MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

Deployed 2c218d2 with MkDocs version: 1.3.1

gh-pages
Alexandre Dulaunoy 2022-09-06 14:31:37 +02:00
parent ceadce3236
commit 8737307b11
20 changed files with 872 additions and 370 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
404.html
View File

@ -13,7 +13,7 @@
<link rel="icon" href="/img/favicon.ico">
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
@ -430,7 +430,7 @@
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "/", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "/assets/javascripts/workers/search.361d90f1.min.js"}</script>
<script id="__config" type="application/json">{"base": "/", "features": [], "search": "/assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
<script src="/assets/javascripts/bundle.289a2a4b.min.js"></script>

453
contribute/index.html
View File

@ -15,7 +15,7 @@
<link rel="canonical" href="https://www.misp-project.org/contribute/">
<link rel="icon" href="../img/favicon.ico">
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
@ -373,6 +373,19 @@
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#config-fields-that-your-code-expects-from-the-site-admin" class="md-nav__link">
config fields that your code expects from the site admin
</a>
<nav class="md-nav" aria-label="config fields that your code expects from the site admin">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#handler" class="md-nav__link">
handler
@ -391,6 +404,13 @@
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#returning-binary-data" class="md-nav__link">
Returning Binary Data
</a>
</li>
<li class="md-nav__item">
@ -400,12 +420,7 @@
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<li class="md-nav__item">
<a href="#testing-your-modules" class="md-nav__link">
Testing your modules?
</a>
@ -431,19 +446,24 @@
</nav>
</li>
<li class="md-nav__item">
<li class="md-nav__item">
<a href="#documentation" class="md-nav__link">
Documentation
</a>
</li>
<li class="md-nav__item">
<li class="md-nav__item">
<a href="#tips-for-developers-creating-modules" class="md-nav__link">
Tips for developers creating modules
</a>
</li>
</ul>
</nav>
</li>
</ul>
@ -555,6 +575,19 @@
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#config-fields-that-your-code-expects-from-the-site-admin" class="md-nav__link">
config fields that your code expects from the site admin
</a>
<nav class="md-nav" aria-label="config fields that your code expects from the site admin">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#handler" class="md-nav__link">
handler
@ -573,6 +606,13 @@
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#returning-binary-data" class="md-nav__link">
Returning Binary Data
</a>
</li>
<li class="md-nav__item">
@ -582,12 +622,7 @@
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<li class="md-nav__item">
<a href="#testing-your-modules" class="md-nav__link">
Testing your modules?
</a>
@ -613,19 +648,24 @@
</nav>
</li>
<li class="md-nav__item">
<li class="md-nav__item">
<a href="#documentation" class="md-nav__link">
Documentation
</a>
</li>
<li class="md-nav__item">
<li class="md-nav__item">
<a href="#tips-for-developers-creating-modules" class="md-nav__link">
Tips for developers creating modules
</a>
</li>
</ul>
</nav>
</li>
</ul>
@ -641,8 +681,6 @@
<h1>Contribute</h1>
<h2 id="how-to-add-your-own-misp-modules">How to add your own MISP modules?<a class="headerlink" href="#how-to-add-your-own-misp-modules" title="Permanent link">&para;</a></h2>
<p>Create your module in <a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/">misp_modules/modules/expansion/</a>, <a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/">misp_modules/modules/export_mod/</a>, or <a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/">misp_modules/modules/import_mod/</a>. The module should have at minimum three functions:</p>
<ul>
@ -652,95 +690,98 @@
</ul>
<p>Don't forget to return an error key and value if an error is raised to propagate it to the MISP user-interface.</p>
<p>Your module's script name should also be added in the <code>__all__</code> list of <code>&lt;module type folder&gt;/__init__.py</code> in order for it to be loaded.</p>
<div class="highlight"><pre><span></span><code><span class="o">...</span>
<span class="c1"># Checking for required value</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">request</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;ip-src&#39;</span><span class="p">):</span>
<span class="c1"># Return an error message</span>
<span class="k">return</span> <span class="p">{</span><span class="s1">&#39;error&#39;</span><span class="p">:</span> <span class="s2">&quot;A source IP is required&quot;</span><span class="p">}</span>
<span class="o">...</span>
</code></pre></div>
<p><sub>~</sub>python
...
# Checking for required value
if not request.get('ip-src'):
# Return an error message
return {'error': "A source IP is required"}
...
<sub>~</sub></p>
<h3 id="introspection">introspection<a class="headerlink" href="#introspection" title="Permanent link">&para;</a></h3>
<p>The function that returns a dict of the supported attributes (input and output) by your expansion module.</p>
<div class="highlight"><pre><span></span><code><span class="n">mispattributes</span> <span class="o">=</span> <span class="p">{</span><span class="s1">&#39;input&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;link&#39;</span><span class="p">,</span> <span class="s1">&#39;url&#39;</span><span class="p">],</span>
<span class="s1">&#39;output&#39;</span><span class="p">:</span> <span class="p">[</span><span class="s1">&#39;attachment&#39;</span><span class="p">,</span> <span class="s1">&#39;malware-sample&#39;</span><span class="p">]}</span>
<span class="k">def</span> <span class="nf">introspection</span><span class="p">():</span>
<span class="k">return</span> <span class="n">mispattributes</span>
</code></pre></div>
<p><sub>~</sub>python
mispattributes = {'input': ['link', 'url'],
'output': ['attachment', 'malware-sample']}</p>
<p>def introspection():
return mispattributes
<sub>~</sub></p>
<h3 id="version">version<a class="headerlink" href="#version" title="Permanent link">&para;</a></h3>
<p>The function that returns a dict with the version and the associated meta-data including potential configurations required of the module.</p>
<h3 id="additional-configuration-values">Additional Configuration Values<a class="headerlink" href="#additional-configuration-values" title="Permanent link">&para;</a></h3>
<p>If your module requires additional configuration (to be exposed via the MISP user-interface), you can define those in the moduleconfig value returned by the version function.</p>
<div class="highlight"><pre><span></span><code><span class="c1"># config fields that your code expects from the site admin</span>
<span class="n">moduleconfig</span> <span class="o">=</span> <span class="p">[</span><span class="s2">&quot;apikey&quot;</span><span class="p">,</span> <span class="s2">&quot;event_limit&quot;</span><span class="p">]</span>
<span class="k">def</span> <span class="nf">version</span><span class="p">():</span>
<span class="n">moduleinfo</span><span class="p">[</span><span class="s1">&#39;config&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="n">moduleconfig</span>
<span class="k">return</span> <span class="n">moduleinfo</span>
</code></pre></div>
<p><sub>~</sub>python</p>
<h1 id="config-fields-that-your-code-expects-from-the-site-admin">config fields that your code expects from the site admin<a class="headerlink" href="#config-fields-that-your-code-expects-from-the-site-admin" title="Permanent link">&para;</a></h1>
<p>moduleconfig = ["apikey", "event_limit"]</p>
<p>def version():
moduleinfo['config'] = moduleconfig
return moduleinfo
<sub>~</sub></p>
<p>When you do this a config array is added to the meta-data output containing all the potential configuration values:</p>
<div class="highlight"><pre><span></span><code>&quot;meta&quot;: {
&quot;description&quot;: &quot;PassiveTotal expansion service to expand values with multiple Passive DNS sources&quot;,
&quot;config&quot;: [
&quot;username&quot;,
&quot;password&quot;
<p><sub>~</sub>
"meta": {
"description": "PassiveTotal expansion service to expand values with multiple Passive DNS sources",
"config": [
"username",
"password"
],
&quot;module-type&quot;: [
&quot;expansion&quot;,
&quot;hover&quot;
],
...
</code></pre></div>
"module-type": [
"expansion",
"hover"
],</p>
<p>...
<sub>~</sub></p>
<p>If you want to use the configuration values set in the web interface they are stored in the key <code>config</code> in the JSON object passed to the handler.</p>
<div class="highlight"><pre><span></span><code>def handler(q=False):
<p><sub>~</sub>
def handler(q=False):</p>
<div class="codehilite"><pre><span></span><code># Check if we were given a configuration
config = q.get(&quot;config&quot;, {})
