MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add: Added documentation for the cpe module

pull/437/head
chrisr3d 2020-10-24 23:52:06 +02:00
parent 88c8d9077c
commit 6660e2fc11
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
3 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -31,6 +31,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj
* [CIRCL Passive SSL](misp_modules/modules/expansion/circl_passivessl.py) - a hover and expansion module to expand IP addresses with the X.509 certificate(s) seen.
* [countrycode](misp_modules/modules/expansion/countrycode.py) - a hover module to tell you what country a URL belongs to.
* [CrowdStrike Falcon](misp_modules/modules/expansion/crowdstrike_falcon.py) - an expansion module to expand using CrowdStrike Falcon Intel Indicator API.
* [CPE](misp_modules/modules/expansion/cpe.py) - An expansion module to query the CVE Search API with a cpe code, to get its related vulnerabilities.
* [CVE](misp_modules/modules/expansion/cve.py) - a hover module to give more information about a vulnerability (CVE).
* [CVE advanced](misp_modules/modules/expansion/cve_advanced.py) - An expansion module to query the CIRCL CVE search API for more information about a vulnerability (CVE).
* [Cuckoo submit](misp_modules/modules/expansion/cuckoo_submit.py) - A hover module to submit malware sample, url, attachment, domain to Cuckoo Sandbox.

21
doc/README.md
View File

@ -222,6 +222,27 @@ Module to expand country codes.
-----
#### [cpe](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/cpe.py)
<img src=logos/cpe.py height=60>
An expansion module to query the CVE search API with a cpe code to get its related vulnerabilities.
- **features**:
>The module takes a cpe attribute as input and queries the CVE search API to get its related vulnerabilities.
>The list of vulnerabilities is then parsed and returned as vulnerability objects.
>
>Users can use their own CVE search API url by defining a value to the custom_API_URL parameter. If no custom API url is given, the default cve.circl.lu api url is used.
>
>In order to limit the amount of data returned by CVE serach, users can also the limit parameter. With the limit set, the API returns only the requested number of vulnerabilities, sorted from the highest cvss score to the lowest one.
- **input**:
>CPE attribute.
- **output**:
>The vulnerabilities related to the CPE.
- **references**:
>https://cve.circl.lu/api/
-----
#### [crowdstrike_falcon](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/crowdstrike_falcon.py)
<img src=logos/crowdstrike.png height=60>

2
misp_modules/modules/expansion/cpe.py
View File

@ -88,7 +88,7 @@ class VulnerabilitiesParser():
def check_url(url):
return "{}/".format(url) if not url.endswith('/') else url
return url if url.endswith('/') else f"{url}/"
def handler(q=False):