mirror of https://github.com/MISP/misp-modules
chg: [documentation] updated
parent
04a6e89813
commit
7cb7a9bd52
|
@ -606,24 +606,19 @@ Module to query a local copy of Maxmind's Geolite database.
|
||||||
|
|
||||||
<img src=logos/greynoise.png height=60>
|
<img src=logos/greynoise.png height=60>
|
||||||
|
|
||||||
Module to access GreyNoise.io API
|
Module to query IP and CVE information from GreyNoise
|
||||||
- **features**:
|
- **features**:
|
||||||
> - Query an IP from GreyNoise to see if it is internet background noise or a common business service
|
>This module supports: 1) Query an IP from GreyNoise to see if it is internet background noise or a common business service 2) Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days.
|
||||||
> - Query a CVE from GreyNoise to see the total number of internet scanners looking for the CVE in the last 7 days
|
|
||||||
> - Supports Enterprise (Paid) and Community API for IP lookup
|
|
||||||
> - CVE Lookup is only supported with an Enterprise API Key
|
|
||||||
- **input**:
|
- **input**:
|
||||||
>An IP address or CVE ID.
|
>An IP address or CVE ID
|
||||||
- **output**:
|
- **output**:
|
||||||
> - For IPs: IP Lookup Details
|
>IP Lookup information or CVE scanning profile for past 7 days
|
||||||
> - FOR CVEs: Scanner Count for last 7 days
|
|
||||||
- **references**:
|
- **references**:
|
||||||
> - https://greynoise.io/
|
> - https://greynoise.io/
|
||||||
> - https://docs.greyniose.io/
|
> - https://docs.greyniose.io/
|
||||||
> - https://www.greynoise.io/viz/account/
|
> - https://www.greynoise.io/viz/account/
|
||||||
- **requirements**:
|
- **requirements**:
|
||||||
> - A Greynoise API key.
|
>A Greynoise API key. Both Enterprise (Paid) and Community (Free) API keys are supported, however Community API users will only be able to perform IP lookups.
|
||||||
> - Selection of API Key type: `enterprise` (for Paid users) or `community` (for Free users)
|
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
@ -641,6 +636,25 @@ A hover module to check hashes against hashdd.com including NSLR dataset.
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
#### [hashlookup](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hashlookup.py)
|
||||||
|
|
||||||
|
<img src=logos/circl.png height=60>
|
||||||
|
|
||||||
|
An expansion module to query the CIRCL hashlookup services to find it if a hash is part of a known set such as NSRL.
|
||||||
|
- **features**:
|
||||||
|
>The module takes file hashes as input such as a MD5 or SHA1.
|
||||||
|
> It queries the public CIRCL.lu hashlookup service and return all the hits if the hashes are known in an existing dataset. The module can be configured with a custom hashlookup url if required.
|
||||||
|
> The module can be used an hover module but also an expansion model to add related MISP objects.
|
||||||
|
>
|
||||||
|
- **input**:
|
||||||
|
>File hashes (MD5, SHA1)
|
||||||
|
- **output**:
|
||||||
|
>Object with the filename associated hashes if the hash is part of a known set.
|
||||||
|
- **references**:
|
||||||
|
>https://www.circl.lu/services/hashlookup/
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
#### [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py)
|
#### [hibp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hibp.py)
|
||||||
|
|
||||||
<img src=logos/hibp.png height=60>
|
<img src=logos/hibp.png height=60>
|
||||||
|
@ -808,6 +822,8 @@ A module to submit files or URLs to Joe Sandbox for an advanced analysis, and re
|
||||||
|
|
||||||
<img src=logos/lastline.png height=60>
|
<img src=logos/lastline.png height=60>
|
||||||
|
|
||||||
|
Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
|
||||||
|
|
||||||
Query Lastline with an analysis link and parse the report into MISP attributes and objects.
|
Query Lastline with an analysis link and parse the report into MISP attributes and objects.
|
||||||
The analysis link can also be retrieved from the output of the [lastline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_submit.py) expansion module.
|
The analysis link can also be retrieved from the output of the [lastline_submit](https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/lastline_submit.py) expansion module.
|
||||||
- **features**:
|
- **features**:
|
||||||
|
@ -827,6 +843,8 @@ The analysis link can also be retrieved from the output of the [lastline_submit]
|
||||||
|
|
||||||
<img src=logos/lastline.png height=60>
|
<img src=logos/lastline.png height=60>
|
||||||
|
|
||||||
|
Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
|
||||||
|
|
||||||
Module to submit a file or URL to Lastline.
|
Module to submit a file or URL to Lastline.
|
||||||
- **features**:
|
- **features**:
|
||||||
>The module requires a Lastline Analysis `api_token` and `key`.
|
>The module requires a Lastline Analysis `api_token` and `key`.
|
||||||
|
@ -1022,6 +1040,25 @@ Module to get information from AlienVault OTX.
