Deployed 2c218d2
with MkDocs version: 1.3.1
4
404.html
|
@ -13,7 +13,7 @@
|
|||
|
||||
|
||||
<link rel="icon" href="/img/favicon.ico">
|
||||
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
|
||||
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
|
||||
|
||||
|
||||
|
||||
|
@ -430,7 +430,7 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "/", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "/assets/javascripts/workers/search.361d90f1.min.js"}</script>
|
||||
<script id="__config" type="application/json">{"base": "/", "features": [], "search": "/assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
|
||||
|
||||
|
||||
<script src="/assets/javascripts/bundle.289a2a4b.min.js"></script>
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<link rel="canonical" href="https://www.misp-project.org/contribute/">
|
||||
|
||||
<link rel="icon" href="../img/favicon.ico">
|
||||
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
|
||||
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
|
||||
|
||||
|
||||
|
||||
|
@ -373,6 +373,19 @@
|
|||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#config-fields-that-your-code-expects-from-the-site-admin" class="md-nav__link">
|
||||
config fields that your code expects from the site admin
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="config fields that your code expects from the site admin">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#handler" class="md-nav__link">
|
||||
handler
|
||||
|
@ -391,6 +404,13 @@
|
|||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#returning-binary-data" class="md-nav__link">
|
||||
Returning Binary Data
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -400,12 +420,7 @@
|
|||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<li class="md-nav__item">
|
||||
<a href="#testing-your-modules" class="md-nav__link">
|
||||
Testing your modules?
|
||||
</a>
|
||||
|
@ -431,19 +446,24 @@
|
|||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#documentation" class="md-nav__link">
|
||||
Documentation
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#tips-for-developers-creating-modules" class="md-nav__link">
|
||||
Tips for developers creating modules
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
|
@ -555,6 +575,19 @@
|
|||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#config-fields-that-your-code-expects-from-the-site-admin" class="md-nav__link">
|
||||
config fields that your code expects from the site admin
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="config fields that your code expects from the site admin">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#handler" class="md-nav__link">
|
||||
handler
|
||||
|
@ -573,6 +606,13 @@
|
|||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#returning-binary-data" class="md-nav__link">
|
||||
Returning Binary Data
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -582,12 +622,7 @@
|
|||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<li class="md-nav__item">
|
||||
<a href="#testing-your-modules" class="md-nav__link">
|
||||
Testing your modules?
|
||||
</a>
|
||||
|
@ -613,19 +648,24 @@
|
|||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#documentation" class="md-nav__link">
|
||||
Documentation
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#tips-for-developers-creating-modules" class="md-nav__link">
|
||||
Tips for developers creating modules
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
|
@ -641,8 +681,6 @@
|
|||
|
||||
|
||||
|
||||
<h1>Contribute</h1>
|
||||
|
||||
<h2 id="how-to-add-your-own-misp-modules">How to add your own MISP modules?<a class="headerlink" href="#how-to-add-your-own-misp-modules" title="Permanent link">¶</a></h2>
|
||||
<p>Create your module in <a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/expansion/">misp_modules/modules/expansion/</a>, <a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/export_mod/">misp_modules/modules/export_mod/</a>, or <a href="https://github.com/MISP/misp-modules/tree/master/misp_modules/modules/import_mod/">misp_modules/modules/import_mod/</a>. The module should have at minimum three functions:</p>
|
||||
<ul>
|
||||
|
@ -652,95 +690,98 @@
|
|||
</ul>
|
||||
<p>Don't forget to return an error key and value if an error is raised to propagate it to the MISP user-interface.</p>
|
||||
<p>Your module's script name should also be added in the <code>__all__</code> list of <code><module type folder>/__init__.py</code> in order for it to be loaded.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="o">...</span>
|
||||
<span class="c1"># Checking for required value</span>
|
||||
<span class="k">if</span> <span class="ow">not</span> <span class="n">request</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'ip-src'</span><span class="p">):</span>
|
||||
<span class="c1"># Return an error message</span>
|
||||
<span class="k">return</span> <span class="p">{</span><span class="s1">'error'</span><span class="p">:</span> <span class="s2">"A source IP is required"</span><span class="p">}</span>
|
||||
<span class="o">...</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>python
|
||||
...
|
||||
# Checking for required value
|
||||
if not request.get('ip-src'):
|
||||
# Return an error message
|
||||
return {'error': "A source IP is required"}
|
||||
...
|
||||
<sub>~</sub></p>
|
||||
<h3 id="introspection">introspection<a class="headerlink" href="#introspection" title="Permanent link">¶</a></h3>
|
||||
<p>The function that returns a dict of the supported attributes (input and output) by your expansion module.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="n">mispattributes</span> <span class="o">=</span> <span class="p">{</span><span class="s1">'input'</span><span class="p">:</span> <span class="p">[</span><span class="s1">'link'</span><span class="p">,</span> <span class="s1">'url'</span><span class="p">],</span>
|
||||
<span class="s1">'output'</span><span class="p">:</span> <span class="p">[</span><span class="s1">'attachment'</span><span class="p">,</span> <span class="s1">'malware-sample'</span><span class="p">]}</span>
|
||||
|
||||
<span class="k">def</span> <span class="nf">introspection</span><span class="p">():</span>
|
||||
<span class="k">return</span> <span class="n">mispattributes</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>python
|
||||
mispattributes = {'input': ['link', 'url'],
|
||||
'output': ['attachment', 'malware-sample']}</p>
|
||||
<p>def introspection():
|
||||
return mispattributes
|
||||
<sub>~</sub></p>
|
||||
<h3 id="version">version<a class="headerlink" href="#version" title="Permanent link">¶</a></h3>
|
||||
<p>The function that returns a dict with the version and the associated meta-data including potential configurations required of the module.</p>
|
||||
<h3 id="additional-configuration-values">Additional Configuration Values<a class="headerlink" href="#additional-configuration-values" title="Permanent link">¶</a></h3>
|
||||
<p>If your module requires additional configuration (to be exposed via the MISP user-interface), you can define those in the moduleconfig value returned by the version function.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1"># config fields that your code expects from the site admin</span>
|
||||
<span class="n">moduleconfig</span> <span class="o">=</span> <span class="p">[</span><span class="s2">"apikey"</span><span class="p">,</span> <span class="s2">"event_limit"</span><span class="p">]</span>
|
||||
|
||||
<span class="k">def</span> <span class="nf">version</span><span class="p">():</span>
|
||||
<span class="n">moduleinfo</span><span class="p">[</span><span class="s1">'config'</span><span class="p">]</span> <span class="o">=</span> <span class="n">moduleconfig</span>
|
||||
<span class="k">return</span> <span class="n">moduleinfo</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>python</p>
|
||||
<h1 id="config-fields-that-your-code-expects-from-the-site-admin">config fields that your code expects from the site admin<a class="headerlink" href="#config-fields-that-your-code-expects-from-the-site-admin" title="Permanent link">¶</a></h1>
|
||||
<p>moduleconfig = ["apikey", "event_limit"]</p>
|
||||
<p>def version():
|
||||
moduleinfo['config'] = moduleconfig
|
||||
return moduleinfo
|
||||
<sub>~</sub></p>
|
||||
<p>When you do this a config array is added to the meta-data output containing all the potential configuration values:</p>
|
||||
<div class="highlight"><pre><span></span><code>"meta": {
|
||||
"description": "PassiveTotal expansion service to expand values with multiple Passive DNS sources",
|
||||
"config": [
|
||||
"username",
|
||||
"password"
|
||||
<p><sub>~</sub>
|
||||
"meta": {
|
||||
"description": "PassiveTotal expansion service to expand values with multiple Passive DNS sources",
|
||||
"config": [
|
||||
"username",
|
||||
"password"
|
||||
],
|
||||
"module-type": [
|
||||
"expansion",
|
||||
"hover"
|
||||
],
|
||||
|
||||
...
|
||||
</code></pre></div>
|
||||
"module-type": [
|
||||
"expansion",
|
||||
"hover"
|
||||
],</p>
|
||||
<p>...
