../../faup
|
||||||
|
mkdir -p build
|
||||||
|
<span class="nb">cd</span> build
|
||||||
|
cmake .. <span class="o">&&</span> make
|
||||||
|
sudo make install
|
||||||
|
sudo ldconfig
|
||||||
|
|
||||||
|
<span class="nb">cd</span> ../../misp-modules
|
||||||
|
|
||||||
<span class="c1"># BEGIN with virtualenv: </span>
|
<span class="c1"># BEGIN with virtualenv: </span>
|
||||||
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
|
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||||
|
|
File diff suppressed because one or more lines are too long
14
sitemap.xml
14
sitemap.xml
|
@ -2,37 +2,37 @@
|
||||||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
||||||
<url>
|
<url>
|
||||||
<loc>https://www.misp-project.org/</loc>
|
<loc>https://www.misp-project.org/</loc>
|
||||||
<lastmod>2020-04-08</lastmod>
|
<lastmod>2020-07-27</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
<url>
|
<url>
|
||||||
<loc>https://www.misp-project.org/expansion/</loc>
|
<loc>https://www.misp-project.org/expansion/</loc>
|
||||||
<lastmod>2020-04-08</lastmod>
|
<lastmod>2020-07-27</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
<url>
|
<url>
|
||||||
<loc>https://www.misp-project.org/export_mod/</loc>
|
<loc>https://www.misp-project.org/export_mod/</loc>
|
||||||
<lastmod>2020-04-08</lastmod>
|
<lastmod>2020-07-27</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
<url>
|
<url>
|
||||||
<loc>https://www.misp-project.org/import_mod/</loc>
|
<loc>https://www.misp-project.org/import_mod/</loc>
|
||||||
<lastmod>2020-04-08</lastmod>
|
<lastmod>2020-07-27</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
<url>
|
<url>
|
||||||
<loc>https://www.misp-project.org/install/</loc>
|
<loc>https://www.misp-project.org/install/</loc>
|
||||||
<lastmod>2020-04-08</lastmod>
|
<lastmod>2020-07-27</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
<url>
|
<url>
|
||||||
<loc>https://www.misp-project.org/contribute/</loc>
|
<loc>https://www.misp-project.org/contribute/</loc>
|
||||||
<lastmod>2020-04-08</lastmod>
|
<lastmod>2020-07-27</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
<url>
|
<url>
|
||||||
<loc>https://www.misp-project.org/license/</loc>
|
<loc>https://www.misp-project.org/license/</loc>
|
||||||
<lastmod>2020-04-08</lastmod>
|
<lastmod>2020-07-27</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
</urlset>
|
</urlset>
|
BIN
sitemap.xml.gz
BIN
sitemap.xml.gz
Binary file not shown.
Loading…
Reference in New Issue