MISP
/
misp-modules
mirror of https://github.com/MISP/misp-modules
2
0
Fork 0
Code Issues Releases Wiki Activity

add: Updated more expansion documentation files

composite_attributes_proposal
chrisr3d 2018-11-19 17:05:55 +01:00
parent 26768dc7c1
commit 8a013c486b
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
6 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/expansion/hashdd.json
View File

@ -1,6 +1,6 @@
{
"description": "A hover module to check hashes against hashdd.com including NSLR dataset.",
"input": "A hash MISP attribute (md5)",
"input": "A hash MISP attribute (md5).",
"output": "Text describing the known level of the hash in the hashdd databases.",
"references": ["https://hashdd.com/"],
"features": "This module takes a hash attribute as input to check its known level, using the hashdd API. This information is then displayed."

8
doc/expansion/intelmq_eventdb.json
View File

@ -1,3 +1,9 @@
{
"description": "Module to access intelmqs eventdb."
"description": "Module to access intelmqs eventdb.",
"logo": "logos/intelmq.png",
"requirements": ["psycopg2: Python library to support PostgreSQL", "An access to the IntelMQ database (username, password, hostname and database reference)"],
"input": "A hostname, domain, IP address or AS attribute.",
"output": "Text giving information about the input using IntelMQ database.",
"references": ["https://github.com/certtools/intelmq", "https://intelmq.readthedocs.io/en/latest/Developers-Guide/"],
"features": "/!\\ EXPERIMENTAL MODULE, some features may not work /!\\\n\nThis module takes a domain, hostname, IP address or Autonomous system MISP attribute as input to query the IntelMQ database. The result of the query gives then additional information about the input."
}

7
doc/expansion/ipasn.json
View File

@ -1,3 +1,8 @@
{
"description": "Module to query an IP ASN history service (https://github.com/CIRCL/IP-ASN-history.git)."
"description": "Module to query an IP ASN history service (https://github.com/CIRCL/IP-ASN-history.git).",
"requirements": ["ipasn_redis: Python library to access IP-ASN-history instance via redis", "An IP-ASN-history instance information (host, port and database index)"],
"input": "An IP address MISP attribute.",
"output": "Text describing additional information about the input after a query on the IP-ASN-history database.",
"references": ["https://www.circl.lu/services/ip-asn-history/"],
"features": "This module takes an IP address attribute as input and queries the CIRCL IP ASN service to get additional information about the input."
}

7
doc/expansion/iprep.json
View File

@ -1,3 +1,8 @@
{
"description": "Module to query IPRep data for IP addresses."
"description": "Module to query IPRep data for IP addresses.",
"requirements": ["An access to the packetmail API (apikey)"],
"input": "An IP address MISP attribute.",
"output": "Text describing additional information about the input after a query on the IPRep API.",
"references": ["https://github.com/mahesh557/packetmail"],
"features": "This module takes an IP address attribute as input and queries the database from packetmail.net to get some information about the reputation of the IP."
}

7
doc/expansion/onyphe.json
View File

@ -1,4 +1,9 @@
{
"description": "Module to process a query on Onyphe.",
"logo": "logos/onyphe.jpg"
"logo": "logos/onyphe.jpg",
"requirements": ["onyphe python library", "An access to the Onyphe API (apikey)"],
"input": "A domain, hostname or IP address MISP attribute.",
"output": "MISP attributes fetched from the Onyphe query.",
"references": ["https://www.onyphe.io/", "https://github.com/sebdraven/pyonyphe"],
"features": "This module takes a domain, hostname, or IP address attribute as input in order to query the Onyphe API. Data fetched from the query is then parsed and MISP attributes are extracted."
}

7
doc/expansion/onyphe_full.json
View File

@ -1,4 +1,9 @@
{
"description": "Module to process a full query on Onyphe.",
"logo": "logos/onyphe.jpg"
"logo": "logos/onyphe.jpg",
"requirements": ["onyphe python library", "An access to the Onyphe API (apikey)"],
"input": "A domain, hostname or IP address MISP attribute.",
"output": "MISP attributes fetched from the Onyphe query.",
"references": ["https://www.onyphe.io/", "https://github.com/sebdraven/pyonyphe"],
"features": "This module takes a domain, hostname, or IP address attribute as input in order to query the Onyphe API. Data fetched from the query is then parsed and MISP attributes are extracted.\n\nThe parsing is here more advanced than the one on onyphe module, and is returning more attributes, since more fields of the query result are watched and parsed."
}