mirror of https://github.com/MISP/misp-modules
Deployed 6dcba6c
with MkDocs version: 1.0.4
parent
ca9417f6e8
commit
714d9fb813
|
@ -91,7 +91,7 @@
|
|||
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
|
||||
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
|
||||
|
||||
<a href="#backscatter_io" tabindex="1" class="md-skip">
|
||||
<a href="#apiosintds" tabindex="1" class="md-skip">
|
||||
Skip to content
|
||||
</a>
|
||||
|
||||
|
@ -283,6 +283,20 @@
|
|||
<label class="md-nav__title" for="__toc">Table of contents</label>
|
||||
<ul class="md-nav__list" data-md-scrollfix>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#apiosintds" title="apiosintds" class="md-nav__link">
|
||||
apiosintds
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#assemblyline_submit" title="assemblyline_submit" class="md-nav__link">
|
||||
assemblyline_submit
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#backscatter_io" title="backscatter_io" class="md-nav__link">
|
||||
backscatter_io
|
||||
|
@ -379,6 +393,13 @@
|
|||
domaintools
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#eql" title="eql" class="md-nav__link">
|
||||
eql
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -821,6 +842,20 @@
|
|||
<label class="md-nav__title" for="__toc">Table of contents</label>
|
||||
<ul class="md-nav__list" data-md-scrollfix>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#apiosintds" title="apiosintds" class="md-nav__link">
|
||||
apiosintds
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#assemblyline_submit" title="assemblyline_submit" class="md-nav__link">
|
||||
assemblyline_submit
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#backscatter_io" title="backscatter_io" class="md-nav__link">
|
||||
backscatter_io
|
||||
|
@ -917,6 +952,13 @@
|
|||
domaintools
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#eql" title="eql" class="md-nav__link">
|
||||
eql
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -1260,7 +1302,41 @@
|
|||
|
||||
<h1>Expansion Modules</h1>
|
||||
|
||||
<h4 id="backscatter_io"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py">backscatter_io</a><a class="headerlink" href="#backscatter_io" title="Permanent link">¶</a></h4>
|
||||
<h4 id="apiosintds"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/apiosintds.py">apiosintds</a><a class="headerlink" href="#apiosintds" title="Permanent link">¶</a></h4>
|
||||
<p>On demand query API for OSINT.digitalside.it project.
|
||||
- <strong>features</strong>:</p>
|
||||
<blockquote>
|
||||
<p>The module simply queries the API of OSINT.digitalside.it with a domain, ip, url or hash attribute.</p>
|
||||
<p>The result of the query is then parsed to extract additional hashes or urls. A module parameters also allows to parse the hashes related to the urls.</p>
|
||||
<p>Furthermore, it is possible to cache the urls and hashes collected over the last 7 days by OSINT.digitalside.it
|
||||
- <strong>input</strong>:
|
||||
A domain, ip, url or hash attribute.
|
||||
- <strong>output</strong>:
|
||||
Hashes and urls resulting from the query to OSINT.digitalside.it
|
||||
- <strong>references</strong>:
|
||||
<a href="https://osint.digitalside.it/#About">https://osint.digitalside.it/#About</a>
|
||||
- <strong>requirements</strong>:
|
||||
The apiosintDS python library to query the OSINT.digitalside.it API.</p>
|
||||
</blockquote>
|
||||
<hr />
|
||||
<h4 id="assemblyline_submit"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/assemblyline_submit.py">assemblyline_submit</a><a class="headerlink" href="#assemblyline_submit" title="Permanent link">¶</a></h4>
|
||||
<p><img src=logos/assemblyline.png height=60></p>
|
||||
<p>A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission.
|
||||
- <strong>features</strong>:</p>
|
||||
<blockquote>
|
||||
<p>The module requires the address of the AssemblyLine server you want to query as well as your credentials in this instance. Credentials include the user-ID and an API key or the password associated to the user-ID.</p>
|
||||
<p>If the sample or url is correctly submitted, you get then the link of the submission.
|
||||
- <strong>input</strong>:
|
||||
Sample, or url to submit to AssemblyLine.