# Check if we were given a configuration
config = q.get(&quot;config&quot;, {})
# Find out if there is a username field
username = config.get(&quot;username&quot;, None)
# Find out if there is a username field
username = config.get(&quot;username&quot;, None)
</code></pre></div>
<p><sub>~</sub></p>
<h3 id="handler">handler<a class="headerlink" href="#handler" title="Permanent link">&para;</a></h3>
<p>The function which accepts a JSON document to expand the values and return a dictionary of the expanded values.</p>
<div class="highlight"><pre><span></span><code><span class="k">def</span> <span class="nf">handler</span><span class="p">(</span><span class="n">q</span><span class="o">=</span><span class="kc">False</span><span class="p">):</span>
<span class="s2">&quot;Fully functional rot-13 encoder&quot;</span>
<span class="k">if</span> <span class="n">q</span> <span class="ow">is</span> <span class="kc">False</span><span class="p">:</span>
<span class="k">return</span> <span class="kc">False</span>
<span class="n">request</span> <span class="o">=</span> <span class="n">json</span><span class="o">.</span><span class="n">loads</span><span class="p">(</span><span class="n">q</span><span class="p">)</span>
<span class="n">src</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">&#39;ip-src&#39;</span><span class="p">)</span>
<span class="k">if</span> <span class="n">src</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
<span class="c1"># Return an error message</span>
<span class="k">return</span> <span class="p">{</span><span class="s1">&#39;error&#39;</span><span class="p">:</span> <span class="s2">&quot;A source IP is required&quot;</span><span class="p">}</span>
<span class="k">else</span><span class="p">:</span>
<span class="k">return</span> <span class="p">{</span><span class="s1">&#39;results&#39;</span><span class="p">:</span>
<span class="n">codecs</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="n">src</span><span class="p">,</span> <span class="s2">&quot;rot-13&quot;</span><span class="p">)}</span>
</code></pre></div>
<p><sub>~</sub>python
def handler(q=False):
"Fully functional rot-13 encoder"
if q is False:
return False
request = json.loads(q)
src = request.get('ip-src')
if src is None:
# Return an error message
return {'error': "A source IP is required"}
else:
return {'results':
codecs.encode(src, "rot-13")}
<sub>~</sub></p>
<h4 id="export-module">export module<a class="headerlink" href="#export-module" title="Permanent link">&para;</a></h4>
<p>For an export module, the <code>request["data"]</code> object corresponds to a list of events (dictionaries) to handle.</p>
<p>Iterating over events attributes is performed using their <code>Attribute</code> key.</p>
<div class="highlight"><pre><span></span><code><span class="o">...</span>
<span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="n">request</span><span class="p">[</span><span class="s2">&quot;data&quot;</span><span class="p">]:</span>
<span class="k">for</span> <span class="n">attribute</span> <span class="ow">in</span> <span class="n">event</span><span class="p">[</span><span class="s2">&quot;Attribute&quot;</span><span class="p">]:</span>
<span class="c1"># do stuff w/ attribute[&#39;type&#39;], attribute[&#39;value&#39;], ...</span>
<span class="o">...</span>
<span class="c1">### Returning Binary Data</span>
<span class="n">If</span> <span class="n">you</span> <span class="n">want</span> <span class="n">to</span> <span class="k">return</span> <span class="n">a</span> <span class="n">file</span> <span class="ow">or</span> <span class="n">other</span> <span class="n">data</span> <span class="n">you</span> <span class="n">need</span> <span class="n">to</span> <span class="n">add</span> <span class="n">a</span> <span class="n">data</span> <span class="n">attribute</span><span class="o">.</span>
<span class="o">~~~</span><span class="n">python</span>
<span class="p">{</span><span class="s2">&quot;results&quot;</span><span class="p">:</span> <span class="p">{</span><span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="s2">&quot;filename.txt&quot;</span><span class="p">,</span>
<span class="s2">&quot;types&quot;</span><span class="p">:</span> <span class="s2">&quot;attachment&quot;</span><span class="p">,</span>
<span class="s2">&quot;data&quot;</span> <span class="p">:</span> <span class="n">base64</span><span class="o">.</span><span class="n">b64encode</span><span class="p">(</span><span class="o">&lt;</span><span class="n">ByteIO</span><span class="o">&gt;</span><span class="p">)</span> <span class="c1"># base64 encode your data first</span>
<span class="s2">&quot;comment&quot;</span><span class="p">:</span> <span class="s2">&quot;This is an attachment&quot;</span><span class="p">}}</span>
</code></pre></div>
<p><sub>~</sub>python
...
for event in request["data"]:
for attribute in event["Attribute"]:
# do stuff w/ attribute['type'], attribute['value'], ...
...</p>
<h3 id="returning-binary-data">Returning Binary Data<a class="headerlink" href="#returning-binary-data" title="Permanent link">&para;</a></h3>
<p>If you want to return a file or other data you need to add a data attribute.</p>
<p><sub>~</sub>python
{"results": {"values": "filename.txt",
"types": "attachment",
"data" : base64.b64encode(<ByteIO>) # base64 encode your data first
"comment": "This is an attachment"}}
<sub>~</sub></p>
<p>If the binary file is malware you can use 'malware-sample' as the type. If you do this the malware sample will be automatically zipped and password protected ('infected') after being uploaded.</p>
<div class="highlight"><pre><span></span><code><span class="p">{</span><span class="s2">&quot;results&quot;</span><span class="p">:</span> <span class="p">{</span><span class="s2">&quot;values&quot;</span><span class="p">:</span> <span class="s2">&quot;filename.txt&quot;</span><span class="p">,</span>
<span class="s2">&quot;types&quot;</span><span class="p">:</span> <span class="s2">&quot;malware-sample&quot;</span><span class="p">,</span>
<span class="s2">&quot;data&quot;</span> <span class="p">:</span> <span class="n">base64</span><span class="o">.</span><span class="n">b64encode</span><span class="p">(</span><span class="o">&lt;</span><span class="n">ByteIO</span><span class="o">&gt;</span><span class="p">)</span> <span class="c1"># base64 encode your data first</span>
<span class="s2">&quot;comment&quot;</span><span class="p">:</span> <span class="s2">&quot;This is an attachment&quot;</span><span class="p">}}</span>
</code></pre></div>
<p><sub>~</sub>python
{"results": {"values": "filename.txt",
"types": "malware-sample",
"data" : base64.b64encode(<ByteIO>) # base64 encode your data first
"comment": "This is an attachment"}}
<sub>~</sub></p>
<p><a href="https://github.com/MISP/PyMISP/blob/4f230c9299ad9d2d1c851148c629b61a94f3f117/pymisp/mispevent.py#L185-L200">To learn more about how data attributes are processed you can read the processing code here.</a></p>
<h3 id="module-type">Module type<a class="headerlink" href="#module-type" title="Permanent link">&para;</a></h3>
<p>A MISP module can be of four types:</p>
@ -753,117 +794,122 @@
<p>module-type is an array where the list of supported types can be added.</p>
<h2 id="testing-your-modules">Testing your modules?<a class="headerlink" href="#testing-your-modules" title="Permanent link">&para;</a></h2>
<p>MISP uses the <strong>modules</strong> function to discover the available MISP modules and their supported MISP attributes:</p>
<div class="highlight"><pre><span></span><code>% curl -s http://127.0.0.1:6666/modules | jq .
<p><sub>~</sub>
% curl -s <a href="http://127.0.0.1:6666/modules">http://127.0.0.1:6666/modules</a> | jq .
[
{
&quot;name&quot;: &quot;passivetotal&quot;,
&quot;type&quot;: &quot;expansion&quot;,
&quot;mispattributes&quot;: {
&quot;input&quot;: [
&quot;hostname&quot;,
&quot;domain&quot;,
&quot;ip-src&quot;,
&quot;ip-dst&quot;
"name": "passivetotal",
"type": "expansion",
"mispattributes": {
"input": [
"hostname",
"domain",
"ip-src",
"ip-dst"
],
&quot;output&quot;: [
&quot;ip-src&quot;,
&quot;ip-dst&quot;,
&quot;hostname&quot;,
&quot;domain&quot;
"output": [
"ip-src",
"ip-dst",
"hostname",
"domain"
]
},
&quot;meta&quot;: {
&quot;description&quot;: &quot;PassiveTotal expansion service to expand values with multiple Passive DNS sources&quot;,
&quot;config&quot;: [
&quot;username&quot;,
&quot;password&quot;
"meta": {
"description": "PassiveTotal expansion service to expand values with multiple Passive DNS sources",
"config": [
"username",
"password"
],
&quot;author&quot;: &quot;Alexandre Dulaunoy&quot;,
&quot;version&quot;: &quot;0.1&quot;
"author": "Alexandre Dulaunoy",
"version": "0.1"
}
},
{
&quot;name&quot;: &quot;sourcecache&quot;,
&quot;type&quot;: &quot;expansion&quot;,
&quot;mispattributes&quot;: {
&quot;input&quot;: [
&quot;link&quot;
"name": "sourcecache",
