chg: [documentation] updated

pull/532/head
Alexandre Dulaunoy 2021-10-27 22:25:41 +02:00
parent 04a6e89813
commit 7cb7a9bd52
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 105 additions and 10 deletions

View File

@ -606,24 +606,19 @@ Module to query a local copy of Maxmind's Geolite database.
<img src=logos/greynoise.png height=60> <img src=logos/greynoise.png height=60>
Module to access GreyNoise.io API Module to query IP and CVE information from GreyNoise
- **features**: - **features**:
> - Query an IP from GreyNoise to see if it is internet background noise or a common business service >This module supports: 1) Query an IP from GreyNoise to see if it is internet background noise or a common business service 2) Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days.
> - Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days
> - Supports Enterprise (Paid) and Community API for IP lookup
> - CVE Lookup is only supported with an Enterprise API Key
- **input**: - **input**:
>An IP address or CVE ID. >An IP address or CVE ID
- **output**: - **output**:
> - For IPs: IP Lookup Details >IP Lookup information or CVE scanning profile for past 7 days
> - FOR CVEs: Scanner Count for last 7 days
- **references**: - **references**:
> - https://greynoise.io/ > - https://greynoise.io/
> - https://docs.greyniose.io/ > - https://docs.greyniose.io/
> - https://www.greynoise.io/viz/account/ > - https://www.greynoise.io/viz/account/
- **requirements**: - **requirements**:
> - A Greynoise API key. >A Greynoise API key. Both Enterprise (Paid) and Community (Free) API keys are supported, however Community API users will only be able to perform IP lookups.
> - Selection of API Key type: `enterprise` (for Paid users) or `community` (for Free users)
----- -----
@ -641,6 +636,25 @@ A hover module to check hashes against hashdd.com including NSLR dataset.
----- -----
#### [hashlookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashlookup.py)
<img src=logos/circl.png height=60>
An expansion module to query the CIRCL hashlookup services to find it if a hash is part of a known set such as NSRL.
- **features**:
>The module takes file hashes as input such as a MD5 or SHA1.
> It queries the public CIRCL.lu hashlookup service and return all the hits if the hashes are known in an existing dataset. The module can be configured with a custom hashlookup url if required.
> The module can be used an hover module but also an expansion model to add related MISP objects.
>
- **input**:
>File hashes (MD5, SHA1)
- **output**:
>Object with the filename associated hashes if the hash is part of a known set.
- **references**:
>https://www.circl.lu/services/hashlookup/
-----
#### [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py) #### [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py)
<img src=logos/hibp.png height=60> <img src=logos/hibp.png height=60>
@ -808,6 +822,8 @@ A module to submit files or URLs to Joe Sandbox for an advanced analysis, and re
<img src=logos/lastline.png height=60> <img src=logos/lastline.png height=60>
Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
Query Lastline with an analysis link and parse the report into MISP attributes and objects. Query Lastline with an analysis link and parse the report into MISP attributes and objects.
The analysis link can also be retrieved from the output of the [lastline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_submit.py) expansion module. The analysis link can also be retrieved from the output of the [lastline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_submit.py) expansion module.
- **features**: - **features**:
@ -827,6 +843,8 @@ The analysis link can also be retrieved from the output of the [lastline_submit]
<img src=logos/lastline.png height=60> <img src=logos/lastline.png height=60>
Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
Module to submit a file or URL to Lastline. Module to submit a file or URL to Lastline.
- **features**: - **features**:
>The module requires a Lastline Analysis `api_token` and `key`. >The module requires a Lastline Analysis `api_token` and `key`.
@ -1022,6 +1040,25 @@ Module to get information from AlienVault OTX.
----- -----
#### [passivessh](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivessh.py)
<img src=logos/passivessh.png height=60>
An expansion module to query the CIRCL Passive SSH.
- **features**:
>The module queries the Passive SSH service from CIRCL.
>
> The module can be used an hover module but also an expansion model to add related MISP objects.
>
- **input**:
>IP addresses or SSH fingerprints
- **output**:
>SSH key materials, complementary IP addresses with similar SSH key materials
- **references**:
>https://github.com/D4-project/passive-ssh
-----
#### [passivetotal](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivetotal.py) #### [passivetotal](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivetotal.py)
<img src=logos/passivetotal.png height=60> <img src=logos/passivetotal.png height=60>
@ -1573,6 +1610,26 @@ Module to submit a sample to VMRay.
----- -----
#### [vmware_nsx](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmware_nsx.py)
<img src=logos/vmware_nsx.png height=60>
Module to enrich a file or URL with VMware NSX Defender.
- **features**:
>This module takes an IoC such as file hash, file attachment, malware-sample or url as input to query VMware NSX Defender.
>
>The IoC is then enriched with data from VMware NSX Defender.
- **input**:
>File hash, attachment or URL to be enriched with VMware NSX Defender.
- **output**:
>Objects and tags generated by VMware NSX Defender.
- **references**:
>https://www.vmware.com
- **requirements**:
>The module requires a VMware NSX Defender Analysis `api_token` and `key`.
-----
#### [vulndb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py) #### [vulndb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py)
<img src=logos/vulndb.png height=60> <img src=logos/vulndb.png height=60>
@ -1726,6 +1783,26 @@ An expansion hover module to perform a syntax check on if yara rules are valid o
----- -----
#### [yeti](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/yeti.py)
<img src=logos/yeti.png height=60>
Module to process a query on Yeti.
- **features**:
>This module add context and links between observables using yeti
- **input**:
>A domain, hostname,IP, sha256,sha1, md5, url of MISP attribute.
- **output**:
>MISP attributes and objects fetched from the Yeti instances.
- **references**:
> - https://github.com/yeti-platform/yeti
> - https://github.com/sebdraven/pyeti
- **requirements**:
> - pyeti
> - API key
-----
## Export Modules ## Export Modules
#### [cef_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cef_export.py) #### [cef_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cef_export.py)
@ -1958,6 +2035,22 @@ This module is used to create a VirusTotal Graph from a MISP event.
## Import Modules ## Import Modules
#### [cof2misp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/cof2misp.py)
Passive DNS Common Output Format (COF) MISP importer
- **features**:
>Takes as input a valid COF file or the output of the dnsdbflex utility and creates MISP objects for the input.
- **input**:
>Passive DNS output in Common Output Format (COF)
- **output**:
>MISP objects
- **references**:
>https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-08.html
- **requirements**:
>PyMISP
-----
#### [csvimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/csvimport.py) #### [csvimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/csvimport.py)
Module to import MISP attributes from a csv file. Module to import MISP attributes from a csv file.
@ -2050,6 +2143,8 @@ A module to import data from a Joe Sandbox analysis json report.
<img src=logos/lastline.png height=60> <img src=logos/lastline.png height=60>
Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
Module to import and parse reports from Lastline analysis links. Module to import and parse reports from Lastline analysis links.
- **features**: - **features**:
>The module requires a Lastline Portal `username` and `password`. >The module requires a Lastline Portal `username` and `password`.