|
||||
<sub>~</sub></p>
|
||||
<p>If you want to use the configuration values set in the web interface they are stored in the key <code>config</code> in the JSON object passed to the handler.</p>
|
||||
<div class="highlight"><pre><span></span><code>def handler(q=False):
|
||||
<p><sub>~</sub>
|
||||
def handler(q=False):</p>
|
||||
<div class="codehilite"><pre><span></span><code># Check if we were given a configuration
|
||||
config = q.get("config", {})
|
||||
|
||||
# Check if we were given a configuration
|
||||
config = q.get("config", {})
|
||||
|
||||
# Find out if there is a username field
|
||||
username = config.get("username", None)
|
||||
# Find out if there is a username field
|
||||
username = config.get("username", None)
|
||||
</code></pre></div>
|
||||
|
||||
<p><sub>~</sub></p>
|
||||
<h3 id="handler">handler<a class="headerlink" href="#handler" title="Permanent link">¶</a></h3>
|
||||
<p>The function which accepts a JSON document to expand the values and return a dictionary of the expanded values.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="k">def</span> <span class="nf">handler</span><span class="p">(</span><span class="n">q</span><span class="o">=</span><span class="kc">False</span><span class="p">):</span>
|
||||
<span class="s2">"Fully functional rot-13 encoder"</span>
|
||||
<span class="k">if</span> <span class="n">q</span> <span class="ow">is</span> <span class="kc">False</span><span class="p">:</span>
|
||||
<span class="k">return</span> <span class="kc">False</span>
|
||||
<span class="n">request</span> <span class="o">=</span> <span class="n">json</span><span class="o">.</span><span class="n">loads</span><span class="p">(</span><span class="n">q</span><span class="p">)</span>
|
||||
<span class="n">src</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s1">'ip-src'</span><span class="p">)</span>
|
||||
<span class="k">if</span> <span class="n">src</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
|
||||
<span class="c1"># Return an error message</span>
|
||||
<span class="k">return</span> <span class="p">{</span><span class="s1">'error'</span><span class="p">:</span> <span class="s2">"A source IP is required"</span><span class="p">}</span>
|
||||
<span class="k">else</span><span class="p">:</span>
|
||||
<span class="k">return</span> <span class="p">{</span><span class="s1">'results'</span><span class="p">:</span>
|
||||
<span class="n">codecs</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="n">src</span><span class="p">,</span> <span class="s2">"rot-13"</span><span class="p">)}</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>python
|
||||
def handler(q=False):
|
||||
"Fully functional rot-13 encoder"
|
||||
if q is False:
|
||||
return False
|
||||
request = json.loads(q)
|
||||
src = request.get('ip-src')
|
||||
if src is None:
|
||||
# Return an error message
|
||||
return {'error': "A source IP is required"}
|
||||
else:
|
||||
return {'results':
|
||||
codecs.encode(src, "rot-13")}
|
||||
<sub>~</sub></p>
|
||||
<h4 id="export-module">export module<a class="headerlink" href="#export-module" title="Permanent link">¶</a></h4>
|
||||
<p>For an export module, the <code>request["data"]</code> object corresponds to a list of events (dictionaries) to handle.</p>
|
||||
<p>Iterating over events attributes is performed using their <code>Attribute</code> key.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="o">...</span>
|
||||
<span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="n">request</span><span class="p">[</span><span class="s2">"data"</span><span class="p">]:</span>
|
||||
<span class="k">for</span> <span class="n">attribute</span> <span class="ow">in</span> <span class="n">event</span><span class="p">[</span><span class="s2">"Attribute"</span><span class="p">]:</span>
|
||||
<span class="c1"># do stuff w/ attribute['type'], attribute['value'], ...</span>
|
||||
<span class="o">...</span>
|
||||
|
||||
<span class="c1">### Returning Binary Data</span>
|
||||
|
||||
<span class="n">If</span> <span class="n">you</span> <span class="n">want</span> <span class="n">to</span> <span class="k">return</span> <span class="n">a</span> <span class="n">file</span> <span class="ow">or</span> <span class="n">other</span> <span class="n">data</span> <span class="n">you</span> <span class="n">need</span> <span class="n">to</span> <span class="n">add</span> <span class="n">a</span> <span class="n">data</span> <span class="n">attribute</span><span class="o">.</span>
|
||||
|
||||
<span class="o">~~~</span><span class="n">python</span>
|
||||
<span class="p">{</span><span class="s2">"results"</span><span class="p">:</span> <span class="p">{</span><span class="s2">"values"</span><span class="p">:</span> <span class="s2">"filename.txt"</span><span class="p">,</span>
|
||||
<span class="s2">"types"</span><span class="p">:</span> <span class="s2">"attachment"</span><span class="p">,</span>
|
||||
<span class="s2">"data"</span> <span class="p">:</span> <span class="n">base64</span><span class="o">.</span><span class="n">b64encode</span><span class="p">(</span><span class="o"><</span><span class="n">ByteIO</span><span class="o">></span><span class="p">)</span> <span class="c1"># base64 encode your data first</span>
|
||||
<span class="s2">"comment"</span><span class="p">:</span> <span class="s2">"This is an attachment"</span><span class="p">}}</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>python
|
||||
...
|
||||
for event in request["data"]:
|
||||
for attribute in event["Attribute"]:
|
||||
# do stuff w/ attribute['type'], attribute['value'], ...
|
||||
...</p>
|
||||
<h3 id="returning-binary-data">Returning Binary Data<a class="headerlink" href="#returning-binary-data" title="Permanent link">¶</a></h3>
|
||||
<p>If you want to return a file or other data you need to add a data attribute.</p>
|
||||
<p><sub>~</sub>python
|
||||
{"results": {"values": "filename.txt",
|
||||
"types": "attachment",
|
||||
"data" : base64.b64encode(<ByteIO>) # base64 encode your data first
|
||||
"comment": "This is an attachment"}}
|
||||
<sub>~</sub></p>
|
||||
<p>If the binary file is malware you can use 'malware-sample' as the type. If you do this the malware sample will be automatically zipped and password protected ('infected') after being uploaded.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="p">{</span><span class="s2">"results"</span><span class="p">:</span> <span class="p">{</span><span class="s2">"values"</span><span class="p">:</span> <span class="s2">"filename.txt"</span><span class="p">,</span>
|
||||
<span class="s2">"types"</span><span class="p">:</span> <span class="s2">"malware-sample"</span><span class="p">,</span>
|
||||
<span class="s2">"data"</span> <span class="p">:</span> <span class="n">base64</span><span class="o">.</span><span class="n">b64encode</span><span class="p">(</span><span class="o"><</span><span class="n">ByteIO</span><span class="o">></span><span class="p">)</span> <span class="c1"># base64 encode your data first</span>
|
||||
<span class="s2">"comment"</span><span class="p">:</span> <span class="s2">"This is an attachment"</span><span class="p">}}</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>python
|
||||
{"results": {"values": "filename.txt",
|
||||
"types": "malware-sample",
|
||||
"data" : base64.b64encode(<ByteIO>) # base64 encode your data first
|
||||
"comment": "This is an attachment"}}
|
||||
<sub>~</sub></p>
|
||||
<p><a href="https://github.com/MISP/PyMISP/blob/4f230c9299ad9d2d1c851148c629b61a94f3f117/pymisp/mispevent.py#L185-L200">To learn more about how data attributes are processed you can read the processing code here.</a></p>
|
||||
<h3 id="module-type">Module type<a class="headerlink" href="#module-type" title="Permanent link">¶</a></h3>
|
||||
<p>A MISP module can be of four types:</p>
|
||||
|
@ -753,117 +794,122 @@
|
|||
<p>module-type is an array where the list of supported types can be added.</p>
|
||||
<h2 id="testing-your-modules">Testing your modules?<a class="headerlink" href="#testing-your-modules" title="Permanent link">¶</a></h2>
|
||||
<p>MISP uses the <strong>modules</strong> function to discover the available MISP modules and their supported MISP attributes:</p>
|
||||
<div class="highlight"><pre><span></span><code>% curl -s http://127.0.0.1:6666/modules | jq .
|
||||
<p><sub>~</sub>
|
||||
% curl -s <a href="http://127.0.0.1:6666/modules">http://127.0.0.1:6666/modules</a> | jq .