"type": "expansion",
"mispattributes": {
"input": [
"link"
],
&quot;output&quot;: [
&quot;link&quot;
"output": [
"link"
]
},
&quot;meta&quot;: {
&quot;description&quot;: &quot;Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.&quot;,
&quot;author&quot;: &quot;Alexandre Dulaunoy&quot;,
&quot;version&quot;: &quot;0.1&quot;
"meta": {
"description": "Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.",
"author": "Alexandre Dulaunoy",
"version": "0.1"
}
},
{
&quot;name&quot;: &quot;dns&quot;,
&quot;type&quot;: &quot;expansion&quot;,
&quot;mispattributes&quot;: {
&quot;input&quot;: [
&quot;hostname&quot;,
&quot;domain&quot;
"name": "dns",
"type": "expansion",
"mispattributes": {
"input": [
"hostname",
"domain"
],
&quot;output&quot;: [
&quot;ip-src&quot;,
&quot;ip-dst&quot;
"output": [
"ip-src",
"ip-dst"
]
},
&quot;meta&quot;: {
&quot;description&quot;: &quot;Simple DNS expansion service to resolve IP address from MISP attributes&quot;,
&quot;author&quot;: &quot;Alexandre Dulaunoy&quot;,
&quot;version&quot;: &quot;0.1&quot;
"meta": {
"description": "Simple DNS expansion service to resolve IP address from MISP attributes",
"author": "Alexandre Dulaunoy",
"version": "0.1"
}
}
]
</code></pre></div>
]</p>
<p><sub>~</sub></p>
<p>The MISP module service returns the available modules in a JSON array containing each module name along with their supported input attributes.</p>
<p>Based on this information, a query can be built in a JSON format and saved as body.json:</p>
<div class="highlight"><pre><span></span><code><span class="p">{</span>
<span class="nt">&quot;hostname&quot;</span><span class="p">:</span> <span class="s2">&quot;www.foo.be&quot;</span><span class="p">,</span>
<span class="nt">&quot;module&quot;</span><span class="p">:</span> <span class="s2">&quot;dns&quot;</span>
<span class="p">}</span>
</code></pre></div>
<p><sub>~</sub>json
{
"hostname": "<a href="http://www.foo.be">www.foo.be</a>",
"module": "dns"
}
<sub>~</sub></p>
<p>Then you can POST this JSON format query towards the MISP object server:</p>
<div class="highlight"><pre><span></span><code>curl -s http://127.0.0.1:6666/query -H <span class="s2">&quot;Content-Type: application/json&quot;</span> --data @body.json -X POST
</code></pre></div>
<p><sub>~</sub>bash
curl -s <a href="http://127.0.0.1:6666/query">http://127.0.0.1:6666/query</a> -H "Content-Type: application/json" --data @body.json -X POST
<sub>~</sub></p>
<p>The module should output the following JSON:</p>
<div class="highlight"><pre><span></span><code><span class="p">{</span>
<span class="nt">&quot;results&quot;</span><span class="p">:</span> <span class="p">[</span>
<span class="p">{</span>
<span class="nt">&quot;types&quot;</span><span class="p">:</span> <span class="p">[</span>
<span class="s2">&quot;ip-src&quot;</span><span class="p">,</span>
<span class="s2">&quot;ip-dst&quot;</span>
<span class="p">],</span>
<span class="nt">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
<span class="s2">&quot;188.65.217.78&quot;</span>
<span class="p">]</span>
<span class="p">}</span>
<span class="p">]</span>
<span class="p">}</span>
</code></pre></div>
<p><sub>~</sub>json
{
"results": [
{
"types": [
"ip-src",
"ip-dst"
],
"values": [
"188.65.217.78"
]
}
]
}
<sub>~</sub></p>
<p>It is also possible to restrict the category options of the resolved attributes by passing a list of categories along (optional):</p>
<div class="highlight"><pre><span></span><code><span class="p">{</span>
<span class="nt">&quot;results&quot;</span><span class="p">:</span> <span class="p">[</span>
<span class="p">{</span>
<span class="nt">&quot;types&quot;</span><span class="p">:</span> <span class="p">[</span>
<span class="s2">&quot;ip-src&quot;</span><span class="p">,</span>
<span class="s2">&quot;ip-dst&quot;</span>
<span class="p">],</span>
<span class="nt">&quot;values&quot;</span><span class="p">:</span> <span class="p">[</span>
<span class="s2">&quot;188.65.217.78&quot;</span>
<span class="p">],</span>
<span class="nt">&quot;categories&quot;</span><span class="p">:</span> <span class="p">[</span>
<span class="s2">&quot;Network activity&quot;</span><span class="p">,</span>
<span class="s2">&quot;Payload delivery&quot;</span>
<span class="p">]</span>
<span class="p">}</span>
<span class="p">]</span>
<span class="p">}</span>
</code></pre></div>
<p><sub>~</sub>json
{
"results": [
{
"types": [
"ip-src",
"ip-dst"
],
"values": [
"188.65.217.78"
],
"categories": [
"Network activity",
"Payload delivery"
]
}
]
}
<sub>~</sub></p>
<p>For both the type and the category lists, the first item in the list will be the default setting on the interface.</p>
<h3 id="enable-your-module-in-the-web-interface">Enable your module in the web interface<a class="headerlink" href="#enable-your-module-in-the-web-interface" title="Permanent link">&para;</a></h3>
<p>For a module to be activated in the MISP web interface it must be enabled in the "Plugin Settings.</p>
@ -873,15 +919,17 @@
- Find the name of your plugin's "enabled" value in the Setting Column.
"Plugin.[MODULE NAME]_enabled"
- Double click on its "Value" column</p>
<div class="highlight"><pre><span></span><code>Priority Setting Value Description Error Message
<p><sub>~</sub>
Priority Setting Value Description Error Message
Recommended Plugin.Import_ocr_enabled false Enable or disable the ocr module. Value not set.
</code></pre></div>
<sub>~</sub></p>
<ul>
<li>Use the drop-down to set the enabled value to 'true'</li>
</ul>
<div class="highlight"><pre><span></span><code>Priority Setting Value Description Error Message
<p><sub>~</sub>
Priority Setting Value Description Error Message
Recommended Plugin.Import_ocr_enabled true Enable or disable the ocr module. Value not set.
</code></pre></div>
<sub>~</sub></p>
<h3 id="set-any-other-required-settings-for-your-module">Set any other required settings for your module<a class="headerlink" href="#set-any-other-required-settings-for-your-module" title="Permanent link">&para;</a></h3>
<p>In this same menu set any other plugin settings that are required for testing.</p>
<h2 id="documentation">Documentation<a class="headerlink" href="#documentation" title="Permanent link">&para;</a></h2>
@ -906,26 +954,31 @@ Recommended Plugin.Import_ocr_enabled true Enable or disable the ocr
<li>SSH into the machine (Login info on training page)</li>
<li>Go into the misp-modules directory</li>
</ul>
<div class="highlight"><pre><span></span><code><span class="nb">cd</span> /usr/local/src/misp-modules
</code></pre></div>
<p><sub>~</sub>bash
cd /usr/local/src/misp-modules
<sub>~</sub></p>
<p>Set the git repo to your fork and checkout your development branch. If you SSH'ed in as the misp user you will have to use sudo.</p>
<div class="highlight"><pre><span></span><code>sudo git remote set-url origin https://github.com/YourRepo/misp-modules.git
<p><sub>~</sub>bash
sudo git remote set-url origin <a href="https://github.com/YourRepo/misp-modules.git">https://github.com/YourRepo/misp-modules.git</a>
sudo git pull
sudo git checkout MyModBranch
</code></pre></div>
<sub>~</sub></p>
<p>Remove the contents of the build directory and re-install misp-modules.</p>
<div class="highlight"><pre><span></span><code><span class="n">sudo</span> <span class="n">rm</span> <span class="o">-</span><span class="n">fr</span> <span class="n">build</span><span class="o">/*</span>
<span class="n">sudo</span> <span class="n">pip3</span> <span class="n">install</span> <span class="o">--</span><span class="n">upgrade</span> <span class="o">.</span>
</code></pre></div>
<p><sub>~</sub>python
sudo rm -fr build/*
sudo pip3 install --upgrade .
<sub>~</sub></p>
<p>SSH in with a different terminal and run <code>misp-modules</code> with debugging enabled.</p>
<div class="highlight"><pre><span></span><code><span class="n">sudo</span> <span class="n">killall</span> <span class="n">misp</span><span class="o">-</span><span class="n">modules</span>
<span class="n">misp</span><span class="o">-</span><span class="n">modules</span> <span class="o">-</span><span class="n">d</span>
</code></pre></div>
<p><sub>~</sub>python
sudo killall misp-modules
misp-modules -d
<sub>~</sub></p>
<p>In your original terminal you can now run your tests manually and see any errors that arrive</p>
<div class="highlight"><pre><span></span><code><span class="nb">cd</span> tests/
curl -s http://127.0.0.1:6666/query -H <span class="s2">&quot;Content-Type: application/json&quot;</span> --data @MY_TEST_FILE.json -X POST
<span class="nb">cd</span> ../
</code></pre></div>
<p><sub>~</sub>bash
cd tests/
curl -s <a href="http://127.0.0.1:6666/query">http://127.0.0.1:6666/query</a> -H "Content-Type: application/json" --data @MY_TEST_FILE.json -X POST
cd ../
<sub>~</sub></p>
</article>
@ -1017,7 +1070,7 @@ curl -s http://127.0.0.1:6666/query -H <span class="s2">&quot;Content-Type: appl
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>