|
||||
- <strong>output</strong>:
|
||||
Link of the report generated in AssemblyLine.
|
||||
- <strong>references</strong>:
|
||||
<a href="https://www.cyber.gc.ca/en/assemblyline">https://www.cyber.gc.ca/en/assemblyline</a>
|
||||
- <strong>requirements</strong>:
|
||||
assemblyline_client: Python library to query the AssemblyLine rest API.</p>
|
||||
</blockquote>
|
||||
<hr />
|
||||
<h4 id="backscatter_io"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py">backscatter_io</a><a class="headerlink" href="#backscatter_io" title="Permanent link">¶</a></h4>
|
||||
<p><img src=logos/backscatter_io.png height=60></p>
|
||||
<p>Query backscatter.io (<a href="https://backscatter.io/">https://backscatter.io/</a>).
|
||||
- <strong>features</strong>:</p>
|
||||
|
@ -1530,6 +1606,20 @@ MISP attributes mapped after the Domaintools API has been queried, included in t
|
|||
Domaintools python library, A Domaintools API access (username & apikey)</p>
|
||||
</blockquote>
|
||||
<hr />
|
||||
<h4 id="eql"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/eql.py">eql</a><a class="headerlink" href="#eql" title="Permanent link">¶</a></h4>
|
||||
<p><img src=logos/eql.png height=60></p>
|
||||
<p>EQL query generation for a MISP attribute.
|
||||
- <strong>features</strong>:</p>
|
||||
<blockquote>
|
||||
<p>This module adds a new attribute to a MISP event containing an EQL query for a network or file attribute.
|
||||
- <strong>input</strong>:
|
||||
A filename or ip attribute.
|
||||
- <strong>output</strong>:
|
||||
Attribute containing EQL for a network or file attribute.
|
||||
- <strong>references</strong>:
|
||||
<a href="https://eql.readthedocs.io/en/latest/">https://eql.readthedocs.io/en/latest/</a></p>
|
||||
</blockquote>
|
||||
<hr />
|
||||
<h4 id="eupi"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/eupi.py">eupi</a><a class="headerlink" href="#eupi" title="Permanent link">¶</a></h4>
|
||||
<p><img src=logos/eupi.png height=60></p>
|
||||
<p>A module to query the Phishing Initiative service (<a href="https://phishing-initiative.lu">https://phishing-initiative.lu</a>).
|
||||
|
@ -1698,7 +1788,7 @@ jbxapi: Joe Sandbox API python3 library</p>
|
|||
- <strong>input</strong>:
|
||||
Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.
|
||||
- <strong>output</strong>:
|
||||
Link of the data in input submitted to Joe Sandbox.
|
||||
Link of the report generated in Joe Sandbox.
|
||||
- <strong>references</strong>:
|
||||
<a href="https://www.joesecurity.org">https://www.joesecurity.org</a>, <a href="https://www.joesandbox.com/">https://www.joesandbox.com/</a>
|
||||
- <strong>requirements</strong>:
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 171 KiB |
Binary file not shown.
After Width: | Height: | Size: 61 KiB |
|
@ -321,6 +321,13 @@
|
|||
liteexport
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#mass_eql_export" title="mass_eql_export" class="md-nav__link">
|
||||
mass_eql_export
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -497,6 +504,13 @@
|
|||
liteexport
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#mass_eql_export" title="mass_eql_export" class="md-nav__link">
|
||||
mass_eql_export
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -630,6 +644,20 @@ MISP Event attributes
|
|||
Lite MISP Event</p>
|
||||
</blockquote>
|
||||
<hr />
|
||||
<h4 id="mass_eql_export"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/mass_eql_export.py">mass_eql_export</a><a class="headerlink" href="#mass_eql_export" title="Permanent link">¶</a></h4>
|
||||
<p><img src=logos/eql.png height=60></p>
|
||||
<p>Mass EQL query export for a MISP event.
|
||||
- <strong>features</strong>:</p>
|
||||
<blockquote>
|
||||
<p>This module produces EQL queries for all relevant attributes in a MISP event.