|
||||
[
|
||||
{
|
||||
"name": "passivetotal",
|
||||
"type": "expansion",
|
||||
"mispattributes": {
|
||||
"input": [
|
||||
"hostname",
|
||||
"domain",
|
||||
"ip-src",
|
||||
"ip-dst"
|
||||
"name": "passivetotal",
|
||||
"type": "expansion",
|
||||
"mispattributes": {
|
||||
"input": [
|
||||
"hostname",
|
||||
"domain",
|
||||
"ip-src",
|
||||
"ip-dst"
|
||||
],
|
||||
"output": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"hostname",
|
||||
"domain"
|
||||
"output": [
|
||||
"ip-src",
|
||||
"ip-dst",
|
||||
"hostname",
|
||||
"domain"
|
||||
]
|
||||
},
|
||||
"meta": {
|
||||
"description": "PassiveTotal expansion service to expand values with multiple Passive DNS sources",
|
||||
"config": [
|
||||
"username",
|
||||
"password"
|
||||
"meta": {
|
||||
"description": "PassiveTotal expansion service to expand values with multiple Passive DNS sources",
|
||||
"config": [
|
||||
"username",
|
||||
"password"
|
||||
],
|
||||
"author": "Alexandre Dulaunoy",
|
||||
"version": "0.1"
|
||||
"author": "Alexandre Dulaunoy",
|
||||
"version": "0.1"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "sourcecache",
|
||||
"type": "expansion",
|
||||
"mispattributes": {
|
||||
"input": [
|
||||
"link"
|
||||
"name": "sourcecache",
|
||||
"type": "expansion",
|
||||
"mispattributes": {
|
||||
"input": [
|
||||
"link"
|
||||
],
|
||||
"output": [
|
||||
"link"
|
||||
"output": [
|
||||
"link"
|
||||
]
|
||||
},
|
||||
"meta": {
|
||||
"description": "Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.",
|
||||
"author": "Alexandre Dulaunoy",
|
||||
"version": "0.1"
|
||||
"meta": {
|
||||
"description": "Module to cache web pages of analysis reports, OSINT sources. The module returns a link of the cached page.",
|
||||
"author": "Alexandre Dulaunoy",
|
||||
"version": "0.1"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "dns",
|
||||
"type": "expansion",
|
||||
"mispattributes": {
|
||||
"input": [
|
||||
"hostname",
|
||||
"domain"
|
||||
"name": "dns",
|
||||
"type": "expansion",
|
||||
"mispattributes": {
|
||||
"input": [
|
||||
"hostname",
|
||||
"domain"
|
||||
],
|
||||
"output": [
|
||||
"ip-src",
|
||||
"ip-dst"
|
||||
"output": [
|
||||
"ip-src",
|
||||
"ip-dst"
|
||||
]
|
||||
},
|
||||
"meta": {
|
||||
"description": "Simple DNS expansion service to resolve IP address from MISP attributes",
|
||||
"author": "Alexandre Dulaunoy",
|
||||
"version": "0.1"
|
||||
"meta": {
|
||||
"description": "Simple DNS expansion service to resolve IP address from MISP attributes",
|
||||
"author": "Alexandre Dulaunoy",
|
||||
"version": "0.1"
|
||||
}
|
||||
}
|
||||
]
|
||||
</code></pre></div>
|
||||
]</p>
|
||||
<p><sub>~</sub></p>
|
||||
<p>The MISP module service returns the available modules in a JSON array containing each module name along with their supported input attributes.</p>
|
||||
<p>Based on this information, a query can be built in a JSON format and saved as body.json:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="p">{</span>
|
||||
<span class="nt">"hostname"</span><span class="p">:</span> <span class="s2">"www.foo.be"</span><span class="p">,</span>
|
||||
<span class="nt">"module"</span><span class="p">:</span> <span class="s2">"dns"</span>
|
||||
<span class="p">}</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>json
|
||||
{
|
||||
"hostname": "<a href="http://www.foo.be">www.foo.be</a>",
|
||||
"module": "dns"
|
||||
}
|
||||
<sub>~</sub></p>
|
||||
<p>Then you can POST this JSON format query towards the MISP object server:</p>
|
||||
<div class="highlight"><pre><span></span><code>curl -s http://127.0.0.1:6666/query -H <span class="s2">"Content-Type: application/json"</span> --data @body.json -X POST
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>bash
|
||||
curl -s <a href="http://127.0.0.1:6666/query">http://127.0.0.1:6666/query</a> -H "Content-Type: application/json" --data @body.json -X POST
|
||||
<sub>~</sub></p>
|
||||
<p>The module should output the following JSON:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="p">{</span>
|
||||
<span class="nt">"results"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="p">{</span>
|
||||
<span class="nt">"types"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="s2">"ip-src"</span><span class="p">,</span>
|
||||
<span class="s2">"ip-dst"</span>
|
||||
<span class="p">],</span>
|
||||
<span class="nt">"values"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="s2">"188.65.217.78"</span>
|
||||
<span class="p">]</span>
|
||||
<span class="p">}</span>
|
||||
<span class="p">]</span>
|
||||
<span class="p">}</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>json
|
||||
{
|
||||
"results": [
|
||||
{
|
||||
"types": [
|
||||
"ip-src",
|
||||
"ip-dst"
|
||||
],
|
||||
"values": [
|
||||
"188.65.217.78"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
<sub>~</sub></p>
|
||||
<p>It is also possible to restrict the category options of the resolved attributes by passing a list of categories along (optional):</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="p">{</span>
|
||||
<span class="nt">"results"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="p">{</span>
|
||||
<span class="nt">"types"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="s2">"ip-src"</span><span class="p">,</span>
|
||||
<span class="s2">"ip-dst"</span>
|
||||
<span class="p">],</span>
|
||||
<span class="nt">"values"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="s2">"188.65.217.78"</span>
|
||||
<span class="p">],</span>
|
||||
<span class="nt">"categories"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="s2">"Network activity"</span><span class="p">,</span>
|
||||
<span class="s2">"Payload delivery"</span>
|
||||
<span class="p">]</span>
|
||||
<span class="p">}</span>
|
||||
<span class="p">]</span>
|
||||
<span class="p">}</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>json
|
||||
{
|
||||
"results": [
|
||||
{
|
||||
"types": [
|
||||
"ip-src",
|
||||
"ip-dst"
|
||||
],
|
||||
"values": [
|
||||
"188.65.217.78"
|
||||
],
|
||||
"categories": [
|
||||
"Network activity",
|
||||
"Payload delivery"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
<sub>~</sub></p>
|
||||
<p>For both the type and the category lists, the first item in the list will be the default setting on the interface.</p>
|
||||
<h3 id="enable-your-module-in-the-web-interface">Enable your module in the web interface<a class="headerlink" href="#enable-your-module-in-the-web-interface" title="Permanent link">¶</a></h3>
|
||||
<p>For a module to be activated in the MISP web interface it must be enabled in the "Plugin Settings.</p>
|
||||
|
@ -873,15 +919,17 @@
|
|||
- Find the name of your plugin's "enabled" value in the Setting Column.
|
||||
"Plugin.[MODULE NAME]_enabled"
|
||||
- Double click on its "Value" column</p>
|
||||
<div class="highlight"><pre><span></span><code>Priority Setting Value Description Error Message
|
||||
<p><sub>~</sub>
|
||||
Priority Setting Value Description Error Message
|
||||
Recommended Plugin.Import_ocr_enabled false Enable or disable the ocr module. Value not set.
|
||||
</code></pre></div>
|
||||
<sub>~</sub></p>
|
||||
<ul>
|
||||
<li>Use the drop-down to set the enabled value to 'true'</li>
|
||||
</ul>
|
||||
<div class="highlight"><pre><span></span><code>Priority Setting Value Description Error Message
|
||||
<p><sub>~</sub>
|
||||
Priority Setting Value Description Error Message
|
||||
Recommended Plugin.Import_ocr_enabled true Enable or disable the ocr module. Value not set.