38
expansion/index.html
View File

@ -15,7 +15,7 @@
<link rel="canonical" href="https://www.misp-project.org/expansion/">
<link rel="icon" href="../img/favicon.ico">
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
@ -517,6 +517,13 @@
html_to_markdown
</a>
</li>
<li class="md-nav__item">
<a href="#hyasinsight" class="md-nav__link">
hyasinsight
</a>
</li>
<li class="md-nav__item">
@ -1292,6 +1299,13 @@
html_to_markdown
</a>
</li>
<li class="md-nav__item">
<a href="#hyasinsight" class="md-nav__link">
hyasinsight
</a>
</li>
<li class="md-nav__item">
@ -2304,6 +2318,26 @@ Markdown content converted from the HTML fetched from the url.
The markdownify python library</p>
</blockquote>
<hr />
<h4 id="hyasinsight"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hyasinsight.py">hyasinsight</a><a class="headerlink" href="#hyasinsight" title="Permanent link">&para;</a></h4>
<p><img src=../logos/hyasinsight.png height=60></p>
<p>HYAS Insight integration to MISP provides direct, high volume access to HYAS Insight data. It enables investigators and analysts to understand and defend against cyber adversaries and their infrastructure.
- <strong>features</strong>:</p>
<blockquote>
<p>This Module takes the IP Address, Domain, URL, Email, Phone Number, MD5, SHA1, Sha256, SHA512 MISP Attributes as input to query the HYAS Insight API.
The results of the HYAS Insight API are than are then returned and parsed into Hyas Insight Objects. </p>
<p>An API key is required to submit queries to the HYAS Insight API.</p>
<ul>
<li><strong>input</strong>:
A MISP attribute of type IP Address(ip-src, ip-dst), Domain(hostname, domain), Email Address(email, email-src, email-dst, target-email, whois-registrant-email), Phone Number(phone-number, whois-registrant-phone), MDS(md5, x509-fingerprint-md5, ja3-fingerprint-md5, hassh-md5, hasshserver-md5), SHA1(sha1, x509-fingerprint-sha1), SHA256(sha256, x509-fingerprint-sha256), SHA512(sha512)</li>
<li><strong>output</strong>:
Hyas Insight objects, resulting from the query on the HYAS Insight API.</li>
<li><strong>references</strong>:
<a href="https://www.hyas.com/hyas-insight/">https://www.hyas.com/hyas-insight/</a></li>
<li><strong>requirements</strong>:
A HYAS Insight API Key.</li>
</ul>
</blockquote>
<hr />
<h4 id="intel471"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py">intel471</a><a class="headerlink" href="#intel471" title="Permanent link">&para;</a></h4>
<p><img src=../logos/intel471.png height=60>
- <strong>descrption</strong>:</p>
@ -3475,7 +3509,7 @@ MISP attributes and objects fetched from the Yeti instances.
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>

BIN
expansion/logos/hyas.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.1 KiB

4
export_mod/index.html
View File

@ -15,7 +15,7 @@
<link rel="canonical" href="https://www.misp-project.org/export_mod/">
<link rel="icon" href="../img/favicon.ico">
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
@ -946,7 +946,7 @@ vt_graph_api, the python library to query the VirusTotal graph API</p>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>

BIN
export_mod/logos/hyas.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.1 KiB