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
#### [passivessh](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivessh.py)
|
||||||
|
|
||||||
|
<img src=logos/passivessh.png height=60>
|
||||||
|
|
||||||
|
An expansion module to query the CIRCL Passive SSH.
|
||||||
|
- **features**:
|
||||||
|
>The module queries the Passive SSH service from CIRCL.
|
||||||
|
>
|
||||||
|
> The module can be used an hover module but also an expansion model to add related MISP objects.
|
||||||
|
>
|
||||||
|
- **input**:
|
||||||
|
>IP addresses or SSH fingerprints
|
||||||
|
- **output**:
|
||||||
|
>SSH key materials, complementary IP addresses with similar SSH key materials
|
||||||
|
- **references**:
|
||||||
|
>https://github.com/D4-project/passive-ssh
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
#### [passivetotal](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivetotal.py)
|
#### [passivetotal](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/passivetotal.py)
|
||||||
|
|
||||||
<img src=logos/passivetotal.png height=60>
|
<img src=logos/passivetotal.png height=60>
|
||||||
|
@ -1573,6 +1610,26 @@ Module to submit a sample to VMRay.
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
#### [vmware_nsx](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vmware_nsx.py)
|
||||||
|
|
||||||
|
<img src=logos/vmware_nsx.png height=60>
|
||||||
|
|
||||||
|
Module to enrich a file or URL with VMware NSX Defender.
|
||||||
|
- **features**:
|
||||||
|
>This module takes an IoC such as file hash, file attachment, malware-sample or url as input to query VMware NSX Defender.
|
||||||
|
>
|
||||||
|
>The IoC is then enriched with data from VMware NSX Defender.
|
||||||
|
- **input**:
|
||||||
|
>File hash, attachment or URL to be enriched with VMware NSX Defender.
|
||||||
|
- **output**:
|
||||||
|
>Objects and tags generated by VMware NSX Defender.
|
||||||
|
- **references**:
|
||||||
|
>https://www.vmware.com
|
||||||
|
- **requirements**:
|
||||||
|
>The module requires a VMware NSX Defender Analysis `api_token` and `key`.
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
#### [vulndb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py)
|
#### [vulndb](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/vulndb.py)
|
||||||
|
|
||||||
<img src=logos/vulndb.png height=60>
|
<img src=logos/vulndb.png height=60>
|
||||||
|
@ -1726,6 +1783,26 @@ An expansion hover module to perform a syntax check on if yara rules are valid o
|
||||||
|
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
#### [yeti](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/yeti.py)
|
||||||
|
|
||||||
|
<img src=logos/yeti.png height=60>
|
||||||
|
|
||||||
|
Module to process a query on Yeti.
|
||||||
|
- **features**:
|
||||||
|
>This module add context and links between observables using yeti
|
||||||
|
- **input**:
|
||||||
|
>A domain, hostname,IP, sha256,sha1, md5, url of MISP attribute.
|
||||||
|
- **output**:
|
||||||
|
>MISP attributes and objects fetched from the Yeti instances.
|
||||||
|
- **references**:
|
||||||
|
> - https://github.com/yeti-platform/yeti
|
||||||
|
> - https://github.com/sebdraven/pyeti
|
||||||
|
- **requirements**:
|
||||||
|
> - pyeti
|
||||||
|
> - API key
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
## Export Modules
|
## Export Modules
|
||||||
|
|
||||||
#### [cef_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cef_export.py)
|
#### [cef_export](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/cef_export.py)
|
||||||
|
@ -1958,6 +2035,22 @@ This module is used to create a VirusTotal Graph from a MISP event.
|
||||||
|
|
||||||
## Import Modules
|
## Import Modules
|
||||||
|
|
||||||
|
#### [cof2misp](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/cof2misp.py)
|
||||||
|
|
||||||
|
Passive DNS Common Output Format (COF) MISP importer
|
||||||
|
- **features**:
|
||||||
|
>Takes as input a valid COF file or the output of the dnsdbflex utility and creates MISP objects for the input.
|
||||||
|
- **input**:
|
||||||
|
>Passive DNS output in Common Output Format (COF)
|
||||||
|
- **output**:
|
||||||
|
>MISP objects
|
||||||
|
- **references**:
|
||||||
|
>https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-08.html
|
||||||
|
- **requirements**:
|
||||||
|
>PyMISP
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
#### [csvimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/csvimport.py)
|
#### [csvimport](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/import_mod/csvimport.py)
|
||||||
|
|
||||||
Module to import MISP attributes from a csv file.
|
Module to import MISP attributes from a csv file.
|
||||||
|
@ -2050,6 +2143,8 @@ A module to import data from a Joe Sandbox analysis json report.
|
||||||
|
|
||||||
<img src=logos/lastline.png height=60>
|
<img src=logos/lastline.png height=60>
|
||||||
|
|
||||||
|
Deprecation notice: this module will be deprecated by December 2021, please use vmware_nsx module.
|
||||||
|
|
||||||
Module to import and parse reports from Lastline analysis links.
|
Module to import and parse reports from Lastline analysis links.
|
||||||
- **features**:
|
- **features**:
|
||||||
>The module requires a Lastline Portal `username` and `password`.
|
>The module requires a Lastline Portal `username` and `password`.
|
||||||
|
|
Loading…
Reference in New Issue