Deployed 6dcba6c with MkDocs version: 1.0.4

gh-pages
Alexandre Dulaunoy 2019-11-21 08:16:21 +01:00
parent ca9417f6e8
commit 714d9fb813
12 changed files with 132 additions and 16 deletions

View File

@ -91,7 +91,7 @@
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#backscatter_io" tabindex="1" class="md-skip">
<a href="#apiosintds" tabindex="1" class="md-skip">
Skip to content
</a>
@ -283,6 +283,20 @@
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#apiosintds" title="apiosintds" class="md-nav__link">
apiosintds
</a>
</li>
<li class="md-nav__item">
<a href="#assemblyline_submit" title="assemblyline_submit" class="md-nav__link">
assemblyline_submit
</a>
</li>
<li class="md-nav__item">
<a href="#backscatter_io" title="backscatter_io" class="md-nav__link">
backscatter_io
@ -379,6 +393,13 @@
domaintools
</a>
</li>
<li class="md-nav__item">
<a href="#eql" title="eql" class="md-nav__link">
eql
</a>
</li>
<li class="md-nav__item">
@ -821,6 +842,20 @@
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#apiosintds" title="apiosintds" class="md-nav__link">
apiosintds
</a>
</li>
<li class="md-nav__item">
<a href="#assemblyline_submit" title="assemblyline_submit" class="md-nav__link">
assemblyline_submit
</a>
</li>
<li class="md-nav__item">
<a href="#backscatter_io" title="backscatter_io" class="md-nav__link">
backscatter_io
@ -917,6 +952,13 @@
domaintools
</a>
</li>
<li class="md-nav__item">
<a href="#eql" title="eql" class="md-nav__link">
eql
</a>
</li>
<li class="md-nav__item">
@ -1260,7 +1302,41 @@
<h1>Expansion Modules</h1>
<h4 id="backscatter_io"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py">backscatter_io</a><a class="headerlink" href="#backscatter_io" title="Permanent link">&para;</a></h4>
<h4 id="apiosintds"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/apiosintds.py">apiosintds</a><a class="headerlink" href="#apiosintds" title="Permanent link">&para;</a></h4>
<p>On demand query API for OSINT.digitalside.it project.
- <strong>features</strong>:</p>
<blockquote>
<p>The module simply queries the API of OSINT.digitalside.it with a domain, ip, url or hash attribute.</p>
<p>The result of the query is then parsed to extract additional hashes or urls. A module parameters also allows to parse the hashes related to the urls.</p>
<p>Furthermore, it is possible to cache the urls and hashes collected over the last 7 days by OSINT.digitalside.it
- <strong>input</strong>:
A domain, ip, url or hash attribute.
- <strong>output</strong>:
Hashes and urls resulting from the query to OSINT.digitalside.it
- <strong>references</strong>:
<a href="https://osint.digitalside.it/#About">https://osint.digitalside.it/#About</a>
- <strong>requirements</strong>:
The apiosintDS python library to query the OSINT.digitalside.it API.</p>
</blockquote>
<hr />
<h4 id="assemblyline_submit"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/assemblyline_submit.py">assemblyline_submit</a><a class="headerlink" href="#assemblyline_submit" title="Permanent link">&para;</a></h4>
<p><img src=logos/assemblyline.png height=60></p>
<p>A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission.
- <strong>features</strong>:</p>
<blockquote>
<p>The module requires the address of the AssemblyLine server you want to query as well as your credentials in this instance. Credentials include the user-ID and an API key or the password associated to the user-ID.</p>
<p>If the sample or url is correctly submitted, you get then the link of the submission.
- <strong>input</strong>:
Sample, or url to submit to AssemblyLine.
- <strong>output</strong>:
Link of the report generated in AssemblyLine.
- <strong>references</strong>:
<a href="https://www.cyber.gc.ca/en/assemblyline">https://www.cyber.gc.ca/en/assemblyline</a>
- <strong>requirements</strong>:
assemblyline_client: Python library to query the AssemblyLine rest API.</p>
</blockquote>
<hr />
<h4 id="backscatter_io"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/backscatter_io.py">backscatter_io</a><a class="headerlink" href="#backscatter_io" title="Permanent link">&para;</a></h4>
<p><img src=logos/backscatter_io.png height=60></p>
<p>Query backscatter.io (<a href="https://backscatter.io/">https://backscatter.io/</a>).
- <strong>features</strong>:</p>
@ -1530,6 +1606,20 @@ MISP attributes mapped after the Domaintools API has been queried, included in t
Domaintools python library, A Domaintools API access (username &amp; apikey)</p>
</blockquote>
<hr />
<h4 id="eql"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/eql.py">eql</a><a class="headerlink" href="#eql" title="Permanent link">&para;</a></h4>
<p><img src=logos/eql.png height=60></p>
<p>EQL query generation for a MISP attribute.
- <strong>features</strong>:</p>
<blockquote>
<p>This module adds a new attribute to a MISP event containing an EQL query for a network or file attribute.
- <strong>input</strong>:
A filename or ip attribute.
- <strong>output</strong>:
Attribute containing EQL for a network or file attribute.
- <strong>references</strong>:
<a href="https://eql.readthedocs.io/en/latest/">https://eql.readthedocs.io/en/latest/</a></p>
</blockquote>
<hr />
<h4 id="eupi"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/eupi.py">eupi</a><a class="headerlink" href="#eupi" title="Permanent link">&para;</a></h4>
<p><img src=logos/eupi.png height=60></p>
<p>A module to query the Phishing Initiative service (<a href="https://phishing-initiative.lu">https://phishing-initiative.lu</a>).
@ -1698,7 +1788,7 @@ jbxapi: Joe Sandbox API python3 library</p>
- <strong>input</strong>:
Sample, url (or domain) to submit to Joe Sandbox for an advanced analysis.
- <strong>output</strong>:
Link of the data in input submitted to Joe Sandbox.
Link of the report generated in Joe Sandbox.
- <strong>references</strong>:
<a href="https://www.joesecurity.org">https://www.joesecurity.org</a>, <a href="https://www.joesandbox.com/">https://www.joesandbox.com/</a>
- <strong>requirements</strong>:

Binary file not shown.

After

Width:  |  Height:  |  Size: 171 KiB

BIN
expansion/logos/eql.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 61 KiB

View File

@ -321,6 +321,13 @@
liteexport
</a>
</li>
<li class="md-nav__item">
<a href="#mass_eql_export" title="mass_eql_export" class="md-nav__link">
mass_eql_export
</a>
</li>
<li class="md-nav__item">
@ -497,6 +504,13 @@
liteexport
</a>
</li>
<li class="md-nav__item">
<a href="#mass_eql_export" title="mass_eql_export" class="md-nav__link">
mass_eql_export
</a>
</li>
<li class="md-nav__item">
@ -630,6 +644,20 @@ MISP Event attributes
Lite MISP Event</p>
</blockquote>
<hr />
<h4 id="mass_eql_export"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/mass_eql_export.py">mass_eql_export</a><a class="headerlink" href="#mass_eql_export" title="Permanent link">&para;</a></h4>
<p><img src=logos/eql.png height=60></p>
<p>Mass EQL query export for a MISP event.
- <strong>features</strong>:</p>
<blockquote>
<p>This module produces EQL queries for all relevant attributes in a MISP event.
- <strong>input</strong>:
MISP Event attributes
- <strong>output</strong>:
Text file containing one or more EQL queries
- <strong>references</strong>:
<a href="https://eql.readthedocs.io/en/latest/">https://eql.readthedocs.io/en/latest/</a></p>
</blockquote>
<hr />
<h4 id="nexthinkexport"><a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/nexthinkexport.py">nexthinkexport</a><a class="headerlink" href="#nexthinkexport" title="Permanent link">&para;</a></h4>
<p><img src=logos/nexthink.svg height=60></p>
<p>Nexthink NXQL query export module

Binary file not shown.

After

Width:  |  Height:  |  Size: 171 KiB

BIN
export_mod/logos/eql.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 61 KiB

View File

@ -564,11 +564,9 @@
<p>Module to import MISP attributes from a csv file.
- <strong>features</strong>:</p>
<blockquote>
<p>In order to parse data from a csv file, a header is required to let the module know which column is matching with known attribute fields / MISP types.
This header is part of the configuration of the module and should be filled out in MISP plugin settings, each field separated by COMMAS. Fields that do not match with any type known in MISP can be ignored in import, using a space or simply nothing between two separators (example: 'ip-src, , comment, ').
There is also one type that is confused and can be either a MISP attribute type or an attribute field: 'comment'. In this case, using 'attrComment' specifies that the attribute field 'comment' should be considered, otherwise it will be considered as the MISP attribute type.</p>
<p>For each MISP attribute type, an attribute is created.
Attribute fields that are imported are the following: value, type, category, to-ids, distribution, comment, tag.
<p>In order to parse data from a csv file, a header is required to let the module know which column is matching with known attribute fields / MISP types.</p>
<p>This header either comes from the csv file itself or is part of the configuration of the module and should be filled out in MISP plugin settings, each field separated by COMMAS. Fields that do not match with any type known in MISP or are not MISP attribute fields should be ignored in import, using a space or simply nothing between two separators (example: 'ip-src, , comment, ').</p>
<p>If the csv file already contains a header that does not start by a '#', you should tick the checkbox 'has_header' to avoid importing it and have potential issues. You can also redefine the header even if it is already contained in the file, by following the rules for headers explained earlier. One reason why you would redefine a header is for instance when you want to skip some fields, or some fields are not valid types.
- <strong>input</strong>:
CSV format file.
- <strong>output</strong>:

Binary file not shown.

After

Width:  |  Height:  |  Size: 171 KiB

BIN
import_mod/logos/eql.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 61 KiB

File diff suppressed because one or more lines are too long

View File

@ -2,37 +2,37 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://www.misp-project.org/</loc>
<lastmod>2019-11-20</lastmod>
<lastmod>2019-11-21</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/expansion/</loc>
<lastmod>2019-11-20</lastmod>
<lastmod>2019-11-21</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/export_mod/</loc>
<lastmod>2019-11-20</lastmod>
<lastmod>2019-11-21</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/import_mod/</loc>
<lastmod>2019-11-20</lastmod>
<lastmod>2019-11-21</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/install/</loc>
<lastmod>2019-11-20</lastmod>
<lastmod>2019-11-21</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/contribute/</loc>
<lastmod>2019-11-20</lastmod>
<lastmod>2019-11-21</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/license/</loc>
<lastmod>2019-11-20</lastmod>
<lastmod>2019-11-21</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

Binary file not shown.