4
import_mod/index.html
View File

@ -15,7 +15,7 @@
<link rel="canonical" href="https://www.misp-project.org/import_mod/">
<link rel="icon" href="../img/favicon.ico">
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
@ -877,7 +877,7 @@ vmray_rest_api</p>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>

BIN
import_mod/logos/hyas.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.1 KiB

4
index.html
View File

@ -15,7 +15,7 @@
<link rel="canonical" href="https://www.misp-project.org/">
<link rel="icon" href="img/favicon.ico">
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
@ -722,7 +722,7 @@ For further information please see <a href="contribute/">Contribute</a>.</p>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": ".", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "assets/javascripts/workers/search.361d90f1.min.js"}</script>
<script id="__config" type="application/json">{"base": ".", "features": [], "search": "assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
<script src="assets/javascripts/bundle.289a2a4b.min.js"></script>

476
install/index.html
View File

@ -15,7 +15,7 @@
<link rel="canonical" href="https://www.misp-project.org/install/">
<link rel="icon" href="../img/favicon.ico">
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
@ -337,13 +337,77 @@
</li>
<li class="md-nav__item">
<a href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" class="md-nav__link">
How to install and start MISP modules on RHEL-based distributions ?
<a href="#begin-with-virtualenv" class="md-nav__link">
BEGIN with virtualenv:
</a>
</li>
<li class="md-nav__item">
<a href="#end-with-virtualenv" class="md-nav__link">
END with virtualenv
</a>
</li>
<li class="md-nav__item">
<a href="#ideally-you-add-your-user-to-the-staff-group-and-make-usrlocalsrc-group-writeable-below-follows-an-example-with-user-misp" class="md-nav__link">
Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp
</a>
</li>
<li class="md-nav__item">
<a href="#install-gtcacafaup" class="md-nav__link">
Install gtcaca/faup
</a>
</li>
<li class="md-nav__item">
<a href="#begin-with-virtualenv_1" class="md-nav__link">
BEGIN with virtualenv:
</a>
</li>
<li class="md-nav__item">
<a href="#end-with-virtualenv_1" class="md-nav__link">
END with virtualenv
</a>
</li>
<li class="md-nav__item">
<a href="#begin-without-virtualenv" class="md-nav__link">
BEGIN without virtualenv:
</a>
</li>
<li class="md-nav__item">
<a href="#end-without-virtualenv" class="md-nav__link">
END without virtualenv
</a>
</li>
<li class="md-nav__item">
<a href="#start-misp-modules-as-a-service" class="md-nav__link">
Start misp-modules as a service
</a>
<nav class="md-nav" aria-label="Start misp-modules as a service">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" class="md-nav__link">
How to install and start MISP modules on RHEL-based distributions ?
</a>
</li>
<li class="md-nav__item">
<a href="#how-to-use-an-misp-modules-docker-container" class="md-nav__link">
How to use an MISP modules Docker container
</a>
@ -365,10 +429,8 @@
</li>
<li class="md-nav__item">
<a href="#docker-compose" class="md-nav__link">
Docker-compose
</a>
</ul>
</nav>
</li>
@ -378,10 +440,37 @@
</li>
<li class="md-nav__item">
<a href="#start-redis" class="md-nav__link">
Start Redis
</a>
</li>
<li class="md-nav__item">
<a href="#start-misp-modules" class="md-nav__link">
Start MISP-modules
</a>
<nav class="md-nav" aria-label="Start MISP-modules">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#docker-compose" class="md-nav__link">
Docker-compose
</a>
</li>
<li class="md-nav__item">
<a href="#install-misp-module-on-an-offline-instance" class="md-nav__link">
Install misp-module on an offline instance.
</a>
</li>
</ul>
</nav>
</li>
</ul>
@ -487,13 +576,77 @@
</li>
<li class="md-nav__item">
<a href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" class="md-nav__link">
How to install and start MISP modules on RHEL-based distributions ?
<a href="#begin-with-virtualenv" class="md-nav__link">
BEGIN with virtualenv:
</a>
</li>
<li class="md-nav__item">
<a href="#end-with-virtualenv" class="md-nav__link">
END with virtualenv
</a>
</li>
<li class="md-nav__item">
<a href="#ideally-you-add-your-user-to-the-staff-group-and-make-usrlocalsrc-group-writeable-below-follows-an-example-with-user-misp" class="md-nav__link">
Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp
</a>
</li>
<li class="md-nav__item">
<a href="#install-gtcacafaup" class="md-nav__link">
Install gtcaca/faup
</a>
</li>
<li class="md-nav__item">
<a href="#begin-with-virtualenv_1" class="md-nav__link">
BEGIN with virtualenv:
</a>
</li>
<li class="md-nav__item">
<a href="#end-with-virtualenv_1" class="md-nav__link">
END with virtualenv
</a>
</li>
<li class="md-nav__item">
<a href="#begin-without-virtualenv" class="md-nav__link">
BEGIN without virtualenv:
</a>
</li>
<li class="md-nav__item">
<a href="#end-without-virtualenv" class="md-nav__link">
END without virtualenv
</a>
</li>
<li class="md-nav__item">
<a href="#start-misp-modules-as-a-service" class="md-nav__link">
Start misp-modules as a service
</a>
<nav class="md-nav" aria-label="Start misp-modules as a service">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" class="md-nav__link">
How to install and start MISP modules on RHEL-based distributions ?
</a>
</li>
<li class="md-nav__item">
<a href="#how-to-use-an-misp-modules-docker-container" class="md-nav__link">
How to use an MISP modules Docker container
</a>
@ -515,10 +668,8 @@
</li>
<li class="md-nav__item">
<a href="#docker-compose" class="md-nav__link">
Docker-compose
</a>
</ul>
</nav>
</li>
@ -528,10 +679,37 @@
</li>
<li class="md-nav__item">
<a href="#start-redis" class="md-nav__link">
Start Redis
</a>
</li>
<li class="md-nav__item">
<a href="#start-misp-modules" class="md-nav__link">
Start MISP-modules
</a>
<nav class="md-nav" aria-label="Start MISP-modules">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#docker-compose" class="md-nav__link">
Docker-compose
</a>
</li>
<li class="md-nav__item">
<a href="#install-misp-module-on-an-offline-instance" class="md-nav__link">
Install misp-module on an offline instance.
</a>
</li>
</ul>
</nav>
</li>
</ul>
@ -547,173 +725,171 @@
<h1>Install Guides</h1>
<h2 id="how-to-install-and-start-misp-modules-in-a-python-virtualenv">How to install and start MISP modules (in a Python virtualenv)?<a class="headerlink" href="#how-to-install-and-start-misp-modules-in-a-python-virtualenv" title="Permanent link">&para;</a></h2>
<div class="highlight"><pre><span></span><code><span class="nv">SUDO_WWW</span><span class="o">=</span><span class="s2">&quot;sudo -u www-data&quot;</span>
sudo apt-get install -y <span class="se">\</span>
git <span class="se">\</span>
libpq5 <span class="se">\</span>