|
||||
</code></pre></div>
|
||||
<sub>~</sub></p>
|
||||
<h3 id="set-any-other-required-settings-for-your-module">Set any other required settings for your module<a class="headerlink" href="#set-any-other-required-settings-for-your-module" title="Permanent link">¶</a></h3>
|
||||
<p>In this same menu set any other plugin settings that are required for testing.</p>
|
||||
<h2 id="documentation">Documentation<a class="headerlink" href="#documentation" title="Permanent link">¶</a></h2>
|
||||
|
@ -906,26 +954,31 @@ Recommended Plugin.Import_ocr_enabled true Enable or disable the ocr
|
|||
<li>SSH into the machine (Login info on training page)</li>
|
||||
<li>Go into the misp-modules directory</li>
|
||||
</ul>
|
||||
<div class="highlight"><pre><span></span><code><span class="nb">cd</span> /usr/local/src/misp-modules
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>bash
|
||||
cd /usr/local/src/misp-modules
|
||||
<sub>~</sub></p>
|
||||
<p>Set the git repo to your fork and checkout your development branch. If you SSH'ed in as the misp user you will have to use sudo.</p>
|
||||
<div class="highlight"><pre><span></span><code>sudo git remote set-url origin https://github.com/YourRepo/misp-modules.git
|
||||
<p><sub>~</sub>bash
|
||||
sudo git remote set-url origin <a href="https://github.com/YourRepo/misp-modules.git">https://github.com/YourRepo/misp-modules.git</a>
|
||||
sudo git pull
|
||||
sudo git checkout MyModBranch
|
||||
</code></pre></div>
|
||||
<sub>~</sub></p>
|
||||
<p>Remove the contents of the build directory and re-install misp-modules.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="n">sudo</span> <span class="n">rm</span> <span class="o">-</span><span class="n">fr</span> <span class="n">build</span><span class="o">/*</span>
|
||||
<span class="n">sudo</span> <span class="n">pip3</span> <span class="n">install</span> <span class="o">--</span><span class="n">upgrade</span> <span class="o">.</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>python
|
||||
sudo rm -fr build/*
|
||||
sudo pip3 install --upgrade .
|
||||
<sub>~</sub></p>
|
||||
<p>SSH in with a different terminal and run <code>misp-modules</code> with debugging enabled.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="n">sudo</span> <span class="n">killall</span> <span class="n">misp</span><span class="o">-</span><span class="n">modules</span>
|
||||
<span class="n">misp</span><span class="o">-</span><span class="n">modules</span> <span class="o">-</span><span class="n">d</span>
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>python
|
||||
sudo killall misp-modules
|
||||
misp-modules -d
|
||||
<sub>~</sub></p>
|
||||
<p>In your original terminal you can now run your tests manually and see any errors that arrive</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nb">cd</span> tests/
|
||||
curl -s http://127.0.0.1:6666/query -H <span class="s2">"Content-Type: application/json"</span> --data @MY_TEST_FILE.json -X POST
|
||||
<span class="nb">cd</span> ../
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>bash
|
||||
cd tests/
|
||||
curl -s <a href="http://127.0.0.1:6666/query">http://127.0.0.1:6666/query</a> -H "Content-Type: application/json" --data @MY_TEST_FILE.json -X POST
|
||||
cd ../
|
||||
<sub>~</sub></p>
|
||||
|
||||
|
||||
</article>
|
||||
|
@ -1017,7 +1070,7 @@ curl -s http://127.0.0.1:6666/query -H <span class="s2">"Content-Type: appl
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
|
||||
|
||||
|
||||
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<link rel="canonical" href="https://www.misp-project.org/expansion/">
|
||||
|
||||
<link rel="icon" href="../img/favicon.ico">
|
||||
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
|
||||
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
|
||||
|
||||
|
||||
|
||||
|
@ -517,6 +517,13 @@
|
|||
html_to_markdown
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#hyasinsight" class="md-nav__link">
|
||||
hyasinsight
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -1292,6 +1299,13 @@
|
|||
html_to_markdown
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#hyasinsight" class="md-nav__link">
|
||||
hyasinsight
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -2304,6 +2318,26 @@ Markdown content converted from the HTML fetched from the url.
|
|||
The markdownify python library</p>
|
||||
</blockquote>
|
||||
<hr />
|
||||
<h4 id="hyasinsight"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/hyasinsight.py">hyasinsight</a><a class="headerlink" href="#hyasinsight" title="Permanent link">¶</a></h4>
|
||||
<p><img src=../logos/hyasinsight.png height=60></p>
|
||||
<p>HYAS Insight integration to MISP provides direct, high volume access to HYAS Insight data. It enables investigators and analysts to understand and defend against cyber adversaries and their infrastructure.
|
||||
- <strong>features</strong>:</p>
|
||||
<blockquote>
|
||||
<p>This Module takes the IP Address, Domain, URL, Email, Phone Number, MD5, SHA1, Sha256, SHA512 MISP Attributes as input to query the HYAS Insight API.
|
||||
The results of the HYAS Insight API are than are then returned and parsed into Hyas Insight Objects. </p>
|
||||
<p>An API key is required to submit queries to the HYAS Insight API.</p>
|
||||
<ul>
|
||||
<li><strong>input</strong>:
|
||||
A MISP attribute of type IP Address(ip-src, ip-dst), Domain(hostname, domain), Email Address(email, email-src, email-dst, target-email, whois-registrant-email), Phone Number(phone-number, whois-registrant-phone), MDS(md5, x509-fingerprint-md5, ja3-fingerprint-md5, hassh-md5, hasshserver-md5), SHA1(sha1, x509-fingerprint-sha1), SHA256(sha256, x509-fingerprint-sha256), SHA512(sha512)</li>
|
||||
<li><strong>output</strong>:
|
||||
Hyas Insight objects, resulting from the query on the HYAS Insight API.</li>
|
||||
<li><strong>references</strong>:
|
||||
<a href="https://www.hyas.com/hyas-insight/">https://www.hyas.com/hyas-insight/</a></li>
|
||||
<li><strong>requirements</strong>:
|
||||
A HYAS Insight API Key.</li>
|
||||
</ul>
|
||||
</blockquote>
|
||||
<hr />
|
||||
<h4 id="intel471"><a href="https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/expansion/intel471.py">intel471</a><a class="headerlink" href="#intel471" title="Permanent link">¶</a></h4>
|
||||
<p><img src=../logos/intel471.png height=60>
|
||||
- <strong>descrption</strong>:</p>
|
||||
|
@ -3475,7 +3509,7 @@ MISP attributes and objects fetched from the Yeti instances.
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
|
||||
|
||||
|
||||
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>
|
||||
|
|
After Width: | Height: | Size: 3.1 KiB |
|
@ -15,7 +15,7 @@
|
|||
<link rel="canonical" href="https://www.misp-project.org/export_mod/">
|
||||
|
||||
<link rel="icon" href="../img/favicon.ico">
|
||||
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
|
||||
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
|
||||
|
||||
|
||||
|
||||
|
@ -946,7 +946,7 @@ vt_graph_api, the python library to query the VirusTotal graph API</p>
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
|
||||
|
||||
|
||||
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>
|
||||
|
|
After Width: | Height: | Size: 3.1 KiB |
|
@ -15,7 +15,7 @@
|
|||
<link rel="canonical" href="https://www.misp-project.org/import_mod/">
|
||||
|
||||
<link rel="icon" href="../img/favicon.ico">
|
||||
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
|
||||
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
|
||||
|
||||
|
||||
|
||||
|
@ -877,7 +877,7 @@ vmray_rest_api</p>
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
|
||||
|
||||
|
||||
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>
|
||||
|
|
After Width: | Height: | Size: 3.1 KiB |
|
@ -15,7 +15,7 @@
|
|||
<link rel="canonical" href="https://www.misp-project.org/">
|
||||
|
||||
<link rel="icon" href="img/favicon.ico">
|
||||
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
|
||||
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
|
||||
|
||||
|
||||
|
||||
|
@ -722,7 +722,7 @@ For further information please see <a href="contribute/">Contribute</a>.</p>
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": ".", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "assets/javascripts/workers/search.361d90f1.min.js"}</script>
|
||||
<script id="__config" type="application/json">{"base": ".", "features": [], "search": "assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
|
||||
|
||||
|
||||
<script src="assets/javascripts/bundle.289a2a4b.min.js"></script>
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<link rel="canonical" href="https://www.misp-project.org/install/">
|
||||
|
||||
<link rel="icon" href="../img/favicon.ico">
|
||||
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
|
||||
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
|
||||
|
||||
|
||||
|
||||
|
@ -337,13 +337,77 @@
|
|||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" class="md-nav__link">
|
||||
How to install and start MISP modules on RHEL-based distributions ?
|
||||
<a href="#begin-with-virtualenv" class="md-nav__link">
|
||||
BEGIN with virtualenv:
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#end-with-virtualenv" class="md-nav__link">
|
||||
END with virtualenv
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#ideally-you-add-your-user-to-the-staff-group-and-make-usrlocalsrc-group-writeable-below-follows-an-example-with-user-misp" class="md-nav__link">
|
||||
Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#install-gtcacafaup" class="md-nav__link">
|
||||
Install gtcaca/faup
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#begin-with-virtualenv_1" class="md-nav__link">
|
||||
BEGIN with virtualenv:
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#end-with-virtualenv_1" class="md-nav__link">
|
||||
END with virtualenv
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#begin-without-virtualenv" class="md-nav__link">
|
||||
BEGIN without virtualenv:
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#end-without-virtualenv" class="md-nav__link">
|
||||
END without virtualenv
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#start-misp-modules-as-a-service" class="md-nav__link">
|
||||
Start misp-modules as a service
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="Start misp-modules as a service">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" class="md-nav__link">
|
||||
How to install and start MISP modules on RHEL-based distributions ?