|
||||
- <strong>input</strong>:
|
||||
MISP Event attributes
|
||||
- <strong>output</strong>:
|
||||
Text file containing one or more EQL queries
|
||||
- <strong>references</strong>:
|
||||
<a href="https://eql.readthedocs.io/en/latest/">https://eql.readthedocs.io/en/latest/</a></p>
|
||||
</blockquote>
|
||||
<hr />
|
||||
<h4 id="nexthinkexport"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/nexthinkexport.py">nexthinkexport</a><a class="headerlink" href="#nexthinkexport" title="Permanent link">¶</a></h4>
|
||||
<p><img src=logos/nexthink.svg height=60></p>
|
||||
<p>Nexthink NXQL query export module
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 171 KiB |
Binary file not shown.
After Width: | Height: | Size: 61 KiB |
|
@ -564,11 +564,9 @@
|
|||
<p>Module to import MISP attributes from a csv file.
|
||||
- <strong>features</strong>:</p>
|
||||
<blockquote>
|
||||
<p>In order to parse data from a csv file, a header is required to let the module know which column is matching with known attribute fields / MISP types.
|
||||
This header is part of the configuration of the module and should be filled out in MISP plugin settings, each field separated by COMMAS. Fields that do not match with any type known in MISP can be ignored in import, using a space or simply nothing between two separators (example: 'ip-src, , comment, ').
|
||||
There is also one type that is confused and can be either a MISP attribute type or an attribute field: 'comment'. In this case, using 'attrComment' specifies that the attribute field 'comment' should be considered, otherwise it will be considered as the MISP attribute type.</p>
|
||||
<p>For each MISP attribute type, an attribute is created.
|
||||
Attribute fields that are imported are the following: value, type, category, to-ids, distribution, comment, tag.
|
||||
<p>In order to parse data from a csv file, a header is required to let the module know which column is matching with known attribute fields / MISP types.</p>
|
||||
<p>This header either comes from the csv file itself or is part of the configuration of the module and should be filled out in MISP plugin settings, each field separated by COMMAS. Fields that do not match with any type known in MISP or are not MISP attribute fields should be ignored in import, using a space or simply nothing between two separators (example: 'ip-src, , comment, ').</p>
|
||||
<p>If the csv file already contains a header that does not start by a '#', you should tick the checkbox 'has_header' to avoid importing it and have potential issues. You can also redefine the header even if it is already contained in the file, by following the rules for headers explained earlier. One reason why you would redefine a header is for instance when you want to skip some fields, or some fields are not valid types.
|
||||
- <strong>input</strong>:
|
||||
CSV format file.
|
||||
- <strong>output</strong>:
|
||||
|
|
Binary file not shown.
After Width: | Height: | Size: 171 KiB |
Binary file not shown.
After Width: | Height: | Size: 61 KiB |
File diff suppressed because one or more lines are too long
14
sitemap.xml
14
sitemap.xml
|
@ -2,37 +2,37 @@
|
|||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/</loc>
|
||||
<lastmod>2019-11-20</lastmod>
|
||||
<lastmod>2019-11-21</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/expansion/</loc>
|
||||
<lastmod>2019-11-20</lastmod>
|
||||
<lastmod>2019-11-21</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/export_mod/</loc>
|
||||
<lastmod>2019-11-20</lastmod>
|
||||
<lastmod>2019-11-21</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/import_mod/</loc>
|
||||
<lastmod>2019-11-20</lastmod>
|
||||
<lastmod>2019-11-21</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/install/</loc>
|
||||
<lastmod>2019-11-20</lastmod>
|
||||
<lastmod>2019-11-21</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/contribute/</loc>
|
||||
<lastmod>2019-11-20</lastmod>
|
||||
<lastmod>2019-11-21</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/license/</loc>
|
||||
<lastmod>2019-11-20</lastmod>
|
||||
<lastmod>2019-11-21</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
</urlset>
|
BIN
sitemap.xml.gz
BIN
sitemap.xml.gz
Binary file not shown.
Loading…
Reference in New Issue