libjpeg-dev <span class="se">\</span>
tesseract-ocr <span class="se">\</span>
libpoppler-cpp-dev <span class="se">\</span>
imagemagick virtualenv <span class="se">\</span>
libopencv-dev <span class="se">\</span>
zbar-tools <span class="se">\</span>
libzbar0 <span class="se">\</span>
libzbar-dev <span class="se">\</span>
libfuzzy-dev <span class="se">\</span>
libcaca-dev
<span class="c1"># BEGIN with virtualenv: </span>
<span class="nv">$SUDO_WWW</span> virtualenv -p python3 /var/www/MISP/venv
<span class="c1"># END with virtualenv</span>
<span class="nb">cd</span> /usr/local/src/
<span class="c1"># Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp</span>
sudo adduser misp staff
sudo chmod <span class="m">2775</span> /usr/local/src
<p><sub>~</sub>~bash
SUDO_WWW="sudo -u www-data"</p>
<p>sudo apt-get install -y \
git \
libpq5 \
libjpeg-dev \
tesseract-ocr \
libpoppler-cpp-dev \
imagemagick virtualenv \
libopencv-dev \
zbar-tools \
libzbar0 \
libzbar-dev \
libfuzzy-dev \
libcaca-dev</p>
<h1 id="begin-with-virtualenv">BEGIN with virtualenv:<a class="headerlink" href="#begin-with-virtualenv" title="Permanent link">&para;</a></h1>
<p>$SUDO_WWW virtualenv -p python3 /var/www/MISP/venv</p>
<h1 id="end-with-virtualenv">END with virtualenv<a class="headerlink" href="#end-with-virtualenv" title="Permanent link">&para;</a></h1>
<p>cd /usr/local/src/</p>
<h1 id="ideally-you-add-your-user-to-the-staff-group-and-make-usrlocalsrc-group-writeable-below-follows-an-example-with-user-misp">Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp<a class="headerlink" href="#ideally-you-add-your-user-to-the-staff-group-and-make-usrlocalsrc-group-writeable-below-follows-an-example-with-user-misp" title="Permanent link">&para;</a></h1>
<p>sudo adduser misp staff
sudo chmod 2775 /usr/local/src
sudo chown root:staff /usr/local/src
git clone https://github.com/MISP/misp-modules.git
git clone <a href="https://github.com/MISP/misp-modules.git">https://github.com/MISP/misp-modules.git</a>
git clone git://github.com/stricaud/faup.git faup
git clone git://github.com/stricaud/gtcaca.git gtcaca
<span class="c1"># Install gtcaca/faup</span>
<span class="nb">cd</span> gtcaca
git clone git://github.com/stricaud/gtcaca.git gtcaca</p>
<h1 id="install-gtcacafaup">Install gtcaca/faup<a class="headerlink" href="#install-gtcacafaup" title="Permanent link">&para;</a></h1>
<p>cd gtcaca
mkdir -p build
<span class="nb">cd</span> build
cmake .. <span class="o">&amp;&amp;</span> make
cd build
cmake .. &amp;&amp; make
sudo make install
<span class="nb">cd</span> ../../faup
cd ../../faup
mkdir -p build
<span class="nb">cd</span> build
cmake .. <span class="o">&amp;&amp;</span> make
cd build
cmake .. &amp;&amp; make
sudo make install
sudo ldconfig
<span class="nb">cd</span> ../../misp-modules
<span class="c1"># BEGIN with virtualenv: </span>
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install .
<span class="c1"># END with virtualenv</span>
<span class="c1"># BEGIN without virtualenv: </span>
sudo pip install -I -r REQUIREMENTS
sudo pip install .
<span class="c1"># END without virtualenv</span>
<span class="c1"># Start misp-modules as a service</span>
sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
sudo ldconfig</p>
<p>cd ../../misp-modules</p>
<h1 id="begin-with-virtualenv_1">BEGIN with virtualenv:<a class="headerlink" href="#begin-with-virtualenv_1" title="Permanent link">&para;</a></h1>
<p>$SUDO_WWW /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
$SUDO_WWW /var/www/MISP/venv/bin/pip install .</p>
<h1 id="end-with-virtualenv_1">END with virtualenv<a class="headerlink" href="#end-with-virtualenv_1" title="Permanent link">&para;</a></h1>
<h1 id="begin-without-virtualenv">BEGIN without virtualenv:<a class="headerlink" href="#begin-without-virtualenv" title="Permanent link">&para;</a></h1>
<p>sudo pip install -I -r REQUIREMENTS
sudo pip install .</p>
<h1 id="end-without-virtualenv">END without virtualenv<a class="headerlink" href="#end-without-virtualenv" title="Permanent link">&para;</a></h1>
<h1 id="start-misp-modules-as-a-service">Start misp-modules as a service<a class="headerlink" href="#start-misp-modules-as-a-service" title="Permanent link">&para;</a></h1>
<p>sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl <span class="nb">enable</span> --now misp-modules
/var/www/MISP/venv/bin/misp-modules -l <span class="m">127</span>.0.0.1 -s <span class="p">&amp;</span> <span class="c1">#to start the modules</span>
</code></pre></div>
sudo systemctl enable --now misp-modules
/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s &amp; #to start the modules
<sub>~</sub>~</p>
<h2 id="how-to-install-and-start-misp-modules-on-rhel-based-distributions">How to install and start MISP modules on RHEL-based distributions ?<a class="headerlink" href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" title="Permanent link">&para;</a></h2>
<p>As of this writing, the official RHEL repositories only contain Ruby 2.0.0 and Ruby 2.1 or higher is required. As such, this guide installs Ruby 2.2 from the SCL repository.</p>
<div class="highlight"><pre><span></span><code><span class="nv">SUDO_WWW</span><span class="o">=</span><span class="s2">&quot;sudo -u apache&quot;</span>
sudo yum install <span class="se">\</span>
rh-ruby22 <span class="se">\</span>
openjpeg-devel <span class="se">\</span>
rubygem-rouge <span class="se">\</span>
rubygem-asciidoctor <span class="se">\</span>
zbar-devel <span class="se">\</span>
opencv-devel <span class="se">\</span>
gcc-c++ <span class="se">\</span>
pkgconfig <span class="se">\</span>
poppler-cpp-devel <span class="se">\</span>
python-devel <span class="se">\</span>
<p><sub>~</sub>~bash
SUDO_WWW="sudo -u apache"
sudo yum install \
rh-ruby22 \
openjpeg-devel \
rubygem-rouge \
rubygem-asciidoctor \
zbar-devel \
opencv-devel \
gcc-c++ \
pkgconfig \
poppler-cpp-devel \
python-devel \
redhat-rpm-config
<span class="nb">cd</span> /usr/local/src/
sudo git clone https://github.com/MISP/misp-modules.git
<span class="nb">cd</span> misp-modules
<span class="nv">$SUDO_WWW</span> /usr/bin/scl <span class="nb">enable</span> rh-python36 <span class="s2">&quot;virtualenv -p python3 /var/www/MISP/venv&quot;</span>
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -U .
</code></pre></div>
cd /usr/local/src/
sudo git clone <a href="https://github.com/MISP/misp-modules.git">https://github.com/MISP/misp-modules.git</a>
cd misp-modules
$SUDO_WWW /usr/bin/scl enable rh-python36 "virtualenv -p python3 /var/www/MISP/venv"
$SUDO_WWW /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
$SUDO_WWW /var/www/MISP/venv/bin/pip install -U .
<sub>~</sub>~</p>
<p>Create the service file /etc/systemd/system/misp-modules.service :</p>