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#how-to-use-an-misp-modules-docker-container" class="md-nav__link">
|
||||
How to use an MISP modules Docker container
|
||||
</a>
|
||||
|
@ -365,10 +429,8 @@
|
|||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#docker-compose" class="md-nav__link">
|
||||
Docker-compose
|
||||
</a>
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
|
@ -378,10 +440,37 @@
|
|||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#start-redis" class="md-nav__link">
|
||||
Start Redis
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#start-misp-modules" class="md-nav__link">
|
||||
Start MISP-modules
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="Start MISP-modules">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#docker-compose" class="md-nav__link">
|
||||
Docker-compose
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#install-misp-module-on-an-offline-instance" class="md-nav__link">
|
||||
Install misp-module on an offline instance.
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
|
@ -487,13 +576,77 @@
|
|||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" class="md-nav__link">
|
||||
How to install and start MISP modules on RHEL-based distributions ?
|
||||
<a href="#begin-with-virtualenv" class="md-nav__link">
|
||||
BEGIN with virtualenv:
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#end-with-virtualenv" class="md-nav__link">
|
||||
END with virtualenv
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#ideally-you-add-your-user-to-the-staff-group-and-make-usrlocalsrc-group-writeable-below-follows-an-example-with-user-misp" class="md-nav__link">
|
||||
Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#install-gtcacafaup" class="md-nav__link">
|
||||
Install gtcaca/faup
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#begin-with-virtualenv_1" class="md-nav__link">
|
||||
BEGIN with virtualenv:
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#end-with-virtualenv_1" class="md-nav__link">
|
||||
END with virtualenv
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#begin-without-virtualenv" class="md-nav__link">
|
||||
BEGIN without virtualenv:
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#end-without-virtualenv" class="md-nav__link">
|
||||
END without virtualenv
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#start-misp-modules-as-a-service" class="md-nav__link">
|
||||
Start misp-modules as a service
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="Start misp-modules as a service">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" class="md-nav__link">
|
||||
How to install and start MISP modules on RHEL-based distributions ?
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#how-to-use-an-misp-modules-docker-container" class="md-nav__link">
|
||||
How to use an MISP modules Docker container
|
||||
</a>
|
||||
|
@ -515,10 +668,8 @@
|
|||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#docker-compose" class="md-nav__link">
|
||||
Docker-compose
|
||||
</a>
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
|
@ -528,10 +679,37 @@
|
|||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#start-redis" class="md-nav__link">
|
||||
Start Redis
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#start-misp-modules" class="md-nav__link">
|
||||
Start MISP-modules
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="Start MISP-modules">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#docker-compose" class="md-nav__link">
|
||||
Docker-compose
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#install-misp-module-on-an-offline-instance" class="md-nav__link">
|
||||
Install misp-module on an offline instance.
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
</li>
|
||||
|
||||
</ul>
|
||||
|
@ -547,173 +725,171 @@
|
|||
|
||||
|
||||
|
||||
<h1>Install Guides</h1>
|
||||
|
||||
<h2 id="how-to-install-and-start-misp-modules-in-a-python-virtualenv">How to install and start MISP modules (in a Python virtualenv)?<a class="headerlink" href="#how-to-install-and-start-misp-modules-in-a-python-virtualenv" title="Permanent link">¶</a></h2>
|
||||
<div class="highlight"><pre><span></span><code><span class="nv">SUDO_WWW</span><span class="o">=</span><span class="s2">"sudo -u www-data"</span>
|
||||
|
||||
sudo apt-get install -y <span class="se">\</span>
|
||||
git <span class="se">\</span>
|
||||
libpq5 <span class="se">\</span>
|
||||
libjpeg-dev <span class="se">\</span>
|
||||
tesseract-ocr <span class="se">\</span>
|
||||
libpoppler-cpp-dev <span class="se">\</span>
|
||||
imagemagick virtualenv <span class="se">\</span>
|
||||
libopencv-dev <span class="se">\</span>
|
||||
zbar-tools <span class="se">\</span>
|
||||
libzbar0 <span class="se">\</span>
|
||||
libzbar-dev <span class="se">\</span>
|
||||
libfuzzy-dev <span class="se">\</span>
|
||||
libcaca-dev
|
||||
|
||||
<span class="c1"># BEGIN with virtualenv: </span>
|
||||
<span class="nv">$SUDO_WWW</span> virtualenv -p python3 /var/www/MISP/venv
|
||||
<span class="c1"># END with virtualenv</span>
|
||||
|
||||
<span class="nb">cd</span> /usr/local/src/
|
||||
<span class="c1"># Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp</span>
|
||||
sudo adduser misp staff
|
||||
sudo chmod <span class="m">2775</span> /usr/local/src
|
||||
<p><sub>~</sub>~bash
|
||||
SUDO_WWW="sudo -u www-data"</p>
|
||||
<p>sudo apt-get install -y \
|
||||
git \
|
||||
libpq5 \
|
||||
libjpeg-dev \
|
||||
tesseract-ocr \
|
||||
libpoppler-cpp-dev \
|
||||
imagemagick virtualenv \
|
||||
libopencv-dev \
|
||||
zbar-tools \
|
||||
libzbar0 \
|
||||
libzbar-dev \
|
||||
libfuzzy-dev \
|
||||
libcaca-dev</p>
|
||||
<h1 id="begin-with-virtualenv">BEGIN with virtualenv:<a class="headerlink" href="#begin-with-virtualenv" title="Permanent link">¶</a></h1>
|
||||
<p>$SUDO_WWW virtualenv -p python3 /var/www/MISP/venv</p>
|
||||
<h1 id="end-with-virtualenv">END with virtualenv<a class="headerlink" href="#end-with-virtualenv" title="Permanent link">¶</a></h1>
|
||||
<p>cd /usr/local/src/</p>
|
||||
<h1 id="ideally-you-add-your-user-to-the-staff-group-and-make-usrlocalsrc-group-writeable-below-follows-an-example-with-user-misp">Ideally you add your user to the staff group and make /usr/local/src group writeable, below follows an example with user misp<a class="headerlink" href="#ideally-you-add-your-user-to-the-staff-group-and-make-usrlocalsrc-group-writeable-below-follows-an-example-with-user-misp" title="Permanent link">¶</a></h1>
|
||||
<p>sudo adduser misp staff
|
||||
sudo chmod 2775 /usr/local/src
|
||||
sudo chown root:staff /usr/local/src
|
||||
git clone https://github.com/MISP/misp-modules.git
|
||||
git clone <a href="https://github.com/MISP/misp-modules.git">https://github.com/MISP/misp-modules.git</a>
|
||||
git clone git://github.com/stricaud/faup.git faup
|
||||
git clone git://github.com/stricaud/gtcaca.git gtcaca
|
||||
|
||||
<span class="c1"># Install gtcaca/faup</span>
|
||||
<span class="nb">cd</span> gtcaca
|
||||
git clone git://github.com/stricaud/gtcaca.git gtcaca</p>
|
||||
<h1 id="install-gtcacafaup">Install gtcaca/faup<a class="headerlink" href="#install-gtcacafaup" title="Permanent link">¶</a></h1>
|
||||
<p>cd gtcaca
|
||||
mkdir -p build
|
||||
<span class="nb">cd</span> build
|
||||
cmake .. <span class="o">&&</span> make
|
||||
cd build
|
||||
cmake .. && make
|
||||
sudo make install
|
||||
<span class="nb">cd</span> ../../faup
|
||||
cd ../../faup
|
||||
mkdir -p build
|
||||
<span class="nb">cd</span> build
|
||||
cmake .. <span class="o">&&</span> make
|
||||
cd build
|
||||
cmake .. && make
|
||||
sudo make install
|
||||
sudo ldconfig
|
||||
|
||||
<span class="nb">cd</span> ../../misp-modules
|
||||
|
||||
<span class="c1"># BEGIN with virtualenv: </span>
|
||||
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install .
