MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Deployed 4711dcb with MkDocs version: 1.6.0

gh-pages
Alexandre Dulaunoy 2024-07-19 17:29:35 +02:00
parent 9b6fa9e9d2
commit 6dd34a3e8f
2 changed files with 2 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
expansion/index.html
View File

@ -1114,15 +1114,6 @@
</span> </span>
</a> </a>
</li>
<li class="md-nav__item">
<a href="#vysion" class="md-nav__link">
<span class="md-ellipsis">
vysion
</span>
</a>
</li> </li>
<li class="md-nav__item"> <li class="md-nav__item">
@ -2208,15 +2199,6 @@
</span> </span>
</a> </a>
</li>
<li class="md-nav__item">
<a href="#vysion" class="md-nav__link">
<span class="md-ellipsis">
vysion
</span>
</a>
</li> </li>
<li class="md-nav__item"> <li class="md-nav__item">
@ -3959,7 +3941,7 @@ A domain, hash (md5, sha1, sha256 or sha512), hostname or IP address attribute.
MISP attributes and objects resulting from the parsing of the VirusTotal report concerning the input attribute. MISP attributes and objects resulting from the parsing of the VirusTotal report concerning the input attribute.
- <strong>references</strong>: - <strong>references</strong>:
- <a href="https://www.virustotal.com/">https://www.virustotal.com/</a> - <a href="https://www.virustotal.com/">https://www.virustotal.com/</a>
- <a href="https://developers.virustotal.com/reference">https://developers.virustotal.com/reference</a> - <a href="https://docs.virustotal.com/reference/overview">https://docs.virustotal.com/reference/overview</a>
- <strong>requirements</strong>: - <strong>requirements</strong>:
An access to the VirusTotal API (apikey), with a high request rate limit.</p> An access to the VirusTotal API (apikey), with a high request rate limit.</p>
</blockquote> </blockquote>
@ -3979,7 +3961,7 @@ A domain, hostname, ip, url or hash (md5, sha1, sha256 or sha512) attribute.
MISP attributes and objects resulting from the parsing of the VirusTotal report concerning the input attribute. MISP attributes and objects resulting from the parsing of the VirusTotal report concerning the input attribute.
- <strong>references</strong>: - <strong>references</strong>:
- <a href="https://www.virustotal.com">https://www.virustotal.com</a> - <a href="https://www.virustotal.com">https://www.virustotal.com</a>
- <a href="https://developers.virustotal.com/reference">https://developers.virustotal.com/reference</a> - <a href="https://docs.virustotal.com/reference/overview">https://docs.virustotal.com/reference/overview</a>
- <strong>requirements</strong>: - <strong>requirements</strong>:
An access to the VirusTotal API (apikey)</p> An access to the VirusTotal API (apikey)</p>
</blockquote> </blockquote>
@ -4058,25 +4040,6 @@ Text giving additional information about the CVE in input.
- An access to the Vulners API</p> - An access to the Vulners API</p>
</blockquote> </blockquote>
<hr /> <hr />
<h4 id="vysion"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vysion.py">vysion</a><a class="headerlink" href="#vysion" title="Permanent link">&para;</a></h4>
<p><img src=../logos/vysion.png height=60></p>
<p>Module to enrich the information by making use of the Vysion API.
- <strong>features</strong>:</p>
<blockquote>
<p>This module gets correlated information from our dark web intelligence database. With this you will get several objects containing information related to, for example, an organization victim of a ransomware attack.
- <strong>input</strong>:
MISP Attribute which include: company(target-org), country, info.
- <strong>output</strong>:
MISP objects containing title, link to our webapp and TOR, i2p or clearnet URLs.
- <strong>references</strong>:
- <a href="https://vysion.ai/">https://vysion.ai/</a>
- <a href="https://developers.vysion.ai/">https://developers.vysion.ai/</a>
- <a href="https://github.com/ByronLabs/vysion-cti/tree/main">https://github.com/ByronLabs/vysion-cti/tree/main</a>
- <strong>requirements</strong>:
- Vysion python library
- Vysion API Key</p>
</blockquote>
<hr />
<h4 id="whois"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py">whois</a><a class="headerlink" href="#whois" title="Permanent link">&para;</a></h4> <h4 id="whois"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/whois.py">whois</a><a class="headerlink" href="#whois" title="Permanent link">&para;</a></h4>
<p>Module to query a local instance of uwhois (<a href="https://github.com/rafiot/uwhoisd">https://github.com/rafiot/uwhoisd</a>). <p>Module to query a local instance of uwhois (<a href="https://github.com/rafiot/uwhoisd">https://github.com/rafiot/uwhoisd</a>).
- <strong>features</strong>:</p> - <strong>features</strong>:</p>

1
index.html
View File

@ -645,7 +645,6 @@ without modifying core components. The API is available via a simple REST API wh
<li><a href="misp_modules/modules/expansion/eql.py">EQL</a> - an expansion module to generate event query language (EQL) from an attribute. <a href="https://eql.readthedocs.io/en/latest/">Event Query Language</a></li> <li><a href="misp_modules/modules/expansion/eql.py">EQL</a> - an expansion module to generate event query language (EQL) from an attribute. <a href="https://eql.readthedocs.io/en/latest/">Event Query Language</a></li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/farsight_passivedns.py">Farsight DNSDB Passive DNS</a> - a hover and expansion module to expand hostname and IP addresses with passive DNS information.</li> <li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/farsight_passivedns.py">Farsight DNSDB Passive DNS</a> - a hover and expansion module to expand hostname and IP addresses with passive DNS information.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/geoip_country.py">GeoIP</a> - a hover and expansion module to get GeoIP information from geolite/maxmind.</li> <li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/geoip_country.py">GeoIP</a> - a hover and expansion module to get GeoIP information from geolite/maxmind.</li>
<li>[Google Threat Intelligence] (<a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/google_threat_intelligence.py">https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/google_threat_intelligence.py</a>) - An expansion module to have the observable's threat score assessed by Google Threat Intelligence.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/greynoise.py">Greynoise</a> - a hover to get information from greynoise.</li> <li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/greynoise.py">Greynoise</a> - a hover to get information from greynoise.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py">hashdd</a> - a hover module to check file hashes against <a href="http://www.hashdd.com">hashdd.com</a> including NSLR dataset.</li> <li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashdd.py">hashdd</a> - a hover module to check file hashes against <a href="http://www.hashdd.com">hashdd.com</a> including NSLR dataset.</li>
<li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py">hibp</a> - a hover module to lookup against Have I Been Pwned?</li> <li><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py">hibp</a> - a hover module to lookup against Have I Been Pwned?</li>