<div class="highlight"><pre><span></span><code><span class="nb">echo</span> <span class="s2">&quot;[Unit]</span>
<span class="s2">Description=MISP&#39;s modules</span>
<span class="s2">After=misp-workers.service</span>
<span class="s2">[Service]</span>
<span class="s2">Type=simple</span>
<span class="s2">User=apache</span>
<span class="s2">Group=apache</span>
<span class="s2">ExecStart=/usr/bin/scl enable rh-python36 rh-ruby22 &#39;/var/www/MISP/venv/bin/misp-modules l 127.0.0.1 s&#39;</span>
<span class="s2">Restart=always</span>
<span class="s2">RestartSec=10</span>
<span class="s2">[Install]</span>
<span class="s2">WantedBy=multi-user.target&quot;</span> <span class="p">|</span> sudo tee /etc/systemd/system/misp-modules.service
</code></pre></div>
<p><sub>~</sub>~bash
echo "[Unit]
Description=MISP's modules
After=misp-workers.service</p>
<p>[Service]
Type=simple
User=apache
Group=apache
ExecStart=/usr/bin/scl enable rh-python36 rh-ruby22 '/var/www/MISP/venv/bin/misp-modules l 127.0.0.1 s'
Restart=always
RestartSec=10</p>
<p>[Install]
WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-modules.service
<sub>~</sub>~</p>
<p>The After=misp-workers.service must be changed or removed if you have not created a misp-workers service. Then, enable the misp-modules service and start it:</p>
<div class="highlight"><pre><span></span><code>systemctl daemon-reload
systemctl <span class="nb">enable</span> --now misp-modules
</code></pre></div>
<p><sub>~</sub>~bash
systemctl daemon-reload
systemctl enable --now misp-modules
<sub>~</sub>~</p>
<h2 id="how-to-use-an-misp-modules-docker-container">How to use an MISP modules Docker container<a class="headerlink" href="#how-to-use-an-misp-modules-docker-container" title="Permanent link">&para;</a></h2>
<h3 id="docker-build">Docker build<a class="headerlink" href="#docker-build" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code>docker build -t misp-modules <span class="se">\</span>
--build-arg <span class="nv">BUILD_DATE</span><span class="o">=</span><span class="k">$(</span>date -u +<span class="s2">&quot;%Y-%m-%d&quot;</span><span class="k">)</span> <span class="se">\</span>
<p><sub>~</sub>~bash
docker build -t misp-modules \
--build-arg BUILD_DATE=$(date -u +"%Y-%m-%d") \
docker/
</code></pre></div>
<sub>~</sub>~</p>
<h3 id="docker-run">Docker run<a class="headerlink" href="#docker-run" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code><span class="c1"># Start Redis</span>
docker run --rm -d --name<span class="o">=</span>misp-redis redis:alpine
<span class="c1"># Start MISP-modules</span>
docker run <span class="se">\</span>
--rm -d --name<span class="o">=</span>misp-modules <span class="se">\</span>
-e <span class="nv">REDIS_BACKEND</span><span class="o">=</span>misp-redis <span class="se">\</span>
-e <span class="nv">REDIS_PORT</span><span class="o">=</span><span class="s2">&quot;6379&quot;</span> <span class="se">\</span>
-e <span class="nv">REDIS_PW</span><span class="o">=</span><span class="s2">&quot;&quot;</span> <span class="se">\</span>
-e <span class="nv">REDIS_DATABASE</span><span class="o">=</span><span class="s2">&quot;245&quot;</span> <span class="se">\</span>
-e <span class="nv">MISP_MODULES_DEBUG</span><span class="o">=</span><span class="s2">&quot;false&quot;</span> <span class="se">\</span>
<p><sub>~</sub>~bash</p>
<h1 id="start-redis">Start Redis<a class="headerlink" href="#start-redis" title="Permanent link">&para;</a></h1>
<p>docker run --rm -d --name=misp-redis redis:alpine</p>
<h1 id="start-misp-modules">Start MISP-modules<a class="headerlink" href="#start-misp-modules" title="Permanent link">&para;</a></h1>
<p>docker run \
--rm -d --name=misp-modules \
-e REDIS_BACKEND=misp-redis \
-e REDIS_PORT="6379" \
-e REDIS_PW="" \
-e REDIS_DATABASE="245" \
-e MISP_MODULES_DEBUG="false" \
dcso/misp-dockerized-misp-modules
</code></pre></div>
<sub>~</sub>~</p>
<h3 id="docker-compose">Docker-compose<a class="headerlink" href="#docker-compose" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code>services:
<p><sub>~</sub>~yml
services:
misp-modules:
# https://hub.docker.com/r/dcso/misp-dockerized-misp-modules
image: dcso/misp-dockerized-misp-modules:3
# <a href="https://hub.docker.com/r/dcso/misp-dockerized-misp-modules">https://hub.docker.com/r/dcso/misp-dockerized-misp-modules</a>
image: dcso/misp-dockerized-misp-modules:3</p>
<div class="codehilite"><pre><span></span><code># Local image:
#image: misp-modules
#build:
# context: docker/
# Local image:
#image: misp-modules
#build:
# context: docker/
environment:
# Redis
REDIS_BACKEND: misp-redis
REDIS_PORT: &quot;6379&quot;
REDIS_DATABASE: &quot;245&quot;
# System PROXY (OPTIONAL)
http_proxy:
https_proxy:
no_proxy: 0.0.0.0
# Timezone (OPTIONAL)
TZ: Europe/Berlin
# MISP-Modules (OPTIONAL)
MISP_MODULES_DEBUG: &quot;false&quot;
# Logging options (OPTIONAL)
LOG_SYSLOG_ENABLED: &quot;no&quot;
misp-redis:
# https://hub.docker.com/_/redis or alternative https://hub.docker.com/r/dcso/misp-dockerized-redis/
image: redis:alpine
environment:
# Redis
REDIS_BACKEND: misp-redis
REDIS_PORT: &quot;6379&quot;
REDIS_DATABASE: &quot;245&quot;
# System PROXY (OPTIONAL)
http_proxy:
https_proxy:
no_proxy: 0.0.0.0
# Timezone (OPTIONAL)
TZ: Europe/Berlin
# MISP-Modules (OPTIONAL)
MISP_MODULES_DEBUG: &quot;false&quot;
# Logging options (OPTIONAL)
LOG_SYSLOG_ENABLED: &quot;no&quot;
</code></pre></div>
<p>misp-redis:
# <a href="https://hub.docker.com/_/redis">https://hub.docker.com/_/redis</a> or alternative <a href="https://hub.docker.com/r/dcso/misp-dockerized-redis/">https://hub.docker.com/r/dcso/misp-dockerized-redis/</a>
image: redis:alpine
<sub>~</sub>~</p>
<h2 id="install-misp-module-on-an-offline-instance">Install misp-module on an offline instance.<a class="headerlink" href="#install-misp-module-on-an-offline-instance" title="Permanent link">&para;</a></h2>
<p>First, you need to grab all necessary packages for example like this :</p>
<p>Use pip wheel to create an archive
<div class="highlight"><pre><span></span><code>mkdir misp-modules-offline
<sub>~</sub>
mkdir misp-modules-offline
pip3 wheel -r REQUIREMENTS shodan --wheel-dir=./misp-modules-offline
tar -cjvf misp-module-bundeled.tar.bz2 ./misp-modules-offline/*
</code></pre></div>
<sub>~</sub>
On offline machine :
<div class="highlight"><pre><span></span><code>mkdir misp-modules-bundle
<sub>~</sub>
mkdir misp-modules-bundle
tar xvf misp-module-bundeled.tar.bz2 -C misp-modules-bundle
cd misp-modules-bundle
ls -1|while read line; do sudo pip3 install --force-reinstall --ignore-installed --upgrade --no-index --no-deps ${line};done
</code></pre></div>
<sub>~</sub>
Next you can follow standard install procedure.</p>
@ -806,7 +982,7 @@ Next you can follow standard install procedure.</p>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>