|
||||
<span class="c1"># END with virtualenv</span>
|
||||
|
||||
<span class="c1"># BEGIN without virtualenv: </span>
|
||||
sudo pip install -I -r REQUIREMENTS
|
||||
sudo pip install .
|
||||
<span class="c1"># END without virtualenv</span>
|
||||
|
||||
<span class="c1"># Start misp-modules as a service</span>
|
||||
sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
|
||||
sudo ldconfig</p>
|
||||
<p>cd ../../misp-modules</p>
|
||||
<h1 id="begin-with-virtualenv_1">BEGIN with virtualenv:<a class="headerlink" href="#begin-with-virtualenv_1" title="Permanent link">¶</a></h1>
|
||||
<p>$SUDO_WWW /var/www/MISP/venv/bin/pip install -I -r REQUIREMENTS
|
||||
$SUDO_WWW /var/www/MISP/venv/bin/pip install .</p>
|
||||
<h1 id="end-with-virtualenv_1">END with virtualenv<a class="headerlink" href="#end-with-virtualenv_1" title="Permanent link">¶</a></h1>
|
||||
<h1 id="begin-without-virtualenv">BEGIN without virtualenv:<a class="headerlink" href="#begin-without-virtualenv" title="Permanent link">¶</a></h1>
|
||||
<p>sudo pip install -I -r REQUIREMENTS
|
||||
sudo pip install .</p>
|
||||
<h1 id="end-without-virtualenv">END without virtualenv<a class="headerlink" href="#end-without-virtualenv" title="Permanent link">¶</a></h1>
|
||||
<h1 id="start-misp-modules-as-a-service">Start misp-modules as a service<a class="headerlink" href="#start-misp-modules-as-a-service" title="Permanent link">¶</a></h1>
|
||||
<p>sudo cp etc/systemd/system/misp-modules.service /etc/systemd/system/
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl <span class="nb">enable</span> --now misp-modules
|
||||
/var/www/MISP/venv/bin/misp-modules -l <span class="m">127</span>.0.0.1 -s <span class="p">&</span> <span class="c1">#to start the modules</span>
|
||||
</code></pre></div>
|
||||
sudo systemctl enable --now misp-modules
|
||||
/var/www/MISP/venv/bin/misp-modules -l 127.0.0.1 -s & #to start the modules
|
||||
<sub>~</sub>~</p>
|
||||
<h2 id="how-to-install-and-start-misp-modules-on-rhel-based-distributions">How to install and start MISP modules on RHEL-based distributions ?<a class="headerlink" href="#how-to-install-and-start-misp-modules-on-rhel-based-distributions" title="Permanent link">¶</a></h2>
|
||||
<p>As of this writing, the official RHEL repositories only contain Ruby 2.0.0 and Ruby 2.1 or higher is required. As such, this guide installs Ruby 2.2 from the SCL repository.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nv">SUDO_WWW</span><span class="o">=</span><span class="s2">"sudo -u apache"</span>
|
||||
sudo yum install <span class="se">\</span>
|
||||
rh-ruby22 <span class="se">\</span>
|
||||
openjpeg-devel <span class="se">\</span>
|
||||
rubygem-rouge <span class="se">\</span>
|
||||
rubygem-asciidoctor <span class="se">\</span>
|
||||
zbar-devel <span class="se">\</span>
|
||||
opencv-devel <span class="se">\</span>
|
||||
gcc-c++ <span class="se">\</span>
|
||||
pkgconfig <span class="se">\</span>
|
||||
poppler-cpp-devel <span class="se">\</span>
|
||||
python-devel <span class="se">\</span>
|
||||
<p><sub>~</sub>~bash
|
||||
SUDO_WWW="sudo -u apache"
|
||||
sudo yum install \
|
||||
rh-ruby22 \
|
||||
openjpeg-devel \
|
||||
rubygem-rouge \
|
||||
rubygem-asciidoctor \
|
||||
zbar-devel \
|
||||
opencv-devel \
|
||||
gcc-c++ \
|
||||
pkgconfig \
|
||||
poppler-cpp-devel \
|
||||
python-devel \
|
||||
redhat-rpm-config
|
||||
<span class="nb">cd</span> /usr/local/src/
|
||||
sudo git clone https://github.com/MISP/misp-modules.git
|
||||
<span class="nb">cd</span> misp-modules
|
||||
<span class="nv">$SUDO_WWW</span> /usr/bin/scl <span class="nb">enable</span> rh-python36 <span class="s2">"virtualenv -p python3 /var/www/MISP/venv"</span>
|
||||
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
|
||||
<span class="nv">$SUDO_WWW</span> /var/www/MISP/venv/bin/pip install -U .
|
||||
</code></pre></div>
|
||||
cd /usr/local/src/
|
||||
sudo git clone <a href="https://github.com/MISP/misp-modules.git">https://github.com/MISP/misp-modules.git</a>
|
||||
cd misp-modules
|
||||
$SUDO_WWW /usr/bin/scl enable rh-python36 "virtualenv -p python3 /var/www/MISP/venv"
|
||||
$SUDO_WWW /var/www/MISP/venv/bin/pip install -U -I -r REQUIREMENTS
|
||||
$SUDO_WWW /var/www/MISP/venv/bin/pip install -U .
|
||||
<sub>~</sub>~</p>
|
||||
<p>Create the service file /etc/systemd/system/misp-modules.service :</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nb">echo</span> <span class="s2">"[Unit]</span>
|
||||
<span class="s2">Description=MISP's modules</span>
|
||||
<span class="s2">After=misp-workers.service</span>
|
||||
|
||||
<span class="s2">[Service]</span>
|
||||
<span class="s2">Type=simple</span>
|
||||
<span class="s2">User=apache</span>
|
||||
<span class="s2">Group=apache</span>
|
||||
<span class="s2">ExecStart=/usr/bin/scl enable rh-python36 rh-ruby22 '/var/www/MISP/venv/bin/misp-modules –l 127.0.0.1 –s'</span>
|
||||
<span class="s2">Restart=always</span>
|
||||
<span class="s2">RestartSec=10</span>
|
||||
|
||||
<span class="s2">[Install]</span>
|
||||
<span class="s2">WantedBy=multi-user.target"</span> <span class="p">|</span> sudo tee /etc/systemd/system/misp-modules.service
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>~bash
|
||||
echo "[Unit]
|
||||
Description=MISP's modules
|
||||
After=misp-workers.service</p>
|
||||
<p>[Service]
|
||||
Type=simple
|
||||
User=apache
|
||||
Group=apache
|
||||
ExecStart=/usr/bin/scl enable rh-python36 rh-ruby22 '/var/www/MISP/venv/bin/misp-modules –l 127.0.0.1 –s'
|
||||
Restart=always
|
||||
RestartSec=10</p>
|
||||
<p>[Install]
|
||||
WantedBy=multi-user.target" | sudo tee /etc/systemd/system/misp-modules.service
|
||||
<sub>~</sub>~</p>
|
||||
<p>The After=misp-workers.service must be changed or removed if you have not created a misp-workers service. Then, enable the misp-modules service and start it:</p>
|
||||
<div class="highlight"><pre><span></span><code>systemctl daemon-reload
|
||||
systemctl <span class="nb">enable</span> --now misp-modules
|
||||
</code></pre></div>
|
||||
<p><sub>~</sub>~bash
|
||||
systemctl daemon-reload
|
||||
systemctl enable --now misp-modules
|
||||
<sub>~</sub>~</p>
|
||||
<h2 id="how-to-use-an-misp-modules-docker-container">How to use an MISP modules Docker container<a class="headerlink" href="#how-to-use-an-misp-modules-docker-container" title="Permanent link">¶</a></h2>
|
||||
<h3 id="docker-build">Docker build<a class="headerlink" href="#docker-build" title="Permanent link">¶</a></h3>
|
||||
<div class="highlight"><pre><span></span><code>docker build -t misp-modules <span class="se">\</span>
|
||||
--build-arg <span class="nv">BUILD_DATE</span><span class="o">=</span><span class="k">$(</span>date -u +<span class="s2">"%Y-%m-%d"</span><span class="k">)</span> <span class="se">\</span>
|
||||
<p><sub>~</sub>~bash
|
||||
docker build -t misp-modules \
|
||||
--build-arg BUILD_DATE=$(date -u +"%Y-%m-%d") \
|
||||
docker/
|
||||
</code></pre></div>
|
||||
<sub>~</sub>~</p>
|
||||
<h3 id="docker-run">Docker run<a class="headerlink" href="#docker-run" title="Permanent link">¶</a></h3>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1"># Start Redis</span>
|
||||
docker run --rm -d --name<span class="o">=</span>misp-redis redis:alpine
|
||||
<span class="c1"># Start MISP-modules</span>
|
||||
docker run <span class="se">\</span>
|
||||
--rm -d --name<span class="o">=</span>misp-modules <span class="se">\</span>
|
||||
-e <span class="nv">REDIS_BACKEND</span><span class="o">=</span>misp-redis <span class="se">\</span>
|
||||
-e <span class="nv">REDIS_PORT</span><span class="o">=</span><span class="s2">"6379"</span> <span class="se">\</span>
|
||||
-e <span class="nv">REDIS_PW</span><span class="o">=</span><span class="s2">""</span> <span class="se">\</span>
|
||||
-e <span class="nv">REDIS_DATABASE</span><span class="o">=</span><span class="s2">"245"</span> <span class="se">\</span>
|
||||
-e <span class="nv">MISP_MODULES_DEBUG</span><span class="o">=</span><span class="s2">"false"</span> <span class="se">\</span>
|
||||
<p><sub>~</sub>~bash</p>
|
||||
<h1 id="start-redis">Start Redis<a class="headerlink" href="#start-redis" title="Permanent link">¶</a></h1>
|
||||
<p>docker run --rm -d --name=misp-redis redis:alpine</p>
|
||||
<h1 id="start-misp-modules">Start MISP-modules<a class="headerlink" href="#start-misp-modules" title="Permanent link">¶</a></h1>
|
||||
<p>docker run \
|
||||
--rm -d --name=misp-modules \
|
||||
-e REDIS_BACKEND=misp-redis \
|
||||
-e REDIS_PORT="6379" \
|
||||
-e REDIS_PW="" \
|
||||
-e REDIS_DATABASE="245" \
|
||||
-e MISP_MODULES_DEBUG="false" \
|
||||
dcso/misp-dockerized-misp-modules
|
||||
</code></pre></div>
|
||||
<sub>~</sub>~</p>
|
||||
<h3 id="docker-compose">Docker-compose<a class="headerlink" href="#docker-compose" title="Permanent link">¶</a></h3>
|
||||
<div class="highlight"><pre><span></span><code>services:
|
||||
<p><sub>~</sub>~yml
|
||||
services:
|
||||
misp-modules:
|
||||
# https://hub.docker.com/r/dcso/misp-dockerized-misp-modules
|
||||
image: dcso/misp-dockerized-misp-modules:3
|
||||
# <a href="https://hub.docker.com/r/dcso/misp-dockerized-misp-modules">https://hub.docker.com/r/dcso/misp-dockerized-misp-modules</a>
|
||||
image: dcso/misp-dockerized-misp-modules:3</p>
|
||||
<div class="codehilite"><pre><span></span><code># Local image:
|
||||
#image: misp-modules
|
||||
#build:
|
||||
# context: docker/
|
||||
|
||||
# Local image:
|
||||
#image: misp-modules
|
||||
#build:
|
||||
# context: docker/
|
||||
|
||||
environment:
|
||||
# Redis
|
||||
REDIS_BACKEND: misp-redis
|
||||
REDIS_PORT: "6379"
|
||||
REDIS_DATABASE: "245"
|
||||
# System PROXY (OPTIONAL)
|
||||
http_proxy:
|
||||
https_proxy:
|
||||
no_proxy: 0.0.0.0
|
||||
# Timezone (OPTIONAL)
|
||||
TZ: Europe/Berlin
|
||||
# MISP-Modules (OPTIONAL)
|
||||
MISP_MODULES_DEBUG: "false"
|
||||
# Logging options (OPTIONAL)
|
||||
LOG_SYSLOG_ENABLED: "no"
|
||||
misp-redis:
|
||||
# https://hub.docker.com/_/redis or alternative https://hub.docker.com/r/dcso/misp-dockerized-redis/
|
||||
image: redis:alpine
|
||||
environment:
|
||||
# Redis
|
||||
REDIS_BACKEND: misp-redis
|
||||
REDIS_PORT: "6379"
|
||||
REDIS_DATABASE: "245"
|
||||
# System PROXY (OPTIONAL)
|
||||
http_proxy:
|
||||
https_proxy:
|
||||
no_proxy: 0.0.0.0
|
||||
# Timezone (OPTIONAL)
|
||||
TZ: Europe/Berlin
|
||||
# MISP-Modules (OPTIONAL)
|
||||
MISP_MODULES_DEBUG: "false"
|
||||
# Logging options (OPTIONAL)
|
||||
LOG_SYSLOG_ENABLED: "no"
|
||||
</code></pre></div>
|
||||
|
||||
<p>misp-redis:
|
||||
# <a href="https://hub.docker.com/_/redis">https://hub.docker.com/_/redis</a> or alternative <a href="https://hub.docker.com/r/dcso/misp-dockerized-redis/">https://hub.docker.com/r/dcso/misp-dockerized-redis/</a>
|
||||
image: redis:alpine
|
||||
<sub>~</sub>~</p>
|
||||
<h2 id="install-misp-module-on-an-offline-instance">Install misp-module on an offline instance.<a class="headerlink" href="#install-misp-module-on-an-offline-instance" title="Permanent link">¶</a></h2>
|
||||
<p>First, you need to grab all necessary packages for example like this :</p>
|
||||
<p>Use pip wheel to create an archive
|
||||
<div class="highlight"><pre><span></span><code>mkdir misp-modules-offline
|
||||
<sub>~</sub>
|
||||
mkdir misp-modules-offline
|
||||
pip3 wheel -r REQUIREMENTS shodan --wheel-dir=./misp-modules-offline
|
||||
tar -cjvf misp-module-bundeled.tar.bz2 ./misp-modules-offline/*
|
||||
</code></pre></div>
|
||||
<sub>~</sub>
|
||||
On offline machine :
|
||||
<div class="highlight"><pre><span></span><code>mkdir misp-modules-bundle
|
||||
<sub>~</sub>
|
||||
mkdir misp-modules-bundle
|
||||
tar xvf misp-module-bundeled.tar.bz2 -C misp-modules-bundle
|
||||
cd misp-modules-bundle
|
||||
ls -1|while read line; do sudo pip3 install --force-reinstall --ignore-installed --upgrade --no-index --no-deps ${line};done
|
||||
</code></pre></div>
|
||||
<sub>~</sub>
|
||||
Next you can follow standard install procedure.</p>
|
||||
|
||||
|
||||
|
@ -806,7 +982,7 @@ Next you can follow standard install procedure.</p>
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
|
||||
|
||||
|
||||
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<link rel="canonical" href="https://www.misp-project.org/license/">
|
||||
|
||||
<link rel="icon" href="../img/favicon.ico">
|
||||
<meta name="generator" content="mkdocs-1.2.3, mkdocs-material-8.1.4">
|
||||
<meta name="generator" content="mkdocs-1.3.1, mkdocs-material-8.1.4">
|
||||
|
||||
|
||||
|
||||
|
@ -1078,7 +1078,7 @@ For more information on this, and how to apply and follow the GNU AGPL, see
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../assets/javascripts/workers/search.361d90f1.min.js"}</script>
|
||||
<script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.361d90f1.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version.title": "Select version"}}</script>
|
||||
|
||||
|
||||
<script src="../assets/javascripts/bundle.289a2a4b.min.js"></script>
|
||||
|
|
After Width: | Height: | Size: 3.1 KiB |
After Width: | Height: | Size: 11 KiB |
After Width: | Height: | Size: 148 KiB |
|
@ -0,0 +1,125 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
width="200mm"
|
||||
height="200mm"
|
||||
viewBox="0 0 200 200"
|
||||
version="1.1"
|
||||
id="svg5004"
|
||||
inkscape:export-filename="/home/adulau/git/misp-modules/docs/logos/misp-modules-full.png"
|
||||
inkscape:export-xdpi="300"
|
||||
inkscape:export-ydpi="300"
|
||||
inkscape:version="0.92.5 (2060ec1f9f, 2020-04-08)"
|
||||
sodipodi:docname="misp-modules-full.svg">
|
||||
<defs
|
||||
id="defs4998" />
|
||||
<sodipodi:namedview
|
||||
id="base"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:zoom="0.35"
|
||||
inkscape:cx="608.07786"
|
||||
inkscape:cy="468.57143"
|
||||
inkscape:document-units="mm"
|
||||
inkscape:current-layer="layer1"
|
||||
showgrid="false"
|
||||
inkscape:window-width="1494"
|
||||
inkscape:window-height="858"
|
||||
inkscape:window-x="85"
|
||||
inkscape:window-y="94"
|
||||
inkscape:window-maximized="0" />
|
||||
<metadata
|
||||
id="metadata5001">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title></dc:title>
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
inkscape:groupmode="layer"
|
||||
id="layer1"
|
||||
transform="translate(0,-97)">
|
||||