4
license/index.html
View File

@ -15,7 +15,7 @@
<link rel="canonical" href="https://www.misp-project.org/license/">
<link rel="icon" href="../img/favicon.ico">
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
@ -1078,7 +1078,7 @@ For more information on this, and how to apply and follow the GNU AGPL, see
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>

BIN
logos/hyas.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.1 KiB

BIN
logos/misp-modules-full-small.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
logos/misp-modules-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 148 KiB

125
logos/misp-modules-full.svg Normal file
View File

@ -0,0 +1,125 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="200mm"
height="200mm"
viewBox="0 0 200 200"
version="1.1"
id="svg5004"
inkscape:export-filename="/home/adulau/git/misp-modules/docs/logos/misp-modules-full.png"
inkscape:export-xdpi="300"
inkscape:export-ydpi="300"
inkscape:version="0.92.5 (2060ec1f9f, 2020-04-08)"
sodipodi:docname="misp-modules-full.svg">
<defs
id="defs4998" />
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.35"
inkscape:cx="608.07786"
inkscape:cy="468.57143"
inkscape:document-units="mm"
inkscape:current-layer="layer1"
showgrid="false"
inkscape:window-width="1494"
inkscape:window-height="858"
inkscape:window-x="85"
inkscape:window-y="94"
inkscape:window-maximized="0" />
<metadata
id="metadata5001">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(0,-97)">
<path
id="path13429-79"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
inkscape:connector-curvature="0"
d="m 164.77224,130.28857 -36.0861,12.64813 28.99649,24.92756 36.0861,-12.64812 z" />
<path
id="path13431-93"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
inkscape:connector-curvature="0"
d="m 157.68263,167.86426 -7.08952,37.57568 -28.99649,-24.92756 7.08952,-37.57568 z" />
<path
id="path13433-2"
sodipodi:nodetypes="ccccc"
d="m 157.68263,167.86426 -7.08947,37.57566 36.08609,-12.64815 7.08954,-37.5756 z"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
inkscape:connector-curvature="0" />
<path
id="path13429-1-3"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
inkscape:connector-curvature="0"
d="m 73.247659,124.68112 -37.48957,-7.53084 12.222724,36.23233 37.48956,7.53084 z" />
<path
id="path13431-9-7"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
inkscape:connector-curvature="0"
d="M 47.980813,153.38261 22.713972,182.08416 10.491268,145.85178 35.758089,117.15028 Z" />
<path
id="path13433-0-1"
sodipodi:nodetypes="ccccc"
d="m 47.980813,153.38261 -25.266857,28.70162 37.489568,7.53084 25.266907,-28.70153 z"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
inkscape:connector-curvature="0" />
<path
id="path13429-9-2"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
inkscape:connector-curvature="0"
d="m 108.76237,205.17588 -38.207108,1.54817 20.444152,32.31429 38.207146,-1.54817 z" />
<path
id="path13431-8-2"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
inkscape:connector-curvature="0"
d="M 90.999414,239.03834 73.236473,272.90088 52.792296,240.5865 70.555262,206.72405 Z" />
<path
id="path13433-85-0"
sodipodi:nodetypes="ccccc"
d="m 90.999414,239.03834 -17.762941,33.86258 38.207127,-1.54817 17.76296,-33.86251 z"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
inkscape:connector-curvature="0" />
<text
xml:space="preserve"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:31.40091705px;line-height:1.25;font-family:AnjaliOldLipi;-inkscape-font-specification:'AnjaliOldLipi, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.78502285;"
x="1.889612"
y="292.74222"
id="text4996"><tspan
sodipodi:role="line"
id="tspan4994"
x="1.889612"
y="292.74222"
style="stroke-width:0.78502285;fill:#000000;">misp-modules</tspan></text>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 5.7 KiB

BIN
logos/misp-modules-small.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.8 KiB

114
logos/misp-modules.svg Normal file
View File

@ -0,0 +1,114 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="200mm"
height="200mm"
viewBox="0 0 200 200"
version="1.1"
id="svg5004"
inkscape:export-filename="/home/adulau/misp-modules.png"
inkscape:export-xdpi="300"
inkscape:export-ydpi="300"
inkscape:version="0.92.5 (2060ec1f9f, 2020-04-08)"
sodipodi:docname="misp-modules.svg">
<defs
id="defs4998" />
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.35"
inkscape:cx="608.07786"
inkscape:cy="468.57143"
inkscape:document-units="mm"
inkscape:current-layer="layer1"
showgrid="false"
inkscape:window-width="1494"
inkscape:window-height="858"
inkscape:window-x="102"
inkscape:window-y="97"
inkscape:window-maximized="0" />
<metadata
id="metadata5001">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(0,-97)">
<path
id="path13429-79"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
inkscape:connector-curvature="0"
d="m 164.77224,130.28857 -36.0861,12.64813 28.99649,24.92756 36.0861,-12.64812 z" />
<path
id="path13431-93"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
inkscape:connector-curvature="0"
d="m 157.68263,167.86426 -7.08952,37.57568 -28.99649,-24.92756 7.08952,-37.57568 z" />
<path
id="path13433-2"
sodipodi:nodetypes="ccccc"
d="m 157.68263,167.86426 -7.08947,37.57566 36.08609,-12.64815 7.08954,-37.5756 z"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
inkscape:connector-curvature="0" />
<path
id="path13429-1-3"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
inkscape:connector-curvature="0"
d="m 73.247659,124.68112 -37.48957,-7.53084 12.222724,36.23233 37.48956,7.53084 z" />
<path
id="path13431-9-7"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
inkscape:connector-curvature="0"
d="M 47.980813,153.38261 22.713972,182.08416 10.491268,145.85178 35.758089,117.15028 Z" />
<path
id="path13433-0-1"
sodipodi:nodetypes="ccccc"
d="m 47.980813,153.38261 -25.266857,28.70162 37.489568,7.53084 25.266907,-28.70153 z"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
inkscape:connector-curvature="0" />
<path
id="path13429-9-2"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
inkscape:connector-curvature="0"
d="m 108.76237,205.17588 -38.207108,1.54817 20.444152,32.31429 38.207146,-1.54817 z" />
<path
id="path13431-8-2"
sodipodi:nodetypes="ccccc"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
inkscape:connector-curvature="0"
d="M 90.999414,239.03834 73.236473,272.90088 52.792296,240.5865 70.555262,206.72405 Z" />
<path
id="path13433-85-0"
sodipodi:nodetypes="ccccc"
d="m 90.999414,239.03834 -17.762941,33.86258 38.207127,-1.54817 17.76296,-33.86251 z"
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
inkscape:connector-curvature="0" />
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.8 KiB

2
search/search_index.json
View File

File diff suppressed because one or more lines are too long

14
sitemap.xml
View File

@ -2,37 +2,37 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://www.misp-project.org/</loc>
<lastmod>2022-02-23</lastmod>
<lastmod>2022-09-06</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/contribute/</loc>
<lastmod>2022-02-23</lastmod>
<lastmod>2022-09-06</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/expansion/</loc>
<lastmod>2022-02-23</lastmod>
<lastmod>2022-09-06</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/export_mod/</loc>
<lastmod>2022-02-23</lastmod>
<lastmod>2022-09-06</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/import_mod/</loc>
<lastmod>2022-02-23</lastmod>
<lastmod>2022-09-06</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/install/</loc>
<lastmod>2022-02-23</lastmod>
<lastmod>2022-09-06</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://www.misp-project.org/license/</loc>
<lastmod>2022-02-23</lastmod>
<lastmod>2022-09-06</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>

BIN
sitemap.xml.gz
View File

Binary file not shown.