<path
|
||||
id="path13429-79"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
|
||||
inkscape:connector-curvature="0"
|
||||
d="m 164.77224,130.28857 -36.0861,12.64813 28.99649,24.92756 36.0861,-12.64812 z" />
|
||||
<path
|
||||
id="path13431-93"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
|
||||
inkscape:connector-curvature="0"
|
||||
d="m 157.68263,167.86426 -7.08952,37.57568 -28.99649,-24.92756 7.08952,-37.57568 z" />
|
||||
<path
|
||||
id="path13433-2"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
d="m 157.68263,167.86426 -7.08947,37.57566 36.08609,-12.64815 7.08954,-37.5756 z"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
id="path13429-1-3"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
|
||||
inkscape:connector-curvature="0"
|
||||
d="m 73.247659,124.68112 -37.48957,-7.53084 12.222724,36.23233 37.48956,7.53084 z" />
|
||||
<path
|
||||
id="path13431-9-7"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
|
||||
inkscape:connector-curvature="0"
|
||||
d="M 47.980813,153.38261 22.713972,182.08416 10.491268,145.85178 35.758089,117.15028 Z" />
|
||||
<path
|
||||
id="path13433-0-1"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
d="m 47.980813,153.38261 -25.266857,28.70162 37.489568,7.53084 25.266907,-28.70153 z"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
id="path13429-9-2"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
|
||||
inkscape:connector-curvature="0"
|
||||
d="m 108.76237,205.17588 -38.207108,1.54817 20.444152,32.31429 38.207146,-1.54817 z" />
|
||||
<path
|
||||
id="path13431-8-2"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
|
||||
inkscape:connector-curvature="0"
|
||||
d="M 90.999414,239.03834 73.236473,272.90088 52.792296,240.5865 70.555262,206.72405 Z" />
|
||||
<path
|
||||
id="path13433-85-0"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
d="m 90.999414,239.03834 -17.762941,33.86258 38.207127,-1.54817 17.76296,-33.86251 z"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;opacity:1"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
xml:space="preserve"
|
||||
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:31.40091705px;line-height:1.25;font-family:AnjaliOldLipi;-inkscape-font-specification:'AnjaliOldLipi, Normal';font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-feature-settings:normal;text-align:start;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#000000;fill-opacity:1;stroke:none;stroke-width:0.78502285;"
|
||||
x="1.889612"
|
||||
y="292.74222"
|
||||
id="text4996"><tspan
|
||||
sodipodi:role="line"
|
||||
id="tspan4994"
|
||||
x="1.889612"
|
||||
y="292.74222"
|
||||
style="stroke-width:0.78502285;fill:#000000;">misp-modules</tspan></text>
|
||||
</g>
|
||||
</svg>
|
After Width: | Height: | Size: 5.7 KiB |
After Width: | Height: | Size: 7.8 KiB |
|
@ -0,0 +1,114 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
width="200mm"
|
||||
height="200mm"
|
||||
viewBox="0 0 200 200"
|
||||
version="1.1"
|
||||
id="svg5004"
|
||||
inkscape:export-filename="/home/adulau/misp-modules.png"
|
||||
inkscape:export-xdpi="300"
|
||||
inkscape:export-ydpi="300"
|
||||
inkscape:version="0.92.5 (2060ec1f9f, 2020-04-08)"
|
||||
sodipodi:docname="misp-modules.svg">
|
||||
<defs
|
||||
id="defs4998" />
|
||||
<sodipodi:namedview
|
||||
id="base"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:zoom="0.35"
|
||||
inkscape:cx="608.07786"
|
||||
inkscape:cy="468.57143"
|
||||
inkscape:document-units="mm"
|
||||
inkscape:current-layer="layer1"
|
||||
showgrid="false"
|
||||
inkscape:window-width="1494"
|
||||
inkscape:window-height="858"
|
||||
inkscape:window-x="102"
|
||||
inkscape:window-y="97"
|
||||
inkscape:window-maximized="0" />
|
||||
<metadata
|
||||
id="metadata5001">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title></dc:title>
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
inkscape:groupmode="layer"
|
||||
id="layer1"
|
||||
transform="translate(0,-97)">
|
||||
<path
|
||||
id="path13429-79"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
inkscape:connector-curvature="0"
|
||||
d="m 164.77224,130.28857 -36.0861,12.64813 28.99649,24.92756 36.0861,-12.64812 z" />
|
||||
<path
|
||||
id="path13431-93"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
inkscape:connector-curvature="0"
|
||||
d="m 157.68263,167.86426 -7.08952,37.57568 -28.99649,-24.92756 7.08952,-37.57568 z" />
|
||||
<path
|
||||
id="path13433-2"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
d="m 157.68263,167.86426 -7.08947,37.57566 36.08609,-12.64815 7.08954,-37.5756 z"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
id="path13429-1-3"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
inkscape:connector-curvature="0"
|
||||
d="m 73.247659,124.68112 -37.48957,-7.53084 12.222724,36.23233 37.48956,7.53084 z" />
|
||||
<path
|
||||
id="path13431-9-7"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
inkscape:connector-curvature="0"
|
||||
d="M 47.980813,153.38261 22.713972,182.08416 10.491268,145.85178 35.758089,117.15028 Z" />
|
||||
<path
|
||||
id="path13433-0-1"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
d="m 47.980813,153.38261 -25.266857,28.70162 37.489568,7.53084 25.266907,-28.70153 z"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
id="path13429-9-2"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
inkscape:connector-curvature="0"
|
||||
d="m 108.76237,205.17588 -38.207108,1.54817 20.444152,32.31429 38.207146,-1.54817 z" />
|
||||
<path
|
||||
id="path13431-8-2"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
inkscape:connector-curvature="0"
|
||||
d="M 90.999414,239.03834 73.236473,272.90088 52.792296,240.5865 70.555262,206.72405 Z" />
|
||||
<path
|
||||
id="path13433-85-0"
|
||||
sodipodi:nodetypes="ccccc"
|
||||
d="m 90.999414,239.03834 -17.762941,33.86258 38.207127,-1.54817 17.76296,-33.86251 z"
|
||||
style="fill:none;stroke:#000000;stroke-width:3.43263125;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none"
|
||||
inkscape:connector-curvature="0" />
|
||||
</g>
|
||||
</svg>
|
After Width: | Height: | Size: 4.8 KiB |
14
sitemap.xml
|
@ -2,37 +2,37 @@
|
|||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/</loc>
|
||||
<lastmod>2022-02-23</lastmod>
|
||||
<lastmod>2022-09-06</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/contribute/</loc>
|
||||
<lastmod>2022-02-23</lastmod>
|
||||
<lastmod>2022-09-06</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/expansion/</loc>
|
||||
<lastmod>2022-02-23</lastmod>
|
||||
<lastmod>2022-09-06</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/export_mod/</loc>
|
||||
<lastmod>2022-02-23</lastmod>
|
||||
<lastmod>2022-09-06</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/import_mod/</loc>
|
||||
<lastmod>2022-02-23</lastmod>
|
||||
<lastmod>2022-09-06</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/install/</loc>
|
||||
<lastmod>2022-02-23</lastmod>
|
||||
<lastmod>2022-09-06</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://www.misp-project.org/license/</loc>
|
||||
<lastmod>2022-02-23</lastmod>
|
||||
<lastmod>2022-09-06</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
</urlset>
|